{"id":481,"date":"2023-06-25T14:34:28","date_gmt":"2023-06-25T05:34:28","guid":{"rendered":"https:\/\/h4ck.kr\/?p=481"},"modified":"2023-06-25T14:36:22","modified_gmt":"2023-06-25T05:36:22","slug":"python3%ec%97%90%ec%84%9c-nop-sled-%ec%b6%9c%eb%a0%a5%ec%8b%9c-0x90c2-%ea%bc%b4%eb%a1%9c-%eb%82%98%ec%98%a4%eb%8a%94-%ea%b2%bd%ec%9a%b0","status":"publish","type":"post","link":"https:\/\/h4ck.kr\/?p=481","title":{"rendered":"python3\uc5d0\uc11c nop sled \ub123\uc744\uc2dc 0x90c2.. \uaf34\ub85c \ub098\uc624\ub294 \uacbd\uc6b0"},"content":{"rendered":"\n

<\/p>\n\n\n\n

\n
\n
gdb-peda$ r <<< $(python3 -c 'print(\"\\x90\" * 128)')\nStarting program: \/home\/ubuntu\/Desktop\/awesome-basics\/chall <<< $(python3 -c 'print(\"\\x90\" * 128)')\nYour Input: \nProgram received signal SIGSEGV, Segmentation fault.\n[----------------------------------registers-----------------------------------]\n...\nRSI: 0x7fffffffe300 --> 0x90c290c290c290c2 \nRDI: 0x90c290c2 \nRBP: 0x90c290c290c290c2 \nRSP: 0x7fffffffe368 --> 0x90c290c290c290c2 \n...\n   0x5555555553e9 <main+250>:\tcall   0x555555555110 <close@plt>\n   0x5555555553ee <main+255>:\tmov    eax,0x0\n   0x5555555553f3 <main+260>:\tleave  \n=> 0x5555555553f4 <main+261>:\tret    \n   0x5555555553f5:\tadd    BYTE PTR [rax],al\n   0x5555555553f7:\tadd    bl,dh\n   0x5555555553f9 <_fini+1>:\tnop    edx\n   0x5555555553fc <_fini+4>:\tsub    rsp,0x8\n[------------------------------------stack-------------------------------------]\n0000| 0x7fffffffe368 --> 0x90c290c290c290c2 \n0008| 0x7fffffffe370 --> 0x90c290c290c290c2 \n0016| 0x7fffffffe378 --> 0x90c290c290c290c2 \n...\n[------------------------------------------------------------------------------]\nLegend: code, data, rodata, value\nStopped reason: SIGSEGV\n0x00005555555553f4 in main ()<\/pre>\n<\/div>\n<\/div>\n\n\n\n

\uc704\uc640 \uac19\uc774 0x909090.. \uaf34\uc774 \ub098\uc624\uc9c0 \uc54a\uace0 c2\ub77c\ub294 \uac12\uc774 \ub4e4\uc5b4\uac00\ub294\ub370
\uc5ec\uae30\uc11c “\\x90c2″\ub294 UTF-8 \ubb38\uc790 U+0090\uc758 16\uc9c4\uc218 \uc778\ucf54\ub529\uc774\ub2e4.
Python 2\ub294 \ubb38\uc790\uc5f4\uc744 \ubc14\uc774\ud2b8 \ubc30\uc5f4\ub85c \ucc98\ub9ac\ud558\uc9c0\ub9cc, Python 3\ub294 UTF-8\ub85c \uc778\ucf54\ub529\ub41c \ubb38\uc790\uc758 \ubc30\uc5f4\ub85c \ucc98\ub9ac\ud558\uae30 \ub54c\ubb38\uc774\ub77c\uace0 \ud55c\ub2e4.

\ub530\ub77c\uc11c \uc544\ub798\uc640 \uac19\uc774 sys.stdout.buffer.write\ub97c \uc774\uc6a9\ud558\uba74 \ud574\uacb0\ub41c\ub2e4.<\/strong><\/p>\n\n\n\n
\n
\n
gdb-peda$ r <<< $(python3 -c 'import sys; sys.stdout.buffer.write(b\"\\x90\" * 128)')<\/pre>\n<\/div>\n<\/div>\n\n\n\n
\n\n\n\n
\ub3c4\uc6c0\ub41c \uae00<\/p>\n\n\n\n
https:\/\/stackoverflow.com\/questions\/43477337\/how-to-fix-gdb-probable-charset-issue-nop-0x90-translating-to-0x90c2-in-memory<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"
\uc704\uc640 \uac19\uc774 0x909090.. \uaf34\uc774 \ub098\uc624\uc9c0 \uc54a\uace0 c2\ub77c\ub294 \uac12\uc774 \ub4e4\uc5b4\uac00\ub294\ub370\uc5ec\uae30\uc11c “\\x90c2″\ub294 UTF-8 \ubb38\uc790 U+0090\uc758 16\uc9c4\uc218 \uc778\ucf54\ub529\uc774\ub2e4.Python 2\ub294 \ubb38\uc790\uc5f4\uc744 \ubc14\uc774\ud2b8 \ubc30\uc5f4\ub85c \ucc98\ub9ac\ud558\uc9c0\ub9cc, Python 3\ub294 UTF-8\ub85c \uc778\ucf54\ub529\ub41c \ubb38\uc790\uc758 \ubc30\uc5f4\ub85c \ucc98\ub9ac\ud558\uae30 \ub54c\ubb38\uc774\ub77c\uace0 \ud55c\ub2e4. \ub530\ub77c\uc11c \uc544\ub798\uc640 \uac19\uc774 sys.stdout.buffer.write\ub97c \uc774\uc6a9\ud558\uba74 \ud574\uacb0\ub41c\ub2e4. \ub3c4\uc6c0\ub41c \uae00 https:\/\/stackoverflow.com\/questions\/43477337\/how-to-fix-gdb-probable-charset-issue-nop-0x90-translating-to-0x90c2-in-memory<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"neve_meta_sidebar":"","neve_meta_container":"","neve_meta_enable_content_width":"","neve_meta_content_width":0,"neve_meta_title_alignment":"","neve_meta_author_avatar":"","neve_post_elements_order":"","neve_meta_disable_header":"","neve_meta_disable_footer":"","neve_meta_disable_title":"","footnotes":""},"categories":[1],"tags":[],"class_list":["post-481","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"_links":{"self":[{"href":"https:\/\/h4ck.kr\/index.php?rest_route=\/wp\/v2\/posts\/481","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/h4ck.kr\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/h4ck.kr\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/h4ck.kr\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/h4ck.kr\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=481"}],"version-history":[{"count":5,"href":"https:\/\/h4ck.kr\/index.php?rest_route=\/wp\/v2\/posts\/481\/revisions"}],"predecessor-version":[{"id":487,"href":"https:\/\/h4ck.kr\/index.php?rest_route=\/wp\/v2\/posts\/481\/revisions\/487"}],"wp:attachment":[{"href":"https:\/\/h4ck.kr\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=481"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/h4ck.kr\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=481"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/h4ck.kr\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=481"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}