Reverse Engineering for Beginners

CHAPTER 13. SWITCH()/CASE/DEFAULT CHAPTER 13. SWITCH()/CASE/DEFAULT The input value is checked, is it bigger than 4? If not, the ...

CHAPTER 13. SWITCH()/CASE/DEFAULT CHAPTER 13. SWITCH()/CASE/DEFAULT Here we see a jumptable: Figure 13.11:OllyDbg: calculating d ...

CHAPTER 13. SWITCH()/CASE/DEFAULT CHAPTER 13. SWITCH()/CASE/DEFAULT After the jump we are at0x010B103A: the code printing “two” ...

CHAPTER 13. SWITCH()/CASE/DEFAULT CHAPTER 13. SWITCH()/CASE/DEFAULT mov [esp+18h+var_18], offset aThree ; "three" call _puts jmp ...

CHAPTER 13. SWITCH()/CASE/DEFAULT CHAPTER 13. SWITCH()/CASE/DEFAULT 000001A0 04 00 00 EA B loc_1B8 000001A4 000001A4 two_case ; ...

CHAPTER 13. SWITCH()/CASE/DEFAULT CHAPTER 13. SWITCH()/CASE/DEFAULT 000000F8 03 00 MOVS R3, R0 000000FA 06 F0 69 F8 BL __ARM_com ...

CHAPTER 13. SWITCH()/CASE/DEFAULT CHAPTER 13. SWITCH()/CASE/DEFAULT It is also worth noting that the code is generated as a sepa ...

CHAPTER 13. SWITCH()/CASE/DEFAULT CHAPTER 13. SWITCH()/CASE/DEFAULT la $a0, ($LC1 & 0xFFFF) # "one" ; branch delay slot sub_ ...

CHAPTER 13. SWITCH()/CASE/DEFAULT CHAPTER 13. SWITCH()/CASE/DEFAULT Ajumptableis just array of pointers, like the one described ...

CHAPTER 13. SWITCH()/CASE/DEFAULT CHAPTER 13. SWITCH()/CASE/DEFAULT 17 jmp DWORD PTR impprintf 18 $LN4@f: 19 mov DWORD PTR _a$[e ...

CHAPTER 13. SWITCH()/CASE/DEFAULT CHAPTER 13. SWITCH()/CASE/DEFAULT 13.3.3 ARM64: Optimizing GCC 4.9.1. There is no code to be t ...

CHAPTER 13. SWITCH()/CASE/DEFAULT CHAPTER 13. SWITCH()/CASE/DEFAULT ; print "8, 9, 21" adrp x0, .LC2 add x0, x0, :lo12:.LC2 b pu ...

CHAPTER 13. SWITCH()/CASE/DEFAULT CHAPTER 13. SWITCH()/CASE/DEFAULT 4 5 void f(int type) 6 { 7 int read=0, write=0; 8 9 switch ( ...

CHAPTER 13. SWITCH()/CASE/DEFAULT CHAPTER 13. SWITCH()/CASE/DEFAULT _f ENDP The code mostly resembles what is in the source. The ...

CHAPTER 14. LOOPS CHAPTER 14. LOOPS Chapter 14 Loops 14.1 Simple example 14.1.1 x86 There is a specialLOOPinstruction in x86 ins ...

CHAPTER 14. LOOPS CHAPTER 14. LOOPS $LN2@main: mov eax, DWORD PTR _i$[ebp] ; here is what we do after each iteration: add eax, 1 ...

CHAPTER 14. LOOPS CHAPTER 14. LOOPS What happens here is that space for theivariable is not allocated in the local stack anymore ...

CHAPTER 14. LOOPS CHAPTER 14. LOOPS cmp ebx, 64h ; i==100? jnz short loc_80484D0 ; if not, continue add esp, 1Ch xor eax, eax ; ...

CHAPTER 14. LOOPS CHAPTER 14. LOOPS 14.1.2 x86: OllyDbg Let’s compile our example in MSVC 2010 with/Oxand/Ob0options and load it ...

CHAPTER 14. LOOPS CHAPTER 14. LOOPS PID=12884|New process loops_2.exe (0) loops_2.exe!0x401026 EAX=0x00a328c8 EBX=0x00000000 ECX ...