[spam][crazy] bomb malware
Karl
gmkarl at gmail.com
Tue Dec 14 04:59:19 PST 2021
param_2 is edx which is 0
that's the first three pushed values
then the function pointers, two of them
ecx here is 0xffffc944. I type `p *$ecx` into gdb and see it's a
valid dereferencable pointer. wonder where this came from.
glancing up at the entrypoint assembly
08048167 89 e1 MOV ECX,ESP
08048169 83 e4 f0 AND ESP,0xfffffff0
$ecx is $esp before being aligned to 16 bytes.
More information about the cypherpunks
mailing list