ky-thuat-phan-tich-ma-doc__ch6-recognizing-c-constructs-in-assembly - [cuuduongthancong.com].pdf
VnQunMai
1 views
15 slides
Oct 25, 2025
Slide 1 of 15
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
About This Presentation
ky-thuat-phan-tich-ma-doc__ch6
Slide Content
Practical Malware Analysis
Ch 6: Recognizing C Constructs in
Assembly
Ch 6: Recognizing C Constructs in
Assembly
Function Call
Finding the Code in
IDA Pro
•IDA
shows
only the
entry
point
•Link Ch
6a
IDA Pro
•IDA
shows
only the
entry
point
•Link Ch
6a
Trick: Use Strings, then XREF
Disassembly
in IDA Pro
•4 arguments
for printf()
function
•Pushed onto
stack
•Reverse order
•calllaunches
function
in IDA Pro
•4 arguments
for printf()
function
•Pushed onto
stack
•Reverse order
•calllaunches
function
Global vs. Local Variables
•Global variables
–Available to any function in the program
•Local variables
–Defined in a function and only available to that
function
•Global variables
–Available to any function in the program
•Local variables
–Defined in a function and only available to that
function
Global vs. Local Variables
Global vs. Local Variables
Local –on stack
Local –on stack
Global –in memory
Local –on stack
Local –on stack
Global –in memory
Arithmetic Operations
Arithmetic Operations
Arithmetic Operations
Branching (if)
Branching (if)
Summary
•Finding the Code
–Strings, then XREF
•Function Call
–Arguments pushed onto stack
–Reverse order
–call
•Variables
–Global: in memory, available to all functions
–Local: on stack, only available to one function
•Finding the Code
–Strings, then XREF
•Function Call
–Arguments pushed onto stack
–Reverse order
–call
•Variables
–Global: in memory, available to all functions
–Local: on stack, only available to one function
Summary
•Arithmetic
–Move variables into registers
–Perform arithmetic (add, sub, idiv, etc.)
–Move results back into variables
•Branching
–Compare (cmp, test, etc.)
–Conditional jump (jz, jnz, etc.)
–Red arrow if false, green arrow if true
•Arithmetic
–Move variables into registers
–Perform arithmetic (add, sub, idiv, etc.)
–Move results back into variables
•Branching
–Compare (cmp, test, etc.)
–Conditional jump (jz, jnz, etc.)
–Red arrow if false, green arrow if true
Tags
Categories
TechnologyDownload
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 1
- Slides 15
- Age 38 days
Related Slideshows
11
8-top-ai-courses-for-customer-support-representatives-in-2025.pptx
JeroenErne2
46 views
10
7-essential-ai-courses-for-call-center-supervisors-in-2025.pptx
JeroenErne2
46 views
13
25-essential-ai-courses-for-user-support-specialists-in-2025.pptx
JeroenErne2
37 views
11
8-essential-ai-courses-for-insurance-customer-service-representatives-in-2025.pptx
JeroenErne2
34 views
21
Know for Certain
DaveSinNM
21 views
17
PPT OPD LES 3ertt4t4tqqqe23e3e3rq2qq232.pptx
novasedanayoga46
26 views