Yes. Assembly is barely abstracted from the actual machine instructions, to the point where the process of translating it is easily reversible. Reading assembly code is a thing all on it’s own, though.
There’s specialised software available for this kind of reverse-engineering now, too, if you’re doing something more complicated than just looking for and cutting out a system call.
Yeah. At the lowest level, the CPU reads a program as a bunch of numbers, where each number is a very simple instruction such as “add 2 values together”. Assembly language is a more human-readable version of machine code, where you can see something more like add r1,r2 instead of 35397176 or whatever numeric code means “add the value in register 1 to 2” for some hypothetical processor. (Registers are where the processor keeps values loaded in from the RAM.)
So in my case, if I saw that the program was making some system call to the random number generator and the calling conventions used by the operating system always put the return value in register 0, I could replace the call with something like clr r0 (clear the value in register 0). It’s a pretty simple hack. So the “generator” now always generates zero.
These days, programs are often code-signed and if you start messing around like that, they’ll get flagged as malware. But it worked fine back in those open and trusting days.
Yes. Assembly is barely abstracted from the actual machine instructions, to the point where the process of translating it is easily reversible. Reading assembly code is a thing all on it’s own, though.
There’s specialised software available for this kind of reverse-engineering now, too, if you’re doing something more complicated than just looking for and cutting out a system call.
Yeah. At the lowest level, the CPU reads a program as a bunch of numbers, where each number is a very simple instruction such as “add 2 values together”. Assembly language is a more human-readable version of machine code, where you can see something more like
add r1,r2instead of35397176or whatever numeric code means “add the value in register 1 to 2” for some hypothetical processor. (Registers are where the processor keeps values loaded in from the RAM.)So in my case, if I saw that the program was making some system call to the random number generator and the calling conventions used by the operating system always put the return value in register 0, I could replace the call with something like
clr r0(clear the value in register 0). It’s a pretty simple hack. So the “generator” now always generates zero.These days, programs are often code-signed and if you start messing around like that, they’ll get flagged as malware. But it worked fine back in those open and trusting days.