Reversing
some instruction
badcob
2009. 2. 11. 15:39
맨날 헷갈리는 test!
test
http://faydoc.tripod.com/cpu/test.htm
Computes the bit-wise logical AND of first operand (source 1 operand) and the second operand (source 2 operand) and sets the SF, ZF, and PF status flags according to the result. The result is then discarded.
lodsb
http://faydoc.tripod.com/cpu/lodsb.htm
Loads a byte, word, or doubleword from the source operand into the AL, AX, or EAX register, respectively. The source operand is a memory location, the address of which is read from the DS:EDI or the DS:SI registers (depending on the address-size attribute of the instruction, 32 or 16, respectively). The DS segment may be overridden with a segment override prefix.
LODSB : LODS BYTE
[LODSB] 명령은 DS:SI에 입력된 주소의 한 바이트를 AL 레지스터로 전달.
그 후 SI를 하나 증가시켜 SI로 지정된 주소의 다음 내용을 읽을 준비를 함 Stores a byte, word, or doubleword from the AL, AX, or EAX register, respectively, into the destination operand. The destination operand is a memory location, the address of which is read from either the ES:EDI or the ES:DI registers (depending on the address-size attribute of the instruction, 32 or 16, respectively).
process environment structure
http://baeg.tistory.com/entry/Windows-Heap-Overflows-using-the-Process-Environment-Block-PEB
test
http://faydoc.tripod.com/cpu/test.htm
Computes the bit-wise logical AND of first operand (source 1 operand) and the second operand (source 2 operand) and sets the SF, ZF, and PF status flags according to the result. The result is then discarded.
test a, a 는 a가 null인지 Check 하는 명령어. test a,b 는 a&b와 같이 AND 연산을 의미한다. 그 이후에 jxx 연산을 하여 a값이 null이 아닐 경우에 looping을 돌고, null이면 해당 loop에서 빠져나간다.
lodsb
http://faydoc.tripod.com/cpu/lodsb.htm
Loads a byte, word, or doubleword from the source operand into the AL, AX, or EAX register, respectively. The source operand is a memory location, the address of which is read from the DS:EDI or the DS:SI registers (depending on the address-size attribute of the instruction, 32 or 16, respectively). The DS segment may be overridden with a segment override prefix.
LODSB : LODS BYTE
[LODSB] 명령은 DS:SI에 입력된 주소의 한 바이트를 AL 레지스터로 전달.
그 후 SI를 하나 증가시켜 SI로 지정된 주소의 다음 내용을 읽을 준비를 함 Stores a byte, word, or doubleword from the AL, AX, or EAX register, respectively, into the destination operand. The destination operand is a memory location, the address of which is read from either the ES:EDI or the ES:DI registers (depending on the address-size attribute of the instruction, 32 or 16, respectively).
process environment structure
http://baeg.tistory.com/entry/Windows-Heap-Overflows-using-the-Process-Environment-Block-PEB