출처: http://vallista.tistory.com/entry/Syntax-Highlighter-티스토리에서-코드-이쁘게-넣기 [VallistA]>

'reversing/개념 및 내용'에 해당되는 글 4건

  1. 2019.03.26 Reversing.kr ImagePrc
  2. 2019.02.28 32bit 파일 실행가능하게 해주는 코드
  3. 2019.02.21 코드가상화
  4. 2019.01.29 IA32 processors 어셈블리 명령어모음

Reversing.kr ImagePrc

reversing/개념 및 내용
posted by ddanss 2019. 3. 26. 13:43
728x90

1. GetSystemMetrics

- int GetSystemMetrics(int nIndex)

- nIndex에 사용하능 한 값은 SM_으로 시작 하는 상수들이며 100가지가 넘음

- ex1) SM_CXSCREEN : 현재 화면 해상도의 X축 크기를 Pixel 단위로 얻는다.

- ex2) SM_CYSCREEN

 

2. ShowWindow (Windows.h, Winuser.h)

- BOOL ShowWindow(HWND hwnd, int nCmdShow)

- hnwd에는 핸들값

- nCmdShow에는 윈도우를 어떻게 통제할지

- return 값은 SW_HIDE면 0, 나머지는 0이 아닌 상수

 

3. GetMessage (Windows.h, Winuser.h)

- BOOL GetMessage(LPMSG lpmsg, HWND hwnd, UINT wMsgFilterMin, UINT wMsgFilterMax)

- lpmsg는 메세지 받는 msg 구조체 포인터

- hnwd는 메세지 되찾아오는(?) 검색하는(?) 핸들

- wMsgFilterMin : 가장 낮은 메세지 정수값

- wMsgFilterMax : 가장 높은 메시지 정수값

 

4. TranslateMessage (Windows.h, Winuser.h)
- BOOL TranslageMessage(const MSG *lpmsg)

- 입력된 키 문자열로 변환

 

5. DispatchMessage (Windows.h, Winuser.h)
- LRESULT DispatchMessage(const MSG * lpmsg)

- 메세지 루프는 이 함수를 통해 메세지들을 해당 메시지가 전달되어야 하는 윈도우의 "윈도우 프로시져"에 전달함으로써 메시지를 전파시킴

 

6. BeginPaint (Windows.h, Winuser.h)
- HDC BeginPaint (HWND hwnd, LPPAINTSTRUCT lpPaint)

- lpPaint : 그림그리는 정보를 받는 PAINTSTRUCT 포인터

- 성공시 핸들값 반환

 

7. BITBlt (Windows.h, Winuser.h)

- BOOL BitBlt ( HDC hdcDest, int nXDest, int nYDest, int nWidth, int nHeight, HDC hdcSrc, int nXSrc, int nYSrc, DWORD dwRop)

- hdcDest : 이미지를 출력할 위치의 핸들

- nXDest, nYDest : 이미지를 출력할 위치인 x,y 좌표

- nWidth, nHeight : 원본 이미지의 너비, 높이 - 이 크기만큼 원본 이미지에서 잘라와 그린다.

- hdcSrc : 이미지의 핸들

- nXSrc, xnYSrc : 가져올 이미지의 시작지점인 x,y 좌표 - 이 위치부터 nWidth, nHeight만큼 이지리를 잘라온다.

- dwRop : 이미지의 출력방법 (ex : SRCCOPY : 원본이 이미지 출력)

 

8. EndPaint

- BOOL EndPaint ( HWND hWnd, const PAINTSTRUCT *lpPaint)

- hWnd : 다시 그려지는 윈도우에 대한 핸들

- lpPaint : BeginPaint 정보를 되찾는 것을 포함하는 PAINTSTRUCT 포인터

 

9. MoveToEx (wingdi.h, Windows.h)

- BOOL MoveToEx (HDC hdc, int X, int Y, LPPOINT lpPoint);

- hdc : DC핸들

- X : 새 현재 위치의 X좌표, 논리 좌표

- Y : 새 현재 위치의 Y좌표, 논리 좌표

- lpPoint : 이전 현재 좌표를 돌려받귀 위한 POINT구조체 포인터, 이전 좌표가 필요없으면 NULL을 전달해 준다.

- 성공시 nonzero, 실패시 0 리턴

 

10 LineTo (wingdi.h, Windows.h)

- BOOL LineTo (HDC hdc, int nXEnd, int nYEnd)

- hdc : DC핸들

- nXEnd : 끝점의 X좌표, 논리 좌표

- nYEnd : 끝점의 Y좌표, 논리 좌표

- 성공시 nonzero, 실패시 0 리턴

 

9,10번은 세트로 보면 된다.

MoveToEx(hdc, A,B,NULL) - LineTo(hdc, C, D)

(A,B) 지점에서 (C,D)지점까지 선을 그어준다.

 

11. InvalidateRect (

- BOOL InvalidateRect ( HWND, hWnd, CONST RECT *lpRect, BOOL bErase )

- 윈도우의 일부분을 무효화 시켜주는 함수

- hwnd : 개인되어야 할 영역을 지니고 있는 윈도우의 핸들

- lpRect : 갱신되어야 할 영역의 정보를 담고 잇는 RECT구조체 변수의 포인터

- bErase : 무효화 영역을 갱신시켜줄 시 무효ㅇ화 영역의 Background를 지워야하는 지에 대한 여부를 의미하는 변수

 

HDC memDC = CreateCompatibleDC ( hDC );
    HBITMAP memBM = CreateCompatibleBitmap ( hDC, nWidth, nHeight );
    SelectObject ( memDC, memBM );

 

BOOL Rectangle(  HDC hdc,  int left,  int top, int right,  int bottom);

 

 

MoveToEx

LineTo

InvalidateRect

MoveToEx

LineTo

InvalidateRect

BeginPaint

BitBlt

EndPaint

반응형

'reversing > 개념 및 내용' 카테고리의 다른 글

32bit 파일 실행가능하게 해주는 코드  (0) 2019.02.28
코드가상화  (0) 2019.02.21
IA32 processors 어셈블리 명령어모음  (0) 2019.01.29

32bit 파일 실행가능하게 해주는 코드

reversing/개념 및 내용
posted by ddanss 2019. 2. 28. 12:01
728x90

sudo dpkg --add-architecture i386
sudo apt-get update
sudo apt-get install libc6:i386 libncurses5:i386 libstdc++6:i386

 

 

 

./file-name

반응형

'reversing > 개념 및 내용' 카테고리의 다른 글

Reversing.kr ImagePrc  (0) 2019.03.26
코드가상화  (0) 2019.02.21
IA32 processors 어셈블리 명령어모음  (0) 2019.01.29

코드가상화

reversing/개념 및 내용
posted by ddanss 2019. 2. 21. 13:14
728x90

Code Virtualized.pdf

Design and Implementation of Virtualized Code Protection(VCP) [foryou2008].pdf

코드_가상화_기법이_적용된_악성코드_분석_방법_연구_위탁과제_최종보고서.pdf

 

반응형

'reversing > 개념 및 내용' 카테고리의 다른 글

Reversing.kr ImagePrc  (0) 2019.03.26
32bit 파일 실행가능하게 해주는 코드  (0) 2019.02.28
IA32 processors 어셈블리 명령어모음  (0) 2019.01.29

IA32 processors 어셈블리 명령어모음

reversing/개념 및 내용
posted by ddanss 2019. 1. 29. 12:27
728x90

IA32 processors 어셈블리 명령어모음

1. GENERAL-PURPOSE INSTRUCTIONS ; All IA32 processors

The general-purpose instructions preform basic data movement, arithmetic, logic, program flow, and string operations that programmers commonly use to write application and system software to run on IA32 processors. They operate on data contained in memory, in the general-purpose register(EAX, EBX, ECX, EDX, EDI, ESI, EBP, and ESP) and in the EFLAGS register. They also operate on address information contained in memory, the general-purpose registers, and the segment regiters (CS, DX, SS, ES, FS, and GS). This group of instructions includes the following subgroups: data transfer, binary integer arithmetic, decimal arithmetic, logic operations, shift and rotate, bit and byte operations, program control, string, flag control, segment register operations, and miscellaneous.

1.1 Data Transfer Instructions
The data transfer instructions move data between memory and the general-purpose and segment registers. They also preform specific operations such as conditional moves, stack access, and data conversion.

MOV - Move data between general-purpose registers; move data between memory and general-purpose or segment register; move immediates to general-purpose registers.
CMOVE/CMOVZ - Conditional move if equal/Conditional move if zero
CMOVNE/CMOVNZ - Conditional move if not equal/Conditional move if not zero
CMOVA/CMOVNBE - Conditional move if above/Conditional move if now below or equal
CMOVAE/CMOVNB - Conditional move if above or equal/Conditional move if not below
CMOVB/CMOVNAE - Conditional move if below/Conditional move if not above or equal
CMOVBE/CMOVNA - Conditional move if below or equal/Conditional move if not above
CMOVG/CMOVNLE - Conditional move if greater/Conditional move if not less or equal
CMOVGE/CMOVNL - Conditional move if greater or equal/Conditional move if not less
CMOVL/CMOVNGE - Conditional move if less/Conditional move if not greater or equal
CMOVLE/CMOVNG - Conditional move if less or equal/Conditional move if not greater
CMOVC - Conditional move if carry
CMOVNC - Conditional move if not carry
CMOVO - Conditional move if overflow
CMOVNO - Conditional move if not overflow
CMOVS - Conditional move if sign(negative)
CMOVNS - Conditional move if not sign(non-negative)
CMOVP/CMOVPE - Conditional move if parity/Conditional move if parity even
CMOVNP/CMOVPO - Conditional move if not parity/Conditional move if parity odd
XCHG - Exchange
BSWAP - Byte swap
XADD - Exchange and add
CMPXCHG - Compare and exchange
CMPXCHG8B - Compare and exchange 8 bytes
PUSH - Push onto stack
POP - Pop off of stack
PUSHA/PUSHAD - Push general-purpose registers onto stack
POPA/POPAD - Pop general-pupose registers from stack
CWD/CDQ - Convert word to doubleword/Convert doubleword to quadword
CBW/CWDE - Convert byte to word/Convert word to doubleword in EAX register
MOVSX - Move and sign extend
MOVZX - Move and zero extend

1.2 Binary Arithmetic Instuctions
The binary arithmetic instructions perform basic binary integer computaions on byte, word, and doubleword integers located in memory and/or the general purpose registers.

ADD - Integer add
ADC - Add with carry
SUB - Subtract
SBB - Subtract with borrow
IMUL - Signed multiply
MUL - Unsigned multiply
IDIV - Signed divide
DIV - Unsigned divide
INC - Increment
DEC - Decrement
NEG - Negate
CMP - Compare

1.3 Decimal Arithmetic Instructions
The decimal arithmetic instructions perform decimal arithmetic on binary coded decimal(BCD) data.

DAA - Decimal adjust after addition
DAS - Decimal adjust after subtraction
AAA - ASCII adjust after addition
AAS - ASCII adjust after subtarction
AAM - ASCII adjust after multiplication
AAD - ASCII adjust before division

1.4 Logical Instructions
The logical instructions perform basic AND, OR, XOR, and NOT logical operations on byte, word, and doubleword values.

AND - Perform bitwise logical AND
OR - Perform bitwise logical OR
XOR - Perform bitwise logical exclusive OR
NOT - Perform bitwise logical NOT

1.5 Shift and Rotate Instructions
The shift and rotate instructions shift and rotate the bits in word and doubleword operands.

SAR - Shift arithmetic right
SHR - Shift logical right
SAL/SHL - Shift arithmetic left/Shift logical left
SHRD - Shift right double
SHLD - Shift left double
ROR - Rotate right
ROL - Rotate left
RCR - Rotate through carry right
RCL - Rotate through carry left

1.6 Bit and Byte Instructions
Bit Instructions test and modify individual bits in word and doubleword operands. Byte instructions set the value of a byte operand to indicate the status of flags in the EFLAGS register.

BT - Bit test
BTS - Bit test and set
BTR - BIt test and reset
BTC - Bit test and complement
BSF - Bit scan forward
BSR - Bit scan reverse
SETE/SETZ - Set byte if equal/Set byte if zero
SETNE/SETNZ - Set byte if not equal/Set byte if not zero
SETA/SETNBE - Set byte if above/Set byte if not below or equal
SETAE/SETNB/SETNC - Set byte if above/Set byte if not below or equal/Set byte if now carry
SETB/SETNAE/SETC - Set byte if below/Set byte if not above or equal/Set byte if carry
SETBE/SETNA - Set byte if below or equal/Set byte if not above
SETG/SETNLE - Set byte if greater/Set byte if not less or equal
SETGE/SETNL - Set byte if greater or equal/Set byte if not less
SETL/SETNGE - Set byte if less/Set byte if not greater or equal
SETLE/SETNG - Set byte if less or equal/Set byte if not greater
SETS - Set byte if sign(negative)
SETNS - Set byte if not sign(non-negative)
SETO - Set byte if overflow
SETNO - Set byte if now overflow
SETPE/SETP - Set byte if parity even/Set byte if parity
SETPO/SETNP - Set byte if parity odd/Set byte if now parity
TEST - Logical compare

1.7 Control Transfer Instructions
The control transfer instructions provide jump, conditional jump, loop, and call and return operations to control programs flow.

JMP - Jump
JE/JZ - Jump if equal/Jump if zero
JNE/JNZ - Jump if not equal/Jump if not zero
JA/JNBE - Jump if above/Jump if not below or equal
JAE/JMB - Jump if above or equal/Jump if not below
JB/JNAE - Jump if below/Jump if not above or equal
JBE/JNA - Jump if below or equal/Jump if not above
JG/JNLE - Jump if greater/Jump if not less or equal
JGE/JNL - Jump if greater or equal/Jump if not less
JL/JNGE - Jump if less/Jump if not greater or equal
JLE/JMG - Jump if less or equal/Jump if not greater
JC - Jump if carry
JNC - Jump if not carry
JO - Jump if overflow
JNO - Jump if not overflow
JS - Jump if sign(negative)
JNS - Jump of not sign(non-negative)
JPO/JNP - Jump if parity odd/Jump if not parity
JPE/JP - Jump if parity even/Jump if parity
JCXZ/JECXZ - Jump register CX zero/Jump register ECX zero
LOOP - Loop with ECX counter
LOOPZ/LOOPE - Loop with ECX and zero/Loop with ECX and equal
LOOPNZ/LOOPNE - Loop with ECX and not zero/Loop with ECX and not equal
CALL - Call procedure
RET - Return
IRET - Return from interrupt
INT - Software interrupt
INTO - Interrupt on overflow
BOUND - Detect value out of range
ENTER - High-level procedure entry
LEAVE - High-level procedure exit

1.8 String Instructions
The string instructions operate on strings of buytes, allowing them to be moved to and from memory.

MOVS/MOVSB - Move string/Move byte string
MOVS/MOVSW - Move string/Move word string
MOVS/MOVSD - Move string/Move doubleword string
CMPS/CMPSB - Compare string/Compare byte string
CMPS/CMPSW - Compare string/Compare word string
CMPS/CMPSD - Compare string/Compare doubleword string
SCAS/SCASB - Scan string/Scan byte string
SCAS/SCASW - Scan string/Scan word string
SCAS/SCASD - Scan string/Scan doubleword string
LODS/LODSB - Load string/Load byte string
LODS/LODSW - Load string/Load word string
LODS/LODSD - Load string/Load doubleword string
STOS/STOSB - Store string/Store byte string
STOS/STOSW - Store string/Store word string
STOS/STOSD - Store string/Store doubleword string
REP - Repeat while ECX not zero
REPE/REPZ - Repeat while equal/Repeat while zero
REPNE/REPNZ - Repeat while not equal/Repeat while not zero

1.9 I/O Instructions
These instructions move data between the processor's I/O ports and a register or memory.

IN - Read from a port
OUT - Write to a port
INS/INSB - Input string from port/Input byte string from port
INS/INSW - Input string from port/Input word string from port
INS/INSD - Input string from port/Input doubleword string from port
OUTS/OUTSB - Output string to port/Output byte string to port
OUTS/OUTSW - Output string to port/Output word string to port
OUTS/OUTSD - Output string to port/Output doubleword string to port

1.10 Enter and Leave Instructions
These instructions provide machine-language support for procedure calls in block-structured language.

ENTER - High-level procedure entry
LEAVE - High-level procedure exit

1.11 Flag Control(EFLAG) Instructions
The flag control instructions operate on the flags in the EFLAGS register.

STC - Set carry flag
CLC - Clear the carry flag
CMC - Complement the carry flag
CLD - Clear the direction flag
STD - Set direction flag
LAHF - Load flags into AH register
SAHF - Store AH register info flags
PUSHF/PUSHFD - Push EFLAGS onto stack
POPF/POPFD - Pop EFLAGS from stack
STI - Set interrupt flag
CLI - Clear the interrupt flag

1.12 Segment Register Instructions
The segment register instruction allow far pointers (segment addresses) to be loaded into the segment registers.

LDS - Load far pointer using DS
LES - Load far pointer using ES
LFS - Load far pointer using FS
LGS - Load far pointer using GS
LSS - Load far pointer using SS

1.13 Miscellaneous Instructions
The miscellaneous instructions provide such functions as loading an effective address, executing a "no-operation," and retrieving processor identification information.

LEA - Load effective adress
NOP - No operation
UD2 - Undefined instruction
XLAT/XLATB - Table lookup translation
CPUID - Processor Identification


2. X87 FPU INSTRUCTIONS

The x87 FPU instructions are executed by the processor's x87 FPU. These instructions operate on floating-point, integer, and binary-coded decimal(BCD) operands.
These instructions are divided into the following subgroups: data transfer, load constants, and FPU control instructions. The sections that follow introduce each subgroup.

2.1 x87 FPU Data Transfer Instructions
The data transfer instructions move floating-point, integer and BCD values between memory and the x87 FPU registers. They also perform conditional move operations on floating-point operands.

FLD - Load floating-point value
FST - Store floating-point value
FSTP - Store floating-poing value and pop
FILD - Load integer
FIST - Store integer
FISTP - Store integer and pop (SSE3 provides an instruction FISTTP for integer conversion)
FBLD - Load BCD
FBSTP - Store BCD and pop
FXCH - Exchange registers
FCMOVE - Floating-point conditional move if equal
FCMOVNE - Floating-point conditional move if not equal
FCMOVB - Floating-point conditional move if below
FCMOVBE - Floating-point conditional move if below or equal
FCMOVNB - Floating-point conditional move if not below
FCMOVNBE - Floating-point conditional move if not below or equal
FCMOVU - Floating-point conditional move if unordered
FCMOVNU - Floating-point conditional move if not unordered

2.2 x87 FPU Basic Arithmetic Instuctions
The basic arithmetic instructions perform basic arithmetic operations on floating-point and integer operands.

FADD - Add floating-point
FADDP - Add floating-point and pop
FIADD - Add integer
FSUB - Subtract floating-point
FSUBP - Subtract floating-point and pop
FISUB - Subtract integer
FSUBR - Subtract floating-point reverse
FSUBRP - Subtract floating-point reverse and pop
FISUBR - Subtract integer reverse
FMUL - Multiply floating-point
FMULP - Multiplu floating-point and pop
FDIV - Divide floating-point
FDIVP - Divide floating-point and pop
FIDIV - Divide integer
FDIVR - Divide floating-point reverse
FDIVRP - Divide floating-point reverse and pop
FIDIVR - Divide integer reverse
FPREM - Partial remainder
FPREM1 - IEEE Partial remainder
FABS - Absolute value
FCHS - Change sign
FRNDINT - Round to integer
FSCALE - Scale bu power of two
FSQRT - Square root
FXTRACT - Extract exponent and significand

2.3 x87 FPU Comparision Instructions
The compare instructions examine or compare floating-point or integer oprands.

FCOM - Compare floating-point
FCOMP - Compart floating-point and pop
FCOMPP - Compart floating-point and pop twice
FUCOM - Unordered compare floating-point
FUCOMP - Unordered compare floating-point and pop
FUCOMPP - Unordered compare floating-point and pop twice
FICOM - Compare integer
FICOMP - Compare integer and pop
FCOMI - Compare floating-point and set EFLAGS
FUCOMI - Unordered compare floating-point and set EFLAGS
FCOMIP - Compare floating-point, set EFLAGS, and pop
FUCOMIP - Unordered compare floating-point, set EFLAGS, and pop
FTST - Test floating-point (compare with 0.0)
FXAM - Examine floating-point

2.4 x87 FPU Transcendental Instructions
The transcendental instructions perform basic trigonometric and logarithmic operations on floating-point operands.

FSIN - Sine
FCOS - Cosine
FSINCOS - Sin and cosine
FPTAN - Partial tangent
FPATAN - Partial arctangent
F2XM1 - 2^x - 1
FYL2X - y * log2 x
FYL2XP1 - y * log2 (x + 1)

2.5 x87 FPU Load Constants Instructions
The load constants instructions load common constants, such as pie, into the x87 floating-point registers.

FLD1 - Load +1.0
FLDZ - Load +0.0
FLDPI - Load pie
FLDL2E - Load log2 e
FLDLN2 - Load loge 2
FLDL2T - Load log2 10
FLDLG2 - Load log10 2

2.6 x87 FPU Control Instructions
The x87 FPU control instructions operate on the x87 FPU register stack and sage and restore the x87 FPU state.

FINCSTP - Increment FPU register stack pointer
FDECSTP - Decrement FPU fegister stack pointer
FFREE - Free floating-point register
FINIT - Initialize FPU after checking error conditions
FNINIT - Initialize FPU without checking error conditiions
FCLEX - Clear floating-point exception flags after checking for error conditions
FNCLEX - Clear floating-point exception flags without checking for error conditions
FSTCW - Store FPU control word after checking error conditions
FNSTCW - Store FPU control word without checking error conditions
FLDCW - Load CPU control word
FSTENV - Store FPU environment after checking error conditions
FNSTENV - Store FPU environment without checking error conditions
FLDENV - Load FPU environment
FSAVE - Save FPU state after checking error conditions
FNSAVE - Save FPU state without checking error conditions
FRSTOR - Restore FPU state
FSTSW - Store FPU status word after checking error conditions
FNSTSW - Store FPU status word without checking error conditions
WAIT/FWAIT - Wait for FPU
FNOP - FPU no operation


3. X87 FPU AND SIMD STATE MANAGEMENT INSTRUCTIONS
Two state management instructions were introduced into the IA-32 architecture with the Pentium II processor family:

FXSAVE - Save x87 FPU and SIMD state
FXRTOR - Restore x87 Fpu and SIMD state

Initially, these instruction opreated only on the x87 FPU (and MMX) registers to perform a fast save and restore, respectively, of the x87 FPU and MMX state. With the introduction of SSE extensions in the Pentium III precessor family, these instructions were expanded to also save and restore the state of the XMM and MXCSR registers
[출처] IA32 processors 어셈블리 명령어모음|작성자 량
반응형

'reversing > 개념 및 내용' 카테고리의 다른 글

Reversing.kr ImagePrc  (0) 2019.03.26
32bit 파일 실행가능하게 해주는 코드  (0) 2019.02.28
코드가상화  (0) 2019.02.21

티스토리툴바