Task 3 Tuesday, 09-Feb-99 21:24:18
:0040B73A call 0040CCC0 ;Compares our code with the real code :0040B73F add esp, 00000008 :Sets up to overwrite address of real code :0040B742 test eax, eax ; Checks the result of the call :0040B744 jne 0040B9BC ;Jumps to "Bad Cracker" routine if codes don't match Question 1. Explain as best you can, what the above code fragment does. Comment all four lines. I'm looking for your comments that:- a. Show what values of importance are returned in the PC's internal registers after the CALL 0040CCC0 has been executed. EAX=resust of code compare (call at 40ccc0) 00000001 if first seven charicters are correct, 00000000 If codes match, FFFFFFFF any other result. If code is wrong ECX= Starting address of fake code, EDX=Starting address of real code, ESP=pointer to address in ECX If code is correct ECX=Ending address of fake code +1, EDX=Ending address of real code +1 b. What is the reason for the ADD ESP, 00000008 instruction? BTW, register ESP is a STACK Register. See above c. The instruction TEST EAX,EAX is checking the eax register for two possible values, what are they and what do they signify? There are actually 3, 00000000 codes match, 00000001 first 7 charicters match, FFFFFFFF Any other wrong code d. Where does the instruction JNE 0040B9BC take us to? Takes us to "Bad Cracker" routine Question 2. Explain how this program compares our *fake* serial number against the *real* one. (hint, check the code between :0040CCC0 to :0040CCF9 ) The program puts the beginning address of out code in ECX, and the beginning address of the real code in EDX puts the byte value of the ECX in EAX Comgares with byte at address EDX puts the byte value of the ECX+1 in EAX Comgares with byte at address EDX+1 Adds 2 to ECX and EDX then starts over Snuffy |
Snuffy: Starting Project 6 (08-Feb-99 20:55:40) |
|
Copyright © InsideTheWeb, Inc. 1997-1999
All rights reserved.