تغير قيمة ثابتة

[offset]

وجدت المكان التي تظهر به القيمة وبعد كتابة mov edx واقوم بالتشغيل يحدث خطا

لنأخذ التحدي من هنا للتجربة عليه:
https://www.at4re.net/f/thread-19.html

1- المكان الفارغ في نافذة Hex Dump :
 

2- الكتابة في المكان الفارغ:
العنوان الجديد 0x004068BC
 

3- العنوان المستهدف للتعديل عليه:
في العنوان 0x00403F4A نقوم باستبدال القيمة القديمة الى يتم دفعها للذاكرة بالقيمة الجديدة و هي عنوان الكلمة Hello
PUSH 004068BC

 

 4- نتم تشغيل التحدي و نضغط على زر "تحقق من التسجيل"
 

نفس العملية برمجبا بالسي شارب:
 

using System;
using System.Runtime.InteropServices;
using System.Text;
using System.IO;

public class Program {
    public static void Main() {
        STARTUPINFO si = new STARTUPINFO();
        PROCESS_INFORMATION pi = new PROCESS_INFORMATION();

        CreateProcess("AT4RE01.exe",
                      null,
                      IntPtr.Zero,
                      IntPtr.Zero,
                      false,
                      CreateSuspended,
                      IntPtr.Zero,
                      null,
                      ref si,
                      out pi);

        byte lpBuffer = Encoding.ASCII.GetBytes("Hello!");

        IntPtr lpNumberOfBytesWritten = IntPtr.Zero;

        WriteProcessMemory(pi.hProcess,
                           (IntPtr)0x004068BC,
                           lpBuffer,
                           lpBuffer.Length,
                           ref lpNumberOfBytesWritten);

        byte lpBuffer2 = {
            0x68,
            0xBC,
            0x68,
            0x40,
            0x00
        };

        lpNumberOfBytesWritten = IntPtr.Zero;

        WriteProcessMemory(pi.hProcess,
                           (IntPtr)0x00403F4A,
                           lpBuffer2,
                           lpBuffer2.Length,
                           ref lpNumberOfBytesWritten);

        ResumeThread(pi.hThread);
    }

    [DllImport("kernel32.dll")]
    static extern bool CreateProcess(string lpApplicationName,
                                     string lpCommandLine,
                                     IntPtr lpProcessAttributes,
                                     IntPtr lpThreadAttributes,
                                     bool bInheritHandles,
                                     uint dwCreationFlags,
                                     IntPtr lpEnvironment,
                                     string lpCurrentDirectory,
                                     ref STARTUPINFO lpStartupInfo,
                                     out PROCESS_INFORMATION lpProcessInformation);

    [DllImport("kernel32.dll")]
    static extern bool WriteProcessMemory(IntPtr hProcess,
                                          IntPtr lpBaseAddress,
                                          byte lpBuffer,
                                          int dwSize,
                                          ref IntPtr lpNumberOfBytesWritten);

    [DllImport("kernel32.dll")]
    private static extern uint ResumeThread(IntPtr hThread);

    public const uint CreateSuspended = 0x00000004;
}

public struct PROCESS_INFORMATION {
    public IntPtr hProcess;
    public IntPtr hThread;
    public uint dwProcessId;
    public uint dwThreadId;
}

public struct STARTUPINFO {
    public uint cb;
    public string lpReserved;
    public string lpDesktop;
    public string lpTitle;
    public uint dwX;
    public uint dwY;
    public uint dwXSize;
    public uint dwYSize;
    public uint dwXCountChars;
    public uint dwYCountChars;
    public uint dwFillAttribute;
    public uint dwFlags;
    public short wShowWindow;
    public short cbReserved2;
    public IntPtr lpReserved2;
    public IntPtr hStdInput;
    public IntPtr hStdOutput;
    public IntPtr hStdError;
}

رابط الملف التنفيذي للتجربة:

https://up.top4top.net/downloadf-1107520n95-rar.html