.Wintel Machine Code Anti-Reversing Exercise
Description of the Exercise:
Apply the anti-reversing techniques Eliminating Symbolic Information and Obfuscating the Program, both introduced in sections 6 and 7 of the report, to the C/C++ source code of the Password Vault application with the goal of making it more difficult to disable the trial limitation. Rebuild the executable binary for the Password Vault application from the modified sources using the GNU compiler collection for Windows. Show that the Wintel Machine Code Reversing and Patching Exercise can no longer be carried out as demonstrated.
解答:
先用OD打开程序,设置如下断点(开始在f8单步,然后需要程序输入值后单步运行,就设置很多断点了)
设置后一直F8单步运行
在这里会停下,需要输入值.
输入后继续单步运行.
会要求输入命令.输入2后继续单步,会有如下的一个判断函数,现在还不知道是干什么的.
此时输入2后执行了一次新建,此时为了比较,输入3和4再一直单步运行,此时并没有这个判断函数,只有2在输入2后才会跳转到这里,然后检测后再输入值,3和4都是输入后直接跳到下一步的.于是猜测这里是就是判断是否大于5的.此时用ida找到call 此地址的地址,
发现后面有个
修改为jmp,这样就可以无视判断直接跳转了