edx mba

access the corresponding memory at that time. What can eight binary bits Express? It can express all ASCII codes. That is to say, a memory unit can store an English character or number, while a Chinese character must be represented by a unicode code. That is to say, two memory units can hold a Chinese character. It is not hard to understand that the sixteen bits are two bytes. Of course, if there are sixteen bits, there must be thirty-two bits, sixty-fourteen bits, and so on. The thirty-two bit

. m_three =3;Testret. m_four =4;ReturnTestret;} Disassembly code: 30 : Tagtest Test ; 31 : Test = Rerstruct () ; 00401078 Lea Eax, [ebp-30h]; The ebp-30h address into the stack, the function of the struct value 00401_ B Push Eax 00401_c Call @ ILT + 0 (Rerstruct )( 00401005 ); Execute the function, at this time the copy of the struct return value is completed on the ebp-30h 00401081 Add ESP, 4. Balance the stack 00401084 MoV ECX, dword ptr [eax] 00401086 Mo

= 2; int *P1 = a; int *P2 = b; Swap (P1, p2) } The function swap takes two pointer variables as arguments, and when main () calls swap, the pointer variable p1, the value of P2 (that is, the address of the variable A, b) is placed in the memory unit of the swap on the stack as the form parameter x and Y, in the same way that the value is passed. This can be seen from the following assembly code (note is added by the author): : void Main () 23: { ...... ...... INT.: int a = 1

):), compiled as: #APP MOVL Foo,eax #NO_APP MOVL Eax,bar The statement is a bit weird, but it's a good representation of how GCC works. Take a piece of code in ARCH/I386/KERNEL/APM.C as an example, let's compare what happens before and after they compile: Compiled Code of source program __ASM__ ( "Pushl%%edi/n/t" "Pushl%%ebp/n/t" "Lcall%%cs:/n/t" "SetC%%al/n/t" "Addl%1,%2/n/t" "Popl%%ebp/n/t" "Popl%%edi/n/t" : "=a" (EA), "=b" (EB), "=c" (EC), "=d" (ed), "=s" (es) : "A" (eax_in), "B" (e

WaitForDebugEvent from MAGCT.0060F8B90012 BCBC 0012CD90 | pDebugEvent = 0012CD900012BCC0 000003E8 Timeout = 1000. MSLocate CD90 in the data window and check the OEP value.Next, disconnect: BP WriteProcessMemory Now go to the code window Ctrl + G: 0060F8BFCtrl + f search command at the current location: or eax, 0FFFFFFF8Locate the first place at 0060FE8F, on which cmp dword ptr ss: [ebp-A34], 0 sets the breakpoint. 0060FE43 83BD CCF5FFFF 0> cmp dword ptr ss: [ebp-A34], 0// Down, Shift + F9 inter

again. Oh, it's done. I ran to the airspace of user32.dll. Let's take a look at the title bar of ollydbg: "[CPU-main thread, module-USER32], and ran to system airspace. The code shown in the ollydbg Disassembly window is as follows: 77d3213c 6a 0C push 0c77d3213e 68 a021d377 push user32.77d321a077d32143 E8 7864 feff call user32.77d185c0 What should I do? Don't worry. Let's press Alt + F9: 00401328 |. E8 a5000000 call crackhea.004013d2; key: Press F7.0040132d |. 3bc6 CMP eax, ESI; Comparison0040

. Currently, binary code in ELF format is the most commonly used. An executable program in the ELF format is generally divided into the following parts :. text ,. data and. BSS, where. text is a read-only code area ,. data is a readable and writable data area, while. BSS is a readable and writable data zone without initialization. Code and data zones are collectively called sections in elf. You can use other standard sections or add custom sections as needed.Section, but an elf executable progra

onresize () 000012 { 000013 _ w + = 10; 000014 _ H + = 10; 000015 cout 000016} 000017 }; 000018 000019 class specialwindow: public window 000020 { 000021 public: 000022 virtual void onresize () 000023 { 000024 static_cast 000025 // window: onresize (); 000026 cout 000027} 000028 }; 000029 000030 int _ tmain (INT argc, _ tchar * argv []) 000031 { 000032 specialwindow SW; 000033 Sw. onresize (); 000034 return 0; 000035} Then, I will disassemble the executable file to obtain the assembly code of t

The switch and if-else statements are both conditions in the C language. In terms of syntax, the two functions are the same. If the switch can be completed, the switch can also be completed, however, their application scenarios are slightly different. If is mostly used in a single branch, switch is mainly used in the case of multiple branches. Let's take a look at the C program and the Assembly Code Compiled with GCC. /* $ Begin switch-C */Int switch_eg (int x){Int result = X; Switch (x ){ Case

74fb4200 mov ecx,acid_bur.0042fb74; ASCII, "Ry again!" 0042fa63 |. BA 80fb4200 mov edx,acid_bur.0042fb80; ASCII, "Orry, the serial is Incorect!" 0042fa68 |. A1 480a4300 mov eax,dword ptr ds:[0x430a48]0042fa6d |. 8B00 mov eax,dword ptr ds:[eax]; acid_bur.004240900042fa6f |. E8 fca6ffff call acid_bur.0042a170; String length less than 4 return to 0042a170 position, wrong error dialog box 0042fa74 |. E9 BE000000 jmp acid_bur.0042fb370042fa79 |>

Call Acid_bur.004069300042fa57 |. 83F8 CMP eax,0x4; Compares whether the length of a string is greater than or equal to 40042FA5A | 7D 1D jge Short acid_bur.0042fa790042fa5c |. 6A Push 0x00042fa5e |. B9 74fb4200 mov ecx,acid_bur.0042fb74; ASCII, "Ry again!" 0042fa63 |. BA 80fb4200 mov edx,acid_bur.0042fb80; ASCII, "Orry, the serial is Incorect!" 0042fa68 |. A1 480a4300 mov eax,dword ptr ds:[0x430a48]0042fa6d |. 8B00 mov eax,dword ptr ds:[ea

CPUID, Eax,ebx,ecx,edx stores the various characteristic information of the CPU. This information is what we commonly call CPU serial numbers.mov eax, 0//Get manufacturer InfoCpuidmov eax, 1//Get the serial number of the CPUCpuidThe following three functions are available for reference:[C-sharp]View Plaincopy function Newcpuid: string; Const CPUINFO = ' CPU Manufacturer:%s serial number:%x '; Var S:ARRAY[0..19] of Char; Mycpuid:intege

$0x8,0x34 (%ESP) - 0x40139e movl $0xa,0x38 (%ESP) - 0x4013a6 movl $0xc,0x3c (%ESP) -0x4013aeLea0x10 (%ESP),%eax +0x4013b2mov%eax,0x44 (%ESP) - 0x4013b6 movl $0x1,0x40 (%ESP) + 0x4013be movl $0x0,0x48 (%ESP) A 0x4013c6 movl $0x0,0x4c (%ESP) at0x4013cejmp0x4013f9 185> -0x4013d0mov0x4c (%ESP),%eax -0x4013d4Lea0x0 (,%eax,4),%edx -0x4013dbmov0x40 (%ESP),%eax -0x4013dfAdd%edx,%eax -0x4013e1Lea0x0 (,%eax,4),%

Linux-0.11 Memory Management module is the source of the more difficult to understand the part, now the author's personal understanding publishedFirst hair Linux-0.11 kernel memory management get_free_page () function analysisHave time to write other functions or files:)/* *author:davidlin *date:2014-11-11pm *email: [email protected] or [email protected] *world:the City of SZ , in China *ver:000.000.001 *history:editor time do 1) Linpeng 2014-11-11 Created this file! 2) */Here is the source code

the number of quotes mov esi, cmdline @@: LODSB cmp al, 0; Reach End JE @F cmp al, 34 Jne @B; no quotes continue to Loop Inc ECX; ecx+=1 jmp @B @@: Push ECX Storage count Value shr ecx, 1 shl ecx, 1; ecx-=ecx%2 pop eax; eax= count value cmp eax, Ecx JE @F; the number of quotes is even (matched) the next hop pop edi pop ESI mov eax, 3; return 3 ret @@: ; ------------------------------------------- ; The following code removes the (program's) path and file name; CmdLine only leav

c28b4424 1801c28b 44241c01 d0890424. d$ .... d$.....$ 0050 e8fcffff ff8b4424 18c9c3 ... d$ ... Contents of section. Data: 0000 54000000 00000000 55000000 T .... U ... Contents of section. Rodata: 0000 68656c6c 6f20776f 726c6421 0025640a Hello world!. %d. 0010 00323232 323200.22222. Disassembly of section. Text: 00000000 0:55 Push%EBP 1:89 e5 mov%esp,%ebp 3:83 EC Sub $0x18,%esp 6:8B mov 0x8 (%EBP),%eax 9:89%eax,0x4 mov (%ESP) D:c7 0d, Movl $0xd, (%ESP) 14:

, so it is necessary to control the format. For example: Asm (movl % eax, % ebx ); Asm (xorl % ebx, % edx ); Asm (movl $0, _ booga ); In the above example, we changed the values of edx and ebx in the Assembly, but due to the special processing method of gcc, the Assembly file is first formed and then handed over to the gas for assembly, therefore, gas does not know that we have changed the values of

7615 jbe 004614C8: 004614B3 80FB3A cmp bl, 3A: 004614B6 7310 jnb 004614C8.: 004614B8 889D0CF6FFFF mov byte ptr [ebp + FFFFF60C], bl: 004614BE C6850DF6FFFF00 mov byte ptr [ebp + FFFFF60D], 00: 004614C5 83C602 add esi, 00000002 * Referenced by a (U) nconditional or (C) onditional Jump at Addresses:|: 004614B1 (C),: 004614B6 (C)|: 004614C8 8D850CF6FFFF lea eax, dword ptr [ebp + FFFFF60C]: 004614CE 50 push eax: 004614CF E8EC9D0400 call 004AB2C0: 004614D4 59 pop ecx: 004614D5 8945F4 mov dword ptr [e

test ax, AX0000004b JE shadowse.00000010800426051 mov ecx, dword ptr ss: [ESP + C]00426055 PUSH EDI00426056/cmp ax, 30; number?0000005a | jb short shadowse.0000006c; 003665c | cmp ax, 3900426060 | ja short shadowse.0020.6c;> "9" indicates the hop.00426062 | and eax, 0 FFFF00426067 | sub eax, 30;-0x300000006a | jmp short shadowse.00000096003666c | cmp ax, 41; uppercase letters?00426070 | jb short shadowse.00000082; 00426072 | cmp ax, 5A00426076 | ja short shadowse.00000082;> "Z" indicates the ho

[1-4]004011F6 |. 8B1D 64214000 mov ebx, dword ptr ds: [402164]; Take the username 5th to 8th characters004011FC |. 3305 71214000 xor eax, dword ptr ds: [402171]; User [1-4] xor sn [1-4] = k100401202 |. 331D 75214000 xor ebx, dword ptr ds: [402175]; User [5-8] xor sn [5-8] = k200401208 |. 25 0F1F3F7F and eax, 7F3F1F0F; K1 and 7f3f1f0f = p10040120D |. 81E3 00010307 and ebx, 7030100; K2 and 7030100 = p200401213 |. 33C9 xor ecx, ECX; Use ECX for Loop00401215 |> 8BF0/mov esi, EAX00401217 |. 8BFB | m