Thread: Binary Ninja
View Single Post
Old 07-11-2017, 15:48   #6
Qtx
Masked Marauder
 
Qtx's Avatar
 
Join Date: May 2012
Services: Sky Fibre Unlimited 40/10
Posts: 3,337
Qtx has a bronzed appealQtx has a bronzed appeal
Qtx has a bronzed appealQtx has a bronzed appealQtx has a bronzed appealQtx has a bronzed appealQtx has a bronzed appealQtx has a bronzed appealQtx has a bronzed appealQtx has a bronzed appealQtx has a bronzed appealQtx has a bronzed appealQtx has a bronzed appealQtx has a bronzed appealQtx has a bronzed appealQtx has a bronzed appealQtx has a bronzed appealQtx has a bronzed appealQtx has a bronzed appeal
Re: Binary Ninja

Quote:
Originally Posted by Paul M View Post
(which is mostly just moving data from memory to registers and back again).
mov (%ebx), %eax = Load 4 bytes from the memory address in EBX into EAX.

The ebx and eax type codes are registers and memory addresses.

If you are de-compiling malware you want to watch for the code jumping to memory locations (jmp) and if the commands are changing registers or data at the locations, via mov or push type codes. You can tell the type of register by the e** code. Very simplified and probably worded wrong :P
__________________
Virgin to Sky switch=best decision ever
-----
The greatest trick the Devil ever pulled was convincing the world he didn't exist. And like that, poof. He's gone.
Qtx is offline   Reply With Quote