Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Binary Exploitation - Basic 補充篇
Search
LJP-TW
May 26, 2021
Technology
1
43
Binary Exploitation - Basic 補充篇
2021/05/26 台科資安社 社課
直播記錄檔:
https://www.youtube.com/watch?v=I3X69ADZOnw
- TLS
LJP-TW
May 26, 2021
Tweet
Share
More Decks by LJP-TW
See All by LJP-TW
Reverse Engineering - 1
ljptw
0
1.5k
Reverse Engineering - 2
ljptw
0
670
Reverse Engineering - 3
ljptw
0
540
Re:0 從零開始的逆向工程
ljptw
1
1k
Linux 極入門篇
ljptw
1
280
Fuzzing 101
ljptw
1
170
Binary Exploitation - File Structure
ljptw
1
270
Binary Exploitation - Heap
ljptw
1
140
Binary Exploitation - Basic
ljptw
1
110
Other Decks in Technology
See All in Technology
rubygem開発で鍛える設計力
joker1007
2
270
Geminiとv0による高速プロトタイピング
shinya337
0
190
GeminiとNotebookLMによる金融実務の業務革新
abenben
0
240
FOSS4G 2025 KANSAI QGISで点群データをいろいろしてみた
kou_kita
0
180
mrubyと micro-ROSが繋ぐロボットの世界
kishima
2
380
製造業からパッケージ製品まで、あらゆる領域をカバー!生成AIを利用したテストシナリオ生成 / 20250627 Suguru Ishii
shift_evolve
PRO
1
160
ドメイン特化なCLIPモデルとデータセットの紹介
tattaka
1
450
Tech-Verse 2025 Keynote
lycorptech_jp
PRO
0
1.3k
How Community Opened Global Doors
hiroramos4
PRO
1
130
整頓のジレンマとの戦い〜Tidy First?で振り返る事業とキャリアの歩み〜/Fighting the tidiness dilemma〜Business and Career Milestones Reflected on in Tidy First?〜
bitkey
0
220
登壇ネタの見つけ方 / How to find talk topics
pinkumohikan
5
590
使いたいMCPサーバーはWeb APIをラップして自分で作る #QiitaBash
bengo4com
0
1.2k
Featured
See All Featured
[RailsConf 2023] Rails as a piece of cake
palkan
55
5.6k
Building Applications with DynamoDB
mza
95
6.5k
GitHub's CSS Performance
jonrohan
1031
460k
Making Projects Easy
brettharned
116
6.3k
[RailsConf 2023 Opening Keynote] The Magic of Rails
eileencodes
29
9.5k
Fireside Chat
paigeccino
37
3.5k
Learning to Love Humans: Emotional Interface Design
aarron
273
40k
Done Done
chrislema
184
16k
CSS Pre-Processors: Stylus, Less & Sass
bermonpainter
357
30k
Designing for humans not robots
tammielis
253
25k
10 Git Anti Patterns You Should be Aware of
lemiorhan
PRO
657
60k
Testing 201, or: Great Expectations
jmmastey
42
7.6k
Transcript
2021/5/26 NTUSTISC Binary Exploitation aka Pwn Basic 補充篇
# whoami - LJP / LJP-TW - Pwn / Rev
- NTUST / NCTU / NYCU - 10sec CTF Team 1
Outline - TLS 2
TLS 3
TLS - TLS 全名 Thread-Local Storage - Linux x64 使用
fs 暫存器記著 TLS 的位置 - Stack Canary 就是存在 TLS 中 4
TLS - fs 為 Segment Register - 計算方式 reg:offset =
ref + offset - 這時候你用 gdb 想看一下 fs 等於多少卻發現 - 難道 Canary 從 [0+0x28] 拿來的?? 5
TLS - GDB 也是 Process, fs = 0 是指 GDB
自己的 fs - 所以要怎麼拿到觀測中的 Process 的 fs? - 呼叫 arch_prctl 6 Ref: https://fasterthanli.me/series/making-our-own-executable-packer/part-13
TLS - Pwngdb 有實作取得 TLS 的功能 - 閱讀一下怎麼實作的, 發現其實一樣 -
https://github.com/scwuaptx/Pwngdb/blob/master/pwndbg/pwngdb.py#L77 7
TLS Demo 8