This one is a quicky, as it's awfully close to exercise A05. We're taking a look at the "add" instruction now.
Take a look at the assembly, you'll see four add operations in the function. But what do the four do?
At 00401009, we are adding var_4 to var_8 and putting it into eax.
At 0040101E, we are adding 8 bytes onto esp to re-align it with the variables we were using beforehand.
At 00401024, the value 1 (1 in hexidecimal!) is being added to edx (which was assigned the value of Var_C).
At 00401039, we are adding 8 bytes onto esp to re-align it to return the stack to the state it was in before calling this program.
So in this tutorial, we really just looked at the add instruction, and it's differences between stack operations and variable operations. Again, it's pretty much the same as the previous "sub" tutorial.
As always, the pseudo-C code:
int __cdecl main(int argc, const char **argv, const char **envp)
{
int v4; // [sp+4h] [bp-8h]@0
int v5; // [sp+8h] [bp-4h]@0
printf("%x\n", v4 + v5);
printf("%x\n", v4 + v5 + 1);
return 0;
}
Subscribe to:
Post Comments (Atom)
Installing Older Versions of VeraCrypt on Linux: A Step-by-Step Guide
Introduction: During some house cleaning I had an old external drive that was encrypted with an old version of truecrypt. I wanted to mount...
-
Introduction: During some house cleaning I had an old external drive that was encrypted with an old version of truecrypt. I wanted to mount...
-
Live Linux forensics in a KVM based environment (part 1) Most of this blog will be based on a image that I created that I will be walking...
-
I worked with Micah Kays over the past couple weeks on building a full-interaction honeypot. I bought a Dell desktop off Craigslist (80gb ha...
No comments:
Post a Comment