I'm following this tutorial for ROP exploitation . When I retrieve the vulnerable program memory map I get that <__data_start> is at 0x0000201c which is much lover that what supposed by the tutorial. To write at this location I prepare the address in eax with the following gadgets
xor eax, eax;; ; eax = 0 add eax, 0xd;; ; eax = 0x0000000d mov ah, 0x13;; ; eax = 0x0000130d add ah, al;; ; eax = 0x0000200d add eax, 0xf;; ; eax = 0x0000201c
finally I use a mov [eax] ecx instruction to write at .data that should be RW but I get a SINSEGV segmentation fault. I also tried to read from gdb at that address but I got a message similar to "memory at 0x201c cannot be read". Since .data should be in the address space of the process I get confused...I assume it must be some kind of protection either by gcc or the OS, but I do not understand which one. Any idea? if so, can you explain how it does work and if it is possible to disable it?
I have disabled the ASLR and I'm executing a kali 32bit (Debian 4.14.12-2kali1 (2018-01-08) ) with gcc version 7.3.0 (Debian 7.3.0-11).
User contributions licensed under CC BY-SA 3.0