[spam][crazy] bomb malware
Karl
gmkarl at gmail.com
Tue Dec 14 04:32:36 PST 2021
here it is skinny enough to see
i don't usually use these views but they're fastest to find people
reminding you of the commands to enable online ('layout asm', 'layout
regs')
up at the top are the registers of the process. the 'working memory'.
they're lowercase now, instead of uppercase.
then the next chunk has the disassembly of the function.
i have a breakpoint (B+) on the first instruction
and the cpu is about to execute the second
at the bottom i typed 'ni' (next instruction) to move it to that
second instruction.
┌─Register group: general──────────────────────────────────────────────┐
│eax 0x0 0 │
│ecx 0x0 0 │
│edx 0x0 0 │
│ebx 0x0 0 │
│esp 0xffffc940 0xffffc940 │
│ebp 0x0 0x0 │
│esi 0x0 0 │
│edi 0x0 0 │
│eip 0x8048166 0x8048166 │
│eflags 0x246 [ PF ZF IF ] │
│cs 0x23 35 │
│ss 0x2b 43 │
│ds 0x2b 43 │
┌──────────────────────────────────────────────────────────────────────┐
│B+ 0x8048164 xor %ebp,%ebp │
│ > 0x8048166 pop %esi │
│ 0x8048167 mov %esp,%ecx │
│ 0x8048169 and $0xfffffff0,%esp │
│ 0x804816c push %eax │
│ 0x804816d push %esp │
│ 0x804816e push %edx │
│ 0x804816f push $0x804dbd6 │
│ 0x8048174 push $0x8048094 │
│ 0x8048179 push %ecx │
│ 0x804817a push %esi │
│ 0x804817b push $0x804a540 │
│ 0x8048180 call 0x804d23f │
└──────────────────────────────────────────────────────────────────────┘
native process 28422 In: L?? PC: 0x8048166
(gdb) layout regs
(gdb) ni
0x08048166 in ?? ()
(gdb)
More information about the cypherpunks
mailing list