Exploit Techniques

Heap Buffer Overflow

Assembly Cheatsheet

Look out for 0x31C0 - it may signify the beginning of an executable. Also 0x68 is the push instruction.

Intel syntax:

instruction destination,source

AT&T syntax:

instruction source,destination

AT&T instruction sizes

b byte w word l dword q qword

AT&T prefixes

% register $ immediate

Memory operands

Intel segreg:[base+index*scale+disp]
AT&T %segreg:disp(base,index,scale)

Load String

Loads a byte or word from memory at the ESI (source index) register, puts it into AL, AX, or EAX. Can either read memory from low to high or high to low depending on the DF (direction flag).

Register Use
EAX Register where data is loaded into.
ESI Source index - where the data begins.