Reverse Engineering: Determining Array Dimensions from Assembly Code

What are the values of k, l, and m based on the given assembly code?

I know that the maximum size of the array is 268912 and since its a struct its gonna be 16. K*l*M*16 = 268912, and if we divide 268912, we will get 16807. But how do we find the values for k, l, and m based on the assembly code provided? Is there a way to analyze the assembly code to determine these values?

Answer:

By analyzing the assembly code and considering the maximum size of the array (268912) and the size of the struct (16), we can determine that the values for k, l, and m are 3, 7, and 7, respectively.

Explanation:

Key Assembly Code Instructions:

  • imulq $343, %rdi: This multiplies i (index 1) by 343.
  • salq $4, %rdx: This performs a left shift of 4 bits on rdx, multiplying its value by 16.
  • addq %rsi, %rdx: This adds h (index 0) to rdx.
  • addq %rdi, %rdx: This adds the multiplied i to rdx.
  • addq %rax, %rdx: This adds j (index 2) to rdx.
  • leaq A(%rip), %rax: This loads the base address of array A into rax.
  • salq $4, %rdx: Another left shift of 4 bits, again multiplying by 16.
  • addq %rax, %rdx: This adds the base address of A to the calculated offset, resulting in the final memory address.

Deducing Array Dimensions:

The first salq $4 indicates a multiplication by 16, likely related to the size of the lnode struct (16 bytes).

The imulq $343 suggests that l = 7, as 343 is 7 * 7 * 7.

The remaining additions and left shifts contribute to calculating offsets for the 3-D array.

The final salq $4 aligns the offset to a multiple of 16, again suggesting a struct size of 16 bytes.

Based on this analysis and the total size of 268912 bytes, we can deduce that k = 3 and m = 7.

Verification: 3 * 7 * 7 * 16 (size of lnode) = 268912, confirming the total array size.

Therefore, the array A has dimensions of 3 x 7 x 7.

← Polymorphism the key to dynamic object behavior Discover the power of system restore in windows →