Linux Practice program hack

Program hack

I. Create 1.C Documents

Second, compile and view

The command is: Gcc-o 1 1.c

Disassembly: objdump-d 1

Third, turn 16 into the system

Command::%! Xxd

The assembly code of the main function shows that the programcompares the contents of [esp+0x1c] and [esp+0x18] two memory cells after invoking the "scanf" function request input, which should be compared with user input and preset password. that is, the default password is stored in the local variable [esp+0x1c].

Iv. Change 750c to 7500

V. Turn 16 into the system

Vi. Summary of Studies

The NOP:NOP instruction is the "null instruction". When executing to the NOP instruction, the CPU does nothing, just as an instruction to execute the past and continue executing a command behind NOP. (Machine code: 90)

JNE: Conditional transfer directives, if not equal, jumps. (Machine code: 75)

JE: Conditional transfer instruction, if equal, jumps. (Machine code: 74)

JMP: Unconditional transfer instructions.

Short transfer in JMP (machine code: EB)

Direct close transfer in JMP near (machine code: E9)

Indirect transfer in JMP Word (machine code: FF)

Direct (FAR) transfer between segments JMP remote (Machine code: EA)

CMP: Compare instruction, function equivalent to subtraction instruction, just compare operation between operands, do not save result. After the CMP directive executes, it affects the flag register. Other relevant instructions are identified by identifying these affected flag register bits to get a comparison result.

Linux Practice program hack