Loops
Introduction
In the previous article, we discussed how if statements can be spotted in the disassembly of a binary. We learned that if conditions are translated to conditional jumps when exploring the disassembly.
In this article, we will explore how for and while loops are translated in assembly.
For loops
Let us begin by taking a simple for loop as an example. The following program iterates through the values 0 to 6 and prints them using the printf statement.
#include <stdio.h> void main() { int i; for (i=0; i<7; i++){ printf(“value of a is %dn”, i); } } |
Figure 1
When the preceding program is executed, we will see the following output.
Figure 2
For loops have the following syntax in C.
for(initialization, condition, increment/decrement) { //code to be executed until the condition fails. } |
Figure 3
In our case, the variable i is initialized to 0. The condition verifies if the value of i is less than 7. Finally, i is incremented by 1 after the statements are executed.
Spotting these initialization, condition and increment/decrement blocks in assembly can help us spotting for loops in assembly.
Let us open the executable in a debugger and observe what the disassembly looks like.
PUSH EBP MOV EBP,ESP AND ESP,FFFFFFF0 SUB ESP,20 CALL for.004015E0 MOV DWORD PTR SS:[ESP+1C],0 JMP SHORT for.00401541 MOV EAX,DWORD PTR SS:[ESP+1C] ; | MOV DWORD PTR SS:[ESP+4],EAX ; | MOV DWORD PTR SS:[ESP],for.00404000 ; |ASCII “value of a is %d” CALL <JMP.&msvcrt.printf> ; printf ADD DWORD PTR SS:[ESP+1C],1 CMP DWORD PTR SS:[ESP+1C],6 JLE SHORT for.00401528 NOP LEAVE RETN |
Figure 4
In the preceding excerpt, the following instruction is used for initialization:
MOV DWORD PTR SS:[ESP+1C],0 |
Figure 5
In one of the previous articles, we (Read more...)
*** This is a Security Bloggers Network syndicated blog from Infosec Resources authored by Srinivas. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/UtK1qxOn1pk/