822 B
822 B
Egg Hunting
Egg Hunting can be applied if only a few chars are possible to use as shellcode.
A tag or egg is an already identified group of bytes in the binary the egg hunter
is trying to find.
Accessing Virtual Address Space
Like shakuganz wrote about, ccessing unallocated memory can be done in the following way
mem_addr = 0x5FFFFFFF
if access(mem_addr, 0) == 0x2f:
jump_to_next_page()
elif value_at(mem_addr) != egg:
mem_addr += 1
else:
print(mem_addr)
Tools
Egg hunter can be found in pwntools' pwnlib.shellcraft