One minute
Practical Reverse Engineering - Exercise 2, Page 17
Table of Contents
Question
Come up with at least two code sequences to set EIP
to 0xAABBCCDD
.
Answer
There are several instructions in the x86 ISA
to manipulate EIP
register(control flow instructions) but in this exercise, we are going to see two of the most popular ones(and something which we’ve already encountered before in the previous exercise).
call 0xAABBCCDD
The call
instruction is used to call a procedure; it pushes the retdaddr
on the stack before changing EIP
to the call target effectively transferring control to it.
push 0xAABBCCDD
ret
The ret
instruction is used to return from a procedure; it pops whatever’s at the top of the stack into EIP
register and transfers control to it.
Fun Fact: This method of changing the instruction pointer is often used in code-reuse attacks such as
Return Oriented Programming(ROP)
.
141 Words
2022-07-19 02:00