Reputation: 13
How to identify data type from opcode?
Suppose I have the following bytes in the .data segment of a PE file opened in IDA:
32 A2 DF 2D 99 2B 00 00 CD 5D 20 D2 66 D4 FF FF
01 00 D2 8B 0A 35 60 BD F1 C9 D6 5D 6C 59 51 D5
24 FD 02 F5 43 26 29 79 53 3E B0 FB 2B 97 BF 5E
I was wondering how do I identify the data type from above (i.e., INT, Floating-point, etc.).
By the look of it, you could tell it is not a string since it contain bytes that are not in ASCII table, unless it is Unicode characters.
I tried to create a C program containing floating-points and integers with different values to see if there is a pattern defining the data type, but unfortunately, I couldn't find any pattern. The bytes completely change when you change the floating-point value.
I was wondering if you could help how do we identify the data type from above?
Upvotes: 0
Views: 130
Answers (1)
Reputation: 213706
I was wondering if you could help how do we identify the data type from above?
In general, you can't.
For all you know this is a string of random bytes used to seed some PRNG, or a public key used to verify some signature, or a part of compressed ASCII string.
Only if you know something about the program can you make some guesses.
Upvotes: 1
Related Questions
- Is there any function or way to find datatype of a variable in C
- how to derive the types of the following data types from assembly code
- Is it possible to find the datatype of a variable in C?
- how to reverse-engineer the C integer type from the assembly code?
- How to determine obscure c types
- Detecting the data type by reading a string
- How to know the Data type of a variable of unknown type in C?
- Finding datatype of given Input
- How to interpret the opcode manually?
- Identifying data type of a value in memory in C?