summaryrefslogtreecommitdiff
path: root/source/notes/star_trek_armada/sprintf_overflow
diff options
context:
space:
mode:
Diffstat (limited to 'source/notes/star_trek_armada/sprintf_overflow')
-rw-r--r--source/notes/star_trek_armada/sprintf_overflow20
1 files changed, 20 insertions, 0 deletions
diff --git a/source/notes/star_trek_armada/sprintf_overflow b/source/notes/star_trek_armada/sprintf_overflow
new file mode 100644
index 0000000..0f65342
--- /dev/null
+++ b/source/notes/star_trek_armada/sprintf_overflow
@@ -0,0 +1,20 @@
+  0x0043ff4d 8d85d0fdffff lea eax, [ebp - 0x230]
+  0x0043ff53 6804010000 push 0x104
+  0x0043ff58 50 push eax
+  0x0043ff59 ff15807f6d00 call dword [sym.imp.MSVCRT.dll__getcwd] ; 0x6d7f80
+  0x0043ff5f 83c410 add esp, 0x10
+  0x0043ff62 85c0 test eax, eax
+  ,=< 0x0043ff64 743c je 0x43ffa2
+  | 0x0043ff66 686caa5f00 push str.PATH ; 0x5faa6c ; "PATH"
+  | 0x0043ff6b ff15847f6d00 call dword [sym.imp.MSVCRT.dll_getenv] ; 0x6d7f84 ; "x\xb9-"
+  | 0x0043ff71 8d8dd0fdffff lea ecx, [ebp - 0x230]
+  | 0x0043ff77 8d95d0fdffff lea edx, [ebp - 0x230]
+  | 0x0043ff7d 51 push ecx
+  | 0x0043ff7e 52 push edx
+  | 0x0043ff7f 50 push eax
+  | 0x0043ff80 8d85d0fbffff lea eax, [ebp - 0x430]
+  | 0x0043ff86 6874aa5f00 push str.PATH__s__s_AI__s_Missions_ ; 0x5faa74 ; "PATH=%s;%s\\AI;%s\\Missions;"
+  | 0x0043ff8b 50 push eax
+  | 0x0043ff8c ff15dc7f6d00 call dword [sym.imp.MSVCRT.dll_sprintf] ; 0x6d7fdc ; "v\xb8-"
+  | 0x0043ff92 8d8dd0fbffff lea ecx, [ebp - 0x430]
+  | 0x0043ff98 51 push ecx