H4niz
/ insert.asm
Created
June 5, 2018 16:12
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| .text:08048835 insert proc near ; CODE XREF: add+F5↓p | |
| .text:08048835 ; checkout+5D↓p | |
| .text:08048835 | |
| .text:08048835 MyCart = dword ptr -4 | |
| .text:08048835 heap_space = dword ptr 8 | |
| .text:08048835 | |
| .text:08048835 ; __unwind { | |
| .text:08048835 push ebp | |
| .text:08048836 mov ebp, esp | |
| .text:08048838 sub esp, 10h |
H4niz
/ create.asm
Created
June 5, 2018 16:10
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| .text:080487E4 create proc near ; CODE XREF: add+73↓p | |
| .text:080487E4 ; add+8C↓p ... | |
| .text:080487E4 | |
| .text:080487E4 space = dword ptr -0Ch | |
| .text:080487E4 name = dword ptr 8 | |
| .text:080487E4 price = dword ptr 0Ch | |
| .text:080487E4 | |
| .text:080487E4 ; __unwind { | |
| .text:080487E4 push ebp | |
| .text:080487E5 mov ebp, esp |
H4niz
/ createfile.asm
Created
May 7, 2018 18:33
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| push 0 ; hTemplateFile | |
| push offset unk_40216F ; dwFlagsAndAttributes | |
| push 3 ; dwCreationDisposition | |
| push 0 ; lpSecurityAttributes | |
| push 3 ; dwShareMode | |
| push 0C0000000h ; dwDesiredAccess | |
| push offset FileName ; "Keyfile.dat" | |
| call CreateFileA |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| # -*- coding: utf-8 -*- | |
| #------------------------- | |
| from pwn import * | |
| import sys | |
| #******************** | |
| host = "chall.pwnable.tw" |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| int eval(int Sign, int *Pool) { | |
| int bufSign; | |
| bufSign = Sign; | |
| if(bufSign == '+' ) { | |
| Pool->value[ Pool->num-2 ] = Pool->value[ Pool->num-2 ] + Pool->value[ Pool->num-1 ]; | |
| } | |
| else if (bufSign == '-') { | |
| Pool->value[ Pool->num-2 ] = Pool->value[ Pool->num-2 ] - Pool->value[ Pool->num-1 ]; | |
| } |
H4niz
/ parse_expr.c
Created
March 23, 2018 05:05
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| int parse_arg( int *refArrayofElement, int Pool) { | |
| char *ArrayofElement, PrevElement; | |
| int CountElement, sizeOfElement, Element; | |
| *ArrayofElement = &refArrayofElement; | |
| NextElement = *ArrayofElement; | |
| _bzero( ListofSign, 0x64 ); //Fill ListofSign by Zero | |
| while( ArrayofElement[CountElement] != NULL ) { |
H4niz
/ get_expr.c
Last active
March 29, 2018 14:06
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| int get_expr(int *NumberArray) { | |
| while ( ( read(0, &bufChar, 1)) != 0 && index < MaxSize ) { | |
| if ( bufChar != 0x0a ) { | |
| if ( bufChar == '+' || bufChar == '-' || bufChar == '*' || bufChar == '%' || bufChar >= 0x2F/* / */ && bufChar <= 0x39 /* 9 */) { | |
| NumberArray[index++] = bufChar; | |
| } | |
| } | |
| else { | |
| NumberArray[index] = 0; |
H4niz
/ MagicNumber.c
Created
March 20, 2018 18:02
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <stdio.h> | |
| #include <string.h> | |
| /*Prototype*/ | |
| void PlayAgain(); | |
| /*---------*/ | |
| int MagicNumber[4], \ | |
| InputNumber[4]; | |
| char inp; |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| push offset aGiveMyYourShel ; "Give my your shellcode:" | |
| call _printf | |
| add esp, 10h | |
| sub esp, 4 | |
| push 0C8h | |
| push offset shellcode | |
| push 0 | |
| call _read | |
| add esp, 10h | |
| mov eax, offset shellcode |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| _start proc near | |
| push esp | |
| push offset _exit | |
| xor eax, eax | |
| xor ebx, ebx | |
| xor ecx, ecx | |
| xor edx, edx | |
| push ':FTC' | |
| push ' eht' | |
| push ' tra' |