disassembly

问题 I have an old VB executable that has been used for a long time in my project. The current implementation of the application contains a debug window that's not needed any more. Of course, the source code was lost and can not be modified. My idea is to modify the HEX code of the instance that's opening the annoying debug window. For that purpose, I use VB Decompiler by DotFix software, and I suppose that I found the code responsible for that instance. Unfortunately, I can't understand how it

问题 As an intro to learning Arm assembly, I'm trying to recreate disassembled functions in a higher level language. However I'm confused by the following bit of assembly: 0000315e 2101 movs r1, #1 00003160 e8dff000 tbb [pc, r0] 00003164 030e lsls r6, r1, #12 00003166 0907 lsrs r7, r0, #4 00003168 050b lsls r3, r1, #20 0000316a 2106 movs r1, #6 0000316c e008 b.n 0x3180 0000316e 2102 movs r1, #2 00003170 e006 b.n 0x3180 00003172 2103 movs r1, #3 00003174 e004 b.n 0x3180 00003176 2104 movs r1, #4

问题 I was investigating some framework code (the System.AppDomain.GetDynamicDir method) and this was all the assembler showed: [MethodImpl(MethodImplOptions.InternalCall)] private extern string GetDynamicDir(); What happens when this method is called? I don't mean this specific method, but methods with this attribute in general. 回答1: From MSDN: MethodImplOptions.InternalCall : Specifies an internal call. An internal call is a call to a method that is implemented within the common language runtime

问题 I need to compare few function calls and signature between my application and an working application. Here I don't mean any way to reverse engineer or access the source code of the other application , but truly need to know what are the methods , Interfaces used by the working application. I tried attaching my application to Visual Studio and then , Start>Debug , but this doesn't provide any useful information. Any help. 回答1: Reflector Pro Visual Studio plug in can debug not only exe you

问题 I need a helping hand in order to understand the following assembly instruction. It seems to me that I am calling a address at someUnknownValue += 20994A? E8 32F6FFFF - call std::_Init_locks::operator=+20994A 回答1: Whatever you're using to obtain the disassembly is trying to be helpful, by giving the target of the call as an offset from some symbol that it knows about -- but given that the offset is so large, it's probably confused. The actual target of the call can be calculated as follows:

问题 Let's say I compiled the application below and stripped it's symbols. #include <stdio.h> int main() { printf("Hello\n"); } Build procedure: gcc -o hello hello.c strip --strip-unneeded hello If the application wasn't stripped, disassembling the main function would be easy. However, I have no idea how to disassemble the main function of a stripped application. (gdb) disas main No symbol table is loaded. Use the "file" command. (gdb) info line main Function "main" not defined. How could I do it?

问题 I have a binary file that I've disassembled using avr-objcopy. The interrupt vector table looks like: 00000000 : ; VECTOR TABLE 0: 13 c0 rjmp .+38 ; 0x28, RESET 2: b8 c1 rjmp .+880 ; 0x374, INT0 4: fd cf rjmp .-6 ; 0x0 6: fc cf rjmp .-8 ; 0x0 8: fb cf rjmp .-10 ; 0x0 a: fa cf rjmp .-12 ; 0x0 c: f9 cf rjmp .-14 ; 0x0 e: f8 cf rjmp .-16 ; 0x0 10: f7 cf rjmp .-18 ; 0x0 12: c7 c1 rjmp .+910 ; 0x3a2, TIMER1 OVF 14: f5 cf rjmp .-22 ; 0x0 16: f4 cf rjmp .-24 ; 0x0 18: f3 cf rjmp .-26 ; 0x0 1a: f2 cf

问题 I've been given the following task: Consider the following sequence of hexadecimal values: 55 89 E5 83 EC 08 83 E4 F0 31 C9 BA 01 00 00 00 B8 0D 00 00 00 01 D1 01 CA 48 79 F9 31 C0 C9 C3 This sequence of bytes represents a subroutine in Intel 80386 machine language in 32-bit mode. When the instructions in this subroutine are executed, they leave values in the registers %ecx and %edx. What are the values? What is the program in C that carries out the computation done by this subroutine, then

问题 I wrote a C program that just read/write a large array. I compiled the program with command gcc -O0 program.c -o program Out of curiosity, I dissemble the C program with objdump -S command. The code and assembly of the read_array and write_array functions are attached at the end of this question. I'm trying to interpret how gcc compiles the function. I used // to add my comments and questions Take one piece of the beginning of the assembly code of the write_array() function 4008c1: 48 89 7d

问题 I wrote a C program that just read/write a large array. I compiled the program with command gcc -O0 program.c -o program Out of curiosity, I dissemble the C program with objdump -S command. The code and assembly of the read_array and write_array functions are attached at the end of this question. I'm trying to interpret how gcc compiles the function. I used // to add my comments and questions Take one piece of the beginning of the assembly code of the write_array() function 4008c1: 48 89 7d