in order to solve a binary exploitation CTF-Challenge I have to create an array of arguments to pass to a syscall. I searched a lot on the internet, but I can't find a description on how to create an array of strings with a ROP-Chain on a 64-bit machine.
Does anyone know it's done?
If you supply the stack address, it will be automatically done using pwntools ROP functionality.
Excerpt from the docs:
You can also append complex arguments onto stack when the stack pointer is known.
>>> rop = ROP(binary, base=0x7fffe000) >>> rop.call('execve', [b'/bin/sh', [[b'/bin/sh'], [b'-p'], [b'-c'], [b'ls']], 0]) >>> print(rop.dump()) 0x7fffe000: 0xcafebabe execve([b'/bin/sh'], [[b'/bin/sh'], [b'-p'], [b'-c'], [b'ls']], 0) 0x7fffe004: b'baaa' <return address> 0x7fffe008: 0x7fffe014 arg0 (+0xc) 0x7fffe00c: 0x7fffe01c arg1 (+0x10) 0x7fffe010: 0x0 arg2 0x7fffe014: b'/bin/sh\x00' 0x7fffe01c: 0x7fffe02c (+0x10) 0x7fffe020: 0x7fffe034 (+0x14) 0x7fffe024: 0x7fffe038 (+0x14) 0x7fffe028: 0x7fffe03c (+0x14) 0x7fffe02c: b'/bin/sh\x00' 0x7fffe034: b'-p\x00$' 0x7fffe038: b'-c\x00$' 0x7fffe03c: b'ls\x00$'
