-
Notifications
You must be signed in to change notification settings - Fork 1
/
simplified.c
98 lines (83 loc) · 1.72 KB
/
simplified.c
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
#include <dlfcn.h>
#include <stdio.h>
#include <stdlib.h>
void *libc_base = NULL;
void *func_addr = NULL;
void print_menu()
{
printf("Simpler r0p challenge...\n");
printf("1) get libc address\n");
printf("2) get address of libc function\n");
printf("3) do the thing\n");
printf("4) exit\n");
}
int read_input(char *buffer, int length)
{
char c = '\0';
int i = 0;
for (i = 0; i < length; i++) {
c = getc(_IO_stdin);
if (c == '\n') {
break;
}
buffer[i] = c;
}
return i;
}
int get_choice()
{
int choice;
char buffer[2] = { 0 };
read_input(buffer, sizeof(buffer));
choice = atoi(buffer);
return choice;
}
int do_system(char *cmd)
{
return system(cmd);
}
void *get_libc_base()
{
if (libc_base == NULL) {
libc_base = dlopen("libc.so.6", RTLD_LAZY);
}
return libc_base;
}
void *print_address()
{
void *address = NULL;
char funcname[256] = { 0 };
printf("function name:\n");
read_input(funcname, sizeof(funcname) - 1);
address = dlsym(get_libc_base(), funcname);
printf("%s: %p\n", funcname, address);
}
int doit()
{
char buffer[48] = { 0 };
return read_input(buffer, sizeof(buffer) * 2);
}
int main(int argc, char **argv)
{
int choice;
while (1) {
print_menu();
choice = get_choice();
switch(choice) {
case 1:
printf("libc: %p\n", get_libc_base());
printf("system: %p\n", &system);
break;
case 2:
print_address();
break;
case 3:
doit();
break;
case 4:
return 0;
default:
printf("Bad\n");
}
}
}