Skip to content
Permalink
master
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?

unimpress/context.txt

Go to file
 
 
Cannot retrieve contributors at this time
6315 lines (4760 sloc) 162 KB
Raw Blame
Open in GitHub Desktop
59x19 terminal size is optimal for this
>>speed 1
>>newslide
>>color 4
>>title [Internalized Context]
>>BInternalized Context>>b
---------------------------------------------------
XlogicX
ipscan.pl - https://github.com/XlogicX/ipscan
mchecker.lua - https://github.com/XlogicX/mchecker
unimpress slide "software" -
https://github.com/XlogicX/unimpress
email - no.axiom@gmail.com
blog? - xlogicx.net
>>endslide
>>newslide
>>color 2
>>title [CACTUSCON 2015!!!]
>>delay 4
>>con1 X X X
X X>>B>>con6 X>>b>>con1 X>>B>>con6 X>>b>>con1 X X
X X>>con6 X X X>>con1 X X
X X X>>con0 X X X>>con1 X X X
X>>con0 X X X>>con1 X
X>>con6 X X X>>con1 X
X X X X X
X X X
X X
X X X X X
X
X>>coff1
>>endslide
>>newslide
>>color 2
>>title [CACTUSCON 2015!!!]
>>delay 4
>>con1 X X X
X X>>B>>con6 X>>b>>con1 X>>B>>con6 X>>b>>con1 X X
X X>>con6 X X X>>con1 X X
X X X>>con0 X X X>>con1 X X X
X>>con0 X X X>>con1 X
X>>con6 X X X>>con1 X
X X X X X
X X X
X X
X X
X X
X X>>coff1
>>endslide
>>newslide
>>color 2
>>title [CACTUSCON 2015!!!]
>>delay 4
>>con1 X X X
X X>>B>>con6 X>>b>>con1 X>>B>>con6 X>>b>>con1 X X
X X>>con6 X X X>>con1 X X
X X X>>con0 X X X>>con1 X X X
X>>con0 X X X>>con1 X
X>>con6 X X X>>con1 X
X X X X X
X X X
X X
X X X X X
X
X>>coff1
>>endslide
>>newslide
>>color 2
>>title [CACTUSCON 2015!!!]
>>delay 4
>>con1 X X X
X X>>B>>con6 X>>b>>con1 X>>B>>con6 X>>b>>con1 X X
X X>>con6 X X X>>con1 X X
X X X>>con0 X X X>>con1 X X X
X>>con0 X X X>>con1 X
X>>con6 X X X>>con1 X
X X X X X
X X X
X X
X X
X X
X X>>coff1
>>endslide
>>newslide
>>color 2
>>title [CACTUS]
>>delay 4
>>con1 X X X
X X>>B>>con6 X>>b>>con1 X>>B>>con6 X>>b>>con1 X X
X X>>con6 X X X>>con1 X X
X X X>>con0 X X X>>con1 X X X
X>>con0 X X X>>con1 X
X>>con6 X X X>>con1 X
X X X X X
X X X
X X
X X X X X
X
X>>coff1
>>endslide
>>newslide
>>color 2
>>title [CACTUS]
>>delay 4
>>con1 X X X
X X>>B>>con6 X>>b>>con1 X>>B>>con6 X>>b>>con1 X X
X X>>con6 X X X>>con1 X X
X X X>>con0 X X X>>con1 X X X
X>>con0 X X X>>con1 X
X>>con6 X X X>>con1 X
X X X X X
X X X
X X
X X
X X
X X>>coff1
>>endslide
>>newslide
>>color 2
>>title [CACTUS CACTUS]
>>delay 4
>>con1 X X X
X X>>B>>con6 X>>b>>con1 X>>B>>con6 X>>b>>con1 X X
X X>>con6 X X X>>con1 X X
X X X>>con0 X X X>>con1 X X X
X>>con0 X X X>>con1 X
X>>con6 X X X>>con1 X
X X X X X
X X X
X X
X X X X X
X
X>>coff1
>>endslide
>>newslide
>>color 2
>>title [CACTUS CACTUS]
>>delay 4
>>con1 X X X
X X>>B>>con6 X>>b>>con1 X>>B>>con6 X>>b>>con1 X X
X X>>con6 X X X>>con1 X X
X X X>>con0 X X X>>con1 X X X
X>>con0 X X X>>con1 X
X>>con6 X X X>>con1 X
X X X X X
X X X
X X
X X
X X
X X>>coff1
>>endslide
>>newslide
>>color 2
>>title [CACTUS CACTUS CACTUS]
>>delay 4
>>con1 X X X
X X>>B>>con6 X>>b>>con1 X>>B>>con6 X>>b>>con1 X X
X X>>con6 X X X>>con1 X X
X X X>>con0 X X X>>con1 X X X
X>>con0 X X X>>con1 X
X>>con6 X X X>>con1 X
X X X X X
X X X
X X
X X X X X
X
X>>coff1
>>endslide
>>newslide
>>color 2
>>title [CACTUS CACTUS CACTUS CACTUS]
>>delay 4
>>con1 X X X
X X>>B>>con6 X>>b>>con1 X>>B>>con6 X>>b>>con1 X X
X X>>con6 X X X>>con1 X X
X X X>>con0 X X X>>con1 X X X
X>>con0 X X X>>con1 X
X>>con6 X X X>>con1 X
X X X X X
X X X
X X
X X
X X
X X>>coff1
>>endslide
>>newslide
>>color 2
>>title [CACTUS CACTUS CACTUS CACTUS CACTUS]
>>delay 4
>>con1 X X X
X X>>B>>con6 X>>b>>con1 X>>B>>con6 X>>b>>con1 X X
X X>>con6 X X X>>con1 X X
X X X>>con0 X X X>>con1 X X X
X>>con0 X X X>>con1 X
X>>con6 X X X>>con1 X
X X X X X
X X X
X X
X X X X X
X
X>>coff1
>>endslide
>>newslide
>>color 2
>>title [CACTUSCON 2015]
>>delay 0
>>con1 X X X
X X>>B>>con6 X>>b>>con1 X>>B>>con6 X>>b>>con1 X X
X X>>con6 X X X>>con1 X X
X X X>>con0 X X X>>con1 X X X
X>>con0 X X X>>con1 X
X>>con6 X X X>>con1 X
X X X X X
X X X
X X
X X X X X
X
X>>coff1
>>B CACTUSCON III>>b
>>endslide
>>newslide
>>color 4
>>title [About Me]
About me and why you (shoudln't) care:
---------------------------------------------------
My >>con1Name>>coff1 is >>con0__INSERT__>>coff0, I'm the
>>con1Cheif Janitation Engineer>>coff1 for >>con0__COMPANY__>>coff0
I went to >>con0__UNIVERSITY__>>coff0 and studied >>con1desks>>coff1
I have given talks at:
JaniCon
BurgerCon
Your Closet
TheMirror
My credibility = more accurate presentation
>>endslide
>>newslide
>>color 4
>>title [About Talk?]
I'm going to talk about:
* Meaning
* Context
* Data
>>endslide
>>newslide
>>color 4
>>title [About Talk?]
I'm going to talk about:
* Meaning
* Context
* Data
>>B>>con0 * A lot of data>>coff0>>b
>>endslide
>>newslide
>>color 4
>>title [The Meaning Formula]
>>BMeaning = Data + Context>>b
>>endslide
>>newslide
>>color 4
>>title [No Context]
This talk is about attempting to find meaning from
data when we don't have context
We will attempt to avoid large amounts of
Apophenia
>>endslide
>>newslide
>>color 4
>>title [Data to Consider]
>>BWhat's This?>>b
01010101000000110010100001011101
>>endslide
>>newslide
>>color 4
>>title [Data to Consider]
>>BWhat's This?>>b
01010101000000110010100001011101
We have 13 1's and 19 0's...
>>endslide
>>newslide
>>color 4
>>title [Data to Consider]
>>BWhat's This?>>b
01010101000000110010100001011101
In Hex it's 55 03 28 5d
>>endslide
>>newslide
>>color 4
>>title [Data to Consider]
>>BWhat's This?>>b
01010101000000110010100001011101
In Hex it's 55 03 28 5d
Is it text?
ASCII: U.(]
>>endslide
>>newslide
>>color 4
>>title [Data to Consider]
>>BWhat's This?>>b
01010101000000110010100001011101
In Hex it's 55 03 28 5d
How about two numbers, like ports?
source port: 21763, dest port: 10333
>>endslide
>>newslide
>>color 4
>>title [Data to Consider]
>>BWhat's This?>>b
01010101000000110010100001011101
In Hex it's 55 03 28 5d
What does it look like in Base64?
VQMoXQ==
>>endslide
>>newslide
>>color 4
>>title [Data to Consider]
>>BWhat's This?>>b
01010101000000110010100001011101
In Hex it's 55 03 28 5d
What if the first 3 bytes were RGB?
Some kind of dark purple
>>endslide
>>newslide
>>color 4
>>title [Data to Consider]
>>BWhat's This?>>b
01010101000000110010100001011101
In Hex it's 55 03 28 5d
Let's interpret as x86 code:
push ebp
add ebp, [eax]
pop ebp
>>endslide
>>newslide
>>color 4
>>title [Data to Consider]
>>BWhat's This?>>b
01010101000000110010100001011101
In Hex it's 55 03 28 5d
What if the whole thing is a number?
1,426,270,301
>>endslide
>>newslide
>>color 4
>>title [Data to Consider]
>>BWhat's This?>>b
01010101000000110010100001011101
In Hex it's 55 03 28 5d
Wait, what is that number in epoch?
Fri Mar 13 11:11 AM MST 2015
>>endslide
>>newslide
>>color 4
>>title [Code Golf I]
Challange:
Given arbitrary data, decide if it containes IPv4
packets.
>>endslide
>>newslide
>>color 4
>>title [Let's Look at a PCAP]
This is the hex of a PCAP file:
---------------------------------------------------
a1b2c3d40002000400000000000000000001000f000000014E
BD02CF000000000000004B0000004B123456789ABC31333731
333708004500003d133740008C065830C0A80101C0A8010213
3701bb0000000000000000801800009c5300000101080ADEAD
BEEFFFFFFFFFd796c34f4fc7e3c6d6
>>endslide
>>newslide
>>color 4
>>title [Patterns]
Patterns?
---------------------------------------------------
a1b2c3d40002000400000000000000000001000f000000014E
BD02CF000000000000004B0000004B123456789ABC31333731
333708004500003d133740008C065830C0A80101C0A8010213
3701bb0000000000000000801800009c5300000101080ADEAD
BEEFFFFFFFFFd796c34f4fc7e3c6d6
>>endslide
>>newslide
>>color 4
>>title [45]
Patterns?
---------------------------------------------------
a1b2c3d40002000400000000000000000001000f000000014E
BD02CF000000000000004B0000004B123456789ABC31333731
33370800>>B>>con045>>b>>coff000003d133740008C065830C0A80101C0A8010213
3701bb0000000000000000801800009c5300000101080ADEAD
BEEFFFFFFFFFd796c34f4fc7e3c6d6
>>endslide
>>newslide
>>color 4
>>title [False Positives]
Do we just count hex 45's?
$ echo "EEEEEEEEEEEE" > legit.pcap
legit.pcap has 12 packets right?
>>endslide
>>newslide
>>color 4
>>title [Link Layer]
How about 0800 45?
---------------------------------------------------
a1b2c3d40002000400000000000000000001000f000000014E
BD02CF000000000000004B0000004B123456789ABC31333731
3337>>B>>con0080045>>b>>coff000003d133740008C065830C0A80101C0A8010213
3701bb0000000000000000801800009c5300000101080ADEAD
BEEFFFFFFFFFd796c34f4fc7e3c6d6
>>endslide
>>newslide
>>color 4
>>title [Null/Loopback]
False Negative Exibit A: vnc-sample.pcap from
wiki.wireshark.org/SampleCaputres
It uses Null/Loopback for Link Layer; not
Ethernet II
Data would look like 0200 0000 45.... (2 for IP)
So we can't use 0800 for IPv4
>>endslide
>>newslide
>>color 4
>>title [Checksums]
The Checksum
---------------------------------------------------
a1b2c3d40002000400000000000000000001000f000000014E
BD02CF000000000000004B0000004B123456789ABC31333731
333700800>>B>>con045>>b>>coff000003d133740008C06>>B>>con05830>>b>>coff0C0A80101C0A8010213
3701bb0000000000000000801800009c5300000101080ADEAD
BEEFFFFFFFFFd796c34f4fc7e3c6d6
>>endslide
>>newslide
>>color 4
>>title [Checksum Calculation]
Let's derive this checksum.
This is our "assumed" 20 byte IPv4 header:
---------------------------------------------------
>>B>>con045>>b>>coff000003d133740008C06>>B>>con05830>>b>>coff0C0A80101C0A80102
>>endslide
>>newslide
>>color 4
>>delay 20
>>title [Checksum Calculation]
We break the bytes up into 2-byte chunks (in order)
---------------------------------------------------
>>B>>con045>>b>>coff000003d133740008C06>>B>>con00000>>b>>coff0C0A80101C0A80102
>>endslide
>>newslide
>>color 4
>>delay 20
>>title [Checksum Calculation]
We break the bytes up into 2-byte chunks (in order)
---------------------------------------------------
>>B>>con045>>b>>coff000
003d133740008C06>>B>>con00000>>b>>coff0C0A80101C0A80102
>>endslide
>>newslide
>>color 4
>>delay 20
>>title [Checksum Calculation]
We break the bytes up into 2-byte chunks (in order)
---------------------------------------------------
>>B>>con045>>b>>coff000
003d133740008C06>>B>>con00000>>b>>coff0C0A80101C0A80102
>>endslide
>>newslide
>>color 4
>>delay 20
>>title [Checksum Calculation]
We break the bytes up into 2-byte chunks (in order)
---------------------------------------------------
>>B>>con045>>b>>coff000
003d133740008C06>>B>>con00000>>b>>coff0C0A80101C0A80102
>>endslide
>>newslide
>>color 4
>>delay 20
>>title [Checksum Calculation]
We break the bytes up into 2-byte chunks (in order)
---------------------------------------------------
>>B>>con045>>b>>coff000
003d133740008C06>>B>>con00000>>b>>coff0C0A80101C0A80102
>>endslide
>>newslide
>>color 4
>>delay 20
>>title [Checksum Calculation]
We break the bytes up into 2-byte chunks (in order)
---------------------------------------------------
>>B>>con045>>b>>coff000
003d133740008C06>>B>>con00000>>b>>coff0C0A80101C0A80102
>>endslide
>>newslide
>>color 4
>>delay 20
>>title [Checksum Calculation]
We break the bytes up into 2-byte chunks (in order)
---------------------------------------------------
>>B>>con045>>b>>coff000
003d
133740008C06>>B>>con00000>>b>>coff0C0A80101C0A80102
>>endslide
>>newslide
>>color 4
>>delay 20
>>title [Checksum Calculation]
We break the bytes up into 2-byte chunks (in order)
---------------------------------------------------
>>B>>con045>>b>>coff000
003d
133740008C06>>B>>con00000>>b>>coff0C0A80101C0A80102
>>endslide
>>newslide
>>color 4
>>delay 20
>>title [Checksum Calculation]
We break the bytes up into 2-byte chunks (in order)
---------------------------------------------------
>>B>>con045>>b>>coff000
003d
133740008C06>>B>>con00000>>b>>coff0C0A80101C0A80102
>>endslide
>>newslide
>>color 4
>>delay 20
>>title [Checksum Calculation]
We break the bytes up into 2-byte chunks (in order)
---------------------------------------------------
>>B>>con045>>b>>coff000
003d
133740008C06>>B>>con00000>>b>>coff0C0A80101C0A80102
>>endslide
>>newslide
>>color 4
>>delay 20
>>title [Checksum Calculation]
We break the bytes up into 2-byte chunks (in order)
---------------------------------------------------
>>B>>con045>>b>>coff000
003d
133740008C06>>B>>con00000>>b>>coff0C0A80101C0A80102
>>endslide
>>newslide
>>color 4
>>delay 20
>>title [Checksum Calculation]
We break the bytes up into 2-byte chunks (in order)
---------------------------------------------------
>>B>>con045>>b>>coff000
003d
1337
40008C06>>B>>con00000>>b>>coff0C0A80101C0A80102
>>endslide
>>newslide
>>color 4
>>delay 20
>>title [Checksum Calculation]
We break the bytes up into 2-byte chunks (in order)
---------------------------------------------------
>>B>>con045>>b>>coff000
003d
1337
40008C06>>B>>con00000>>b>>coff0C0A80101C0A80102
>>endslide
>>newslide
>>color 4
>>delay 20
>>title [Checksum Calculation]
We break the bytes up into 2-byte chunks (in order)
---------------------------------------------------
>>B>>con045>>b>>coff000
003d
1337
40008C06>>B>>con00000>>b>>coff0C0A80101C0A80102
>>endslide
>>newslide
>>color 4
>>delay 20
>>title [Checksum Calculation]
We break the bytes up into 2-byte chunks (in order)
---------------------------------------------------
>>B>>con045>>b>>coff000
003d
1337
40008C06>>B>>con00000>>b>>coff0C0A80101C0A80102
>>endslide
>>newslide
>>color 4
>>delay 20
>>title [Checksum Calculation]
We break the bytes up into 2-byte chunks (in order)
---------------------------------------------------
>>B>>con045>>b>>coff000
003d
1337
40008C06>>B>>con00000>>b>>coff0C0A80101C0A80102
>>endslide
>>newslide
>>color 4
>>delay 20
>>title [Checksum Calculation]
We break the bytes up into 2-byte chunks (in order)
---------------------------------------------------
>>B>>con045>>b>>coff000
003d
1337
4000
8C06>>B>>con00000>>b>>coff0C0A80101C0A80102
>>endslide
>>newslide
>>color 4
>>delay 20
>>title [Checksum Calculation]
We break the bytes up into 2-byte chunks (in order)
---------------------------------------------------
>>B>>con045>>b>>coff000
003d
1337
4000
8C06>>B>>con00000>>b>>coff0C0A80101C0A80102
>>endslide
>>newslide
>>color 4
>>delay 20
>>title [Checksum Calculation]
We break the bytes up into 2-byte chunks (in order)
---------------------------------------------------
>>B>>con045>>b>>coff000
003d
1337
4000
8C06>>B>>con00000>>b>>coff0C0A80101C0A80102
>>endslide
>>newslide
>>color 4
>>delay 20
>>title [Checksum Calculation]
We break the bytes up into 2-byte chunks (in order)
---------------------------------------------------
>>B>>con045>>b>>coff000
003d
1337
4000
8C06>>B>>con00000>>b>>coff0C0A80101C0A80102
>>endslide
>>newslide
>>color 4
>>delay 20
>>title [Checksum Calculation]
We break the bytes up into 2-byte chunks (in order)
---------------------------------------------------
>>B>>con045>>b>>coff000
003d
1337
4000
8C06>>B>>con00000>>b>>coff0C0A80101C0A80102
>>endslide
>>newslide
>>color 4
>>delay 20
>>title [Checksum Calculation]
We break the bytes up into 2-byte chunks (in order)
---------------------------------------------------
>>B>>con045>>b>>coff000
003d
1337
4000
8C06
>>B>>con00000>>b>>coff0C0A80101C0A80102
>>endslide
>>newslide
>>color 4
>>delay 20
>>title [Checksum Calculation]
We break the bytes up into 2-byte chunks (in order)
---------------------------------------------------
>>B>>con045>>b>>coff000
003d
1337
4000
8C06
>>B>>con00000>>b>>coff0C0A80101C0A80102
>>endslide
>>newslide
>>color 4
>>delay 20
>>title [Checksum Calculation]
We break the bytes up into 2-byte chunks (in order)
---------------------------------------------------
>>B>>con045>>b>>coff000
003d
1337
4000
8C06
>>B>>con00000>>b>>coff0C0A80101C0A80102
>>endslide
>>newslide
>>color 4
>>delay 20
>>title [Checksum Calculation]
We break the bytes up into 2-byte chunks (in order)
---------------------------------------------------
>>B>>con045>>b>>coff000
003d
1337
4000
8C06
>>B>>con00000>>b>>coff0C0A80101C0A80102
>>endslide
>>newslide
>>color 4
>>delay 20
>>title [Checksum Calculation]
We break the bytes up into 2-byte chunks (in order)
---------------------------------------------------
>>B>>con045>>b>>coff000
003d
1337
4000
8C06
>>B>>con00000>>b>>coff0C0A80101C0A80102
>>endslide
>>newslide
>>color 4
>>delay 20
>>title [Checksum Calculation]
We break the bytes up into 2-byte chunks (in order)
---------------------------------------------------
>>B>>con045>>b>>coff000
003d
1337
4000
8C06
>>B>>con00000
>>b>>coff0C0A80101C0A80102
>>endslide
>>newslide
>>color 4
>>delay 20
>>title [Checksum Calculation]
We break the bytes up into 2-byte chunks (in order)
---------------------------------------------------
>>B>>con045>>b>>coff000
003d
1337
4000
8C06
>>B>>con00000
>>b>>coff0C0A80101C0A80102
>>endslide
>>newslide
>>color 4
>>delay 20
>>title [Checksum Calculation]
We break the bytes up into 2-byte chunks (in order)
---------------------------------------------------
>>B>>con045>>b>>coff000
003d
1337
4000
8C06
>>B>>con00000
>>b>>coff0C0A80101C0A80102
>>endslide
>>newslide
>>color 4
>>delay 20
>>title [Checksum Calculation]
We break the bytes up into 2-byte chunks (in order)
---------------------------------------------------
>>B>>con045>>b>>coff000
003d
1337
4000
8C06
>>B>>con00000
>>b>>coff0C0A80101C0A80102
>>endslide
>>newslide
>>color 4
>>delay 20
>>title [Checksum Calculation]
We break the bytes up into 2-byte chunks (in order)
---------------------------------------------------
>>B>>con045>>b>>coff000
003d
1337
4000
8C06
>>B>>con00000
>>b>>coff0C0A80101C0A80102
>>endslide
>>newslide
>>color 4
>>delay 20
>>title [Checksum Calculation]
We break the bytes up into 2-byte chunks (in order)
---------------------------------------------------
>>B>>con045>>b>>coff000
003d
1337
4000
8C06
>>B>>con00000
>>b>>coff0C0A8
0101C0A80102
>>endslide
>>newslide
>>color 4
>>delay 20
>>title [Checksum Calculation]
We break the bytes up into 2-byte chunks (in order)
---------------------------------------------------
>>B>>con045>>b>>coff000
003d
1337
4000
8C06
>>B>>con00000
>>b>>coff0C0A8
0101C0A80102
>>endslide
>>newslide
>>color 4
>>delay 20
>>title [Checksum Calculation]
We break the bytes up into 2-byte chunks (in order)
---------------------------------------------------
>>B>>con045>>b>>coff000
003d
1337
4000
8C06
>>B>>con00000
>>b>>coff0C0A8
0101C0A80102
>>endslide
>>newslide
>>color 4
>>delay 20
>>title [Checksum Calculation]
We break the bytes up into 2-byte chunks (in order)
---------------------------------------------------
>>B>>con045>>b>>coff000
003d
1337
4000
8C06
>>B>>con00000
>>b>>coff0C0A8
0101C0A80102
>>endslide
>>newslide
>>color 4
>>delay 20
>>title [Checksum Calculation]
We break the bytes up into 2-byte chunks (in order)
---------------------------------------------------
>>B>>con045>>b>>coff000
003d
1337
4000
8C06
>>B>>con00000
>>b>>coff0C0A8
0101C0A80102
>>endslide
>>newslide
>>color 4
>>delay 20
>>title [Checksum Calculation]
We break the bytes up into 2-byte chunks (in order)
---------------------------------------------------
>>B>>con045>>b>>coff000
003d
1337
4000
8C06
>>B>>con00000
>>b>>coff0C0A8
0101
C0A80102
>>endslide
>>newslide
>>color 4
>>delay 20
>>title [Checksum Calculation]
We break the bytes up into 2-byte chunks (in order)
---------------------------------------------------
>>B>>con045>>b>>coff000
003d
1337
4000
8C06
>>B>>con00000
>>b>>coff0C0A8
0101
C0A80102
>>endslide
>>newslide
>>color 4
>>delay 20
>>title [Checksum Calculation]
We break the bytes up into 2-byte chunks (in order)
---------------------------------------------------
>>B>>con045>>b>>coff000
003d
1337
4000
8C06
>>B>>con00000
>>b>>coff0C0A8
0101
C0A80102
>>endslide
>>newslide
>>color 4
>>delay 20
>>title [Checksum Calculation]
We break the bytes up into 2-byte chunks (in order)
---------------------------------------------------
>>B>>con045>>b>>coff000
003d
1337
4000
8C06
>>B>>con00000
>>b>>coff0C0A8
0101
C0A80102
>>endslide
>>newslide
>>color 4
>>delay 20
>>title [Checksum Calculation]
We break the bytes up into 2-byte chunks (in order)
---------------------------------------------------
>>B>>con045>>b>>coff000
003d
1337
4000
8C06
>>B>>con00000
>>b>>coff0C0A8
0101
C0A80102
>>endslide
>>newslide
>>color 4
>>delay 20
>>title [Checksum Calculation]
We break the bytes up into 2-byte chunks (in order)
---------------------------------------------------
>>B>>con045>>b>>coff000
003d
1337
4000
8C06
>>B>>con00000
>>b>>coff0C0A8
0101
C0A8
0102
>>endslide
>>newslide
>>color 4
>>delay 20
>>title [Checksum Calculation]
We break the bytes up into 2-byte chunks (in order)
---------------------------------------------------
>>B>>con045>>b>>coff000
003d
1337
4000
8C06
>>B>>con00000
>>b>>coff0C0A8
0101
C0A8
0102
>>endslide
>>newslide
>>color 4
>>delay 20
>>title [Checksum Calculation]
We break the bytes up into 2-byte chunks (in order)
---------------------------------------------------
>>B>>con045>>b>>coff000
003d
1337
4000
8C06
>>B>>con00000
>>b>>coff0C0A8
0101
C0A8
0102
>>endslide
>>newslide
>>color 4
>>delay 20
>>title [Checksum Calculation]
We break the bytes up into 2-byte chunks (in order)
---------------------------------------------------
>>B>>con045>>b>>coff000
003d
1337
4000
8C06
>>B>>con00000
>>b>>coff0C0A8
0101
C0A8
0102
>>endslide
>>newslide
>>color 4
>>delay 0
>>title [Checksum Calculation]
We break the bytes up into 2-byte chunks (in order)
---------------------------------------------------
>>B>>con045>>b>>coff000
003d
1337
4000
8C06
>>B>>con00000>>b>>coff0
C0A8
0101
C0A8
0102
>>endslide
>>newslide
>>color 4
>>title [Checksum Calculation]
Add them up
---------------------------------------------------
>>B>>con045>>b>>coff000
003d
1337
4000
8C06
>>B>>con00000>>b>>coff0 + >>con12A7CD>>coff1
C0A8
0101
C0A8
0102
>>endslide
>>newslide
>>color 4
>>title [Checksum Calculation]
Remove overflow and add into result
---------------------------------------------------
>>B>>con045>>b>>coff000
003d
1337
4000 -- >>con2+2>>coff2 --
8C06 | V
>>B>>con00000>>b>>coff0 ---->>con1A7C>>coff1>>con2F>>coff2
C0A8
0101
C0A8
0102
>>endslide
>>newslide
>>color 4
>>title [Checksum Calculation]
Subtract from FFFF
---------------------------------------------------
>>B>>con045>>b>>coff000
003d
1337
4000
8C06 >>con3FFFF>>coff3
>>B>>con00000>>b>>coff0 - >>con1A7CF>>coff1
C0A8 ----
0101 >>con05830>>coff0 <----- CHECKSUM!
C0A8
0102
>>endslide
>>newslide
>>color 4
>>title [One Last Note]
Why the "45" though?
>>endslide
>>newslide
>>color 4
>>title [One Last Note]
Why the "45" though?
|
|
|
-----------> IPv4
>>endslide
>>newslide
>>color 4
>>title [One Last Note]
Why the "45" though?
||
|----------> Header length (x4)
|
-----------> IPv4
>>endslide
>>newslide
>>color 4
>>title [One Last Note]
Why the "45" though?
||
|----------> Header length (x4)
|
-----------> IPv4
So 45 means IPv4 with a 20 byte (5x4) header length
>>endslide
>>newslide
>>color 4
>>title [Other Valid sizes]
We need at least 20 bytes for an IPv4 header, but
it can be up to 64 bytes total.
So valid values can be:
45, 46, 47, 48, 49, 4a, 4b, 4c, 4d, 4e, and 4f
>>endslide
>>newslide
>>color 4
>>title [False Positives]
To Pose another question: given random data what
are the chances we would hit a correct checksum by
chance?
>>endslide
>>newslide
>>color 4
>>title [False Positives]
To Pose another question: given random data what
are the chances we would hit a correct checksum by
chance?
Since checksums are 2-bytes, the answer is easy:
1 in 65,536
>>endslide
>>newslide
>>color 4
>>title 4[^5]
As it turns out, non 20-byte headers occur less
than 1 in 65,536 times in general.
This means looking for 46-4f bytes would render
more hits on random data than real IPv4 packets
>>endslide
>>newslide
>>color 4
>>title [Takeaway]
Why is that important?
To know that an increase on the
accuracy/completeness of our hueristic can
actually lower the fidelity of our results.
>>endslide
>>newslide
>>color 2
>>title [Code]
Ok, that was fun, but let's do that with code
instead.
We will again start with a datastream (on
the next slide) as we did with potential IPv4
traffic.
>>endslide
>>newslide
>>color 2
>>title [Data]
This is our data:
54686973206973206e6f7420636f6465210a
>>endslide
>>newslide
>>color 2
>>delay 20
>>title [Data]
Let's give it explicit context: x86 code:
54686973206973206e6f7420636f6465210a
>>endslide
>>newslide
>>color 2
>>delay 20
>>title [Data]
Let's give it explicit context: x86 code:
54 >>con3push>>coff3 >>con0esp>>coff0
686973206973206e6f7420636f6465210a
>>endslide
>>newslide
>>color 2
>>delay 20
>>title [Data]
Let's give it explicit context: x86 code:
54 >>con3push>>coff3 >>con0esp>>coff0
686973206973206e6f7420636f6465210a
>>endslide
>>newslide
>>color 2
>>delay 20
>>title [Data]
Let's give it explicit context: x86 code:
54 >>con3push>>coff3 >>con0esp>>coff0
686973206973206e6f7420636f6465210a
>>endslide
>>newslide
>>color 2
>>delay 20
>>title [Data]
Let's give it explicit context: x86 code:
54 >>con3push>>coff3 >>con0esp>>coff0
6869732069 >>con3push>>coff3 0x69732069
73206e6f7420636f6465210a
>>endslide
>>newslide
>>color 2
>>delay 20
>>title [Data]
Let's give it explicit context: x86 code:
54 >>con3push>>coff3 >>con0esp>>coff0
6869732069 >>con3push>>coff3 0x69732069
73206e6f7420636f6465210a
>>endslide
>>newslide
>>color 2
>>delay 20
>>title [Data]
Let's give it explicit context: x86 code:
54 >>con3push>>coff3 >>con0esp>>coff0
6869732069 >>con3push>>coff3 0x69732069
73206e6f7420636f6465210a
>>endslide
>>newslide
>>color 2
>>delay 20
>>title [Data]
Let's give it explicit context: x86 code:
54 >>con3push>>coff3 >>con0esp>>coff0
6869732069 >>con3push>>coff3 0x69732069
73206e6f7420636f6465210a
>>endslide
>>newslide
>>color 2
>>delay 20
>>title [Data]
Let's give it explicit context: x86 code:
54 >>con3push>>coff3 >>con0esp>>coff0
6869732069 >>con3push>>coff3 0x69732069
73206e6f7420636f6465210a
>>endslide
>>newslide
>>color 2
>>delay 20
>>title [Data]
Let's give it explicit context: x86 code:
54 >>con3push>>coff3 >>con0esp>>coff0
6869732069 >>con3push>>coff3 0x69732069
73206e6f7420636f6465210a
>>endslide
>>newslide
>>color 2
>>delay 20
>>title [Data]
Let's give it explicit context: x86 code:
54 >>con3push>>coff3 >>con0esp>>coff0
6869732069 >>con3push>>coff3 0x69732069
73206e6f7420636f6465210a
>>endslide
>>newslide
>>color 2
>>delay 20
>>title [Data]
Let's give it explicit context: x86 code:
54 >>con3push>>coff3 >>con0esp>>coff0
6869732069 >>con3push>>coff3 0x69732069
73206e6f7420636f6465210a
>>endslide
>>newslide
>>color 2
>>delay 20
>>title [Data]
Let's give it explicit context: x86 code:
54 >>con3push>>coff3 >>con0esp>>coff0
6869732069 >>con3push>>coff3 0x69732069
73206e6f7420636f6465210a
>>endslide
>>newslide
>>color 2
>>delay 20
>>title [Data]
Let's give it explicit context: x86 code:
54 >>con3push>>coff3 >>con0esp>>coff0
6869732069 >>con3push>>coff3 0x69732069
73206e6f7420636f6465210a
>>endslide
>>newslide
>>color 2
>>delay 20
>>title [Data]
Let's give it explicit context: x86 code:
54 >>con3push>>coff3 >>con0esp>>coff0
6869732069 >>con3push>>coff3 0x69732069
73206e6f7420636f6465210a
>>endslide
>>newslide
>>color 2
>>delay 20
>>title [Data]
Let's give it explicit context: x86 code:
54 >>con3push>>coff3 >>con0esp>>coff0
6869732069 >>con3push>>coff3 0x69732069
7320 >>con4jnb>>coff4 20 bytes
6e6f7420636f6465210a
>>endslide
>>newslide
>>color 2
>>delay 20
>>title [Data]
Let's give it explicit context: x86 code:
54 >>con3push>>coff3 >>con0esp>>coff0
6869732069 >>con3push>>coff3 0x69732069
7320 >>con4jnb>>coff4 20 bytes
6e6f7420636f6465210a
>>endslide
>>newslide
>>color 2
>>delay 20
>>title [Data]
Let's give it explicit context: x86 code:
54 >>con3push>>coff3 >>con0esp>>coff0
6869732069 >>con3push>>coff3 0x69732069
7320 >>con4jnb>>coff4 20 bytes
6e6f7420636f6465210a
>>endslide
>>newslide
>>color 2
>>delay 20
>>title [Data]
Let's give it explicit context: x86 code:
54 >>con3push>>coff3 >>con0esp>>coff0
6869732069 >>con3push>>coff3 0x69732069
7320 >>con4jnb>>coff4 20 bytes
6e6f7420636f6465210a
>>endslide
>>newslide
>>color 2
>>delay 20
>>title [Data]
Let's give it explicit context: x86 code:
54 >>con3push>>coff3 >>con0esp>>coff0
6869732069 >>con3push>>coff3 0x69732069
7320 >>con4jnb>>coff4 20 bytes
6e6f7420636f6465210a
>>endslide
>>newslide
>>color 2
>>delay 20
>>title [Data]
Let's give it explicit context: x86 code:
54 >>con3push>>coff3 >>con0esp>>coff0
6869732069 >>con3push>>coff3 0x69732069
7320 >>con4jnb>>coff4 20 bytes
6e >>con3outsb>>coff3
6f7420636f6465210a
>>endslide
>>newslide
>>color 2
>>delay 20
>>title [Data]
Let's give it explicit context: x86 code:
54 >>con3push>>coff3 >>con0esp>>coff0
6869732069 >>con3push>>coff3 0x69732069
7320 >>con4jnb>>coff4 20 bytes
6e >>con3outsb>>coff3
6f7420636f6465210a
>>endslide
>>newslide
>>color 2
>>delay 20
>>title [Data]
Let's give it explicit context: x86 code:
54 >>con3push>>coff3 >>con0esp>>coff0
6869732069 >>con3push>>coff3 0x69732069
7320 >>con4jnb>>coff4 20 bytes
6e >>con3outsb>>coff3
6f7420636f6465210a
>>endslide
>>newslide
>>color 2
>>delay 20
>>title [Data]
Let's give it explicit context: x86 code:
54 >>con3push>>coff3 >>con0esp>>coff0
6869732069 >>con3push>>coff3 0x69732069
7320 >>con4jnb>>coff4 20 bytes
6e >>con3outsb>>coff3
6f >>con3outsd>>coff3
7420636f6465210a
>>endslide
>>newslide
>>color 2
>>delay 20
>>title [Data]
Let's give it explicit context: x86 code:
54 >>con3push>>coff3 >>con0esp>>coff0
6869732069 >>con3push>>coff3 0x69732069
7320 >>con4jnb>>coff4 20 bytes
6e >>con3outsb>>coff3
6f >>con3outsd>>coff3
7420636f6465210a
>>endslide
>>newslide
>>color 2
>>delay 20
>>title [Data]
Let's give it explicit context: x86 code:
54 >>con3push>>coff3 >>con0esp>>coff0
6869732069 >>con3push>>coff3 0x69732069
7320 >>con4jnb>>coff4 20 bytes
6e >>con3outsb>>coff3
6f >>con3outsd>>coff3
7420636f6465210a
>>endslide
>>newslide
>>color 2
>>delay 20
>>title [Data]
Let's give it explicit context: x86 code:
54 >>con3push>>coff3 >>con0esp>>coff0
6869732069 >>con3push>>coff3 0x69732069
7320 >>con4jnb>>coff4 20 bytes
6e >>con3outsb>>coff3
6f >>con3outsd>>coff3
7420 >>con4jz>>coff4 20 bytes
636f6465210a
>>endslide
>>newslide
>>color 2
>>delay 20
>>title [Data]
Let's give it explicit context: x86 code:
54 >>con3push>>coff3 >>con0esp>>coff0
6869732069 >>con3push>>coff3 0x69732069
7320 >>con4jnb>>coff4 20 bytes
6e >>con3outsb>>coff3
6f >>con3outsd>>coff3
7420 >>con4jz>>coff4 20 bytes
636f6465210a
>>endslide
>>newslide
>>color 2
>>delay 20
>>title [Data]
Let's give it explicit context: x86 code:
54 >>con3push>>coff3 >>con0esp>>coff0
6869732069 >>con3push>>coff3 0x69732069
7320 >>con4jnb>>coff4 20 bytes
6e >>con3outsb>>coff3
6f >>con3outsd>>coff3
7420 >>con4jz>>coff4 20 bytes
636f6465210a
>>endslide
>>newslide
>>color 2
>>delay 20
>>title [Data]
Let's give it explicit context: x86 code:
54 >>con3push>>coff3 >>con0esp>>coff0
6869732069 >>con3push>>coff3 0x69732069
7320 >>con4jnb>>coff4 20 bytes
6e >>con3outsb>>coff3
6f >>con3outsd>>coff3
7420 >>con4jz>>coff4 20 bytes
636f6465210a
>>endslide
>>newslide
>>color 2
>>delay 20
>>title [Data]
Let's give it explicit context: x86 code:
54 >>con3push>>coff3 >>con0esp>>coff0
6869732069 >>con3push>>coff3 0x69732069
7320 >>con4jnb>>coff4 20 bytes
6e >>con3outsb>>coff3
6f >>con3outsd>>coff3
7420 >>con4jz>>coff4 20 bytes
636f6465210a
>>endslide
>>newslide
>>color 2
>>delay 20
>>title [Data]
Let's give it explicit context: x86 code:
54 >>con3push>>coff3 >>con0esp>>coff0
6869732069 >>con3push>>coff3 0x69732069
7320 >>con4jnb>>coff4 20 bytes
6e >>con3outsb>>coff3
6f >>con3outsd>>coff3
7420 >>con4jz>>coff4 20 bytes
636f64 >>con3movsxd>>coff3 >>con0ebp>>coff0, >>con1dword ptr>>coff1 [>>con0edi>>coff0+100]
65210a
>>endslide
>>newslide
>>color 2
>>delay 20
>>title [Data]
Let's give it explicit context: x86 code:
54 >>con3push>>coff3 >>con0esp>>coff0
6869732069 >>con3push>>coff3 0x69732069
7320 >>con4jnb>>coff4 20 bytes
6e >>con3outsb>>coff3
6f >>con3outsd>>coff3
7420 >>con4jz>>coff4 20 bytes
636f64 >>con3movsxd>>coff3 >>con0ebp>>coff0, >>con1dword ptr>>coff1 [>>con0edi>>coff0+100]
65210a
>>endslide
>>newslide
>>color 2
>>delay 20
>>title [Data]
Let's give it explicit context: x86 code:
54 >>con3push>>coff3 >>con0esp>>coff0
6869732069 >>con3push>>coff3 0x69732069
7320 >>con4jnb>>coff4 20 bytes
6e >>con3outsb>>coff3
6f >>con3outsd>>coff3
7420 >>con4jz>>coff4 20 bytes
636f64 >>con3movsxd>>coff3 >>con0ebp>>coff0, >>con1dword ptr>>coff1 [>>con0edi>>coff0+100]
65210a
>>endslide
>>newslide
>>color 2
>>delay 20
>>title [Data]
Let's give it explicit context: x86 code:
54 >>con3push>>coff3 >>con0esp>>coff0
6869732069 >>con3push>>coff3 0x69732069
7320 >>con4jnb>>coff4 20 bytes
6e >>con3outsb>>coff3
6f >>con3outsd>>coff3
7420 >>con4jz>>coff4 20 bytes
636f64 >>con3movsxd>>coff3 >>con0ebp>>coff0, >>con1dword ptr>>coff1 [>>con0edi>>coff0+100]
65210a
>>endslide
>>newslide
>>color 2
>>delay 20
>>title [Data]
Let's give it explicit context: x86 code:
54 >>con3push>>coff3 >>con0esp>>coff0
6869732069 >>con3push>>coff3 0x69732069
7320 >>con4jnb>>coff4 20 bytes
6e >>con3outsb>>coff3
6f >>con3outsd>>coff3
7420 >>con4jz>>coff4 20 bytes
636f64 >>con3movsxd>>coff3 >>con0ebp>>coff0, >>con1dword ptr>>coff1 [>>con0edi>>coff0+100]
65210a
>>endslide
>>newslide
>>color 2
>>delay 20
>>title [Data]
Let's give it explicit context: x86 code:
54 >>con3push>>coff3 >>con0esp>>coff0
6869732069 >>con3push>>coff3 0x69732069
7320 >>con4jnb>>coff4 20 bytes
6e >>con3outsb>>coff3
6f >>con3outsd>>coff3
7420 >>con4jz>>coff4 20 bytes
636f64 >>con3movsxd>>coff3 >>con0ebp>>coff0, >>con1dword ptr>>coff1 [>>con0edi>>coff0+100]
65210a
>>endslide
>>newslide
>>color 2
>>delay 0
>>title [Data]
Let's give it explicit context: x86 code:
54 >>con3push>>coff3 >>con0esp>>coff0
6869732069 >>con3push>>coff3 0x69732069
7320 >>con4jnb>>coff4 20 bytes
6e >>con3outsb>>coff3
6f >>con3outsd>>coff3
7420 >>con4jz>>coff4 20 bytes
636f64 >>con3movsxd>>coff3 >>con0ebp>>coff0, >>con1dword ptr>>coff1 [>>con0edi>>coff0+100]
65210a >>con3and>>coff3 >>con1dword ptr>>coff1 >>con0gs>>coff0:[>>con0edx>>coff0], >>con0ecx>>coff0
>>endslide
>>newslide
>>color 2
>>title [Data]
Is this meaningful x86 code:
54 >>con3push>>coff3 >>con0esp>>coff0
6869732069 >>con3push>>coff3 0x69732069
7320 >>con4jnb>>coff4 20 bytes
6e >>con3outsb>>coff3
6f >>con3outsd>>coff3
7420 >>con4jz>>coff4 20 bytes
636f64 >>con3movsxd>>coff3 >>con0ebp>>coff0, >>con1dword ptr>>coff1 [>>con0edi>>coff0+100]
65210a >>con3and>>coff3 >>con1dword ptr>>coff1 >>con0gs>>coff0:[>>con0edx>>coff0], >>con0ecx>>coff0
>>endslide
>>newslide
>>color 2
>>title [Data]
Is this meaningful x86 code:
54 >>con3push>>coff3 >>con0esp>>coff0
6869732069 >>con3push>>coff3 0x69732069
7320 >>con4jnb>>coff4 20 bytes
6e >>con3outsb>>coff3
6f >>con3outsd>>coff3
7420 >>con4jz>>coff4 20 bytes
636f64 >>con3movsxd>>coff3 >>con0ebp>>coff0, >>con1dword ptr>>coff1 [>>con0edi>>coff0+100]
65210a >>con3and>>coff3 >>con1dword ptr>>coff1 >>con0gs>>coff0:[>>con0edx>>coff0], >>con0ecx>>coff0
>>con4jnb>>coff4 checks if the >>con5carry flag>>coff5 was set
>>con4jz>>coff4 checks if the >>con5zero flag>>coff5 was set
>>endslide
>>newslide
>>color 2
>>title [Data]
54 >>con3push>>coff3 >>con0esp>>coff0
6869732069 >>con3push>>coff3 0x69732069
7320 >>con4jnb>>coff4 20 bytes
6e >>con3outsb>>coff3
6f >>con3outsd>>coff3
7420 >>con4jz>>coff4 20 bytes
636f64 >>con3movsxd>>coff3 >>con0ebp>>coff0, >>con1dword ptr>>coff1 [>>con0edi>>coff0+100]
65210a >>con3and>>coff3 >>con1dword ptr>>coff1 >>con0gs>>coff0:[>>con0edx>>coff0], >>con0ecx>>coff0
>>con4jnb>>coff4 checks if the >>con5carry flag>>coff5 was set
>>con3push>>coff3 doesn't set the >>con5carry flag>>coff5
>>con4jz>>coff4 checks if the >>con5zero flag>>coff5 was set
>>con3outs>>coff3 doesn't set the >>con5zero flag>>coff5
>>endslide
>>newslide
>>color 2
>>title [Data]
Same data, different context (ASCII)
Data:
54686973206973206e6f7420636f6465210a
>>endslide
>>newslide
>>color 2
>>title [Data]
Same data, different context (ASCII)
Data:
54686973206973206e6f7420636f6465210a
Command:
>>con3echo>>coff3 "54686973206973206e6f7420636f6465210a" |
>>con3xxd>>coff3 -r -p
>>endslide
>>newslide
>>color 2
>>title [Data]
Same data, different context (ASCII)
Data:
54686973206973206e6f7420636f6465210a
Command:
>>con3echo>>coff3 "54686973206973206e6f7420636f6465210a" |
>>con3xxd>>coff3 -r -p
>>con0This is not code!>>coff0
>>endslide
>>newslide
>>color 2
>>title [Code]
How low level should we get?
Python?
>>endslide
>>newslide
>>color 2
>>title [Code]
How low level should we get?
>>con0Python?>>coff0
>>endslide
>>newslide
>>color 2
>>title [Code]
How low level should we get?
>>con0Python?>>coff0
C#?
>>endslide
>>newslide
>>color 2
>>title [Code]
How low level should we get?
>>con0Python?>>coff0
>>con0C#?>>coff0
>>endslide
>>newslide
>>color 2
>>title [Code]
How low level should we get?
>>con0Python?>>coff0
>>con0C#?>>coff0
C?
>>endslide
>>newslide
>>color 2
>>title [Code]
How low level should we get?
>>con0Python?>>coff0
>>con0C#?>>coff0
>>con0C?>>coff0
>>endslide
>>newslide
>>color 2
>>title [Code]
How low level should we get?
>>con0Python?>>coff0
>>con0C#?>>coff0
>>con0C?>>coff0
Assembly?
>>endslide
>>newslide
>>color 2
>>title [Code]
How low level should we get?
>>con0Python?>>coff0
>>con0C#?>>coff0
>>con0C?>>coff0
>>con0Assembly?>>coff0
>>endslide
>>newslide
>>color 2
>>title [Code]
How low level should we get?
>>con0Python?>>coff0
>>con0C#?>>coff0
>>con0C?>>coff0
>>con0Assembly?>>coff0
Machine Code?
>>endslide
>>newslide
>>color 2
>>title [Code]
How low level should we get?
>>con0Python?>>coff0
>>con0C#?>>coff0
>>con0C?>>coff0
>>con0Assembly?>>coff0
>>con1Machine Code?>>coff1
>>endslide
>>newslide
>>color 2
>>title [Levelness]
Why So Low Level?
Why Not just dissassemble and analyze the
assembly language for patterns?
>>endslide
>>newslide
>>color 1
>>title [Alignment]
We are assuming we have an arbitrary chunk of
data...
This means alignment is most likely off;
The data stream is starting in the middle of
an instruction
>>endslide
8984eb225e897608c6460700c6460c00c6460d00
>>newslide
>>color 2
>>title [Alignment]
Let's look at some machine code:
8984eb225e897608c6460700c6460c00c6460d00
>>endslide
>>newslide
>>color 2
>>delay 20
>>title [Alignment]
Let's look at some machine code:
8984eb225e8976
08c6460700c6460c00c6460d00
>>endslide
>>newslide
>>color 2
>>delay 20
>>title [Alignment]
Let's look at some machine code:
8984eb225e8976
>>con3mov>>coff3 >>con1dword ptr>>coff1 [>>con0ebx>>coff0+>>con0ebp>>coff0*8+0x76895e22], >>con0eax>>coff0
08c6460700c6460c00c6460d00
>>endslide
>>newslide
>>color 2
>>delay 20
>>title [Alignment]
Let's look at some machine code:
8984eb225e8976
>>con3mov>>coff3 >>con1dword ptr>>coff1 [>>con0ebx>>coff0+>>con0ebp>>coff0*8+0x76895e22], >>con0eax>>coff0
08c6460700c6460c00c6460d00
>>endslide
>>newslide
>>color 2
>>delay 20
>>title [Alignment]
Let's look at some machine code:
8984eb225e8976
>>con3mov>>coff3 >>con1dword ptr>>coff1 [>>con0ebx>>coff0+>>con0ebp>>coff0*8+0x76895e22], >>con0eax>>coff0
08c6460700c6460c00c6460d00
>>endslide
>>newslide
>>color 2
>>delay 20
>>title [Alignment]
Let's look at some machine code:
8984eb225e8976
>>con3mov>>coff3 >>con1dword ptr>>coff1 [>>con0ebx>>coff0+>>con0ebp>>coff0*8+0x76895e22], >>con0eax>>coff0
08c6460700c6460c00c6460d00
>>endslide
>>newslide
>>color 2
>>delay 20
>>title [Alignment]
Let's look at some machine code:
8984eb225e8976
>>con3mov>>coff3 >>con1dword ptr>>coff1 [>>con0ebx>>coff0+>>con0ebp>>coff0*8+0x76895e22], >>con0eax>>coff0
08c6460700c6460c00c6460d00
>>endslide
>>newslide
>>color 2
>>delay 20
>>title [Alignment]
Let's look at some machine code:
8984eb225e8976
>>con3mov>>coff3 >>con1dword ptr>>coff1 [>>con0ebx>>coff0+>>con0ebp>>coff0*8+0x76895e22], >>con0eax>>coff0
08c6460700c6460c00c6460d00
>>endslide
>>newslide
>>color 2
>>delay 20
>>title [Alignment]
Let's look at some machine code:
8984eb225e8976
>>con3mov>>coff3 >>con1dword ptr>>coff1 [>>con0ebx>>coff0+>>con0ebp>>coff0*8+0x76895e22], >>con0eax>>coff0
08c6460700c6460c00c6460d00
>>endslide
>>newslide
>>color 2
>>delay 20
>>title [Alignment]
Let's look at some machine code:
8984eb225e8976
>>con3mov>>coff3 >>con1dword ptr>>coff1 [>>con0ebx>>coff0+>>con0ebp>>coff0*8+0x76895e22], >>con0eax>>coff0
08c6460700c6460c00c6460d00
>>endslide
>>newslide
>>color 2
>>delay 20
>>title [Alignment]
Let's look at some machine code:
8984eb225e8976
>>con3mov>>coff3 >>con1dword ptr>>coff1 [>>con0ebx>>coff0+>>con0ebp>>coff0*8+0x76895e22], >>con0eax>>coff0
08c6460700c6460c00c6460d00
>>endslide
>>newslide
>>color 2
>>delay 20
>>title [Alignment]
Let's look at some machine code:
8984eb225e8976
>>con3mov>>coff3 >>con1dword ptr>>coff1 [>>con0ebx>>coff0+>>con0ebp>>coff0*8+0x76895e22], >>con0eax>>coff0
08c6460700c6460c00c6460d00
>>endslide
>>newslide
>>color 2
>>delay 20
>>title [Alignment]
Let's look at some machine code:
8984eb225e8976
>>con3mov>>coff3 >>con1dword ptr>>coff1 [>>con0ebx>>coff0+>>con0ebp>>coff0*8+0x76895e22], >>con0eax>>coff0
08c6460700c6460c00c6460d00
>>endslide
>>newslide
>>color 2
>>delay 20
>>title [Alignment]
Let's look at some machine code:
8984eb225e8976
>>con3mov>>coff3 >>con1dword ptr>>coff1 [>>con0ebx>>coff0+>>con0ebp>>coff0*8+0x76895e22], >>con0eax>>coff0
08c6460700c6460c00c6460d00
>>endslide
>>newslide
>>color 2
>>delay 20
>>title [Alignment]
Let's look at some machine code:
8984eb225e8976
>>con3mov>>coff3 >>con1dword ptr>>coff1 [>>con0ebx>>coff0+>>con0ebp>>coff0*8+0x76895e22], >>con0eax>>coff0
08c6460700c6460c00c6460d00
>>endslide
>>newslide
>>color 2
>>delay 20
>>title [Alignment]
Let's look at some machine code:
8984eb225e8976
>>con3mov>>coff3 >>con1dword ptr>>coff1 [>>con0ebx>>coff0+>>con0ebp>>coff0*8+0x76895e22], >>con0eax>>coff0
08c6460700c6460c00c6460d00
>>endslide
>>newslide
>>color 2
>>delay 20
>>title [Alignment]
Let's look at some machine code:
8984eb225e8976
>>con3mov>>coff3 >>con1dword ptr>>coff1 [>>con0ebx>>coff0+>>con0ebp>>coff0*8+0x76895e22], >>con0eax>>coff0
08c6460700c6460c00c6460d00
>>endslide
>>newslide
>>color 2
>>delay 20
>>title [Alignment]
Let's look at some machine code:
8984eb225e8976
>>con3mov>>coff3 >>con1dword ptr>>coff1 [>>con0ebx>>coff0+>>con0ebp>>coff0*8+0x76895e22], >>con0eax>>coff0
08c6 >>con3or>>coff3 >>con0dh>>coff0, >>con0al>>coff0
460700c6460c00c6460d00
>>endslide
>>newslide
>>color 2
>>delay 20
>>title [Alignment]
Let's look at some machine code:
8984eb225e8976
>>con3mov>>coff3 >>con1dword ptr>>coff1 [>>con0ebx>>coff0+>>con0ebp>>coff0*8+0x76895e22], >>con0eax>>coff0
08c6 >>con3or>>coff3 >>con0dh>>coff0, >>con0al>>coff0
460700c6460c00c6460d00
>>endslide
>>newslide
>>color 2
>>delay 20
>>title [Alignment]
Let's look at some machine code:
8984eb225e8976
>>con3mov>>coff3 >>con1dword ptr>>coff1 [>>con0ebx>>coff0+>>con0ebp>>coff0*8+0x76895e22], >>con0eax>>coff0
08c6 >>con3or>>coff3 >>con0dh>>coff0, >>con0al>>coff0
460700c6460c00c6460d00
>>endslide
>>newslide
>>color 2
>>delay 20
>>title [Alignment]
Let's look at some machine code:
8984eb225e8976
>>con3mov>>coff3 >>con1dword ptr>>coff1 [>>con0ebx>>coff0+>>con0ebp>>coff0*8+0x76895e22], >>con0eax>>coff0
08c6 >>con3or>>coff3 >>con0dh>>coff0, >>con0al>>coff0
460700c6460c00c6460d00
>>endslide
>>newslide
>>color 2
>>delay 20
>>title [Alignment]
Let's look at some machine code:
8984eb225e8976
>>con3mov>>coff3 >>con1dword ptr>>coff1 [>>con0ebx>>coff0+>>con0ebp>>coff0*8+0x76895e22], >>con0eax>>coff0
08c6 >>con3or>>coff3 >>con0dh>>coff0, >>con0al>>coff0
460700c6460c00c6460d00
>>endslide
>>newslide
>>color 2
>>delay 20
>>title [Alignment]
Let's look at some machine code:
8984eb225e8976
>>con3mov>>coff3 >>con1dword ptr>>coff1 [>>con0ebx>>coff0+>>con0ebp>>coff0*8+0x76895e22], >>con0eax>>coff0
08c6 >>con3or>>coff3 >>con0dh>>coff0, >>con0al>>coff0
4607 >>con3dw 0x0746>>coff3
00c6460c00c6460d00
>>endslide
>>newslide
>>color 2
>>delay 20
>>title [Alignment]
Let's look at some machine code:
8984eb225e8976
>>con3mov>>coff3 >>con1dword ptr>>coff1 [>>con0ebx>>coff0+>>con0ebp>>coff0*8+0x76895e22], >>con0eax>>coff0
08c6 >>con3or>>coff3 >>con0dh>>coff0, >>con0al>>coff0
4607 >>con3dw 0x0746>>coff3
00c6460c00c6460d00
>>endslide
>>newslide
>>color 2
>>delay 20
>>title [Alignment]
Let's look at some machine code:
8984eb225e8976
>>con3mov>>coff3 >>con1dword ptr>>coff1 [>>con0ebx>>coff0+>>con0ebp>>coff0*8+0x76895e22], >>con0eax>>coff0
08c6 >>con3or>>coff3 >>con0dh>>coff0, >>con0al>>coff0
4607 >>con3dw 0x0746>>coff3
00c6460c00c6460d00
>>endslide
>>newslide
>>color 2
>>delay 20
>>title [Alignment]
Let's look at some machine code:
8984eb225e8976
>>con3mov>>coff3 >>con1dword ptr>>coff1 [>>con0ebx>>coff0+>>con0ebp>>coff0*8+0x76895e22], >>con0eax>>coff0
08c6 >>con3or>>coff3 >>con0dh>>coff0, >>con0al>>coff0
4607 >>con3dw 0x0746>>coff3
00c6460c00c6460d00
>>endslide
>>newslide
>>color 2
>>delay 20
>>title [Alignment]
Let's look at some machine code:
8984eb225e8976
>>con3mov>>coff3 >>con1dword ptr>>coff1 [>>con0ebx>>coff0+>>con0ebp>>coff0*8+0x76895e22], >>con0eax>>coff0
08c6 >>con3or>>coff3 >>con0dh>>coff0, >>con0al>>coff0
4607 >>con3dw 0x0746>>coff3
00c6460c00c6460d00
>>endslide
>>newslide
>>color 2
>>delay 20
>>title [Alignment]
Let's look at some machine code:
8984eb225e8976
>>con3mov>>coff3 >>con1dword ptr>>coff1 [>>con0ebx>>coff0+>>con0ebp>>coff0*8+0x76895e22], >>con0eax>>coff0
08c6 >>con3or>>coff3 >>con0dh>>coff0, >>con0al>>coff0
4607 >>con3dw 0x0746>>coff3
00c6 >>con3add>>coff3 >>con0dh>>coff0, >>con0al>>coff0
460c00c6460d00
>>endslide
>>newslide
>>color 2
>>delay 20
>>title [Alignment]
Let's look at some machine code:
8984eb225e8976
>>con3mov>>coff3 >>con1dword ptr>>coff1 [>>con0ebx>>coff0+>>con0ebp>>coff0*8+0x76895e22], >>con0eax>>coff0
08c6 >>con3or>>coff3 >>con0dh>>coff0, >>con0al>>coff0
4607 >>con3dw 0x0746>>coff3
00c6 >>con3add>>coff3 >>con0dh>>coff0, >>con0al>>coff0
460c00c6460d00
>>endslide
>>newslide
>>color 2
>>delay 20
>>title [Alignment]
Let's look at some machine code:
8984eb225e8976
>>con3mov>>coff3 >>con1dword ptr>>coff1 [>>con0ebx>>coff0+>>con0ebp>>coff0*8+0x76895e22], >>con0eax>>coff0
08c6 >>con3or>>coff3 >>con0dh>>coff0, >>con0al>>coff0
4607 >>con3dw 0x0746>>coff3
00c6 >>con3add>>coff3 >>con0dh>>coff0, >>con0al>>coff0
460c00c6460d00
>>endslide
>>newslide
>>color 2
>>delay 20
>>title [Alignment]
Let's look at some machine code:
8984eb225e8976
>>con3mov>>coff3 >>con1dword ptr>>coff1 [>>con0ebx>>coff0+>>con0ebp>>coff0*8+0x76895e22], >>con0eax>>coff0
08c6 >>con3or>>coff3 >>con0dh>>coff0, >>con0al>>coff0
4607 >>con3dw 0x0746>>coff3
00c6 >>con3add>>coff3 >>con0dh>>coff0, >>con0al>>coff0
460c00c6460d00
>>endslide
>>newslide
>>color 2
>>delay 20
>>title [Alignment]
Let's look at some machine code:
8984eb225e8976
>>con3mov>>coff3 >>con1dword ptr>>coff1 [>>con0ebx>>coff0+>>con0ebp>>coff0*8+0x76895e22], >>con0eax>>coff0
08c6 >>con3or>>coff3 >>con0dh>>coff0, >>con0al>>coff0
4607 >>con3dw 0x0746>>coff3
00c6 >>con3add>>coff3 >>con0dh>>coff0, >>con0al>>coff0
460c00c6460d00
>>endslide
>>newslide
>>color 2
>>delay 20
>>title [Alignment]
Let's look at some machine code:
8984eb225e8976
>>con3mov>>coff3 >>con1dword ptr>>coff1 [>>con0ebx>>coff0+>>con0ebp>>coff0*8+0x76895e22], >>con0eax>>coff0
08c6 >>con3or>>coff3 >>con0dh>>coff0, >>con0al>>coff0
4607 >>con3dw 0x0746>>coff3
00c6 >>con3add>>coff3 >>con0dh>>coff0, >>con0al>>coff0
460c00 >>con3or>>coff3 >>con0al>>coff0, 0
c6460d00
>>endslide
>>newslide
>>color 2
>>delay 20
>>title [Alignment]
Let's look at some machine code:
8984eb225e8976
>>con3mov>>coff3 >>con1dword ptr>>coff1 [>>con0ebx>>coff0+>>con0ebp>>coff0*8+0x76895e22], >>con0eax>>coff0
08c6 >>con3or>>coff3 >>con0dh>>coff0, >>con0al>>coff0
4607 >>con3dw 0x0746>>coff3
00c6 >>con3add>>coff3 >>con0dh>>coff0, >>con0al>>coff0
460c00 >>con3or>>coff3 >>con0al>>coff0, 0
c6460d00
>>endslide
>>newslide
>>color 2
>>delay 20
>>title [Alignment]
Let's look at some machine code:
8984eb225e8976
>>con3mov>>coff3 >>con1dword ptr>>coff1 [>>con0ebx>>coff0+>>con0ebp>>coff0*8+0x76895e22], >>con0eax>>coff0
08c6 >>con3or>>coff3 >>con0dh>>coff0, >>con0al>>coff0
4607 >>con3dw 0x0746>>coff3
00c6 >>con3add>>coff3 >>con0dh>>coff0, >>con0al>>coff0
460c00 >>con3or>>coff3 >>con0al>>coff0, 0
c6460d00
>>endslide
>>newslide
>>color 2
>>delay 20
>>title [Alignment]
Let's look at some machine code:
8984eb225e8976
>>con3mov>>coff3 >>con1dword ptr>>coff1 [>>con0ebx>>coff0+>>con0ebp>>coff0*8+0x76895e22], >>con0eax>>coff0
08c6 >>con3or>>coff3 >>con0dh>>coff0, >>con0al>>coff0
4607 >>con3dw 0x0746>>coff3
00c6 >>con3add>>coff3 >>con0dh>>coff0, >>con0al>>coff0
460c00 >>con3or>>coff3 >>con0al>>coff0, 0
c6460d00
>>endslide
>>newslide
>>color 2
>>delay 20
>>title [Alignment]
Let's look at some machine code:
8984eb225e8976
>>con3mov>>coff3 >>con1dword ptr>>coff1 [>>con0ebx>>coff0+>>con0ebp>>coff0*8+0x76895e22], >>con0eax>>coff0
08c6 >>con3or>>coff3 >>con0dh>>coff0, >>con0al>>coff0
4607 >>con3dw 0x0746>>coff3
00c6 >>con3add>>coff3 >>con0dh>>coff0, >>con0al>>coff0
460c00 >>con3or>>coff3 >>con0al>>coff0, 0
c6460d00
>>endslide
>>newslide
>>color 2
>>delay 20
>>title [Alignment]
Let's look at some machine code:
8984eb225e8976
>>con3mov>>coff3 >>con1dword ptr>>coff1 [>>con0ebx>>coff0+>>con0ebp>>coff0*8+0x76895e22], >>con0eax>>coff0
08c6 >>con3or>>coff3 >>con0dh>>coff0, >>con0al>>coff0
4607 >>con3dw 0x0746>>coff3
00c6 >>con3add>>coff3 >>con0dh>>coff0, >>con0al>>coff0
460c00 >>con3or>>coff3 >>con0al>>coff0, 0
c6460d00
>>endslide
>>newslide
>>color 2
>>delay 0
>>title [Alignment]
Let's look at some machine code:
8984eb225e8976
>>con3mov>>coff3 >>con1dword ptr>>coff1 [>>con0ebx>>coff0+>>con0ebp>>coff0*8+0x76895e22], >>con0eax>>coff0
08c6 >>con3or>>coff3 >>con0dh>>coff0, >>con0al>>coff0
4607 >>con3dw 0x0746>>coff3
00c6 >>con3add>>coff3 >>con0dh>>coff0, >>con0al>>coff0
460c00 >>con3or>>coff3 >>con0al>>coff0, 0
c6460d00 >>con3mov>>coff3 >>con1byte ptr>>coff1[>>con0esi>>coff0+13], 0
>>endslide
>>newslide
>>color 2
>>delay 20
>>title [Alignment]
Let's look at some machine code:
8984eb225e8976
>>con3mov>>coff3 >>con1dword ptr>>coff1 [>>con0ebx>>coff0+>>con0ebp>>coff0*8+0x76895e22], >>con0eax>>coff0
08c6 >>con3or>>coff3 >>con0dh>>coff0, >>con0al>>coff0
4607 >>con3dw 0x0746>>coff3
00c6 >>con3add>>coff3 >>con0dh>>coff0, >>con0al>>coff0
460c00 >>con3or>>coff3 >>con0al>>coff0, 0
c6460d00
>>endslide
>>newslide
>>color 2
>>delay 20
>>title [Alignment]
Let's look at some machine code:
8984eb225e8976
>>con3mov>>coff3 >>con1dword ptr>>coff1 [>>con0ebx>>coff0+>>con0ebp>>coff0*8+0x76895e22], >>con0eax>>coff0
08c6 >>con3or>>coff3 >>con0dh>>coff0, >>con0al>>coff0
4607 >>con3dw 0x0746>>coff3
00c6 >>con3add>>coff3 >>con0dh>>coff0, >>con0al>>coff0
460c00 >>con3or>>coff3 >>con0al>>coff0, 0
c6460d00
>>endslide
>>newslide
>>color 2
>>delay 20
>>title [Alignment]
Let's look at some machine code:
8984eb225e8976
>>con3mov>>coff3 >>con1dword ptr>>coff1 [>>con0ebx>>coff0+>>con0ebp>>coff0*8+0x76895e22], >>con0eax>>coff0
08c6 >>con3or>>coff3 >>con0dh>>coff0, >>con0al>>coff0
4607 >>con3dw 0x0746>>coff3
00c6 >>con3add>>coff3 >>con0dh>>coff0, >>con0al>>coff0
460c00 >>con3or>>coff3 >>con0al>>coff0, 0
c6460d00
>>endslide
>>newslide
>>color 2
>>delay 20
>>title [Alignment]
Let's look at some machine code:
8984eb225e8976
>>con3mov>>coff3 >>con1dword ptr>>coff1 [>>con0ebx>>coff0+>>con0ebp>>coff0*8+0x76895e22], >>con0eax>>coff0
08c6 >>con3or>>coff3 >>con0dh>>coff0, >>con0al>>coff0
4607 >>con3dw 0x0746>>coff3
00c6 >>con3add>>coff3 >>con0dh>>coff0, >>con0al>>coff0
460c00 >>con3or>>coff3 >>con0al>>coff0, 0
c6460d00
>>endslide
>>newslide
>>color 2
>>delay 20
>>title [Alignment]
Let's look at some machine code:
8984eb225e8976
>>con3mov>>coff3 >>con1dword ptr>>coff1 [>>con0ebx>>coff0+>>con0ebp>>coff0*8+0x76895e22], >>con0eax>>coff0
08c6 >>con3or>>coff3 >>con0dh>>coff0, >>con0al>>coff0
4607 >>con3dw 0x0746>>coff3
00c6 >>con3add>>coff3 >>con0dh>>coff0, >>con0al>>coff0
460c00 >>con3or>>coff3 >>con0al>>coff0, 0
c6460d00
>>endslide
>>newslide
>>color 2
>>delay 20
>>title [Alignment]
Let's look at some machine code:
8984eb225e8976
>>con3mov>>coff3 >>con1dword ptr>>coff1 [>>con0ebx>>coff0+>>con0ebp>>coff0*8+0x76895e22], >>con0eax>>coff0
08c6 >>con3or>>coff3 >>con0dh>>coff0, >>con0al>>coff0
4607 >>con3dw 0x0746>>coff3
00c6 >>con3add>>coff3 >>con0dh>>coff0, >>con0al>>coff0
460c00 >>con3or>>coff3 >>con0al>>coff0, 0
c6460d00
>>endslide
>>newslide
>>color 2
>>delay 20
>>title [Alignment]
Let's look at some machine code:
8984eb225e8976
>>con3mov>>coff3 >>con1dword ptr>>coff1 [>>con0ebx>>coff0+>>con0ebp>>coff0*8+0x76895e22], >>con0eax>>coff0
08c6 >>con3or>>coff3 >>con0dh>>coff0, >>con0al>>coff0
4607 >>con3dw 0x0746>>coff3
00c6 >>con3add>>coff3 >>con0dh>>coff0, >>con0al>>coff0
460c00c6460d00
>>endslide
>>newslide
>>color 2
>>delay 20
>>title [Alignment]
Let's look at some machine code:
8984eb225e8976
>>con3mov>>coff3 >>con1dword ptr>>coff1 [>>con0ebx>>coff0+>>con0ebp>>coff0*8+0x76895e22], >>con0eax>>coff0
08c6 >>con3or>>coff3 >>con0dh>>coff0, >>con0al>>coff0
4607 >>con3dw 0x0746>>coff3
00c6 >>con3add>>coff3 >>con0dh>>coff0, >>con0al>>coff0
460c00c6460d00
>>endslide
>>newslide
>>color 2
>>delay 20
>>title [Alignment]
Let's look at some machine code:
8984eb225e8976
>>con3mov>>coff3 >>con1dword ptr>>coff1 [>>con0ebx>>coff0+>>con0ebp>>coff0*8+0x76895e22], >>con0eax>>coff0
08c6 >>con3or>>coff3 >>con0dh>>coff0, >>con0al>>coff0
4607 >>con3dw 0x0746>>coff3
00c6 >>con3add>>coff3 >>con0dh>>coff0, >>con0al>>coff0
460c00c6460d00
>>endslide
>>newslide
>>color 2
>>delay 20
>>title [Alignment]
Let's look at some machine code:
8984eb225e8976
>>con3mov>>coff3 >>con1dword ptr>>coff1 [>>con0ebx>>coff0+>>con0ebp>>coff0*8+0x76895e22], >>con0eax>>coff0
08c6 >>con3or>>coff3 >>con0dh>>coff0, >>con0al>>coff0
4607 >>con3dw 0x0746>>coff3
00c6 >>con3add>>coff3 >>con0dh>>coff0, >>con0al>>coff0
460c00c6460d00
>>endslide
>>newslide
>>color 2
>>delay 20
>>title [Alignment]
Let's look at some machine code:
8984eb225e8976
>>con3mov>>coff3 >>con1dword ptr>>coff1 [>>con0ebx>>coff0+>>con0ebp>>coff0*8+0x76895e22], >>con0eax>>coff0
08c6 >>con3or>>coff3 >>con0dh>>coff0, >>con0al>>coff0
4607 >>con3dw 0x0746>>coff3
00c6 >>con3add>>coff3 >>con0dh>>coff0, >>con0al>>coff0
460c00c6460d00
>>endslide
>>newslide
>>color 2
>>delay 20
>>title [Alignment]
Let's look at some machine code:
8984eb225e8976
>>con3mov>>coff3 >>con1dword ptr>>coff1 [>>con0ebx>>coff0+>>con0ebp>>coff0*8+0x76895e22], >>con0eax>>coff0
08c6 >>con3or>>coff3 >>con0dh>>coff0, >>con0al>>coff0
4607 >>con3dw 0x0746>>coff3
00c6460c00c6460d00
>>endslide
>>newslide
>>color 2
>>delay 20
>>title [Alignment]
Let's look at some machine code:
8984eb225e8976
>>con3mov>>coff3 >>con1dword ptr>>coff1 [>>con0ebx>>coff0+>>con0ebp>>coff0*8+0x76895e22], >>con0eax>>coff0
08c6 >>con3or>>coff3 >>con0dh>>coff0, >>con0al>>coff0
4607 >>con3dw 0x0746>>coff3
00c6460c00c6460d00
>>endslide
>>newslide
>>color 2
>>delay 20
>>title [Alignment]
Let's look at some machine code:
8984eb225e8976
>>con3mov>>coff3 >>con1dword ptr>>coff1 [>>con0ebx>>coff0+>>con0ebp>>coff0*8+0x76895e22], >>con0eax>>coff0
08c6 >>con3or>>coff3 >>con0dh>>coff0, >>con0al>>coff0
4607 >>con3dw 0x0746>>coff3
00c6460c00c6460d00
>>endslide
>>newslide
>>color 2
>>delay 20
>>title [Alignment]
Let's look at some machine code:
8984eb225e8976
>>con3mov>>coff3 >>con1dword ptr>>coff1 [>>con0ebx>>coff0+>>con0ebp>>coff0*8+0x76895e22], >>con0eax>>coff0
08c6 >>con3or>>coff3 >>con0dh>>coff0, >>con0al>>coff0
4607 >>con3dw 0x0746>>coff3
00c6460c00c6460d00
>>endslide
>>newslide
>>color 2
>>delay 20
>>title [Alignment]
Let's look at some machine code:
8984eb225e8976
>>con3mov>>coff3 >>con1dword ptr>>coff1 [>>con0ebx>>coff0+>>con0ebp>>coff0*8+0x76895e22], >>con0eax>>coff0
08c6 >>con3or>>coff3 >>con0dh>>coff0, >>con0al>>coff0
4607 >>con3dw 0x0746>>coff3
00c6460c00c6460d00
>>endslide
>>newslide
>>color 2
>>delay 20
>>title [Alignment]
Let's look at some machine code:
8984eb225e8976
>>con3mov>>coff3 >>con1dword ptr>>coff1 [>>con0ebx>>coff0+>>con0ebp>>coff0*8+0x76895e22], >>con0eax>>coff0
08c6 >>con3or>>coff3 >>con0dh>>coff0, >>con0al>>coff0
460700c6460c00c6460d00
>>endslide
>>newslide
>>color 2
>>delay 20
>>title [Alignment]
Let's look at some machine code:
8984eb225e8976
>>con3mov>>coff3 >>con1dword ptr>>coff1 [>>con0ebx>>coff0+>>con0ebp>>coff0*8+0x76895e22], >>con0eax>>coff0
08c6 >>con3or>>coff3 >>con0dh>>coff0, >>con0al>>coff0
460700c6460c00c6460d00
>>endslide
>>newslide
>>color 2
>>delay 20
>>title [Alignment]
Let's look at some machine code:
8984eb225e8976
>>con3mov>>coff3 >>con1dword ptr>>coff1 [>>con0ebx>>coff0+>>con0ebp>>coff0*8+0x76895e22], >>con0eax>>coff0
08c6 >>con3or>>coff3 >>con0dh>>coff0, >>con0al>>coff0
460700c6460c00c6460d00
>>endslide
>>newslide
>>color 2
>>delay 20
>>title [Alignment]
Let's look at some machine code:
8984eb225e8976
>>con3mov>>coff3 >>con1dword ptr>>coff1 [>>con0ebx>>coff0+>>con0ebp>>coff0*8+0x76895e22], >>con0eax>>coff0
08c6 >>con3or>>coff3 >>con0dh>>coff0, >>con0al>>coff0
460700c6460c00c6460d00
>>endslide
>>newslide
>>color 2
>>delay 20
>>title [Alignment]
Let's look at some machine code:
8984eb225e8976
>>con3mov>>coff3 >>con1dword ptr>>coff1 [>>con0ebx>>coff0+>>con0ebp>>coff0*8+0x76895e22], >>con0eax>>coff0
08c6 >>con3or>>coff3 >>con0dh>>coff0, >>con0al>>coff0
460700c6460c00c6460d00
>>endslide
>>newslide
>>color 2
>>delay 20
>>title [Alignment]
Let's look at some machine code:
8984eb225e8976
>>con3mov>>coff3 >>con1dword ptr>>coff1 [>>con0ebx>>coff0+>>con0ebp>>coff0*8+0x76895e22], >>con0eax>>coff0
08c6460700c6460c00c6460d00
>>endslide
>>newslide
>>color 2
>>delay 20
>>title [Alignment]
Let's look at some machine code:
8984eb225e8976
>>con3mov>>coff3 >>con1dword ptr>>coff1 [>>con0ebx>>coff0+>>con0ebp>>coff0*8+0x76895e22], >>con0eax>>coff0
08c6460700c6460c00c6460d00
>>endslide
>>newslide
>>color 2
>>delay 20
>>title [Alignment]
Let's look at some machine code:
8984eb225e8976
>>con3mov>>coff3 >>con1dword ptr>>coff1 [>>con0ebx>>coff0+>>con0ebp>>coff0*8+0x76895e22], >>con0eax>>coff0
08c6460700c6460c00c6460d00
>>endslide
>>newslide
>>color 2
>>delay 20
>>title [Alignment]
Let's look at some machine code:
8984eb225e8976
>>con3mov>>coff3 >>con1dword ptr>>coff1 [>>con0ebx>>coff0+>>con0ebp>>coff0*8+0x76895e22], >>con0eax>>coff0
08c6460700c6460c00c6460d00
>>endslide
>>newslide
>>color 2
>>delay 20
>>title [Alignment]
Let's look at some machine code:
8984eb225e8976
>>con3mov>>coff3 >>con1dword ptr>>coff1 [>>con0ebx>>coff0+>>con0ebp>>coff0*8+0x76895e22], >>con0eax>>coff0
08c6460700c6460c00c6460d00
>>endslide
>>newslide
>>color 2
>>delay 20
>>title [Alignment]
Let's look at some machine code:
8984eb225e8976
>>con3mov>>coff3 >>con1dword ptr>>coff1 [>>con0ebx>>coff0+>>con0ebp>>coff0*8+0x76895e22], >>con0eax>>coff0
08c6460700c6460c00c6460d00
>>endslide
>>newslide
>>color 2
>>delay 20
>>title [Alignment]
Let's look at some machine code:
8984eb225e8976
>>con3mov>>coff3 >>con1dword ptr>>coff1 [>>con0ebx>>coff0+>>con0ebp>>coff0*8+0x76895e22], >>con0eax>>coff0
08c6460700c6460c00c6460d00
>>endslide
>>newslide
>>color 2
>>delay 20
>>title [Alignment]
Let's look at some machine code:
8984eb225e8976
>>con3mov>>coff3 >>con1dword ptr>>coff1 [>>con0ebx>>coff0+>>con0ebp>>coff0*8+0x76895e22], >>con0eax>>coff0
08c6460700c6460c00c6460d00
>>endslide
>>newslide
>>color 2
>>delay 20
>>title [Alignment]
Let's look at some machine code:
8984eb225e8976
>>con3mov>>coff3 >>con1dword ptr>>coff1 [>>con0ebx>>coff0+>>con0ebp>>coff0*8+0x76895e22], >>con0eax>>coff0
08c6460700c6460c00c6460d00
>>endslide
>>newslide
>>color 2
>>delay 20
>>title [Alignment]
Let's look at some machine code:
8984eb225e8976
>>con3mov>>coff3 >>con1dword ptr>>coff1 [>>con0ebx>>coff0+>>con0ebp>>coff0*8+0x76895e22], >>con0eax>>coff0
08c6460700c6460c00c6460d00
>>endslide
>>newslide
>>color 2
>>delay 20
>>title [Alignment]
Let's look at some machine code:
8984eb225e8976
>>con3mov>>coff3 >>con1dword ptr>>coff1 [>>con0ebx>>coff0+>>con0ebp>>coff0*8+0x76895e22], >>con0eax>>coff0
08c6460700c6460c00c6460d00
>>endslide
>>newslide
>>color 2
>>delay 20
>>title [Alignment]
Let's look at some machine code:
8984eb225e8976
>>con3mov>>coff3 >>con1dword ptr>>coff1 [>>con0ebx>>coff0+>>con0ebp>>coff0*8+0x76895e22], >>con0eax>>coff0
08c6460700c6460c00c6460d00
>>endslide
>>newslide
>>color 2
>>delay 20
>>title [Alignment]
Let's look at some machine code:
8984eb225e8976
>>con3mov>>coff3 >>con1dword ptr>>coff1 [>>con0ebx>>coff0+>>con0ebp>>coff0*8+0x76895e22], >>con0eax>>coff0
08c6460700c6460c00c6460d00
>>endslide
>>newslide
>>color 2
>>delay 20
>>title [Alignment]
Let's look at some machine code:
8984eb225e8976
>>con3mov>>coff3 >>con1dword ptr>>coff1 [>>con0ebx>>coff0+>>con0ebp>>coff0*8+0x76895e22], >>con0eax>>coff0
08c6460700c6460c00c6460d00
>>endslide
>>newslide
>>color 2
>>delay 20
>>title [Alignment]
Let's look at some machine code:
8984eb225e8976
>>con3mov>>coff3 >>con1dword ptr>>coff1 [>>con0ebx>>coff0+>>con0ebp>>coff0*8+0x76895e22], >>con0eax>>coff0
08c6460700c6460c00c6460d00
>>endslide
>>newslide
>>color 2
>>delay 20
>>title [Alignment]
Let's look at some machine code:
8984eb225e8976
08c6460700c6460c00c6460d00
>>endslide
>>newslide
>>color 2
>>delay 0
>>title [Alignment]
Let's look at some machine code:
8984eb225e897608c6460700c6460c00c6460d00
>>endslide
>>newslide
>>color 2
>>title [Alignment]
Let's look at some machine code:
>>con08984>>coff0eb225e897608c6460700c6460c00c6460d00
>>endslide
>>newslide
>>color 2
>>title [Alignment]
Let's look at some machine code:
eb225e897608c6460700c6460c00c6460d00
>>endslide
>>newslide
>>color 2
>>title [Alignment]
Let's look at some machine code:
eb225e897608c6460700c6460c00c6460d00
>>endslide
>>newslide
>>color 2
>>delay 20
>>title [Alignment]
Let's look at some machine code:
eb225e897608c6460700c6460c00c6460d00
>>endslide
>>newslide
>>color 2
>>delay 20
>>title [Alignment]
Let's look at some machine code:
eb22 >>con3jmp>>coff3 22 bytes
5e897608c6460700c6460c00c6460d00
>>endslide
>>newslide
>>color 2
>>delay 20
>>title [Alignment]
Let's look at some machine code:
eb22 >>con3jmp>>coff3 22 bytes
5e897608c6460700c6460c00c6460d00
>>endslide
>>newslide
>>color 2
>>delay 20
>>title [Alignment]
Let's look at some machine code:
eb22 >>con3jmp>>coff3 22 bytes
5e897608c6460700c6460c00c6460d00
>>endslide
>>newslide
>>color 2
>>delay 20
>>title [Alignment]
Let's look at some machine code:
eb22 >>con3jmp>>coff3 22 bytes
5e897608c6460700c6460c00c6460d00
>>endslide
>>newslide
>>color 2
>>delay 20
>>title [Alignment]
Let's look at some machine code:
eb22 >>con3jmp>>coff3 22 bytes
5e >>con3pop>>coff3 >>con0esi>>coff0
897608c6460700c6460c00c6460d00
>>endslide
>>newslide
>>color 2
>>delay 20
>>title [Alignment]
Let's look at some machine code:
eb22 >>con3jmp>>coff3 22 bytes
5e >>con3pop>>coff3 >>con0esi>>coff0
897608c6460700c6460c00c6460d00
>>endslide
>>newslide
>>color 2
>>delay 20
>>title [Alignment]
Let's look at some machine code:
eb22 >>con3jmp>>coff3 22 bytes
5e >>con3pop>>coff3 >>con0esi>>coff0
897608c6460700c6460c00c6460d00
>>endslide
>>newslide
>>color 2
>>delay 20
>>title [Alignment]
Let's look at some machine code:
eb22 >>con3jmp>>coff3 22 bytes
5e >>con3pop>>coff3 >>con0esi>>coff0
897608 >>con3mov>>coff3 >>con1dword ptr>>coff1 [>>con0esi>>coff0+8], >>con0esi>>coff0
c6460700c6460c00c6460d00
>>endslide
>>newslide
>>color 2
>>delay 20
>>title [Alignment]
Let's look at some machine code:
eb22 >>con3jmp>>coff3 22 bytes
5e >>con3pop>>coff3 >>con0esi>>coff0
897608 >>con3mov>>coff3 >>con1dword ptr>>coff1 [>>con0esi>>coff0+8], >>con0esi>>coff0
c6460700c6460c00c6460d00
>>endslide
>>newslide
>>color 2
>>delay 20
>>title [Alignment]
Let's look at some machine code:
eb22 >>con3jmp>>coff3 22 bytes
5e >>con3pop>>coff3 >>con0esi>>coff0
897608 >>con3mov>>coff3 >>con1dword ptr>>coff1 [>>con0esi>>coff0+8], >>con0esi>>coff0
c6460700c6460c00c6460d00
>>endslide
>>newslide
>>color 2
>>delay 20
>>title [Alignment]
Let's look at some machine code:
eb22 >>con3jmp>>coff3 22 bytes
5e >>con3pop>>coff3 >>con0esi>>coff0
897608 >>con3mov>>coff3 >>con1dword ptr>>coff1 [>>con0esi>>coff0+8], >>con0esi>>coff0
c6460700c6460c00c6460d00
>>endslide
>>newslide
>>color 2
>>delay 20
>>title [Alignment]
Let's look at some machine code:
eb22 >>con3jmp>>coff3 22 bytes
5e >>con3pop>>coff3 >>con0esi>>coff0
897608 >>con3mov>>coff3 >>con1dword ptr>>coff1 [>>con0esi>>coff0+8], >>con0esi>>coff0
c6460700c6460c00c6460d00
>>endslide
>>newslide
>>color 2
>>delay 20
>>title [Alignment]
Let's look at some machine code:
eb22 >>con3jmp>>coff3 22 bytes
5e >>con3pop>>coff3 >>con0esi>>coff0
897608 >>con3mov>>coff3 >>con1dword ptr>>coff1 [>>con0esi>>coff0+8], >>con0esi>>coff0
c6460700c6460c00c6460d00
>>endslide
>>newslide
>>color 2
>>delay 20
>>title [Alignment]
Let's look at some machine code:
eb22 >>con3jmp>>coff3 22 bytes
5e >>con3pop>>coff3 >>con0esi>>coff0
897608 >>con3mov>>coff3 >>con1dword ptr>>coff1 [>>con0esi>>coff0+8], >>con0esi>>coff0
c6460700c6460c00c6460d00
>>endslide
>>newslide
>>color 2
>>delay 20
>>title [Alignment]
Let's look at some machine code:
eb22 >>con3jmp>>coff3 22 bytes
5e >>con3pop>>coff3 >>con0esi>>coff0
897608 >>con3mov>>coff3 >>con1dword ptr>>coff1 [>>con0esi>>coff0+8], >>con0esi>>coff0
c6460700 >>con3mov>>coff3 >>con1byte ptr>>coff1 [>>con0esi>>coff0+7], 0
c6460c00c6460d00
>>endslide
>>newslide
>>color 2
>>delay 20
>>title [Alignment]
Let's look at some machine code:
eb22 >>con3jmp>>coff3 22 bytes
5e >>con3pop>>coff3 >>con0esi>>coff0
897608 >>con3mov>>coff3 >>con1dword ptr>>coff1 [>>con0esi>>coff0+8], >>con0esi>>coff0
c6460700 >>con3mov>>coff3 >>con1byte ptr>>coff1 [>>con0esi>>coff0+7], 0
c6460c00c6460d00
>>endslide
>>newslide
>>color 2
>>delay 20
>>title [Alignment]
Let's look at some machine code:
eb22 >>con3jmp>>coff3 22 bytes
5e >>con3pop>>coff3 >>con0esi>>coff0
897608 >>con3mov>>coff3 >>con1dword ptr>>coff1 [>>con0esi>>coff0+8], >>con0esi>>coff0
c6460700 >>con3mov>>coff3 >>con1byte ptr>>coff1 [>>con0esi>>coff0+7], 0
c6460c00c6460d00
>>endslide
>>newslide
>>color 2
>>delay 20
>>title [Alignment]
Let's look at some machine code:
eb22 >>con3jmp>>coff3 22 bytes
5e >>con3pop>>coff3 >>con0esi>>coff0
897608 >>con3mov>>coff3 >>con1dword ptr>>coff1 [>>con0esi>>coff0+8], >>con0esi>>coff0
c6460700 >>con3mov>>coff3 >>con1byte ptr>>coff1 [>>con0esi>>coff0+7], 0
c6460c00c6460d00
>>endslide
>>newslide
>>color 2
>>delay 20
>>title [Alignment]
Let's look at some machine code:
eb22 >>con3jmp>>coff3 22 bytes
5e >>con3pop>>coff3 >>con0esi>>coff0
897608 >>con3mov>>coff3 >>con1dword ptr>>coff1 [>>con0esi>>coff0+8], >>con0esi>>coff0
c6460700 >>con3mov>>coff3 >>con1byte ptr>>coff1 [>>con0esi>>coff0+7], 0
c6460c00c6460d00
>>endslide
>>newslide
>>color 2
>>delay 20
>>title [Alignment]
Let's look at some machine code:
eb22 >>con3jmp>>coff3 22 bytes
5e >>con3pop>>coff3 >>con0esi>>coff0
897608 >>con3mov>>coff3 >>con1dword ptr>>coff1 [>>con0esi>>coff0+8], >>con0esi>>coff0
c6460700 >>con3mov>>coff3 >>con1byte ptr>>coff1 [>>con0esi>>coff0+7], 0
c6460c00c6460d00
>>endslide
>>newslide
>>color 2
>>delay 20
>>title [Alignment]
Let's look at some machine code:
eb22 >>con3jmp>>coff3 22 bytes
5e >>con3pop>>coff3 >>con0esi>>coff0
897608 >>con3mov>>coff3 >>con1dword ptr>>coff1 [>>con0esi>>coff0+8], >>con0esi>>coff0
c6460700 >>con3mov>>coff3 >>con1byte ptr>>coff1 [>>con0esi>>coff0+7], 0
c6460c00c6460d00
>>endslide
>>newslide
>>color 2
>>delay 20
>>title [Alignment]
Let's look at some machine code:
eb22 >>con3jmp>>coff3 22 bytes
5e >>con3pop>>coff3 >>con0esi>>coff0
897608 >>con3mov>>coff3 >>con1dword ptr>>coff1 [>>con0esi>>coff0+8], >>con0esi>>coff0
c6460700 >>con3mov>>coff3 >>con1byte ptr>>coff1 [>>con0esi>>coff0+7], 0
c6460c00c6460d00
>>endslide
>>newslide
>>color 2
>>delay 20
>>title [Alignment]
Let's look at some machine code:
eb22 >>con3jmp>>coff3 22 bytes