<>[ Reverse entry ] backward analysis Hello World program

<>0X00 preface

​ A month later , After reading the compilation , After formally entering reverse learning , I finally thought of updating my blog . I've been watching it recently 《 Core principles of reverse engineering 》( Li Chengyuan Writing ), At the beginning of this paper, we introduce an introduction about Hello
World Reverse analysis of program . It was fun , Let reverse and update Hello World Let's go .

​ My goal is to change the display to “Hello CiSuKid!”

<>0X01 Write a Hello World

​ A simple one C program , The compiler I use is Dev-C++ 5.4.0, Application files obtained with different compilers may be OD Get different assembly code in the window of .

​ The code is as follows :
#include <stdio.h> int main(){ printf ("Hello world!!"); return 0; }
​ Compiled successfully , Get a wonderful one Hello world Applets , We're going to do it next .

<>0X02 Open up

​ Drag in OD, Run a wave first :

​ Normal operation .

​ The code near the entry point has little to do with what we're going to do , Just enjoy it , When I need to study in the future .

​ The main goal now is to find main Medium printf function .

​ Because I already know that echo is a “Hello world!!”, We can try to check the characters .

​ Right click – Chinese search engine – search ASCⅡ( Yes , I use the Chinese version OD, Some compilers may default UNICODE, Try everything when you don't understand .)

​ Found a beautiful one Hello world!! Double click it . The tracking screen is as follows :

​ It's not hard to see the standard stack frame and the printf Function call , I think in the picture 004013B0 mean main Function entry .

​ F2 Next breakpoint ,F9 Run here .

​ At this point, pay attention to the register and the stack ,F8 Item by item .

​ In the observation chart 004013BE You can see the code at , Program from memory 00403064 Transfer from "Hello world!!" Characters are used for subsequent calls printf Function output to the display screen .

​ From data window Ctrl+G Access memory 00403064 place , The picture is as follows :

​ In this case, only Ctrl+E Change the calling character to “Hello
CiSuKid!” that will do ( The length of the character should not occupy the following non 0 data , With at least two bytes reserved 0 data ), Operate as follows :

​ Next, continue to run , You can get the agreed output , as follows :

Come here , My purpose was achieved .

<>0X03 summary

​ In fact, it only goes through the above steps , The application is exiting at OD After running, the result will still be “Hello world!!”.

​ If you want to change the application , You can select the modified data in the following figure .

​ Right click – Copy to executable , And in the pop-up window, right-click to save the file to get a patched Hello world application program .

​ But because of my programming problem , Causes to run when not debugged , It'll flash by, and you can't see the output of the change , Next time you design a similar program, you can add one getchar();
My love cracked account ,ID:CiSuKid Have a good time!

©2019-2020 Toolsou All rights reserved,
c Language implementation 《 Student management system 》 No hole is the future of mobile phone ? There are still many problems to be solved Junior , A little sense , Just for mutual encouragement How to use Vue Used in Echarts Visual Library The 11th Blue Bridge Cup Java The second provincial competition B Group part Python- be based on OpenCV Contour fill for flooding algorithm hole filling 【C#】 The realization of student achievement information management system List Common interview questions in the collection and simple ideas China Mobile Science Popularization : Why do mobile networks call “ Cellular mobile network ”【Golang Basic series 10 】Go language On conditional sentences if