My Road to Digital Forensics Excellence

crash on take-off

Posted by Paul Bobby on July 8, 2009

Boy was I ever wrong about ROL. lol

As I started coding a python routine, I quickly found that I had completely overthought the process. What an idgit.

Here’s the python code:

1: EAX = 0x12345678
2: useridList = []
3: for x in userid:
4:  useridList.append(ord(x))
5:  useridList.append(0)
6: for EDX in useridList:
8:  for y in range(5): #ROL EAX,5
9:    EAX *= 2
10:   if (EAX > 0xffffffff):
11:     EAX -= 0x100000000
12:     EAX += 1
14: print hex(EAX)

A ROL 1 simply multiples the contents of the register by 2. Yeah I kinda knew that, ROL EAX, 5 is 2^5, or multiply by 32. The trick is, if the EAX overflows (i.e. > 0xFFFFFFFF or 4,294,967,295) THEN drop the leading byte, and add it to the end.



Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: