printf will always find the first parameter at...
why are parameters passed onto the stack in reverse order?
which two registers are CALLER-saver?
the return address is always at
the standard format of a *.exe file, produced by compiling and linking is called a ___?
The calling convention is/is not enforced by hardware
In a PE, the virus wants to go after the holes, or _____, in the PE file
The four common sections in a PE: (alpha)
which general registers are used for the stack frame?
decrementing esp _______ stack size; incrementing esp _______ it.
To push something onto the stack, you _____ the point
The _____ groups like sections together and creates headers and section tables in a PE
What is an RVA?
true or false: all registers can be used for all operations in x86?
DOS header points to the ____ header, which points to the ____'s, which points to the ___ and _____
This type of ISA has lots of instructions/addressing modes; operands can be taken from mem; instructions have variable length
Why does a PE have dead spaces?
what is in the return address after a call?
'lea' instruction means
WHat does IAT stand for?
where would local variable 1 be located on the stack?
What is the standard subroutine epilogue code? (separate lines with semicolons)
THe x86 stack grows _____ in mem. addresses
____ always points to the top of the stack that has a valid address
What does PE stand for?
The linker merges all ___'s from all ____ files
x86 data declarations must be in a
VA (Virtual Address) =
A ______________ is an agreement among software designers (e.g. compilers, compiler libraries, assembly language programmers) on how to use registers and memory in subroutines
The _____ tool produces a readable printout of a PE file
In MASM (microsoft assembler- which no longer exists!) the first operand was usually the... The second operand was the...
name the 8 general registers in x86
This type of ISA requires thing to be taken in from reg's; fixed length instructions.
in two-operand instructions, the first operand is both...
x86 has how many 32-bit general registers?
after RET, esp moves to point to...
If a program is invoked within a DOS command prompt window, it starts executing here:
this is a table of function pointers into another DLL
which register contains the return integer value?--- and thus can only return a 32-bit value from the function
What is the standard subroutine prologue code? (separate lines with semicolons)
the kernel32.dll is linked with almost every PE file and is provided by the >>>
what is the name of the frame pointer?
in a data declaration in x86, you give the
what does ABI stand for?
How are parameters pushed on to the stack?
After CALL, ____ is pushed onto the stack
the space where parameters are located are always referenced with regard to the
most machines use ____ to pass parameters, as these are faster than memory
What does RVA stand for?

