safety.s (1344B)
1 .data 2 romeo: 3 .ascii "What's in a name? That which we call a rose,\n" 4 juliet: 5 .ascii "By any other name would smell as sweet.\n" 6 .ascii "\n" 7 stop: 8 # Try changing this number. What happens? Why? 9 # Hint: try 0, 1, 11, 12, 21, 22. 10 .int 12 11 12 .text 13 .global _start 14 15 _start: 16 # Print the string before it's messed up. 17 mov $1, %rax # sys_write. 18 mov $1, %rdi # stdout 19 mov $romeo, %rsi # address 20 mov $86, %rdx # count bytes 21 syscall 22 23 # Setup. 24 lea romeo, %rax # Load the starting address of string into %rax. 25 mov $0xb98c9ff0, %ebx # 🌹 = b98c9ff0 (4 bytes) 26 mov $0, %rcx # Set the intial counter. 27 28 # Overwrite the strings with 🌹. 29 # Increment the address in %rax by four bytes on each iteration. 30 loop: 31 mov %ebx, (%rax) # Copy 32 inc %rcx # increment our counter 33 add $4, %rax # Try changing this to sub. What happens? Why? 34 cmp stop, %rcx 35 jne loop 36 37 # Print the string after it's been messed up. 38 # NB: nothing stopped us from overwriting past the "romeo" string. 39 mov $1, %rax # sys_write 40 mov $1, %rdi # stdout 41 mov $romeo, %rsi # address 42 mov $85, %rdx # count bytes 43 syscall 44 45 mov $231, %rax # 64-bit system call number for exit_group. 46 mov $0, %rdi # Exit code. 47 syscall # Call the kernel.