{"version":"1.0","categories":["Exploit"],"width":"100%","height":"190","url":"https://inaz2.hatenablog.com/entry/2015/03/08/050106","title":" ARM\u3067stack pivot\u3001Dynamic ROP\u3092\u3084\u3063\u3066\u307f\u308b","provider_name":"Hatena Blog","type":"rich","description":"\u300cARM\u3067Return-oriented Programming\uff08ROP\uff09\u3092\u3084\u3063\u3066\u307f\u308b\u300d\u3067\u306flibc\u306e\u30d9\u30fc\u30b9\u30a2\u30c9\u30ec\u30b9\u3001libc\u95a2\u6570\u306e\u30aa\u30d5\u30bb\u30c3\u30c8\u3092\u8abf\u3079\u305f\u4e0a\u3067ROP\u3092\u884c\u3063\u305f\u3002 \u3053\u3053\u3067\u306f\u3001ASLR\u304c\u6709\u52b9\u3068\u306a\u3063\u3066\u3044\u308b\u5834\u5408\u3092\u60f3\u5b9a\u3057\u3001GOT\u30a2\u30c9\u30ec\u30b9\u306e\u66f8\u304d\u51fa\u3057\u304a\u3088\u3073stack pivot\u3092\u3082\u3068\u306b\u3057\u305fDynamic ROP\uff08JIT-ROP\uff09\u306b\u3088\u308a\u30b7\u30a7\u30eb\u3092\u8d77\u52d5\u3057\u3066\u307f\u308b\u3002 \u74b0\u5883 Ubuntu 14.04.2 LTS ARM\u7248\uff08\u30e6\u30fc\u30b6\u30e2\u30fc\u30c9QEMU\u5229\u7528\uff09 # uname -a Linux c7b94bb2fc1e 2.6.32 #57-Ubuntu SMP Tue Jul 15 03:51:08 UTC 2014 \u2026","author_name":"inaz2","provider_url":"https://hatena.blog","author_url":"https://blog.hatena.ne.jp/inaz2/","published":"2015-03-08 05:01:06","html":"<iframe src=\"https://hatenablog-parts.com/embed?url=https%3A%2F%2Finaz2.hatenablog.com%2Fentry%2F2015%2F03%2F08%2F050106\" title=\" ARM\u3067stack pivot\u3001Dynamic ROP\u3092\u3084\u3063\u3066\u307f\u308b - \u3082\u3082\u3044\u308d\u30c6\u30af\u30ce\u30ed\u30b8\u30fc\" class=\"embed-card embed-blogcard\" scrolling=\"no\" frameborder=\"0\" style=\"display: block; width: 100%; height: 190px; max-width: 500px; margin: 10px 0px;\"></iframe>","image_url":null,"blog_title":"\u3082\u3082\u3044\u308d\u30c6\u30af\u30ce\u30ed\u30b8\u30fc","blog_url":"https://inaz2.hatenablog.com/"}