informations
our first target will be a small program that i coded for the purpose. when you run it and click on the 'about' button, it will show a buggy messagebox, the caption is the right one, but the text is not the good one.
required files
lesson 1 files - all the needed files for the lesson 1
tools used
hiew
softice
tutorial
I. studying the program
launch the program, you can play around with the edit control, to convert any character to it' s hex value. click on the 'about' button, apparently, there' s a problem with the text. so bpx messageboxa and click again. this is the call to the messagebox :
00401074: push 40h ; the icon of the messagebox 00401076: push 0040300bh ; the caption address 0040107b: push 00403000h ; the text address 00401080: push dword ptr [ebp+08h] ; the handle of the dialog 00401083: call user32!messageboxaif you look at 00403000h, you don' t see any about text. but if you look at the text that follows the caption, you see that it' s the right about text. so the about text is at 00403028h.in softice, type :
a 0040107band then :
push 00403028to replace the instruction at 0040107b by push 00403028. then press another time the carriage return. now click on the 'about' button. it works.
II. patching the program
we already patched the program, but in memory only, so it' s temporary. if you run the target again, it won' t be patched anymore. we need to change the program directly in it' s file. so open it with hiew, press several times enter to be in asm mode, then press f5 (goto) and type :
.0040107bnow press f3 (edit) and then f2 (asm instruction) and change the 000403000 by 000403028, then press esc to exit the asm instruction mode and press f9 (update file) and then f10 (exit).
the target is now patched, run it and click on the 'about' button, the correct text is displayed.