hakers.info » Binary-auditing training package – Manual decompilation, Exercise 8

Home > Application Security, MalwareAnalysis > Binary-auditing training package – Manual decompilation, Exercise 8

Binary-auditing training package – Manual decompilation, Exercise 8

August 13th, 2011 b0mbard Leave a comment Go to comments

This problem statement is part of binary-auditing package. This needs

to be converted to HLL

Problem:(Assembly code)

sub_408138 proc near
000 push ebx
004 push esi
008 mov esi, edx
008 dec esi
008 test esi, esi
008 jl short loc_40816F
008 inc esi
loc_408142:
008 xor edx, edx
008 mov dl, [eax]
008 xor ebx, ebx
008 mov bl, cl
008 add edx, ebx
008 test edx, edx
008 jge short loc_40815B
008 mov ebx, 100h
008 sub ebx, edx
008 mov edx, ebx
008 jmp short loc_408169
loc_40815B:
008 cmp edx, 100h
008 jle short loc_408169
008 sub edx, 100h
loc_408169:
008 mov [eax], dl
008 inc eax
008 dec esi
008 jnz short loc_408142
loc_40816F:
008 pop esi
004 pop ebx
000 retn
sub_408138 endp

Pseudo/High Level code:
var_esi = var_edx;
var_esi -- ;

if(var_esi >=0)
var_esi++;

do
{
var_edx=0;
LOWER byte of EDX=*var_eax;  //EAX supplied from outside

var_ebx=0;
LOWER byte of EBX=LOWER byte of ECX;  //ECX supplied from outside

var_edx=var_edx+var_ebx;

if(var_edx<0)
{
var_ebx=100h;   //256
var_ebx=var_ebx-var_edx;
var_edx=var_ebx;
}
else
{
if(var_edx>100h)
var_edx=var_edx-100h;
}

*var_eax=LOWER byte of EDX
var_eax++;
}while(--var_edx!=0)

Categories: Application Security, MalwareAnalysis Tags:

Comments (0) Trackbacks (0) Leave a comment Trackback

No comments yet.

No trackbacks yet.

Setting up proxy for apps in android emulator Installation and Configuration of DHCP Server in Active Directory Domain

Switch to our mobile site