OD commissioning the first Win32 program

OD Debug One: Modification of the first WIN32 program

In the process of software development, programmers use debugging tools to efficiently identify errors that exist in the software. In the field of reverse analysis, the analyst will also use the relevant debugging tools to analyze the software behavior and verify the analysis results. Because the operating system will provide a complete debugging interface, so the use of various debugging tools can be very convenient and flexible to observe and control the target software. In the process of using the Debug tool to parse the program, the program executes as instructed by the debugger.

Debugging is divided into dynamic analysis technology and static analysis technology.

Dynamic analysis technology refers to the use of debugging tools to load the program and run, as the program runs, the debugger can interrupt the target's instruction process at any time in order to observe the results of the relevant calculations and the current equipment situation.

The static analysis technique is relative to the dynamic analysis. Because in the actual analysis, many occasions are inconvenient to run the target (such as virus program, device incompatibility, a separate module of the software). Then this is the time for static analysis technology to play!

The two tools, OD (ollydbg) and Ida Pro, are the reverse leaning sword and Dragon Slayer. While both are compatible with dynamic and static debugging, OD is more flexible and powerful in terms of dynamic debugging, while the King of static debugging tools is rightfully the most powerful Ida Pro.

1. assembly code corresponding to the Address window

2. Hexadecimal Machine Code window for assembly code

3. Disassembly window

4. Annotation Information window for disassembly code

5. Register Information window

6. Information window for the disassembly code currently being executed

7~9. The memory address, hexadecimal, ASCII code where the data resides

10~12. stack address, stored data, corresponding description information

Task requirements: Change the program's title "I Love Fishc.com" to "Iam Jiayuntian" via OD

Specific procedures:

Open OD. Press F3 to load the program hello.exe.

A cursory view of the assembly code, found to be some messy things. CTRL+F2 Reload the program back into the entry point Oep. Always press F8 to step through, notice the changes in the information around the window, always press the dialog box appears. At this point, stop at the call.

On this line, press F2 to set the breakpoint (or double-click the line), Ctrl+f2 Reload, press F9 to run to the breakpoint, and press F7 to step into the call.

After entering here, continue to press F8 to step down.

Here we find the place we want to modify.

In the lower left data window, press CTRL+G, type address 00422030, confirm

In the first line of the place by the space, modify the title content: here should note that 16 binary digits should be added at the end of 00 (because the string is the end of the 0, C language programming has learned. ）

Click OK to complete the modification. Press F9 to continue executing the program.

Modified to this success.

OD commissioning the first Win32 program