call printf() editing the executable

Question

I'm trying to "crack" a console program, forcing it to display something. The problem is I can't print a newline (\r\n). With a disassebler I found the place and edited the binary:

push 4ad0eb46                      ; the string (let's pretend "Hi guys")
push 4ad0eb80                      ; and the format ("%s")
call near ds:[<&msvcrt.printf>]    ; call printf
jmp 4ad0eb4f                       ; skip data

; now here I coded the strings

mov ds:[4ad289ec],eax              ; and here the program resumes

As I said, I can't print a newline. I tried encode "\r\n" in the format string (so it becomes "%s\r\n", as I would do in C) and get printed "Hi guys\r\n", and encode it in the string itself (making it "Hi guys\x13\x10") and get "Hi guys" and two strange characters, probably the ASCII representation of 0x13 and 0x10.

Answer 1

Your second attempt, with embedding the characters directly into the string, was the right approach. However, you've used the wrong character numbers. The numbers for return/linefeed in ASCII are 13 and 10 (decimal), which is 0x0d and 0x0a (hex). You've used 0x13 and 0x10, which are different characters.

See the table at Code page 437 for the character numbers. The characters 19 and 16 (decimal) are indeed a right pointing triangle and a double exclamation mark.

Answer 2

A newline (in Windows) is \r\n.