Rowan Marshall

Modifying a compiled executable

Oh no!

Your boss, Harry, is leaving the company. He was a good guy and a good boss, who appreciated the simple things in life. One of those simple things was a little program called “who-the-boss” which, when run, printed out “Harry the boss!”.

His replacement is called Larry. Larry is a short-tempered man with little patience for anything he considers wrong, which is everything.

One day, he finds Harry’s program on a machine everyone forgot existed. He runs it, expecting it to say he, Larry, is the boss. When it prints out “Harry”, Larry is furious. He marches down past the espresso machine, fresh fruit and pool tables to the dev office and demand they change it now!. The thing is, no-one knows where the source code is for this program. You know your hexadecimals from your stack machines, so the team beg you to help.

First things first, you run the program to validate it’s output:

“The who-the-boss program is run, printing out ‘Harry the boss!’”

You open up Vim, making sure to use the :%!xxd command to open in hex mode.

“Vim has opened a hex-editor view of the who-the-boss binary”

Hmm, how to find Harry’s name… What’s the hex representation of Harry?

You quickly look up a table of UTF-8 character codes and find that “Harry” is “48 61 72 72 79” in hexadecimal UTF-8.

Right, lets search for that in Vim.

“We search for a string of hexadecimal digits 48 61 72 72 79 in Vim”

Right, we’ve isolated the “Harry” string. Now to change that H to an L.

“The hex digit 48 is changed to 4e”

There we are, done! Lets save that making sure to use the :%!xxd -r command to correctly switch back.

“The program who-the-boss now prints out ‘Larry the boss!’

Perfect! Larry is content and the team owes you one.

February 14, 2019