Assembly Language for Beginners

1.24. STRUCTURES x86 This compiles to: Listing 1.341: MSVC 2012 /GS- /Ob0 1 _tmp$ = -16 2 _main PROC 3 push ebp 4 mov ebp, esp 5 ...

1.24. STRUCTURES 1 _main PROC 2 push ebp 3 mov ebp, esp 4 sub esp, 12 5 mov BYTE PTR _tmp$[ebp], 1 ; set field a 6 mov DWORD PTR ...

1.24. STRUCTURES And this: Listing 1.344: WinNT.h include "pshpack4.h" // 4 byte packing is the default The file PshPack1.h look ...

1.24. STRUCTURES OllyDbg + fields are packed by default Let’s try our example (where the fields are aligned by default (4 bytes) ...

1.24. STRUCTURES OllyDbg + fields aligning on 1 byte boundary Things are much clearer here: 4 fields occupy 10 bytes and the val ...

1.24. STRUCTURES One more thing we spot easily is that instead of function epilogue, there is jump to another function’s epilogu ...

1.24. STRUCTURES 29 sw $a1, 0x28+arg_4($sp) 30 sw $a2, 0x28+arg_8($sp) 31 sw $a3, 0x28+arg_C($sp) 32 la $a0, ($LC0 & 0xFFFF) ...

1.24. STRUCTURES }; int main() { struct outer_struct s; s.a=1; s.b=2; s.c.a=100; s.c.b=101; s.d=3; s.e=4; f(s); }; ...inthiscase ...

1.24. STRUCTURES pop ebx add esp, 24 ret 0 _main ENDP One curious thing here is that by looking onto this assembly code, we do n ...

1.24. STRUCTURES OllyDbg Let’s load the example into OllyDbg and take a look atouter_structin memory: Figure 1.107:OllyDbg: Befo ...

1.24. STRUCTURES include <stdio.h> ifdef GNUC static inline void cpuid(int code, int a, int b, int c, int d) { asm volatil ...

1.24. STRUCTURES push esi lea esi, DWORD PTR _b$[esp+24] mov DWORD PTR [esi], eax mov DWORD PTR [esi+4], ebx mov DWORD PTR [esi+ ...

1.24. STRUCTURES MSVC + OllyDbg Let’s load our example into OllyDbg and see, what values are set in EAX/EBX/ECX/EDX after the ex ...

1.24. STRUCTURES mov esi, 1 push ebx mov eax, esi sub esp, 18h cpuid mov esi, eax and eax, 0Fh mov [esp+8], eax mov dword ptr [e ...

1.24. STRUCTURES ( S—sign ) include <stdio.h> include <assert.h> include <stdlib.h> include <memory.h> s ...

1.24. STRUCTURES add eax, 2 ; add 2 to it and eax, 255 ; 000000ffH shl eax, 23 ; 00000017H - shift result to place of bits 30:23 ...

1.25 Unions. main endp Thef()function is almost understandable. However, what is interesting is that GCC was able to calcu- late ...

1.25. UNIONS RNG_state=RNG_state*RNG_a+RNG_c; return RNG_state; }; // FPU PRNG definitions and routines: union uint32_t_float { ...

1.25. UNIONS mov esi, 100 $LL3@main: call ?float_rand@@YAMXZ sub esp, 8 fstp QWORD PTR [esp] push OFFSET $SG4238 call _printf ad ...

1.25. UNIONS la $gp, (__gnu_local_gp & 0xFFFF) sw $ra, 0x28+var_4($sp) sw $s2, 0x28+var_8($sp) sw $s1, 0x28+var_C($sp) sw $s ...