flat assembler
Message board for the users of flat assembler.

Index > Windows > How to use InitiateSystemShutdown?

Goto page Previous  1, 2
Author
Thread Post new topic Reply to topic
Fullnewb1234567



Joined: 18 Feb 2017
Posts: 10
Fullnewb1234567 25 Feb 2017, 14:16
i think i now understand but from my undestanding.

.token+12 should contain the address of .attr

since .token is 4bytes
followed by luid which is 8bytes
then .attr.

please explain

im confused Sad i think i have a poor understanding of x86 addressing
Post 25 Feb 2017, 14:16
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 20454
Location: In your JS exploiting you and your system
revolution 25 Feb 2017, 14:21
The +12 is because there are already 3 dwords pushed ahead of it (the three ,0,0,0 that follow it are pushed before it) so ESP has been decremented by 12 bytes. So actually the address is still .token.

A debugger will show you the push order and the addresses that are used.
Post 25 Feb 2017, 14:21
View user's profile Send private message Visit poster's website Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  
Goto page Previous  1, 2

< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2025, Tomasz Grysztar. Also on GitHub, YouTube.

Website powered by rwasa.