1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
|
00401010 |> \55 push ebp
00401011 |. 8BEC mov ebp,esp
00401013 |. 83EC 58 sub esp,0x58
00401016 |. 53 push ebx
00401017 |. 56 push esi
00401018 |. 57 push edi
00401019 |. 8D7D A8 lea edi,[local.22]
0040101C |. B9 16000000 mov ecx,0x16
00401021 |. B8 CCCCCCCC mov eax,0xCCCCCCCC
00401026 |. F3:AB rep stos dword ptr es:[edi]
00401028 |. C745 FC DDCCB>mov [local.1],0xAABBCCDD
0040102F |. C745 F8 AADDC>mov [local.2],0xBBCCDDAA
00401036 |. C745 F4 CCBBA>mov [local.3],0xDDAABBCC
0040103D |. C745 F0 DDAAB>mov [local.4],0xCCBBAADD
00401044 |. 66:A1 2C50420>mov ax,word ptr ds:[0x42502C]
0040104A |. 66:8945 E8 mov word ptr ss:[ebp-0x18],ax
0040104E |. 33C9 xor ecx,ecx
00401050 |. 894D EA mov dword ptr ss:[ebp-0x16],ecx
00401053 |. 66:894D EE mov word ptr ss:[ebp-0x12],cx
00401057 |. 68 DC5F4200 push exploit_.00425FDC ; ASCII "please input the string:"
0040105C |. E8 FFE80000 call exploit_.0040F960
00401061 |. 83C4 04 add esp,0x4
00401064 |. 8D55 E8 lea edx,[local.6]
00401067 |. 52 push edx
00401068 |. 68 28504200 push exploit_.00425028 ; ASCII "%s"
0040106D |. E8 7E000000 call exploit_.004010F0
00401072 |. 83C4 08 add esp,0x8
00401075 |. 817D FC AADDC>cmp [local.1],0xBBCCDDAA
0040107C |. 75 38 jnz Xexploit_.004010B6 //不能跳,跳了就失败
0040107E |. 817D F8 CCBBA>cmp [local.2],0xDDAABBCC
00401085 |. 75 2F jnz Xexploit_.004010B6 //不能跳,跳了就失败
00401087 |. 817D F4 DDAAB>cmp [local.3],0xCCBBAADD
0040108E |. 75 26 jnz Xexploit_.004010B6 //不能跳,跳了就失败
00401090 |. 817D F0 DDCCB>cmp [local.4],0xAABBCCDD
00401097 |. 75 1D jnz Xexploit_.004010B6 //不能跳,跳了就失败
00401099 |. 8BF4 mov esi,esp
0040109B |. 6A 00 push 0x0 ; /Style = MB_OK|MB_APPLMODAL
0040109D |. 68 1C504200 push exploit_.0042501C ; |Title = "Exploit2"
004010A2 |. 68 D05F4200 push exploit_.00425FD0 ; |Text = "Success!"
004010A7 |. 6A 00 push 0x0 ; |hOwner = NULL
004010A9 |. FF15 B4D24200 call dword ptr ds:[<&USER32.MessageBoxA>>; \MessageBoxA
004010AF |. 3BF4 cmp esi,esp
004010B1 |. E8 9A000000 call exploit_.00401150
004010B6 |> 5F pop edi
004010B7 |. 5E pop esi
004010B8 |. 5B pop ebx
004010B9 |. 83C4 58 add esp,0x58
004010BC |. 3BEC cmp ebp,esp
004010BE |. E8 8D000000 call exploit_.00401150
004010C3 |. 8BE5 mov esp,ebp
004010C5 |. 5D pop ebp
004010C6 \. C3 retn
|