Irregular Expressions

Oct 19 2012   12:21AM GMT Application Level 5 – Part 2

Dan O'Connor Dan O'Connor Profile: Dan O'Connor

After some a deeper dive, it looks like the switch statements that I set breakpoints on get called with the longer password.

With a little more playing I have located the key CMP that needs to be looked at.

00401080 |. 837D E4 10 |CMP DWORD PTR SS:[EBP-1C],10

If you know your your assembly or you are a good guesser CMP is a compare operation, this is in the suspect loop that seems to be checking out my entered password. After going through the 16 characters that I entered I stepped through the instructions, until I got to this line and started digging. I wanted to know what was at EBP-1C.

While stopped here if you go to the memory section and change the view to relative of EBP you can walk up the stack and see what it’s referencing.

The switches may have presented another avenue, but even by entering 4 characters, the password is still stored in the same location.


 Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: