Answer the questions below each of the code snippets.
Function #1
0x001 ;; mov eax, [esp+4] ; eax = *(esp+4) [C syntax]
0x00100 str esp, , t1 ; t1 = esp (not strictly necessary)
0x00101 add t1, 4, t2 ; t2 = 4 + t1
0x00102 ldm t2, , t3 ; load memory at t2 into t3
0x00103 str t3, , eax ; eax = t3 (not strictly needed)
0x002 ;; next: cmp byte ptr [eax], 0
0x00200 ldm eax, , t4
0x00201 bisz t4, , t5 ;; t5 = 1 if t4 is 0
CF, OF, SF, ZF, AF, and PF should be set here
0x003 ;; je DLabel
0x00300 jcc t5, , 0x00600
0x004 ;; inc eax
0x00400 add eax, 1, t6
0x00401 str t6, , eax
0x005 ;; jmp next
0x00500 jcc 1, , 0x00200
0x006 ;; DLabel: sub eax, [esp+4] ;; eax = eax – [esp+4]
0x00600 add esp, 4, t7
0x00601 ldm t7, , t8
0x00602 str t8, , t9 ;changed!
0x00603 sub t8, t9, eax
0x007 ;; ret
0x00700 str esp, , t10
0x00701 sub t10, 4, t11
0x00702 ldm t11, , eip
0x00703 jcc 1, , eip
Function 1 end
Question 1A)
What is this function doing? (be as brief as possible, one word is enough).
YOUR ANSWER GOES HERE
Question 1B)
Describe briefly what gave it away, when did you realize that this is what the function is doing?
(We’ll accept any reasonable answer that convinces us that you understand this piece of code, but keep it below 4 sentences, don’t go overboard with your explanation).
YOUR ANSWER GOES HERE
——————–
Function #2
;; 0x001 mov eax, [esp+4] ; get a pointer too???
0x00100 add esp, 4, t1
0x00101 ldm t1, , t2
0x00102 str t2, , eax
;; 0x002 mov ecx, eax ; copy pointer
0x00200 str eax, , ecx
;; 0x003 pxor xmm0, xmm0 ; set to zero
0x00300 xor xmm0, xmm0, t3 ;; Needs to be able to support 128-bit registers
;; 0x004 and ecx, 0FH ; lower 4 bits indicate misalignment
0x00400 and ecx, 0x0f, ecx
;; 0x005 and eax, -10H ; align pointer by 16
0x00500 and eax, 0xfffffff6, eax ;;
;; 0x006 movdqa xmm1, [eax] ; read from nearest preceding boundary
;; 0x007 pcmpeqb xmm1, xmm0 ; compare 16 bytes with zero
;; 0x008 pmovmskb edx, xmm1 ; get one bit for each byte result
;; 0x009 shr edx, cl ; shift out false bits
;; 0x010 shl edx, cl ; shift back again
;; 0x011 bsf edx, edx ; find first 1-bit
;; 0x012 jnz A200 ; found
; Main loop, search 16 bytes at a time
;; 0x013 A100: add eax, 10H ; increment pointer by 16
;; 0x014 movdqa xmm1, [eax] ; read 16 bytes aligned
;; 0x015 pcmpeqb xmm1, xmm0 ; compare 16 bytes with zero
;; 0x016 pmovmskb edx, xmm1 ; get one bit for each byte result
;; 0x017 bsf edx, edx ; find first 1-bit
;; 0x018 jz A100 ; loop if not found
;; 0x019 A200:
;; 0x020 sub eax, [esp+4] ;
;; 0x021 add eax, edx ;
;; 0x022 ret
Function 2 end
Question 2A)
What is this function doing? (be as brief as possible, one word is enough).
YOUR ANSWER GOES HERE
Question 2B)
Describe briefly what gave it away, when did you realize that this is what the function is doing? (We’ll accept any reasonable answer that convinces us that you understand this piece of code, but keep it below 4 sentences, don’t go overboard with your explanation).
YOUR ANSWER GOES HERE