|
|
 |
|
|
Thread Tools | Display Modes |
|
|
Feb 27th, 2005, 2:13 AM
|
#1 |
|
Newbie
Join Date: Feb 2005
Location: CT
Posts: 3
Rep Power: 0
 |
Smashing a stack in MIPS assembly code
I first need to add some code where it says "##construct your smash_space string/wordset/bitarray here". But I'm not sure what code to put their for starting data.
############ MUST NOT CHANGE START ################
.data
.align 4
smash_space: .space 100
hello_world: .asciiz "Hello World!\n"
foundme: .asciiz "You have smashed the stack! Go forth... y0U H4X0R"
strongstack: .asciiz "HAH, my stack is stronger than your string."
############ MUST NOT CHANGE END #################
.text
.globl __start
__start:
##construct your smash_space string/wordset/bitarray here
############ MUST NOT CHANGE START ################
main_loop:
# <call function blob>
la $a0,smash_space
jal blob
li $v0, 4
la $a0, strongstack
syscall
li $v0, 10 # Syscall code for exit.
syscall
# Function blob
# input: $a0 first_param to go onto the stack
# output: $v0 destination
blob:
add $t0, $a0, $zero #copy the first_param into temp location
addiu $sp, $sp, -4 # push the return addr...
sw $ra, 0($sp) # ...onto the stack.
addiu $sp, $sp, -10 # now push referenced string on to the stack...
add $a0, $sp, $zero #param 1
add $a1, $t0, $zero #param 2
############ MUST NOT CHANGE END ##################
li $a2, 10
jal memcpy
############ MUST NOT CHANGE START ################
#play play play with stuff on stack
#or do a bunch of nonsense like print
li $v0, 4
la $a0, hello_world
syscall
addiu $sp, $sp, 10 # return the stack like we found it.
lw $ra, 0($sp) # restore return address.
jr $ra # return
# Function memcpy
# input: $a0 = destination
# input: $a1 = source
# input: $a2 = size in bytes
# output: $v0 destination
memcpy:
add $v0, $a0, $zero # return value = dest
loop:
sltu $t0, $zero, $a2 # $t0 = (0 < n)
beq $t0, $zero, quit # if (!(0 < n)) goto quit
lbu $t0, ($a1) # $t0 = *src
sb $t0, ($a0) # *dest = $t0
addiu $a0, $a0, 1 # dest++
addiu $a1, $a1, 1 # src++
addiu $a2, $a2, -1 # n--
j loop
quit:
jr $ra
.text
# Function hiddencode
hiddencode:
li $v0, 4
la $a0, foundme
syscall
li $v0, 10 # Syscall code for exit.
syscall
############ MUST NOT CHANGE END ################## |
|
|
|
Feb 27th, 2005, 8:52 AM
|
#2 |
|
Professional Programmer
Join Date: Dec 2004
Location: Worcester, MA
Posts: 441
Rep Power: 4
    |
what do you mean by 'smashing'? Do you mean emptying the stack? Or just moving to it to the smash_space? and deleting it?
|
|
|
|
|
Feb 27th, 2005, 1:06 PM
|
#3 | |
|
Newbie
Join Date: Feb 2005
Location: CT
Posts: 3
Rep Power: 0
|
Quote:
Althought I still need to pass in data into the "blob" function by building my smash_space data. There are many ways to fill this memory; using loops, loading it one byte at a time, using several load immediates, etc. I'm stuck at that point in how to code the filling in the data. |
|
|
|
|
|
| Bookmarks |
| Currently Active Users Viewing This Thread: 1 (0 members and 1 guests) | |
| Thread Tools | |
| Display Modes | |
|
|
Hybrid Mode
