Wednesday, September 24, 2014

Writeup - CSAW 2014 : Trivia 10 - pop pop

This one is basically a google challenge.

1.  The text for the hint is  "This x86 instruction is an alias for pop eip/rip." 

2.  Take keywords "x86" "pop eip" and enter them into google.  

3. Second result has the following;
  • %esp points to the last thing pushed on the stack.
  • %eip points to the next thing to execute.
  • call <addr> pushes the current value of %eip and changes %eip to <addr>.
  • ret pops the next value off the stack into %eip.
  • Arguments are pushed onto the stack before a function call.
4. ret matches the hint, so enter it as the key.