| Sysop: | Amessyroom |
|---|---|
| Location: | Fayetteville, NC |
| Users: | 23 |
| Nodes: | 6 (0 / 6) |
| Uptime: | 54:44:41 |
| Calls: | 583 |
| Files: | 1,139 |
| D/L today: |
179 files (27,921K bytes) |
| Messages: | 111,801 |
On 09/08/2025 22:22, olcott wrote:
On 8/9/2025 4:12 PM, Richard Heathfield wrote:
On 09/08/2025 21:46, olcott wrote:_DD()
On 8/9/2025 3:41 PM, Richard Heathfield wrote:
<snip>
You get the wrong numbers out. It don't get much more flawed than
that.
At this point you are essentially saying that
the emulation is flawed because everyone knows
that "push ebp" really means "jmp 00002155".
No, I'm saying it's flawed because everyone knows that 0 != 1.
Those are your only two possible results: it stops, or it doesn't.
If you get the wrong one, your emulation is broken.
Ah so you are dishonest. That is what I expected.
WHAT?
[00002162] 55-a-a-a-a-a-a-a-a-a-a-a-a push ebp
[00002163] 8bec-a-a-a-a-a-a-a-a-a-a mov ebp,esp
[00002165] 51-a-a-a-a-a-a-a-a-a-a-a-a push ecx
[00002166] 6862210000-a-a-a-a push 00002162 // push DD
[0000216b] e862f4ffff-a-a-a-a call 000015d2 // call HHH
[00002170] 83c404-a-a-a-a-a-a-a-a add esp,+04
[00002173] 8945fc-a-a-a-a-a-a-a-a mov [ebp-04],eax
[00002176] 837dfc00-a-a-a-a-a-a cmp dword [ebp-04],+00
[0000217a] 7402-a-a-a-a-a-a-a-a-a-a jz 0000217e
[0000217c] ebfe-a-a-a-a-a-a-a-a-a-a jmp 0000217c
[0000217e] 8b45fc-a-a-a-a-a-a-a-a mov eax,[ebp-04]
[00002181] 8be5-a-a-a-a-a-a-a-a-a-a mov esp,ebp
[00002183] 5d-a-a-a-a-a-a-a-a-a-a-a-a pop ebp
[00002184] c3-a-a-a-a-a-a-a-a-a-a-a-a ret
Size in bytes:(0035) [00002184]
You have to go through the above code line-by-line
knowing that each time HHH is called it creates a
separate process context to emulate an instance of
DD and then emulate an instance of itself emulating
DD when DD calls HHH(DD).
Within this you must show exactly how the original
emulated DD reaches past its own machine address of
[0000216b].
Why?
Haven't you already done it?
you will have proved that emulation is a flawed technique,