assembly - How do I get my input value to become my eax and equal a given hex value? -

-

i have compiled c file run program shows main. have dumped assembly code , need getting past cmp @ 8048daf. have found amount of leading zeros eax equal value cant equal 0x338. since takes input string understanding eax have either 2, 4, etc numbers value because chars 2 values hex.

0000000000000000000000000000000000008

this value have used input eax equal 0x38

 08048d7d <phase_5>:  8048d7d:   55                          push   %ebp  8048d7e:   89 e5                       mov    %esp,%ebp  8048d80:   83 ec 48                    sub    $0x48,%esp  8048d83:   c6 45 f1 00                 movb   $0x0,-0xf(%ebp)  8048d87:   c6 45 e2 00                 movb   $0x0,-0x1e(%ebp)  8048d8b:   c6 45 e1 e5                 movb   $0xe5,-0x1f(%ebp)  8048d8f:   c6 45 e0 e9                 movb   $0xe9,-0x20(%ebp)  8048d93:   c7 45 ec 38 03 00 00        movl   $0x338,-0x14(%ebp)  8048d9a:   8b 45 08                    mov    0x8(%ebp),%eax  8048d9d:   89 44 24 04                 mov    %eax,0x4(%esp)  8048da1:   8d 45 c8                    lea    -0x38(%ebp),%eax  8048da4:   89 04 24                    mov    %eax,(%esp)  8048da7:   e8 4c fb ff ff              call   80488f8 <strcpy@plt>  8048dac:   8b 45 ec                    mov    -0x14(%ebp),%eax

this compare: 

8048daf:    3d 38 03 00 00              cmp    $0x338,%eax 
 8048db4:   74 05                       je     8048dbb <phase_5+0x3e>  8048db6:   e8 d8 02 00 00              call   8049093 <trigger_bomb>  8048dbb:   0f b6 45 e0                 movzbl -0x20(%ebp),%eax  8048dbf:   3c 66                       cmp    $0x66,%al  8048dc1:   75 10                       jne    8048dd3 <phase_5+0x56>  8048dc3:   0f b6 45 e1                 movzbl -0x1f(%ebp),%eax  8048dc7:   3c 69                       cmp    $0x69,%al  8048dc9:   75 08                       jne    8048dd3 <phase_5+0x56>  8048dcb:   0f b6 45 e2                 movzbl -0x1e(%ebp),%eax  8048dcf:   84 c0                       test   %al,%al  8048dd1:   74 05                       je     8048dd8 <phase_5+0x5b>  8048dd3:   e8 bb 02 00 00              call   8049093 <trigger_bomb>  8048dd8:   c9                          leave    8048dd9:   c3                          ret

as understood, need bytes don't have printable representation input. in case 0x03 , 0x38. it's easy 0x38 since character '8' has ascii value. 0x3. here comes play perl or interpreted language:

./a.out $(perl -e 'print "0" x 20 . "\x38\x03"')

that input program string consisting of 20 bytes characters '0' concatenated 2 bytes 0x03 , 0x38 (the . concatenation).

another issue endianness. hope you're aware when have little endian bytes in memory inverted. example value 0x12345678 resides in memory 0x78 0x56 0x34 0x12. that's why in input have "\x38\x03" , not "\x03\x38".


Comments

Post a Comment

Popular posts from this blog

javascript - Chart.js (Radar Chart) different scaleLineColor for each scaleLine -

-
Image
i try , create radar chart using chart.js has various colours each scaleline, or coloured between scalelines. wondering if possible? from: to: i have working graph, though there doesn't seem method change individual scale lines. kind regards leigh you can extend radar chart type this, so chart.types.radar.extend({ name: "radaralt", initialize: function (data) { chart.types.radar.prototype.initialize.apply(this, arguments); var originalscaledraw = this.scale.draw; var ctx = this.chart.ctx; this.scale.draw = function () { var linewidth = this.linewidth; // bypasses line drawing in originalscaledraw this.linewidth = linewidth; originalscaledraw.apply(this, arguments); ctx.linewidth = this.linewidth; var scale = this; // draw chart.helpers.each(scale.ylabels, function (label, index) { // color of ...
Read more

apache - Error with PHP mail(): Multiple or malformed newlines found in additional_header -

-
suddenly have started receiving above error without changes having been made script. host 1and1 (i know...) the script still works fine on different server, , suspicion there must have been server config change has lead this, although hosts plead ignorance. there's no information on above error @ in google can find - have ideas? server running apache if helps. had similar problem. came out of blue. no php code changed. what changed: php upgraded 5.5.25-1 5.5.26. a security risk in php mail() function has been fixed , newlines in additional_headers allowed no more. because newlines mean: starts email message (and surely don't want inject newlines through headers followed evil message). what have worked fine, e.g. having newlines after headers or passing whole message additional_headers , function no more. solution : sanitize headers. no multiple newlines in additional_headers argument. these count "multiple or malformed newlines":...
Read more

java - Android – MapFragment overlay button shadow, just like MyLocation button -

-
Image
i'm struggling add shadow custom overlay button on google map. goal make custom button google's mylocation button. here's how app looks now: layout.xml <relativelayout xmlns:android="http://schemas.android.com/apk/res/android" xmlns:tools="http://schemas.android.com/tools" xmlns:map="http://schemas.android.com/apk/res-auto" android:layout_height="match_parent" android:layout_width="match_parent" style="@style/apptheme"> <fragment android:layout_width="match_parent" android:layout_height="match_parent" android:id="@+id/map" tools:context=".mapsactivity" android:name="com.google.android.gms.maps.supportmapfragment" android:layout_alignparentend="true" android:layout_alignparentstart="true" android:layout_alignparentbottom="true" ...
Read more