Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Binary Exploitation - Basic 補充篇
Search
LJP-TW
May 26, 2021
Technology
1
49
Binary Exploitation - Basic 補充篇
2021/05/26 台科資安社 社課
直播記錄檔:
https://www.youtube.com/watch?v=I3X69ADZOnw
- TLS
LJP-TW
May 26, 2021
Tweet
Share
More Decks by LJP-TW
See All by LJP-TW
Reverse Engineering - 1
ljptw
0
1.7k
Reverse Engineering - 2
ljptw
0
730
Reverse Engineering - 3
ljptw
0
580
Re:0 從零開始的逆向工程
ljptw
1
1.2k
Linux 極入門篇
ljptw
1
290
Fuzzing 101
ljptw
1
180
Binary Exploitation - File Structure
ljptw
1
280
Binary Exploitation - Heap
ljptw
1
150
Binary Exploitation - Basic
ljptw
1
120
Other Decks in Technology
See All in Technology
Master Dataグループ紹介資料
sansan33
PRO
1
4.2k
The Engineer with a Three-Year Cycle - 2
e99h2121
0
130
Models vs Bounded Contexts for Domain Modularizati...
ewolff
0
210
困ったCSVファイルの話
mottyzzz
0
340
AI アクセラレータチップ AWS Trainium/Inferentia に 今こそ入門
yoshimi0227
1
300
みんなでAI上手ピーポーになろう! / Let’s All Get AI-Savvy!
kaminashi
0
170
Agentic Coding 実践ワークショップ
watany
21
17k
BPaaSオペレーション・kubell社内 n8n活用による効率化検証事例紹介
kubell_hr
0
140
The Engineer with a Three-Year Cycle
e99h2121
0
160
All About Sansan – for New Global Engineers
sansan33
PRO
1
1.3k
形式手法特論:コンパイラの「正しさ」は証明できるか? #burikaigi / BuriKaigi 2026
ytaka23
17
6.4k
持続可能な開発のためのミニマリズム
sansantech
PRO
3
450
Featured
See All Featured
Avoiding the “Bad Training, Faster” Trap in the Age of AI
tmiket
0
59
Mozcon NYC 2025: Stop Losing SEO Traffic
samtorres
0
120
Tell your own story through comics
letsgokoyo
1
790
Introduction to Domain-Driven Design and Collaborative software design
baasie
1
560
Building Flexible Design Systems
yeseniaperezcruz
330
40k
How Software Deployment tools have changed in the past 20 years
geshan
0
31k
AI Search: Where Are We & What Can We Do About It?
aleyda
0
6.9k
Build your cross-platform service in a week with App Engine
jlugia
234
18k
Winning Ecommerce Organic Search in an AI Era - #searchnstuff2025
aleyda
0
1.8k
Done Done
chrislema
186
16k
What Being in a Rock Band Can Teach Us About Real World SEO
427marketing
0
160
Effective software design: The role of men in debugging patriarchy in IT @ Voxxed Days AMS
baasie
0
200
Transcript
2021/5/26 NTUSTISC Binary Exploitation aka Pwn Basic 補充篇
# whoami - LJP / LJP-TW - Pwn / Rev
- NTUST / NCTU / NYCU - 10sec CTF Team 1
Outline - TLS 2
TLS 3
TLS - TLS 全名 Thread-Local Storage - Linux x64 使用
fs 暫存器記著 TLS 的位置 - Stack Canary 就是存在 TLS 中 4
TLS - fs 為 Segment Register - 計算方式 reg:offset =
ref + offset - 這時候你用 gdb 想看一下 fs 等於多少卻發現 - 難道 Canary 從 [0+0x28] 拿來的?? 5
TLS - GDB 也是 Process, fs = 0 是指 GDB
自己的 fs - 所以要怎麼拿到觀測中的 Process 的 fs? - 呼叫 arch_prctl 6 Ref: https://fasterthanli.me/series/making-our-own-executable-packer/part-13
TLS - Pwngdb 有實作取得 TLS 的功能 - 閱讀一下怎麼實作的, 發現其實一樣 -
https://github.com/scwuaptx/Pwngdb/blob/master/pwndbg/pwngdb.py#L77 7
TLS Demo 8
ljptw
sansan33
e99h2121
ewolff
mottyzzz
yoshimi0227
kaminashi
watany
kubell_hr
ytaka23
sansantech
tmiket
samtorres
letsgokoyo
baasie
yeseniaperezcruz
geshan
aleyda
jlugia
chrislema
427marketing
