Day3 Pwn
I heard great things about pwn. Its time to finally go through it from Beginning to End!
I am using Medium as a repo for my notes from the pwn courses.
There are 3 types of jumps
Relative,Absolute, Indirect
Absolute jmps are pretty easy to understand
mov rax,0x404300
jmp raxRelative jumps use something called labels
There are 2 types of labels symbolic and numeric
Something learned about labels is the .rept .endr
Basically I can do a relative jump by doing
Instead of what I thought would work
jmp rsp+0x51The above would fail since it is an invalid use of a register
This is to my surprise because registers can not be used as a target
When working with absolute addresses I was running into issues with the below
This is called a trampoline jump
One jump is my relative and the other is an absolute. It appears that my jmp absolute instruction is not going to 0x403000 but instead
I got the jump by label correct. But my other part is not jumping to the intermediate value
In intel syntax jmp goes to a relative offet, not an absolute address
