x64 Reverse Engineering (Part 40 - Hacking Hello World!)

x64 Reverse Engineering (Part 40 - Hacking Hello World!)

For a complete table of contents of all the lessons please click below as it will give you a brief of each lesson in addition to the topics it will cover. https://github.com/mytechnotalent/Reverse-Engineering-Tutorial

Ok it is time we look at the most basic C program, debug it and hack it. If we are to have mastery we must create and destroy in a single-step so that we have mastery over the domain.

No alt text provided for this image

Let us fire up VIM and type out the following. We include our standard library and create a main function to which we use the library function of printf to echo a string of chars and since the type of main is int meaning integer we return 0.

Let us compile and see what happens when we run:

No alt text provided for this image

As we see like we did in our C++ example we see 'Hello World!' echoed successfully.

Let's debug in Radare:

No alt text provided for this image

This is simple, we use aaa to analyze the binary and seek to main with s sym.main.

Let's look at the assembly and analyze:

No alt text provided for this image

Assembly! The definition of raw sexy!

I went over this in detail in the previous lessons on Assembly but let us review.

1)We push rbp which means we push the value currently in the base pointer onto the stack.

2)We lea rdi, qword str.Hello_World which means we load the effective address of the quad word of our string into the rdi register. So far should be simple for you to follow along.

3)We then call sym.imp.puts um wait! We used printf what the hell! Well our compiler optimizes our code and the compiler chose the puts function in the stdio library to echo the string to our terminal. Again easy enough.

4)We clean out eax and then pop the original value in the rbp register back into rbp. If you are confused by this review the earlier part of the series please.

We know our string 'Hello World!' lives at a pretty house in Arlington, VA at the address of 0x2004 well ok, it's not Arlington, VA but it is in mapped memory (since we are not technically debugging we are messing with mapped code meaning the same values on disk).

No alt text provided for this image

To confirm we see the value at 0x2004 is 'Hello World!' Let's hack that value to anything we want with the w command and write directly to that mapped memory address.

No alt text provided for this image

Let us re-examine who NOW lives in our Arlington, VA house!

No alt text provided for this image

Success! We hacked the value and when we exit our debugger we see:

No alt text provided for this image

We have successfully altered the binary.

This is alot to digest here. If you are stumped ask questions in the comments PLEASE! Do not continue as I am here to help. It is CRITICAL you understand these most basic things before we continue!

要查看或添加评论,请登录

社区洞察

其他会员也浏览了