Comments (4)
Are you interested in some nasty byte-codes, like this?
; nasm -g -f win32 strange_offset.s && x86_64-w64-mingw32-cc -g -no-pie -m32 -o strange_offset.exe strange_offset.obj ; nasm -g -f elf strange_offset.s && gcc -g -no-pie -m32 -o strange_offset strange_offset.o section .text global main extern printf extern exit main: mov EAX, 0x02eb11b0 cmp EAX, 0x02eb11b0 fake_jmp dw 0xfa74 push EAX push reveal_key call printf finish: ; exit the program push 0 call exit section .data reveal_key db 'The key is "%x"', 0This will print
The key is "2eb1111"
👉 👈 could you build this for me and provide the pdb/map file? i dont have the mingw build system setup on my system. Would be very grateful :)
I assume this is overlapping instructions?
from bintests.
👉 👈 could you build this for me and provide the pdb/map file? i dont have the mingw build system setup on my system. Would be very grateful :)
I tried with "x86_64-w64-mingw32", but I could not link it to libc correctly, I don't have real windows development environment ready. Sorry
I assume this is overlapping instructions?
Yes, this is a variation of the polyglot technique. I know 3 variations of this:
Address offset
This example
CPU state variation
Executing the same Address in different cpu modes, eg: Thumb/ARM, 32/64bits, BE/LE.
Pipeline manipulation
Eg: manipulating how the IT
instruction in ARM Thumb2 mode modify subsequent instructions, so it's possible to jump inside the block skipping the IT
instruction and avoid the conditional being added to the instructions.
from bintests.
👉 👈 could you build this for me and provide the pdb/map file? i dont have the mingw build system setup on my system. Would be very grateful :)
I got some time to solve my problem with mingw, here the code and compilation:
.section .data
reveal_key:
.asciz "The key is \"%x\"\n"
.section .text
.globl entry
.extern printf
.extern exit
entry:
mov $0x02eb11b0, %EAX
cmp $0x02eb11b0, %EAX
fake_jmp: .short 0xfa74
push $0
mov %RAX, %RDX
mov $reveal_key, %ECX
call printf
mov $0, %ECX
call exit
Compiled with x86_64-w64-mingw32-gcc -no-pie -o strange_offset.exe strange_offset.s -nostdlib -lmsvcrt -Wl,--image-base -Wl,0x10000000 -Wl,--entry=entry -g
Here a "oneliner" to create this binary file:
echo "H4sICDas32UAA3N0cmFuZ2Vfb2Zmc2V0LmV4ZQDtWV9sFEUY/3a3xdLCcUVSSIhhqVQboscB/YeGpEAbISm0aY+EmpBh727ubrndvcvutrQ+EY0mJj4QE1+NJvhmIjE+gC8YnsUHX0xMjD4ZEn3wyQdMrPNv/84WEIQauC+5nZnf/Ga+75v5dmZu9vSbV0ADgC7yW1sDuA5cJuH+cpn8cnu+zsFXm2/vva7M3N5bapie3nZbddew9YrhOC1fL2PdXXJ009GnZhd0u1XFha1be/eJPuamAarv9cLY5z9j2AXQJtgf8BL0qerLoJLCJkHMi1/8qXK7qXQzMpFr3JnpD4D6pQDoEGsVZcJyIgtQ5H6tK2RgtjzA2EjNSL+77lFf8PGKT9ILgUHUna4kRyfVharhGyC80gVvU5JHTPymYHLiZQoUBa8ng+diq1URPk0KXq/EO35ghOdpVzAneFsyeAePsPwwCGcoL5fBO3yQ5XfQR1vw8hm8kVEIVDJnKG97Bm90nOUH6eOK4O3I4I1NsPwAfXwieAMyD54RuX6t/zf1KH34dy/Cyfdv3SBRlb/zAqm6Qevv9JHHlUjWhnp1CoSpkKC/dLkj/28pNbDexKs6WbcHh1YGe+/foiNPkwwXo7xf5PtUlpwT+IXig+GfaXjFJBvatq62azp+jYFF/rO95YrrF6qW9ej2d+QRJc+38e3rzHtHnm55BUCcnMXhMM9PYUMbZVBHnqjQ/2HdoLDJVxgSD4B+4Idj5fKGGNeRxy5KP+R39ivbt2m53bmh3PPdG21QR56ozAB9/3tgP0kVRfkrt5UmdCVQGLCHLQqqskfdprLY4AGyWQ3WCa1PWbx04Oji4iKpV5SN8aIjDyue7xpOHaNWreZhv+DBAd9uwxtnzurHFvRDhcNHNtrAjjxWYdMtBUFHnhUp1EwLA783/XsNoK7UjCaWeSWR0v8KGlAOumi36XURXfL5BTQSHFrSlGGQLqaJNEX6HOPskOqprIq0h3HozW/yIjy4KwehXVOGmFUJjrgnD21W+jN1vSvSXsYZyOR8JNJuxgku05NyVaSbGWdQqg9sLgY2Q/wmn49qoewlXj2CsFv8feOW8C9ERifTyMhwGhk7FyFC+8RDaW9L2k9K2ouS9gsRImKsAOvHWMMxbApFXtT8xpLT5B8lkl5MBl5knDYkv7I43MJDEPTM4lDL4sijGh954ddr9/DrP7Z5ZCK0uWc9zujc/TnjfsjpkzjY8d3gHVQgiPYv6CPPSxz5TnAi5CfgX2p4q+DmbyLRz++ilRYiPTF/ObJT/BWl3xE48qKStmdcHFIjzqzCLYyQBmulx5C3Ff4eR8jHkvZrEnJLQr6XkF+U9Phoatqe3Wq61asJBKGqZSG+jkatjgpOhMyr6fExJF2XSBKsABx5R01b+ClJ/ATnphrFIUe+VaPo5ciPkhe/SsifEtKjpfvZqaX92i8MifmuRSsAR05q0ddqjpxPcBDCThUFe1HAaWrxyKSyyrTnY/18GFsCOHJV471GnC8lzk3Jix8k5I5AuHZ+Mx7tBZxzV+O5qNVAV7qfAkGCtZcjr3dBak7PxzZLFewuur7g8lIdGeyQ5wVF06m1wqpy2cXLQckyHRzkydEwDrMyoWLDQk28+u/6CjvINojWIITmz54pnTo9jeYWps9OzaL56ZnZE2jm1EKJzCl5P8jqRZiG67MimirNzoe1DWxUiZby2Ah98s8MqIpryKBU3/JiLU/ZRh0fNzxM8gRqe+xDuGCIF7HSICZWfOyanm+SOtrOM9+iB2XKqzRRpWXbpp9R4WIPu8uY1djGxZaLvKWyt+r52EbL2PXMlsMdoCauWHGXGGJmIDyuESIbdbx2/QGbPjOVMI2MTztuMu+4Lalqh6ps0yGmt7yEzSYdOlQmY8d7xxWfVhmWWXdssnnw8T1WCnu595RmThgJKXogEBMedHQiPttsHIIabnhFKsdcSzZOzDkZHwLR7TzlhWmTsaCvazCLqaGgXkYqEsGYHPV4PHDb/FjDKDZQEKnhDDC1fMjjmq2WUcUuqllG3ZMcIo3DycuOO14nd0sdFvv2g0RW4Apfcv8BYcoD5U0kAAA=" | base64 -d | gzip -d -c > strange_offset.exe
from bintests.
Thank you! just pushed it. FYI we dont include overlapping instructions in our well behaved function descriptions. I.E we wont rewrite this function if we detect overlapping, but this is a good test for us to have anyways! Ill add it to our internal unit tests :)
from bintests.
Related Issues (18)
- add luajit tests HOT 1
- add z3 tests
- add zasm tests
- add chromium binaries HOT 4
- other pieces of software to test HOT 9
- we need tests with stack cookie (/GS) enabled HOT 4
- x86-sok fork for llvm-msvc? HOT 2
- jump table binaries HOT 7
- windows seh tests are optimized away HOT 2
- uefi modules HOT 1
- some of the tests from openssl require dynamic libraries HOT 1
- SEH tests dont print anything out, move them to their own folder
- luajit tests HOT 1
- ue4/ue5 demo game HOT 2
- firefox HOT 2
- pascal/delphi binaries HOT 1
- seperate the large llvm bins out
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from bintests.