64-Bit Hints at Malware Functionality
Certain features in 64-bit code can provide additional clues to malware functionality that are not available in 32-bit code. These features are conventional and generally apply only to compiler-generated code.
For example, it is typically easier in 64-bit code to differentiate between pointers and data values. The most common size for storing integers is 32 bits, although that is not a requirement. Still, even when simply storing an index value that iterates from 1 to 100, most programmers will choose a 32-bit integer for storage.
Table 21-1 shows the 32-bit and 64-bit versions of the same function call.
Table 21-1. 32-bit and 64-bit Function Calls with Two Parameters
32-bit assembly listing | 64-bit assembly listing ... |
---|
Get Practical Malware Analysis now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.