Reversing : The Hacker's Guide to Reverse Engineering

Figure C.2 Logical and in-memory arrangement of a singly linked list. Item 1 Item 2 Item 3 Item 1 Data Memory Item 1 Next Pointe ...

PLIST_ITEM pCurrentItem = pListHead while (pCurrentItem) { if (ProcessItem(pCurrentItem->SomeMember, pCurrentItem->SomeOth ...

Figure C.3 Doubly linked list layout—logically and in memory. Item 1 DataMemory Item 1 Next Pointer Item 2 Data Item 2 Next Poin ...

Figure C.4 Binary tree layout: in memory and logically. Memory In Memory - Arbitrary Order Lo gical Arran gement 12 8 4 10 16 13 ...

Classes Aclassis basically the C++ term (though that term is used by a number of high- level object-oriented languages) for an “ ...

the descendant’s specific type it knows to skip the base class (and any other descendants present) in order to reach the inherit ...

To confirm that a class method call is a regular, nonvirtual call, check that the function’s address is embedded into the code a ...

Figure C.6 In-memory layout of objects with virtual function tables. Note that this layout is more or less generic and is used b ...

The revealing element here is the use of the ECXregister and the fact that the CALLis not using a hard-coded address but is inst ...

InheritedClass::InheritedClass() push ebp mov esp, ebp sub esp, 8 mov [ebp - 4], ebx mov ebx, [ebp + 8] mov [esp], ebx call Base ...

561 Index Symbols & Numerics (-functions, 468 32-bit versions of Windows, 71–72 64-bit arithmetic, 528–534 64-bit versions o ...

562 Index antireversing(continued) inlining, 353 interleaving code, 354–355 OBFUSCATEmacro, 343–344 obfuscation, 328–329, 344–34 ...

Index 563 assemblies (.NET), 426, 453 assembly language AT&T Unix notation, 49 code examples, 52–53 defined, 10–11, 44 flags ...

564 Index breaking copy protection technologies (continued) server-based software, 317 StarForce suite (StarForce Tech- nologies ...

Index 565 code checksums, 335–336 code interleaving, 354–355 Code Red Worm, 262 code-level reversing, 13–14 Collberg, Christian ...

566 Index conditionals compound, 491–492 logical operators, 492–499 loops break conditions, 506–507 posttested, 506 pretested, 5 ...

Index 567 Executable Modules window, 371–372 generic usage message, 370–371 initialization routine reversal, 377–387 inlining, 4 ...

568 Index data encryption tool (continued) file decryption and extraction rou- tine, 228–233 file entry format, 241 floating-poi ...

Index 569 Debray, Saumya, Disassembly of Exe- cutable Code Revisited, 111 debuggers breakpoint interrupt, 331 breakpoints, 15–16 ...

570 Index Defender crackme program (continued) processor time-stamp verification thread, 417–418 running, 370 secondary thread r ...