.. Notice that the CODE XREF comment is no longer red but green, and the target of the jz instruction is no longer loc_401010+1 but unk_401011, as seen at ❶. to data0040100E 74 01 jz short near ptr unk_401011 ❶ 0040100E ; -------------------------------------------------------------- 00401010 E8 db 0E8h 00401011 8B ❷ unk_401011 db 8Bh ; ï ; CODE XREF: 0040100Ej
We can now modify the real target of the jz instruction. To do so, place your cursor at ❷ and press the C key on your keyboard to turn this piece of data into code. The instructions immediately following the listing may be out of alignment, so keep pressing C on each db line that follows until each instruction is followed immediately by another instruction with no data bytes in between.
The same false conditional technique is found again at offset 0x0040101F. Clean up the code at this location in the same manner to reveal another use of the false conditional technique at location 0x00401033. The final remaining places to fix are 0x00401047 and 0x0040105E.
Once all the code is disassembled correctly, select the code from line 0x00401000 to the retn instruction at line 0x00401077, and press the P key on your keyboard to force IDA Pro to turn this block of code into a function. Once it is a function, rename the function parameters argc and argv. At this point, it should be clear at line 0x00401006 that the program checks to see if the value of argc is 2, and prints the failure string if it is not. If the value is 2, line 0x0040101A compares the first letter of argv[1] with p. Line 0x0040102E then compares the third letter with q, and 0x00401042 compares the second with d. If all three letters are equal, the string Good Job! is printed at line 0x00401051.
CODE XREF comment is no longer red but green, and the target of the jz instruction is no longer loc_401010+1 but unk_401011, as seen at ❶.0040100E 74 01 jz short near ptr unk_401011 ❶ 0040100E ; -------------------------------------------------------------- 00401010 E8 db 0E8h 00401011 8B ❷ unk_401011 db 8Bh ; ï ; CODE XREF: 0040100Ej
We can now modify the real target of the jz instruction. To do so, place your cursor at ❷ and press the C key on your keyboard to turn this piece of data into code. The instructions immediately following the listing may be out of alignment, so keep pressing C on each db line that follows until each instruction is followed immediately by another instruction with no data bytes in between.
The same false conditional technique is found again at offset 0x0040101F. Clean up the code at this location in the same manner to reveal another use of the false conditional technique at location 0x00401033. The final remaining places to fix are 0x00401047 and 0x0040105E.
Once all the code is disassembled correctly, select the code from line 0x00401000 to the retn instruction at line 0x00401077, and press the P key on your keyboard to force IDA Pro to turn this block of code into a function. Once it is a function, rename the function parameters argc and argv. At this point, it should be clear at line 0x00401006 that the program checks to see if the value of argc is 2, and prints the failure string if it is not. If the value is 2, line 0x0040101A compares the first letter of argv[1] with p. Line 0x0040102E then compares the third letter with q, and 0x00401042 compares the second with d. If all three letters are equal, the string Good Job! is printed at line 0x00401051.
Войти в систему
Войти с помощью соц. сетей:
