Root cause analysis on unusual stack writing functions with IDA.

Nope, it's not that easy
This looks promising
Main basic block for this function
Enabling function tracing after our breakpoint is hit.
Only a few functions have been traced, this will save us time
our offending stack writing gadget
  • copy {ecx} to eax register (one byte copy)
  • Increment the ecx register (iterating over our input bytes)
  • move eax into [edx] (this is our destination (the stack))
  • test al,al will continue until a null byte is tested.
We’ll find strcpy anyway, deal with it

--

--

--

Red Teamer — Security Researcher — Breaking things is fun, except when its not

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

How To Deal With Tech Overload: Focus on Value

Byebug: The One Bug You Actually Want!

WE ARE NOW LISTED ON COINGECKO!

CompilerError: Stack too deep, try removing local variables. Solved!

The Future of the Internet: Blockchain and IPv8 Are Going To Drive Business Deployment

AWS Diagram

Libraries: what is a static library

How to access JIRA cloud API

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Chris Hernandez

Chris Hernandez

Red Teamer — Security Researcher — Breaking things is fun, except when its not

More from Medium

An Overview of Sports Nutrition

HUMAN AND ANIMAL FACE IDENTIFICATION & CLASSIFICATION

Regular parsing network operation and maintenance data onetake

Minecraft Tutorial 1: Zombie Apocalypse