Midv-075 ^hot^ Today

The saved return address is different each run because of PIE. However, the offset between the saved return address and the base of the binary is constant ( 0x73f - base ). If we leak the saved RIP we can compute the base, then compute the address of system@plt (or any other PLT entry) relative to that base.

Ensure that any reviews or content you create are appropriate for your audience and comply with all relevant laws and platform guidelines. MIDV-075

Midv-075 ^hot^ Today

Keep up with our community!

Print Edition Archives »