- Page 1 and 2:
Quick introduction to reverse engin
- Page 3 and 4:
1.16 C++ classes . . . . . . . . .
- Page 5 and 6:
Preface Here (will be) some of my n
- Page 7 and 8:
1.1 Hello, world! Let’s start wit
- Page 9 and 10:
1.2 Stack Stack — is one of the m
- Page 11 and 12:
(_snprintf() function works just li
- Page 13 and 14: 1.3 printf() with several arguments
- Page 15 and 16: 1.4 scanf() Now let’s use scanf()
- Page 17 and 18: GCC replaced first printf() call to
- Page 19 and 20: }; return 0; printf ("What you ente
- Page 21 and 22: 1.5 Passing arguments via stack Now
- Page 23 and 24: 1.6 One more word about results ret
- Page 25 and 26: push OFFSET $SG741 ; ’a
- Page 27 and 28: 1.8 switch()/case/default 1.8.1 Few
- Page 29 and 30: 1.8.2 A lot of cases If switch() st
- Page 31 and 32: loc_804840C: ; DATA XREF: .rodata:0
- Page 33 and 34: et 0 _main ENDP Nothing very specia
- Page 35 and 36: add esp, 1Ch xor eax, eax ; return
- Page 37 and 38: C/C++ standard defines char type as
- Page 39 and 40: eax=eax+ecx return eax ... and this
- Page 41 and 42: mov eax, ecx imul edx sar edx, 1 mo
- Page 43 and 44: ; current stack state: ST(0) = resu
- Page 45 and 46: ; in local stack here 8 bytes still
- Page 47 and 48: fld QWORD PTR _a$[esp-4] ; current
- Page 49 and 50: In other words, fnstsw ax / sahf in
- Page 51 and 52: 1.13 Arrays Array is just a set of
- Page 53 and 54: mov [esp+70h+var_70], eax call _pri
- Page 55 and 56: jge SHORT $LN1@main mov ecx, DWORD
- Page 57 and 58: ebp 0x15 0x15 esi 0x0 0 edi 0x0 0 e
- Page 59 and 60: 1.14 Bit fields A lot of functions
- Page 61 and 62: So, let’s download Linux Kernel 2
- Page 63: There are some redundant code prese
- Page 67 and 68: 0x92d28e9b, 0xe5d5be0d, 0x7cdcefb7,
- Page 69 and 70: loc_80484B8: loc_80484D3: pop ebx p
- Page 71 and 72: push ecx movzx edx, WORD PTR _t$[eb
- Page 73 and 74: Let’s compile it in GCC 4.4.1: ma
- Page 75 and 76: movsx ecx, BYTE PTR _s$[ebp+5] push
- Page 77 and 78: if speed is important. Let’s cons
- Page 79 and 80: and eax, 3 push eax push OFFSET $SG
- Page 81 and 82: #include #include struct float_as
- Page 83 and 84: mov [ebp+var_4], eax fld [ebp+var_4
- Page 85 and 86: lea ecx, DWORD PTR _c2$[ebp] call ?
- Page 87 and 88: mov eax, ecx mov ecx, DWORD PTR _a$
- Page 89 and 90: *obj=a; *(obj+1)=b; }; ... and that
- Page 91 and 92: __real@3ff0000000000000 DQ 03ff0000
- Page 93 and 94: 1.18 Pointers to functions Pointer
- Page 95 and 96: library functions): .text:7816CBF0
- Page 97 and 98: 1.19 SIMD SIMD is just acronym: Sin
- Page 99 and 100: lea ecx, ds:0[edx*4] cmp esi, ecx j
- Page 101 and 102: mov esi, [esp+10h+ar1] mov edi, [es
- Page 103 and 104: pop ebx pop esi pop edi pop ebp ret
- Page 105 and 106: } }; xmm1 = _mm_cmpeq_epi8(xmm1, xm
- Page 107 and 108: So then we’ll work only with the
- Page 109 and 110: ) { DES_type *out1, DES_type *out2,
- Page 111 and 112: mov esi, DWORD PTR _a3$[esp+28] pus
- Page 113 and 114: xor ebp, ebx not eax mov DWORD PTR
- Page 115 and 116:
and rbx, r9 mov rax, r10 and rax, Q
- Page 117 and 118:
Chapter 2 Couple things to add 112
- Page 119 and 120:
2.2 Function prologue and epilogue
- Page 121 and 122:
00H DB 0EBH, 08H, 8DH, 0A4H, 24H, 0
- Page 123 and 124:
2.5 Arguments passing methods (call
- Page 125 and 126:
Chapter 3 Finding important/interes
- Page 127 and 128:
DHCP This applies to network protoc
- Page 129 and 130:
Chapter 4 Tasks There are two quest
- Page 131 and 132:
push edx xor edi, edi call _isdigit
- Page 133 and 134:
4.1.3 Task 1.3 This is standard C f
- Page 135 and 136:
sub ebx, edx jne SHORT $LN2@f inc e
- Page 137 and 138:
PUBLIC __real@4147ffff80000000 PUBL
- Page 139 and 140:
db 018h, 098h, 058h, 0d8h, 038h, 0b
- Page 141 and 142:
mov ebx, DWORD PTR _c$[ebp] push es
- Page 143 and 144:
add eax, [ebp+arg_0] mov [ebp+var_1
- Page 145 and 146:
loc_8048531: ; CODE XREF: f+19D add
- Page 147 and 148:
ja loc_8048433 mov ebx, [ebp+var_12
- Page 149 and 150:
mov eax, edx sub eax, edi cmp [ebp+
- Page 151 and 152:
Chapter 6 Books/blogs worth reading
- Page 153 and 154:
7.1 “QR9”: Rubik’s cube inspi
- Page 155 and 156:
.text:005410A4 mov edi, 7 ; EDI is
- Page 157 and 158:
.text:00541150 .text:00541150 var_4
- Page 159 and 160:
.text:005411FC mov ecx, 3 .text:005
- Page 161 and 162:
.text:0054129A add ebx, 40h .text:0
- Page 163 and 164:
.text:0054134F push ebp ; File .tex
- Page 165 and 166:
.text:0054142E ; ------------------
- Page 167 and 168:
.text:0054134A push edi .text:00541
- Page 169 and 170:
void crypt_file(char *fin, char* fo
- Page 171 and 172:
.text:00541481 add esp, 4 .text:005
- Page 173 and 174:
.text:00541275 mov edi, offset cube
- Page 175 and 176:
EDX is the remainder of division. .
- Page 177 and 178:
.text:00541050 .text:00541050 mov e
- Page 179 and 180:
EBX is a pointer to internal array:
- Page 181 and 182:
.text:00541114 mov edi, 7 ; loop 1
- Page 183 and 184:
Now it is much simpler to understan
- Page 185 and 186:
{ }; int i=0; do { } while (i
- Page 187 and 188:
}; fwrite (buf+(3+4), real_flen, 1,
- Page 189 and 190:
.text:6440D53D test eax, eax .text:
- Page 191 and 192:
Yes. getenv_s() 5 function is Micro
- Page 193 and 194:
.text:64404F9A add esp, 0Ch .text:6
- Page 195 and 196:
.text:6440506D sar eax, 1 .text:644
- Page 197 and 198:
part will be concatenated to result
- Page 199 and 200:
.text:64409D64 push eax ; arg_10 of
- Page 201 and 202:
Doing last check here: .text:64406F
- Page 203 and 204:
.text:0811A2C0 E8 5F FE FF FF call
- Page 205 and 206:
} 9.1.3 Task 1.3 Solution: srand()
- Page 207 and 208:
const unsigned char byte_rev_table[
- Page 209 and 210:
version 2.1 of the License, or (at
- Page 211 and 212:
jump_over:; /* Select median value
- Page 213:
} } /* Insertion sort, running from