Reversing : The Hacker's Guide to Reverse Engineering
you have a sufficient understanding of the individual fields. This process will be demonstrated in the reversing chapters in the ...
■■ Linked lists: In a linked list, each item is given its own memory space and can be placed anywhere in memory. Each item store ...
■■ Switch blocks: Switch blocks (also known as n-way conditionals) usually take an input value and define multiple code blocks t ...
approximation of what was in the original source code. How this is done depends heavily on the specific programming language use ...
original source code as closely as possible (though sometimes simply under- standing the machine code might be enough). Because ...
Java Java is an object-oriented, high-level language that is different from other lan- guages such as C and C++ because it is no ...
highly detailed information regarding the program and the data types it deals with, which makes it possible to produce a reasona ...
So, a low-level representation of our little Multiplyfunction would usu- ally have to take care of the following tasks: Store m ...
Registers In order to avoid having to access the RAM for every single instruction, microprocessors use internal memory that can ...
The Stack Let’s go back to our earlier Multiplyexample and examine what happens in Step 2 when the program allocates storage spa ...
Figure 2.1 A view of the stack after three values are pushed in. Figure 2.2 A view of the stack after the three values are poppe ...
If you try to translate stack usage to a high-level perspective, you will see that the stack can be used for a number of differe ...
Executable Data Sections Another area in program memory that is frequently used for storing applica- tion data is the executable ...
One of the problems is that most high-level conditional statements are just too lengthy for low-level languages such as assembly ...
ESI, EDI, EBP, and ESP. Beyond those, the architecture also supports a stack of floating-point registers, and a variety of other ...
Figure 2.3 General-purpose registers in IA-32. Flags IA-32 processors have a special register called EFLAGSthat contains all kin ...
create sequences of instructions that perform different operations based on dif- ferent input values, and so on. In IA-32 code, ...
■■ Register name: The name of a general-purpose register to be read from or written to. In IA-32, this would be something like E ...
Moving Data The MOVinstruction is probably the most popular IA-32 instruction. MOVtakes two operands: a destination operand and ...
Table 2.3 Typical Configurations of Basic IA-32 Arithmetic Instructions INSTRUCTION DESCRIPTION ADD Operand1, Operand2 Adds two ...
«
1
2
3
4
5
6
7
8
9
10
»
Free download pdf