disassembly

问题 Let's say I've the following set of instructions: 00E79E00 | E8 AE580000 CALL someprocess.00E7F6B3 00E79E05 | 85C0 TEST EAX, EAX (output taken from OllyDbg) How do I encode the rel32 offset from the near call(0xE8) so I can get the absolute position I can jump to? I know that the offset is relative to the next instruction and is calculated by subtracting the target with it. My question is: how do I 'reverse' this so I get the function addres 00E7F6B3 from the relative offset AE580000 回答1: You

问题 Given a C Python frame pointer, how do I look at arbitrary evaluation stack entries? (Some specific stack entries can be found via locals() , I'm talking about other stack entries.) I asked a broader question like this a while ago: getting the C python exec argument string or accessing the evaluation stack but here I want to focus on being able to read CPython stack entries at runtime. I'll take a solution that works on CPython 2.7 or any Python later than Python 3.3. However if you have

问题 Given a C Python frame pointer, how do I look at arbitrary evaluation stack entries? (Some specific stack entries can be found via locals() , I'm talking about other stack entries.) I asked a broader question like this a while ago: getting the C python exec argument string or accessing the evaluation stack but here I want to focus on being able to read CPython stack entries at runtime. I'll take a solution that works on CPython 2.7 or any Python later than Python 3.3. However if you have

问题 I'm currently trying to write a disassembler. I found the following list of opcodes and their meanings, so i decided to parse it at runtime: http://mprolab.teipir.gr/vivlio80X86/pentium.txt But i am stuck at the opcode 0x00: It is followed by a reg/modbyte. Parsing it was not much of a problem for me. But I'm having trouble with the Scale-Index-Base byte: If you actually specify esp as index register, it actually means that there is no index register. The same applies for the base register

问题 I wrote a simple program in c which calls a function called while_loop with arguments 4,3,2. The function is just basically a while loop, I don't think it's really that relevant to my question since it's more of a generic question. I was told to run objdump -d, so I did. I have multiple questions so here it goes: I understand that in the leftmost column there are addresses and they increment according to the number of bytes in front. What I don't understand very well is the second column. Is

问题 I wrote a simple program in c which calls a function called while_loop with arguments 4,3,2. The function is just basically a while loop, I don't think it's really that relevant to my question since it's more of a generic question. I was told to run objdump -d, so I did. I have multiple questions so here it goes: I understand that in the leftmost column there are addresses and they increment according to the number of bytes in front. What I don't understand very well is the second column. Is

问题 I'm experimenting disassembling clang binaries of simple C programs (compiled with -O0 ), and I'm confused about a certain instruction that gets generated. Here are two empty main functions with standard arguments, one of which returns value and other does not: // return_void.c void main(int argc, char** argv) { } // return_0.c int main(int argc, char** argv) { return 0; } Now, when I disassemble their assemblies, they look reasonably different, but there's one line that I don't understand:

问题 I have a DLL which I have disassembled, and just to test that my project is going to work. I have tried assembling it again but without luck. I'm getting different kinds of errors. The disassembly I have done with IDA Pro freeware, and then exported the file as an .asm, to try to assemble it again I have tried to use A86 assembler and flat assembler. Maybe I'm disassembling the DLL the wrong or using the wrong assembler, but could somebody maybe point me to some tools and/or resources about

问题 I have a DLL which I have disassembled, and just to test that my project is going to work. I have tried assembling it again but without luck. I'm getting different kinds of errors. The disassembly I have done with IDA Pro freeware, and then exported the file as an .asm, to try to assemble it again I have tried to use A86 assembler and flat assembler. Maybe I'm disassembling the DLL the wrong or using the wrong assembler, but could somebody maybe point me to some tools and/or resources about

问题 Is there a reference to the source file in the binary? I tried running strings on the binary and couldn't find any reference to the source file listed... 回答1: objdump uses the DWARF debugging information compiled into the binary, which references the source file name. If the binary isn't compiled with debugging information, or objdump can't find the source file, then you don't get source code in your output - only assembly. You don't see the source file name when you use strings on the binary