Skip to content

Instantly share code, notes, and snippets.

@spaghetti-

spaghetti-/gist:5401f35fb165311505ac36ff833ba87c

Created September 16, 2016 11:20
Show Gist options
  • Save spaghetti-/5401f35fb165311505ac36ff833ba87c to your computer and use it in GitHub Desktop.
Save spaghetti-/5401f35fb165311505ac36ff833ba87c to your computer and use it in GitHub Desktop.
Download ZIP
Raw
gistfile1.txt
Dump of assembler code for function bof:
0x080484ed <+0>: push %ebp
0x080484ee <+1>: mov %esp,%ebp
0x080484f0 <+3>: sub $0x68,%esp
0x080484f3 <+6>: movl $0x1,-0xc(%ebp)
0x080484fa <+13>: mov -0xc(%ebp),%eax
0x080484fd <+16>: mov %eax,-0x10(%ebp)
0x08048500 <+19>: mov 0x8(%ebp),%eax
0x08048503 <+22>: mov %eax,0xc(%esp)
0x08048507 <+26>: movl $0x40,0x8(%esp)
0x0804850f <+34>: movl $0x1,0x4(%esp)
0x08048517 <+42>: movl $0x804a0c0,(%esp)
0x0804851e <+49>: call 0x80483a0 <fread@plt>
0x08048523 <+54>: mov %eax,0x804a050
0x08048528 <+59>: mov 0xc(%ebp),%eax
0x0804852b <+62>: mov %eax,0xc(%esp)
0x0804852f <+66>: movl $0x40,0x8(%esp)
0x08048537 <+74>: movl $0x1,0x4(%esp)
0x0804853f <+82>: movl $0x804a060,(%esp)
0x08048546 <+89>: call 0x80483a0 <fread@plt>
0x0804854b <+94>: mov %eax,0x804a054
0x08048550 <+99>: movb $0x0,0x804a100
0x08048557 <+106>: movb $0x0,0x804a0a0
0x0804855e <+113>: mov 0x804a050,%edx
0x08048564 <+119>: mov 0x804a054,%eax
0x08048569 <+124>: cmp %eax,%edx
0x0804856b <+126>: je 0x804857e <bof+145>
0x0804856d <+128>: movl $0x80487a0,(%esp)
0x08048574 <+135>: call 0x80483b0 <puts@plt>
0x08048579 <+140>: jmp 0x8048645 <bof+344>
0x0804857e <+145>: movl $0x0,0x804a044
0x08048588 <+155>: jmp 0x8048610 <bof+291>
0x0804858d <+160>: mov 0x804a044,%eax
0x08048592 <+165>: and $0x1,%eax
0x08048595 <+168>: test %eax,%eax
0x08048597 <+170>: jne 0x80485a9 <bof+188>
0x08048599 <+172>: mov 0x804a044,%eax
0x0804859e <+177>: mov %eax,%edx
0x080485a0 <+179>: shr $0x1f,%edx
0x080485a3 <+182>: add %edx,%eax
0x080485a5 <+184>: sar %eax
0x080485a7 <+186>: jmp 0x80485ae <bof+193>
0x080485a9 <+188>: mov $0x40,%eax
0x080485ae <+193>: mov %eax,0x804a048
0x080485b3 <+198>: mov 0x804a044,%eax
0x080485b8 <+203>: and $0x1,%eax
0x080485bb <+206>: test %eax,%eax
0x080485bd <+208>: je 0x80485d2 <bof+229>
0x080485bf <+210>: mov 0x804a044,%eax
0x080485c4 <+215>: sub $0x1,%eax
0x080485c7 <+218>: mov %eax,%edx
0x080485c9 <+220>: shr $0x1f,%edx
0x080485cc <+223>: add %edx,%eax
0x080485ce <+225>: sar %eax
0x080485d0 <+227>: jmp 0x80485d7 <bof+234>
0x080485d2 <+229>: mov $0x40,%eax
0x080485d7 <+234>: mov %eax,0x804a04c
0x080485dc <+239>: mov 0x804a044,%eax
0x080485e1 <+244>: mov 0x804a048,%edx
0x080485e7 <+250>: movzbl 0x804a0c0(%edx),%edx
0x080485ee <+257>: mov %edx,%ecx
0x080485f0 <+259>: mov 0x804a04c,%edx
0x080485f6 <+265>: movzbl 0x804a060(%edx),%edx
0x080485fd <+272>: add %ecx,%edx
0x080485ff <+274>: mov %dl,-0x50(%ebp,%eax,1)
0x08048603 <+278>: mov 0x804a044,%eax
0x08048608 <+283>: add $0x1,%eax
0x0804860b <+286>: mov %eax,0x804a044
0x08048610 <+291>: mov 0x804a044,%eax
0x08048615 <+296>: mov 0x804a050,%ecx
0x0804861b <+302>: mov 0x804a054,%edx
0x08048621 <+308>: add %ecx,%edx
0x08048623 <+310>: cmp %edx,%eax
0x08048625 <+312>: jb 0x804858d <bof+160>
=> 0x0804862b <+318>: mov -0xc(%ebp),%eax
0x0804862e <+321>: mov %eax,0x8(%esp)
0x08048632 <+325>: mov -0x10(%ebp),%eax
0x08048635 <+328>: mov %eax,0x4(%esp)
0x08048639 <+332>: movl $0x80487e2,(%esp)
0x08048640 <+339>: call 0x8048380 <printf@plt>
0x08048645 <+344>: leave
0x08048646 <+345>: ret
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment