libmem icon indicating copy to clipboard operation
libmem copied to clipboard

Published 20 hours ago verified publisher icon rdbo

Ptrace issues

Open rdbo opened this issue 1 year ago • 0 comments

These issues were mentioned by @d0ubleday image image

TLDR:

  • The ptrace impl doesn't check why the process stopped; it just assumed it was part of the regular execution (which it may not have been)
  • Threads should be frozen to prevent race conditions on the target process
  • The first 128-bytes above RSP could be used for temporary data in leaf functions, according to the ABI showed in the image above, so writing the custom stack on that area may be a bad idea

rdbo avatar Jun 19 '24 09:06 rdbo