This is the mail archive of the binutils@sources.redhat.com mailing list for the binutils project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: incorrect disassemble

From: Nick Clifton <nickc at cambridge dot redhat dot com>
To: Michael Schrijver <m dot c dot schrijver at student dot utwente dot nl>
Cc: binutils at sources dot redhat dot com
Date: 19 Feb 2002 14:38:52 +0000
Subject: Re: incorrect disassemble
References: <1014122624.262.2.camel@p350><m3sn7xpohy.fsf@north-pole.nickc.cambridge.redhat.com><1014126431.262.4.camel@p350>

Hi Michael,

> I'm using GNU objdump 2.11.90.0.19 the target is elf32-i386, its a 
> backdoored ssh daemon. I've included the relevant part of the
> disassembly:
>
> 804c0b8:	8a 04 11             	mov    (%ecx,%edx,1),%al     ; <---
> 804c0bb:	24 0f                	and    $0xf,%al
> 804c0bd:	0c 30                	or     $0x30,%al
> 804c0bf:	88 44 32 01          	mov    %al,0x1(%edx,%esi,1)  ; <---
> 804c0c3:	8a 04 11             	mov    (%ecx,%edx,1),%al
> 804c0c6:	c0 e8 04             	shr    $0x4,%al
> 804c0c9:	0c 30                	or     $0x30,%al
> 804c0cb:	88 04 32             	mov    %al,(%edx,%esi,1)     ; <---
> 804c0ce:	83 c6 fe             	add    $0xfffffffe,%esi

Do you have the original assembler source for these particular
instructions ?  If so please could you post it here ?

Cheers
        Nick

Follow-Ups:
- Re: incorrect disassemble
  - From: Alan Modra

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]