Category : pwnable Summary : qemu escape Exploit#include #include #include #include #include #include #include #include #include #define OOO_ALLOCATE 0x000000 #define OOO_FREE 0x100000 #define OOO_WRITE 0x200000 #define MAP_SIZE 0x1000000 #define OOO_BIN_BASE 0x1317940 #define FREE_GOT 0x11301a0 #define OOO_MAGIC_GADGET 0x6e65f9 int fd; char *mmio; uint64_t ooo_read(uint32_t idx, uint32_t offset..
2018/12/03
Category : pwnable Summary : qemu escape Exploit #include #include #include #include #include #include #include #include #include #include #define IOMEM_A 0xfe900000 #define IOMEM_B 0xfea00000 #define IOPORT_A 0xc000 #define IOPORT_B 0xc100 #define MMIO_SRC 0x04 #define MMIO_DST 0x08 #define MMIO_COPY 0x20 #define MMIO_CMD 0x24 #define MMIO_TIMER 0x80 #define MMIO_EXPIRE_LO 0x88 #define MMIO_EXP..
Category : pwnable Summary : qemu escape Exploit #include #include #include #include #include #include #include #include #include #include #define SRC_LO 0x80 #define SRC_HI 0x84 #define DST_LO 0x88 #define DST_HI 0x8c #define CNT 0x90 #define TIMER 0x98 #define TIMER_READ 0x1 #define TIMER_WRITE 0x3 #define TIMER_ENC 0x4 #define MAP_SIZE 0x1000 #define PAGE_SHIFT 12 #define PAGE_SIZE (1 enc = s..
