Sorry this post took so long. I kinda booched my VM...
In this tutorial, we take a look at identifying register variables. This tutorial is awfully close to A03; however, it differs in that variables are not declared in the C code before passing it as an argument, leaving the computer to push values onto the stack through register variables first.
The assembly looks essential the same, though the addition operation (ie. 1911 + 1638) is acted upon the register eax instead of being passed to a new function. This is demonstrated at 00401017 (the addition) and 0040103A (the subtraction).
IDA renders the pseudo-C code as:
int __cdecl main(int argc, const char **argv, const char **envp)
{
printf("%x + %x = %x\n", 1638, 1911, 3549);
printf("%x - %x = %x\n", 1638, 1911, 273);
return 0;
}
Subscribe to:
Post Comments (Atom)
-
Introduction: During some house cleaning I had an old external drive that was encrypted with an old version of truecrypt. I wanted to mount...
-
Live Linux forensics in a KVM based environment (part 1) Most of this blog will be based on a image that I created that I will be walking... -
Starting Linux analysis with volatility When working in the security field you will eventually come across a time that you will need to do...
No comments:
Post a Comment