Simulation Implementation:
Remote injection, call planting function
Analysis ideas:
By selecting plant planting to start logical analysis, it is assumed that if selected, the mark is 1 (can be other), can be planted, the mark bit can be changed to 0 (can be other), can not be planted.
Determine the existence of the above logic by scanning the memory with CE.
OD append, write the breakpoint to the hardware under the address where the flag is located, and get the assignment point.
after planting
Visit the breakpoint below and pay attention to the similar cmp reg/xxxx,0x1 assignment (as a judgment condition) to get the key decision point
Execute down to get the planting function
Analysis conclusion:
Through the analysis, through the search for the change of the flag bit, the key points of the planting function can be obtained, and then the plug-in can be compiled.
Rewrite the planting judgment logic to prevent the analysis of the address where the planting call is located.