Skip to content

Oxygen1a1/callstack_spoof

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
 
 
 
 
 
 

Repository files navigation

introduce

  • callstack spoof是一个混淆堆栈的工具,主要可以在你调用函数的时候混淆返回地址,并且这个返回地址位于正常模块内

  • callstack spoof" is a tool for obfuscating the call stack. It primarily obfuscates the return address when you call a function, and this return address is located within a normal module

usage

  • 这个POC支持R3 R0,使用起来简单

  • This POC supports kernel mode and user mode, and it's easy to use

int foo2(int a) {
	__debugbreak();
	DbgPrintEx(77,0,"%d\r\n", a);
	return a;  
}

void foo1() {

	foo2(111);
	auto ret=SPOOF_CALL(int, foo2)(111);
	DbgPrintEx(77, 0, "func ret->%d\r\n", ret);
	
}

POC

image-20230924154650443

thanks

https://github.com/Barracudach/CallStack-Spoofer

I must thank @Barracudach. My project is based on what he wrote. The only flaw in his project is that when spoofing the call stack, the return address is in an illegal module (or not in a module at all). I have improved upon this shortcoming

About

No description, website, or topics provided.

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages