From dcf5916c6ca306984350300d13712ad8b58fb279 Mon Sep 17 00:00:00 2001 From: Brett Weiland Date: Tue, 10 Nov 2020 05:57:07 -0600 Subject: modified: notes modified: stest --- notes | 41 +++++++++++++++++++++++++++++++++++++++-- 1 file changed, 39 insertions(+), 2 deletions(-) (limited to 'notes') diff --git a/notes b/notes index a84ab03..c41e2be 100644 --- a/notes +++ b/notes @@ -158,7 +158,7 @@ parse_expr: 8049136: e8 35 54 00 00 call 804e570 804913b: 89 45 8c mov DWORD PTR [ebp-0x74],eax 804913e: 83 7d 8c 00 cmp DWORD PTR [ebp-0x74],0x0 - 8049142: 7e 20 jle 8049164 + 8049142: 7e 20 jle 8049164 //continues if it's not zero 8049144: 8b 85 70 ff ff ff mov eax,DWORD PTR [ebp-0x90] 804914a: 8b 00 mov eax,DWORD PTR [eax] 804914c: 8d 48 01 lea ecx,[eax+0x1] @@ -323,5 +323,42 @@ parse_expr: Disassembly of section __libc_freeres_fn: Disassembly of section __libc_thread_freeres_fn: - Disassembly of section .fini: + + + + +restarting a few weeks later. ignoring all the progress I made and doing it the quick way. +eax causes segfault with -9999999 on 0x80493ff +→ 0x80493ff mov eax, DWORD PTR [ebp+eax*4-0x59c] + +test runs: segfault then regular +ebp: 0xffffcfa8 +ebp: 0xffffcfa8 + +eax: 0xffffcfa8 + (0xffffffff - abs(negative number)) * 4 - 0x59c +135002178 = ((4294954920 + (4294967295 - x)) * 4) - 1436 + +eax: 0 +eax: + +merry christmas location: 0x80bf842 + + +-8-(address)... why? I don't fucking know, but it's before the atoi. It's in parse_expr + +0x080f05f8 +0x080f0608 +0xffffcb9c + +0xffffc974 +0x8049172 + +→ 0x8049160 mov DWORD PTR [edx+eax*4+0x4], ecx + + +0xffffca0c + +0xffffca0c: 0x14 +0xffffca0c: 0x00000008 +0xffffc9f4 -- cgit v1.2.3