| thisisverysecret |
==> |
| 00000022F15EF658 61 64 6D 69 6E 00 00 00 00 00 00 00 00 00 00 00 admin...........
00000022F15EF668 05 00 00 00 00 00 00 00 0F 00 00 00 00 00 00 00 ................
00000022F15EF678 70 61 73 73 77 6F 72 64 00 00 00 00 00 00 00 00 password........
Login: 'admin'
Password: 'password' |
==> |
| 00007FF7AF821450 | E8 4BFEFFFF | CALL | Login loader
00007FF7AF82145E | E8 3DFEFFFF | CALL | Password loader
Just ser breakpoint to the address 00007FF7AF821455 - Login in the RAX and
00007FF7AF821463- Password in the RAX.
Login: 'admin'
Password '12345' |
==> |
| Password: CANTCRACKME
Just set a breakpoint on intermodule calls on "MessageBoxA" and enter a random password, go to the address and we will see:
00007FF662F51323| CMP BYTE PTR DS:[RCX + RAX], 0| rcx+rax*1:"CANTCRACKME" |
==> |
| 0000000BD20FFAD0 63 72 61 63 6B 6D 65 59 47 00 00 00 00 00 00 00 crackmeYG
|
==> |
| Password: '73293729427hdskhdjsk247084379382737wuqowq'
Just set a breakpoint on the address '00007FF75A8B18AA' and we will see
RBX:0000028973C4DDC0"qwoquw737283973480742ksjdhksdh"
RCX:0000028973C45FF0"73293729427hdskhdjsk247084379382737wuqowq" |
==> |