maxodrom1 on 2022-09-27 10:27:
Tryed to post the solution but couldn't, don't know why. Replace 6 bytes with nop on 7ff6f7c36be4
WhatsUp on 2022-09-28 02:30:
The program loads code from a resource, then creates a shadow dll and jumps into it.
After that, it does some anti-debugging check and asks for a flag.
It finally starts to encode the input at address ~1B51 (relative to the shadow dll) and at address 1BF0 calls `memcmp` to compare it with preset answer.
However the encoding procedure is complicated and I lost motivation here. Maybe come back later.
I think it's still a good puzzle but could be made less complicated.
nth2579 on 2022-09-29 13:52:
@WhatsUp Thanks for your reply :D, I'll make it easier.
@maxodrom1 Patching is not a good way to solve this ;)
Redmal on 2022-10-26 18:07:
[Click to reveal]FLAG: 977330285cd3cb4bfb15b09d132fae6ffe533729a21ce274f325440827164cc7