lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <d8360fbf0501070830475ef080@mail.gmail.com> From: shadown at gmail.com (shadown) Subject: ndisasm bad opcodes interpretation Hi, not a vulnerability but could be a headache while reverse ingineering or binary auditing/interpreting, etc. (ok anything related with disassembling) get wrong values. shadown@...ster:/tmp$ ndisasm -b32 salida 00000000 49 dec ecx 00000001 6E outsb 00000002 7465 jz 0x69 00000004 6C insb 00000005 6563747561 arpl [gs:ebp+esi*2+0x61],si 0000000A 6C insb 0000000B 207072 and [eax+0x72],dh 0000000E 6F outsd 0000000F 7065 jo 0x76 00000011 7274 jc 0x87 00000013 7920 jns 0x35 00000015 6F outsd 00000016 66204968 o16 and [ecx+0x68],cl 0000001A 61 popa 0000001B 51 push ecx 0000001C 7565 jnz 0x83 0000001E 52 push edx 0000001F 00 db 0x00 shadown@...ster:/tmp$ ndisasm -V NDISASM version 0.98.38 compiled Jan 7 2005 shadown@...ster:/tmp$ i.e: 0000001C 7565 jnz 0x83 sould had been jnz 0x65 I've just tested ndisasm 0.98.36 and 0.98.38 cheers. shadown -- Sergio Alvarez Security, Research & Development IT Security Consultant email: shadown@...il.com This message is confidential. It may also contain information that is privileged or otherwise legally exempt from disclosure. If you have received it by mistake please let us know by e-mail immediately and delete it from your system; should also not copy the message nor disclose its contents to anyone. Many thanks.
Powered by blists - more mailing lists