$30 off During Our Annual Pro Sale. View Details »
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Binary Exploitation - Basic 補充篇
Search
LJP-TW
May 26, 2021
Technology
1
46
Binary Exploitation - Basic 補充篇
2021/05/26 台科資安社 社課
直播記錄檔:
https://www.youtube.com/watch?v=I3X69ADZOnw
- TLS
LJP-TW
May 26, 2021
Tweet
Share
More Decks by LJP-TW
See All by LJP-TW
Reverse Engineering - 1
ljptw
0
1.7k
Reverse Engineering - 2
ljptw
0
720
Reverse Engineering - 3
ljptw
0
570
Re:0 從零開始的逆向工程
ljptw
1
1.2k
Linux 極入門篇
ljptw
1
290
Fuzzing 101
ljptw
1
180
Binary Exploitation - File Structure
ljptw
1
280
Binary Exploitation - Heap
ljptw
1
150
Binary Exploitation - Basic
ljptw
1
120
Other Decks in Technology
See All in Technology
SREには開発組織全体で向き合う
koh_naga
0
390
Amazon Quick Suite で始める手軽な AI エージェント
shimy
1
1.2k
ESXi のAIOps だ!2025冬
unnowataru
0
140
生成AI時代におけるグローバル戦略思考
taka_aki
0
210
ActiveJobUpdates
igaiga
1
280
日本Rubyの会: これまでとこれから
snoozer05
PRO
5
210
半年で、AIゼロ知識から AI中心開発組織の変革担当に至るまで
rfdnxbro
0
110
JEDAI認定プログラム JEDAI Order 2026 エントリーのご案内 / JEDAI Order 2026 Entry
databricksjapan
0
150
CARTAのAI CoE が挑む「事業を進化させる AI エンジニアリング」 / carta ai coe evolution business ai engineering
carta_engineering
0
2.1k
20251218_AIを活用した開発生産性向上の全社的な取り組みの進め方について / How to proceed with company-wide initiatives to improve development productivity using AI
yayoi_dd
0
480
S3を正しく理解するための内部構造の読解
nrinetcom
PRO
3
220
2025-12-18_AI駆動開発推進プロジェクト運営について / AIDD-Promotion project management
yayoi_dd
0
140
Featured
See All Featured
First, design no harm
axbom
PRO
1
1k
How to Think Like a Performance Engineer
csswizardry
28
2.4k
Evolving SEO for Evolving Search Engines
ryanjones
0
72
Save Time (by Creating Custom Rails Generators)
garrettdimon
PRO
32
1.8k
Navigating the Design Leadership Dip - Product Design Week Design Leaders+ Conference 2024
apolaine
0
110
Navigating Algorithm Shifts & AI Overviews - #SMXNext
aleyda
0
1k
How to Create Impact in a Changing Tech Landscape [PerfNow 2023]
tammyeverts
55
3.2k
Ethics towards AI in product and experience design
skipperchong
1
140
How to Ace a Technical Interview
jacobian
281
24k
A designer walks into a library…
pauljervisheath
210
24k
Reality Check: Gamification 10 Years Later
codingconduct
0
1.9k
The Spectacular Lies of Maps
axbom
PRO
1
400
Transcript
2021/5/26 NTUSTISC Binary Exploitation aka Pwn Basic 補充篇
# whoami - LJP / LJP-TW - Pwn / Rev
- NTUST / NCTU / NYCU - 10sec CTF Team 1
Outline - TLS 2
TLS 3
TLS - TLS 全名 Thread-Local Storage - Linux x64 使用
fs 暫存器記著 TLS 的位置 - Stack Canary 就是存在 TLS 中 4
TLS - fs 為 Segment Register - 計算方式 reg:offset =
ref + offset - 這時候你用 gdb 想看一下 fs 等於多少卻發現 - 難道 Canary 從 [0+0x28] 拿來的?? 5
TLS - GDB 也是 Process, fs = 0 是指 GDB
自己的 fs - 所以要怎麼拿到觀測中的 Process 的 fs? - 呼叫 arch_prctl 6 Ref: https://fasterthanli.me/series/making-our-own-executable-packer/part-13
TLS - Pwngdb 有實作取得 TLS 的功能 - 閱讀一下怎麼實作的, 發現其實一樣 -
https://github.com/scwuaptx/Pwngdb/blob/master/pwndbg/pwngdb.py#L77 7
TLS Demo 8
ljptw
.JPG){kind=avatar}
koh_naga
shimy
unnowataru
taka_aki
igaiga
snoozer05
rfdnxbro
databricksjapan
carta_engineering
yayoi_dd
nrinetcom
axbom
csswizardry
ryanjones
garrettdimon
apolaine
aleyda
tammyeverts
skipperchong
jacobian
pauljervisheath
codingconduct
