daily pastebin goal
66%
SHARE
TWEET

Untitled

a guest Jan 16th, 2018 61 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. #include <stdio.h>
  2. #include <string.h>
  3. #include <stdbool.h>
  4. #include <stdlib.h>
  5.  
  6. #define ROUND_DOWN(X, STEP) ((X) / (STEP) * (STEP))
  7.  
  8. size_t
  9. strlcpy (char *dst, const char *src, size_t size)
  10. {
  11.     size_t src_len;
  12.  
  13.     src_len = strlen (src);
  14.     if (size > 0)
  15.     {
  16.         size_t dst_len = size - 1;
  17.         if (src_len < dst_len)
  18.             dst_len = src_len;
  19.         memcpy (dst, src, dst_len);
  20.         dst[dst_len] = '\0';
  21.     }
  22.     return src_len;
  23. }
  24.  
  25. // assume that arguments can't exceed 128 bytes//
  26. bool load_argument_to_stack (const char *file_name, void **esp){
  27.  
  28.     if (sizeof(file_name) > 128) return false;
  29.     void *pointers[128];
  30.     int arg_count = 0;
  31.     char *parsedString = (char *)malloc(strlen(file_name)+1);
  32.     strlcpy(parsedString, file_name,strlen(file_name));
  33.     char *token;
  34.     char *rest = parsedString;
  35.     while ((token = strtok_r(rest, " ", &rest)))
  36.     {
  37.         int size_token = strlen(token)+1;
  38.         printf("size_token %d\n",size_token);
  39.         *esp -=size_token;
  40.         printf("*esp = %x\n", *esp);
  41.         int i;
  42.         for (i = 0; i < size_token; i++) {
  43.             //pushing tokens
  44.             printf("char %d\n",token[i]);
  45.             void *temp = *esp + i;
  46.             //*((char *)temp) = token[i];
  47.         }
  48.         pointers[arg_count] = *esp;
  49.         arg_count++;
  50.  
  51.     }
  52.     //pushing word alignment
  53.     void *temp = *esp;
  54.     ROUND_DOWN((unsigned int)*esp,4);
  55.     memset(*esp,0,(temp - *esp));
  56.     printf("*esp after ROUND_DOWN = %x\n", *esp);
  57.     //pushing null character
  58.     *esp -= sizeof(char *);
  59.     memset(*esp, 0 , 4);
  60.     printf("*esp after NULL = %x\n", *esp);
  61.     //pushing arg[i]
  62.     int j;
  63.     for (j = arg_count - 1; j>=0; j--) {
  64.         *esp -= sizeof(char *);
  65.         printf("*esp after each pointer to argument = %x\n", *esp);
  66.         (*(unsigned int *)(*esp)) = pointers[j];
  67.     }
  68.     //pushing char**
  69.     *esp -= 4;
  70.     printf("*esp after pointer to argv = %x\n", *esp);
  71.     (*(unsigned int *)(*esp)) = *esp + 4;
  72.     printf("address of argv[0] = %x\n", (*(unsigned int *)(*esp)));
  73.     //pushing arg_count
  74.     *esp -= sizeof(int);
  75.     printf("*esp after pointer to argc = %x\n", *esp);
  76.     (*(unsigned int *)(*esp)) = arg_count;
  77.     //pushing fake return address
  78.     *esp -= 4;
  79.     printf("*esp after pointer fake return address = %x\n", *esp);
  80.     memset(*esp, 0 , 4);
  81.     return true;
  82. }
  83.  
  84. int main() {
  85.     void *esp= (void*)0xc0000000;
  86.     load_argument_to_stack("/bin/ls -l foo bar",&esp);
  87.     return 0;
  88. }
RAW Paste Data
Top