Reverse Engineering for Beginners

CHAPTER 7. SCANF() CHAPTER 7. SCANF() 7.1.2 x86 MSVC Here is what we get after compiling with MSVC 2010: CONST SEGMENT $SG3831 D ...

CHAPTER 7. SCANF() CHAPTER 7. SCANF() Thescanf()function in our example has two arguments. The first one is a pointer to the str ...

CHAPTER 7. SCANF() CHAPTER 7. SCANF() 7.1.3 MSVC + OllyDbg Let’s try this example in OllyDbg. Let’s load it and keep pressing F8 ...

CHAPTER 7. SCANF() CHAPTER 7. SCANF() scanf()completed its execution already: Figure 7.3:OllyDbg:scanf()executed scanf()returns ...

CHAPTER 7. SCANF() CHAPTER 7. SCANF() Later this value is copied from the stack to theECXregister and passed toprintf(): Figure ...

CHAPTER 7. SCANF() CHAPTER 7. SCANF() 7.1.4 x64 The picture here is similar with the difference that the registers, rather than ...

CHAPTER 7. SCANF() CHAPTER 7. SCANF() 7.1.5 ARM. Optimizing Keil 6/2013 (Thumb mode) .text:00000042 scanf_main .text:00000042 .t ...

CHAPTER 7. SCANF() CHAPTER 7. SCANF() 38 ret There is 32 bytes are allocated for stack frame, which is bigger than it needed. Pe ...

CHAPTER 7. SCANF() CHAPTER 7. SCANF() ; function prologue: .text:00000000 lui $gp, (gnu_local_gp >> 16) .text:00000004 add ...

CHAPTER 7. SCANF() CHAPTER 7. SCANF() $SG2458 DB 'You entered %d...', 0aH, 00H _DATA ENDS PUBLIC _main EXTRN _scanf:PROC EXTRN _ ...

CHAPTER 7. SCANF() CHAPTER 7. SCANF() 7.2.2 MSVC: x86 + OllyDbg Things are even simpler here: Figure 7.5:OllyDbg: afterscanf()ex ...

CHAPTER 7. SCANF() CHAPTER 7. SCANF() In OllyDbg we can review the process memory map (Alt-M) and we can see that this address i ...

CHAPTER 7. SCANF() CHAPTER 7. SCANF() lea rdx, OFFSET FLAT:x lea rcx, OFFSET FLAT:$SG2925 ; '%d' call scanf mov edx, DWORD PTR x ...

CHAPTER 7. SCANF() CHAPTER 7. SCANF() variables —inRAM^3. It is not very economical to store constant variables in RAM when you ...

CHAPTER 7. SCANF() CHAPTER 7. SCANF() Listing 7.8: Optimizing GCC 4.4.5 (IDA) .text:004006C0 main: .text:004006C0 .text:004006C0 ...

CHAPTER 7. SCANF() CHAPTER 7. SCANF() 17 ; prepare address of x: 18 4006f0: 8f858044 lw a1,-32700(gp) 19 4006f4: 0320f809 jalr t ...

CHAPTER 7. SCANF() CHAPTER 7. SCANF() ; get a word from memory: .text:004006E8 lw $a1, x ; value of x is now in $a1. .text:00400 ...

CHAPTER 7. SCANF() CHAPTER 7. SCANF() 7.3 scanf() result checking As was noted before, it is slightly old-fashioned to usescanf( ...

CHAPTER 7. SCANF() CHAPTER 7. SCANF() AJNEconditional jump follows theCMPinstruction.JNEstands forJump if Not Equal. So, if the ...

CHAPTER 7. SCANF() CHAPTER 7. SCANF() .text:00401050 retn .text:00401050 _main endp Now it is slightly easier to understand the ...