My Road to Digital Forensics Excellence

we do windows right

Posted by Paul Bobby on July 6, 2009

Okay I’m getting it slowly but surely.
When one clicks ‘OK’ on a dialogue, the program typically wants to process the text field input:

00401095 |> 68 00010000 PUSH 100 ; /Count = 100 (256.)
0040109A |. 68 B0304000 PUSH Crackme.004030B0 ; |Buffer = Crackme.004030B0
0040109F |. 68 EA030000 PUSH 3EA ; |ControlID = 3EA (1002.)
004010A4 |. FF75 08 PUSH DWORD PTR SS:[EBP+8] ; |hWnd
004010A7 |. E8 5A020000 CALL ; \GetDlgItemTextA

Make enough room on the stack, and call “Get Dialogue Item Text A” by passing in the textbox control ID. The value of the textbox is returned to the stack.

So that’s what to look for…. this is fun 😉


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: