ROP exploitation: writing in the .data section SIGSEGV


I'm following this tutorial for ROP exploitation . When I retrieve the vulnerable program memory map I get that <__data_start> is at 0x0000201c which is much lover that what supposed by the tutorial. To write at this location I prepare the address in eax with the following gadgets

xor eax, eax;;      ; eax = 0
add eax, 0xd;;      ; eax = 0x0000000d
mov ah, 0x13;;      ; eax = 0x0000130d
add ah, al;;        ; eax = 0x0000200d
add eax, 0xf;;      ; eax = 0x0000201c

finally I use a mov [eax] ecx instruction to write at .data that should be RW but I get a SINSEGV segmentation fault. I also tried to read from gdb at that address but I got a message similar to "memory at 0x201c cannot be read". Since .data should be in the address space of the process I get confused...I assume it must be some kind of protection either by gcc or the OS, but I do not understand which one. Any idea? if so, can you explain how it does work and if it is possible to disable it?

I have disabled the ASLR and I'm executing a kali 32bit (Debian 4.14.12-2kali1 (2018-01-08) ) with gcc version 7.3.0 (Debian 7.3.0-11).

asked on Stack Overflow May 8, 2018 by Luigi • edited May 8, 2018 by shilovk

0 Answers

Nobody has answered this question yet.

User contributions licensed under CC BY-SA 3.0