Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Binary Exploitation - Basic 補充篇
Search
LJP-TW
May 26, 2021
Technology
1
43
Binary Exploitation - Basic 補充篇
2021/05/26 台科資安社 社課
直播記錄檔:
https://www.youtube.com/watch?v=I3X69ADZOnw
- TLS
LJP-TW
May 26, 2021
Tweet
Share
More Decks by LJP-TW
See All by LJP-TW
Reverse Engineering - 1
ljptw
0
1.5k
Reverse Engineering - 2
ljptw
0
680
Reverse Engineering - 3
ljptw
0
540
Re:0 從零開始的逆向工程
ljptw
1
1k
Linux 極入門篇
ljptw
1
280
Fuzzing 101
ljptw
1
170
Binary Exploitation - File Structure
ljptw
1
270
Binary Exploitation - Heap
ljptw
1
140
Binary Exploitation - Basic
ljptw
1
110
Other Decks in Technology
See All in Technology
American airlines ®️ USA Contact Numbers: Complete 2025 Support Guide
airhelpsupport
0
360
Delta airlines Customer®️ USA Contact Numbers: Complete 2025 Support Guide
deltahelp
0
350
ビギナーであり続ける/beginning
ikuodanaka
3
720
AI導入の理想と現実~コストと浸透〜
oprstchn
0
190
無意味な開発生産性の議論から抜け出すための予兆検知とお金とAI
i35_267
3
12k
20250705 Headlamp: 專注可擴展性的 Kubernetes 用戶界面
pichuang
0
240
FOSS4G 2025 KANSAI QGISで点群データをいろいろしてみた
kou_kita
0
390
第4回Snowflake 金融ユーザー会 Snowflake summit recap
tamaoki
1
240
ビズリーチが挑む メトリクスを活用した技術的負債の解消 / dev-productivity-con2025
visional_engineering_and_design
3
6.7k
5min GuardDuty Extended Threat Detection EKS
takakuni
0
190
敢えて生成AIを使わないマネジメント業務
kzkmaeda
2
380
Understanding_Thread_Tuning_for_Inference_Servers_of_Deep_Models.pdf
lycorptech_jp
PRO
0
180
Featured
See All Featured
XXLCSS - How to scale CSS and keep your sanity
sugarenia
248
1.3M
Building Adaptive Systems
keathley
43
2.7k
The Web Performance Landscape in 2024 [PerfNow 2024]
tammyeverts
8
680
How to train your dragon (web standard)
notwaldorf
94
6.1k
BBQ
matthewcrist
89
9.7k
Into the Great Unknown - MozCon
thekraken
39
1.9k
Typedesign – Prime Four
hannesfritz
42
2.7k
Code Review Best Practice
trishagee
69
18k
Six Lessons from altMBA
skipperchong
28
3.9k
It's Worth the Effort
3n
185
28k
We Have a Design System, Now What?
morganepeng
53
7.7k
Stop Working from a Prison Cell
hatefulcrawdad
270
21k
Transcript
2021/5/26 NTUSTISC Binary Exploitation aka Pwn Basic 補充篇
# whoami - LJP / LJP-TW - Pwn / Rev
- NTUST / NCTU / NYCU - 10sec CTF Team 1
Outline - TLS 2
TLS 3
TLS - TLS 全名 Thread-Local Storage - Linux x64 使用
fs 暫存器記著 TLS 的位置 - Stack Canary 就是存在 TLS 中 4
TLS - fs 為 Segment Register - 計算方式 reg:offset =
ref + offset - 這時候你用 gdb 想看一下 fs 等於多少卻發現 - 難道 Canary 從 [0+0x28] 拿來的?? 5
TLS - GDB 也是 Process, fs = 0 是指 GDB
自己的 fs - 所以要怎麼拿到觀測中的 Process 的 fs? - 呼叫 arch_prctl 6 Ref: https://fasterthanli.me/series/making-our-own-executable-packer/part-13
TLS - Pwngdb 有實作取得 TLS 的功能 - 閱讀一下怎麼實作的, 發現其實一樣 -
https://github.com/scwuaptx/Pwngdb/blob/master/pwndbg/pwngdb.py#L77 7
TLS Demo 8
ljptw
airhelpsupport
deltahelp
.jpg){kind=avatar}
ikuodanaka
oprstchn
i35_267
pichuang
kou_kita
tamaoki
visional_engineering_and_design
takakuni
kzkmaeda
lycorptech_jp
sugarenia
keathley
tammyeverts
notwaldorf
matthewcrist
thekraken
hannesfritz
trishagee
skipperchong
3n
morganepeng
hatefulcrawdad
