binary-auditing RCE exercise
August 11th, 2011
1 comment
As a part of learning reverse engineering and enhancing RCE skills, I was going through binary-auditing tutorials. This is manual decompilation exercise 7. Problem: This is the code to be analysed: proc near 000 push ebx 004 push esi 008 xor ebx, ebx 008 mov [eax], ebx 008 mov ebx, ecx 008 dec ebx 008 test ebx, ebx 008 jl short loc_408135 008 inc ebx loc_40810E: 008 mov ecx, [eax] 008 shl ecx, 4 008 movzx esi, byte ptr [edx] 008 add ecx, esi 008 mov [eax], ecx 008 mov ecx, [eax] 008 and ecx, 0F0000000h 008 test ecx, ecx 008 jz short loc_40812D 008 mov esi, ecx 008 shr esi, 18h 008 xor [eax], esi loc_40812D: 008 not ecx 008 and [eax], ecx 008 inc edx 008 dec ebx 008 jnz short loc_40810E loc_408135: 008 pop esi 004 pop ebx 000 retn sub_408100 endp
Categories: MalwareAnalysis