1,681 questions
-4
votes
1
answer
160
views
Assembler CMP ESI, -20: Why is dword ESI compared to a byte? [duplicate]
76EB750D 83FE E0 CMP ESI,-20
76EB7510 0F87 AD000000 JA msvcrt.76EB75C3
Why is dword ESI compared to a byte?
If ESI equals FFFFFFF0 then the jump is performed. If ESI equals FFFFF0F0 ...
- 15.2k
159
votes
12
answers
132k
views
How can I see the assembly code for a C++ program?
How can I see the assembly code for a C++ program?
- 3,008
7
votes
2
answers
2k
views
How do you organize visual panels (V!)?
I would like to use Radare2 to learn about how C is assembled into assembly but I am having trouble with the layout. I think the V! mode would be very handy as you can watch the registers update as ...
- 14.5k
1
vote
2
answers
225
views
How does MSVC's optimized asm implement a simple C program that uses strcpy on argv[1]? Understanding IDA output and what it's doing with pointers?
I have written a very basic int main program as shown below:
#include <stdio.h>
#include <windows.h>
int main(int argc, char** argv)
{
char buffer[500];
strcpy(buffer, argv[1]);
...
- 377k
2
votes
0
answers
68
views
Bypassing C64's PETSCII to screen code mapping
In upper-case mode, the C64 PRINT ASC("A") prints 65 - the ASCII/PETSCII code.
But POKE 1024,65 prints the shifted A character. PRINT CHR$(65), however, prints the proper 'A' character.
With ...
- 948
3
votes
0
answers
154
views
How do I interpret xdata and pdata section to hand-write RUNTIME_FUNCTION and UNWIND_INFO for RtlAddFunctionTable?
I am trying to inject some assembly code at runtime to circumvent a restriction in my language's runtime (VBA). I was originally writing assembly by hand compiling with flat assembler fasm, but found ...
- 5,625
14
votes
1
answer
12k
views
What to do with "DWARF error: section .debug_info is larger than its filesize!"?
Looking for ways to see generated assembler of a specific function in my binary (an .so to be exact), just as I can see similar on Compiler Explorer, I found How to disassemble one single function ...
148
votes
12
answers
324k
views
How to disassemble a binary executable in Linux to get the assembly code?
I was told to use a disassembler. Does gcc have anything built in? What is the easiest way to do this?
- 5,524
2
votes
1
answer
96
views
why is there a "RETF 4" at the end of the disassembled function?
im disassembling the old 1989 Borland tool TDSTRIP.EXE that can extract Turbo Debugger information from executables and stumpled over this path-normalizing function
this is the signature im using ...
- 3,786
6
votes
4
answers
12k
views
Is it possible in IDA Pro to make a struct field offset to vtable which is defined in .data segment?
Here is what I want to achieve. I identified a class which I defined as a struct to store class data. One of the methods of the class uses class-field as if it's pointer to vtable.
int __thiscall ...
- 11
4
votes
1
answer
3k
views
Decompiling a 16-bit dos application
I have a very old application which I bought about 15-years ago, it consists of 5 .exe files used for storing patients' profiles and information. The problem is that this application was programmed to ...
- 1
2
votes
1
answer
167
views
Export the Disassembly file(s) from Keil uVision 5
When I'm debugging in uVision 5 the Disassembly window shows the interleaved source code and assembly instructions and the index of the current executed instruction. I need this window exported in a ...
2
votes
1
answer
151
views
Compiler information in Program
Yes,I was wondering what information does the program contain regarding the compiler that compiled it.
Information like compiler name,version.This is usually mentioned in about box of help(program ...
- 130k
4
votes
2
answers
429
views
Where does the asm code during the debugging process in GDB come from?
Basically, according to my knowledge,
If we use GDB to debug execute code compiled from C source code,
compiler will leave the source code Path in the ELF/PE file, so
GDB will use the source code ...
- 377k
5
votes
2
answers
991
views
How to disassemble fasm-generated binary?
I am writing program in FASM assembler, and want to see what code is generated after all macro expansions. One usually can disasseble binary with objdump -d, but for binary, generated by fasm, it ...
- 85
3
votes
2
answers
965
views
How do I interpret the columns of the CPU window's disassembly pane?
There is a tool called the CPU window, which I get pressing Ctrl+Alt+C, that shows the disassembly of my code.
A green arrow to the left of the memory address indicates the location of the current ...
- 130k
2
votes
3
answers
4k
views
0
votes
1
answer
58
views
How to map runtime address from /proc/pid/maps to binary executable?
With a binary executable and a /proc/pid/maps of a process which spawns from it, I want to map a runtime instruction address at this time (can be retrieved by gdb or any debuggers) towards the ...
- 217k
-1
votes
1
answer
6k
views
Bomb lab phase 4 func4 - doubly-recursive function that calls itself with n-1 and n-2
I'm having trouble with the password for phase_4 of my binary bomb.
So far, I understand...
the inputs must be 2 integers (line 29)
and the second integer should <= than or equal to 2 when 2 is ...
- 377k
5
votes
1
answer
3k
views
Identifying the origin of a DLL
How do I determine what compiler was used to create a DLL?
I have a DLL - is it possible to find out how the DLL was created (.NET/C++/Labview etc). I don't have the source of the DLL file. I tried ...
- 130k
2
votes
2
answers
322
views
Given an instruction address, can the starting address of the function enclosing it be determined?
I've run into this problem in my current project, which requires reasoning about code at the binary level.
I think we can determine the starting location of all functions in a program by looking at ...
- 130k
1
vote
1
answer
253
views
Understanding disassembler: See how many bytes are used for add
I disassembled a program (with objdump -d a.out) and now I would like understand what the different sections in a line like
400586: 48 83 c4 08 add $0x8,%rsp
stand for. More ...
- 377k
4
votes
5
answers
996
views
Is there any C compiler to show you linked program in asm? [closed]
I am searching for a compiler or better IDE for C which could generate completely linked program, including functions from CRT, in assembler form. Is there any? I tried Visual C Express 2008. It has a ...
- 130k
1
vote
1
answer
128
views
MSVC compiler disassembly code from if/else statement
I have a general question about how MSVC generates machine code regarding to else statement.
A simple exmaple here:
1 bool is_zero(int num) {
2 if (num)
3 return false;
4 else
5 ...
- 130k
2
votes
2
answers
473
views
IDAPYTHON got wrong data from memory
I wrote a script to show the second param of NtQueryInformationProcess.however,I always got wrong data,it seems like the memory wasn't freshed and what I got was old data.Here is my code:
from idaapi ...
- 14k