PDA

View Full Version : assembler instrukcja

Xgrzyb90
June 11th, 2010, 08:38
Mam problem z zrozumieniem instrukcji. Podczas analizowania aplikacji (packera) natknąłem się na instrukcję

kod (część:

Code:


.text:00401000 start           proc far

.text:00401000

.text:00401000 var_398D0028    = dword ptr -398D0028h

.text:00401000

.text:00401000                 mov     eax, 5A02F4h

.text:00401005                 push    eax

.text:00401006                 push    large dword ptr fs:0

.text:0040100D                 mov     large fs:0, esp

.text:00401014                 xor     eax, eax

.text:00401016                 mov     [eax], ecx

.text:00401018                 push    eax

.text:00401019                 inc     ebp

.text:0040101A                 inc     ebx

.text:0040101B                 outsd

.text:0040101C                 insd

.text:0040101D                 jo      short loc_401080

.text:0040101F                 arpl    [edx+esi+0], si

.text:00401023                 fsub    qword ptr [esi]

.text:00401025                 frndint

.text:00401027                 call    near ptr 6A64A671h

.text:0040102C                 push    edx

.text:0040102D                 out     dx, eax

.text:0040102E                 and     [edi], edi

.text:00401030                 xlat

.text:00401031                 scasb

.text:00401032                 pop     esi

.text:00401033                 mov     bl, 0CEh

.text:00401035                 iret


Co oznacza:

Quote:

push large dword ptr fs:0
BoB
June 11th, 2010, 09:23
Quote:
I'm having trouble understanding instructions. When analyzing an application (Packer) I came across the instructions


It's PECompact, the code creates a SEH and causes an error, which forces redirect to 5A02F4.
Just ignore the code after 00401018, and put breakpoint on 5A02F4 to get to the handler.

BoB
JMI
June 11th, 2010, 11:31
Xgrzyb90:

This is an Engish language Forum. Please post in English only.

Regards,
FrankRizzo
June 11th, 2010, 20:07
Quote:
[Originally Posted by JMI;86842]Xgrzyb90:

This is an Engish language Forum. Please post in English only.

Regards,


It was nice of you to NOT quote Pulp Fiction.
JMI
June 11th, 2010, 21:45
I assume you are referring to the line:

"English, motherf***er, do you speak it?"



Regards,
forte
August 11th, 2010, 16:33
Quote:
[Originally Posted by Xgrzyb90;86835]Mam problem z zrozumieniem instrukcji. Podczas analizowania aplikacji (packera) natknąłem się na instrukcję

kod (część:

Code:


.text:00401000 start           proc far

.text:00401000

.text:00401000 var_398D0028    = dword ptr -398D0028h

.text:00401000

.text:00401000                 mov     eax, 5A02F4h

.text:00401005                 push    eax

.text:00401006                 push    large dword ptr fs:0

.text:0040100D                 mov     large fs:0, esp

.text:00401014                 xor     eax, eax

.text:00401016                 mov     [eax], ecx

.text:00401018                 push    eax

.text:00401019                 inc     ebp

.text:0040101A                 inc     ebx

.text:0040101B                 outsd

.text:0040101C                 insd

.text:0040101D                 jo      short loc_401080

.text:0040101F                 arpl    [edx+esi+0], si

.text:00401023                 fsub    qword ptr [esi]

.text:00401025                 frndint

.text:00401027                 call    near ptr 6A64A671h

.text:0040102C                 push    edx

.text:0040102D                 out     dx, eax

.text:0040102E                 and     [edi], edi

.text:00401030                 xlat

.text:00401031                 scasb

.text:00401032                 pop     esi

.text:00401033                 mov     bl, 0CEh

.text:00401035                 iret


Co oznacza:


In the Google Translate into English http://translate.google.com ("http://translate.google.com")