opcode

问题 I'm trying to code a exe packer/protector as a way of learning more about assembler, c++, and how PE files work. I've currently got it working so the section containing the EP is XORed with a key and a new section is created that contains my decryption code. Everything works out great except when I try and JMP to the original EP after decryption. Basically I do this: DWORD originalEntryPoint = optionalHeader->AddressOfEntryPoint; // -- snip -- // crypted.put(0xE9); crypted.write((char*)

问题 I'm just getting started with the ARM architecture on my Nucleo STM32F303RE, and I'm trying to understand how the instructions are encoded. I have running a simple LED-blinking program, and the first few disassembled application instructions are: 08000188: push {lr} 0800018a: sub sp, #12 235 __initialize_hardware_early (); 0800018c: bl 0x80005b8 <__initialize_hardware_early> These instructions resolve to the following in the hex file (displayed weird in Eclipse -- each 32-bit word is in MSB

问题 I am having trouble figuring out weather to load a regisiter with the contents of the data in the regisiter or indirectly load the register with the address of the value when we execute LDI. Example: x3000 LDI R6, far x3001 ...(some command) x3002 ...(some command) x3003 far x6000 ... x6000 xf000 what is the data in R6 after excecuting x3000? 回答1: well take this for example .orig x3000 LDI R6, far ADD R0,R0,#0 ADD R0,R0,#0 far .fill x6000 .end assemble and dump hexdump -C test.obj 00000000 30

问题 I'd like to instrument syscall brk (and other calls but this in first order, it's most important to me) in given binary (preferably on actual syscall/sysenter level (x86-64 and x86) of making sys_brk call). Main goal: A part of sandbox which gives fixed amount of memory to jailed process So, I'd like to get rid of brk system calls (and most preferably others in next order) and simulate memory allocations under fixed limit . Fixed limit is memory space, available to program. (You can think

问题 If you look at documentation of operations like cmp, test, add, sub, and and, you will notice that operations that involve register EAX and its 16 and 8 bit variants as the first operand have a distinct opcode which is different from the "general case" version of these instructions. Is this separate opcode merely a way to save code space, is it at all more efficient than the general-case opcode, or is it just some relic of the past that isn't worth shaking off for compatibility reasons? 回答1:

问题 If you look at documentation of operations like cmp, test, add, sub, and and, you will notice that operations that involve register EAX and its 16 and 8 bit variants as the first operand have a distinct opcode which is different from the "general case" version of these instructions. Is this separate opcode merely a way to save code space, is it at all more efficient than the general-case opcode, or is it just some relic of the past that isn't worth shaking off for compatibility reasons? 回答1:

问题 I am trying to write a program that takes a .class file and collects all the methods of the .class file as well as the contents of each method. Here is my code public class ClassReaderTest1 { public static void main(String[] args) throws Exception{ InputStream in = new FileInputStream("*.class"); ClassReader reader = new ClassReader(in); ClassNode classNode = new ClassNode(); reader.accept(classNode,0); @SuppressWarnings("unchecked") final List<MethodNode> methods = classNode.methods; for

问题 I have the following code (after producing the listing file, written for intel 80x86): 1 global _start 2 3 section .data 4 00000000 03000000 x: dd 3 5 6 ;section .text 7 8 _start: 9 00000004 8B0D[00000000] mov ecx, [x] 10 0000000A 000D[16000000] r: add byte [l+6], cl 11 00000010 C605[00000000]30 l: mov byte [x], 48 12 00000017 51 push ecx 13 00000018 B804000000 mov eax, 4 ; For "Write" system call 14 0000001D BB01000000 mov ebx, 1 ; to standard output 15 00000022 B9[00000000] mov ecx, x ;

问题 I have the following code (after producing the listing file, written for intel 80x86): 1 global _start 2 3 section .data 4 00000000 03000000 x: dd 3 5 6 ;section .text 7 8 _start: 9 00000004 8B0D[00000000] mov ecx, [x] 10 0000000A 000D[16000000] r: add byte [l+6], cl 11 00000010 C605[00000000]30 l: mov byte [x], 48 12 00000017 51 push ecx 13 00000018 B804000000 mov eax, 4 ; For "Write" system call 14 0000001D BB01000000 mov ebx, 1 ; to standard output 15 00000022 B9[00000000] mov ecx, x ;

问题 Suppose I have the following code: public class Class1 { private Class2 obj; public void MethodA() { var class2 = new Class2(); class2.PropertyI = 2; obj = MethodB(class2); } public Class2 MethodB(Class2 class2) { return class2; } } public class Class2 { public int PropertyI { get; set; } } The generated IL code from compiling with Visual Studio 2010 as a .NET 2.0 assembly is the following: .method public hidebysig instance void MethodA() cil managed { .maxstack 3 .locals init ( [0] class