Reverse Engineering: dl Byte Registers and Arrays in Bomb5.exe


I. String Decoding

  • General algorithm
    • read from memory/buffer
    • transform
    • write to memory/buffer
  • Source and destination may be same (overwriting) or different
  • May be single byte or multi-byte operations
  • ASCII Table is your friend, so keep one on hand

II. Bit Masks

  • Often operands of logical operations (AND, OR, XOR,…)
  • Used for program control (flags)
  • …and string manipulation (compression, encryption, etc.)

movsx   eax, byte ptr [edx]
and eax, 0Fh


mov     al, [edx]
and eax, 0Fh

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: