mirror of
https://git.soft.fish/val/MicroCorruption.git
synced 2024-11-23 17:05:58 +00:00
27 lines
614 B
Markdown
27 lines
614 B
Markdown
|
`Taken verbatim from my notebook`
|
||
|
# Page 1
|
||
|
```
|
||
|
Santa Cruz
|
||
|
2 buffers
|
||
|
username [0x63] -> 2404 -> 43a2
|
||
|
password [0x63] -> 2404 -> 43b5
|
||
|
r4: return addr: 43cc
|
||
|
Min len stored at 43b3
|
||
|
username +0x11 index 17
|
||
|
Max len stored at 43b4
|
||
|
username +0x12 index 18
|
||
|
43c6 must be 00
|
||
|
-> password must be 16 chars
|
||
|
so strcpy places 00 there
|
||
|
-> password: "passwordpassword"
|
||
|
|
||
|
username[0x11] = 01
|
||
|
username[0x12] = 7f
|
||
|
username[0x42+]= 4a44
|
||
|
|
||
|
Don't put important constants on the stack?
|
||
|
Strcpy does copy the last null byte
|
||
|
|
||
|
A program
|
||
|
```
|