Assembly Language for Beginners

(nextflipdebug2) #1

1.9. SCANF()


MSVC + OllyDbg


Let’s try this example in OllyDbg. Let’s load it and keep pressing F8 (step over) until we reach our exe-
cutable file instead ofntdll.dll. Scroll up untilmain()appears.


Click on the first instruction (PUSH EBP), press F2 (set a breakpoint), then F9 (Run). The breakpoint will
be triggered whenmain()begins.


Let’s trace to the point where the address of the variablexis calculated:


Figure 1.12:OllyDbg: The address of the local variable is calculated

Right-click theEAXin the registers window and then select “Follow in stack”.


This address will appear in the stack window. The red arrow has been added, pointing to the variable in
the local stack. At that moment this location contains some garbage (0x6E494714). Now with the help
ofPUSHinstruction the address of this stack element is going to be stored to the same stack on the next
position. Let’s trace with F8 until thescanf()execution completes. During thescanf()execution, we
input, for example, 123, in the console window:


Enter X:
123

Free download pdf