Search

Reverse Engineering: C++ for operator

Loading...

Flash Player 9 (or above) is needed to view presentations.
We have detected that you do not have it on your computer. To install it, go here.

0 comments

Post a comment

    Post a comment
    Embed Video
    Edit your comment Cancel

    Notes on slide 1

    1 Favorite

    Reverse Engineering: C++ for operator - Presentation Transcript

    1. C++ for operator
    2. How does C++ for operator truly look like
    3. He doesn’t know this
    4. She doesn’t know this either
    5. ... he doesn’t even care
    6. He definitely does!
    7. do you
    8. let’s take x86 Microsoft & Assembler Visual C++ and have a look …
    9. _main proc near push esi xor esi, esi loc_401003: void _tmain(int argc, _TCHAR* argv[]) push esi { push offset “%x\" for (int i = 0; i < 255; ++i) call _printf { add esp, 8 printf(“%x\", i); inc esi } cmp esi, 0FFh } jl short loc_401003 xor eax, eax pop esi retn _main endp
    10. _main proc near push esi xor esi, esi loc_401003: void _tmain(int argc, _TCHAR* argv[]) push esi { push offset “%x\" for (int i = 0; i < 255; ++i) call _printf { add esp, 8 printf(“%x\", i); inc esi } cmp esi, 0FFh } jl short loc_401003 xor eax, eax pop esi retn _main endp
    11. _main proc near push esi xor esi, esi loc_401003: void _tmain(int argc, _TCHAR* argv[]) push esi { push offset “%x\" for (int i = 0; i < 255; ++i) call _printf { add esp, 8 printf(“%x\", i); inc esi } cmp esi, 0FFh } jl short loc_401003 xor eax, eax pop esi retn _main endp
    12. _main proc near push esi xor esi, esi loc_401003: void _tmain(int argc, _TCHAR* argv[]) push esi { push offset “%x\" for (int i = 0; i < 255; ++i) call _printf { add esp, 8 printf(“%x\", i); inc esi } cmp esi, 0FFh } jl short loc_401003 xor eax, eax pop esi retn _main endp
    13. _main proc near push esi xor esi, esi loc_401003: void _tmain(int argc, _TCHAR* argv[]) push esi { push offset “%x\" for (int i = 0; i < 255; ++i) call _printf { add esp, 8 printf(“%x\", i); inc esi } cmp esi, 0FFh } jl short loc_401003 xor eax, eax pop esi retn _main endp
    14. _main proc near push esi xor esi, esi loc_401003: void _tmain(int argc, _TCHAR* argv[]) push esi { push offset “%x\" for (int i = 0; i < 255; ++i) call _printf { add esp, 8 printf(“%x\", i); inc esi } cmp esi, 0FFh } jl short loc_401003 xor eax, eax pop esi retn _main endp
    15. How it could have been recognized in assembly
    16. Quite simple. Just ...
    17. by the presence of the instructions of… Counter changing Counter comparison Jumps
    18. by the presence of the instructions of… Counter changing Counter comparison Jumps
    19. _main proc near push esi xor esi, esi loc_401003: push esi push offset “%x\" call _printf add esp, 8 inc esi cmp esi, 0FFh jl short loc_401003 xor eax, eax pop esi retn _main endp
    20. _main proc near push esi xor esi, esi loc_401003: push esi push offset “%x\" call _printf add esp, 8 inc esi cmp esi, 0FFh jl short loc_401003 xor eax, eax pop esi retn _main endp
    21. by the presence of the instructions of… Counter changing Counter comparison Jumps
    22. by the presence of the instructions of… Counter changing Counter comparison Jumps
    23. _main proc near push esi xor esi, esi loc_401003: push esi push offset “%x\" call _printf add esp, 8 inc esi cmp esi, 0FFh jl short loc_401003 xor eax, eax pop esi retn _main endp
    24. _main proc near push esi xor esi, esi loc_401003: push esi push offset “%x\" call _printf add esp, 8 inc esi cmp esi, 0FFh jl short loc_401003 xor eax, eax pop esi retn _main endp
    25. by the presence of the instructions of… Counter changing Counter comparison Jumps
    26. by the presence of the instructions of… Counter changing Counter comparison Jumps
    27. _main proc near push esi xor esi, esi loc_401003: push esi push offset “%x\" call _printf add esp, 8 inc esi cmp esi, 0FFh jl short loc_401003 xor eax, eax pop esi retn _main endp
    28. _main proc near push esi xor esi, esi loc_401003: push esi push offset “%x\" call _printf add esp, 8 inc esi cmp esi, 0FFh jl short loc_401003 xor eax, eax pop esi retn _main endp
    29. by the presence of the instructions of… Counter changing Counter comparison Jumps
    30. And once again …
    31. for contains instructions of … Counter changing Counter comparison Jumps
    32. for contains instructions of … Counter changing Counter comparison Jumps
    33. for contains instructions of … Counter changing Counter comparison Jumps
    34. for contains instructions of … Counter changing Counter comparison Jumps
    SlideShare Zeitgeist 2009

    + Apriorit Inc.Apriorit Inc. Nominate

    custom

    846 views, 1 favs, 4 embeds more stats

    Reverse engineering tip for C++ FOR operator

    More info about this document

    © All Rights Reserved

    Go to text version

    • Total Views 846
      • 741 on SlideShare
      • 105 from embeds
    • Comments 0
    • Favorites 1
    • Downloads 3
    Most viewed embeds
    • 101 views on http://www.apriorit.com
    • 2 views on http://static.slidesharecdn.com
    • 1 views on http://www.apprenti-podblog.de
    • 1 views on http://74.125.87.132

    more

    All embeds
    • 101 views on http://www.apriorit.com
    • 2 views on http://static.slidesharecdn.com
    • 1 views on http://www.apprenti-podblog.de
    • 1 views on http://74.125.87.132

    less

    Flagged as inappropriate Flag as inappropriate
    Flag as inappropriate

    Select your reason for flagging this presentation as inappropriate. If needed, use the feedback form to let us know more details.

    Cancel
    File a copyright complaint
    Having problems? Go to our helpdesk?

    Categories

    Tags

    -->
    Search
    RSS Feed
    What's new?

    © 2009 SlideShare Inc. All Rights Reserved