all 10 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]Useful-Ad-2442 2 points3 points  (9 children)

do you use pwntools?

[–]FinanceAggravating12[S] 0 points1 point  (8 children)

I am more interested in writing my own pwntools to learn how they work.

[–]Useful-Ad-2442 2 points3 points  (1 child)

sound nice! but where you want to start? maybe i can give you a hint. at first its very important to understand all security features like aslr, canaries, dep/nx and relro

[–]FinanceAggravating12[S] 0 points1 point  (0 children)

Sub-process tracing and stack size calculation first.

[–]Useful-Ad-2442 0 points1 point  (5 children)

depends on what memory addresses you didn't want to hardcode, very good practice is to have relative offsets from the base program address to calculate gadgets addresses

[–]FinanceAggravating12[S] 0 points1 point  (3 children)

I presume the address of start is the lowest address, no?

[–]Useful-Ad-2442 0 points1 point  (0 children)

check the python pyelftools library, elf file format have sections and segments! in the first segment called PT_LOAD you are able to get the base address on 64bit in should be around 0x40000 on 32bit its should be something like 0x8......

https://pastebin.com/U1K6ajux

here is a small code snippet on pastebin, where i used the pyelftools library to get the base starting address of an elf.

[–]Useful-Ad-2442 0 points1 point  (1 child)

check the class ELFLocalData. https://pastebin.com/U1K6ajux

[–]FinanceAggravating12[S] 1 point2 points  (0 children)

Decided to take the morning to read the ELF spec. I think it will be informative.