Sorry this post took so long. I kinda booched my VM...
In this tutorial, we take a look at identifying register variables. This tutorial is awfully close to A03; however, it differs in that variables are not declared in the C code before passing it as an argument, leaving the computer to push values onto the stack through register variables first.
The assembly looks essential the same, though the addition operation (ie. 1911 + 1638) is acted upon the register eax instead of being passed to a new function. This is demonstrated at 00401017 (the addition) and 0040103A (the subtraction).
IDA renders the pseudo-C code as:
int __cdecl main(int argc, const char **argv, const char **envp)
{
printf("%x + %x = %x\n", 1638, 1911, 3549);
printf("%x - %x = %x\n", 1638, 1911, 273);
return 0;
}
Subscribe to:
Post Comments (Atom)
-
Live Linux forensics in a KVM based environment (part 1) Most of this blog will be based on a image that I created that I will be walking... -
Giving the nature of the beast and the three of us like to explore and play with many varieties of ways to exploit things, I thought that I ...
-
#coding #Monitor #myopinionnotyours During my day today I was asked about how coding is relevant on a cyber detection team. This is a goo...
No comments:
Post a Comment