Assembly Language for Beginners

1.9. SCANF() _TEXT SEGMENT main PROC $LN3: sub rsp, 40 lea rcx, OFFSET FLAT:$SG2924 ; 'Enter X:' call printf lea rdx, OFFSET FLA ...

1.9. SCANF() So, thexvariable is now global and for this reason located in another segment, namely the data segment (.data). One ...

1.9. SCANF() 35 ; restore FP and LR: 36 ldp x29, x30, [sp], 16 37 ret In this case thexvariable is declared as global and its ad ...

1.9. SCANF() Listing 1.78: Optimizing GCC 4.4.5 (objdump) 1 004006c0 : 2 ; function prologue: 3 4006c0: 3c1c0042 lui gp,0x42 4 4 ...

1.9. SCANF() .text:004006A8 li $gp, 0x418930 .text:004006AC sw $ra, 0x20+var_4($sp) .text:004006B0 sw $s0, 0x20+var_8($sp) .text ...

1.9. SCANF() ; high part of x address is still in $s0. ; add low part to it and load a word from memory: 4006e8: 8e050920 lw a1, ...

1.9. SCANF() MSVC: x86 Here is what we get in the assembly output (MSVC 2010): lea eax, DWORD PTR _x$[ebp] push eax push OFFSET ...

1.9. SCANF() .text:00401000 var_4 = dword ptr -4 .text:00401000 argc = dword ptr 8 .text:00401000 argv = dword ptr 0Ch .text:004 ...

1.9. SCANF() By pressing “space”, we can see howIDArepresents a function as a graph: Figure 1.17:Graph mode in IDA There are two ...

1.9. SCANF() It is possible to fold nodes in this mode and give them names as well (“group nodes”). Let’s do it for 3 blocks: Fi ...

1.9. SCANF() MSVC: x86 + OllyDbg Let’s try to hack our program in OllyDbg, forcing it to thinkscanf()always works without error. ...

1.9. SCANF() Whilescanf()executes, in the console we enter something that is definitely not a number, like “asdasd”. scanf()fini ...

1.9. SCANF() MSVC: x86 + Hiew This can also be used as a simple example of executable file patching. We may try to patch the exe ...

1.9. SCANF() Move the cursor to address.00401027(where theJNZinstruction, we have to bypass, is located), press F3, and then typ ...

1.9. SCANF() Listing 1.82: MSVC 2012 x64 _DATA SEGMENT $SG2924 DB 'Enter X:', 0aH, 00H $SG2926 DB '%d', 00H $SG2927 DB 'You ente ...

1.9. SCANF() The new instructions here areCMPandBEQ^80. CMPis analogous to the x86 instruction with the same name, it subtracts ...

1.9. SCANF() MIPS Listing 1.85: Optimizing GCC 4.4.5 (IDA) .text:004006A0 main: .text:004006A0 .text:004006A0 var_18 = -0x18 .te ...

1.10 Accessing passed arguments 1.10 Accessing passed arguments Now we figured out that thecallerfunction is passing arguments t ...

1.10. ACCESSING PASSED ARGUMENTS After that,ADDadds the value in_ctoEAX. The value inEAXdoes not need to be moved: it is already ...

1.10. ACCESSING PASSED ARGUMENTS retn f endp public main main proc near var_10 = dword ptr -10h var_C = dword ptr -0Ch var_8 = d ...