neonprimetime security , just trying to help
Wednesday, March 28, 2018
rep movsb is like memcpy
When looking at assembly and you see
rep movsb
It can be thought of as a string or memory copy.
It's copying from whatever is as register ESI to register EDI
ESI = the existing malicious code to copy
EDI = the empty virtually allocated memory to copy the malicious code to
No comments:
Post a Comment
Newer Post
Older Post
Home
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment