hubertfApr 9, 2025

When decompiling, function calls may not be immediately obvious due to compilers doing optimizations like built-in functions and unrolling loops. E.g. a strcpy() for a fixed string may become a series of x86 "mov" instructions to avoid function call and loop overhead.

See also: https://gcc.gnu.org/onlinedocs/gcc/Built-in-Functions.html

#ctf #cybersecurity #reverseengineering #re #ghidra #decompile

Built-in Functions (Using the GNU Compiler Collection (GCC))

Built-in Functions (Using the GNU Compiler Collection (GCC))

Show threadhubertf

Speaking of decompiling strings and registers: if you have larger registers like the modern x86 xmm/ymm/zmm 128/256/512 bit registers, you can put even longer strings into less "mov" instructions - see ghidra image.

More: https://en.wikipedia.org/wiki/Advanced_Vector_Extensions

#ctf #cybersecurity #reverseengineering #reverse #xmm #x86

Advanced Vector Extensions - Wikipedia

Apr 11, 2025 at 10:59pmWeb
Show threadhubertfMay 3, 2025

And there is so much more on "modern" CPU architectures with specialised instructions for string and substring searching. For details see https://youtu.be/Wz_xJPN7lAY?si=A_hc9uMSk7_4GF7O&t=702

#ctf #cybersecurity #x86

Top 10 Craziest Assembly Language Instructions

YouTube