News:

Masm32 SDK description, downloads and other helpful links
Message to All Guests
NB: Posting URL's See here: Posted URL Change

Main Menu

Push 66666

Started by Magnum, April 21, 2013, 08:07:19 AM

Previous topic - Next topic

Magnum

I found this strange description using Ollydbg.
A search says there is no word such as Entifier.

Doing a set command brings part of this string up.

Almost looks like an undocumented way of getting the processor type.

Andy

Can someone see if this brings up your processor type ?




.code

start:

push 66666 ; UNICODE "Entifier=x86 Family 6 Model 23 Stepping 10, GenuineIntel"
;push 66665   

pop ebx

Take care,
                   Andy

Ubuntu-mate-18.04-desktop-amd64

http://www.goodnewsnetwork.org

qWord

Quote from: Magnum on April 21, 2013, 08:07:19 AMAlmost looks like an undocumented way of getting the processor type.
yes, I can confirm that!
Also I've found that there are much more of these undocumented IDs, which can be obtained by testing for all possible IDs (you need some time for that):
; search all undocumented "IDs"
xor eax,eax
.while eax < -1
push eax
pop ebx
; test for undocumented stuff here ...
inc eax
.endw
MREAL macros - when you need floating point arithmetic while assembling!

dedndave

i thought april fool's day was 3 weeks ago - lol

what if i really need to push the value 66666 ?   :icon_eek:

Tedd

If you took a second to examine what was actually happening, you'd realise that offset just happens to be pointing to the middle of the environment variables.

If you go back two characters, you get "identifier"

The correct way to get that string is...
.586
.model flat, stdcall
option casemap:none
include windows.inc
include kernel32.inc
includelib kernel32.lib
include user32.inc
includelib user32.lib

.const
envVar      db "PROCESSOR_IDENTIFIER",0

.data?
buff        db 256 dup(?)

.code
start:
    invoke GetEnvironmentVariable, ADDR envVar,ADDR buff,SIZEOF buff
    invoke MessageBox, NULL,ADDR buff,ADDR envVar,MB_OK

    invoke ExitProcess, NULL
end start



Now go and stand in the corner and wonder why no-one can take you seriously.
Potato2

Magnum

I don't see how putting a value on the stack is related to an environmental string.

Andy
Take care,
                   Andy

Ubuntu-mate-18.04-desktop-amd64

http://www.goodnewsnetwork.org