Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- .text:1000172A push offset aChunked ; "chunked"
- .text:1000172F push edi ; Str1
- .text:10001730 call ebx ; _stricmp ; eax=00000000 ebx=77c4624e ecx=00000000 edx=056a0ea8 esi=056a0080 edi=056a0ebb
- .text:10001730 ; eip=10001730 esp=0096d514 ebp=0096fef4 iopl=0 nv up ei pl zr na pe nc
- .text:10001730 ; cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246
- .text:10001730 ; mod_wl_20+0x1730:
- .text:10001730 ; 10001730 ffd3 call ebx {msvcrt!stricmp (77c4624e)}
- .text:10001730 ; 0:010> da poi(esp)
- .text:10001730 ; 056a0ebb "ZRNAKYyPK"
- .text:10001730 ; 0:010> da poi(esp+4)
- .text:10001730 ; 100755c8 "chunked"
- .text:10001730 ;
- .text:10001732 add esp, 18h
- .text:10001735 test eax, eax ; eax=00000001 ebx=77c4624e ecx=100755c8 edx=006c4798 esi=006c3970 edi=006c47ab
- .text:10001735 ; eip=10001735 esp=0274d52c ebp=0274fef4 iopl=0 nv up ei pl nz na po nc
- .text:10001735 ; cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
- .text:10001735 ; mod_wl_20+0x1735:
- .text:10001735 ; 10001735 85c0 test eax,eax
- .text:10001737 jz short loc_1000178C ; jmp not taken
- .text:10001739 push edi
- .text:1000173A lea ecx, [ebp+ArgList]
- .text:10001740 push offset aUnknownTransfe ; "Unknown Transfer-Encoding: %s"
- .text:10001745 push ecx ; Dest
- .text:10001746 call ds:sprintf ; Breakpoint 1 hit
- .text:10001746 ; eax=00000001 ebx=77c4624e ecx=0096d538 edx=056a0ea8 esi=056a0080 edi=056a0ebb
- .text:10001746 ; eip=10001746 esp=0096d520 ebp=0096fef4 iopl=0 nv up ei pl nz na po nc
- .text:10001746 ; cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
- .text:10001746 ; mod_wl_20+0x1746:
- .text:10001746 ; 10001746 ff15bc120710 call dword ptr [mod_wl_20+0x712bc (100712bc)] ds:0023:100712bc={msvcrt!sprintf (77c3f931)}
- .text:10001746 ; 0:010> da poi(esp)
- .text:10001746 ; 0096d538 ""
- .text:10001746 ; 0:010> da poi(esp+4)
- .text:10001746 ; 100755a8 "Unknown Transfer-Encoding: %s"
- .text:10001746 ; 0:010> da poi(esp+8)
- .text:10001746 ; 056a0ebb "ZRNAKYyPK"
- .text:10001746 ;
- .text:10001746 ; OFF-TOPIC: Could be the sprintf related to CVE-2008-4008 :)
- .text:1000174C lea edx, [ebp+Memory]
- .text:10001752 lea eax, [ebp+ArgList]
- .text:10001758 push edx
- .text:10001759 push eax
- .text:1000175A push esi
- .text:1000175B call sub_10004A50 ; generates a nice info leak
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement