Assembly Language for Beginners

8.9. BREAKING SIMPLE EXECUTABLE CRYPTOR def encrypt(buf): return e(buf[0], 0)+ e(buf[1], 1)+ e(buf[2], 2) + e(buf[3], 3)+ e(buf[ ...

8.9. BREAKING SIMPLE EXECUTABLE CRYPTOR 0F 84 EB 00 00 00 jz loc_4EFBB8 Backwards: E8 79 0C FE FF call _function1 E8 F4 16 FF FF ...

8.9. BREAKING SIMPLE EXECUTABLE CRYPTOR prev=IV rt="" for c in buf: new_c=decrypt_byte(c, k) plain=chr(ord(new_c)^ord(prev)) pre ...

8.9. BREAKING SIMPLE EXECUTABLE CRYPTOR !/usr/bin/env python import sys, hexdump, array def xor_strings(s,t): https://en.wikiped ...

8.10 SAP. 4a: 8b f8 mov %eax,%edi 4c: a1 e0 e2 05 01 mov 0x105e2e0,%eax 51: 3b 05 e4 e2 05 01 cmp 0x105e2e4,%eax 57: 75 12 jne 0 ...

8.10. SAP Figure 8.17:Screenshot Let’s see if we can remove the window somehow. But before this, let’s see what we already know. ...

8.10. SAP .text:6440D54A push eax ; Str .text:6440D54B call ds:atoi .text:6440D551 test eax, eax .text:6440D553 setnz al .text:6 ...

8.10. SAP .text:64413F92 call ds:getenv_s .text:64413F98 add esp, 10h .text:64413F9B mov [ebp+var_8], eax .text:64413F9E push 0F ...

8.10. SAP .text:6440EE14 push offset aSapguiStoppedA ; "Sapgui stopped after ⤦ Çcommandline interp"... .text:6440EE19 push dword ...

8.10. SAP ; demangled name: ATL::CStringT::Format(char const *,...) .text:64404F98 call ebx ; mfc90_2539 .text:64404F9A add esp, ...

8.10. SAP .text:6440501D bypass: .text:6440501D mov eax, [esi+20h] .text:64405020 test eax, eax .text:64405022 jz short loc_6440 ...

8.10. SAP .text:644050DB push eax ; lpchText .text:644050DC push [ebp+var_10] ; hdc .text:644050DF call ds:DrawTextA .text:64405 ...

8.10. SAP At the start of the functionECXhas a pointer to the object (since it is a thiscall (3.18.1 on page 542)-type of functi ...

8.10. SAP .text:64404C19 .text:64404C19 arg_0 = dword ptr 4 .text:64404C19 .text:64404C19 push ebx .text:64404C1A push ebp .text ...

8.10. SAP Let’s check our findings. Replace thesetz alhere with thexor eax, eax / nopinstructions, clear the TDW_NOCOMPRESS en- ...

8.10. SAP .text:64406FB9 add esp, 1Ch .text:64406FBC cmp eax, 0FFFFFFF6h .text:64406FBF jz short loc_64407004 .text:64406FC1 cmp ...

8.10. SAP Flags: d0 PARAMETER serverName Address: Reg335+304 Size: 8 bytes Index: 60492 TypeIndex: 60493 Type: unsigned short Fl ...

8.10. SAP FUNCTION rcui::AgiPassword::DiagISelection FUNCTION ssf_password_encrypt FUNCTION ssf_password_decrypt FUNCTION passwo ...

8.10. SAP .text:00000001402ED578 cmp eax, 36h .text:00000001402ED57B jz loc_1402EDB3D .text:00000001402ED581 xor edx, edx ; usr0 ...

8.11 Oracle RDBMS. 8.11 Oracle RDBMS 8.11.1V$VERSIONtable in the Oracle RDBMS Oracle RDBMS 11.2 is a huge program, its main modu ...