-
Notifications
You must be signed in to change notification settings - Fork 0
/
reykjavik_0x2400+.txt
168 lines (159 loc) · 7.09 KB
/
reykjavik_0x2400+.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
NOTES:
#0xa absolut verdi 0xa
@0xa peker til adresse 0xa
$ ???
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
mine notater:
>> endring i verdi
> gir...
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
opcode source, destination
dvs:
MOV EAX, @EBX; Move the 4 bytes in memory at the address contained in EBX into EAX
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
fra manual
Rx Reference the value stored in Rx directly.
@Rx Reference the value in memory stored at the address indicated by Rx.
@Rx+ Reference the value in memory stored at the address indicated by Rx, and then incremement the value of Rx.
#c The constant c.
c Reference the value in memory stored at offset r0+c.
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
dissasebled area of memory that apears after code has begun running:
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
addr: data code nr notes
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
2400: 0b12 push r11
2402: 0412 push r4
2404: 0441 mov sp, r4
2406: 2452 add #0x4, r4
2408: 3150 e0ff add #0xffe0, sp
240c: 3b40 2045 mov #0x4520, r11
2410: 073c jmp $+0x10
2412: 1b53 inc r11
2414: 8f11 sxt r15
2416: 0f12 push r15
2418: 0312 push #0x0
241a: b012 6424 call #0x2464
241e: 2152 add #0x4, sp
2420: 6f4b mov.b @r11, r15
2422: 4f93 tst.b r15
2424: f623 jnz $-0x12
2426: 3012 0a00 push #0xa
242a: 0312 push #0x0
242c: b012 6424 call #0x2464
2430: 2152 add #0x4, sp
2432: 3012 1f00 push #0x1f
2436: 3f40 dcff mov #0xffdc, r15
243a: 0f54 add r4, r15
243c: 0f12 push r15
243e: 2312 push #0x2
2440: b012 6424 call #0x2464
2444: 3150 0600 add #0x6, sp 03 | sp 43d4 >> 43da som er start passord
2448: b490 2ca7 dcff cmp #0xa72c, -0x24(r4) 04 | r4=43fe > r4-0x24=0x43DA
244e: 0520 jnz $+0xc 05 | hopp til 245A dersom ikke null
2450: 3012 7f00 push #0x7f
2454: b012 6424 call #0x2464
2458: 2153 incd sp
245a: 3150 2000 add #0x20, sp 06 |
245e: 3441 pop r4
2460: 3b41 pop r11
246 : 3041 ret
246 : 1e41 0200 mov 0x2(sp), r14
246 : 0212 push sr
246 : 0f4e mov r14, r15
246 : 8f10 swpb r15
246 : 024f mov r15, sr
2470: 32d0 0080 bis #0x8000, sr
247 : b012 1000 call #0x10
247 : 3241 pop sr 01 | starter her etter passord prompt
247 : 3041 ret 02 | returnerer til 2444
247 : d21a 189a call &0x9a18
2480: 22dc bis @r12, sr
248 : 45b9 bit.b r9, r5
248 : 4279 subc.b r9, sr
248 : 2d55 add @r5, r13
248 : 858e a4a2 sub r14, -0x5d5c(r5)
248 : 67d7 bis.b @r7, r7
248 : 14ae a119 dadd 0x19a1(r14), r4
2492: 76f6 and.b @r6+, r6
249 : 42cb bic.b r11, sr
249 : 1c04 0efa rrc -0x5f2(r12)
249 : a61b invalid @r6
249 : 74a7 dadd.b @r7+, r4
249 : 416b addc.b r11, sp
24a0: d237 jge $-0x5a
24a : a253 22e4 incd &0xe422
24a : 66af dadd.b @r15, r6
24a : c1a5 938b dadd.b r5, -0x746d(sp)
24a : 8971 9b88 subc sp, -0x7765(r9)
24b0: fa9b 6674 cmp.b @r11+, 0x7466(r10)
24b : 4e21 jnz $+0x29e
24b : 2a6b addc @r11, r10
24b : b143 9151 mov #-0x1, 0x5191(sp)
24b : 3dcc bic @r12+, r13
24b : a6f5 daa7 and @r5, -0x5826(r6)
24c2: db3f jmp $-0x48
24 : 8d3c jmp $+0x11c
24 : 4d18 rrc.b r13
24 : 4736 jge $-0x370
24 : dfa6 459a 2461 dadd.b -0x65bb(r6), 0x6124(r15)
24 : 921d 3291 sxt &0x9132
24 : 14e6 8157 xor 0x5781(r6), r4
24 : b0fe 2ddd and @r14+, -0x22d3(pc)
24 : 400b reti pc
24 : 8688 6310 sub r8, 0x1063(r6)
24 : 3ab3 bit #-0x1, r10
24 : 612b jnc $-0x13c
24 : 0bd9 bis r9, r11
24 : 483f jmp $-0x16e
24 : 4e04 rrc.b r14
24 : 5870 4c38 subc.b 0x384c(pc), r8
24f0: c93c jmp $+0x194
24 : ff36 jge $-0x200
24 : 0e01 rra r14
24 : 7f3e jmp $-0x300
24 : fa55 aeef add.b @r5+, -0x1052(r10)
24 : 051c rrc r5
24 : 242c jc $+0x4a
2500: 3c56 add @r6+, r12
: 13af e57b dadd 0x7be5(r15), 4
: 8abf 3040 bit r15, 0x4030(r10)
: c537 jge $-0x74
: 656e addc.b @r14, r5
: 8278 9af9 subc r8, &0xf99a
: 9d02 be83 call -0x7c42(r13)
: b38c e181 sub @r12+, 8
: 3ad8 bis @r8+, r10
: 395a add @r10+, r9
: fce3 4f03 xor.b #-0x1, 0x34f(r12)
: 8ec9 9395 bic r9, -0x6a6d(r14)
: 4a15 rra.b r10
: ce3b jl $-0x62
: fd1e call @r13+
: 7779 subc.b @r9+, r7
: c9c3 5ff2 bic.b #0x0, -0xda1(r9)
: 3dc7 bic @r7+, r13
: 5953 add.b #0x1, r9
: 8826 jz $-0x2ee
: d0b5 d9f8 639e bit.b -0x727(r5), -0x619d(pc)
: e970 01cd subc.b @pc, -0x32ff(r9)
: 2119 rra @sp
: ca6a d12c addc.b r10, 0x2cd1(r10)
: 97e2 7538 96c5 xor &0x3875, -0x3a6a(r7)
: 8f28 jnc $+0x120
: d682 1be5 ab20 sub.b &0xe51b, 0x20ab(r6)
: 7389 sub.b @r9+, 4
: 48aa dadd.b r10, r8
: 1fa3 dinc r15
: 472f jc $-0x170
: a564 de2d addc @r4, 0x2dde(r5)
: b710 swpb @r7+
: 9081 5205 8d44 sub 0x552(sp), 0x448d(pc)
: cff4 bc2e and.b r4, 0x2ebc(r15)
: 577a d5f4 subc.b -0xb2b(r10), r7
: a851 c243 add @sp, 0x43c2(r8)
: 277d subc @r13, r7
: a4ca 1e6b bic @r10, 0x6b1e(r4)
: 0000 rrc pc
: 0000 rrc pc