diff --git a/assembly/asm.txt b/assembly/asm.txt new file mode 100644 index 0000000..c902d18 --- /dev/null +++ b/assembly/asm.txt @@ -0,0 +1,32 @@ + +main.o: file format mach-o-i386 + + +Disassembly of section .text: + +00000000 <_main>: + 0: 55 push %ebp + 1: 89 e5 mov %esp,%ebp + 3: 56 push %esi + 4: 83 ec 24 sub $0x24,%esp + 7: e8 00 00 00 00 call c <_main+0xc> + c: 58 pop %eax + d: 8b 4d 0c mov 0xc(%ebp),%ecx + 10: 8b 55 08 mov 0x8(%ebp),%edx + 13: 8d 80 42 00 00 00 lea 0x42(%eax),%eax + 19: be 18 00 00 00 mov $0x18,%esi + 1e: c7 45 f8 00 00 00 00 movl $0x0,-0x8(%ebp) + 25: 89 55 f4 mov %edx,-0xc(%ebp) + 28: 89 4d f0 mov %ecx,-0x10(%ebp) + 2b: 89 04 24 mov %eax,(%esp) + 2e: c7 44 24 04 18 00 00 movl $0x18,0x4(%esp) + 35: 00 + 36: 89 75 ec mov %esi,-0x14(%ebp) + 39: e8 c2 ff ff ff call 0 <_main> + 3e: b9 0d f0 00 00 mov $0xf00d,%ecx + 43: 89 45 e8 mov %eax,-0x18(%ebp) + 46: 89 c8 mov %ecx,%eax + 48: 83 c4 24 add $0x24,%esp + 4b: 5e pop %esi + 4c: 5d pop %ebp + 4d: c3 ret diff --git a/assembly/buffer-intel.txt b/assembly/buffer-intel.txt new file mode 100644 index 0000000..d327a6b --- /dev/null +++ b/assembly/buffer-intel.txt @@ -0,0 +1,80 @@ + +buffer: file format mach-o-x86-64 + + +Disassembly of section .text: + +0000000100000f50 <_main>: + 100000f50: 55 push rbp + 100000f51: 48 89 e5 mov rbp,rsp + 100000f54: 48 83 ec 40 sub rsp,0x40 + 100000f58: 48 8b 05 b1 00 00 00 mov rax,QWORD PTR [rip+0xb1] # 100001010 <_main+0xc0> + 100000f5f: 48 8b 08 mov rcx,QWORD PTR [rax] + 100000f62: 48 89 4d f8 mov QWORD PTR [rbp-0x8],rcx + 100000f66: c7 45 cc 00 00 00 00 mov DWORD PTR [rbp-0x34],0x0 + 100000f6d: c6 45 d0 0a mov BYTE PTR [rbp-0x30],0xa + 100000f71: c6 45 d3 0d mov BYTE PTR [rbp-0x2d],0xd + 100000f75: c6 45 f7 2a mov BYTE PTR [rbp-0x9],0x2a + 100000f79: 48 8b 00 mov rax,QWORD PTR [rax] + 100000f7c: 48 3b 45 f8 cmp rax,QWORD PTR [rbp-0x8] + 100000f80: 0f 85 0b 00 00 00 jne 100000f91 <_main+0x41> + 100000f86: b8 0d 10 0b 00 mov eax,0xb100d + 100000f8b: 48 83 c4 40 add rsp,0x40 + 100000f8f: 5d pop rbp + 100000f90: c3 ret + 100000f91: e8 00 00 00 00 call 100000f96 <_main+0x46> + +Disassembly of section __TEXT.__stubs: + +0000000100000f96 <__TEXT.__stubs>: + 100000f96: ff 25 7c 00 00 00 jmp QWORD PTR [rip+0x7c] # 100001018 <_main+0xc8> + +Disassembly of section __TEXT.__stub_helper: + +0000000100000f9c <__TEXT.__stub_helper>: + 100000f9c: 4c 8d 1d 65 00 00 00 lea r11,[rip+0x65] # 100001008 <_main+0xb8> + 100000fa3: 41 53 push r11 + 100000fa5: ff 25 55 00 00 00 jmp QWORD PTR [rip+0x55] # 100001000 <_main+0xb0> + 100000fab: 90 nop + 100000fac: 68 00 00 00 00 push 0x0 + 100000fb1: e9 e6 ff ff ff jmp 100000f9c <_main+0x4c> + +Disassembly of section __TEXT.__unwind_info: + +0000000100000fb8 <__TEXT.__unwind_info>: + 100000fb8: 01 00 add DWORD PTR [rax],eax + 100000fba: 00 00 add BYTE PTR [rax],al + 100000fbc: 1c 00 sbb al,0x0 + 100000fbe: 00 00 add BYTE PTR [rax],al + 100000fc0: 00 00 add BYTE PTR [rax],al + 100000fc2: 00 00 add BYTE PTR [rax],al + 100000fc4: 1c 00 sbb al,0x0 + 100000fc6: 00 00 add BYTE PTR [rax],al + 100000fc8: 00 00 add BYTE PTR [rax],al + 100000fca: 00 00 add BYTE PTR [rax],al + 100000fcc: 1c 00 sbb al,0x0 + 100000fce: 00 00 add BYTE PTR [rax],al + 100000fd0: 02 00 add al,BYTE PTR [rax] + 100000fd2: 00 00 add BYTE PTR [rax],al + 100000fd4: 50 push rax + 100000fd5: 0f 00 00 sldt WORD PTR [rax] + 100000fd8: 34 00 xor al,0x0 + 100000fda: 00 00 add BYTE PTR [rax],al + 100000fdc: 34 00 xor al,0x0 + 100000fde: 00 00 add BYTE PTR [rax],al + 100000fe0: 97 xchg edi,eax + 100000fe1: 0f 00 00 sldt WORD PTR [rax] + 100000fe4: 00 00 add BYTE PTR [rax],al + 100000fe6: 00 00 add BYTE PTR [rax],al + 100000fe8: 34 00 xor al,0x0 + 100000fea: 00 00 add BYTE PTR [rax],al + 100000fec: 03 00 add eax,DWORD PTR [rax] + 100000fee: 00 00 add BYTE PTR [rax],al + 100000ff0: 0c 00 or al,0x0 + 100000ff2: 01 00 add DWORD PTR [rax],eax + 100000ff4: 10 00 adc BYTE PTR [rax],al + 100000ff6: 01 00 add DWORD PTR [rax],eax + 100000ff8: 00 00 add BYTE PTR [rax],al + 100000ffa: 00 00 add BYTE PTR [rax],al + 100000ffc: 00 00 add BYTE PTR [rax],al + 100000ffe: 00 01 add BYTE PTR [rcx],al diff --git a/assembly/buffer.c b/assembly/buffer.c new file mode 100644 index 0000000..bd05942 --- /dev/null +++ b/assembly/buffer.c @@ -0,0 +1,9 @@ + +int main(){ + char buf[40]; + buf[0] = 0xA; + buf[3] = 0xD; + buf[39] = 42; + + return 0xb100d; +} \ No newline at end of file diff --git a/assembly/buffer.s b/assembly/buffer.s new file mode 100644 index 0000000..eb7fedd --- /dev/null +++ b/assembly/buffer.s @@ -0,0 +1,37 @@ + .section __TEXT,__text,regular,pure_instructions + .macosx_version_min 10, 11 + .globl _main + .align 4, 0x90 +_main: ## @main +## BB#0: + pushl %ebp + movl %esp, %ebp + subl $56, %esp + calll L0$pb +L0$pb: + popl %eax + movl L___stack_chk_guard$non_lazy_ptr-L0$pb(%eax), %eax + movl (%eax), %ecx + movl %ecx, -4(%ebp) + movl $0, -48(%ebp) + movb $10, -44(%ebp) + movb $13, -41(%ebp) + movb $42, -5(%ebp) + movl (%eax), %eax + cmpl -4(%ebp), %eax + jne LBB0_2 +## BB#1: ## %SP_return + movl $725005, %eax ## imm = 0xB100D + addl $56, %esp + popl %ebp + retl +LBB0_2: ## %CallStackCheckFailBlk + calll ___stack_chk_fail + + + .section __IMPORT,__pointers,non_lazy_symbol_pointers +L___stack_chk_guard$non_lazy_ptr: + .indirect_symbol ___stack_chk_guard + .long 0 + +.subsections_via_symbols diff --git a/assembly/buffer.txt b/assembly/buffer.txt new file mode 100644 index 0000000..c1409ea --- /dev/null +++ b/assembly/buffer.txt @@ -0,0 +1,80 @@ + +buffer: file format mach-o-x86-64 + + +Disassembly of section .text: + +0000000100000f50 <_main>: + 100000f50: 55 push %rbp + 100000f51: 48 89 e5 mov %rsp,%rbp + 100000f54: 48 83 ec 40 sub $0x40,%rsp + 100000f58: 48 8b 05 b1 00 00 00 mov 0xb1(%rip),%rax # 100001010 <_main+0xc0> + 100000f5f: 48 8b 08 mov (%rax),%rcx + 100000f62: 48 89 4d f8 mov %rcx,-0x8(%rbp) + 100000f66: c7 45 cc 00 00 00 00 movl $0x0,-0x34(%rbp) + 100000f6d: c6 45 d0 0a movb $0xa,-0x30(%rbp) + 100000f71: c6 45 d3 0d movb $0xd,-0x2d(%rbp) + 100000f75: c6 45 f7 2a movb $0x2a,-0x9(%rbp) + 100000f79: 48 8b 00 mov (%rax),%rax + 100000f7c: 48 3b 45 f8 cmp -0x8(%rbp),%rax + 100000f80: 0f 85 0b 00 00 00 jne 100000f91 <_main+0x41> + 100000f86: b8 0d 10 0b 00 mov $0xb100d,%eax + 100000f8b: 48 83 c4 40 add $0x40,%rsp + 100000f8f: 5d pop %rbp + 100000f90: c3 retq + 100000f91: e8 00 00 00 00 callq 100000f96 <_main+0x46> + +Disassembly of section __TEXT.__stubs: + +0000000100000f96 <__TEXT.__stubs>: + 100000f96: ff 25 7c 00 00 00 jmpq *0x7c(%rip) # 100001018 <_main+0xc8> + +Disassembly of section __TEXT.__stub_helper: + +0000000100000f9c <__TEXT.__stub_helper>: + 100000f9c: 4c 8d 1d 65 00 00 00 lea 0x65(%rip),%r11 # 100001008 <_main+0xb8> + 100000fa3: 41 53 push %r11 + 100000fa5: ff 25 55 00 00 00 jmpq *0x55(%rip) # 100001000 <_main+0xb0> + 100000fab: 90 nop + 100000fac: 68 00 00 00 00 pushq $0x0 + 100000fb1: e9 e6 ff ff ff jmpq 100000f9c <_main+0x4c> + +Disassembly of section __TEXT.__unwind_info: + +0000000100000fb8 <__TEXT.__unwind_info>: + 100000fb8: 01 00 add %eax,(%rax) + 100000fba: 00 00 add %al,(%rax) + 100000fbc: 1c 00 sbb $0x0,%al + 100000fbe: 00 00 add %al,(%rax) + 100000fc0: 00 00 add %al,(%rax) + 100000fc2: 00 00 add %al,(%rax) + 100000fc4: 1c 00 sbb $0x0,%al + 100000fc6: 00 00 add %al,(%rax) + 100000fc8: 00 00 add %al,(%rax) + 100000fca: 00 00 add %al,(%rax) + 100000fcc: 1c 00 sbb $0x0,%al + 100000fce: 00 00 add %al,(%rax) + 100000fd0: 02 00 add (%rax),%al + 100000fd2: 00 00 add %al,(%rax) + 100000fd4: 50 push %rax + 100000fd5: 0f 00 00 sldt (%rax) + 100000fd8: 34 00 xor $0x0,%al + 100000fda: 00 00 add %al,(%rax) + 100000fdc: 34 00 xor $0x0,%al + 100000fde: 00 00 add %al,(%rax) + 100000fe0: 97 xchg %eax,%edi + 100000fe1: 0f 00 00 sldt (%rax) + 100000fe4: 00 00 add %al,(%rax) + 100000fe6: 00 00 add %al,(%rax) + 100000fe8: 34 00 xor $0x0,%al + 100000fea: 00 00 add %al,(%rax) + 100000fec: 03 00 add (%rax),%eax + 100000fee: 00 00 add %al,(%rax) + 100000ff0: 0c 00 or $0x0,%al + 100000ff2: 01 00 add %eax,(%rax) + 100000ff4: 10 00 adc %al,(%rax) + 100000ff6: 01 00 add %eax,(%rax) + 100000ff8: 00 00 add %al,(%rax) + 100000ffa: 00 00 add %al,(%rax) + 100000ffc: 00 00 add %al,(%rax) + 100000ffe: 00 01 add %al,(%rcx) diff --git a/assembly/main.c b/assembly/main.c index b6a75b4..812cae3 100644 --- a/assembly/main.c +++ b/assembly/main.c @@ -6,7 +6,7 @@ int main(int argc, char *argv[]) { - printf("I like the number %d.\n", 12345); + printf("I like the number %d.\n", 4 * 6); return 0xf00d; } \ No newline at end of file diff --git a/assembly/main.s b/assembly/main.s index d8105bc..edc9510 100644 --- a/assembly/main.s +++ b/assembly/main.s @@ -14,12 +14,12 @@ L0$pb: movl 12(%ebp), %ecx movl 8(%ebp), %edx leal L_.str-L0$pb(%eax), %eax - movl $12345, %esi ## imm = 0x3039 + movl $24, %esi movl $0, -8(%ebp) movl %edx, -12(%ebp) movl %ecx, -16(%ebp) movl %eax, (%esp) - movl $12345, 4(%esp) ## imm = 0x3039 + movl $24, 4(%esp) movl %esi, -20(%ebp) ## 4-byte Spill calll _printf movl $61453, %ecx ## imm = 0xF00D