I'd like to extract the M__hello_ variable of this code from the executable (for learning purpose). I'd like to have this array back in a variable in any programming language Do you know how can I do this ?
Asked
Active
Viewed 356 times
0
perror
- 19,083
- 29
- 87
- 150
Maxence Henneron
- 143
- 1
-
Please clarify what you mean by "extract" the variable. It's a static variable, if you meant the value of the variable, it's right there. Here is the string representation of that array : "cs dGHdS(sHello world...N((((shello.pys?s" – Dominik Antal Jun 26 '14 at 14:23
1 Answers
3
Find the offset of the variable in memory. Using either your debugger or a look like Cheat Engine.
After this you can use ReadProcessMemory() from kernel32.dll in Windows to read the variable in your own program.
-
Thanks for the answer. After looking at how an executable is made, I found that the variable's content was stored in a data segment, since it's a global variable. With p7zip, I got this data segment, but is there a way to parse it or to know where each fragments begin and end by disassembling the EXE?
(I'm knew to reverse engineering, so I'm just wondering how everything is working.)
– Maxence Henneron Jun 26 '14 at 20:30 -
1strings -o msgbox.exe | findstr Great ---------------------------------------
2073:Win32 Assembly is Great! -------------------------------- strings is from sysinternals findstr is an inbox utility – blabb Jun 27 '14 at 03:50