Ropemporium x86_32 callme

callme x86_32 Introduction Cette fois ci on doit appeller trois fonctions succesivement avec des parametres attendus. En x86 32 bits, les paramètres étant passé sur la pile la construction de la Ropchaine est différente qu’en 64 bits Découverte Execution ropemporium/x32/callme$ ./callme32 callme by ROP Emporium x86 Hope you read the instructions... > AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA Thank you! Exiting Analyse ### La fonction vulnérable gef➤ disas pwnme Dump of assembler code for function pwnme: 0x080486ed <+0>: push ebp 0x080486ee <+1>: mov ebp,esp 0x080486f0 <+3>: sub esp,0x28 0x080486f3 <+6>: sub esp,0x4 0x080486f6 <+9>: push 0x20 0x080486f8 <+11>: push 0x0 0x080486fa <+13>: lea eax,[ebp-0x28] 0x080486fd <+16>: push eax 0x080486fe <+17>: call 0x8048540 <memset@plt> 0x08048703 <+22>: add esp,0x10 0x08048706 <+25>: sub esp,0xc 0x08048709 <+28>: push 0x8048848 0x0804870e <+33>: call 0x8048500 <puts@plt> 0x08048713 <+38>: add esp,0x10 0x08048716 <+41>: sub esp,0xc 0x08048719 <+44>: push 0x804886b 0x0804871e <+49>: call 0x80484d0 <printf@plt> 0x08048723 <+54>: add esp,0x10 0x08048726 <+57>: sub esp,0x4 0x08048729 <+60>: push 0x200 0x0804872e <+65>: lea eax,[ebp-0x28] 0x08048731 <+68>: push eax 0x08048732 <+69>: push 0x0 0x08048734 <+71>: call 0x80484c0 <read@plt> 0x08048739 <+76>: add esp,0x10 0x0804873c <+79>: sub esp,0xc 0x0804873f <+82>: push 0x804886e 0x08048744 <+87>: call 0x8048500 <puts@plt> 0x08048749 <+92>: add esp,0x10 0x0804874c <+95>: nop 0x0804874d <+96>: leave 0x0804874e <+97>: ret End of assembler dump.