Results 1 to 6 of 6

Thread: assembler instrukcja

  1. #1
    Registered User
    Join Date
    Mar 2010
    Location
    Warsaw, Poland
    Posts
    5

    assembler instrukcja

    Mam problem z zrozumieniem instrukcji. Podczas analizowania aplikacji (packera) natknąłem się na instrukcję

    kod (część):

    Code:
    .text:00401000 start           proc far
    .text:00401000
    .text:00401000 var_398D0028    = dword ptr -398D0028h
    .text:00401000
    .text:00401000                 mov     eax, 5A02F4h
    .text:00401005                 push    eax
    .text:00401006                 push    large dword ptr fs:0
    .text:0040100D                 mov     large fs:0, esp
    .text:00401014                 xor     eax, eax
    .text:00401016                 mov     [eax], ecx
    .text:00401018                 push    eax
    .text:00401019                 inc     ebp
    .text:0040101A                 inc     ebx
    .text:0040101B                 outsd
    .text:0040101C                 insd
    .text:0040101D                 jo      short loc_401080
    .text:0040101F                 arpl    [edx+esi+0], si
    .text:00401023                 fsub    qword ptr [esi]
    .text:00401025                 frndint
    .text:00401027                 call    near ptr 6A64A671h
    .text:0040102C                 push    edx
    .text:0040102D                 out     dx, eax
    .text:0040102E                 and     [edi], edi
    .text:00401030                 xlat
    .text:00401031                 scasb
    .text:00401032                 pop     esi
    .text:00401033                 mov     bl, 0CEh
    .text:00401035                 iret
    Co oznacza:

    push large dword ptr fs:0
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  2. #2
    I'm having trouble understanding instructions. When analyzing an application (Packer) I came across the instructions
    It's PECompact, the code creates a SEH and causes an error, which forces redirect to 5A02F4.
    Just ignore the code after 00401018, and put breakpoint on 5A02F4 to get to the handler.

    BoB

  3. #3
    Xgrzyb90:

    This is an Engish language Forum. Please post in English only.

    Regards,
    JMI

  4. #4
    Quote Originally Posted by JMI View Post
    Xgrzyb90:

    This is an Engish language Forum. Please post in English only.

    Regards,
    It was nice of you to NOT quote Pulp Fiction.

  5. #5
    I assume you are referring to the line:

    "English, motherf***er, do you speak it?"



    Regards,
    JMI

  6. #6
    Quote Originally Posted by Xgrzyb90 View Post
    Mam problem z zrozumieniem instrukcji. Podczas analizowania aplikacji (packera) natknąłem się na instrukcję

    kod (część):

    Code:
    .text:00401000 start           proc far
    .text:00401000
    .text:00401000 var_398D0028    = dword ptr -398D0028h
    .text:00401000
    .text:00401000                 mov     eax, 5A02F4h
    .text:00401005                 push    eax
    .text:00401006                 push    large dword ptr fs:0
    .text:0040100D                 mov     large fs:0, esp
    .text:00401014                 xor     eax, eax
    .text:00401016                 mov     [eax], ecx
    .text:00401018                 push    eax
    .text:00401019                 inc     ebp
    .text:0040101A                 inc     ebx
    .text:0040101B                 outsd
    .text:0040101C                 insd
    .text:0040101D                 jo      short loc_401080
    .text:0040101F                 arpl    [edx+esi+0], si
    .text:00401023                 fsub    qword ptr [esi]
    .text:00401025                 frndint
    .text:00401027                 call    near ptr 6A64A671h
    .text:0040102C                 push    edx
    .text:0040102D                 out     dx, eax
    .text:0040102E                 and     [edi], edi
    .text:00401030                 xlat
    .text:00401031                 scasb
    .text:00401032                 pop     esi
    .text:00401033                 mov     bl, 0CEh
    .text:00401035                 iret
    Co oznacza:
    In the Google Translate into English http://translate.google.com

Similar Threads

  1. HLA assembler or not?
    By stthspl in forum The Newbie Forum
    Replies: 6
    Last Post: November 17th, 2006, 10:56
  2. newbie Q: convert assembler 2 hex
    By chitech in forum The Newbie Forum
    Replies: 4
    Last Post: August 30th, 2002, 01:09
  3. C source code for an assembler
    By IcyDee in forum Tools of Our Trade (TOT) Messageboard
    Replies: 2
    Last Post: July 10th, 2002, 02:14
  4. assembler
    By ant in forum Malware Analysis and Unpacking Forum
    Replies: 3
    Last Post: May 22nd, 2001, 16:15
  5. Use an assembler ;-)
    By Carpathia in forum Advanced Reversing and Programming
    Replies: 4
    Last Post: November 15th, 2000, 14:22

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •