Metasploit mailing list archives

A little offtopic: Get EIP

From: clemens.kol at gmx.at (Clemens Kolbitsch)
Date: Tue, 26 Jun 2007 12:03:31 +0200

Pranay Kanwar wrote:

Hi,

This happens cause now being in kernel mode the addressing changes
due to different setup of segment registers.

that's exactly what i thought as well...

Also call 0x0 will point the call instruction to next byte.

0x08048335 <main+17>: call   0x8048336 <main+18>
0x0804833a <main+22>: pop    %eax
(gdb) x/x 0x08048335
0x8048335 <main+17>:  0xfffffce8

Instead the following should do things right

      call peip
peip:
      pop %eax

works great :-)
thanks!!

strange though... the only difference to my code is the offset (0x3 vs. 
0x0)... so instead of measuring the offset relative to the next 
instruction, it is now relative to what???

Current thread:

A little offtopic: Get EIP Clemens Kolbitsch (Jun 25)
- A little offtopic: Get EIP Clemens Kolbitsch (Jun 25)
- A little offtopic: Get EIP Pranay Kanwar (Jun 26)
  - A little offtopic: Get EIP Clemens Kolbitsch (Jun 26)
  - A little offtopic: Get EIP Clemens Kolbitsch (Jun 26)
    - A little offtopic: Get EIP Jerome Athias (Jun 26)
    - A little offtopic: Get EIP Clemens Kolbitsch (Jun 26)
    - A little offtopic: Get EIP Clemens Kolbitsch (Jun 26)
    - A little offtopic: Get EIP Pranay Kanwar (Jun 26)
    - A little offtopic: Get EIP Pusscat (Jun 26)
    - A little offtopic: Get EIP Clemens Kolbitsch (Jun 26)