Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Binary Exploitation - Basic 補充篇
Search
LJP-TW
May 26, 2021
Technology
1
50
Binary Exploitation - Basic 補充篇
2021/05/26 台科資安社 社課
直播記錄檔:
https://www.youtube.com/watch?v=I3X69ADZOnw
- TLS
LJP-TW
May 26, 2021
Tweet
Share
More Decks by LJP-TW
See All by LJP-TW
Reverse Engineering - 1
ljptw
0
1.7k
Reverse Engineering - 2
ljptw
0
730
Reverse Engineering - 3
ljptw
0
590
Re:0 從零開始的逆向工程
ljptw
1
1.2k
Linux 極入門篇
ljptw
1
290
Fuzzing 101
ljptw
1
190
Binary Exploitation - File Structure
ljptw
1
280
Binary Exploitation - Heap
ljptw
1
150
Binary Exploitation - Basic
ljptw
1
120
Other Decks in Technology
See All in Technology
~Everything as Codeを諦めない~ 後からCDK
mu7889yoon
3
330
[CV勉強会@関東 World Model 読み会] Orbis: Overcoming Challenges of Long-Horizon Prediction in Driving World Models (Mousakhan+, NeurIPS 2025)
abemii
0
130
OCI Database Management サービス詳細
oracle4engineer
PRO
1
7.4k
顧客の言葉を、そのまま信じない勇気
yamatai1212
1
350
OWASP Top 10:2025 リリースと 少しの日本語化にまつわる裏話
okdt
PRO
3
660
Context Engineeringの取り組み
nutslove
0
330
FinTech SREのAWSサービス活用/Leveraging AWS Services in FinTech SRE
maaaato
0
130
All About Sansan – for New Global Engineers
sansan33
PRO
1
1.3k
外部キー制約の知っておいて欲しいこと - RDBMSを正しく使うために必要なこと / FOREIGN KEY Night
soudai
PRO
12
5.3k
名刺メーカーDevグループ 紹介資料
sansan33
PRO
0
1k
Agile Leadership Summit Keynote 2026
m_seki
1
590
データ民主化のための LLM 活用状況と課題紹介(IVRy の場合)
wxyzzz
2
700
Featured
See All Featured
Redefining SEO in the New Era of Traffic Generation
szymonslowik
1
210
Refactoring Trust on Your Teams (GOTO; Chicago 2020)
rmw
35
3.4k
YesSQL, Process and Tooling at Scale
rocio
174
15k
SEO in 2025: How to Prepare for the Future of Search
ipullrank
3
3.3k
Build your cross-platform service in a week with App Engine
jlugia
234
18k
Docker and Python
trallard
47
3.7k
AI Search: Where Are We & What Can We Do About It?
aleyda
0
6.9k
First, design no harm
axbom
PRO
2
1.1k
Exploring the Power of Turbo Streams & Action Cable | RailsConf2023
kevinliebholz
37
6.3k
A Modern Web Designer's Workflow
chriscoyier
698
190k
Why You Should Never Use an ORM
jnunemaker
PRO
61
9.7k
10 Git Anti Patterns You Should be Aware of
lemiorhan
PRO
659
61k
Transcript
2021/5/26 NTUSTISC Binary Exploitation aka Pwn Basic 補充篇
# whoami - LJP / LJP-TW - Pwn / Rev
- NTUST / NCTU / NYCU - 10sec CTF Team 1
Outline - TLS 2
TLS 3
TLS - TLS 全名 Thread-Local Storage - Linux x64 使用
fs 暫存器記著 TLS 的位置 - Stack Canary 就是存在 TLS 中 4
TLS - fs 為 Segment Register - 計算方式 reg:offset =
ref + offset - 這時候你用 gdb 想看一下 fs 等於多少卻發現 - 難道 Canary 從 [0+0x28] 拿來的?? 5
TLS - GDB 也是 Process, fs = 0 是指 GDB
自己的 fs - 所以要怎麼拿到觀測中的 Process 的 fs? - 呼叫 arch_prctl 6 Ref: https://fasterthanli.me/series/making-our-own-executable-packer/part-13
TLS - Pwngdb 有實作取得 TLS 的功能 - 閱讀一下怎麼實作的, 發現其實一樣 -
https://github.com/scwuaptx/Pwngdb/blob/master/pwndbg/pwngdb.py#L77 7
TLS Demo 8
ljptw
mu7889yoon
abemii
oracle4engineer
yamatai1212
okdt
nutslove
maaaato
sansan33
soudai
m_seki
wxyzzz
szymonslowik
rmw
rocio
ipullrank
jlugia
trallard
aleyda
axbom
kevinliebholz
chriscoyier
jnunemaker
lemiorhan
