Files

475 B

Taken verbatim from my notebook

Page 1

Whitehorse
    Password 8-16 chars
        it takes 0x30 chars
    Jumps to chars 18..20 as addr

        ROP chains?

    Goal: Set sp to 7f
          Call INT

    ['A';16]32457f

        push    r14
        push    r15
        push    #7f
        call    INT
            mov sp+2, r14 <- prep for call

    [INT]00007f
    sp   sp

    Lesson:
    Control of the stack means
    control of params passed on
    the stack