Environment Information
System information: Windows
Tools involved: Visual studio , x64dbg
Note: This is a translation of the article previously written into English version, if you can not see the message I improve the translation
Test code.
C:
Game rules
Enter a value so that its terminal returns the following information.
Code:
Note: Normal input of 140 will satisfy the requirement
Break the rules
Enter something that does not match the condition to satisfy the requirement
Example idea:
After the program runs, a string will be entered
After that, the user starts to input, and then returns some content after judging.
The normal flow of the output string code will be before the judgment code, and most likely in a region, you can test to locate the judgment code region according to this string.
Verification:
The following settings will break at the Enyry Breakpoint
Click the Run button to let the program continue to run
At this point, return to the x64dbg interface and search for the string information loaded by the program
Result
Double click the left mouse button to enter, at this time see some judgment process
Mouse wheel slide up to see the entry point of this function area (sub)
There are multiple int3 on sub, determine this is the address of the call
Next breakpoint
Reload the program
Run to the place where the breakpoint is placed
Breakpoints under Call and Judgment instructions are used for analysis
lea instruction: take offset address 7FF7D3DA2260 and send to register RCX
Run it in a single step and see that the terminal outputs the following string after this call
After this call, the terminal can enter the value
After confirming
Call register information
Return 1 after Call
Rerun, enter the value that does not meet the condition and compare
Call register information
Return 0 after Call
Difference
RAX is different
Rerun and enter the value that does not meet the condition and change the rax information to 1
Select RAX or the corresponding value and right click
Modify
Call runs and sees that 1 has been returned and a rule has been broken
Continue to run and see the following judgments
Judgment: according to the displayed instruction execution flow judgment, if the two jne instructions do not jump and jbe jump can return yes
Right click to edit the instruction so that it does not work
Modify the instructions
After modifying
Run to verify
This article, this is the end, have the fate to meet again.
Test code modified at: https://blog.csdn.net/qq_42200183/article/details/81431747
System information: Windows
Tools involved: Visual studio , x64dbg
Note: This is a translation of the article previously written into English version, if you can not see the message I improve the translation
Test code.
C:
Code:
#include <stdio.h>
int main()
{
int a;
printf("Please input a number:\n");
int x = scanf_s("%d", &a); // This is not to assign the value of a to x, but to determine
// this is to define an integer variable x, scanf_s is to enter a value a, when you enter an integer value, you get x = 1 (judged to be true); and when you key in a character or other unqualified content, you get x = 0 (judged to be false)
printf("%d\n", x);
if (a % 5 == 0 && a % 7 == 0 && a >1 && a <200) /* Determine if the number is divisible by both 5 and 7 and a is greater than 1 and less than 200*/
printf("yes\n"); /* output yes if you can*/
else
printf("no\n"); /* if not, output no*/
return 0;
}Enter a value so that its terminal returns the following information.
Code:
Code:
1
yesBreak the rules
Enter something that does not match the condition to satisfy the requirement
Example idea:
After the program runs, a string will be entered
After that, the user starts to input, and then returns some content after judging.
The normal flow of the output string code will be before the judgment code, and most likely in a region, you can test to locate the judgment code region according to this string.
Verification:
The following settings will break at the Enyry Breakpoint
Click the Run button to let the program continue to run
At this point, return to the x64dbg interface and search for the string information loaded by the program
Result
Double click the left mouse button to enter, at this time see some judgment process
Mouse wheel slide up to see the entry point of this function area (sub)
There are multiple int3 on sub, determine this is the address of the call
Next breakpoint
Reload the program
Run to the place where the breakpoint is placed
Breakpoints under Call and Judgment instructions are used for analysis
lea instruction: take offset address 7FF7D3DA2260 and send to register RCX
Run it in a single step and see that the terminal outputs the following string after this call
After this call, the terminal can enter the value
After confirming
Call register information
Return 1 after Call
Rerun, enter the value that does not meet the condition and compare
Call register information
Return 0 after Call
Difference
RAX is different
Rerun and enter the value that does not meet the condition and change the rax information to 1
Select RAX or the corresponding value and right click
Modify
Call runs and sees that 1 has been returned and a rule has been broken
Continue to run and see the following judgments
Judgment: according to the displayed instruction execution flow judgment, if the two jne instructions do not jump and jbe jump can return yes
Right click to edit the instruction so that it does not work
Modify the instructions
After modifying
Run to verify
This article, this is the end, have the fate to meet again.
Test code modified at: https://blog.csdn.net/qq_42200183/article/details/81431747
