3 Replies - 761 Views - Last Post: 18 May 2018 - 05:42 AM

#1 BaconMonster   User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 2
  • Joined: 17-May 18

White space value after disassembling

Posted 17 May 2018 - 08:03 AM

I have a simple two lines of Intel x86-64 assembly.
movq 0x486c7c6f, %rdi
retq


This code I wrote is to put a cookie into the %rdi register that will go at the top of my stack to simulate a buffer overflow attack for my lab. When I disassemble that code I get the following

0: 48 8b 3c 25 6f 7c 6c       movq 0x486c7c6f, %rdi
7: 48
8: c3                         retq



Now my question on the whitespace is this, I have a file called phase2.txt that has the following numbers in little endian.

48 8b 3c 25 6f 7c 6c 00
48 00 00 00 00 00 00 00
c3 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00
a8 c0 66 55 00 00 00 00
60 18 40 00 00 00 00 00



Do I need to implement the 48 on the second line of my text file even though it corresponds with white space?

Is This A Good Question/Topic? 0
  • +

Replies To: White space value after disassembling

#2 Programmer2004   User is offline

  • D.I.C Head

Reputation: 18
  • View blog
  • Posts: 96
  • Joined: 25-October 17

Re: White space value after disassembling

Posted 17 May 2018 - 08:19 AM

You've used wrong disassembler or your disassembler did a mistake, because the first 0x48 is an movq instruction, 0x8b, 0x3c and 0x25 are some values which define from where to where will this instruction transfer data, and 0x6f, 0x7c, 0x6c and 0x48 are the address you want to transfer from, so the second 0x48 is not a separate instruction or something like null space. The 0x48 in the text file should be where the 0x00 after 0x6c is.
Was This Post Helpful? 1
  • +
  • -

#3 BaconMonster   User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 2
  • Joined: 17-May 18

Re: White space value after disassembling

Posted 17 May 2018 - 11:54 AM

Hello again Programmer2004, you were correct to note that my disassembler was being a bit weird, when I typed in the memory address of my cookie I did it without the use of the $ sign which caused the value to bleed off on the next line and give an incorrect memory address. Thank you so much!
Was This Post Helpful? 0
  • +
  • -

#4 Programmer2004   User is offline

  • D.I.C Head

Reputation: 18
  • View blog
  • Posts: 96
  • Joined: 25-October 17

Re: White space value after disassembling

Posted 18 May 2018 - 05:42 AM

Good to hear that, you're welcome! ;)
Was This Post Helpful? 0
  • +
  • -

Page 1 of 1