lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <d8360fbf0501070830475ef080@mail.gmail.com>
From: shadown at gmail.com (shadown)
Subject: ndisasm bad opcodes interpretation

Hi,

not a vulnerability but could be a headache while reverse ingineering
or binary auditing/interpreting, etc. (ok anything related with
disassembling)
get wrong values.

shadown@...ster:/tmp$ ndisasm -b32 salida
00000000 49 dec ecx
00000001 6E outsb
00000002 7465 jz 0x69
00000004 6C insb
00000005 6563747561 arpl [gs:ebp+esi*2+0x61],si
0000000A 6C insb
0000000B 207072 and [eax+0x72],dh
0000000E 6F outsd
0000000F 7065 jo 0x76
00000011 7274 jc 0x87
00000013 7920 jns 0x35
00000015 6F outsd
00000016 66204968 o16 and [ecx+0x68],cl
0000001A 61 popa
0000001B 51 push ecx
0000001C 7565 jnz 0x83
0000001E 52 push edx
0000001F 00 db 0x00
shadown@...ster:/tmp$ ndisasm -V
NDISASM version 0.98.38 compiled Jan 7 2005
shadown@...ster:/tmp$

i.e:
0000001C 7565 jnz 0x83
sould had been jnz 0x65

I've just tested ndisasm 0.98.36 and 0.98.38

cheers.
shadown
-- 
Sergio Alvarez
Security, Research & Development
IT Security Consultant
email: shadown@...il.com

This message is confidential. It may also contain information that is
privileged or otherwise legally exempt from disclosure. If you have
received it by mistake please let us know by e-mail immediately and
delete it from your system; should also not copy the message nor
disclose its contents to anyone. Many thanks.

Powered by blists - more mailing lists