int
verify_password(char
*
password)
{
00E317A0
push ebp
00E317A1
mov ebp,esp
00E317A3
sub esp,
0E0h
00E317A9
push ebx
00E317AA
push esi
00E317AB
push edi
00E317AC
lea edi,[ebp
-
20h
]
00E317AF
mov ecx,
8
00E317B4
mov eax,
0CCCCCCCCh
00E317B9
rep stos dword ptr es:[edi]
00E317BB
mov eax,dword ptr [__security_cookie (
0E3A004h
)]
00E317C0
xor eax,ebp
00E317C2
mov dword ptr [ebp
-
4
],eax
00E317C5
mov ecx,offset _06E17EB3_Test@cpp (
0E3C008h
)
00E317CA
call @__CheckForDebuggerJustMyCode@
4
(
0E3132Fh
)
int
authenticated;
char
buffer
[
8
];
/
/
add local buffto be overflowed
authenticated
=
strcmp(password, PASSWORD);
00E317CF
push offset string
"1234567"
(
0E37B30h
)
00E317D4
mov eax,dword ptr [password]
00E317D7
push eax
00E317D8
call _strcmp (
0E31046h
)
00E317DD
add esp,
8
00E317E0
mov dword ptr [authenticated],eax
strcpy(
buffer
, password);
/
/
over flowed here!
00E317E3
mov eax,dword ptr [password]
00E317E6
push eax
00E317E7
lea ecx,[
buffer
]
00E317EA
push ecx
00E317EB
call _strcpy (
0E31212h
)
00E317F0
add esp,
8
return
authenticated;
00E317F3
mov eax,dword ptr [authenticated]
}
00E317F6
push edx
00E317F7
mov ecx,ebp
00E317F9
push eax
00E317FA
lea edx,ds:[
0E31828h
]
00E31800
call @_RTC_CheckStackVars@
8
(
0E311EFh
)
00E31805
pop eax
00E31806
pop edx
00E31807
pop edi
00E31808
pop esi
00E31809
pop ebx
00E3180A
mov ecx,dword ptr [ebp
-
4
]
00E3180D
xor ecx,ebp
00E3180F
call @__security_check_cookie@
4
(
0E31154h
)
00E31814
add esp,
0E0h
00E3181A
cmp
ebp,esp
00E3181C
call __RTC_CheckEsp (
0E31253h
)
00E31821
mov esp,ebp
00E31823
pop ebp
00E31824
ret
00E31825
nop dword ptr [eax]
00E31828
add dword ptr [eax],eax
00E3182A
add byte ptr [eax],al
00E3182C
xor byte ptr [eax],bl
00E3182E
jecxz __$EncStackInitStart
+
84h
(
0E31830h
)
00E31830
in
al,
0FFh
00E31832
?? ??????
}
00E31833
dec dword ptr [eax]
00E31835
add byte ptr [eax],al
00E31837
add byte ptr [eax
+
ebx],bh
00E3183A
jecxz __$EncStackInitStart
+
90h
(
0E3183Ch
)
00E3183C
bound esi,qword ptr [ebp
+
66h
]
00E3183F
jb
00001843