Untitled

1. #define _GNU_SOURCE
2.  
3. #include <stdint.h>
4. #include <string.h>
5. #include <sys/syscall.h>
6. #include <unistd.h>
7.  
8. long r[27];
9. void loop()
10. {
11. memset(r, -1, sizeof(r));
12. r[0] = syscall(__NR_mmap, 0x20000000ul, 0xfff000ul, 0x3ul, 0x32ul,
13. 0xfffffffffffffffful, 0x0ul);
14. r[1] = syscall(__NR_socket, 0xaul, 0x1ul, 0x8010000000000084ul);
15. memcpy((void*)0x2040a000,
16. "\x17\x32\xfb\xd6\x77\x6e\x71\xf4\x93\x32\x14\x53\x6e\x52\x59"
17. "\x42\x9c\x7d\xed\xa7\xdc\x30\x27\x16\xd7\xec\x0c\x11\x6a\x76"
18. "\x05\xbe\x6a\x78\x21\x91\xc1\xe9\x53\xa0\xaf\x13\x7a\x8e\x59"
19. "\x66\xb7\x1d\xda\xa7\x38\x01\x19\xbe\x69\x50\x2c\x3d\x30\x7b"
20. "\x90\x7c\x2f\x6d\x5f\xea\x7b\x85\xc7\x82\x25\x20\x2d\xfd\x69"
21. "\xa8\x38\x9b\xf0\x7d\xcd\x69\x44\x90\xec\xf5\x06\x51\x96\xab"
22. "\xea\x2e\xb0\xba\x5a\x75\x41\xcf\xfd\x80\x31\x8a\x4c\x28\xa4"
23. "\x26\x4c\x06\x96\x39\x77\x1b\x26\x3f\xa1\x01\x47\x31\x57\x83"
24. "\x66\xd4\xc2\xde\x62\x4d\xd6\x2d\x1f\x39\xd4\x31\x4c\x4a\x03"
25. "\xa4\xcc\x64\x4a\xf8\x37\xa8\xdd\xc1\x75\x1f\xe2\x2c\xdc\x41"
26. "\xcc\xde\xdd\x76\xdc\x92\x30\xc6\xf5\xae\x12\xc9\x31\x6c\x39"
27. "\x9b\x61\x80\x4c\xdb\x61\x93\x75\x49\xb9\x80\x85\xda\x63\xcc"
28. "\x7b\x5e\x01\xed\xb7\xea\x5d\xfc\xd3\x29\xee\xf0\x38\xe9\x9b"
29. "\xbb\x78\x27\xfd\x26\xfa\x19\x69\x14\x35\x6f\x7b\xd6\x9d\xd2"
30. "\xb6\xfe\x12\x5a\x0e\x2a\xcd\x70\xa5",
31. 219);
32. *(uint16_t*)0x20132000 = (uint16_t)0xa;
33. *(uint16_t*)0x20132002 = (uint16_t)0x214e;
34. *(uint32_t*)0x20132004 = (uint32_t)0xb044;
35. *(uint8_t*)0x20132008 = (uint8_t)0xfe;
36. *(uint8_t*)0x20132009 = (uint8_t)0x80;
37. *(uint8_t*)0x2013200a = (uint8_t)0x0;
38. *(uint8_t*)0x2013200b = (uint8_t)0x0;
39. *(uint8_t*)0x2013200c = (uint8_t)0x0;
40. *(uint8_t*)0x2013200d = (uint8_t)0x0;
41. *(uint8_t*)0x2013200e = (uint8_t)0x0;
42. *(uint8_t*)0x2013200f = (uint8_t)0x0;
43. *(uint8_t*)0x20132010 = (uint8_t)0x0;
44. *(uint8_t*)0x20132011 = (uint8_t)0x0;
45. *(uint8_t*)0x20132012 = (uint8_t)0x0;
46. *(uint8_t*)0x20132013 = (uint8_t)0x0;
47. *(uint8_t*)0x20132014 = (uint8_t)0x0;
48. *(uint8_t*)0x20132015 = (uint8_t)0x0;
49. *(uint8_t*)0x20132016 = (uint8_t)0x0;
50. *(uint8_t*)0x20132017 = (uint8_t)0xbb;
51. *(uint32_t*)0x20132018 = (uint32_t)0x1;
52. r[23] = syscall(__NR_sendto, r[1], 0x2040a000ul, 0xdbul, 0x4040ul,
53. 0x20132000ul, 0x1cul);
54. r[24] = syscall(__NR_listen, r[1], 0x2ul);
55. *(uint32_t*)0x207ccffc = (uint32_t)0x1c;
56. r[26] = syscall(__NR_accept, r[1], 0x209ab000ul, 0x207ccffcul);
57. }
58.  
59. int main()
60. {
61. loop();
62. return 0;
63. }