💾 Archived View for thrig.me › software › assembly › slab-of-code › ret.c captured on 2023-12-28 at 17:28:13.
-=-=-=-=-=-=-
#include <sys/mman.h>
#include <err.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
typedef void (*fn)(void);
#define SLABSIZE 4096
int
main(int argc, char *argv[])
{
int value = 41;
void *slab = malloc(SLABSIZE);
if (!slab) err(1, "malloc");
memset(slab, 0xC3, SLABSIZE); // RET not INT3
if (mprotect(slab, SLABSIZE, PROT_EXEC) != 0) err(1, "mprotect");
fn call = slab;
call();
printf("%d\n", value);
}