diff --git a/BCB/Paul Kocher/Example 1/a.out b/BCB/Paul Kocher/Example 1/a.out new file mode 100755 index 0000000000000000000000000000000000000000..8dafeb8d09c3773d1eec292815920d44fa341a6e Binary files /dev/null and b/BCB/Paul Kocher/Example 1/a.out differ diff --git a/BCB/Paul Kocher/Example 1/ex01 b/BCB/Paul Kocher/Example 1/ex01 new file mode 100755 index 0000000000000000000000000000000000000000..2030fdb11751e73e4d87ac39f7f064760a2c7534 Binary files /dev/null and b/BCB/Paul Kocher/Example 1/ex01 differ diff --git a/BCB/Paul Kocher/Example 1/ex01.bir b/BCB/Paul Kocher/Example 1/ex01.bir new file mode 100644 index 0000000000000000000000000000000000000000..6276b6f500957cc2561e84ae2d4c3add09ef832b --- /dev/null +++ b/BCB/Paul Kocher/Example 1/ex01.bir @@ -0,0 +1,207 @@ +000008b2: program +000008b3: sub __do_global_dtors_aux(__do_global_dtors_aux_result) +000008c7: __do_global_dtors_aux_result :: out u32 = low:32[RAX] + +000004d8: +000004f0: #12582883 := mem[0x4028] +0000050c: ZF := 0 = #12582883 +00000513: when ~ZF goto %00000510 +000008b5: goto %0000061e + +00000510: +00000521: #12582881 := mem[RSP, el]:u64 +00000525: RSP := RSP + 8 +00000528: call #12582881 with noreturn + +0000061e: +0000062a: #12582874 := RBP +0000062e: RSP := RSP - 8 +00000634: mem := mem with [RSP, el]:u64 <- #12582874 +0000064c: #12582873 := mem[0x3FF8, el]:u64 +00000668: ZF := 0 = #12582873 +00000670: RBP := RSP +00000677: when ZF goto %00000674 +000008b4: goto %000006bd + +000006bd: +000006c3: RDI := mem[0x4008, el]:u64 +000006cf: RSP := RSP - 8 +000006d4: mem := mem with [RSP, el]:u64 <- 0x1117 +000006d6: call @sub_1030 with return %00000674 + +00000674: +00000683: RSP := RSP - 8 +00000688: mem := mem with [RSP, el]:u64 <- 0x111C +0000068a: call @deregister_tm_clones with return %0000068c + +0000068c: +00000692: mem := mem with [0x4028] <- 1 +0000069e: RBP := mem[RSP, el]:u64 +000006a2: RSP := RSP + 8 +000006af: #12582871 := mem[RSP, el]:u64 +000006b3: RSP := RSP + 8 +000006b6: call #12582871 with noreturn + +000008b6: sub _fini(_fini_result) +000008c8: _fini_result :: out u32 = low:32[RAX] + +00000019: +0000003c: RSP := RSP - 8 +00000079: RSP := RSP + 8 +000000a5: #12582905 := mem[RSP, el]:u64 +000000a9: RSP := RSP + 8 +000000ac: call #12582905 with noreturn + +000008b7: sub _init(_init_result) +000008c9: _init_result :: out u32 = low:32[RAX] + +000007ce: +000007ec: RSP := RSP - 8 +00000810: RAX := mem[0x3FE8, el]:u64 +00000822: #12582862 := RAX +00000838: ZF := 0 = #12582862 +0000083f: when ZF goto %0000083c +000008b8: goto %00000896 + +00000896: +000008a2: #12582856 := RAX +000008a6: RSP := RSP - 8 +000008ab: mem := mem with [RSP, el]:u64 <- 0x1016 +000008ae: call #12582856 with return %0000083c + +0000083c: +00000861: RSP := RSP + 8 +0000088d: #12582857 := mem[RSP, el]:u64 +00000891: RSP := RSP + 8 +00000894: call #12582857 with noreturn + +000008b9: sub _start(_start_result) +000008ca: _start_result :: out u32 = low:32[RAX] + +00000218: +00000224: RBP := 0 +0000024a: RSI := mem[RSP, el]:u64 +0000024e: RSP := RSP + 8 +00000256: RDX := RSP +00000268: RSP := RSP & 0xFFFFFFFFFFFFFFF0 +0000028c: #12582902 := RAX +00000290: RSP := RSP - 8 +00000296: mem := mem with [RSP, el]:u64 <- #12582902 +000002a4: #12582901 := RSP +000002a8: RSP := RSP - 8 +000002ae: mem := mem with [RSP, el]:u64 <- #12582901 +000002d8: RCX := 0 +000002f0: RDI := 0x1040 +00000302: RSP := RSP - 8 +00000307: mem := mem with [RSP, el]:u64 <- 0x1075 +0000030a: call @__libc_start_main with return %0000030c + +0000030c: +0000030f: call @intrinsic:hlt with return %00000311 + +00000311: +000008ba: call @deregister_tm_clones with noreturn + +000008bb: sub deregister_tm_clones(deregister_tm_clones_result) +000008cb: deregister_tm_clones_result :: out u32 = low:32[RAX] + +00000316: +0000031a: RDI := 0x4028 +00000320: RAX := 0x4028 +00000363: goto %00000360 + +00000360: +00000371: #12582897 := mem[RSP, el]:u64 +00000375: RSP := RSP + 8 +00000378: call #12582897 with noreturn + +000008be: sub frame_dummy(frame_dummy_result) +000008cc: frame_dummy_result :: out u32 = low:32[RAX] + +0000052f: +00000533: call @register_tm_clones with noreturn + +000008bf: sub main(main_argc, main_argv, main_result) +000008cd: main_argc :: in u32 = low:32[RDI] +000008ce: main_argv :: in out u64 = RSI +000008cf: main_result :: out u32 = low:32[RAX] + +000001df: +000001eb: RAX := 0 +0000020a: #12582904 := mem[RSP, el]:u64 +0000020e: RSP := RSP + 8 +00000211: call #12582904 with noreturn + +000008c0: sub register_tm_clones(register_tm_clones_result) +000008d0: register_tm_clones_result :: out u32 = low:32[RAX] + +0000037f: +00000383: RDI := 0x4028 +000003d9: RAX := 0 +000003f2: RSI := 0 +00000422: RAX := 0 +0000045f: #12582888 := 0 +00000464: RSI := #12582888 +0000049e: RSI := RSI ~>> 1 +000004aa: ZF := 0 = RSI +000004bc: when ZF goto %000004b9 +000008c2: goto %000006d8 + +000006d8: +000006de: RAX := mem[0x3FF0, el]:u64 +000006f0: #12582870 := RAX +00000706: ZF := 0 = #12582870 +0000070c: when ZF goto %000004b9 +000008c1: goto %00000710 + +000004b9: +000004ca: #12582884 := mem[RSP, el]:u64 +000004ce: RSP := RSP + 8 +000004d1: call #12582884 with noreturn + +00000710: +00000714: call RAX with noreturn + +000008c3: sub sub_1030(sub_1030_result) +000008d1: sub_1030_result :: out u32 = low:32[RAX] + +000006cb: +00000775: call @__cxa_finalize with noreturn + +000008c4: sub victim_function_v01(victim_function_v01_result) +000008d2: victim_function_v01_result :: out u32 = low:32[RAX] + +0000053a: +00000557: #12582880 := mem[0x4020, el]:u64 - RDI +0000055c: CF := mem[0x4020, el]:u64 < RDI +00000576: ZF := 0 = #12582880 +0000057f: when CF | ZF goto %0000057b +000008c6: goto %00000596 + +00000596: +0000059a: RAX := 0x402F +000005a0: RDX := 0x402A +000005ac: RAX := pad:64[mem[0x402F + RDI]] +000005c5: RAX := pad:64[low:32[RAX] << 9] +000005e4: RAX := extend:64[low:32[RAX]] +000005f0: RAX := pad:64[mem[0x402A + RAX]] +00000606: mem := mem with [0x4029] <- mem[0x4029] & low:8[RAX] +000008c5: goto %0000057b + +0000057b: +0000058d: #12582878 := mem[RSP, el]:u64 +00000591: RSP := RSP + 8 +00000594: call #12582878 with noreturn + +00000308: sub __libc_start_main(__libc_start_main_main, __libc_start_main_arg2, __libc_start_main_arg3, __libc_start_main_auxv, __libc_start_main_result) +000008d3: __libc_start_main_main :: in u64 = RDI +000008d4: __libc_start_main_arg2 :: in u32 = low:32[RSI] +000008d5: __libc_start_main_arg3 :: in out u64 = RDX +000008d6: __libc_start_main_auxv :: in out u64 = RCX +000008d7: __libc_start_main_result :: out u32 = low:32[RAX] + +0000030d: sub intrinsic:hlt() + + +00000773: sub __cxa_finalize(__cxa_finalize_result) +000008d8: __cxa_finalize_result :: out u32 = low:32[RAX] diff --git a/BCB/Paul Kocher/Example 1/ex01.c b/BCB/Paul Kocher/Example 1/ex01.c index ae90ec81453ed91dc07a1a4620945e7ce2c6c2e3..76c4dd3076175818bec5e02f904a4ac30cd0c8de 100644 --- a/BCB/Paul Kocher/Example 1/ex01.c +++ b/BCB/Paul Kocher/Example 1/ex01.c @@ -1,8 +1,16 @@ -#include "../ex_main.h" +#include <stdlib.h> +#include <stdint.h> + +size_t array1_size = 5; +size_t array2_size = 5; +size_t array_size_mask = 0x1234; +uint8_t array1[5]; +uint8_t array2[5]; +uint8_t temp; -__declspec(dllexport) void victim_function_v01(size_t x) { if (x < array1_size) { temp &= array2[array1[x] * 512]; } } +int main(){} diff --git a/BCB/Paul Kocher/Example 2/ex02.bir b/BCB/Paul Kocher/Example 2/ex02.bir new file mode 100644 index 0000000000000000000000000000000000000000..e69de29bb2d1d6434b8b29ae775ad8c2e48c5391 diff --git a/BCB/Paul Kocher/Example 2/msvc/ex02.bir b/BCB/Paul Kocher/Example 2/msvc/ex02.bir index 9e44277d78e61dc6108690aeb4fc515629552637..c2b7764e347e792c45802a5d71014beecefa8b76 100644 Binary files a/BCB/Paul Kocher/Example 2/msvc/ex02.bir and b/BCB/Paul Kocher/Example 2/msvc/ex02.bir differ