My solution to DP Challenge 2:http://devpinoy.org/blogs/modchip/archive/2008/10/26/DP-Challenge-2.aspxIt's like walk in the park
Here was my solution.
Sorry modchip, I've just not fully recovered yet to try and solve your challenge. Next time really, promise. :)
Convert limitations to great expectations... You are the creative force of your life...
Here's a quick how-to:- Open the problematic program with OllyDBG.- Press F9, and let it run until the main dialog is shown.- Add breakpoints to all procedure entry. Most likely starts with: PUSH EBP MOV EBP,ESP ; Setup the stack frame- Then click the button to run the functions, hopefully we get a breakpoint-hit.- If no breakpoint-hit, restart the program with OllyDBG and add breakpoint to where you think the starting point of a click. I found it somewhere with a code: PUSH <argument1> PUSH <argument2> PUSH <argumentx> ; STDCALL calling convention CALL <ExeFilename>.<MemoryAddress> It should be hit upon clicking any of the 3 buttons.- The first thing I've noticed is that each procs is comparing the arguments if equal: MOV EAX,DWORD PTR SS:[ARG.x] CMP EAX,DWORD PTR SS:[ARG.x] JNE <MemoryAddress> ; --> Error message Well, that's my hint: 1. I can patch the JNE part to set of NOPs (90h) or 2. Just path to the arguments.- I did the second approach, I patched to the argument before the proc call, and it's done.Cheers,-chris
See the attached file for my solution. It's a screen shot.
modchip:What do the numbers represent? :D
Nothing in particular... hehe. consider it, terminal 1, 2, and 3. hehe.
modchip:Yes, you're close. But try considering the "CALLS" and the "ARGUMENTS" -- then see what they compare in the proc that was called. *hint hint hint*!
I am having difficulties modifying it's arguments... honestly, I don't know where to start.
All I did was to redirect the jumps to non-error calls.
Instruction at 004011AC is "a" key, there are 2 more. The real problem is that you have the key, but you don't have the lock. Hehehehe.
Arguments can be modified by simply assembling ( press space on the instruction )
modchip:By the way, I think this will help you -- you're already in that "important proc" (The one you pointed in the screen) -- just look for the call to that proc and you'll get what I mean.
Thanks for the tip dude. ;-)