exe meet Mr Haxor
...
0:000> bm meet!main
*** WARNING: Unable to verify checksum for meet.exe
1: 00401060 meet!main
0:000> bm meet!*greet*
2: 00401020 meet!greeting
0:000> g
Breakpoint 1 hit
...
meet!main:
00401060 55 push ebp
0:000>
From looking at the source, we know that main should have been passed the command
line used to launch the program via the argc command string counter and argv,
which points to the array of strings. To verify that, we??™ll use dv to list the local variables,
and then poke around in memory with dt and db to find the value of those variables.
0:000> dv /V
0012fee4 @ebp+0x08 argc = 3
0012fee8 @ebp+0x0c argv = 0x00320e00
Gray Hat Hacking: The Ethical Hacker??™s Handbook
250
Chapter 11: Basic Windows Exploits
251
PART III
0:000> dt argv
Local var @ 0x12fee8 Type char**
0x00320e00
-> 0x00320e10 "meet"
From the dv output, we see that argc and argv are, indeed, local variables with argc
stored 8 bytes past the local ebp, and argv stored at ebp+0xc. The dt command shows
the data type of argv to be a pointer to a character pointer. The address 0x00320e00
holds that pointer to 0x00320e10 where the data actually lives. Again, these are our values
??”yours will probably be different.
Pages:
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466