-
Notifications
You must be signed in to change notification settings - Fork 2
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Nasty x86 binary #6
Comments
👉 👈 could you build this for me and provide the pdb/map file? i dont have the mingw build system setup on my system. Would be very grateful :) I assume this is overlapping instructions? |
I tried with "x86_64-w64-mingw32", but I could not link it to libc correctly, I don't have real windows development environment ready. Sorry
Yes, this is a variation of the polyglot technique. I know 3 variations of this: Address offsetThis example CPU state variationExecuting the same Address in different cpu modes, eg: Thumb/ARM, 32/64bits, BE/LE. Pipeline manipulationEg: manipulating how the |
I got some time to solve my problem with mingw, here the code and compilation: .section .data
reveal_key:
.asciz "The key is \"%x\"\n"
.section .text
.globl entry
.extern printf
.extern exit
entry:
mov $0x02eb11b0, %EAX
cmp $0x02eb11b0, %EAX
fake_jmp: .short 0xfa74
push $0
mov %RAX, %RDX
mov $reveal_key, %ECX
call printf
mov $0, %ECX
call exit Compiled with Here a "oneliner" to create this binary file: echo "H4sICDas32UAA3N0cmFuZ2Vfb2Zmc2V0LmV4ZQDtWV9sFEUY/3a3xdLCcUVSSIhhqVQboscB/YeGpEAbISm0aY+EmpBh727ubrndvcvutrQ+EY0mJj4QE1+NJvhmIjE+gC8YnsUHX0xMjD4ZEn3wyQdMrPNv/84WEIQauC+5nZnf/Ga+75v5dmZu9vSbV0ADgC7yW1sDuA5cJuH+cpn8cnu+zsFXm2/vva7M3N5bapie3nZbddew9YrhOC1fL2PdXXJ009GnZhd0u1XFha1be/eJPuamAarv9cLY5z9j2AXQJtgf8BL0qerLoJLCJkHMi1/8qXK7qXQzMpFr3JnpD4D6pQDoEGsVZcJyIgtQ5H6tK2RgtjzA2EjNSL+77lFf8PGKT9ILgUHUna4kRyfVharhGyC80gVvU5JHTPymYHLiZQoUBa8ng+diq1URPk0KXq/EO35ghOdpVzAneFsyeAePsPwwCGcoL5fBO3yQ5XfQR1vw8hm8kVEIVDJnKG97Bm90nOUH6eOK4O3I4I1NsPwAfXwieAMyD54RuX6t/zf1KH34dy/Cyfdv3SBRlb/zAqm6Qevv9JHHlUjWhnp1CoSpkKC/dLkj/28pNbDexKs6WbcHh1YGe+/foiNPkwwXo7xf5PtUlpwT+IXig+GfaXjFJBvatq62azp+jYFF/rO95YrrF6qW9ej2d+QRJc+38e3rzHtHnm55BUCcnMXhMM9PYUMbZVBHnqjQ/2HdoLDJVxgSD4B+4Idj5fKGGNeRxy5KP+R39ivbt2m53bmh3PPdG21QR56ozAB9/3tgP0kVRfkrt5UmdCVQGLCHLQqqskfdprLY4AGyWQ3WCa1PWbx04Oji4iKpV5SN8aIjDyue7xpOHaNWreZhv+DBAd9uwxtnzurHFvRDhcNHNtrAjjxWYdMtBUFHnhUp1EwLA783/XsNoK7UjCaWeSWR0v8KGlAOumi36XURXfL5BTQSHFrSlGGQLqaJNEX6HOPskOqprIq0h3HozW/yIjy4KwehXVOGmFUJjrgnD21W+jN1vSvSXsYZyOR8JNJuxgku05NyVaSbGWdQqg9sLgY2Q/wmn49qoewlXj2CsFv8feOW8C9ERifTyMhwGhk7FyFC+8RDaW9L2k9K2ouS9gsRImKsAOvHWMMxbApFXtT8xpLT5B8lkl5MBl5knDYkv7I43MJDEPTM4lDL4sijGh954ddr9/DrP7Z5ZCK0uWc9zujc/TnjfsjpkzjY8d3gHVQgiPYv6CPPSxz5TnAi5CfgX2p4q+DmbyLRz++ilRYiPTF/ObJT/BWl3xE48qKStmdcHFIjzqzCLYyQBmulx5C3Ff4eR8jHkvZrEnJLQr6XkF+U9Phoatqe3Wq61asJBKGqZSG+jkatjgpOhMyr6fExJF2XSBKsABx5R01b+ClJ/ATnphrFIUe+VaPo5ciPkhe/SsifEtKjpfvZqaX92i8MifmuRSsAR05q0ddqjpxPcBDCThUFe1HAaWrxyKSyyrTnY/18GFsCOHJV471GnC8lzk3Jix8k5I5AuHZ+Mx7tBZxzV+O5qNVAV7qfAkGCtZcjr3dBak7PxzZLFewuur7g8lIdGeyQ5wVF06m1wqpy2cXLQckyHRzkydEwDrMyoWLDQk28+u/6CjvINojWIITmz54pnTo9jeYWps9OzaL56ZnZE2jm1EKJzCl5P8jqRZiG67MimirNzoe1DWxUiZby2Ah98s8MqIpryKBU3/JiLU/ZRh0fNzxM8gRqe+xDuGCIF7HSICZWfOyanm+SOtrOM9+iB2XKqzRRpWXbpp9R4WIPu8uY1djGxZaLvKWyt+r52EbL2PXMlsMdoCauWHGXGGJmIDyuESIbdbx2/QGbPjOVMI2MTztuMu+4Lalqh6ps0yGmt7yEzSYdOlQmY8d7xxWfVhmWWXdssnnw8T1WCnu595RmThgJKXogEBMedHQiPttsHIIabnhFKsdcSzZOzDkZHwLR7TzlhWmTsaCvazCLqaGgXkYqEsGYHPV4PHDb/FjDKDZQEKnhDDC1fMjjmq2WUcUuqllG3ZMcIo3DycuOO14nd0sdFvv2g0RW4Apfcv8BYcoD5U0kAAA=" | base64 -d | gzip -d -c > strange_offset.exe |
Thank you! just pushed it. FYI we dont include overlapping instructions in our well behaved function descriptions. I.E we wont rewrite this function if we detect overlapping, but this is a good test for us to have anyways! Ill add it to our internal unit tests :) |
Are you interested in some nasty byte-codes, like this?
This will print
The key is "2eb1111"
The text was updated successfully, but these errors were encountered: