1. All software runs in memory (in a digital way);
2. The arrangement of menus in the menu bar is stored in a file before each operation;
3. The place where interface information is stored is "resource file"; [This is just one of the ways, now it's all xml configuration (external file configuration), it's another (self-drawn interface library, for dynamic loading), you can modify the xml file, but generally there is a check]
(Large-scale software basically uses XML, because the interface can be updated without updating the exe, and the XML can be updated)
4. Find the resource file of the program and modify it to achieve the modification effect;
1. The resource file (saved in the exe)
2. Use external file configuration (high flexibility)
The most core mechanism on Windows:
event-driven
message mechanism
message loop
Windows message mechanism:
menu message: WM_COMMAND+WPARAM[ID]
Windows message loop: The application obtains various messages through the The corresponding window procedure function processes the message; it is the message loop that enables an application to respond,
such as : move the mouse -> the event of the operating system <- the application takes it by itself
This top is a WM message.
PE file segment:
.text (code segment)
.data (data segment)
.rsrc (resource segment)
When programming and manipulating strings, use unsafe functions or variables with large spaces
such as :
There is a lot of other space in char str[255]
. We can execute the code we want to execute through buffer overflow, rewrite the data in it, and rewrite it into the corresponding data of the assembly. Then execute,
use the program's high privileges to do evil things (antivirus, and certified in Microsoft)
2. The arrangement of menus in the menu bar is stored in a file before each operation;
3. The place where interface information is stored is "resource file"; [This is just one of the ways, now it's all xml configuration (external file configuration), it's another (self-drawn interface library, for dynamic loading), you can modify the xml file, but generally there is a check]
(Large-scale software basically uses XML, because the interface can be updated without updating the exe, and the XML can be updated)
4. Find the resource file of the program and modify it to achieve the modification effect;
1. The resource file (saved in the exe)
2. Use external file configuration (high flexibility)
The most core mechanism on Windows:
event-driven
message mechanism
message loop
Windows message mechanism:
menu message: WM_COMMAND+WPARAM[ID]
Windows message loop: The application obtains various messages through the The corresponding window procedure function processes the message; it is the message loop that enables an application to respond,
such as : move the mouse -> the event of the operating system <- the application takes it by itself
This top is a WM message.
PE file segment:
.text (code segment)
.data (data segment)
.rsrc (resource segment)
When programming and manipulating strings, use unsafe functions or variables with large spaces
such as :
There is a lot of other space in char str[255]
. We can execute the code we want to execute through buffer overflow, rewrite the data in it, and rewrite it into the corresponding data of the assembly. Then execute,
use the program's high privileges to do evil things (antivirus, and certified in Microsoft)