![]() ![]() After a few seconds the breakpoint gets triggered and this is where things get interesting. With the breakpoint placed, it is finally time to press F9 to run the target. I then highlighted the correct exported method and pressed F2 on it to place a breakpoint. The method we are interested in belongs to the QSettings class. Let’s search for the word contains and it should filter out a whole bunch of methods belonging to various classes. Lets go back to x32dbg and look at the exports of the loaded qt4core. After having spend several minutes browsing, I concluded that QSettings::contains is the most promising out of the lot. I then proceeded to look through the public functions to see if there is anything of use to us. Since Qt is a framework, surely it has a way of accessing the registry, right? Turns out it does through the QSettings class. We know that the information is stored in the registry. ![]() With x32dbg finally done analyzing the binary, I thought of several ways to tackle this issue. ![]() I grabbed a cup of coffee and waited patiently for x32dbg to finish analyzing the binary. Yay! With no protection in our way to stop us… I opened up x32dbg and have it analyse our target.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |