Skip to content

Instantly share code, notes, and snippets.

@jvazquez-r7

jvazquez-r7/gist:865b492fb16f1ef2373c

Created October 31, 2014 17:15
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save jvazquez-r7/865b492fb16f1ef2373c to your computer and use it in GitHub Desktop.
Save jvazquez-r7/865b492fb16f1ef2373c to your computer and use it in GitHub Desktop.
Download ZIP
I bust things :(
Raw
gistfile1.txt
* bad
```
.text:0000000180001FC0 ; int __cdecl find_and_replace_member(unsigned int *Structure, unsigned int CurrentValue, unsigned int NewValue, unsigned int MaxSize)
.text:0000000180001FC0 find_and_replace_member proc near ; CODE XREF: shellcode_ring0+96p
.text:0000000180001FC0 ; DATA XREF: .pdata:0000000180078048o
.text:0000000180001FC0
.text:0000000180001FC0 i_var_18 = dword ptr -18h
.text:0000000180001FC0 Mask_var_14 = dword ptr -14h
.text:0000000180001FC0 Structure_arg_0 = qword ptr 8
.text:0000000180001FC0 CurrentValue_arg_8= dword ptr 10h
.text:0000000180001FC0 NewValue_arg_10 = dword ptr 18h
.text:0000000180001FC0 MaxSize_arg_18 = dword ptr 20h
.text:0000000180001FC0
.text:0000000180001FC0 mov [rsp+MaxSize_arg_18], r9d
.text:0000000180001FC5 mov [rsp+NewValue_arg_10], r8d
.text:0000000180001FCA mov [rsp+CurrentValue_arg_8], edx
.text:0000000180001FCE mov [rsp+Structure_arg_0], rcx
.text:0000000180001FD3 push rdi
.text:0000000180001FD4 sub rsp, 10h
.text:0000000180001FD8 mov rdi, rsp
.text:0000000180001FDB mov ecx, 4
.text:0000000180001FE0 mov eax, 0CCCCCCCCh
.text:0000000180001FE5 rep stosd
.text:0000000180001FE7 mov rcx, [rsp+18h+Structure_arg_0]
.text:0000000180001FEC mov [rsp+18h+Mask_var_14], 0FFFFFFF0h
.text:0000000180001FF4 mov eax, [rsp+18h+Mask_var_14]
.text:0000000180001FF8 mov ecx, [rsp+18h+CurrentValue_arg_8]
.text:0000000180001FFC and ecx, eax
.text:0000000180001FFE mov eax, ecx
.text:0000000180002000 mov [rsp+18h+CurrentValue_arg_8], eax
.text:0000000180002004 mov [rsp+18h+i_var_18], 0
.text:000000018000200B jmp short loc_180002015
.text:000000018000200D ; ---------------------------------------------------------------------------
.text:000000018000200D
.text:000000018000200D loc_18000200D: ; CODE XREF: find_and_replace_member:loc_18000204Bj
.text:000000018000200D mov eax, [rsp+18h+i_var_18]
.text:0000000180002010 inc eax
.text:0000000180002012 mov [rsp+18h+i_var_18], eax
.text:0000000180002015
.text:0000000180002015 loc_180002015: ; CODE XREF: find_and_replace_member+4Bj
.text:0000000180002015 mov eax, [rsp+18h+MaxSize_arg_18]
.text:0000000180002019 cmp [rsp+18h+i_var_18], eax
.text:000000018000201C jnb short loc_18000204D
.text:000000018000201E mov eax, [rsp+18h+i_var_18]
.text:0000000180002021 mov rcx, [rsp+18h+Structure_arg_0]
.text:0000000180002026 mov edx, [rsp+18h+Mask_var_14]
.text:000000018000202A mov eax, [rcx+rax*4]
.text:000000018000202D and eax, edx
.text:000000018000202F cmp eax, [rsp+18h+CurrentValue_arg_8]
.text:0000000180002033 jnz short loc_18000204B
.text:0000000180002035 mov eax, [rsp+18h+i_var_18]
.text:0000000180002038 mov rcx, [rsp+18h+Structure_arg_0]
.text:000000018000203D mov edx, [rsp+18h+NewValue_arg_10]
.text:0000000180002041 mov [rcx+rax*4], edx
.text:0000000180002044 mov eax, 1
.text:0000000180002049 jmp short loc_18000204F
.text:000000018000204B ; ---------------------------------------------------------------------------
.text:000000018000204B
.text:000000018000204B loc_18000204B: ; CODE XREF: find_and_replace_member+73j
.text:000000018000204B jmp short loc_18000200D
.text:000000018000204D ; ---------------------------------------------------------------------------
.text:000000018000204D
.text:000000018000204D loc_18000204D: ; CODE XREF: find_and_replace_member+5Cj
.text:000000018000204D xor eax, eax
.text:000000018000204F
.text:000000018000204F loc_18000204F: ; CODE XREF: find_and_replace_member+89j
.text:000000018000204F add rsp, 10h
.text:0000000180002053 pop rdi
.text:0000000180002054 retn
.text:0000000180002054 find_and_replace_member endp
```
* good
```
.text:0000000180001FC0 ; int __cdecl find_and_replace_member(unsigned __int64 *Structure, unsigned __int64 CurrentValue, unsigned __int64 NewValue, unsigned __int64 MaxSize)
.text:0000000180001FC0 find_and_replace_member proc near ; CODE XREF: shellcode_ring0+97p
.text:0000000180001FC0 ; DATA XREF: .pdata:0000000180078048o
.text:0000000180001FC0
.text:0000000180001FC0 var_18 = qword ptr -18h
.text:0000000180001FC0 var_10 = qword ptr -10h
.text:0000000180001FC0 arg_0 = qword ptr 8
.text:0000000180001FC0 arg_8 = qword ptr 10h
.text:0000000180001FC0 arg_10 = qword ptr 18h
.text:0000000180001FC0 arg_18 = qword ptr 20h
.text:0000000180001FC0
.text:0000000180001FC0 mov [rsp+arg_18], r9
.text:0000000180001FC5 mov [rsp+arg_10], r8
.text:0000000180001FCA mov [rsp+arg_8], rdx
.text:0000000180001FCF mov [rsp+arg_0], rcx
.text:0000000180001FD4 push rdi
.text:0000000180001FD5 sub rsp, 10h
.text:0000000180001FD9 mov rdi, rsp
.text:0000000180001FDC mov ecx, 4
.text:0000000180001FE1 mov eax, 0CCCCCCCCh
.text:0000000180001FE6 rep stosd
.text:0000000180001FE8 mov rcx, [rsp+18h+arg_0]
.text:0000000180001FED mov [rsp+18h+var_10], 0FFFFFFFFFFFFFFF0h
.text:0000000180001FF6 mov rax, [rsp+18h+var_10]
.text:0000000180001FFB mov rcx, [rsp+18h+arg_8]
.text:0000000180002000 and rcx, rax
.text:0000000180002003 mov rax, rcx
.text:0000000180002006 mov [rsp+18h+arg_8], rax
.text:000000018000200B mov [rsp+18h+var_18], 0
.text:0000000180002013 jmp short loc_180002020
.text:0000000180002015 ; ---------------------------------------------------------------------------
.text:0000000180002015
.text:0000000180002015 loc_180002015: ; CODE XREF: find_and_replace_member:loc_180002060j
.text:0000000180002015 mov rax, [rsp+18h+var_18]
.text:0000000180002019 inc rax
.text:000000018000201C mov [rsp+18h+var_18], rax
.text:0000000180002020
.text:0000000180002020 loc_180002020: ; CODE XREF: find_and_replace_member+53j
.text:0000000180002020 mov rax, [rsp+18h+arg_18]
.text:0000000180002025 cmp [rsp+18h+var_18], rax
.text:0000000180002029 jnb short loc_180002062
.text:000000018000202B mov rax, [rsp+18h+arg_0]
.text:0000000180002030 mov rcx, [rsp+18h+var_18]
.text:0000000180002034 mov rdx, [rsp+18h+var_10]
.text:0000000180002039 mov rax, [rax+rcx*8]
.text:000000018000203D and rax, rdx
.text:0000000180002040 cmp rax, [rsp+18h+arg_8]
.text:0000000180002045 jnz short loc_180002060
.text:0000000180002047 mov rax, [rsp+18h+arg_0]
.text:000000018000204C mov rcx, [rsp+18h+var_18]
.text:0000000180002050 mov rdx, [rsp+18h+arg_10]
.text:0000000180002055 mov [rax+rcx*8], rdx
.text:0000000180002059 mov eax, 1
.text:000000018000205E jmp short loc_180002064
.text:0000000180002060 ; ---------------------------------------------------------------------------
.text:0000000180002060
.text:0000000180002060 loc_180002060: ; CODE XREF: find_and_replace_member+85j
.text:0000000180002060 jmp short loc_180002015
.text:0000000180002062 ; ---------------------------------------------------------------------------
.text:0000000180002062
.text:0000000180002062 loc_180002062: ; CODE XREF: find_and_replace_member+69j
.text:0000000180002062 xor eax, eax
.text:0000000180002064
.text:0000000180002064 loc_180002064: ; CODE XREF: find_and_replace_member+9Ej
.text:0000000180002064 add rsp, 10h
.text:0000000180002068 pop rdi
.text:0000000180002069 retn
.text:0000000180002069 find_and_replace_member endp
```
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment