IOStates/LeakBasedCoreGenerator: recvrepeat(0.1) after leaking

aesophor · aesophor · commit 55896933324d · 2022-02-06T13:18:36.000+08:00
Signed-off-by: Marco Wang &lt;m.aesophor@gmail.com&gt;
diff --git a/src/Modules/IOStates/LeakBasedCoreGenerator.cpp b/src/Modules/IOStates/LeakBasedCoreGenerator.cpp
@@ -162,6 +162,10 @@ void IOStateInfoVisitor::operator()(const OutputStateInfo &stateInfo) {
             "log.info('leaked elf_base: {}'.format(hex(elf_base)))",
         });
     }
+
+    // We still need to receive whatever that comes after
+    // the canary or the address.
+    exploit.writeline("proc.recvrepeat(0.1)");
 }
 
 void IOStateInfoVisitor::operator()(const SleepStateInfo &stateInfo) {

Original file line number	Diff line number	Diff line change
`@@ -162,6 +162,10 @@ void IOStateInfoVisitor::operator()(const OutputStateInfo &stateInfo) {`
`162`	`162`	`"log.info('leaked elf_base: {}'.format(hex(elf_base)))",`
`163`	`163`	`});`
`164`	`164`	`}`
	`165`	`+`
	`166`	`+ // We still need to receive whatever that comes after`
	`167`	`+ // the canary or the address.`
	`168`	`+ exploit.writeline("proc.recvrepeat(0.1)");`
`165`	`169`	`}`
`166`	`170`
`167`	`171`	`void IOStateInfoVisitor::operator()(const SleepStateInfo &stateInfo) {`