HomeReverse EngineeringAdvantages of being a Reverse Engineer – Part 1

Advantages of being a Reverse Engineer – Part 1

Written by traversecode on . Posted in Reverse Engineering

/*This is strictly for beginners */

Starting with my own story, I will continue blogging on how Reverse Engineering helped me to better understand the code.

When I started learning C Language in the initial days, my trainer gave me below program and said it will print Alphabets

#include <stdio.h>

void main()
{
    char alpha[256];
    int i;

    for(i=0; i<26; i++)
        alpha[i] = 'A' + i;

    alpha[i] = NULL;
    printf("The Alphabets are %s", alpha);
}
Though it was a very simple program, I had a big confusion. The confusion was in below line of code (Line 11),
alpha[i] = 'A' + i;

So I raised my hand and said “I am confused.”

“What is the confusion in this? This is suppose to be a simple program.” Trainer asked me.

I asked the trainer “I understand that we have declared i as an integer, initialized it and incrementing it, hence it will be incremented one by one 26 times (i.e, 0 – 25). Also I agree that when i =0, ‘A’ + 0 = ‘A’. But when i is incremented by 1, ‘A’ + 1 = ‘B’. My question is how does the compiler or even the processor know that when i has incremented by 1 it has to print ‘B’ and then ‘C’ and then ‘D’ and so on till ‘Z’. why not something else? Does this mean a compiler or a processor knows English? If it knows English why shouldn’t we write a letter to the compiler, instead writing a code”

I continued “How can an Alphabet be used to sum by adding an integer to it if ‘A’ is not a variable (a = a +1)”.

My trainer said “I guess you think too much, so please shut-up and sit down.”

Next day, trainer entered our class and told me “If you have any questions meet me in person” :)

And then I quit learning programming as how a programmer will learn.

Later, I learnt how to reverse binary executables. That solved my puzzle and I got an answer to my question. I wrote the same code and disassembled it. Look at the same code below after compilation and disassembled,

MOV EAX,DWORD PTR SS:[ESP+11C]
MOV EDX,DWORD PTR SS:[ESP+11C]
ADD EDX,41
MOV BYTE PTR SS:[ESP+EAX+1C],DL
INC DWORD PTR SS:[ESP+11C]
CMP DWORD PTR SS:[ESP+11C],19
JLE SHORT string.00401336

From the above code, answer to my questions were, at the time of compilation ‘A’ is represented as 41 in hex (41h). so 41 +1 = 42 (B), 42 + 1 = 43 (C) until 59 + 1 = 5A (Z).

And that’s the way the cookie crumbles.

Now you know how RE was useful to a dumb like me, and so as you would Open-mouthed smile

Will be continued..

Trackback from your site.

Comments (1)

  • Vivek

    |

    Nice story. I have been following from the start… Glad to hear from you more…

    Reply

Leave a comment