Reverse engineering literacy articles
Recently a group of students came reverse engineering of interest, I am here to take you to the beginning of a reverse engineering experience.
Here we will
- Modify the value of elastic frame
- Modify Zombies sun
Compile and run the following C program
Use tools: Devcpp
#include<windows.h>
int main(){
MessageBox(0,"Hello world","title",MB_OK);
return 0;
} 
As described above compiled.
Results are as follows:
Let us step by step modify HelloWorld
The basic use of IDA
IDA's introduction:
Interactive Disassembler Pro (Interactive Disassembler Professional), people often referred to as IDA Pro, or simply IDA. Is the best a static decompile software, is a member of numerous world and ShellCode 0day security analysts indispensable tool! IDA Pro is an interactive, programmable, scalable, multi-processor, Windows or Linux WinCE MacOS cross-platform host to analyze the program, is recognized as the best money can buy reverse engineering tool. IDA Pro has become the de facto standard analysis of hostile code and allowed itself quickly became an important tool for research in the field of attack. It supports dozens of CPU instruction set including Intel x86, x64, MIPS, PowerPC, ARM, Z80,68000, c8051, and so on.
IDA pro 7.0 Download: https://www.52pojie.cn/thread-675251-1-1.html
IDA basic operations
Open the IDA we will find this page
Our next point ok.
Then we have just come in drag generated by the program.
And then disassemble the disassembled pages shown below.
Here on the right we find the main method to open and press the tab to view the source code.
As shown in the source code.
Our comparison can be found, and we are basically the same as the source.
This is also the place to IDA strong.
Here we find the position before msgbox pressure parameters. Then copy the address down
to this IDA work, we here at the end of
X64dbg modify the text box bomb
x64 is a super powerful debugger. Download: https://x64dbg.com/
after we open download x64dbg, and dragged into our program.
Press Ctrl + g then jump to the specified location.
Double-click the breakpoint here.
Then press F9 to jump here.
Then we saw the right of the ds: [404 006]
We do this to jump to the location of 404,006. In the bottom left corner position of press Ctrl + G Skip 404006
You can see the bottom right corner is helloworld.
We right-click on the edit.
Then continue to run press F9.
So far we have completed the changes to the string of bomb box.
Zombies modify the sun first experience
After we run the Zombies game download here.
After running can be found that the current number of sunshine is 50
we open the Cheat Engine tool has the following pages
Here we choose to apply Zombies and open
and enter the value = 50 then first Scan
Sun spent 50 years in the Zombies, the sun becomes 0
Then fill in the right and then next scan 0
Then the sun pick up the value becomes 25
and then fill in next scan on the right
and then the value 11F40700 this address into 9999
modified successfully
So far we have completed the initial reverse engineering experience. Reverse engineering profound hope that we can more learning, more knowledge thank you.