Posted by PIN on Apr 30
Okay.
Step 0) invoke python (on linux)
Step 1) input print(hex(id(“__main__”) & ~4095))
Step 2) Take output of (1) and subtract that number from the base of libc’s
base address (or another library); this is your offset and seems to only
vary by compiled image (for me, with 3.3.5 its 0xb4f000.
Step 3) print(hex((id(“__main__”) & ~4095) – 0xb4f000))
Step 4) The output of (3) should be a stable offset from a given…