reverse engineering: c++ for operator

34
C++ for operator

Upload: apriorit-inc

Post on 04-Jul-2015

3.430 views

Category:

Technology


4 download

DESCRIPTION

Reverse engineering tip for C++ FOR operator

TRANSCRIPT

Page 1: Reverse Engineering: C++ for operator

C++ foroperator

Page 2: Reverse Engineering: C++ for operator

How does C++ for operator truly look like

Page 3: Reverse Engineering: C++ for operator

He doesn’t know this

Page 4: Reverse Engineering: C++ for operator

She doesn’t know this either

Page 5: Reverse Engineering: C++ for operator

... he doesn’t even care

Page 6: Reverse Engineering: C++ for operator

He definitely does!

Page 7: Reverse Engineering: C++ for operator

do you

Page 8: Reverse Engineering: C++ for operator

MicrosoftVisual C++

x86 Assembler

&

let’s take

and have a look …

Page 9: Reverse Engineering: C++ for operator

_main proc nearpush esixor esi, esi

loc_401003:push esipush offset “%x"call _printfadd esp, 8inc esicmp esi, 0FFhjl short loc_401003xor eax, eaxpop esiretn

_main endp

void _tmain(int argc, _TCHAR* argv[]){

for (int i = 0; i < 255; ++i){

printf(“%x", i);}

}

Page 10: Reverse Engineering: C++ for operator

_main proc nearpush esixor esi, esi

loc_401003:push esipush offset “%x"call _printfadd esp, 8inc esicmp esi, 0FFhjl short loc_401003xor eax, eaxpop esiretn

_main endp

void _tmain(int argc, _TCHAR* argv[]){

for (int i = 0; i < 255; ++i){

printf(“%x", i);}

}

Page 11: Reverse Engineering: C++ for operator

_main proc nearpush esixor esi, esi

loc_401003:push esipush offset “%x"call _printfadd esp, 8inc esicmp esi, 0FFhjl short loc_401003xor eax, eaxpop esiretn

_main endp

void _tmain(int argc, _TCHAR* argv[]){

for (int i = 0; i < 255; ++i){

printf(“%x", i);}

}

Page 12: Reverse Engineering: C++ for operator

_main proc nearpush esixor esi, esi

loc_401003:push esipush offset “%x"call _printfadd esp, 8inc esicmp esi, 0FFhjl short loc_401003xor eax, eaxpop esiretn

_main endp

void _tmain(int argc, _TCHAR* argv[]){

for (int i = 0; i < 255; ++i){

printf(“%x", i);}

}

Page 13: Reverse Engineering: C++ for operator

_main proc nearpush esixor esi, esi

loc_401003:push esipush offset “%x"call _printfadd esp, 8inc esicmp esi, 0FFhjl short loc_401003xor eax, eaxpop esiretn

_main endp

void _tmain(int argc, _TCHAR* argv[]){

for (int i = 0; i < 255; ++i){

printf(“%x", i);}

}

Page 14: Reverse Engineering: C++ for operator

_main proc nearpush esixor esi, esi

loc_401003:push esipush offset “%x"call _printfadd esp, 8inc esicmp esi, 0FFhjl short loc_401003xor eax, eaxpop esiretn

_main endp

void _tmain(int argc, _TCHAR* argv[]){

for (int i = 0; i < 255; ++i){

printf(“%x", i);}

}

Page 15: Reverse Engineering: C++ for operator

How it could have beenrecognized in assembly

Page 16: Reverse Engineering: C++ for operator

Quite simple. Just ...

Page 17: Reverse Engineering: C++ for operator

Counter changing

by the presence of the instructions of…

Counter comparison

Jumps

Page 18: Reverse Engineering: C++ for operator

Counter changing

Counter comparison

Jumps

by the presence of the instructions of…

Page 19: Reverse Engineering: C++ for operator

_main proc nearpush esixor esi, esi

loc_401003:push esipush offset “%x"call _printfadd esp, 8inc esicmp esi, 0FFhjl short loc_401003xor eax, eaxpop esiretn

_main endp

Page 20: Reverse Engineering: C++ for operator

_main proc nearpush esixor esi, esi

loc_401003:push esipush offset “%x"call _printfadd esp, 8inc esicmp esi, 0FFhjl short loc_401003xor eax, eaxpop esiretn

_main endp

Page 21: Reverse Engineering: C++ for operator

Counter changing

Counter comparison

Jumps

by the presence of the instructions of…

Page 22: Reverse Engineering: C++ for operator

Counter changing

Counter comparison

Jumps

by the presence of the instructions of…

Page 23: Reverse Engineering: C++ for operator

_main proc nearpush esixor esi, esi

loc_401003:push esipush offset “%x"call _printfadd esp, 8inc esicmp esi, 0FFhjl short loc_401003xor eax, eaxpop esiretn

_main endp

Page 24: Reverse Engineering: C++ for operator

_main proc nearpush esixor esi, esi

loc_401003:push esipush offset “%x"call _printfadd esp, 8inc esicmp esi, 0FFhjl short loc_401003xor eax, eaxpop esiretn

_main endp

Page 25: Reverse Engineering: C++ for operator

Counter changing

Counter comparison

Jumps

by the presence of the instructions of…

Page 26: Reverse Engineering: C++ for operator

Counter changing

Counter comparison

Jumps

by the presence of the instructions of…

Page 27: Reverse Engineering: C++ for operator

_main proc nearpush esixor esi, esi

loc_401003:push esipush offset “%x"call _printfadd esp, 8inc esicmp esi, 0FFhjl short loc_401003xor eax, eaxpop esiretn

_main endp

Page 28: Reverse Engineering: C++ for operator

_main proc nearpush esixor esi, esi

loc_401003:push esipush offset “%x"call _printfadd esp, 8inc esicmp esi, 0FFhjl short loc_401003xor eax, eaxpop esiretn

_main endp

Page 29: Reverse Engineering: C++ for operator

Counter changing

Counter comparison

Jumps

by the presence of the instructions of…

Page 30: Reverse Engineering: C++ for operator

And once again …

Page 31: Reverse Engineering: C++ for operator

Counter changing

for contains instructions of …

Counter comparison

Jumps

Page 32: Reverse Engineering: C++ for operator

Counter changing

Counter comparison

Jumps

for contains instructions of …

Page 33: Reverse Engineering: C++ for operator

Counter changing

Counter comparison

Jumps

for contains instructions of …

Page 34: Reverse Engineering: C++ for operator

Counter changing

Counter comparison

Jumps

for contains instructions of …