To compensate for yesterday's post, here's something useful. Consider an ASCII letter, like A. A is 0x41 in hex, or 01000001 in binary. Lower-case 'a' is 0x61 in hex, or 01100001 in binary. Notice something? Check out bit #5:
When reverse engineering, the hex sequence 0x20202020 or 0xDFDFDFDF (four bit #5's) sometimes shows up in string manipulation code because the program has inlined an upper-case or lower-case routine. 0x20 is also the ASCII space character, so it might be something involving spaces too. Use common sense to figure it out.
I learned that from David Topham in the mandatory x86 assembly class at Ohlone College. I don't think I ever learned anything that practical at Berkeley, and I sometimes think of this when people say bad things about the California Community College system. I've seen the Calculus classes at both schools, and I have to say that I think the Ohlone classes are a hell of a lot better than the ones at Berkeley. Maybe I would have done harder problems, but dammit, I learned the Calculus at Ohlone. At Berkeley they seemed a lot more interested in using them as weeder courses.
01000001 A
01100001 a
When reverse engineering, the hex sequence 0x20202020 or 0xDFDFDFDF (four bit #5's) sometimes shows up in string manipulation code because the program has inlined an upper-case or lower-case routine. 0x20 is also the ASCII space character, so it might be something involving spaces too. Use common sense to figure it out.
I learned that from David Topham in the mandatory x86 assembly class at Ohlone College. I don't think I ever learned anything that practical at Berkeley, and I sometimes think of this when people say bad things about the California Community College system. I've seen the Calculus classes at both schools, and I have to say that I think the Ohlone classes are a hell of a lot better than the ones at Berkeley. Maybe I would have done harder problems, but dammit, I learned the Calculus at Ohlone. At Berkeley they seemed a lot more interested in using them as weeder courses.
