Created
December 6, 2014 05:53
-
-
Save hhc0null/92c3983e3d0310e475b2 to your computer and use it in GitHub Desktop.
あってるかどうかわからない
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| int filter(int size, char *shellcode) | |
| { | |
| int b1; // -0x10(%ebp) | |
| int b2; // -0x14(%ebp) | |
| int x; // -0xc(%ebp) | |
| int y; // -0x8(%ebp) | |
| int i; // -0x4(%ebp) | |
| for(int i = 0; i < size; i+=2) { | |
| b1 = (unsigned int)shellcode[i]; | |
| b2 = (unsigned int)shellcode[i+1]; | |
| if(b2 != 5) { | |
| if(b2 == 0xfb) { | |
| if(b1 == 0x1d) { | |
| y = 2; | |
| goto LOC_8048d7a; | |
| } | |
| if(b1 == 0x1e) { | |
| y = 1; | |
| goto LOC_8048d7a; | |
| } | |
| if(0x1e < b1 && b1 <= 0x28 || 0x29 < b1 && b1 <= 0x36 || | |
| 0x37 < b1 && b1 <= 0x3c || b1 == 0x40) { | |
| y = 0; | |
| goto LOC_8048d7a; | |
| } | |
| return i; | |
| } else { | |
| return i; | |
| } | |
| } | |
| if(0x90 < b1 && b1 <= 0xbd || 0xbe < b1 && b1 <= 0xc7) { | |
| y = 1; | |
| goto LOC_8048d7a; | |
| } | |
| if(b1 == 0xc0) { | |
| y = 2; | |
| goto LOC_8048d7a; | |
| } | |
| if(b1 != 0xc1 && b1 != 0xc2) { | |
| if(0xcf < b1 && b1 <= 0xea || 0xef < b1 && b1 <= 0xf2) { | |
| y = 0; | |
| goto LOC_8048d7a; | |
| } | |
| if(b1 != 0xc4 && b2 == 0xc5) { | |
| y = 1; | |
| goto LOC_8048d7a; | |
| } | |
| if(0xf2 < b1 && b1 <= 0xf4 || b1 == 0xc6) { | |
| y = 2; | |
| goto LOC_8048d7a; | |
| } | |
| return i; | |
| } | |
| y = 1; | |
| goto LOC_8048d7a; | |
| LOC_8048d7a: | |
| if(x != 0 && y == 1) { | |
| return i; | |
| } | |
| x = y; | |
| } | |
| } |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 08048b92 <filter>: | |
| int filter(int size, char *shellcode) | |
| { | |
| 8048b92: 55 push %ebp | |
| 8048b93: 89 e5 mov %esp,%ebp | |
| 8048b95: 83 ec 20 sub $0x20,%esp | |
| int b1; // -0x10(%ebp) | |
| int b2; // -0x14(%ebp) | |
| int x; // -0xc(%ebp) | |
| int y; // -0x8(%ebp) | |
| int i; // -0x4(%ebp) | |
| 8048b98: c7 45 f4 00 00 00 00 movl $0x0,x // x | |
| 8048b9f: c7 45 fc 00 00 00 00 movl $0x0,i // i | |
| 8048ba6: e9 ea 01 00 00 jmp 8048d95 <filter+0x203> | |
| for(int i = 0; i < size; i+=2) { | |
| 8048bab: 8b 45 fc mov i,%eax | |
| 8048bae: 8b 55 0c mov 0xc(%ebp),%edx | |
| 8048bb1: 01 d0 add %edx,%eax | |
| 8048bb3: 0f b6 00 movzbl (%eax),%eax | |
| 8048bb6: 0f b6 c0 movzbl %al,%eax | |
| 8048bb9: 89 45 f0 mov %eax,b1 | |
| b1 = (unsigned int)shellcode[i]; | |
| 8048bbc: 8b 45 fc mov i,%eax | |
| 8048bbf: 8d 50 01 lea 0x1(%eax),%edx | |
| 8048bc2: 8b 45 0c mov 0xc(%ebp),%eax | |
| 8048bc5: 01 d0 add %edx,%eax | |
| 8048bc7: 0f b6 00 movzbl (%eax),%eax | |
| 8048bca: 0f b6 c0 movzbl %al,%eax | |
| 8048bcd: 89 45 ec mov %eax,b2 | |
| b2 = (unsigned int)shellcode[i+1]; | |
| 8048bd0: 8b 45 ec mov b2,%eax | |
| 8048bd3: 83 f8 05 cmp $0x5,%eax | |
| 8048bd6: 74 10 je 8048be8 <filter+0x56> | |
| if(b2 != 5 ) { | |
| 8048bd8: 3d fb 00 00 00 cmp $0xfb,%eax | |
| 8048bdd: 0f 84 1b 01 00 00 je 8048cfe <filter+0x16c> | |
| if(b2 == 0xfb) goto LOC_8048cfe; | |
| 8048be3: e9 8d 01 00 00 jmp 8048d75 <filter+0x1e3> | |
| else goto LOC_8048d75; | |
| } | |
| 8048be8: 81 7d f0 90 00 00 00 cmpl $0x90,b1 | |
| 8048bef: 7e 15 jle 8048c06 <filter+0x74> | |
| 8048bf1: 81 7d f0 bd 00 00 00 cmpl $0xbd,b1 | |
| 8048bf8: 7f 0c jg 8048c06 <filter+0x74> | |
| if(b1 > 0x90 && b1 <= 0xbd) { | |
| 8048bfa: c7 45 f8 01 00 00 00 movl $0x1,y | |
| y = 1; | |
| 8048c01: e9 74 01 00 00 jmp 8048d7a <filter+0x1e8> | |
| goto LOC_8048d7a; | |
| } | |
| 8048c06: 81 7d f0 be 00 00 00 cmpl $0xbe,b1 | |
| 8048c0d: 74 09 je 8048c18 <filter+0x86> | |
| 8048c0f: 81 7d f0 c0 00 00 00 cmpl $0xc0,b1 | |
| 8048c16: 75 0c jne 8048c24 <filter+0x92> | |
| if(b1 != 0xbe && b1 == 0xc0) { | |
| 8048c18: c7 45 f8 02 00 00 00 movl $0x2,y | |
| y = 2; | |
| 8048c1f: e9 56 01 00 00 jmp 8048d7a <filter+0x1e8> | |
| goto LOC_8048d7a; | |
| } | |
| 8048c24: 81 7d f0 be 00 00 00 cmpl $0xbe,b1 | |
| 8048c2b: 7e 15 jle 8048c42 <filter+0xb0> | |
| 8048c2d: 81 7d f0 c7 00 00 00 cmpl $0xc7,b1 | |
| 8048c34: 7f 0c jg 8048c42 <filter+0xb0> | |
| if(b1 > 0xbe && b1 <= 0xc7) { | |
| 8048c36: c7 45 f8 01 00 00 00 movl $0x1,y | |
| y = 1; | |
| 8048c3d: e9 38 01 00 00 jmp 8048d7a <filter+0x1e8> | |
| goto LOC_8048d7a; | |
| } | |
| 8048c42: 81 7d f0 c1 00 00 00 cmpl $0xc1,b1 | |
| 8048c49: 74 09 je 8048c54 <filter+0xc2> | |
| 8048c4b: 81 7d f0 c2 00 00 00 cmpl $0xc2,b1 | |
| 8048c52: 75 0c jne 8048c60 <filter+0xce> | |
| if(b1 != 0xc1 && b1 != 0xc2) { | |
| goto LOC_8048c60; | |
| } | |
| 8048c54: c7 45 f8 01 00 00 00 movl $0x1,y | |
| y = 1; | |
| 8048c5b: e9 1a 01 00 00 jmp 8048d7a <filter+0x1e8> | |
| goto LOC_8048d7a; | |
| LOC_8048c60: | |
| 8048c60: 81 7d f0 c3 00 00 00 cmpl $0xc3,b1 | |
| 8048c67: 74 09 je 8048c72 <filter+0xe0> | |
| 8048c69: 81 7d f0 c6 00 00 00 cmpl $0xc6,b1 | |
| 8048c70: 75 0c jne 8048c7e <filter+0xec> | |
| if(b1 != 3 && b1 == 0xc6) { | |
| 8048c72: c7 45 f8 02 00 00 00 movl $0x2,y | |
| y = 2; | |
| 8048c79: e9 fc 00 00 00 jmp 8048d7a <filter+0x1e8> | |
| goto LOC_8048d7a; | |
| } | |
| 8048c7e: 81 7d f0 c4 00 00 00 cmpl $0xc4,b1 | |
| 8048c85: 74 09 je 8048c90 <filter+0xfe> | |
| 8048c87: 81 7d f0 c5 00 00 00 cmpl $0xc5,b1 | |
| 8048c8e: 75 0c jne 8048c9c <filter+0x10a> | |
| if(b1 != 0xc4 && b2 == 0xc5) { | |
| 8048c90: c7 45 f8 01 00 00 00 movl $0x1,y | |
| y = 1; | |
| 8048c97: e9 de 00 00 00 jmp 8048d7a <filter+0x1e8> | |
| goto LOC_8048d7a; | |
| } | |
| 8048c9c: 81 7d f0 cf 00 00 00 cmpl $0xcf,b1 | |
| 8048ca3: 7e 15 jle 8048cba <filter+0x128> | |
| 8048ca5: 81 7d f0 ea 00 00 00 cmpl $0xea,b1 | |
| 8048cac: 7f 0c jg 8048cba <filter+0x128> | |
| if(b1 > 0xcf && b1 <= 0xea) { | |
| 8048cae: c7 45 f8 00 00 00 00 movl $0x0,y | |
| y = 0; | |
| 8048cb5: e9 c0 00 00 00 jmp 8048d7a <filter+0x1e8> | |
| goto LOC_8048d7a; | |
| } | |
| 8048cba: 81 7d f0 ef 00 00 00 cmpl $0xef,b1 | |
| 8048cc1: 7e 15 jle 8048cd8 <filter+0x146> | |
| 8048cc3: 81 7d f0 f2 00 00 00 cmpl $0xf2,b1 | |
| 8048cca: 7f 0c jg 8048cd8 <filter+0x146> | |
| if(b1 > 0xef && b1 <= 0xf2) { | |
| 8048ccc: c7 45 f8 00 00 00 00 movl $0x0,y | |
| y = 0; | |
| 8048cd3: e9 a2 00 00 00 jmp 8048d7a <filter+0x1e8> | |
| goto LOC_8048d7a; | |
| } | |
| 8048cd8: 81 7d f0 f2 00 00 00 cmpl $0xf2,b1 | |
| 8048cdf: 7e 15 jle 8048cf6 <filter+0x164> | |
| 8048ce1: 81 7d f0 f4 00 00 00 cmpl $0xf4,b1 | |
| 8048ce8: 7f 0c jg 8048cf6 <filter+0x164> | |
| if(b1 > 0xf2 && b1 <= 0xf4) { | |
| 8048cea: c7 45 f8 02 00 00 00 movl $0x2,y | |
| y = 2; | |
| 8048cf1: e9 84 00 00 00 jmp 8048d7a <filter+0x1e8> | |
| goto LOC_8048d7a; | |
| } | |
| 8048cf6: 8b 45 fc mov i,%eax | |
| 8048cf9: e9 a6 00 00 00 jmp 8048da4 <filter+0x212> | |
| return i; | |
| LOC_8048cfe: | |
| 8048cfe: 83 7d f0 1d cmpl $0x1d,b1 | |
| 8048d02: 75 09 jne 8048d0d <filter+0x17b> | |
| if(b1 == 0x1d) { | |
| 8048d04: c7 45 f8 02 00 00 00 movl $0x2,y | |
| y = 2; | |
| 8048d0b: eb 6d jmp 8048d7a <filter+0x1e8> | |
| goto LOC_8048d7a; | |
| } | |
| 8048d0d: 83 7d f0 1e cmpl $0x1e,b1 | |
| 8048d11: 75 09 jne 8048d1c <filter+0x18a> | |
| if(b1 == 0x1e) { | |
| 8048d13: c7 45 f8 01 00 00 00 movl $0x1,y | |
| y = 1; | |
| 8048d1a: eb 5e jmp 8048d7a <filter+0x1e8> | |
| goto LOC_8048d7a; | |
| } | |
| 8048d1c: 83 7d f0 1e cmpl $0x1e,b1 | |
| 8048d20: 7e 0f jle 8048d31 <filter+0x19f> | |
| 8048d22: 83 7d f0 28 cmpl $0x28,b1 | |
| 8048d26: 7f 09 jg 8048d31 <filter+0x19f> | |
| if(b1 > 0x1e && b1 <= 0x28) { | |
| 8048d28: c7 45 f8 00 00 00 00 movl $0x0,y | |
| y = 0; | |
| 8048d2f: eb 49 jmp 8048d7a <filter+0x1e8> | |
| goto LOC_8048d7a; | |
| } | |
| 8048d31: 83 7d f0 29 cmpl $0x29,b1 | |
| 8048d35: 7e 0f jle 8048d46 <filter+0x1b4> | |
| 8048d37: 83 7d f0 36 cmpl $0x36,b1 | |
| 8048d3b: 7f 09 jg 8048d46 <filter+0x1b4> | |
| if(b1 > 0x29 && b1 <= 0x36) { | |
| 8048d3d: c7 45 f8 00 00 00 00 movl $0x0,y | |
| y = 0; | |
| 8048d44: eb 34 jmp 8048d7a <filter+0x1e8> | |
| goto LOC_8048d7a; | |
| } | |
| 8048d46: 83 7d f0 37 cmpl $0x37,b1 | |
| 8048d4a: 7e 0f jle 8048d5b <filter+0x1c9> | |
| 8048d4c: 83 7d f0 3c cmpl $0x3c,b1 | |
| 8048d50: 7f 09 jg 8048d5b <filter+0x1c9> | |
| if(b1 > 0x37 && b1 <= 0x3c) { | |
| 8048d52: c7 45 f8 00 00 00 00 movl $0x0,y | |
| y = 0; | |
| 8048d59: eb 1f jmp 8048d7a <filter+0x1e8> | |
| goto LOC_8048d7a; | |
| } | |
| 8048d5b: 83 7d f0 3e cmpl $0x3e,b1 | |
| 8048d5f: 74 06 je 8048d67 <filter+0x1d5> | |
| 8048d61: 83 7d f0 40 cmpl $0x40,b1 | |
| 8048d65: 75 09 jne 8048d70 <filter+0x1de> | |
| if(b1 != 0x3e && b1 == 0x40) { | |
| 8048d67: c7 45 f8 00 00 00 00 movl $0x0,y | |
| y = 0; | |
| 8048d6e: eb 0a jmp 8048d7a <filter+0x1e8> | |
| goto LOC_8048d7a; | |
| } | |
| 8048d70: 8b 45 fc mov i,%eax | |
| 8048d73: eb 2f jmp 8048da4 <filter+0x212> | |
| // return i; | |
| LOC_8048d75: | |
| 8048d75: 8b 45 fc mov i,%eax | |
| 8048d78: eb 2a jmp 8048da4 <filter+0x212> | |
| // return i; | |
| LOC_8048d7a: | |
| 8048d7a: 83 7d f4 00 cmpl $0x0,x | |
| 8048d7e: 74 0b je 8048d8b <filter+0x1f9> | |
| 8048d80: 83 7d f8 01 cmpl $0x1,y | |
| 8048d84: 75 05 jne 8048d8b <filter+0x1f9> | |
| if(x != 0 && y == 1) { | |
| 8048d86: 8b 45 fc mov i,%eax | |
| 8048d89: eb 19 jmp 8048da4 <filter+0x212> | |
| return i; | |
| } | |
| 8048d8b: 8b 45 f8 mov y,%eax | |
| 8048d8e: 89 45 f4 mov %eax,x | |
| x = y; | |
| 8048d91: 83 45 fc 02 addl $0x2,i | |
| 8048d95: 8b 45 fc mov i,%eax | |
| 8048d98: 3b 45 08 cmp 0x8(%ebp),%eax | |
| 8048d9b: 0f 82 0a fe ff ff jb 8048bab <filter+0x19> | |
| } | |
| 8048da1: 8b 45 fc mov i,%eax | |
| 8048da4: c9 leave | |
| 8048da5: c3 ret | |
| 8048da6: 90 nop | |
| 8048da7: 90 nop | |
| 8048da8: 90 nop | |
| 8048da9: 90 nop | |
| 8048daa: 90 nop | |
| 8048dab: 90 nop | |
| 8048dac: 90 nop | |
| 8048dad: 90 nop | |
| 8048dae: 90 nop | |
| 8048daf: 90 nop | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment