CHAPTER 7. SCANF() CHAPTER 7. SCANF()
7.3.4 MSVC: x86 + Hiew
This can also be used as a simple example of executable file patching. We may try to patch the executable so the program
would always print the input, no matter what we enter.
Assuming that the executable is compiled against externalMSVCR*.DLL(i.e., with/MDoption)^7 , we see themain()
function at the beginning of the.textsection. Let’s open the executable in Hiew and find the beginning of the.text
section (Enter, F8, F6, Enter, Enter).
We can see this:
Figure 7.12:Hiew:main()functionHiew findsASCIIZ^8 strings and displays them, as it does with the imported functions’ names.
(^7) that’s what also called “dynamic linking”
(^8) ASCII Zero (null-terminated ASCII string)