[spam][crazy] bomb malware
Karl
gmkarl at gmail.com
Tue Dec 14 04:45:12 PST 2021
Here's where the entrypoint hands off control. It pushes function
addresses and registers.
It's rare for function addresses to be passed to other functions in
mainstream code.
In gdb, we can see what values all these parameters and registers have.
0804816c 50 PUSH param_1
0804816d 54 PUSH ESP=>local_8
0804816e 52 PUSH param_2
0804816f 68 d6 db PUSH FUN_0804dbd6
04 08
08048174 68 94 80 PUSH FUN_08048094
04 08
08048179 51 PUSH ECX
0804817a 56 PUSH ESI
0804817b 68 40 a5 PUSH FUN_0804a540
04 08
08048180 e8 ba 50 CALL FUN_0804d23f
int FUN_0804d23f(undefined * par
00 00
More information about the cypherpunks
mailing list