change asm code

pr0v3rbs · Aug 9, 2015 · 2c5c2bd · 2c5c2bd
1 parent 5d31a56
commit 2c5c2bd
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 2 deletions.
diff --git a/OpenCTF/07. Runic Power/README.md b/OpenCTF/07. Runic Power/README.md
@@ -9,7 +9,7 @@
 
 Binary file is given.
 
-First, I decomplied binary file. And It was so simple binary.
+First, I decomplied the binary file. And It was a so simple binary.
 
 ```c
 int main(int argc, const char **argv, const char **envp)

diff --git a/OpenCTF/08. Sigil of Darkness/README.md b/OpenCTF/08. Sigil of Darkness/README.md
@@ -10,7 +10,7 @@
 
 Binary file is given.
 
-First, I decomplied binary file. And It was so simple binary.
+First, I decomplied the binary file. And It was a so simple binary.
 
 ```c
 __int64 main()
@@ -32,16 +32,27 @@ It was just make memory map, read 0x10byte from user, and execute code it.
 And I checked security of binary. No NX, ASLR is on(maybe?). If ASLR is on, we can't use RTL easily.
 
 > 0x400606:	call   0x400490 <memset@plt>
+>
 > 0x40060b:	mov    rax,QWORD PTR [rbp-0x8]
+>
 > 0x40060f:	mov    edx,0x10
+>
 > 0x400614:	mov    rsi,rax
+>
 > 0x400617:	mov    edi,0x0
+>
 > 0x40061c:	call   0x4004a0 <read@plt>  // to this address
+>
 > 0x400621:	mov    rdx,QWORD PTR [rbp-0x8]
+>
 > 0x400625:	mov    eax,0x0
+>
 > 0x40062a:	call   rdx
+>
 > 0x40062c:	mov    eax,0x0
+>
 > 0x400631:	leave
+>
 > 0x400632:	ret
 
 So I sent 'mov edx, 0x50; mov eax, 0x40061c; call rax' asm code to make the program execute 'read function' of main. And I send the shellcode to obtain the shell.