Question

Was doing a crackme, trying to write a keygen and I was confused about some of the FPU instructions.

fild    qword ptr ss:[esp] ; loads 4275451536.0000000000 into ST0. ESP has FED63690
lea     esp, dword ptr ss:[esp+8]
fstp    qword ptr ss:[ebp-410] ; loads D2000000 into ebp - 410
fld     qword ptr ss:[ebp-410] ; loads 4275451536.0000000000 into ST0
fstp    qword ptr ss:[esp+8] ; loads D2000000 into esp+8

I was wondering how it converted 4275451536.0000000000 into D2000000 when popping off?

Was it helpful?

Solution

The code writes the value 4275451536.0 as double-precision floating point into the address [ebp-410]. The representation of 4275451536.0 as IEEE-754 double-precision floating point is 41EFDAC6D2000000 (you can do the conversion here). Since you only looked at the lower 4 bytes, you saw D2000000, but you should look at the whole 8 bytes to see the entire value.

If you want to know how the value 41EFDAC6D2000000 was reached, read about double precision floating point format. The tool I linked above will give you the values for the significand and exponent.

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top