Phase2 needs to be updated for rsp value and the issue of segfault.

hi, first thanks a lot for your notes, it helped alot.

while dumping the rtarget, i searched for 58 byte representation and i didn't find any 58 on the outer end .. what i found was 5c which is representation for popq rsp then i tried to search for mov rsp,edi which should be 48 89 e7 c3 but i didn't find it also what do you suggest??

thanks alot for your notes for the previous phases, i tried to solve phase5 but im stuck can you give me a hand ? ..

my asm code:

padding
mov rsp,rax
mov rax,rdi
pop rax
gap from gadget1 to cookie
mov edx,ecx
mov ecx,esi
lea (rdi,rsi,1),rax
mov rax,rdi
touch 3
cookie

i checked the whole addresses more than 3 times but it seems it doesn't exploit touch3 as it causes segement failure .. i am not sure of what value should be the gap ?

The popq %rax in the farm does not necessarily require 58 (the corresponding machine code) to be at the rightmost position of the instruciton. It works even if it is in the middle.

i think pase4 need update. i try it but it keep on saying You caused a segmentation fault!

I get valid solution for phase 3 but I keep causing a seg fault and im not sure why.
my buffer size is 0x28

First off, thank you so much for creating this github. Your solutions have been very helpful, but we are having a lot of trouble with phase3. Is the rsp+0x28 increment standard for all attack labs? It seems to change from person to person, but we aren't sure how to determine our increment. We have tried 0x28, and it's not working.

Thanks,

Secret Admirer

ive tried several times but still failed and it seems like old rsp value should be on the bottom of answer