Question
Malware Analysis Homework Learning Objectives Can understand simple x86 machine instructions Can interpret arithmetic and shift operators Can interpret conditional jump statements Can interpret looping
Malware Analysis Homework
Learning Objectives
Can understand simple x86 machine instructions
Can interpret arithmetic and shift operators
Can interpret conditional jump statements
Can interpret looping constructs
Directions
Show the contents of the registers and memory after each of these short programs executes.
See https://www.felixcloutier.com/x86/ for unfamiliar instructions.
See https://www.calculator.net/hex-calculator.html for a hex calculator.
Problem #1:
- Assume rbp initially holds address 0x48000
- IDA set up these symbols for you
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
- Interpret this code
mov [rbp+var_4], 0Ah
mov [rbp+var_8], 14h
mov edx, [rbp+var_4]
mov eax, [rbp+var_8]
add eax, edx
mov [rbp+var_C], eax
mov eax, [rbp+var_8]
sub eax, [rbp+var_4]
mov [rbp+var_10], eax
mov eax, [rbp+var_4]
imul eax, [rbp+var_8]
mov [rbp+var_14], eax
mov eax, [rbp+var_14]
cdq
idiv [rbp+var_C]
mov [rbp+var_18], eax
mov eax, [rbp+var_8]
sar eax, 2
mov [rbp+var_1C], eax
- Show the results of executing the code in the registers and memory. Express your answers in hex.
Registers
eax |
|
ebx |
|
ecx |
|
edx |
|
rbp | 0x48000 |
Memory
0x47FDC |
|
0x47FE0 |
|
0x47FE4 |
|
0x47FE8 |
|
0x47FEC |
|
0x47FF0 |
|
0x47FF4 |
|
0x47FF8 |
|
0x47FFC |
|
0x48000 |
|
0x48004 |
|
0x48008 |
|
Step by Step Solution
There are 3 Steps involved in it
Step: 1
Get Instant Access to Expert-Tailored Solutions
See step-by-step solutions with expert insights and AI powered tools for academic success
Step: 2
Step: 3
Ace Your Homework with AI
Get the answers you need in no time with our AI-driven, step-by-step assistance
Get Started