Reverse Engineering for Beginners

(avery) #1


#include <stdio.h>
#include <time.h>

void main()
struct tm t;
time_t unix_time;
int i, j;


localtime_r (&unix_time, &t);

for (i=0; i<9; i++)
for (j=0; j<4; j++)
printf ("0x%02X ", ((unsigned char)&t)[i4+j]);
printf ("\n");

0x2D 0x00 0x00 0x00
0x33 0x00 0x00 0x00
0x17 0x00 0x00 0x00
0x1A 0x00 0x00 0x00
0x06 0x00 0x00 0x00
0x72 0x00 0x00 0x00
0x06 0x00 0x00 0x00
0xCE 0x00 0x00 0x00
0x01 0x00 0x00 0x00

We also run this example also at 23:51:45 26-July-2014^5. The values are just the same as in the previous dump (21.3.5 on
the previous page), and of course, the lowest byte goes first, because this is a little-endian architecture (31 on page 433).

Listing 21.15: Optimizing GCC 4.8.1

main proc near
push ebp
mov ebp, esp
push edi
push esi
push ebx
and esp, 0FFFFFFF0h
sub esp, 40h
mov dword ptr [esp], 0 ; timer
lea esi, [esp+14h]
call _time
lea edi, [esp+38h] ; struct end
mov [esp+4], esi ; tp
mov [esp+10h], eax
lea eax, [esp+10h]
mov [esp], eax ; timer
call _localtime_r
lea esi, [esi+0] ; NOP
; ESI here is the pointer to structure in local stack. EDI is the pointer to structure end.
xor ebx, ebx ; j=0

movzx eax, byte ptr [esi+ebx] ; load byte
add ebx, 1 ; j=j+1
mov dword ptr [esp+4], offset a0x02x ; "0x%02X "
mov dword ptr [esp], 1
mov [esp+8], eax ; pass loaded byte to printf()
call ___printf_chk
cmp ebx, 4
jnz short loc_804840A

(^5) The time and date are the same for demonstration purposes. Byte values are fixed up.

Free download pdf