API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Jan 16th, 2018
100
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.50 KB | None | 0 0
raw download clone embed print report
  1. #include <stdio.h>
  2. #include <string.h>
  3. #include <stdbool.h>
  4. #include <stdlib.h>
  5.  
  6. #define ROUND_DOWN(X, STEP) ((X) / (STEP) * (STEP))
  7.  
  8. size_t
  9. strlcpy (char *dst, const char *src, size_t size)
  10. {
  11. size_t src_len;
  12.  
  13. src_len = strlen (src);
  14. if (size > 0)
  15. {
  16. size_t dst_len = size - 1;
  17. if (src_len < dst_len)
  18. dst_len = src_len;
  19. memcpy (dst, src, dst_len);
  20. dst[dst_len] = '\0';
  21. }
  22. return src_len;
  23. }
  24.  
  25. // assume that arguments can't exceed 128 bytes//
  26. bool load_argument_to_stack (const char *file_name, void **esp){
  27.  
  28. if (sizeof(file_name) > 128) return false;
  29. void *pointers[128];
  30. int arg_count = 0;
  31. char *parsedString = (char *)malloc(strlen(file_name)+1);
  32. strlcpy(parsedString, file_name,strlen(file_name));
  33. char *token;
  34. char *rest = parsedString;
  35. while ((token = strtok_r(rest, " ", &rest)))
  36. {
  37. int size_token = strlen(token)+1;
  38. printf("size_token %d\n",size_token);
  39. *esp -=size_token;
  40. printf("*esp = %x\n", *esp);
  41. int i;
  42. for (i = 0; i < size_token; i++) {
  43. //pushing tokens
  44. printf("char %d\n",token[i]);
  45. void *temp = *esp + i;
  46. //*((char *)temp) = token[i];
  47. }
  48. pointers[arg_count] = *esp;
  49. arg_count++;
  50.  
  51. }
  52. //pushing word alignment
  53. void *temp = *esp;
  54. ROUND_DOWN((unsigned int)*esp,4);
  55. memset(*esp,0,(temp - *esp));
  56. printf("*esp after ROUND_DOWN = %x\n", *esp);
  57. //pushing null character
  58. *esp -= sizeof(char *);
  59. memset(*esp, 0 , 4);
  60. printf("*esp after NULL = %x\n", *esp);
  61. //pushing arg[i]
  62. int j;
  63. for (j = arg_count - 1; j>=0; j--) {
  64. *esp -= sizeof(char *);
  65. printf("*esp after each pointer to argument = %x\n", *esp);
  66. (*(unsigned int *)(*esp)) = pointers[j];
  67. }
  68. //pushing char**
  69. *esp -= 4;
  70. printf("*esp after pointer to argv = %x\n", *esp);
  71. (*(unsigned int *)(*esp)) = *esp + 4;
  72. printf("address of argv[0] = %x\n", (*(unsigned int *)(*esp)));
  73. //pushing arg_count
  74. *esp -= sizeof(int);
  75. printf("*esp after pointer to argc = %x\n", *esp);
  76. (*(unsigned int *)(*esp)) = arg_count;
  77. //pushing fake return address
  78. *esp -= 4;
  79. printf("*esp after pointer fake return address = %x\n", *esp);
  80. memset(*esp, 0 , 4);
  81. return true;
  82. }
  83.  
  84. int main() {
  85. void *esp= (void*)0xc0000000;
  86. load_argument_to_stack("/bin/ls -l foo bar",&esp);
  87. return 0;
  88. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!