• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content

Loading…

Flash Player 9 (or above) is needed to view presentations.
We have detected that you do not have it on your computer. To install it, go here.

Like this presentation? Why not share!

A New Tracer for Reverse Engineering - PacSec 2010

on

  • 716 views

 

Statistics

Views

Total Views
716
Views on SlideShare
716
Embed Views
0

Actions

Likes
0
Downloads
6
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

CC Attribution-NonCommercial-NoDerivs LicenseCC Attribution-NonCommercial-NoDerivs LicenseCC Attribution-NonCommercial-NoDerivs License

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    A New Tracer for Reverse Engineering - PacSec 2010 A New Tracer for Reverse Engineering - PacSec 2010 Presentation Transcript

    • • • – • –
    • • – • • – • •
    • • • • • • •
    • • • •
    • • – • – • – • – • •
    • • – • • – –
    • • – • • – • • •
    • • • – – •
    • • – • – – •
    • • – – • • –
    • • – – – • •
    • • – • • – –
    • • – – • –
    • • – – • – •
    • • – – • • – •
    • • – • • – •
    • • – • • • –
    • • – • – –
    • • – • • – • – – •
    • • – • – – •
    • • – – – •
    • • – – – • • –
    • • – – • •
    • • – – – –
    • • – – – • •
    • • – • – • – –
    • • – – • –
    • • – – – • –
    • • – – • –
    • • – – EFLAGS edx OF SF ZF AF PF CF xxx......xxx x x x x x x 000......000 0 0 1 ? 1 0
    • • – – OF SF ZF AF PF CF 0 M M ? M 0 M ? ? ? ? M ? ? ? ? ? ? ? M M ? M ?
    • • – – • • –
    • • – – – •
    • • – – • –
    • • – • – • • – •
    • • – – • • – • • •
    • • – • • • –
    • • •
    • • – • – • – •
    • • – – – • • •
    • • – • – 0123 4567 0123 1234
    • • – • – 01234567 89abcdef 00000000 12345678
    • • – – rax r8 xmm0 xmm8 rcx r9 xmm1 xmm9 rdx r10 xmm2 xmm10 rbx r11 xmm3 xmm11 rsp r12 xmm4 xmm12 rbp r13 xmm5 xmm13 rsi r14 xmm6 xmm14 rdi r15 xmm7 xmm15
    • • – – eax cs.base xmm0 fs.base ecx es.base xmm1 gs.base edx emuinfo xmm2 tmp3 ds.base ebx xmm3 tmp4 stack esp xmm4 notused ebp tmp2 xmm5 notused esi ss.base xmm6 notused tmp1 edi xmm7 notused
    • • – – –
    • • – – • • – • – •
    • • – • • – • •
    • • – • – • • – • •
    • • – • • 0x0000_0000_1234_5678 • 0xffff_8000_1234_5678 – • •
    • • – – –
    • • – – • •
    • • – • cs.base ds.base es.base ss.base
    • • – • cs.base ds.base es.base ss.base
    • • – • – • – – • •
    • • – • •
    • • – • – – – •
    • • – • • –
    • • – • • – • • –
    • • – – –
    • • – – – – – –
    • • – –
    • • – • • – •
    • • – – • – •
    • • – – –
    • • – – – –
    • • – • – • •
    • • – –
    • • – –  • – – –
    • • – – • – • – –
    • • – – – – • – • –
    • • – • – • – – •
    • • – • – • – –
    • • – – – • –
    • • • – • –