Giters

inaz2 / roputils

A Return-oriented Programming toolkit

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

PLT address is wrong when its order is different from GOT

inaz2 opened this issue · comments

commented

7d2ae9f#commitcomment-10511052

tank96a commented on 7d2ae9f a day ago

I found a bug here.
self._plt[name] = self._section['.plt'][0] + (plt_stub_size * (len(self._plt)+1))
I get the wrong plt address.

puts and printf's plt addresses are both wrong for this case.
Relocation section '.rel.plt' at offset 0x3f8 contains 13 entries:
Offset Info Type Sym. Value Symbol's Name
0804b00c 00000107 R_386_JUMP_SLOT 00000000 read
0804b010 00000807 R_386_JUMP_SLOT 00000000 puts
0804b014 00000307 R_386_JUMP_SLOT 00000000 free
0804b018 00000407 R_386_JUMP_SLOT 00000000 alarm
0804b01c 00000507 R_386_JUMP_SLOT 00000000 stack_chk_fail
0804b020 00000607 R_386_JUMP_SLOT 00000000 strcpy
0804b024 00000707 R_386_JUMP_SLOT 00000000 malloc
0804b028 00000207 R_386_JUMP_SLOT 00000000 printf
0804b02c 00000907 R_386_JUMP_SLOT 00000000 __gmon_start
0804b030 00000a07 R_386_JUMP_SLOT 00000000 __libc_start_main
0804b034 00000b07 R_386_JUMP_SLOT 00000000 setvbuf
0804b038 00000c07 R_386_JUMP_SLOT 00000000 snprintf
0804b03c 00000d07 R_386_JUMP_SLOT 00000000 atoi

Symbol table '.dynsym' contains 17 entries:
Num: Value Size Type Bind Vis Ndx Name
0: 00000000 0 NOTYPE LOCAL DEFAULT UND
1: 00000000 0 FUNC GLOBAL DEFAULT UND read@GLIBC_2.0 (2)
2: 00000000 0 FUNC GLOBAL DEFAULT UND printf@GLIBC_2.0 (2)
3: 00000000 0 FUNC GLOBAL DEFAULT UND free@GLIBC_2.0 (2)
4: 00000000 0 FUNC GLOBAL DEFAULT UND alarm@GLIBC_2.0 (2)
5: 00000000 0 FUNC GLOBAL DEFAULT UND stack_chk_fail@GLIBC_2.4 (3)
6: 00000000 0 FUNC GLOBAL DEFAULT UND strcpy@GLIBC_2.0 (2)
7: 00000000 0 FUNC GLOBAL DEFAULT UND malloc@GLIBC_2.0 (2)
8: 00000000 0 FUNC GLOBAL DEFAULT UND puts@GLIBC_2.0 (2)
9: 00000000 0 NOTYPE WEAK DEFAULT UND __gmon_start
10: 00000000 0 FUNC GLOBAL DEFAULT UND __libc_start_main@GLIBC_2.0 (2)
11: 00000000 0 FUNC GLOBAL DEFAULT UND setvbuf@GLIBC_2.0 (2)
12: 00000000 0 FUNC GLOBAL DEFAULT UND snprintf@GLIBC_2.0 (2)
13: 00000000 0 FUNC GLOBAL DEFAULT UND atoi@GLIBC_2.0 (2)
14: 0804b080 4 OBJECT GLOBAL DEFAULT 25 stdout@GLIBC_2.0 (2)
15: 08048dbc 4 OBJECT GLOBAL DEFAULT 15 _IO_stdin_used
16: 0804b060 4 OBJECT GLOBAL DEFAULT 25 stdin@GLIBC_2.0 (2)

commented

fixed at 2ec6fd6