Jump to content

  • Log In with Google      Sign In   
  • Create Account


#ActualParadigm Shifter

Posted 30 March 2013 - 10:07 AM

Nothing is "made from assembly", assembly is just a way for humans to name the instructions the CPU understands.

 

Assembly language doesn't know anything about "types" either, it just has instructions which operate on data of various sizes (typically 8, 16, 32 bits but also vector types as well) and it is up to the assembly programmer to use the correct instructions for the correct data (in the case of high level languages, the compiler is the assembly programmer, and it knows which types of data reside at specific addresses, so it makes sure the correct types of instructions are used).

 

You can easily scan for strings in code by dumping the executable into a hex viewer (Visual Studio will display a hex dump if you rename the file .bin instead of .exe), assuming the strings aren't encrypted in some way.

 

Looking for other types is more difficult since you need to know the type of the variable that occupies the address.

 

To read memory from a running process have a look at http://msdn.microsoft.com/en-gb/library/windows/desktop/ms680553%28v=vs.85%29.aspx (assuming Windows).


#1Paradigm Shifter

Posted 30 March 2013 - 10:06 AM

Nothing is "made from assembly", assembly is just a way for humans to name the instructions the CPU understands.

 

Assembly language doesn't know anything about "types" either, it just has instructions which operate on data of various sizes (typically 8, 16, 32 bits but also vector types as well) and it is up to the assembly programmer to use the correct instructions for the correct data (in the case of high level languages, the compiler is the assembly programmer, and it knows which types of data reside at specific addresses, so it makes sure the correct types of instructions are used).

 

You can easily scan for strings in code by dumping the executable into a hex viewer (Visual Studio will display a hex dump if you rename the file .bin instead of .exe), assuming the strings aren't encrypted in some way.

 

Looking for other types is mpre difficult since you need to know the type of the variable that occupies the address.

 

To read memopry from a running process have a look at http://msdn.microsoft.com/en-gb/library/windows/desktop/ms680553%28v=vs.85%29.aspx (assuming Windows).


PARTNERS