register values don't match disassembly in crackme suite

1

So I'm pretty new to this whole reverse engineering thing. Ive been working on the IOLI crackme challenges which has 10 levels and ive solved 3 of them with radare2. But i'm stuck on the 4th one as of now and something is going on with the registers I dont understand.

    [0x080484da]> pdf @ main
|           ;-- main:
/ (fcn) sym.main 128
|   sym.main ();
|           ; var int local_ch @ ebp-0xc
|           ; var int local_8h @ ebp-0x8
|           ; var int local_4h @ ebp-0x4
|           ; var int local_4h_2 @ esp+0x4
|           ; DATA XREF from 0x08048377 (entry0)
|           0x08048498      55             push ebp
|           0x08048499      89e5           mov ebp, esp
|           0x0804849b      83ec18         sub esp, 0x18
|           0x0804849e      83e4f0         and esp, 0xfffffff0
|           0x080484a1      b800000000     mov eax, 0
|           0x080484a6      83c00f         add eax, 0xf
|           0x080484a9      83c00f         add eax, 0xf
|           0x080484ac      c1e804         shr eax, 4
|           0x080484af      c1e004         shl eax, 4
|           0x080484b2      29c4           sub esp, eax
|           0x080484b4      c70424108604.  mov dword [esp], str.IOLI_Crackme_Level_0x03 ; [0x8048610:4]=0x494c4f49 ; "IOLI Crackme Level 0x03\n"
|           0x080484bb      e890feffff     call sym.imp.printf         ; int printf(const char *format)
|           0x080484c0      c70424298604.  mov dword [esp], str.Password: ; [0x8048629:4]=0x73736150 ; "Password: "
|           0x080484c7      e884feffff     call sym.imp.printf         ; int printf(const char *format)
|           0x080484cc      8d45fc         lea eax, [local_4h]
|           0x080484cf      89442404       mov dword [local_4h_2], eax
|           0x080484d3      c70424348604.  mov dword [esp], 0x8048634  ; [0x8048634:4]=0x6425
|           0x080484da b    e851feffff     call sym.imp.scanf          ; int scanf(const char *format)
|           0x080484df      c745f85a0000.  mov dword [local_8h], 0x5a  ; 'Z' ; 90
|           0x080484e6      c745f4ec0100.  mov dword [local_ch], 0x1ec ; edx
|           0x080484ed      8b55f4         mov edx, dword [local_ch]
|           0x080484f0      8d45f8         lea eax, [local_8h]
|           0x080484f3 b    0110           add dword [eax], edx
|           ;-- eip:
|           0x080484f5 b    8b45f8         mov eax, dword [local_8h]
|           0x080484f8      0faf45f8       imul eax, dword [local_8h]
|           0x080484fc      8945f4         mov dword [local_ch], eax
|           0x080484ff      8b45f4         mov eax, dword [local_ch]
|           0x08048502      89442404       mov dword [local_4h_2], eax
|           0x08048506      8b45fc         mov eax, dword [local_4h]
|           0x08048509      890424         mov dword [esp], eax
|           0x0804850c      e85dffffff     call sym.test
|           0x08048511      b800000000     mov eax, 0
|           0x08048516      c9             leave
\           0x08048517      c3             ret
[0x080484da]> dr
eax = 0xff8c6bb0
ebx = 0x00000000
ecx = 0x00000000
edx = 0x000001ec
esi = 0xf7f14000
edi = 0x00000000
esp = 0xff8c6b90
ebp = 0xff8c6bb8
eip = 0x080484f5
eflags = 0x00000212
oeax = 0xffffffff
[0x080484da]> 

In debugger mode i dumped the register values at the third breakpoint (0x080484f5) which up to this point the program has created some variables that are used in the add on the previous line. as far as i can tell the program shouldve added 90 and 492 together and stored the value in eax. but when I dump the registers the value is 0xff8c6bb0. I can not seem to figure out why the register value doesn't match what the disassembly says it should be. If anyone can tell me what I am doing wrong it would be much appreciated

assembly
x86
reverse-engineering
radare2
asked on Stack Overflow Nov 3, 2018 by user10422449

0 Answers

Nobody has answered this question yet.


User contributions licensed under CC BY-SA 3.0