Moderator: Moderators
-
ROX_Leopardo
- Developers
- Posts: 37
- Joined: 19 Nov 2011, 14:06
- Noob?: No
- Location: Brazil
#1
Post
by ROX_Leopardo »
I'm trying to understand this way for make a packet...
Code: Select all
MOV EAX,3 => EAX = 3
MOV ECX,EAX => ECX = 3
LEA EDX,DWORD PTR SS:[ESP+C] => Paste the EDX memory location address to DWORD PTR SS:[ESP+C]?
MOV DWORD PTR SS:[ESP+10],EAX => Length = 3
PUSH EDX => I don't know what's happen here
LEA EAX,DWORD PTR SS:[ESP+8] => Paste the EAX memory location address to DWORD PTR SS:[ESP+8]?
MOV DWORD PTR SS:[ESP+18],ECX => MinLength = 3
PUSH EAX => I don't know what's happen here
MOV ECX,ESI => ESI is a result of LEA instruction?
MOV DWORD PTR SS:[ESP+14],81 => PacketID = 0081
Where's ReplayFactor on this packet?
Can anyone help me on this interpretation?
-
kLabMouse
- Administrator
- Posts: 1301
- Joined: 24 Apr 2008, 12:02
#2
Post
by kLabMouse »
ROX_Leopardo wrote:I'm trying to understand this way for make a packet...
Code: Select all
MOV EAX,3 => EAX = 3
MOV ECX,EAX => ECX = 3
LEA EDX,DWORD PTR SS:[ESP+C] => Paste the EDX memory location address to DWORD PTR SS:[ESP+C]?
MOV DWORD PTR SS:[ESP+10],EAX => Length = 3
PUSH EDX => I don't know what's happen here
LEA EAX,DWORD PTR SS:[ESP+8] => Paste the EAX memory location address to DWORD PTR SS:[ESP+8]?
MOV DWORD PTR SS:[ESP+18],ECX => MinLength = 3
PUSH EAX => I don't know what's happen here
MOV ECX,ESI => ESI is a result of LEA instruction?
MOV DWORD PTR SS:[ESP+14],81 => PacketID = 0081
Where's ReplayFactor on this packet?
Can anyone help me on this interpretation?
You Should Look at "[ESP+C]" as a structure in stack.
-
ever_boy_
- Developers
- Posts: 308
- Joined: 06 Jul 2012, 13:44
- Noob?: No
#3
Post
by ever_boy_ »
kLabMouse wrote:You Should Look at "[ESP+C]" as a structure in stack.
Well, that's just what I thought when I look at it, but I can't figure what's the repaly factor for these:
some packets have this:
lea edx, [esp+18h+var_C]
(hexa: 8D 54 24 0C)
other packets have this:
lea edx, [esp+1Ch+var_14]
(hexa: 8D 54 24 08)
and a few packets have no "lea edx," at all.
I just couldn't figure out what's 0 and what's 1
-
kLabMouse
- Administrator
- Posts: 1301
- Joined: 24 Apr 2008, 12:02
#4
Post
by kLabMouse »
ever_boy_ wrote:kLabMouse wrote:You Should Look at "[ESP+C]" as a structure in stack.
Well, that's just what I thought when I look at it, but I can't figure what's the repaly factor for these:
some packets have this:
lea edx, [esp+18h+var_C]
(hexa: 8D 54 24 0C)
other packets have this:
lea edx, [esp+1Ch+var_14]
(hexa: 8D 54 24 08)
and a few packets have no "lea edx," at all.
I just couldn't figure out what's 0 and what's 1
In this Situation. You have the Second Version. Where there was no "ReplayFactor" yet.
-
ever_boy_
- Developers
- Posts: 308
- Joined: 06 Jul 2012, 13:44
- Noob?: No
#5
Post
by ever_boy_ »
kLabMouse wrote:ever_boy_ wrote:kLabMouse wrote:You Should Look at "[ESP+C]" as a structure in stack.
Well, that's just what I thought when I look at it, but I can't figure what's the repaly factor for these:
some packets have this:
lea edx, [esp+18h+var_C]
(hexa: 8D 54 24 0C)
other packets have this:
lea edx, [esp+1Ch+var_14]
(hexa: 8D 54 24 08)
and a few packets have no "lea edx," at all.
I just couldn't figure out what's 0 and what's 1
In this Situation. You have the Second Version. Where there was no "ReplayFactor" yet.
Oh, I see.
So, I was just struggling with wind. Thanks for saving me the trouble of looking for what is not there
