This exercise looks easy at first. When the "sub" operation takes place, there is going to be some subtraction occuring.
Take a look at the assembly, you'll see three sub operations in the function. But what do the three do?
At 00401003, this is directed related to the first exercise provided by binary-auditing.com (the pdf). It deals with the stack and not with local variables that we are specifically using in the program. We know this for two reasons: 1) it occurs at the beginning of a function and 2) it is acting upon esp, which is the stack pointer.
At 00401009, we are taking two variables eax (which was assigned the value of var_4 in the previous instruction) and var_8. This value is then moved into var_C and pushed onto the stack.
At 00401024, the value 10 (0A in hexidecimal) is being subtracted from edx (which was assigned the value of Var_C).
So in this tutorial, we really just looked at the sub instruction, and it's differences between stack operations and variable operations.
As always, the pseudo-C code:
int __cdecl main(int argc, const char **argv, const char **envp)
{
int v4; // [sp+4h] [bp-8h]@0
int v5; // [sp+8h] [bp-4h]@0
printf("%x\n", v5 - v4);
printf("%x\n", v5 - v4 - 10);
return 0;
}
Subscribe to:
Post Comments (Atom)
-
Live Linux forensics in a KVM based environment (part 1) Most of this blog will be based on a image that I created that I will be walking... -
#coding #Monitor #myopinionnotyours During my day today I was asked about how coding is relevant on a cyber detection team. This is a goo...
-
Background Recently, I wanted to perform some basic fuzzing against a target application. I chose Sulley because it's Python-based and...
No comments:
Post a Comment