write-up(pwn)
![[pwnable.tw] start write-up](https://img1.daumcdn.net/thumb/R750x0/?scode=mtistory2&fname=https%3A%2F%2Fblog.kakaocdn.net%2Fdna%2Fb7uEpC%2FbtsI6icKNG6%2FAAAAAAAAAAAAAAAAAAAAAHpsvJHg-RmwSwUrUT_GOp4EBJJ38tLita4v0FLxhOaf%2Fimg.png%3Fcredential%3DyqXZFxpELC7KVnFOS48ylbz2pIh7yKj8%26expires%3D1764514799%26allow_ip%3D%26allow_referer%3D%26signature%3DWWZ8c6mM73g0gibcTJAs9ieOnkk%253D)
[pwnable.tw] start write-up
특이사항으로 스택에 실행 권한이 있다. 문제 코드는 다음과 같다.__int64 start(){ __int64 result; // rax result = 0x3C00000003LL; __asm { int 80h; LINUX - sys_write int 80h; LINUX - sys_read } return result;} 어셈으로 보면 다음과 같으며 syscall table을 참조하여 해석할 수 있다..text:08048060 ; __int64 start().text:08048060 public _start.text:08048060 _start proc near ; DATA XREF: LOAD:0804..