Posted by: Dan O'Connor
After some a deeper dive, it looks like the switch statements that I set breakpoints on get called with the longer password.
With a little more playing I have located the key CMP that needs to be looked at.
00401080 |. 837D E4 10 |CMP DWORD PTR SS:[EBP-1C],10
If you know your your assembly or you are a good guesser CMP is a compare operation, this is in the suspect loop that seems to be checking out my entered password. After going through the 16 characters that I entered I stepped through the instructions, until I got to this line and started digging. I wanted to know what was at EBP-1C.
While stopped here if you go to the memory section and change the view to relative of EBP you can walk up the stack and see what it’s referencing.
The switches may have presented another avenue, but even by entering 4 characters, the password is still stored in the same location.