edx cybersecurity

Author: uuk[Software name]: Total Commander[Software Version]: 7.56a[Shelling method]: new version without shelling[Programming language]: Borland Delphi 2.0 [Overlay][Tools]: OD PEID IDA[Operating platform]: Windows XP[Software introduction]: A pretty good dual-column File Management Software[Author's statement]: it is only for research purposes. Please purchase a genuine version for use.We know that Total Commander has self-verification. by tracking the CreateFile and ReadFile functions, it is

8. Offset is the number of immediately. For example, [EBP + EDX * 8 + 200] is a valid address expression. Of course, in most cases, it is not necessary to have such a complex relationship as inter-address, proportional factor, or offset. The basic unit of memory is byte ). Each byte has eight binary bits. Therefore, the maximum number of characters that each word can save is 11111111, that is, 255 in decimal format. In general, it is more convenient

EDI, dword ptr [esp + 0x14] // EDI = destSub ESI, EBX // ESI = A-BLea edX, dword ptr [EBX + 4 * ecx-8] // B [I]Sub EDI, EBX // EDI = DEST-BSHR ECx, 1 // Len = Len/2Movq mm7, base64 // 0x3b9aca003b9aca00Movq MM5, borrowfirst // 0x0000000100000000Movq mm6, borrownext // 0x0000000000000001Pxor mm2, mm2 // clear borrowSub_loop:Movq mm0, dword ptr [ESI + EDX] // A [I]Movq MM1, dword ptr [

EDI, dword ptr [esp + 0x14] // EDI = destSub ESI, EBX // ESI = A-BLea edX, dword ptr [EBX + 4 * ecx-8] // B [I]Sub EDI, EBX // EDI = DEST-BSHR ECx, 1 // Len = Len/2Movq mm7, base64 // 0x3b9aca003b9aca00Movq MM5, carryfirst // 0x0000000100000000Movq mm6, carrynext // 0x0000000000000001Pxor mm2, mm2 // carry clearedAdd_loop:Movq mm0, dword ptr [ESI + EDX] // A [I]Movq MM1, dword ptr [

# reset the IDT and gdt tables at the new location.16 call setup_idt # Set IDT. First, fill in the descriptor of the default processing process for all the 256 interrupt doors.17 Call setup_gdt # Set gdt.18 movl $0x10, % eax # Reload all segment registers after gdt is changed.19mov % ax, % DS20mov % ax, % es21mov % ax, % FS22mov % ax, % GS23lss init_stack, % ESP24 # Set the 8253 timing chip. Set counter channel 0 to send an interrupt request signal to the interrupt controller every 10 ms.25 mov

The following two hash functions (FNV bkdr) are optimized to hash short strings ending with 0 and get a 32-bit hash value. ----------------- By G-spider FNV hash Fnv32_t__stdcall fnv_32a_str_c(char *str){ unsigned char *s = (unsigned char *)str;/* unsigned string */ Fnv32_t hval= 2166136261; /* * FNV-1a hash each octet in the buffer */ do {/* xor the bottom with the current octet */hval ^= (Fnv32_t)*s;/* multiply by the 32 bit FNV magic prime mod 2^32 */hval *= 0x01000193;

function is located in x86/boot/pmjump. s, good, this is another piece of assembly code, and later, the kernel will directly jump back and forth between the assembly code and the C code. The Code is as follows: 26 Global (protected_mode_jump)27 movl % edX, % ESI # pointer to boot_params table2829 xorl % EBX, % EBX30 movw % CS, % BX31 shll $4, % EBX32 addl % EBX, 2f33 JMP 1f # Short jump to serialize on 386/48634 1:3536 movw $ __boot_ds, % CX37 movw $

can express all ASCII codes. That is to say, a memory unit can store an English character or number, while a Chinese character must be represented by a unicode code. That is to say, two memory units can hold a Chinese character. It is not hard to understand that the sixteen bits are two bytes. Of course, if there are sixteen bits, there must be thirty-two bits, sixty-fourteen bits, and so on. The thirty-two bits are called dual characters, and the sixty-fourteen bits are called four characters.

command is executed, the configured values are specified through the edX and eax registers, the high 32 bits of the specified value of edX, and the low 32 bits of the value specified by eax, when the preceding registers are set, edX is 0. MSR registers are filled with the specified MSR registers through the ECX registers. The registers of sysenter_cs_msr, sysent

points worth attention:1. The function to be called has been determined at the compilation stage and is called directly using the function address.2. The call of member functions of the class adopts the "this" Call constraint, and the implicit this pointer is stored in the exc register. The second statement:; 31: cbase bobj = dobj; Lea eax, dword ptr _ dobj $ [EBP]Push eaxLea ECx, dword ptr _ bobj $ [EBP]Call ?? 0cbase @ Qae @ abv0 @ Z From the syntax point of view, a base class object is cons

area ,. data is a readable and writable data area, while. BSS is a readable and writable data zone without initialization. Code and data zones are collectively called sections in elf. You can use other standard sections or add custom sections as needed, but at least one elf executable program should have one. text section. The following is our first assembler, In the att assembly language format: Example 1. att format # Hello. s. Data # Data Segment DeclarationMSG:. String "Hello, world! // N

example, the relationship between pixel RGB values is r> G> B, and the maximum monochrome ratio is r red, the compound color ratio is the compound color yellow formed by the maximum R and the middle G. It is not complicated to use the program code to implement the above grayscale calculation formula. The difficulty is to select the corresponding monochrome and compound Color Ratio Based on the pixel RGB relationship. An additional coloring function is added to the black/white adjustment functio

) in the memory unit opened by SWAp in the stack as the form parameter X and Y. This can be seen from the following Assembly Code (the author adds the annotation ): 22: void main () 23 :{ ...... ...... 13: int A = 1, B = 2; 00401088 mov dword ptr [ebp-4], 1 00401_f mov dword ptr [ebp-8], 2 14: int * P1 = ; 00401096 Lea eax, [ebp-4] 00401099 mov dword ptr [ebp-0Ch], eax 15: int * P2 = B; 00401_c Lea ECx, [ebp-8] 0040366f mov dword ptr [ebp-10h], ECx 16: swap (P1, P2 ); 004010a2 mov

8. Offset is the number of immediately. For example, [EBP + EDX * 8 + 200] is a valid address expression. Of course, in most cases, it is not necessary to have such a complex relationship as inter-address, proportional factor, or offset. The basic unit of memory is byte ). Each byte has eight binary bits. Therefore, the maximum number of characters that each word can save is 11111111, that is, 255 in decimal format. In general, it is more convenient

operation is directly applied to the memory, instead of using registers. The register is generally used as a required command or used to make the program run faster,("Sidt % 0/N": "M" (LOC); indicates that the input variable loc does not pass the Register Mathing (DIGIT) ConstraintsWhen a variable is used in input and output, "0", "1", "2"... (I think so)ASM ("incl % 0": "= A" (VAR): "0" (VAR ));Store VaR in the register % eax first, add 1 to the register, and then send it to the VaR Common Emb

Storage program computer (the stored programs computer) Memory store directives and data CPU Interpretation Instructions X86 implementation (X86 implementation)Registers (Register) Universal register (general-purpose registers) Segment Register (Segment registers) Flag Register (EFlags register) x86_64 Register (x86_64 registers) Memory MOVL%eax,%edx　　

a link ): Https://raw.githubusercontent.com/CodingLi/test/master/exp_buffer Enable ie in Windbg Then g runs the program and an exception occurs. The exception is as follows: 0:000>g(830.fb8):Accessviolation-codec0000005(firstchance)Firstchanceexceptionsarereportedbeforeanyexceptionhandling.Thisexceptionmaybeexpectedandhandled.eax=0000004aebx=022cde82ecx=0013e140edx=00140000esi=0013df00edi=0013e140eip=77c12332esp=0013dea0ebp=0013deaciopl=0nvupeiplnznaponccs=001bss=0023ds=0023es=0023fs=003bgs=0

0x00310000Two, custom structureConclusion: A custom structure can be thought of as an array.Custom structure, as a parameter, will put all member variables, one by one into the stackIf you pass a custom structure pointer, only the address is passed.Global custom struct-body variables, and global fixed-length array classes swab.The program loads, like code, already in memory, into the static zone.Uninitialized put 00 data,The name of the variable appears in the code and is replaced by the addres

= dword ptr 4 . TEXT:004E8EF0 Arg_4 = dword ptr 8 . TEXT:004E8EF0 Arg_8 = dword ptr 0Ch . text:004e8ef0 . TEXT:004E8EF0 mov ecx, [esp+arg_0]; Could be Len address of length . TEXT:004E8EF4 Push EBX . TEXT:004E8EF5 mov eax, [esp+4+arg_4]; Cache Address . TEXT:004E8EF9 push ESI . TEXT:004E8EFA mov esi, ecx . TEXT:004E8EFC Push EDI . TEXT:004E8EFD mov edi, [esp+0ch+arg_8]; Encrypt key Address . Text:004e8f01 and ESI, 3; the remainder that corresponds to the cache length divided by 4 . text:004e8f0

], 10; (int*) PST = ten mov edx, a mov eax, [ebp+var_4]; eax = PST mov [eax+4], DX ; (word*) (pst+4) = a mov ecx, [ebp+var_4]; ecx = PST mov byte ptr [ecx+6], 30; (byte*) (pst+6) = 30, verified that the second is word byte mov edx, [ebp+var_4]; edx = PST mov dword ptr [edx+8], 40; (int*)