Wargame Write-Up/Pwnable.xyz8 (Pwnable.xyz) misalignment writeup int __cdecl main(int argc, const char **argv, const char **envp) { __int64 s[20]; // [rsp+10h] [rbp-A0h] BYREF s[19] = __readfsqword(0x28u); setup(); memset(s, 0, 0x98uLL); *(&s[1] + 7) = 0xDEADBEEFLL; while ( _isoc99_scanf("%ld %ld %ld", &s[4], &s[5], &s[6]) == 3 && s[6] = -7 ) { s[s[6] + 7] = s[4] + s[5]; printf("Result: %ld\\n", s[s[6] + 7]); } if ( *(&s[1] + 7) == 0xB000000B5LL ) win(); retu.. 2022. 1. 11. (Pwnable.xyz) add writeup int __cdecl main(int argc, const char **argv, const char **envp) { __int64 v4; // [rsp+8h] [rbp-78h] BYREF __int64 v5; // [rsp+10h] [rbp-70h] BYREF __int64 v6; // [rsp+18h] [rbp-68h] BYREF __int64 v7[12]; // [rsp+20h] [rbp-60h] BYREF v7[11] = __readfsqword(0x28u); setup(argc, argv, envp); while ( 1 ) { v4 = 0LL; v5 = 0LL; v6 = 0LL; memset(v7, 0, 0x50uLL); printf("Input: "); if ( __isoc99_scanf(".. 2022. 1. 11. (Pwnable.xyz) sub writeup __int64 __fastcall main(__int64 a1, char **a2, char **a3) { int v4; // [rsp+0h] [rbp-18h] BYREF int v5; // [rsp+4h] [rbp-14h] BYREF unsigned __int64 v6; // [rsp+8h] [rbp-10h] v6 = __readfsqword(0x28u); sub_A3E(a1, a2, a3); v4 = 0; v5 = 0; _printf_chk(1LL, "1337 input: "); _isoc99_scanf("%u %u", &v4, &v5); if ( v4 2022. 1. 9. (Pwnable.xyz) Welcome writeup __int64 __fastcall main(__int64 a1, char **a2, char **a3) { _QWORD *v3; // rbx char *v4; // rbp size_t v5; // rdx size_t size; // [rsp+0h] [rbp-28h] BYREF unsigned __int64 canary; // [rsp+8h] [rbp-20h] canary = __readfsqword(0x28u); sub_B4E(a1, a2, a3); puts("Welcome."); v3 = malloc(0x40000uLL); *v3 = 1LL; _printf_chk(1LL, "Leak: %p\n", v3); _printf_chk(1LL, "Length of your message: "); size = 0.. 2022. 1. 7. 이전 1 2 다음