Assembly Language for Beginners

1.15. SWITCH()/CASE/DEFAULT A pointer to the string “two” is to be written into the stack now: Figure 1.46:OllyDbg: pointer to t ...

1.15. SWITCH()/CASE/DEFAULT MOVwrites the pointer to the string at address0x001EF850(see the stack window). Then, jump happens. ...

1.15. SWITCH()/CASE/DEFAULT This is the last instruction ofprintf(): Figure 1.48:OllyDbg: last instruction ofprintf()in MSVCR100 ...

1.15. SWITCH()/CASE/DEFAULT Now let’s press F7 or F8 (step over) and return...not tof(), but rather tomain(): Figure 1.49:OllyDb ...

1.15. SWITCH()/CASE/DEFAULT The last instruction,CMP R0, #2, is needed to check ifa= 2. If it is not true, thenADRNEloads a poin ...

1.15. SWITCH()/CASE/DEFAULT b .L32 .L35: adrp x0, .LC14 ; "two" add x0, x0, :lo12:.LC14 bl puts b .L32 .L38: adrp x0, .LC15 ; "s ...

1.15. SWITCH()/CASE/DEFAULT lui $a0, ($LC0 >> 16) # "zero" lw $t9, (puts & 0xFFFF)($gp) or $at, $zero ; load delay slo ...

1.15. SWITCH()/CASE/DEFAULT x86 Non-optimizing MSVC We get (MSVC 2010): Listing 1.152: MSVC 2010 tv64 = -4 ; size = 4 _a$ = 8 ; ...

1.15. SWITCH()/CASE/DEFAULT But if the value ofais less or equals to 4, then it gets multiplied by 4 and added with the$LN11@fta ...

1.15. SWITCH()/CASE/DEFAULT OllyDbg Let’s try this example in OllyDbg. The input value of the function (2) is loaded intoEAX: Fi ...

1.15. SWITCH()/CASE/DEFAULT The input value is checked, is it bigger than 4? If not, the “default” jump is not taken: Figure 1.5 ...

1.15. SWITCH()/CASE/DEFAULT Here we see a jumptable: Figure 1.52:OllyDbg: calculating destination address using jumptable Here w ...

1.15. SWITCH()/CASE/DEFAULT After the jump we are at0x010B103A: the code printing “two” will now be executed: Figure 1.53:OllyDb ...

1.15. SWITCH()/CASE/DEFAULT mov [esp+18h+var_18], offset aThree ; "three" call _puts jmp short locret_8048450 loc_8048436: ; DAT ...

1.15. SWITCH()/CASE/DEFAULT 000001A0 04 00 00 EA B loc_1B8 000001A4 000001A4 two_case ; CODE XREF: f2+4 000001A4 ; f2:loc_188 00 ...

1.15. SWITCH()/CASE/DEFAULT ARM: Optimizing Keil 6/2013 (Thumb mode) Listing 1.155: Optimizing Keil 6/2013 (Thumb mode) 000000F6 ...

1.15. SWITCH()/CASE/DEFAULT case. A special function is present here in order to deal with the table and pass control, named__AR ...

1.15. SWITCH()/CASE/DEFAULT lui $a0, ($LC0 >> 16) # "zero" lw $t9, (puts & 0xFFFF)($gp) or $at, $zero ; NOP jr $t9 la ...

1.15. SWITCH()/CASE/DEFAULT exit: jump_table dd case1 dd case2 dd case3 dd case4 dd case5 The jump to the address in the jump ta ...

1.15. SWITCH()/CASE/DEFAULT Listing 1.158: Optimizing MSVC 2010 1 $SG2798 DB '1, 2, 7, 10', 0aH, 00H 2 $SG2800 DB '3, 4, 5', 0aH ...