4.1 Program hack
20135206 at Jia Xin
?
Basic directives:
The NOP:NOP instruction is the "null instruction". When executing to the NOP instruction, the CPU does nothing, just as an instruction to execute the past and continue executing a command behind NOP. (Machine code: 90)
JNE: Conditional transfer directives, if not equal, jumps. (Machine code: 75)
JE: Conditional transfer instruction, if equal, jumps. (Machine code: 74)
JMP: Unconditional transfer instructions. Direct transfer within the section of JMP Short (machine code: EB) directly within the section of JMP near (machine code: E9) Section indirectly transfer JMP Word (Machine code: FF) between segments Direct (FAR) Transfer JMP remote (machine code: EA)
CMP: Compare instruction, function equivalent to subtraction instruction, just compare operation between operands, do not save result. After the CMP directive executes, it affects the flag register. Other relevant instructions are identified by identifying these affected flag register bits to get a comparison result.
?
Write a simple program 11.c
use Span style= "font-family:arial; Background-color:white ">objdump – d view main
Span style= "font-family:arial; Background-color:white ">main The assembly code of the function can be seen in the call" scanf " function request input, to [esp+0x1c] [esp+0x18] Two the contents of the memory units were compared, The effect should be to compare user input and preset passwords.
jne is a conditional jump, and if the condition is met, jump to 8048486 ;
jne the next two lines are the output content;
jmp is a jump statement (no conditions, then jump directly), jump directly to the 8048492 ;
jmp the next two lines are also the output content.
jnerepresents a jump when comparisons are not equal. In other words, when the input is not equal to the saved password, jump tojmpNext linemov, if the comparison results are equal, the executionjnenext two linesmov,CALLQline, description, executionmov,CALLQThe line output is " Right".
Complete three conversions below
- No matter the input is correct or not, you can log in normally.
Use VI Editor Entry One ,
Input: % ! xxd
will be 0e instead XX:
then enter: % ! xxd –R
Input: Wq
Use Objdump – D -One View Main
Run the program 11.c
Enter the wrong password to display Right
- No matter whether the input is correct or not, you can not log in normally.
Similarly
will be 750e Change into eb0e (EB for unconditional jump )
Run the program
Enter the correct password to display wrong
- Enter the correct password can not log in, enter the wrong password to login
Similarly
will be the Change into About
Run the program
Enter the wrong password to display Right
Enter the correct password to display wrong
4.1 Program hack