Reverse Engineering for Beginners

(avery) #1

CHAPTER 21. STRUCTURES CHAPTER 21. STRUCTURES


{
WORD *t;


t=(WORD *)malloc (16);

GetSystemTime (t);

printf ("%04d-%02d-%02d %02d:%02d:%02d\n",
t[0] /* wYear */, t[1] /* wMonth */, t[3] /* wDay */,
t[4] /* wHour */, t[5] /* wMinute */, t[6] /* wSecond */);

free (t);

return;
};


We get:


Listing 21.5: Optimizing MSVC

$SG78594 DB '%04d-%02d-%02d %02d:%02d:%02d', 0aH, 00H


_main PROC
push esi
push 16
call _malloc
add esp, 4
mov esi, eax
push esi
call DWORD PTR impGetSystemTime@4
movzx eax, WORD PTR [esi+12]
movzx ecx, WORD PTR [esi+10]
movzx edx, WORD PTR [esi+8]
push eax
movzx eax, WORD PTR [esi+6]
push ecx
movzx ecx, WORD PTR [esi+2]
push edx
movzx edx, WORD PTR [esi]
push eax
push ecx
push edx
push OFFSET $SG78594
call _printf
push esi
call _free
add esp, 32
xor eax, eax
pop esi
ret 0
_main ENDP


Again, we got the code cannot be distinguished from the previous one. And again it should be noted, you haven’t to do this
in practice, unless you really know what you are doing.


21.3 UNIX: struct tm.


21.3.1 Linux


Let’s take thetmstructure fromtime.hin Linux for example:


#include <stdio.h>
#include <time.h>


void main()
{
struct tm t;
time_t unix_time;

Free download pdf