ret2libc
commented
4 years ago This issue has been moved from radareorg/radare2 to radareorg/ideas as we are trying to clean our backlog and this issue has probably been created a long while ago. This is an effort to help contributors understand what are the actionable items they can work on, prioritize issues better and help users find active/duplicated issues more easily. If this is not an enhancement/improvement/general idea but a bug, feel free to ask for re-transfer to main repo. Thanks for your understanding and contribution with this issue.
it will be useful to identify value of GP in mips or find the base address where a binary is mapped in memory by adding r2 the ability to resolve simple esil equations.
This thing can be even done by bruteforcing, the question the user performs would be:
GPi need to get thatT9register pointing tosym.imp.main?Then we must compute differnet values of GP (within a range) in order to calculate which value makes the emulated code result in having the address of sym.imp.main in the register T9.