1 / 9

Exercise 1 Given the code as seen in the example, we start with the following in memory:

Exercise 1 Given the code as seen in the example, we start with the following in memory:. Addr 100h FFh FEh FDh FCh FBh FAh. STACK. ESP. 00h 61h. ESP (new). PUSH msg. ESP. Addr 100h FFh FEh FDh FCh FBh FAh. STACK. 00h 61h. We now perform: MOV AX,[ESP]

jud
Download Presentation

Exercise 1 Given the code as seen in the example, we start with the following in memory:

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Exercise 1 Given the code as seen in the example, we start with the following in memory: Addr 100h FFh FEh FDh FCh FBh FAh STACK ESP 00h 61h ESP (new) PUSH msg

  2. ESP Addr 100h FFh FEh FDh FCh FBh FAh STACK 00h 61h We now perform: MOV AX,[ESP] Which gives us: AX = 00 61h

  3. Addr 100h FFh FEh FDh FCh FBh FAh STACK 00h 61h 00h 62h ESP PUSH msg+2 ESP (new)

  4. Addr 100h FFh FEh FDh FCh FBh FAh STACK 00h 61h 00h 62h MOV EAX, [esp] EAX = 00 61 00 62h ESP

  5. Addr FCh FBh FAh F9h F8h F7h F6h STACK ESP 64h 00h 63h 00h PUSH dword ptr msg+3 LEA eax, msg ESP (new) EAX = 00 00 00 00h

  6. Addr FCh FBh FAh F9h F8h F7h F6h STACK 64h 00h 63h 00h ESP (new) POP word ptr [EAX] MOV AX, msg ESP EAX = 00 00 63 00h

  7. Addr 100h FFh FEh FDh FCh FBh FAh STACK 00h 61h 00h 62h 64h 00h ESP (new) POP EAX EAX = 00 62 64 00h ESP

  8. Addr 100h FFh FEh FDh FCh FBh FAh STACK ESP (new) 00h 61h 00h 62h 64h 00h ESP POP AX EAX = 00 62 00 61h

  9. Exercise 2 • A) EIP is loaded with the address of PROC1. Hence EIP = 456h. ESP is decremented by 4. Hence ESP = 7FFCh • B) ESP points to the return address (ie: the address of MOV BX,AX. Hence ESP = 11Ah.

More Related