Link to home
Start Free TrialLog in
Avatar of wuyinzhi
wuyinzhiFlag for Indonesia

asked on

assembly flow

hi, i have these assembly code (copy paste from OllyDbg):

  
0042A222   > 8B45 90        MOV EAX,DWORD PTR SS:[EBP-70]
0042A225   . 40             INC EAX
0042A226   . 8945 90        MOV DWORD PTR SS:[EBP-70],EAX
0042A229   > 817D 90 F40100>CMP DWORD PTR SS:[EBP-70],1F4
0042A230   . 7D 54          JGE SHORT hexedit_.0042A286
0042A232   . 8B45 94        MOV EAX,DWORD PTR SS:[EBP-6C]
0042A235   . 0FBE00         MOVSX EAX,BYTE PTR DS:[EAX]
0042A238   . 83F8 4D        CMP EAX,4D
0042A23B   . 75 40          JNZ SHORT hexedit_.0042A27D
0042A23D   . 8B45 94        MOV EAX,DWORD PTR SS:[EBP-6C]
0042A240   . 0FB700         MOVZX EAX,WORD PTR DS:[EAX]
0042A243   . 3D 4D5A0000    CMP EAX,5A4D
0042A248   . 75 33          JNZ SHORT hexedit_.0042A27D
0042A24A   . 8B45 94        MOV EAX,DWORD PTR SS:[EBP-6C]
0042A24D   . 0FB740 02      MOVZX EAX,WORD PTR DS:[EAX+2]
0042A251   . 3D 90000000    CMP EAX,90
0042A256   . 75 25          JNZ SHORT hexedit_.0042A27D
0042A258   . 6A 00          PUSH 0
0042A25A   . 8D45 F8        LEA EAX,DWORD PTR SS:[EBP-8]
0042A25D   . 50             PUSH EAX
0042A25E   . 68 2D650100    PUSH 1652D
0042A263   . FF75 94        PUSH DWORD PTR SS:[EBP-6C]
0042A266   . FF75 DC        PUSH DWORD PTR SS:[EBP-24]
0042A269   . FF55 E8        CALL DWORD PTR SS:[EBP-18]
0042A26C   . FF75 DC        PUSH DWORD PTR SS:[EBP-24]
0042A26F   . FF55 F0        CALL DWORD PTR SS:[EBP-10]
0042A272   . 6A 05          PUSH 5
0042A274   . 8D45 A8        LEA EAX,DWORD PTR SS:[EBP-58]
0042A277   . 50             PUSH EAX
0042A278   . FF55 FC        CALL DWORD PTR SS:[EBP-4]
0042A27B   . EB 09          JMP SHORT hexedit_.0042A286
0042A27D   > 8B45 94        MOV EAX,DWORD PTR SS:[EBP-6C]
0042A280   . 40             INC EAX
0042A281   . 8945 94        MOV DWORD PTR SS:[EBP-6C],EAX
0042A284   .^EB 9C          JMP SHORT hexedit_.0042A222
0042A286   > C9             LEAVE
0042A287   . 83C4 04        ADD ESP,4
0042A28A   .-E9 E130FEFF    JMP hexedit_.0040D370

Open in new window


can someone explain what is the program do until it reach this line:

0042A286   > C9             LEAVE

or is there any trick/reference how understand the flow quickly?
ASKER CERTIFIED SOLUTION
Avatar of pmasotta
pmasotta
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of pmasotta
pmasotta
Chapter Seven: Identifying Key Structures of High-Level Languages

of this book

http://www.amazon.com/Hacker-Disassembling-Uncovered-Techniques-Programming/dp/1931769222/

will help you to understand high level language constructions on assembler...
Avatar of wuyinzhi
wuyinzhi
Flag of Indonesia image

ASKER

thank you very much!