In MASM (microsoft assembler- which no longer exists!) the first operand was usually the... The second operand was the...
What is the standard subroutine epilogue code? (separate lines with semicolons)
where would local variable 1 be located on the stack?
What does PE stand for?
the space where parameters are located are always referenced with regard to the
after RET, esp moves to point to...
DOS header points to the ____ header, which points to the ____'s, which points to the ___ and _____
If a program is invoked within a DOS command prompt window, it starts executing here:
the standard format of a *.exe file, produced by compiling and linking is called a ___?
which general registers are used for the stack frame?
To push something onto the stack, you _____ the point
why are parameters passed onto the stack in reverse order?
A ______________ is an agreement among software designers (e.g. compilers, compiler libraries, assembly language programmers) on how to use registers and memory in subroutines
The _____ groups like sections together and creates headers and section tables in a PE
name the 8 general registers in x86
this is a table of function pointers into another DLL
what is in the return address after a call?
the kernel32.dll is linked with almost every PE file and is provided by the >>>
The four common sections in a PE: (alpha)
decrementing esp _______ stack size; incrementing esp _______ it.
This type of ISA has lots of instructions/addressing modes; operands can be taken from mem; instructions have variable length
What is the standard subroutine prologue code? (separate lines with semicolons)
The _____ tool produces a readable printout of a PE file
x86 has how many 32-bit general registers?
VA (Virtual Address) =
what is the name of the frame pointer?
which register contains the return integer value?--- and thus can only return a 32-bit value from the function
in two-operand instructions, the first operand is both...
Why does a PE have dead spaces?
the return address is always at
printf will always find the first parameter at...
in a data declaration in x86, you give the
____ always points to the top of the stack that has a valid address
What does RVA stand for?
This type of ISA requires thing to be taken in from reg's; fixed length instructions.
most machines use ____ to pass parameters, as these are faster than memory
What is an RVA?
WHat does IAT stand for?
THe x86 stack grows _____ in mem. addresses
After CALL, ____ is pushed onto the stack
true or false: all registers can be used for all operations in x86?
x86 data declarations must be in a
The calling convention is/is not enforced by hardware
which two registers are CALLER-saver?
'lea' instruction means
In a PE, the virus wants to go after the holes, or _____, in the PE file
How are parameters pushed on to the stack?
The linker merges all ___'s from all ____ files
what does ABI stand for?

