Structs & Data Layout Assembly

مثال در C:

struct Point {
int x;
int y;
};

int getY(struct Point *p) {
return p->y;
}

معادل اسمبلی:

getY:
mov eax, DWORD PTR [rdi + 4] ; offset of y = 4 بایت
ret

دستورات:

rdi = آدرس ساختار (p)

x در offset 0 بایته ([rdi + 0])

y در offset 4 بایته ([rdi + 4])

پس اگر در اسمبلی ببینید [reg + 4] و ورودی rdi هست احتمالا در حال دسترسی به فیلد دوم یک struct هست


Structs & Data Layout Assembly

Example in C:

struct Point {
int x;
int y;
};

int getY(struct Point *p) {
return p->y;
}

Assembly equivalent:

getY:
mov eax, DWORD PTR [rdi + 4] ; offset of y = 4 bytes
ret

Commands:

rdi = address of structure (p)

x is at offset 0 bytes ([rdi + 0])

y is at offset 4 bytes ([rdi + 4])

So if you see [reg + 4] in assembly and the input is rdi, you are probably accessing the second field of a struct

@reverseengine

Collection of ATM Attacks

https://github.com/PT-CyberAnalytics/collection-of-ATM-attacks

@reverseengine

Reverse Engineering

https://github.com/wtsxDev/reverse-engineering

@reverseengine

ساختار دقیق Red Zone

از RSP رو به پایین: 160 بایت آزاد

تابع اجازه داره از اون استفاده کنه

تا زمانی که سیگنال / interrupt نیاد این فضا دست‌ نخورده میمونه

@reverseengine

Detailed structure of Red Zone

From RSP down: 160 bytes free

Function is allowed to use it

This space remains untouched until signal/interrupt arrives

@reverseengine

IDA Pro Plugins For Malware Reverse Engineering

https://www.youtube.com/watch?v=pfBA6y4VLwM

@reverseengine

zer0ptsCTF 2023 Reverse Engineering Writeups

https://fazect.github.io/zer0ptsctf2023-rev

@reverseengine

amateursCTF 2023 Reverse Engineering Writeups

https://fazect.github.io/amateursctf2023-rev

@reverseengine

لطفا تا جایی که میتونید پست ها رو فوروارد کنید تا کانال دیده بشه اینجوری به منم کمک بزرگی میکنید و محتواها رفته رفته بهتر و خفن تر میشه ممنون 🩶

Please forward as many posts as you can so that the channel can be seen. This way, you will be a great help to me and the content will gradually become better and more interesting. Thank you 🖤

IOS 26 Reversing Swift Like a Pro

https://hexai.re/blog/reversing-swift-like-a-pro

@reverseengine

Exploit Development: Building Your Own Fuzzer with Bash

https://hackers-arise.com/exploit-development-building-your-own-fuzzer-with-bash

@reverseengine

ARM Assembly Basics Cheatsheet

@reverseengine

Detect-it-easy: Program for determining types of files or Windows, Linux and MacOS

https://github.com/horsicq/Detect-It-Easy

@reverseengine

Building a Compiler

https://www.youtube.com/playlist?list=PLRAdsfhKI4OWNOSfS7EUu5GRAVmze1t2y&feature=share

@reverseengine

Reverse Engineering WebAssembly

https://medium.com/%40pnfsoftware/reverse-engineering-webassembly-ed184a099931

@reverseengine

Time Trvel Triage: An Introduction to Time Travel Debugging using a .NET Process Hollowing

https://cloud.google.com/blog/topics/threat-intelligence/time-travel-debugging-using-net-process-hollowing?linkId=17730646

@reverseengine

UPX Unpacking: Manual Reverse Engineering

https://guidedhacking.com/threads/how-to-unpack-upx-using-x64dbg.20985

@reverseengine

Fully Undetectable Windows Shellcode Loader Now Available in IRIS C2

https://www.irisc2.com/blog/javelin-fud-loader

@reverseengine

Using EDR-Redir to Break EDR Via Bind Link and Cloud Filter

https://www.zerosalarium.com/2025/10/DR-Redir-Break-EDR-Via-BindLink-Cloud-Filter.html?m=1

@reverseengine