// CHEATSHEET_DATABASE

Reference material for your training session.

0x01: Strings & Comparison (Lvl 1)

C Functions

Function Purpose
strcmp(s1, s2) Returns 0 if strings match.
strncmp(s1, s2, n) Compare first n chars.
strlen(s) Get string length.

RE Concepts

  • Strings Command: strings binary.exe -> dumps all ASCII strings.
  • Hardcoded Secrets: Passwords stored in plain text in the `.data` or `.rdata` section.
  • Memory: Strings are null-terminated (end with \0).

0x02: Logic & Bitwise (Lvl 2)

Truth Tables

Op Code Desc
AND & 1 if both are 1.
OR | 1 if either is 1.
XOR ^ 1 if different. (Key Property: A^B=C, C^B=A)

Assembly Math

  • XOR EAX, EAX -> Zero out register (EAX = 0).
  • TEST EAX, EAX -> Check if 0.
  • CMP EAX, EBX -> Compare numbers.

0x03: Functions & Data (Lvl 3)

Following the Flow

Data is passed to functions via Registers (x64) or Stack (x86).

// Helper Function Example
int check(int a) {
    return a + 5;
}

// Main
if (check(input) == 10) ... 
// This means input MUST be 5.

Tip: In Ghidra, double-click a function name to "Step Into" it and see what it does.

0x04: Control Flow (Lvl 4)

State Machines & Loops

State Variable: A variable (usually int state) tracks progress.

Switch/Case: Compiled as a "Jump Table" or series of CMP/JE.

Break: Look for jumps that leave the loop structure.

while(state != DONE) {
    if (state == 0) { ... state = 1; }
    else if (state == 1) { ... }
}

GHIDRA SHORTCUTS

Key Action
G Go to Address (Jump to mock memory).
L Re-label / Rename a variable or function.
; Add a comment.
Ctrl+E Show/Hide Entropy (Not in mock, but real life).
F5 Decompile (Refresh).