From 254e5affeb387f63fc74913f7806b3e144d0e4f6 Mon Sep 17 00:00:00 2001 From: iximeow Date: Wed, 3 Jan 2018 04:30:20 -0800 Subject: add star trek armada notes --- source/notes/star_trek_armada/sprintf_overflow | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) create mode 100644 source/notes/star_trek_armada/sprintf_overflow (limited to 'source/notes/star_trek_armada/sprintf_overflow') diff --git a/source/notes/star_trek_armada/sprintf_overflow b/source/notes/star_trek_armada/sprintf_overflow new file mode 100644 index 0000000..0f65342 --- /dev/null +++ b/source/notes/star_trek_armada/sprintf_overflow @@ -0,0 +1,20 @@ +  0x0043ff4d 8d85d0fdffff lea eax, [ebp - 0x230] +  0x0043ff53 6804010000 push 0x104 +  0x0043ff58 50 push eax +  0x0043ff59 ff15807f6d00 call dword [sym.imp.MSVCRT.dll__getcwd] ; 0x6d7f80 +  0x0043ff5f 83c410 add esp, 0x10 +  0x0043ff62 85c0 test eax, eax +  ,=< 0x0043ff64 743c je 0x43ffa2 +  | 0x0043ff66 686caa5f00 push str.PATH ; 0x5faa6c ; "PATH" +  | 0x0043ff6b ff15847f6d00 call dword [sym.imp.MSVCRT.dll_getenv] ; 0x6d7f84 ; "x\xb9-" +  | 0x0043ff71 8d8dd0fdffff lea ecx, [ebp - 0x230] +  | 0x0043ff77 8d95d0fdffff lea edx, [ebp - 0x230] +  | 0x0043ff7d 51 push ecx +  | 0x0043ff7e 52 push edx +  | 0x0043ff7f 50 push eax +  | 0x0043ff80 8d85d0fbffff lea eax, [ebp - 0x430] +  | 0x0043ff86 6874aa5f00 push str.PATH__s__s_AI__s_Missions_ ; 0x5faa74 ; "PATH=%s;%s\\AI;%s\\Missions;" +  | 0x0043ff8b 50 push eax +  | 0x0043ff8c ff15dc7f6d00 call dword [sym.imp.MSVCRT.dll_sprintf] ; 0x6d7fdc ; "v\xb8-" +  | 0x0043ff92 8d8dd0fbffff lea ecx, [ebp - 0x430] +  | 0x0043ff98 51 push ecx -- cgit v1.1