Now we are ready to begin the analysis of this program. Since we are interested in the
strcpy in the greeting function, let??™s find it by starting with the Executable Modules window
we already have open (ALT-E). Double-click on the meet module from the executable
modules window and you will be taken to the function pointers of the meet.exe
program. You will see all the functions of the program, in this case greeting and main.
Arrow down to the ???JMP meet.greeting??? line and press ENTER to follow that JMP statement
into the greeting function.
NOTE if you do not see the symbol names such as ???greeting???, ???strcpy???, and
???printf???, then either you have not compiled the binary with debugging
symbols, or your OllyDbg symbols server needs to be updated by copying the
dbghelp.dll and symsrv.dll files from your debuggers directory to the Ollydbg
folder. This is not a problem; they are merely there as a convenience to the user and can be
worked around without symbols.
Now that we are looking at the greeting function, let??™s set a breakpoint at the vulnerable
function call (strcpy). Arrow down until we get to line 0x00401034. At this line press
F2 to set a breakpoint; the address should turn red. Breakpoints allow us to return to this
point quickly.
Pages:
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473