SBN

Loops

Introduction

In the previous article, we discussed how if statements can be spotted in the disassembly of a binary. We learned that if conditions are translated to conditional jumps when exploring the disassembly. 

In this article, we will explore how for and while loops are translated in assembly.

For loops

Let us begin by taking a simple for loop as an example. The following program iterates through the values 0 to 6 and prints them using the printf statement.

#include <stdio.h>

void main()

{

int i;

for (i=0; i<7; i++){

printf(“value of a is %dn”, i);

}

}

Figure 1

When the preceding program is executed, we will see the following output.

Figure 2

For loops have the following syntax in C.

for(initialization, condition, increment/decrement)

{

   //code to be executed until the condition fails.

}

Figure 3

In our case, the variable i is initialized to 0. The condition verifies if the value of i is less than 7. Finally, i is incremented by 1 after the statements are executed.

Spotting these initialization, condition and increment/decrement blocks in assembly can help us spotting for loops in assembly.

Let us open the executable in a debugger and observe what the disassembly looks like.

PUSH EBP

MOV EBP,ESP

AND ESP,FFFFFFF0

SUB ESP,20

CALL for.004015E0

MOV DWORD PTR SS:[ESP+1C],0

JMP SHORT for.00401541

MOV EAX,DWORD PTR SS:[ESP+1C]    ; |

MOV DWORD PTR SS:[ESP+4],EAX     ; |

MOV DWORD PTR SS:[ESP],for.00404000  ; |ASCII “value of a is %d”

CALL <JMP.&msvcrt.printf>        ; printf

ADD DWORD PTR SS:[ESP+1C],1

CMP DWORD PTR SS:[ESP+1C],6

JLE SHORT for.00401528

NOP

LEAVE

RETN

Figure 4

In the preceding excerpt, the following instruction is used for initialization:

MOV DWORD PTR SS:[ESP+1C],0

Figure 5

In one of the previous articles, we (Read more...)

*** This is a Security Bloggers Network syndicated blog from Infosec Resources authored by Srinivas. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/UtK1qxOn1pk/