Upgrade to PRO for Only $50/Year—Limited-Time Offer! 🔥
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Binary Exploitation - Basic 補充篇
Search
LJP-TW
May 26, 2021
Technology
1
45
Binary Exploitation - Basic 補充篇
2021/05/26 台科資安社 社課
直播記錄檔:
https://www.youtube.com/watch?v=I3X69ADZOnw
- TLS
LJP-TW
May 26, 2021
Tweet
Share
More Decks by LJP-TW
See All by LJP-TW
Reverse Engineering - 1
ljptw
0
1.6k
Reverse Engineering - 2
ljptw
0
720
Reverse Engineering - 3
ljptw
0
570
Re:0 從零開始的逆向工程
ljptw
1
1.2k
Linux 極入門篇
ljptw
1
290
Fuzzing 101
ljptw
1
180
Binary Exploitation - File Structure
ljptw
1
280
Binary Exploitation - Heap
ljptw
1
150
Binary Exploitation - Basic
ljptw
1
110
Other Decks in Technology
See All in Technology
A Compass of Thought: Guiding the Future of Test Automation ( #jassttokai25 , #jassttokai )
teyamagu
PRO
1
190
こがヘンだよ!Snowflake?サービス名称へのこだわり
tarotaro0129
0
110
名刺メーカーDevグループ 紹介資料
sansan33
PRO
0
980
21st ACRi Webinar - AMD Presentation Slide (Nao Sumikawa)
nao_sumikawa
0
200
Introduction to Sansan for Engineers / エンジニア向け会社紹介
sansan33
PRO
5
48k
Digitization部 紹介資料
sansan33
PRO
1
6.1k
Active Directory 勉強会 第 6 回目 Active Directory セキュリティについて学ぶ回
eurekaberry
16
5.9k
小さな判断で育つ、大きな意思決定力 / 20251204 Takahiro Kinjo
shift_evolve
PRO
1
300
HIG学習用スライド
yuukiw00w
0
110
プラットフォームエンジニアリングとは何であり、なぜプラットフォームエンジニアリングなのか
doublemarket
1
550
ML PM Talk #1 - ML PMの分類に関する考察
lycorptech_jp
PRO
1
490
オープンデータの内製化から分かったGISデータを巡る行政の課題
naokim84
2
1.3k
Featured
See All Featured
Save Time (by Creating Custom Rails Generators)
garrettdimon
PRO
32
1.8k
Refactoring Trust on Your Teams (GOTO; Chicago 2020)
rmw
35
3.3k
RailsConf 2023
tenderlove
30
1.3k
VelocityConf: Rendering Performance Case Studies
addyosmani
333
24k
What's in a price? How to price your products and services
michaelherold
246
12k
We Have a Design System, Now What?
morganepeng
54
7.9k
Reflections from 52 weeks, 52 projects
jeffersonlam
355
21k
Evolution of real-time – Irina Nazarova, EuRuKo, 2024
irinanazarova
9
1.1k
The Hidden Cost of Media on the Web [PixelPalooza 2025]
tammyeverts
1
78
Exploring the Power of Turbo Streams & Action Cable | RailsConf2023
kevinliebholz
36
6.2k
Agile that works and the tools we love
rasmusluckow
331
21k
Why You Should Never Use an ORM
jnunemaker
PRO
60
9.6k
Transcript
2021/5/26 NTUSTISC Binary Exploitation aka Pwn Basic 補充篇
# whoami - LJP / LJP-TW - Pwn / Rev
- NTUST / NCTU / NYCU - 10sec CTF Team 1
Outline - TLS 2
TLS 3
TLS - TLS 全名 Thread-Local Storage - Linux x64 使用
fs 暫存器記著 TLS 的位置 - Stack Canary 就是存在 TLS 中 4
TLS - fs 為 Segment Register - 計算方式 reg:offset =
ref + offset - 這時候你用 gdb 想看一下 fs 等於多少卻發現 - 難道 Canary 從 [0+0x28] 拿來的?? 5
TLS - GDB 也是 Process, fs = 0 是指 GDB
自己的 fs - 所以要怎麼拿到觀測中的 Process 的 fs? - 呼叫 arch_prctl 6 Ref: https://fasterthanli.me/series/making-our-own-executable-packer/part-13
TLS - Pwngdb 有實作取得 TLS 的功能 - 閱讀一下怎麼實作的, 發現其實一樣 -
https://github.com/scwuaptx/Pwngdb/blob/master/pwndbg/pwngdb.py#L77 7
TLS Demo 8
ljptw
teyamagu
tarotaro0129
sansan33
nao_sumikawa
eurekaberry
shift_evolve
yuukiw00w
doublemarket
lycorptech_jp
naokim84
garrettdimon
rmw
tenderlove
addyosmani
michaelherold
morganepeng
jeffersonlam
irinanazarova
tammyeverts
kevinliebholz
rasmusluckow
jnunemaker
