Sorry this post took so long. I kinda booched my VM...
In this tutorial, we take a look at identifying register variables. This tutorial is awfully close to A03; however, it differs in that variables are not declared in the C code before passing it as an argument, leaving the computer to push values onto the stack through register variables first.
The assembly looks essential the same, though the addition operation (ie. 1911 + 1638) is acted upon the register eax instead of being passed to a new function. This is demonstrated at 00401017 (the addition) and 0040103A (the subtraction).
IDA renders the pseudo-C code as:
int __cdecl main(int argc, const char **argv, const char **envp)
{
printf("%x + %x = %x\n", 1638, 1911, 3549);
printf("%x - %x = %x\n", 1638, 1911, 273);
return 0;
}
Subscribe to:
Post Comments (Atom)
Installing Older Versions of VeraCrypt on Linux: A Step-by-Step Guide
Introduction: During some house cleaning I had an old external drive that was encrypted with an old version of truecrypt. I wanted to mount...
-
Introduction: During some house cleaning I had an old external drive that was encrypted with an old version of truecrypt. I wanted to mount...
-
Live Linux forensics in a KVM based environment (part 1) Most of this blog will be based on a image that I created that I will be walking...
-
I worked with Micah Kays over the past couple weeks on building a full-interaction honeypot. I bought a Dell desktop off Craigslist (80gb ha...
No comments:
Post a Comment