|
|
#5
02-10-2004, 02:26
|
|||
|
|||
|
Hi,
#1: CMP means comparing two values, with result almost the same (I mean flags) as SUB, but none of values is changed. TEST is quite the same, but the operation behind isn't SUB but AND. #2: Look at the some Intel instruction reference on what means all the flags - I mean Zero flag, Carry flag and so on. Then look at the reference again on instruction that interests you to find what flags are influenced by it. For example CMP EAX,EAX does something like SUB EAX,EAX so the result is zero => ZF is set and JZ, JE, ... will jump. #3: As above, you could find that MOV doesn't chnges the flags, which means that the jump is based on result of TEST EBX,EBX which changes them. #4: Everyone likes something else. Good choice for me is HIEW or its free bro BIEW, which also contain disassembler and many other goodies. Someone like HexEdit or UltraEdit (good copy/paste) or anything else. Just try and find what suits you best. #5: Try PeID or something like that, it can identify it for you (at most cases). Hope it helps least 
|
|
|
Similar Threads
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| two questions for admin | TomaHawk | General Discussion | 8 | 04-01-2014 00:51 |
| Humor and a few questions. | Innocent | General Discussion | 6 | 08-10-2004 02:51 |
| Armadillo questions? | ManSun | General Discussion | 20 | 05-12-2004 17:46 |
| 2 questions (IDA / Windows 2k/2k3) | skyper | General Discussion | 8 | 04-22-2004 08:44 |
| some unpacking questions | gnasher | General Discussion | 2 | 01-03-2004 20:44 |
Threaded Mode