qbdi_mode/demo-so.c


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33

#include <stdio.h>

// gcc -shared -o libdemo.so demo-so.c -w
int target_func(char *buf, int size)
{
    printf("buffer:%p, size:%p\n", buf, size);
    switch (buf[0])
    {
    case 1:
        puts("222");
        if (buf[1] == '\x44')
        {
            puts("null ptr deference");
            *(char *)(0) = 1;
        }
        break;
    case 0xff:
        if (buf[2] == '\xff')
        {
            if (buf[1] == '\x44')
            {
                puts("crash....");
                *(char *)(0xdeadbeef) = 1;
            }
        }
        break;
    default:
        puts("default action");
        break;
    }

    return 1;
}