farfetchd

Farfetch’d Session 2

The following session modifies the argv strings of a target process, which are located toward the beginning of the stack.

---

$ setarch -R ../targets/twecho operating systems is the best &
[1] 10183
$ # TASK_SIZE refers to the size of the user virtual address space (different on x86_64/arm64)
$ test "$(uname -m)" == x86_64 && TASK_SIZE=$(((1 << 47) - 4096)) || TASK_SIZE=$((1 << 48))
$ sudo ./farfetchd 10183 $(($TASK_SIZE-4096)) 4096

bvi version 1.4.0 Copyright (C) 1996-2014 by Gerhard Buergmann
$ fg
setarch -R ../targets/twecho operating systems is the best
^Cfar FAR
fetch'd FETCH'D
is IS
the THE
best BEST

For those curious, TASK_SIZE was determined based on the respective Linux kernel macros for x86_64 and arm64, assuming 48-bit virtual addresses in each case.