source/notes/star_trek_armada/sprintf_overflow


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20

  [36m          [0m[32m0x0043ff4d[0m      [37m8d[37m85[37md0[37mfd[31mff[31mff[0m   [37mlea[36m eax[0m,[36m [0m[[36mebp [0m-[36m[36m [33m0x230[0m][36m[0m[0m[0m
  [36m          [0m[32m0x0043ff53[0m      [33m68[37m04[37m01[32m00[32m00[0m     [35mpush[36m [33m0x104[0m[0m[0m
  [36m          [0m[32m0x0043ff58[0m      [33m50[0m             [35mpush[36m eax[0m[0m[0m
  [36m          [0m[32m0x0043ff59[0m      [31mff[37m15[37m80[36m7f[33m6d[32m00[0m   [1;32mcall dword [sym.imp.MSVCRT.dll__getcwd][0m[31m ; 0x6d7f80[0m
  [36m          [0m[32m0x0043ff5f[0m      [37m83[37mc4[37m10[0m         [33madd[36m esp[0m,[36m[36m [33m0x10[0m[0m[0m
  [36m          [0m[32m0x0043ff62[0m      [37m85[37mc0[0m           [36mtest[36m eax[0m,[36m[36m eax[0m[0m[0m
  [36m      ,=< [0m[32m0x0043ff64[0m      [33m74[33m3c[0m           [32mje 0x43ffa2[0m[0m
  [36m      |   [0m[32m0x0043ff66[0m      [33m68[33m6c[37maa[33m5f[32m00[0m     [35mpush[36m [33mstr.PATH[0m[0m[31m               ; 0x5faa6c[31m ; "PATH"[0m
  [36m      |   [0m[32m0x0043ff6b[0m      [31mff[37m15[37m84[36m7f[33m6d[32m00[0m   [1;32mcall dword [sym.imp.MSVCRT.dll_getenv][0m[31m ; 0x6d7f84[31m ; "x\xb9-"[0m
  [36m      |   [0m[32m0x0043ff71[0m      [37m8d[37m8d[37md0[37mfd[31mff[31mff[0m   [37mlea[36m ecx[0m,[36m [0m[[36mebp [0m-[36m[36m [33m0x230[0m][36m[0m[0m[0m
  [36m      |   [0m[32m0x0043ff77[0m      [37m8d[37m95[37md0[37mfd[31mff[31mff[0m   [37mlea[36m edx[0m,[36m [0m[[36mebp [0m-[36m[36m [33m0x230[0m][36m[0m[0m[0m
  [36m      |   [0m[32m0x0043ff7d[0m      [33m51[0m             [35mpush[36m ecx[0m[0m[0m
  [36m      |   [0m[32m0x0043ff7e[0m      [33m52[0m             [35mpush[36m edx[0m[0m[0m
  [36m      |   [0m[32m0x0043ff7f[0m      [33m50[0m             [35mpush[36m eax[0m[0m[0m
  [36m      |   [0m[32m0x0043ff80[0m      [37m8d[37m85[37md0[37mfb[31mff[31mff[0m   [37mlea[36m eax[0m,[36m [0m[[36mebp [0m-[36m[36m [33m0x430[0m][36m[0m[0m[0m
  [36m      |   [0m[32m0x0043ff86[0m      [33m68[33m74[37maa[33m5f[32m00[0m     [35mpush[36m [33mstr.PATH__s__s_AI__s_Missions_[0m[0m[31m ; 0x5faa74[31m ; "PATH=%s;%s\\AI;%s\\Missions;"[0m
  [36m      |   [0m[32m0x0043ff8b[0m      [33m50[0m             [35mpush[36m eax[0m[0m[0m
  [36m      |   [0m[32m0x0043ff8c[0m      [31mff[37m15[37mdc[36m7f[33m6d[32m00[0m   [1;32mcall dword [sym.imp.MSVCRT.dll_sprintf][0m[31m ; 0x6d7fdc[31m ; "v\xb8-"[0m
  [36m      |   [0m[32m0x0043ff92[0m      [37m8d[37m8d[37md0[37mfb[31mff[31mff[0m   [37mlea[36m ecx[0m,[36m [0m[[36mebp [0m-[36m[36m [33m0x430[0m][36m[0m[0m[0m
  [36m      |   [0m[32m0x0043ff98[0m      [33m51[0m             [35mpush[36m ecx[0m[0m[0m