Skip to content

Commit 2bce086

Browse files
RocketMaDevRocketMaDev
committed
add some comment on execveat call @ MagicBook
1 parent 3e56e57 commit 2bce086

File tree

1 file changed

+3
-0
lines changed

1 file changed

+3
-0
lines changed

dasjuly2024/MagicBook.md

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -34,6 +34,9 @@
3434
3535
只禁了`execve`系统调用,因此可以使用`execveat`来拿shell
3636

37+
在设置传参函数的时候还要将r8置为0,因为这个`flags`在我们的情况下是`0x1e`
38+
会导致`execveat`无法打开shell
39+
3740
### `execveat`在libc中出现的时刻
3841

3942
经过源码符号查找,首次出现这个系统调用的版本是[2.27](https://elixir.bootlin.com/glibc/glibc-2.27/source/sysdeps/unix/sysv/linux/fexecve.c#L43)

0 commit comments

Comments
 (0)