Part 40 – Hacking Pre-Increment Operator

For a complete table of contents of all the lessons please click below as it will give you a brief of each lesson in addition to the topics it will cover. https://github.com/mytechnotalent/Reverse-Engineering-Tutorial

Let’s one again re-examine our code.

  1. #include <iostream>
  2. int main(void) {
  3. int myNumber
  4. = 16;
  5. int
  6. myNewNumber = ++myNumber;
  7. std::cout
  8. << myNewNumber << std::endl;
  9. return 0;
  10. }

Part 40 – Hacking Pre-Increment Operator - 图1

To compile this we simply type:

g++ example9.cpp -o example9

./example9

Part 40 – Hacking Pre-Increment Operator - 图2

We see 17 printed to the screen.

Let’s break it down:

We create a variable myNumber = 16 to which we create another variable myNewNumber which pre-increments the value of myNumber. We see that when we execute our code it shows 17.

When we pre-increment the value of the variable is incremented before assigning it to another variable. For example myNumber is 16 so it gets incremented before being assigned to myNewNumber so therefore we get 17.

Let’s debug.

Part 40 – Hacking Pre-Increment Operator - 图3

We do our normal start in gdb and break on main. Take note at main+24 we are moving the value of 1 into r3. We then see at main+28 we are storing that value at r11-8 to which we will set a breakpoint and continue.

Part 40 – Hacking Pre-Increment Operator - 图4

As we evaluate the value in r3 at this stage we see 17. Remember back in our original code that the value in the myNumber variable was 16. We can see that the pre-increment operator was successful to increment the value 1 to give us 17.

Part 40 – Hacking Pre-Increment Operator - 图5

We see that when we continue through the code the value 17 is successfully echoed to the terminal as expected.

Part 40 – Hacking Pre-Increment Operator - 图6

Let’s re-run the program.

Part 40 – Hacking Pre-Increment Operator - 图7

Let’s hack! Here were review the value in r3 which we know to be 17. Let’s hack it to something else.

Part 40 – Hacking Pre-Increment Operator - 图8

Success! As we can see when we continue we now see the hacked value echoing to the terminal.

Part 40 – Hacking Pre-Increment Operator - 图9

Next week we will dive into the Post-Increment Operator.