rep movsb
It can be thought of as a string or memory copy.
It's copying from whatever is as register ESI to register EDI
ESI = the existing malicious code to copy
EDI = the empty virtually allocated memory to copy the malicious code to
Showing posts with label movsb. Show all posts
Showing posts with label movsb. Show all posts
Wednesday, March 28, 2018
rep movsb is like memcpy
When looking at assembly and you see
It can be thought of as a string or memory copy.
It's copying from whatever is as register ESI to register EDI
ESI = the existing malicious code to copy
EDI = the empty virtually allocated memory to copy the malicious code to
It can be thought of as a string or memory copy.
It's copying from whatever is as register ESI to register EDI
ESI = the existing malicious code to copy
EDI = the empty virtually allocated memory to copy the malicious code to
Subscribe to:
Posts (Atom)