My Road to Digital Forensics Excellence

we do windows right

Posted by Paul Bobby on July 6, 2009

Okay I’m getting it slowly but surely.
When one clicks ‘OK’ on a dialogue, the program typically wants to process the text field input:

00401095 |> 68 00010000 PUSH 100 ; /Count = 100 (256.)
0040109A |. 68 B0304000 PUSH Crackme.004030B0 ; |Buffer = Crackme.004030B0
0040109F |. 68 EA030000 PUSH 3EA ; |ControlID = 3EA (1002.)
004010A4 |. FF75 08 PUSH DWORD PTR SS:[EBP+8] ; |hWnd
004010A7 |. E8 5A020000 CALL ; \GetDlgItemTextA

Make enough room on the stack, and call “Get Dialogue Item Text A” by passing in the textbox control ID. The value of the textbox is returned to the stack.

So that’s what to look for…. this is fun 😉


