Reverse Engineering for Beginners

CHAPTER 9. MORE ABOUT RESULTS RETURNING CHAPTER 9. MORE ABOUT RESULTS RETURNING ...what we got (MSVC 2010/Ox): $T3853 = 8 ; size ...

CHAPTER 10. POINTERS CHAPTER 10. POINTERS Chapter 10 Pointers Pointers are often used to return values from functions (recallsca ...

CHAPTER 10. POINTERS CHAPTER 10. POINTERS push 123 ; 0000007bH call _f1 mov eax, DWORD PTR _product mov ecx, DWORD PTR _sum push ...

CHAPTER 10. POINTERS CHAPTER 10. POINTERS Let’s see this in OllyDbg: Figure 10.1:OllyDbg: global variables addresses are passed ...

CHAPTER 10. POINTERS CHAPTER 10. POINTERS These variables are zeroed, because non-initialized data (fromBSS) is cleared before t ...

CHAPTER 10. POINTERS CHAPTER 10. POINTERS Let’s trace (F7) to the start off1(): Figure 10.3:OllyDbg:f1()starts Two values are vi ...

CHAPTER 10. POINTERS CHAPTER 10. POINTERS Let’s trace until the end off1(). In the left bottom window we see how the results of ...

CHAPTER 10. POINTERS CHAPTER 10. POINTERS Now the global variables’ values are loaded into registers ready for passing toprintf( ...

CHAPTER 10. POINTERS CHAPTER 10. POINTERS Let’s look again with OllyDbg. The addresses of the local variables in the stack are0x ...

CHAPTER 10. POINTERS CHAPTER 10. POINTERS f1()starts. So far there is only random garbage in the stack at0x2EF854and0x2EF858: Fi ...

CHAPTER 10. POINTERS CHAPTER 10. POINTERS f1()completes: Figure 10.8:OllyDbg:f1()completes execution We now find0xDB18and0x243at ...

CHAPTER 11. GOTO OPERATOR CHAPTER 11. GOTO OPERATOR Chapter 11 GOTO operator The GOTO operator is generally considered as anti-p ...

CHAPTER 11. GOTO OPERATOR CHAPTER 11. GOTO OPERATOR This could also be useful as a simple patching exercise. Let’s open the resu ...

CHAPTER 11. GOTO OPERATOR CHAPTER 11. GOTO OPERATOR Place the cursor to addressJMP(0x410), press F3 (edit), press zero twice, so ...

CHAPTER 11. GOTO OPERATOR CHAPTER 11. GOTO OPERATOR 11.2 Exercise Try to achieve the same result using your favorite compiler an ...

CHAPTER 12. CONDITIONAL JUMPS CHAPTER 12. CONDITIONAL JUMPS Chapter 12 Conditional jumps 12.1 Simple example include <stdio.h ...

CHAPTER 12. CONDITIONAL JUMPS CHAPTER 12. CONDITIONAL JUMPS $LN3@f_signed: mov ecx, DWORD PTR _a$[ebp] cmp ecx, DWORD PTR _b$[eb ...

CHAPTER 12. CONDITIONAL JUMPS CHAPTER 12. CONDITIONAL JUMPS Listing 12.3:main() _main PROC push ebp mov ebp, esp push 2 push 1 c ...

CHAPTER 12. CONDITIONAL JUMPS CHAPTER 12. CONDITIONAL JUMPS x86 + MSVC + OllyDbg We can see how flags are set by running this ex ...

CHAPTER 12. CONDITIONAL JUMPS CHAPTER 12. CONDITIONAL JUMPS The next conditional jump: Figure 12.2:OllyDbg:f_unsigned(): second ...