Question: Malware Analysis Homework Learning Objectives Can understand simple x86 machine instructions Can interpret arithmetic and shift operators Can interpret conditional jump statements Can interpret looping
Malware Analysis Homework
Learning Objectives
Can understand simple x86 machine instructions
Can interpret arithmetic and shift operators
Can interpret conditional jump statements
Can interpret looping constructs
Directions
Show the contents of the registers and memory after each of these short programs executes.
See https://www.felixcloutier.com/x86/ for unfamiliar instructions.
See https://www.calculator.net/hex-calculator.html for a hex calculator.
Problem #1:
- Assume rbp initially holds address 0x48000
- IDA set up these symbols for you
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
- Interpret this code
mov [rbp+var_4], 0Ah
mov [rbp+var_8], 14h
mov edx, [rbp+var_4]
mov eax, [rbp+var_8]
add eax, edx
mov [rbp+var_C], eax
mov eax, [rbp+var_8]
sub eax, [rbp+var_4]
mov [rbp+var_10], eax
mov eax, [rbp+var_4]
imul eax, [rbp+var_8]
mov [rbp+var_14], eax
mov eax, [rbp+var_14]
cdq
idiv [rbp+var_C]
mov [rbp+var_18], eax
mov eax, [rbp+var_8]
sar eax, 2
mov [rbp+var_1C], eax
- Show the results of executing the code in the registers and memory. Express your answers in hex.
Registers
| eax |
|
| ebx |
|
| ecx |
|
| edx |
|
| rbp | 0x48000 |
Memory
| 0x47FDC |
|
| 0x47FE0 |
|
| 0x47FE4 |
|
| 0x47FE8 |
|
| 0x47FEC |
|
| 0x47FF0 |
|
| 0x47FF4 |
|
| 0x47FF8 |
|
| 0x47FFC |
|
| 0x48000 |
|
| 0x48004 |
|
| 0x48008 |
|
Step by Step Solution
There are 3 Steps involved in it
Get step-by-step solutions from verified subject matter experts
Study Help