This is the mail archive of the
binutils@sources.redhat.com
mailing list for the binutils project.
Re: incorrect disassemble
- From: Alan Modra <amodra at bigpond dot net dot au>
- To: Nick Clifton <nickc at cambridge dot redhat dot com>
- Cc: Michael Schrijver <m dot c dot schrijver at student dot utwente dot nl>, binutils at sources dot redhat dot com
- Date: Wed, 20 Feb 2002 09:00:57 +1030
- Subject: Re: incorrect disassemble
- References: <1014122624.262.2.camel@p350> <m3sn7xpohy.fsf@north-pole.nickc.cambridge.redhat.com> <1014126431.262.4.camel@p350> <m34rkdpmdf.fsf@north-pole.nickc.cambridge.redhat.com>
On Tue, Feb 19, 2002 at 02:38:52PM +0000, Nick Clifton wrote:
> Hi Michael,
>
> > I'm using GNU objdump 2.11.90.0.19 the target is elf32-i386, its a
> > backdoored ssh daemon. I've included the relevant part of the
> > disassembly:
> >
> > 804c0b8: 8a 04 11 mov (%ecx,%edx,1),%al ; <---
> > 804c0bb: 24 0f and $0xf,%al
> > 804c0bd: 0c 30 or $0x30,%al
> > 804c0bf: 88 44 32 01 mov %al,0x1(%edx,%esi,1) ; <---
> > 804c0c3: 8a 04 11 mov (%ecx,%edx,1),%al
> > 804c0c6: c0 e8 04 shr $0x4,%al
> > 804c0c9: 0c 30 or $0x30,%al
> > 804c0cb: 88 04 32 mov %al,(%edx,%esi,1) ; <---
> > 804c0ce: 83 c6 fe add $0xfffffffe,%esi
These all look OK to me.
> Do you have the original assembler source for these particular
> instructions ? If so please could you post it here ?
>
> Cheers
> Nick
>
--
Alan Modra
IBM OzLabs - Linux Technology Centre