Metasploit mailing list archives

A little offtopic: Get EIP

From: warl0ck at metaeye.org (Pranay Kanwar)
Date: Tue, 26 Jun 2007 15:08:01 +0530

Hi,

This happens cause now being in kernel mode the addressing changes
due to different setup of segment registers.

Also call 0x0 will point the call instruction to next byte.

0x08048335 <main+17>:   call   0x8048336 <main+18>
0x0804833a <main+22>:   pop    %eax
(gdb) x/x 0x08048335
0x8048335 <main+17>:    0xfffffce8

Instead the following should do things right

        call peip
peip:
        pop %eax

0x08048335 <main+17>:   call   0x804833a <main+22>
0x0804833a <main+22>:   pop    %eax
(gdb) x/x 0x08048335
0x8048335 <main+17>:    0x000000e8

Also no need for manual editing of addresses.


Regards

warl0ck // MSG
http://www.metaeye.org

Current thread:

A little offtopic: Get EIP Clemens Kolbitsch (Jun 25)
- A little offtopic: Get EIP Clemens Kolbitsch (Jun 25)
- A little offtopic: Get EIP Pranay Kanwar (Jun 26)
  - A little offtopic: Get EIP Clemens Kolbitsch (Jun 26)
  - A little offtopic: Get EIP Clemens Kolbitsch (Jun 26)
    - A little offtopic: Get EIP Jerome Athias (Jun 26)
    - A little offtopic: Get EIP Clemens Kolbitsch (Jun 26)
    - A little offtopic: Get EIP Clemens Kolbitsch (Jun 26)
    - A little offtopic: Get EIP Pranay Kanwar (Jun 26)
    - A little offtopic: Get EIP Pusscat (Jun 26)
    - A little offtopic: Get EIP Clemens Kolbitsch (Jun 26)