169
GitHub - vnik5287/kaslr_tsx_bypass: Linux kASLR (Intel TSX/RTM) bypass static li...
source link: https://github.com/vnik5287/kaslr_tsx_bypass
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
Linux kASLR (Intel TSX/RTM) bypass static library
Uses Intel TSX/RTM (Restricted Transactional Memory) cache side-channel to get the kernel offset.
Usage
Link libkaslr.a to your exploit and call get_kaslr_offset()
to get the
offset. The return value is either the kernel offset or (uint64_t)-1 on error.
$ gcc example.c libkaslr.a -static -lm -lpthread
Might try running get_kaslr_offset()
in a loop to make sure the return value
is stable.
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK