Need an explanation of a particular security optimisation

Question

I was reading a book [rus] (I'm sorry, I can not find an English version at the moment) written by Kris Kaspersky explaining the philosophy and techniques of software security.

There is one example in the book. It states that the code:

if ( ! IsValidUser() )
{
    Message("Invalid user! Abroting...");
    Abort;
}

is totally insecure because it is being translated into this:

       CALL IsValidUser
       OR   AX,AX
       JZ   continue
       ^^^^^^^^^^^^^
       PUSH offset str_invalid_user
       CALL Message
       CALL Abort
continue:               ; normal program execution
       ...........

Thus the program can be hacked by changing just one byte in a disassembler. If we change JZ continue to JMP continue the check would not be performed correctly.

Then Kris writes:

the corrected version of the program in C is:

IsValidUser();
if (!true)
{
    Message("Invalid user! Aborting...");
    Abort;
}

In this version the {...} section will never get a control.

I don't really get how the corrected version is supposed to work. Why does he use an if-statement which will never be executed thus can even be removed by a compiler?

Is it kind of a typo or error? Or I'm not getting something?

Answer 1

It is your fault, not Kris. This is not "secure version of the user validation code", but this is the code that is obtained after the correction introduced by a hacker

Quote in Russian from this book:

На языке Си исправленная программа будет выглядеть так:

Google translate:

C language modified (or patched) program will look like this:

Answer 2

The author wanted to show the kind of "equivalent" code in C that would represent unconditional jump (JMP continue) replacing original password's check with JZ continue. You are right that this code (in C) has no sense but it is there only to illustrate what the hacker has done.