VA&RE Lab Assignment 01

3/13/2023

200990-Samiullah Hussain
Download the given exe file. Analyze it on IDA Pro and submit your
findings. Use concepts from previous lab of VARE and assembly
language lab. [CLO-2]
Snippet:

Description:
This is the assembly code for a simple "Hello, World!" program.

The code starts by pushing the base pointer onto the stack and setting the stack pointer to create space
for local variables with "sub rsp, 20h".

Then it calls the standard C++ function "__main" which performs some internal initialization tasks.

The program then loads the address of the string "Hello, world!" into rdx and the reference to the
standard output stream "cout" into rcx. It then calls the overloaded "<<" operator for the standard
output stream, passing in the address of the string "Hello, world!" as the second argument.

The program then loads a reference to the "endl" manipulator, which flushes the output buffer and
inserts a newline character, into rdx and calls the overloaded "<<" operator again, passing in the
reference to the "endl" manipulator as the second argument.

Finally, the program sets the return value to 0 and restores the base pointer and stack pointer before
returning from the main function with "retn".
Strings:

Description:
1. The instruction "lea rdx, [rsp+58h+var_20]" loads the address of [rsp+58h+var_20] into the
register rdx. This instruction is used to calculate the address of a variable or value.
2. The instruction "mov rcx, r8" moves the value in the register r8 into the register rcx. This
instruction is used to move data between registers.
3. The instruction "mov [rsp+58h+var_30], r9" moves the value in the register r9 to the memory
location [rsp+58h+var_30]. This instruction is used to store data to memory.
4. The instruction "mov [rsp+58h+var_38], r8" moves the value in the register r8 to the memory
location [rsp+58h+var_38]. This instruction is used to store data to memory.
5. The instruction "call _ZL12read_sleb128PKhPx" calls the function read_sleb128. This function
reads a signed little-endian base 128 encoded integer from the input buffer and stores the result
in the second argument.
6. The instructions "mov r10, [rsp+58h+var_20]" and "mov r8, [rsp+58h+var_38]" move the values
in the memory locations [rsp+58h+var_20] and [rsp+58h+var_38] into the registers r10 and r8,
respectively.
7. The instruction "mov r9, [rsp+58h+var_30]" moves the value in the memory location
[rsp+58h+var_30] into the register r9.
8. The instruction "jmp loc_421697" jumps to the location loc_421697.

1. The instruction "movsx r10, word ptr [r8]" moves the signed value of the 16-bit word located at
the memory address stored in register r8 into the register r10, while sign-extending it to the size
of the register.
2. The instruction "lea rax, [r8+2]" calculates the address of the memory location that is 2 bytes (or
16 bits) after the memory location stored in register r8, and stores the result in register rax. This
instruction is commonly used to calculate the address of the next element in an array or buffer.
3. The instruction "jmp short loc_421697" jumps to the location loc_421697.