Archive

Archive for August 11th, 2011

binary-auditing RCE exercise

August 11th, 2011 1 comment
As a part of learning reverse engineering and enhancing RCE skills, I was going through binary-auditing tutorials. This is manual decompilation exercise 7.

Problem: This is the code to be analysed:

proc near
000 push ebx
004 push esi
008 xor ebx, ebx
008 mov [eax], ebx
008 mov ebx, ecx
008 dec ebx
008 test ebx, ebx
008 jl short loc_408135
008 inc ebx
loc_40810E:
008 mov ecx, [eax]
008 shl ecx, 4
008 movzx esi, byte ptr [edx]
008 add ecx, esi
008 mov [eax], ecx
008 mov ecx, [eax]
008 and ecx, 0F0000000h
008 test ecx, ecx
008 jz short loc_40812D
008 mov esi, ecx
008 shr esi, 18h
008 xor [eax], esi
loc_40812D:
008 not ecx
008 and [eax], ecx
008 inc edx
008 dec ebx
008 jnz short loc_40810E
loc_408135:
008 pop esi
004 pop ebx
000 retn
sub_408100 endp

Read more…

Categories: MalwareAnalysis Tags:

Switch to our mobile site