Love the choice of Rust for the attention and for making the exploit “safe”, but I can’t help but feel most of the latter half of part 1 would be obviated by using https://godbolt.org and copy-pasting the resulting ASM instead.
Hello, author here! Thanks a lot for checking it out and for engaging with the post =).
I’m trying to understand your suggestion here: to my eye, the only bit this would affect is the script to extract __text,__TEXT from the compiled binary. I would still need the logic to pass string addresses from the asm entry point to the compiled Rust unit, for example.
Unless I’m misunderstanding, it doesn’t seem like much of a win / doesn’t seem like it would remove much work. Everything else in the latter half still seems relevant (but please do let me know if I’ve misunderstood your suggestion!).