💾 Archived View for thrig.me › software › assembly › slab-of-code › actual.c captured on 2023-12-28 at 17:29:02.
-=-=-=-=-=-=-
#include <sys/mman.h>
#include <err.h>
#include <fcntl.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
typedef void (*fn)(int *); // NOTE the signature change!
#define SLABSIZE 4096
int
main(int argc, char *argv[])
{
int value = 41;
unsigned char *slab = malloc(SLABSIZE);
if (!slab) err(1, "malloc");
memset(slab, 0xC3, SLABSIZE);
memcpy(slab, &(unsigned char[]){0xf3, 0xf, 0x1e, 0xfa, 0x55, 0x48,
0x89, 0xe5, 0x48, 0x89, 0x7d, 0xf8,
0x48, 0x8b, 0x45, 0xf8, 0x8b, 0x8,
0x83, 0xc1, 0x1, 0x89, 0x8, 0x5d},
24);
int fd = open("slab", O_WRONLY | O_CREAT, 0666);
if (fd <= 0) err(1, "open");
write(fd, slab, SLABSIZE);
close(fd);
if (mprotect(slab, SLABSIZE, PROT_EXEC) != 0) err(1, "mprotect");
#ifdef __OpenBSD__
if (pledge("stdio", NULL) == -1) err(1, "pledge");
#endif
fn call = (fn) slab;
call(&value);
printf("%d\n", value);
}