CHAPTER 7. SCANF() CHAPTER 7. SCANF()
7.1.3 MSVC + OllyDbg
Let’s try this example in OllyDbg. Let’s load it and keep pressing F8 (step over) until we reach our executable file instead of
ntdll.dll. Scroll up untilmain()appears. Click on the first instruction (PUSH EBP), press F2 (set a breakpoint), then
F9 (Run). The breakpoint will be triggered whenmain()begins.
Let’s trace to the point where the address of the variablexis calculated:
Figure 7.1:OllyDbg: The address of the local variable is calculated
Right-click theEAXin the registers window and then select “Follow in stack”. This address will appear in the stack window.
The red arrow has been added, pointing to the variable in the local stack. At that moment this location contains some
garbage (0x6E494714). Now with the help ofPUSHinstruction the address of this stack element is going to be stored
to the same stack on the next position. Let’s trace with F8 until thescanf()execution completes. During thescanf()
execution, we input, for example, 123, in the console window:
Figure 7.2:User input in the console window