Assembly Language for Beginners

8.2. COLOR LINES GAME PRACTICAL JOKE So let’s see, is it be possible to find the random generator and do some trick with it.IDAq ...

8.2. COLOR LINES GAME PRACTICAL JOKE .00402BB8: 83C410 add esp,010 .00402BBB: A158C04000 mov eax,[00040C058] .00402BC0: 31C0 xor ...

8.3 Minesweeper (Windows XP) Let’s run it now: Figure 8.6:Practical joke works Oh yes, it works^3. But why are the arguments to ...

8.3. MINESWEEPER (WINDOWS XP) int Rnd(int limit) { return rand() % limit; }; (There is no “limit” name in thePDBfile; we manuall ...

8.3. MINESWEEPER (WINDOWS XP) 010053D0 0F 0F 0F 0F|0F 0F 0F 0F|0F 0F 0F 0F|0F 0F 0F 0F| 010053E0 10 0F 0F 0F|0F 0F 0F 0F|0F 0F 1 ...

8.3. MINESWEEPER (WINDOWS XP) 010053D0 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F line #5: 010053E0 10 0F 0F 0F 0F 0F 0F 0F ...

8.3. MINESWEEPER (WINDOWS XP) What is interesting is that we can modify the array right in OllyDbg. We can remove all mines by c ...

8.3. MINESWEEPER (WINDOWS XP) if (argc!=3) { printf ("Usage: %s <PID> <address>\n", argv[0]); return 0; }; assert (a ...

8.4 Hacking Windows clock. { printf ("ReadProcessMemory() failed\n"); return 0; }; // for 9*9 grid. // FIXME: slow! for (i=0; i& ...

8.4. HACKING WINDOWS CLOCK Figure 8.10:Resource Hacker OK, what we know? How to draw a clock hand? All they are started at the m ...

8.4. HACKING WINDOWS CLOCK .text:6EB9DBD4 push edi .text:6EB9DBD5 cdq .text:6EB9DBD6 push 3Ch .text:6EB9DBD8 mov esi, ecx .text: ...

8.4. HACKING WINDOWS CLOCK .text:6EB9DC8E mov ecx, [ebp+arg_0] .text:6EB9DC91 mov [ebp+var_8], eax .text:6EB9DC94 mov eax, [ebp+ ...

8.4. HACKING WINDOWS CLOCK Figure 8.11:Attempt to run Now when any hand is located at 0..5 seconds/minutes, it’s invisible! Howe ...

8.4. HACKING WINDOWS CLOCK Out[]= 60 Let’s try to treat each pair as X/Y coordinate and draw all 60 pairs, and also first 15 pai ...

8.4. HACKING WINDOWS CLOCK I made the patcher a long time ago, at the very beginning of 2000s, for Windows 2000. Hard to believe ...

8.5 Dongles. void DrawHand( HDC hDC, int pos, HPEN hPen, int scale, int patMode, PCLOCKSTR np) { LPPOINT lppt; int radius; MoveT ...

8.5. DONGLES Yes, this is PowerPC code. The CPU is a very typical 32-bitRISCof 1990s era. Each instruction occupies 4 bytes (jus ...

8.5. DONGLES seg000:001186A0 54 60 06 3E clrlwi %r0, %r3, 24 seg000:001186A4 28 00 00 01 cmplwi %r0, 1 seg000:001186A8 94 21 FF ...

8.5. DONGLES loading a value into a register). The first instruction is at0x001186B0—and frankly speaking, it’s hard to say what ...

8.5. DONGLES seg000:001187D8 60 00 00 00 nop seg000:001187DC 54 60 06 3E clrlwi %r0, %r3, 24 seg000:001187E0 2C 00 00 05 cmpwi % ...