Reverse Engineering: dl Byte Registers and Arrays in Bomb5.exe

Source: opensecuritytraining.info

I. String Decoding

  • General algorithm
    • read from memory/buffer
    • transform
    • write to memory/buffer
  • Source and destination may be same (overwriting) or different
  • May be single byte or multi-byte operations
  • ASCII Table is your friend, so keep one on hand

II. Bit Masks

  • Often operands of logical operations (AND, OR, XOR,…)
  • Used for program control (flags)
  • …and string manipulation (compression, encryption, etc.)
EXAMPLE 1:

movsx   eax, byte ptr [edx]
and eax, 0Fh

EXAMPLE 2:

mov     al, [edx]
and eax, 0Fh

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s