b3n
July 15th, 2007, 05:09
Hello guys,
i wrote a little program in Visual Studio 2005 (C++) and now i try to reverse it to get a better understanding of what kind of assembly code is generated by the compiler. Since i got the source and the output i know pretty good what is going on but i came to a point where i dont exactly know whats happening on the assembly side of the code. It would be nice if someone could tell me if im getting everything right or help me out where i currently get lost.
7: ImageLoader::ImageLoader(std::string filename, std::string sectionName)
8: {
100011A0 push 0FFFFFFFFh
100011A2 push offset __ehhandler$??0ImageLoader@@QAE@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@0@Z (10018B62h)
100011A7 mov eax,dword ptr fs:[00000000h]
100011AD push eax
100011AE sub esp,8
100011B1 push esi
100011B2 push edi
100011B3 mov eax,dword ptr [___security_cookie (1001D01Ch)]
100011B8 xor eax,esp
100011BA push eax
100011BB lea eax,[esp+14h]
100011BF mov dword ptr fs:[00000000h],eax
100011C5 mov edi,ecx
100011C7 mov dword ptr [esp+10h],edi
100011CB mov dword ptr [esp+1Ch],1
100011D3 call dword ptr [__imp_std::basic_string<char,std::char_traits<char>,std::allocator<char> >::basic_string<char,std::char_traits<char>,std::allocator<char> > (10019060h)]
100011D9 lea esi,[edi+28h]
100011DC mov ecx,esi
100011DE mov byte ptr [esp+1Ch],2
100011E3 call dword ptr [__imp_std::basic_string<char,std::char_traits<char>,std::allocator<char> >::basic_string<char,std::char_traits<char>,std::allocator<char> > (10019060h)]
this bit of code is the constructor of one of my objects. the compiler has added some sort of checking code, i think that this is related to the .net runtime. i read about the security cookie and that it is used to detect buffer overflows, so i figured this is nothing i have to care about. the part that i do not understand are the calls at 100011D3 and 100011E3. Can someone tell me what these calls do or what they are used for? I found them in other parts of the disassembly too but i couldnt figure out what they purpose is in the other context either.
Thanks!
i wrote a little program in Visual Studio 2005 (C++) and now i try to reverse it to get a better understanding of what kind of assembly code is generated by the compiler. Since i got the source and the output i know pretty good what is going on but i came to a point where i dont exactly know whats happening on the assembly side of the code. It would be nice if someone could tell me if im getting everything right or help me out where i currently get lost.
7: ImageLoader::ImageLoader(std::string filename, std::string sectionName)
8: {
100011A0 push 0FFFFFFFFh
100011A2 push offset __ehhandler$??0ImageLoader@@QAE@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@0@Z (10018B62h)
100011A7 mov eax,dword ptr fs:[00000000h]
100011AD push eax
100011AE sub esp,8
100011B1 push esi
100011B2 push edi
100011B3 mov eax,dword ptr [___security_cookie (1001D01Ch)]
100011B8 xor eax,esp
100011BA push eax
100011BB lea eax,[esp+14h]
100011BF mov dword ptr fs:[00000000h],eax
100011C5 mov edi,ecx
100011C7 mov dword ptr [esp+10h],edi
100011CB mov dword ptr [esp+1Ch],1
100011D3 call dword ptr [__imp_std::basic_string<char,std::char_traits<char>,std::allocator<char> >::basic_string<char,std::char_traits<char>,std::allocator<char> > (10019060h)]
100011D9 lea esi,[edi+28h]
100011DC mov ecx,esi
100011DE mov byte ptr [esp+1Ch],2
100011E3 call dword ptr [__imp_std::basic_string<char,std::char_traits<char>,std::allocator<char> >::basic_string<char,std::char_traits<char>,std::allocator<char> > (10019060h)]
this bit of code is the constructor of one of my objects. the compiler has added some sort of checking code, i think that this is related to the .net runtime. i read about the security cookie and that it is used to detect buffer overflows, so i figured this is nothing i have to care about. the part that i do not understand are the calls at 100011D3 and 100011E3. Can someone tell me what these calls do or what they are used for? I found them in other parts of the disassembly too but i couldnt figure out what they purpose is in the other context either.
Thanks!