The core principle of reverse engineering reading notes (1)

Tools

ollydbg Free Win32 Professional Debugging tools.

Professional Debugging Tools for the IDA Pro fee, powerful.

Four ways to set up "base Camp"

(1) Goto command shortcut key is Ctrl+g, currently will be based on the address to find out, there should be other uses.

(2) Set breakpoint, shortcut key F2. Set a breakpoint at the point you feel important, and you can stop automatically ctrl+f9 the next time you run to the breakpoint.

(3) Note, shortcut key is; must be a semicolon in English.

(4) Label, shortcut key is: also must be the English colon.

Four ways to find code quickly

(1) Code execution method

(2) String retrieval method; right mouse button lookup: all string references.

(3) API retrieval method One: Set breakpoints in the calling code.

(4) API retrieval Method Two: Set breakpoints in the API code.

Two ways to modify a string

(1) Modify the string buffer directly. Something simple and intuitive, the disadvantage of modified string can not be longer than the original string.

(2) Create a string in another memory area and pass it to the reference function. The advantage is that it can be arbitrarily modified, and the disadvantage is that the transfer process setup is complex.

Some shortcut keys and assembly instructions

Ctrl+e editing data

Space Edit assembly code

Call xxxx function to invoke XXXX

jmp xxxx jump to xxxx place

Push XXXX saves xxxx to the stack

Retn jump to the address saved in the stack

The core principle of reverse engineering reading notes (1)