Index
> Main > Assembler programming tricksGoto page 1, 2 Next |
| Author |
|
|
revolution 20 Jun 2023, 15:24
There are also the extended nops:
Code: db 0x0f, 0x1f, 0x80 ; nop [eax+?] dd ? ; any four byte sequence |
|||
20 Jun 2023, 15:24 |
|
|
bitRAKE 20 Jun 2023, 20:19
Skip call instruction:
Code: db 0x81
call aFunc ... this one applies to 16/32/64-bit code the same. |
|||
|
20 Jun 2023, 20:19 |
|
|
revolution 21 Jun 2023, 05:22
This prints "Hello world"
Code: format elf64 executable mov rax,0x3D66206F6C6C6548 mov rax,0x3D660A646C726F57 mov rax,0x3D669000000005E8 mov rax,0x3D6690909090905B mov rax,0x3D66909090DE8948 mov rax,0x3D669090E7C68348 mov rax,0x3D669000000006BA mov rax,0x3D669000000001B8 mov rax,0x3D669000000001BF mov rax,0x3D6690909090050F mov rax,0x3D66909090DE8948 mov rax,0x3D669090F1C68348 mov rax,0x3D669000000006BA mov rax,0x3D669000000001B8 mov rax,0x3D669000000001BF mov rax,0x3D6690909090050F mov rax,0x3D6690000000E7B8 mov rax,0x3D6690909090050F jmp $-0x9e  |
|||
|
21 Jun 2023, 05:22 |
|
|
Flier-Mate 21 Jun 2023, 11:59
revolution wrote: This prints "Hello world" M/o/Vfuscator. https://github.com/xoreaxeaxeax/movfuscator wrote: ....compiles programs into "mov" instructions, and only "mov" instructions. Arithmetic, comparisons, jumps, function calls, and everything else a program needs are all performed through mov operations; there is no self-modifying code, no transport-triggered calculation, and no other form of non-mov cheating. |
|||
|
21 Jun 2023, 11:59 |
|
|
revolution 21 Jun 2023, 12:25
The code is not the movfuscator.
|
|||
|
21 Jun 2023, 12:25 |
|
|
redsock 21 Jun 2023, 20:40
revolution wrote: Bonus points to anyone that can figure out how it works. Carefully constructed byte sequences and offsets that make debugging fun and interesting. Nicely done! I cheated and added a breakpoint to it just to make debugging easier so my offsets and gdb output aren't 100% match for the plain one but here is my gdb session: Code: (No debugging symbols found in ./revo) (gdb) run Starting program: /dev/shm/revo Program received signal SIGTRAP, Trace/breakpoint trap. 0x0000000000400079 in ?? () (gdb) x/20i 0x400079 => 0x400079: nop 0x40007a: movabs $0x3d66206f6c6c6548,%rax 0x400084: movabs $0x3d660a646c726f57,%rax 0x40008e: movabs $0x3d669000000005e8,%rax 0x400098: movabs $0x3d6690909090905b,%rax 0x4000a2: movabs $0x3d66909090de8948,%rax 0x4000ac: movabs $0x3d669090e7c68348,%rax 0x4000b6: movabs $0x3d669000000006ba,%rax 0x4000c0: movabs $0x3d669000000001b8,%rax 0x4000ca: movabs $0x3d669000000001bf,%rax 0x4000d4: movabs $0x3d6690909090050f,%rax 0x4000de: movabs $0x3d66909090de8948,%rax 0x4000e8: movabs $0x3d669090f1c68348,%rax 0x4000f2: movabs $0x3d669000000006ba,%rax 0x4000fc: movabs $0x3d669000000001b8,%rax 0x400106: movabs $0x3d669000000001bf,%rax 0x400110: movabs $0x3d6690909090050f,%rax 0x40011a: movabs $0x3d6690000000e7b8,%rax 0x400124: movabs $0x3d6690909090050f,%rax 0x40012e: jmp 0x400090 (gdb) b *0x40012e Breakpoint 1 at 0x40012e (gdb) cont Continuing. Breakpoint 1, 0x000000000040012e in ?? () (gdb) si 0x0000000000400090 in ?? () (gdb) x/62i 0x400090 => 0x400090: call 0x40009a 0x400095: nop 0x400096: cmp $0xb848,%ax 0x40009a: pop %rbx 0x40009b: nop 0x40009c: nop 0x40009d: nop 0x40009e: nop 0x40009f: nop 0x4000a0: cmp $0xb848,%ax 0x4000a4: mov %rbx,%rsi 0x4000a7: nop 0x4000a8: nop 0x4000a9: nop 0x4000aa: cmp $0xb848,%ax 0x4000ae: add $0xffffffffffffffe7,%rsi 0x4000b2: nop 0x4000b3: nop 0x4000b4: cmp $0xb848,%ax 0x4000b8: mov $0x6,%edx 0x4000bd: nop 0x4000be: cmp $0xb848,%ax 0x4000c2: mov $0x1,%eax 0x4000c7: nop 0x4000c8: cmp $0xb848,%ax 0x4000cc: mov $0x1,%edi 0x4000d1: nop 0x4000d2: cmp $0xb848,%ax 0x4000d6: syscall 0x4000d8: nop 0x4000d9: nop 0x4000da: nop 0x4000db: nop 0x4000dc: cmp $0xb848,%ax --Type <RET> for more, q to quit, c to continue without paging-- 0x4000e0: mov %rbx,%rsi 0x4000e3: nop 0x4000e4: nop 0x4000e5: nop 0x4000e6: cmp $0xb848,%ax 0x4000ea: add $0xfffffffffffffff1,%rsi 0x4000ee: nop 0x4000ef: nop 0x4000f0: cmp $0xb848,%ax 0x4000f4: mov $0x6,%edx 0x4000f9: nop 0x4000fa: cmp $0xb848,%ax 0x4000fe: mov $0x1,%eax 0x400103: nop 0x400104: cmp $0xb848,%ax 0x400108: mov $0x1,%edi 0x40010d: nop 0x40010e: cmp $0xb848,%ax 0x400112: syscall 0x400114: nop 0x400115: nop 0x400116: nop 0x400117: nop 0x400118: cmp $0xb848,%ax 0x40011c: mov $0xe7,%eax 0x400121: nop 0x400122: cmp $0xb848,%ax 0x400126: syscall (gdb) cont Continuing. Hello World [Inferior 1 (process 6186) exited with code 01] |
|||
|
21 Jun 2023, 20:40 |
|
|
revolution 22 Jun 2023, 02:10
+2
Bonus points duly awarded.  |
|||
|
22 Jun 2023, 02:10 |
|
|
Flier-Mate 22 Jun 2023, 04:34
Thank @redsock for the clue, and @revolution for the obfuscated code.
So the "jmp $-0x9e" instruction would fix the disassembly. The following code if compiled can be disassembled correctly in IDA. Code: format elf64 executable mov rax,0x3D66206F6C6C6548 mov rax,0x3D660A646C726F57 ;mov rax,0x3D669000000005E8 ;db 0x48 ;db 0xb8 nop nop dq 0x3D669000000005E8 mov rax,0x3D6690909090905B mov rax,0x3D66909090DE8948 mov rax,0x3D669090E7C68348 mov rax,0x3D669000000006BA mov rax,0x3D669000000001B8 mov rax,0x3D669000000001BF mov rax,0x3D6690909090050F mov rax,0x3D66909090DE8948 mov rax,0x3D669090F1C68348 mov rax,0x3D669000000006BA mov rax,0x3D669000000001B8 mov rax,0x3D669000000001BF mov rax,0x3D6690909090050F mov rax,0x3D6690000000E7B8 mov rax,0x3D6690909090050F ;jmp $-0x9e Last edited by Flier-Mate on 22 Jun 2023, 06:08; edited 1 time in total |
|||
|
22 Jun 2023, 04:34 |
|
|
Flier-Mate 22 Jun 2023, 04:36
Full disassembly:
Code: 0000000000400078 public start LOAD:0000000000400078 start proc near ; DATA XREF: LOAD:0000000000400018↑o LOAD:0000000000400078 mov rax, 3D66206F6C6C6548h LOAD:0000000000400082 mov rax, 3D660A646C726F57h LOAD:000000000040008C nop LOAD:000000000040008D nop LOAD:000000000040008E call loc_400098 LOAD:0000000000400093 nop LOAD:0000000000400094 cmp ax, 0B848h LOAD:0000000000400094 start endp LOAD:0000000000400094 LOAD:0000000000400098 LOAD:0000000000400098 loc_400098: ; CODE XREF: start+16↑p LOAD:0000000000400098 pop rbx LOAD:0000000000400099 nop LOAD:000000000040009A nop LOAD:000000000040009B nop LOAD:000000000040009C nop LOAD:000000000040009D nop LOAD:000000000040009E cmp ax, 0B848h LOAD:00000000004000A2 mov rsi, rbx LOAD:00000000004000A5 nop LOAD:00000000004000A6 nop LOAD:00000000004000A7 nop LOAD:00000000004000A8 cmp ax, 0B848h LOAD:00000000004000AC add rsi, 0FFFFFFFFFFFFFFE7h LOAD:00000000004000B0 nop LOAD:00000000004000B1 nop LOAD:00000000004000B2 cmp ax, 0B848h LOAD:00000000004000B6 mov edx, 6 LOAD:00000000004000BB nop LOAD:00000000004000BC cmp ax, 0B848h LOAD:00000000004000C0 mov eax, 1 LOAD:00000000004000C5 nop LOAD:00000000004000C6 cmp ax, 0B848h LOAD:00000000004000CA mov edi, 1 LOAD:00000000004000CF nop LOAD:00000000004000D0 cmp ax, 0B848h LOAD:00000000004000D4 syscall ; LINUX - sys_write LOAD:00000000004000D6 nop LOAD:00000000004000D7 nop LOAD:00000000004000D8 nop LOAD:00000000004000D9 nop LOAD:00000000004000DA cmp ax, 0B848h LOAD:00000000004000DE mov rsi, rbx LOAD:00000000004000E1 nop LOAD:00000000004000E2 nop LOAD:00000000004000E3 nop LOAD:00000000004000E4 cmp ax, 0B848h LOAD:00000000004000E8 add rsi, 0FFFFFFFFFFFFFFF1h LOAD:00000000004000EC nop LOAD:00000000004000ED nop LOAD:00000000004000EE cmp ax, 0B848h LOAD:00000000004000F2 mov edx, 6 LOAD:00000000004000F7 nop LOAD:00000000004000F8 cmp ax, 0B848h LOAD:00000000004000FC mov eax, 1 LOAD:0000000000400101 nop LOAD:0000000000400102 cmp ax, 0B848h LOAD:0000000000400106 mov edi, 1 LOAD:000000000040010B nop LOAD:000000000040010C cmp ax, 0B848h LOAD:0000000000400110 syscall ; LINUX - sys_write LOAD:0000000000400112 nop LOAD:0000000000400113 nop LOAD:0000000000400114 nop LOAD:0000000000400115 nop LOAD:0000000000400116 cmp ax, 0B848h LOAD:000000000040011A mov eax, 0E7h LOAD:000000000040011F nop LOAD:0000000000400120 cmp ax, 0B848h LOAD:0000000000400124 syscall ; LINUX - sys_exit_group LOAD:0000000000400126 nop LOAD:0000000000400127 nop LOAD:0000000000400128 nop LOAD:0000000000400129 nop The "Hello Word" is hid in the first two MOV instruction: Code: LOAD:0000000000400078 mov rax, 3D66206F6C6C6548h LOAD:0000000000400082 mov rax, 3D660A646C726F57h 0x48 = H 0x65 = e 0x6C = l 0x6C = l 0x6F = o 0x20 = (space) 0x57 = W 0x6F = o 0x72 = r 0x6C = l 0x64 = d 0x0A = (linefeed) Cleverly done! |
|||
|
22 Jun 2023, 04:36 |
|
|
revolution 22 Jun 2023, 17:06
The source.
Code: format elf64 executable SYS_WRITE = 1 SYS_EXIT_GROUP = 231 STD_OUTPUT = 1 entry main macro encode inst& { local name, ..start, length, bite db 0x48, 0xb8 virtual name:: ..start: inst length = $ - $$ end virtual assert length <= 6 while % <= 6 if % <= length load bite byte from name:..start+%-1 else bite = 0x90 end if db bite end while db 0x66, 0x3d ; can also use 0x0f, 0x18 } main: label hello at $+2 encode db 'Hello ' label world at $+2 encode db 'World',10 label rel at $+7 label begin at $+2 encode call pc label pc at $+2 encode pop rbx encode mov rsi,rbx encode add rsi,hello-rel encode mov edx,6 encode mov eax,SYS_WRITE encode mov edi,STD_OUTPUT encode syscall encode mov rsi,rbx encode add rsi,world-rel encode mov edx,6 encode mov eax,SYS_WRITE encode mov edi,STD_OUTPUT encode syscall encode mov eax,SYS_EXIT_GROUP encode syscall jmp begin |
|||
|
22 Jun 2023, 17:06 |
|
|
Flier-Mate 22 Jun 2023, 18:41
revolution wrote: The source. Excellent!! |
|||
|
22 Jun 2023, 18:41 |
|
|
revolution 23 Jun 2023, 02:30
A variation on a theme. This is the same idea, but is trickier to reverse because the jmp will resynchronise the disassembler back to showing mov rax,.. after each instruction.
Code: format elf64 executable mov rax,0x02EB206F6C6C6548 mov rax,0x02EB0A646C726F57 mov rax,0x9003EB00000005E8 mov rax,0x909090909007EB5B mov rax,0x909004EBE7738D48 mov rax,0x9003EB00000006BA mov rax,0x9003EB00000001B8 mov rax,0x9003EB00000001BF mov rax,0x9090909006EB050F mov rax,0x909004EBF1738D48 mov rax,0x9003EB00000006BA mov rax,0x9003EB00000001B8 mov rax,0x9003EB00000001BF mov rax,0x9090909006EB050F mov rax,0x9003EB000000E7B8 mov rax,0x9090909006EB050F jmp $$ + 22 |
|||
|
23 Jun 2023, 02:30 |
|
|
redsock 23 Jun 2023, 02:38
revolution wrote: +2 x2!! HAH, this new version is a lot better I reckon. Who wants to do the narrative about why this is so confusing to our poor helpless debugger? haha |
|||
|
23 Jun 2023, 02:38 |
|
|
Flier-Mate 23 Jun 2023, 06:43
revolution wrote: A variation on a theme. This is the same idea, but is trickier to reverse because the jmp will resynchronise the disassembler back to showing mov rax,.. after each instruction. Cool ! This time IDA tells sp-analysis failed, after I split the third MOV instruction to be preceded with two NOPs. The graph view of IDA Free failed (as shown in "After" screenshot below), but the text view still shows the full disassembly. Code: public start LOAD:0000000000400078 start proc near ; DATA XREF: LOAD:0000000000400018↑o LOAD:0000000000400078 LOAD:0000000000400078 ; FUNCTION CHUNK AT LOAD:0000000000400098 SIZE 00000003 BYTES LOAD:0000000000400078 LOAD:0000000000400078 mov rax, 2EB206F6C6C6548h LOAD:0000000000400082 mov rax, 2EB0A646C726F57h LOAD:000000000040008C nop LOAD:000000000040008D nop LOAD:000000000040008E LOAD:000000000040008E loc_40008E: ; CODE XREF: LOAD:loc_400118↓j LOAD:000000000040008E call loc_400098 LOAD:0000000000400093 jmp short loc_400098 LOAD:0000000000400093 start endp ; sp-analysis failed LOAD:0000000000400093 LOAD:0000000000400093 ; --------------------------------------------------------------------------- LOAD:0000000000400095 align 2 LOAD:0000000000400096 dw 0B848h LOAD:0000000000400098 ; --------------------------------------------------------------------------- LOAD:0000000000400098 ; START OF FUNCTION CHUNK FOR start LOAD:0000000000400098 LOAD:0000000000400098 loc_400098: ; CODE XREF: start:loc_40008E↑p LOAD:0000000000400098 ; start+1B↑j LOAD:0000000000400098 pop rbx LOAD:0000000000400099 jmp short loc_4000A2 LOAD:0000000000400099 ; END OF FUNCTION CHUNK FOR start LOAD:0000000000400099 ; --------------------------------------------------------------------------- LOAD:000000000040009B align 20h LOAD:00000000004000A0 db 48h, 0B8h LOAD:00000000004000A2 ; --------------------------------------------------------------------------- LOAD:00000000004000A2 LOAD:00000000004000A2 loc_4000A2: ; CODE XREF: start+21↑j LOAD:00000000004000A2 lea rsi, [rbx-19h] LOAD:00000000004000A6 jmp short loc_4000AC LOAD:00000000004000A6 ; --------------------------------------------------------------------------- LOAD:00000000004000A8 db 2 dup(90h) LOAD:00000000004000AA dw 0B848h LOAD:00000000004000AC ; --------------------------------------------------------------------------- LOAD:00000000004000AC LOAD:00000000004000AC loc_4000AC: ; CODE XREF: LOAD:00000000004000A6↑j LOAD:00000000004000AC mov edx, 6 LOAD:00000000004000B1 jmp short loc_4000B6 LOAD:00000000004000B1 ; --------------------------------------------------------------------------- LOAD:00000000004000B3 align 4 LOAD:00000000004000B4 db 48h, 0B8h LOAD:00000000004000B6 ; --------------------------------------------------------------------------- LOAD:00000000004000B6 LOAD:00000000004000B6 loc_4000B6: ; CODE XREF: LOAD:00000000004000B1↑j LOAD:00000000004000B6 mov eax, 1 LOAD:00000000004000BB jmp short loc_4000C0 LOAD:00000000004000BB ; --------------------------------------------------------------------------- LOAD:00000000004000BD align 2 LOAD:00000000004000BE dw 0B848h LOAD:00000000004000C0 ; --------------------------------------------------------------------------- LOAD:00000000004000C0 LOAD:00000000004000C0 loc_4000C0: ; CODE XREF: LOAD:00000000004000BB↑j LOAD:00000000004000C0 mov edi, 1 LOAD:00000000004000C5 jmp short loc_4000CA LOAD:00000000004000C5 ; --------------------------------------------------------------------------- LOAD:00000000004000C7 align 8 LOAD:00000000004000C8 db 48h, 0B8h LOAD:00000000004000CA ; --------------------------------------------------------------------------- LOAD:00000000004000CA LOAD:00000000004000CA loc_4000CA: ; CODE XREF: LOAD:00000000004000C5↑j LOAD:00000000004000CA syscall ; LINUX - sys_write LOAD:00000000004000CC jmp short loc_4000D4 LOAD:00000000004000CC ; --------------------------------------------------------------------------- LOAD:00000000004000CE db 4 dup(90h) LOAD:00000000004000D2 dw 0B848h LOAD:00000000004000D4 ; --------------------------------------------------------------------------- LOAD:00000000004000D4 LOAD:00000000004000D4 loc_4000D4: ; CODE XREF: LOAD:00000000004000CC↑j LOAD:00000000004000D4 lea rsi, [rbx-0Fh] LOAD:00000000004000D8 jmp short loc_4000DE LOAD:00000000004000D8 ; --------------------------------------------------------------------------- LOAD:00000000004000DA align 4 LOAD:00000000004000DC db 48h, 0B8h LOAD:00000000004000DE ; --------------------------------------------------------------------------- LOAD:00000000004000DE LOAD:00000000004000DE loc_4000DE: ; CODE XREF: LOAD:00000000004000D8↑j LOAD:00000000004000DE mov edx, 6 LOAD:00000000004000E3 jmp short loc_4000E8 LOAD:00000000004000E3 ; --------------------------------------------------------------------------- LOAD:00000000004000E5 align 2 LOAD:00000000004000E6 dw 0B848h LOAD:00000000004000E8 ; --------------------------------------------------------------------------- LOAD:00000000004000E8 LOAD:00000000004000E8 loc_4000E8: ; CODE XREF: LOAD:00000000004000E3↑j LOAD:00000000004000E8 mov eax, 1 LOAD:00000000004000ED jmp short loc_4000F2 LOAD:00000000004000ED ; --------------------------------------------------------------------------- LOAD:00000000004000EF align 10h LOAD:00000000004000F0 db 48h, 0B8h LOAD:00000000004000F2 ; --------------------------------------------------------------------------- LOAD:00000000004000F2 LOAD:00000000004000F2 loc_4000F2: ; CODE XREF: LOAD:00000000004000ED↑j LOAD:00000000004000F2 mov edi, 1 LOAD:00000000004000F7 jmp short loc_4000FC LOAD:00000000004000F7 ; --------------------------------------------------------------------------- LOAD:00000000004000F9 align 2 LOAD:00000000004000FA dw 0B848h LOAD:00000000004000FC ; --------------------------------------------------------------------------- LOAD:00000000004000FC LOAD:00000000004000FC loc_4000FC: ; CODE XREF: LOAD:00000000004000F7↑j LOAD:00000000004000FC syscall ; LINUX - sys_write LOAD:00000000004000FE jmp short loc_400106 LOAD:00000000004000FE ; --------------------------------------------------------------------------- LOAD:0000000000400100 db 4 dup(90h) LOAD:0000000000400104 db 48h, 0B8h LOAD:0000000000400106 ; --------------------------------------------------------------------------- LOAD:0000000000400106 LOAD:0000000000400106 loc_400106: ; CODE XREF: LOAD:00000000004000FE↑j LOAD:0000000000400106 mov eax, 0E7h LOAD:000000000040010B jmp short loc_400110 LOAD:000000000040010B ; --------------------------------------------------------------------------- LOAD:000000000040010D align 2 LOAD:000000000040010E dw 0B848h LOAD:0000000000400110 ; --------------------------------------------------------------------------- LOAD:0000000000400110 LOAD:0000000000400110 loc_400110: ; CODE XREF: LOAD:000000000040010B↑j LOAD:0000000000400110 syscall ; LINUX - sys_exit_group LOAD:0000000000400112 jmp short near ptr loc_400118+2 LOAD:0000000000400112 ; --------------------------------------------------------------------------- LOAD:0000000000400114 align 8 LOAD:0000000000400118 LOAD:0000000000400118 loc_400118: ; CODE XREF: LOAD:0000000000400112↑j LOAD:0000000000400118 jmp loc_40008E LOAD:0000000000400118 LOAD ends LOAD:0000000000400118 LOAD:0000000000400118 LOAD:0000000000400118 end start I see multiple jumps!
|
|||||||||||||||||||
|
23 Jun 2023, 06:43 |
|
||||||||||||||||||
|
Flier-Mate 23 Jun 2023, 12:00
The following code also shows 'sp-analysis failed' in IDA Free, not sure is it because I don't know how to customize IDA...
Code: format elf64 executable .i: call .j jmp .j .j: pop rbx jmp .i |
|||
|
23 Jun 2023, 12:00 |
|
|
macomics 23 Jun 2023, 12:38
Flier-Mate, this is because IDA has divided the call transition and the return to .i: into different functions. Press u to reset the code analysis and, after highlighting the entire block, press c (to recreate the code) and then p (to create a single function for the entire code).
|
|||
|
23 Jun 2023, 12:38 |
|
|
Flier-Mate 23 Jun 2023, 13:40
macomics wrote: Flier-Mate, this is because IDA has divided the call transition and the return to .i: into different functions. Press u to reset the code analysis and, after highlighting the entire block, press c (to recreate the code) and then p (to create a single function for the entire code). I can press 'u' and 'c', but pressing 'p' has no effect, whether I select 'Analyze' or 'Force'.... But it is good to know at least there is a proper way to use IDA. Thanks.
|
||||||||||
|
23 Jun 2023, 13:40 |
|
|||||||||
|
revolution 23 Jun 2023, 17:42
IDA did an okay job there. But it still required some manual tweaking to coax it into getting the result.
Here is the source for that. There is nothing new to see, but just FYI. Code: format elf64 executable SYS_WRITE = 1 SYS_EXIT_GROUP = 231 STD_OUTPUT = 1 entry main macro encode inst& { local ..start db 0x48, 0xb8 ..start: inst assert $ - ..start <= 6 jmp ..start + 10 while $ - ..start < 8 nop end while } main: encode hello: db 'Hello ' encode world: db 'World',10 encode begin: call pc encode pc: pop rbx encode lea rsi,[rbx + hello - begin - 5] encode mov edx,6 encode mov eax,SYS_WRITE encode mov edi,STD_OUTPUT encode syscall encode lea rsi,[rbx + world - begin - 5] encode mov edx,6 encode mov eax,SYS_WRITE encode mov edi,STD_OUTPUT encode syscall encode mov eax,SYS_EXIT_GROUP encode syscall jmp begin |
|||
|
23 Jun 2023, 17:42 |
|
|
Flier-Mate 23 Jun 2023, 19:18
revolution wrote: IDA did an okay job there. But it still required some manual tweaking to coax it into getting the result. Thank you for the source code, the macro language can create intricate program! I posted your second obfuscated code as RE challenge for local forum user, and a person reply : Quote: you call sys_write twice Am not sure how he cracked it, but he managed to do it. |
|||
|
23 Jun 2023, 19:18 |
|
| Goto page 1, 2 Next < Last Thread | Next Thread > |
Forum Rules:
|