[EXERCISE 0005] Mad #define constant

Published: November 17, 2009Posted in: The Binary Auditor™ Short ExercisesTags: constant, define, exercise, variable

I really hate this. All I did was a simple #define in the C++ code and some very few lines of code (actually 4). Whatever… looking at the IDA output I am lost. What the hell is the code doing here? Can you help us to understand the code?

.text:00401000 _main proc near
.text:00401000
.text:00401000 var_10= qword ptr -10h
.text:00401000 var_8= qword ptr -8
.text:00401000 argc= dword ptr  8
.text:00401000 argv= dword ptr  0Ch
.text:00401000 envp= dword ptr  10h
.text:00401000
.text:00401000 push    ebp
.text:00401001 mov     ebp, esp
.text:00401003 sub     esp, 10h
.text:00401006 fld     ds:__real@4014000000000000
.text:0040100C fstp    [ebp+var_10]
.text:0040100F fld     ds:__real@401921f9f01b866e
.text:00401015 fmul    [ebp+var_10]
.text:00401018 fstp    [ebp+var_8]
.text:0040101B xor     eax, eax
.text:0040101D mov     esp, ebp
.text:0040101F pop     ebp
.text:00401020 retn
.text:00401020 _main e

3 Comments

algemy

Posted November 20, 2009 at 6:13 PM

ok, I have to admit I am a little confuse on this one. So this is what I have so far:

.text:00401000 _main proc near
.text:00401000
.text:00401000 var_10= qword ptr -10h ;double int var_10
.text:00401000 var_8= qword ptr -8 ;double int var_8
.text:00401000 argc= dword ptr 8 ;int *argc
.text:00401000 argv= dword ptr 0Ch ;char *argv
.text:00401000 envp= dword ptr 10h
.text:00401000
.text:00401000 push ebp
.text:00401001 mov ebp, esp
.text:00401003 sub esp, 10h
.text:00401006 fld
ds:__real@4014000000000000 ;loads values the values located at 4014000000000000 into a stack
.text:0040100C fstp [ebp+var_10] ;copies the values on the top of the floating point register stack to another floating point register, thus it pop var_10
.text:0040100F fld ds:__real@401921f9f01b866e ;loads the value located at 401921f9f01b866e into the stack
.text:00401015 fmul [ebp+var_10] ;multiplies two floating point values: var_8 = var_8*var_10
.text:00401018 fstp[ebp+var_8]
.text:0040101B xor eax, eax
.text:0040101D mov esp, ebp
.text:0040101F pop ebp
.text:00401020 retn
.text:00401020 _main e
zork

Posted December 10, 2009 at 5:13 AM

How about

#define PI 3.14159265
#define PI2 (2 * PI)

int main() {
double var_10 = 1.0;
double var_8 = PI2 * var_10;
return 0;
}
Mike

Posted January 1, 2010 at 4:59 PM

The code looks correct, but if this is lifted from the modules, it looks like the first constant is 5.0, not pi. In my binary I have 5.0 and 6.28318 (2*PI).

GET INFORMED!
FREE MODULES

Free The Binary Auditor™ modules for self study include C++ and Assembly Language Fundamentals, HLL Mapping, Manual Decompilation, Algorithm Analysis, Crash Analysis, Copy Protection Analysis, Basic Malware Analysis, Vulnerability Analysis, Basic Unpacking, Advanced Malware Analysis, Advanced Unpacking, Professional Malware Analysis, Professional Unpacking, God-Like Protection Analysis. Get the modules here...
WHERE ARE THE SOLUTIONS?

The Binary Auditor™ Modules do not include solutions at the moment. You should work on the free exercises and try to analyze and solve them on your own. At some day we might start to add the solutions either as single PDF or as a growing body (book) of knowledge. You should check from time to time the The Binary Auditor™ Modules. Goal of this project is to motivate people to think on their own and not to feed them with a ready made meal! Take it as a challenge to learn for your knowledge.
RECENT POSTS
RECENT COMMENTS
- vince on [EXERCISE 0001] Simple manual decompilation exercise for beginners
- Carl Federer on [EXERCISE 0001] Simple manual decompilation exercise for beginners
- SanjoX on [EXERCISE 0002] Simple manual decompilation exercise for beginners – Part 2
- Mike on [EXERCISE 0011] Time Shift
- Mike on [EXERCISE 0005] Mad #define constant

[EXERCISE 0005] Mad #define constant

3 Comments

Leave a Reply

GET INFORMED!

FREE MODULES

WHERE ARE THE SOLUTIONS?

RECENT POSTS

RECENT COMMENTS

Copyright