format binary use32 include 'std.inc' ; On entrance to each shellcode segment the ebx register will be a vtable of std funcs ; printf ; puts ; scanf ; sin ; cos ; tan ; asin ; acos ; atan ; malloc ; free ; esi contains the base address of the shellcode segment ; edi contains the address of the part of the flag that this segment fills ; edx contains the number of the block push edi lea ecx, [esi+pattern_text] push ecx lea eax, [ebx + 0x4] mov eax, dword [eax] call dword [eax] pop ebp mov ecx, 0 printLoop: push ecx call adv_fib push eax lea ecx, [esi + format_text] mov eax, dword [ebx] push ecx call dword [eax] pop ecx pop ebp pop ecx inc ecx cmp ecx, 6 jnz printLoop lea ecx, [esi+empty_text] lea eax, [ebx + 0x4] mov eax, dword [eax] push ecx call dword [eax] pop ebp lea ecx, [esi+inputVal] push ecx lea eax, [ebx + 8] mov eax, dword [eax] lea ecx, [esi+unsignFmt] push ecx call dword [eax] add esp, 8 mov ecx, dword [esi+inputVal] pop edi ; 797691075 is the answer ; (struct.unpack('