Variables
Introduction
Variables in C are data storage units that reserve space in the memory. There are different types of variables. Each type requires different amounts of memory, but the memory requirements are predetermined. Variables are further governed by sets of operations applied to them.
Below, we’ll discuss how to identify variables when analyzing executables. C code snippets are shown, as well as their assembly equivalents and how the stack is used when subroutines are called in a program.
Variables
Depending on where they are declared, variables are of two types — global variables and local variables. This is how they can be identified with a debugger.
Global variables
The Figure 1 C code snippet shows the use of global variables.
| #include <stdio.h> int a = 10; void main() { printf(“The value of a is %dn”, a); } |
Figure 1
When compiled, global variables are referenced by memory location as shown in the Figure 2 excerpt when opened in OllyDbg.
| PUSH EBP MOV EBP,ESP AND ESP,FFFFFFF0 SUB ESP,10 CALL global_v.004015D0 MOV EAX,DWORD PTR DS:[403004] ; | MOV DWORD PTR SS:[ESP+4],EAX ; | MOV DWORD PTR SS:[ESP],global_v.00404000 ; |ASCII “The value of a is %d” CALL <JMP.&msvcrt.printf> ; printf NOP LEAVE RETN |
Figure 2
The checked value referenced at 00403004, as shown in Figure 3.
| [00403004]=0000000A |
Figure 3
0000000A is the hex equivalent of 10, which is what is stored in variable “a” in the C program. This is verified using a debugger.
The preceding program needs to be executed to get a Windows 32-bit binary. A cross-compiler known as MinGW is used to produce a Windows 32-bit executable on a Kali Linux machine. The command in Figure 4 can be used to do (Read more...)
*** This is a Security Bloggers Network syndicated blog from Infosec Resources authored by Srinivas. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/W3vVJljBjDk/
