Array of Alpaca function pointers 🦙🦙🦙🦙🦙
Beginner Hint (AI-translated)
- This problem belongs to the Pwn category, specifically Pwnable (Binary Exploitation).
- The goal is to launch a shell by executing the
winfunction in a remote environment. - The
asm volatile("mov $0,%spl");in the win function is a process to simplify the problem. When calling the system function, rsp must be a multiple of 16. So, to simplify the problem here, we make rsp a multiple of 16 by setting the lower byte of rsp to 0. With this, we can execute the win function without worrying about it in this case. Reference - alpaca_functions is an array of function pointers placed on the stack.
- When a function is called, the return address, the address to return to the original function, is placed on the stack.