#shellcoder #hackbook #hacking #hacker #anonymous #blackhathacker https://www.instagram.com/p/B06IY4VHq6H/?igshid=fexvqt0pqxrn

seen from Malaysia

seen from United States
seen from United Kingdom
seen from United States

seen from United States
seen from United States
seen from United States
seen from China
seen from China
seen from United States
seen from United States

seen from Malaysia

seen from United States

seen from China
seen from United States

seen from United States
seen from United States

seen from United States
seen from Kazakhstan

seen from United Kingdom
#shellcoder #hackbook #hacking #hacker #anonymous #blackhathacker https://www.instagram.com/p/B06IY4VHq6H/?igshid=fexvqt0pqxrn
ShellCoder's Chapter ONE: Basic understanding of Assembly language.
If you are using the 32 bits operating system, the registers are used will be %EBP: Base pointer; which is used to reference all the function parameters and local variables in the current stack frame %ESP: Stack pointer; Always point to the last element on the stack; %EIP: Instruction pointer; This holds the address of the next CPU instruction to be executed, and it's saved onto the stack as part of the CALL instruction. As well, any of the "jump" instructions modify the %EIP directly. Accordingly, for the 64 bits operating system, the registers will be: %RBP, %RSP, %RIP; [sourcecode language="cpp" collapse="true"] //Sat Oct 16 12:28:31 CDT 2010 #include int triangle(int width, int height) { int array[5] = {0,1,2,3,4}; int area; area = width * height/2; return (area); } int main(int argc, char** argv) { printf("%d\n", triangle(1.0, 2.0)); return 0; } [/sourcecode] [AT&T syntax:] [sourcecode collapse="true"] 0000000000400524: 400524: 55 push %rbp 400525: 48 89 e5 mov %rsp,%rbp 400528: 89 7d dc mov %edi,-0x24(%rbp) 40052b: 89 75 d8 mov %esi,-0x28(%rbp) 40052e: c7 45 e0 00 00 00 00 movl $0x0,-0x20(%rbp) 400535: c7 45 e4 01 00 00 00 movl $0x1,-0x1c(%rbp) 40053c: c7 45 e8 02 00 00 00 movl $0x2,-0x18(%rbp) 400543: c7 45 ec 03 00 00 00 movl $0x3,-0x14(%rbp) 40054a: c7 45 f0 04 00 00 00 movl $0x4,-0x10(%rbp) 400551: 8b 45 dc mov -0x24(%rbp),%eax 400554: 0f af 45 d8 imul -0x28(%rbp),%eax 400558: 89 c2 mov %eax,%edx 40055a: c1 ea 1f shr $0x1f,%edx 40055d: 8d 04 02 lea (%rdx,%rax,1),%eax 400560: d1 f8 sar %eax 400562: 89 45 fc mov %eax,-0x4(%rbp) 400565: 8b 45 fc mov -0x4(%rbp),%eax 400568: c9 leaveq 400569: c3 retq [/sourcecode] When entering into the new function,
Need to restore the current value (address) that %RBP pointed to by using Push %RBP; Thus, the function will run LOCALLY;
Assign the top of the stack frame's value to the %RBP: Mov %rsp, %rbp;
Then, restore those two arguments:
mov %edi,-0x24(%rbp);
mov %esi,-0x28(%rbp)
Then assign those five values to the array:
movl $0x0,-0x20(%rbp)
movl $0x1,-0x1c(%rbp)
movl $0x2,-0x18(%rbp)
movl $0x3,-0x14(%rbp)
movl $0x4,-0x10(%rbp)
...
The following figure will better illustrate the memory management of the program: