Question about RTL (or ROP) chaining order
I’m confused now about how the order is set up for the ROP chain.
Let’s say we’d like to make a chain below
in C:
open("myfile", O_RDONLY);
read(3, buf, 100);
in payload:
p32(OPEN_ADDR)
p32(PPR) # pop pop ret
p32(FILE_ADDR_BUF)
… Continue reading Question about RTL (or ROP) chaining order