This time you are in need to download a small file to do your analysis. Fire it up in IDA Pro and tell me what is happening here? Remember: Something floating around…
[EXERCISE 0011] Time Shift
One step to the left, one step to the right. Hmmm… This small code snippet seems to do something within loops. Try to figure out WHAT it is doing and please: provide a C++ or pseudo code of your analysis! Manual decompilation rocks!
[EXERCISE 0010] All are equal?
Ok, next one. This time we focus on operators. In this case we need a screenshot instead of code only. Help me: what is this code doing?
[EXERCISE 0009] Compound assignments
The compound assignment operators consist of a binary operator and the simple assignment operator. They perform the operation of the binary operator on both operands and store the result of that operation into the left operand, which must be a modifiable lvalue. So lets go: transform this snippet back to C++ code!
[EXERCISE 0008] WTF? Where is my modulo?
Damn it. Just installed Visual Studio and did a simple compile. Have a look at my source! What the hell is doing Visual Studio with my code? Maybe you can guess why I got this difference between source and binary?
[EXERCISE 0007] Simple math operations
Ah, math. What a beautiful discipline. Lots of math is used within application development. Understandable in C++ might be problematic in assembly code. This exercise is not a problem at all, just some few math lines which are not complicated. Anyway, it is very important that you start playing such little math game if we later dig into cryptographic schemes. So tell me: what is this code doing?
[EXERCISE 0006] Very simple one
This one is a very simple one and for the beginners. Translate the following code to C++ or pseudocode. Do this line by line adding explanation what is going on here!
[EXERCISE 0005] Mad #define constant
I really hate this. All I did was a simple #define in the C++ code and some very few lines of code (actually 4). Whatever… looking at the IDA output I am lost. What the hell is the code doing here? Can you help us to understand the code?
[EXERCISE 0004] Identify Variables
One of the most important capabilities during binary auditing is to identify variables within assembly code. Sometimes such variables are not that clear to identify for beginners as it is by reading C++ code. This time we have a look at many different variables at once. What I can do is to give you some hints. The original source code contained: double, long double, unsigned char, signed char, unsigned long int, signed long int, unsigned short int, signed short int, unsigned int, signed int, bool, float, and wchar_t. Can you get which variable type is corresponding to which lines of the assembly code?
[EXERCISE 0003] Understanding RVAs and Import Tables
Import Libraries are dlls that an executable image are bound to. Much of windows core functionailty is found in Dlls that MS provides and is how applications interact with the base windows services.
[EXERCISE 0002] Simple manual decompilation exercise for beginners – Part 2
Your goal is to analyse the following compiler-generated assembly language code and understand how it works. It contains a very simple loop. You must retrieve the proper C/C++ code or pseudo code of this commented procedure. Your solution has to contain either a full commented C/C++ code or a detailed pseudo code describing the function of the above snippet.
[EXERCISE 0001] Simple manual decompilation exercise for beginners
Your goal is to analyse the following compiler-generated assembly language code and to understand how it works. You must retrieve the proper C/C++ code or pseudo code of this commented code. Your solution has to contain either a full commented C/C++ code or a detailed pseudo code describing the function of the above snippet.