Binary-auditing training package – Manual decompilation, Exercise 8
August 13th, 2011
No comments
This problem statement is part of binary-auditing package. This needs
to be converted to HLL Problem:(Assembly code) sub_408138 proc near 000 push ebx 004 push esi 008 mov esi, edx 008 dec esi 008 test esi, esi 008 jl short loc_40816F 008 inc esi loc_408142: 008 xor edx, edx 008 mov dl, [eax] 008 xor ebx, ebx 008 mov bl, cl 008 add edx, ebx 008 test edx, edx 008 jge short loc_40815B 008 mov ebx, 100h 008 sub ebx, edx 008 mov edx, ebx 008 jmp short loc_408169 loc_40815B: 008 cmp edx, 100h 008 jle short loc_408169 008 sub edx, 100h loc_408169: 008 mov [eax], dl 008 inc eax 008 dec esi 008 jnz short loc_408142 loc_40816F: 008 pop esi 004 pop ebx 000 retn sub_408138 endp
Pseudo/High Level code:
var_esi = var_edx;
var_esi -- ;
if(var_esi >=0)
var_esi++;
do
{
var_edx=0;
LOWER byte of EDX=*var_eax; //EAX supplied from outside
var_ebx=0;
LOWER byte of EBX=LOWER byte of ECX; //ECX supplied from outside
var_edx=var_edx+var_ebx;
if(var_edx<0)
{
var_ebx=100h; //256
var_ebx=var_ebx-var_edx;
var_edx=var_ebx;
}
else
{
if(var_edx>100h)
var_edx=var_edx-100h;
}
*var_eax=LOWER byte of EDX
var_eax++;
}while(--var_edx!=0)
Categories: Application Security, MalwareAnalysis