Metasploit mailing list archives
A little offtopic: Get EIP
From: clemens.kol at gmx.at (Clemens Kolbitsch)
Date: Tue, 26 Jun 2007 12:03:31 +0200
Pranay Kanwar wrote:
Hi, This happens cause now being in kernel mode the addressing changes due to different setup of segment registers.
that's exactly what i thought as well...
Also call 0x0 will point the call instruction to next byte. 0x08048335 <main+17>: call 0x8048336 <main+18> 0x0804833a <main+22>: pop %eax (gdb) x/x 0x08048335 0x8048335 <main+17>: 0xfffffce8 Instead the following should do things right call peip peip: pop %eax
works great :-) thanks!! strange though... the only difference to my code is the offset (0x3 vs. 0x0)... so instead of measuring the offset relative to the next instruction, it is now relative to what???
Current thread:
- A little offtopic: Get EIP Clemens Kolbitsch (Jun 25)
- A little offtopic: Get EIP Clemens Kolbitsch (Jun 25)
- A little offtopic: Get EIP Pranay Kanwar (Jun 26)
- A little offtopic: Get EIP Clemens Kolbitsch (Jun 26)
- A little offtopic: Get EIP Clemens Kolbitsch (Jun 26)
- A little offtopic: Get EIP Jerome Athias (Jun 26)
- A little offtopic: Get EIP Clemens Kolbitsch (Jun 26)
- A little offtopic: Get EIP Clemens Kolbitsch (Jun 26)
- A little offtopic: Get EIP Pranay Kanwar (Jun 26)
- A little offtopic: Get EIP Pusscat (Jun 26)
- A little offtopic: Get EIP Clemens Kolbitsch (Jun 26)