{"version":1,"pages":[{"id":"wV7Z9xMRi0FTLdYLVUsL","title":"Introduction","pathname":"/pwn-notes","siteSpaceId":"sitesp_Aza8K"},{"id":"BfP3RTmHJFuKtNTwfiHO","title":"ROP 2.34+","pathname":"/pwn-notes/pwn/rop-2.34+","siteSpaceId":"sitesp_Aza8K","breadcrumbs":[{"label":"pwn"}]},{"id":"COhrrpd8R6TROmkEfiz8","title":"The problem","pathname":"/pwn-notes/pwn/rop-2.34+/the-problem","siteSpaceId":"sitesp_Aza8K","description":"What happened to ROP?","breadcrumbs":[{"label":"pwn"},{"label":"ROP 2.34+"}]},{"id":"pKfmKyEye0hMtzHAJiux","title":"ret2gets","pathname":"/pwn-notes/pwn/rop-2.34+/ret2gets","siteSpaceId":"sitesp_Aza8K","description":"Who needs \"pop rdi\" when you have gets()","breadcrumbs":[{"label":"pwn"},{"label":"ROP 2.34+"}]},{"id":"6Ja8dKCiAuQLXCVgAGND","title":"Controlling rbp","pathname":"/pwn-notes/pwn/rop-2.34+/controlling-rbp","siteSpaceId":"sitesp_Aza8K","description":"A method of arbitrary writing","breadcrumbs":[{"label":"pwn"},{"label":"ROP 2.34+"}]},{"id":"wHW5Xxnzy8frA4pL4Ue4","title":"Controlling rax","pathname":"/pwn-notes/pwn/rop-2.34+/controlling-rax","siteSpaceId":"sitesp_Aza8K","breadcrumbs":[{"label":"pwn"},{"label":"ROP 2.34+"}]},{"id":"lhvmd5RwofQxiiz8tmQV","title":"dlrop","pathname":"/pwn-notes/pwn/rop-2.34+/dlrop","siteSpaceId":"sitesp_Aza8K","breadcrumbs":[{"label":"pwn"},{"label":"ROP 2.34+"}]},{"id":"eRLORnxZ0G9LHXOM4xvy","title":"Other gadgets","pathname":"/pwn-notes/pwn/rop-2.34+/other-gadgets","siteSpaceId":"sitesp_Aza8K","breadcrumbs":[{"label":"pwn"},{"label":"ROP 2.34+"}]},{"id":"CCO8OEEo42pM2gPvLxEb","title":"setcontext","pathname":"/pwn-notes/pwn/setcontext","siteSpaceId":"sitesp_Aza8K","description":"Glibc's answer to sigreturn","breadcrumbs":[{"label":"pwn"}]},{"id":"XUMf72PvPUQZSPomPIwY","title":"fork_gadget","pathname":"/pwn-notes/pwn/fork_gadget","siteSpaceId":"sitesp_Aza8K","description":"","breadcrumbs":[{"label":"pwn"}]},{"id":"iqGh4vXQixyNpBzPhggU","title":"HTB Business 2024","pathname":"/pwn-notes/ctf-writeups/htb-business-2024","siteSpaceId":"sitesp_Aza8K","breadcrumbs":[{"label":"CTF writeups"}]},{"id":"YnDd4wKuh5t1emzp6fyN","title":"No Gadgets","pathname":"/pwn-notes/ctf-writeups/htb-business-2024/no-gadgets","siteSpaceId":"sitesp_Aza8K","description":"ROPing using `leave ; ret` rather than `pop rdi ; ret`","breadcrumbs":[{"label":"CTF writeups"},{"label":"HTB Business 2024"}]},{"id":"0SCONNT7soDwpnoDzumo","title":"corCTF 2024","pathname":"/pwn-notes/ctf-writeups/corctf-2024","siteSpaceId":"sitesp_Aza8K","breadcrumbs":[{"label":"CTF writeups"}]},{"id":"dc3raeuv7DfiJSMIZ8Cc","title":"format-string","pathname":"/pwn-notes/ctf-writeups/corctf-2024/format-string","siteSpaceId":"sitesp_Aza8K","breadcrumbs":[{"label":"CTF writeups"},{"label":"corCTF 2024"}]},{"id":"SOamfH4EtNQuBybKWWRV","title":"corchat v3","pathname":"/pwn-notes/ctf-writeups/corctf-2024/corchat-v3","siteSpaceId":"sitesp_Aza8K","breadcrumbs":[{"label":"CTF writeups"},{"label":"corCTF 2024"}]},{"id":"zEe2i3qkTVuSIZZzFdau","title":"diceCTF 2025","pathname":"/pwn-notes/dicectf-2025","siteSpaceId":"sitesp_Aza8K"},{"id":"i4i3CvsW42kTSmz7mQVI","title":"r2uwu2s-resort","pathname":"/pwn-notes/dicectf-2025/r2uwu2s-resort","siteSpaceId":"sitesp_Aza8K","breadcrumbs":[{"label":"diceCTF 2025"}]},{"id":"JG0dGrSOLBaftWKUzMQB","title":"locked room","pathname":"/pwn-notes/dicectf-2025/locked-room","siteSpaceId":"sitesp_Aza8K","breadcrumbs":[{"label":"diceCTF 2025"}]}]}