lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
From: shadown at gmail.com (shadown)
Subject: Re: ndisasm bad opcodes interpretation

my mistake...

short jump:
it's JMP_Address + 2 + Second_Byte_value = Next_Instruction_Address

shadown@...ster:~/tmp$ echo -n -e "\x75\x65" > a
shadown@...ster:~/tmp$ ndisasm -b32 a
00000000  7565              jnz 0x67
shadown@...ster:~/tmp$ ~/instalar/libdisassemble/disassemble.py a 0x0 0xff
Disassembling file a at offset: 0x0
 00000000:   jnz           0x65

this is where my mistake came from ;)
thnx

On Fri, 7 Jan 2005 13:30:21 -0300, shadown <shadown@...il.com> wrote:
> Hi,
> 
> not a vulnerability but could be a headache while reverse ingineering
> or binary auditing/interpreting, etc. (ok anything related with
> disassembling)
> get wrong values.
> 
> shadown@...ster:/tmp$ ndisasm -b32 salida
> 00000000 49 dec ecx
> 00000001 6E outsb
> 00000002 7465 jz 0x69
> 00000004 6C insb
> 00000005 6563747561 arpl [gs:ebp+esi*2+0x61],si
> 0000000A 6C insb
> 0000000B 207072 and [eax+0x72],dh
> 0000000E 6F outsd
> 0000000F 7065 jo 0x76
> 00000011 7274 jc 0x87
> 00000013 7920 jns 0x35
> 00000015 6F outsd
> 00000016 66204968 o16 and [ecx+0x68],cl
> 0000001A 61 popa
> 0000001B 51 push ecx
> 0000001C 7565 jnz 0x83
> 0000001E 52 push edx
> 0000001F 00 db 0x00
> shadown@...ster:/tmp$ ndisasm -V
> NDISASM version 0.98.38 compiled Jan 7 2005
> shadown@...ster:/tmp$
> 
> i.e:
> 0000001C 7565 jnz 0x83
> sould had been jnz 0x65
> 
> I've just tested ndisasm 0.98.36 and 0.98.38
> 
> cheers.
> shadown
> --
> Sergio Alvarez
> Security, Research & Development
> IT Security Consultant
> email: shadown@...il.com
> 
> This message is confidential. It may also contain information that is
> privileged or otherwise legally exempt from disclosure. If you have
> received it by mistake please let us know by e-mail immediately and
> delete it from your system; should also not copy the message nor
> disclose its contents to anyone. Many thanks.
> 


-- 
Sergio Alvarez
Security, Research & Development
IT Security Consultant
email: shadown@...il.com

This message is confidential. It may also contain information that is
privileged or otherwise legally exempt from disclosure. If you have
received it by mistake please let us know by e-mail immediately and
delete it from your system; should also not copy the message nor
disclose its contents to anyone. Many thanks.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ