Home > Mobile >  Call functions from data segment
Call functions from data segment

Time:04-26

I would like to do a reverse engineering analysis of the "xormadness.exe" executable file from root-me.org (PE x86 format), but i don't understand why functions are called from the data segment and how do we know which function is called.

.text:0040105e ff 15 0c 20 40 00                call   DWORD PTR ds:0x40200c

Here, i can see that a function call is done, but i don't understand why the data segment is used.

.rdata:0040200c 80                               0x80 

Furthermore, this address have nothing to do with a function, there is only a 0x80 byte value and i don't understand this.

CodePudding user response:

This is an indirect function call as evidenced by the DWORD PTR token sequence. The function address is fetched from a dword at address 0x40200c and then a call is performed to that function.

The ds: segment prefix is a red herring. This is just what segment a directly addressed memory operand defaults to. As you are probably programming for a flat memory model, you can ignore this.

  • Related