hey JJAAPPPHH ~

2009. 8. 17. 18:14

 
Oops, sorry for late. 

0x080483b4 <main+0>:    push   %ebp
0x080483b5 <main+1>:    mov    %esp,%ebp
0x080483b7 <main+3>:    sub    $0xa8,%esp                        extended 168
0x080483bd <main+9>:    and    $0xfffffff0,%esp
0x080483c0 <main+12>:   mov    $0x0,%eax                   
0x080483c5 <main+17>:   sub    %eax,%esp
0x080483c7 <main+19>:  cmpl   $0x1,0x8(%ebp)           agrc is at ebp+8
0x080483cb <main+23>:   jg     0x80483d9 <main+37>              if(agrc < 1)
0x080483cd <main+25>:   movl   $0x1,0xffffff74(%ebp)                return 1;
0x080483d7 <main+35>:   jmp    0x8048413 <main+95>
0x080483d9 <main+37>:   mov    0xc(%ebp),%eax            argv is at ebp+12
0x080483dc <main+40>:   add    $0x4,%eax                          address of argv + 4  means argv[1]
0x080483df <main+43>:   mov    (%eax),%eax                       eax = *argv[1]
0x080483e1 <main+45>:   mov    %eax,0x4(%esp)             
0x080483e5 <main+49>:   lea    0xffffff78(%ebp),%eax             eax = ebp-136 
0x080483eb <main+55>:   mov    %eax,(%esp)                
0x080483ee <main+58>:   call   0x80482d4 <strcpy@plt>         so call strcpy(ebp-136, argv[1])
0x080483f3 <main+63>:   lea    0xffffff78(%ebp),%eax       
0x080483f9 <main+69>:   mov    %eax,0x4(%esp)
0x080483fd <main+73>:   movl   $0x8048524,(%esp)
0x08048404 <main+80>:   call   0x80482b4 <printf@plt>          printf("%s", ebp-136)
0x08048409 <main+85>:   movl   $0x0,0xffffff74(%ebp)       
0x08048413 <main+95>:   mov    0xffffff74(%ebp),%eax         return 0;
0x08048419 <main+101>:  leave
0x0804841a <main+102>:  ret

Have you checked the stack in gdb? I can`t see [?3] in disassembled code.
Stack looks like this IMAO.

   ----------
   argv            ebp + 0C
   ----------
   argc            ebp + 8
   ----------
   return address  ebp + 4
   ----------
   ebp         
   ----------
   dummy          8bytes
   ----------
   buf            128byes
   ----------
 
Stack was extened 168 bytes, but it only uses 140bytes.
(dunno why extened 168bytes. i think that it`s up to the version of compiler, or something else. :$)

'Sabzil' 카테고리의 다른 글

Linux Oracle GUI client  (0) 2013.05.15
Ubuntu 12.10 에서 libboost1.48-all-dev 가 설치 되지 않을 때  (3) 2013.02.14
how to set debug environment for android  (0) 2012.09.14
oracle sql injection with rownum  (0) 2011.09.01
Shellcode site  (0) 2009.09.29
hey JaPH  (1) 2009.08.12
6회 kisa 해킹방어대회 6번  (0) 2009.07.09
ABI (Application Binary Interface)  (0) 2009.03.17
Nefif_rx  (0) 2009.03.17
usleep에 대해서  (0) 2009.01.08

badcob Sabzil

티스토리툴바