Reverse Engineering Asked on September 27, 2021
So I’m onto something interesting, I asked the less direct way but failed to meet the requirements in terms of explanation
So here it is, how would I go about editing these the same way I would go about editing them in the code?
In reality I would set these to ‘0’ ,how would I go about this with the Debugger?
the instruction lea loads the Effective Address of its operand
so after executing lea rcx, qword ptr ds:[xxxxxxx]
rcx will hold the address xxxxxxx
so if you are sure you need rcx to be 0 in that instruction simply wipe the address from that specific operand
that is make 48:8d05 xyzabcd as 48:8d0425 00000000
or assemble lea rax,qword ptr ds:[0]
keep in mind this requires one extra byte because of rip relative addressing 8d05 00000000 will address the next instruction in x64 and will destroy the ret opcode
having said that what you are trying to do simply doesnt make sense that instruction returns an address which will be acted upon returning 0 to process further will surely result in access violation down the line
assume the returned address holds a string whose length is checked further down what will happen if NULL address was passed to that function
these kind of construction often represent a switch case or jump table construct read about them
below is a samll poc that will generate code similar to your screenshot
#include <stdio.h>
char *a[] =
{
"Your Name","Our Name","Her Name","His Name","Their Name","That Name",
"This Name","What Name","Why Name","Where Name","How Name","Whose Name",NULL
};
char *getname( int indx )
{
switch(indx)
{
case 'a': return a[0];
case 'b': return a[1];
case 'c': return a[2];
case 'd': return a[3];
case 'e': return a[4];
case 'f': return a[5];
case 'g': return a[6];
case 'h': return a[7];
case 'i': return a[8];
case 'j': return a[9];
case 'k': return a[10];
case 'l': return a[11];
default: return "NoName";
}
}
int main(int argc,char *argv[])
{
if(argc !=2) return 0;
printf("%sn" , getname(*argv[1]));
return 0;
}
Answered by blabb on September 27, 2021
Get help from others!
Recent Answers
Recent Questions
© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP