You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
Uh oh!
There was an error while loading. Please reload this page.
Uh oh!
There was an error while loading. Please reload this page.
-
把这段复制到EAA0h处
然后在110an下注入运行这段ROP:
运行效果:
按等于之后屏幕清空,再按Shift,打印“Hello”
并且等一小会就
2:21BE本来是显示条纹的嘛,但这里直接空屏了,是否能证明,gadget 2:21BE这里的“条纹样式”与R1无关?因为2:21BE第一条指令就是
以及gadget 2:205C的冻结无效了?因为过一小会就跑飞显示序列号了。
附那段复制的rop带注释的:
https://github.com/qiufuyu123/fxesplus/blob/34b68fc2c5b27ac89b9ede22aa3702ce2c216181/991cnx/betterlabels.txt#L42
https://github.com/qiufuyu123/fxesplus/blob/34b68fc2c5b27ac89b9ede22aa3702ce2c216181/991cnx/betterlabels.txt#L29-L30
Beta Was this translation helpful? Give feedback.
All reactions