-
Notifications
You must be signed in to change notification settings - Fork 7
/
Copy pathgetenvaddr.c
44 lines (32 loc) · 1019 Bytes
/
getenvaddr.c
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
/*
* EXPLANATION FROM ERICSSON
*
* degrigis@hacking ./a SLEDLESS
* SLEDLESS is at 0xbfffff4e
*
* degrigis@hacking ./bb SLEDLESS ( +1 char respect to previous name and so -2 bytes in the address of env var )
* SLEDLESS is at 0xbfffff4c
*
*
* In this code argv[0] represent the name of actual program and argv[2] th name of the program that will be launch
*
* getenvaddr - ./binary8 = 10 - 9 = 1 // so -2 bytes to the address of env var
*
* getn - ./binary8 = 4 - 9 = 5 // so +10 bytes to the address of env var
*
* */
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
int main(int argc,char**argv)
{
char *ptr;
if(argc<3){
printf("Usage: %s <environment var> <target program name>\n", argv[0]);
exit(0);
}
ptr = getenv(argv[1]);
//there is an increment of 2 bytes for every bytes added to the name of the program (pg.141 ericson, or see example at the end)
ptr += (strlen(argv[0]) - strlen(argv[2]))*2;
printf("%s will be at %p\n",argv[1],ptr);
}