So I'm pretty new to this whole reverse engineering thing. Ive been working on the IOLI crackme challenges which has 10 levels and ive solved 3 of them with radare2. But i'm stuck on the 4th one as of now and something is going on with the registers I dont understand.
[0x080484da]> pdf @ main
| ;-- main:
/ (fcn) sym.main 128
| sym.main ();
| ; var int local_ch @ ebp-0xc
| ; var int local_8h @ ebp-0x8
| ; var int local_4h @ ebp-0x4
| ; var int local_4h_2 @ esp+0x4
| ; DATA XREF from 0x08048377 (entry0)
| 0x08048498 55 push ebp
| 0x08048499 89e5 mov ebp, esp
| 0x0804849b 83ec18 sub esp, 0x18
| 0x0804849e 83e4f0 and esp, 0xfffffff0
| 0x080484a1 b800000000 mov eax, 0
| 0x080484a6 83c00f add eax, 0xf
| 0x080484a9 83c00f add eax, 0xf
| 0x080484ac c1e804 shr eax, 4
| 0x080484af c1e004 shl eax, 4
| 0x080484b2 29c4 sub esp, eax
| 0x080484b4 c70424108604. mov dword [esp], str.IOLI_Crackme_Level_0x03 ; [0x8048610:4]=0x494c4f49 ; "IOLI Crackme Level 0x03\n"
| 0x080484bb e890feffff call sym.imp.printf ; int printf(const char *format)
| 0x080484c0 c70424298604. mov dword [esp], str.Password: ; [0x8048629:4]=0x73736150 ; "Password: "
| 0x080484c7 e884feffff call sym.imp.printf ; int printf(const char *format)
| 0x080484cc 8d45fc lea eax, [local_4h]
| 0x080484cf 89442404 mov dword [local_4h_2], eax
| 0x080484d3 c70424348604. mov dword [esp], 0x8048634 ; [0x8048634:4]=0x6425
| 0x080484da b e851feffff call sym.imp.scanf ; int scanf(const char *format)
| 0x080484df c745f85a0000. mov dword [local_8h], 0x5a ; 'Z' ; 90
| 0x080484e6 c745f4ec0100. mov dword [local_ch], 0x1ec ; edx
| 0x080484ed 8b55f4 mov edx, dword [local_ch]
| 0x080484f0 8d45f8 lea eax, [local_8h]
| 0x080484f3 b 0110 add dword [eax], edx
| ;-- eip:
| 0x080484f5 b 8b45f8 mov eax, dword [local_8h]
| 0x080484f8 0faf45f8 imul eax, dword [local_8h]
| 0x080484fc 8945f4 mov dword [local_ch], eax
| 0x080484ff 8b45f4 mov eax, dword [local_ch]
| 0x08048502 89442404 mov dword [local_4h_2], eax
| 0x08048506 8b45fc mov eax, dword [local_4h]
| 0x08048509 890424 mov dword [esp], eax
| 0x0804850c e85dffffff call sym.test
| 0x08048511 b800000000 mov eax, 0
| 0x08048516 c9 leave
\ 0x08048517 c3 ret
[0x080484da]> dr
eax = 0xff8c6bb0
ebx = 0x00000000
ecx = 0x00000000
edx = 0x000001ec
esi = 0xf7f14000
edi = 0x00000000
esp = 0xff8c6b90
ebp = 0xff8c6bb8
eip = 0x080484f5
eflags = 0x00000212
oeax = 0xffffffff
[0x080484da]>
In debugger mode i dumped the register values at the third breakpoint (0x080484f5) which up to this point the program has created some variables that are used in the add on the previous line. as far as i can tell the program shouldve added 90 and 492 together and stored the value in eax. but when I dump the registers the value is 0xff8c6bb0. I can not seem to figure out why the register value doesn't match what the disassembly says it should be. If anyone can tell me what I am doing wrong it would be much appreciated
User contributions licensed under CC BY-SA 3.0