En analysant le programme, on peux obtenir les strings de ce dernier :
0x004014b0]> iz
[Strings]
nth paddr vaddr len size section type string
――――――――――――――――――――――――――――――――――――――――――――――――――――――――――
0 0x0000e600 0x00410000 18 19 .rdata ascii libgcc_s_dw2-1.dll
1 0x0000e613 0x00410013 21 22 .rdata ascii __register_frame_info
2 0x0000e629 0x00410029 23 24 .rdata ascii __deregister_frame_info
3 0x0000e647 0x00410047 13 14 .rdata ascii .\\challenge.c
4 0x0000e655 0x00410055 26 27 .rdata ascii !my_strcmp(response, "Ok")
5 0x0000e67a 0x0041007a 5 6 .rdata ascii okPR3
6 0x0000e710 0x00410110 4 5 .rdata ascii lpHP
7 0x0000e7bb 0x004101bb 9 10 .rdata ascii cU!\\f}c|w{
8 0x0000e808 0x00410208 4 6 .rdata utf8 R;) blocks=Basic Latin,Hebrew
9 0x0000e817 0x00410217 7 9 .rdata utf8 [j˾9JLX blocks=Basic Latin,Spacing Modifier Letters
10 0x0000e848 0x00410248 5 7 .rdata utf8 ħ~=d] blocks=Latin Extended-A,Basic Latin
11 0x0000e861 0x00410261 4 5 .rdata ascii 2:\\nI
12 0x0000e8e0 0x004102e0 9 20 .rdata utf16le 10.0.2.15
13 0x0000e8f4 0x004102f4 4 10 .rdata utf16le POST
14 0x0000e900 0x00410300 49 100 .rdata utf16le Content-Type: application/x-www-form-urlencoded\\r\\n
15 0x0000e964 0x00410364 5 6 .rdata ascii [6UV.
16 0x0000e96a 0x0041036a 5 6 .rdata ascii %s %c
17 0x0000e972 0x00410372 5 6 .rdata ascii %s\\%s
18 0x0000e978 0x00410378 8 9 .rdata ascii aaaaaaa\\n
19 0x0000e984 0x00410384 4 5 .rdata ascii ..V6
20 0x0000e9a0 0x004103a0 31 32 .rdata ascii %u:%u: Unexpected EOF in string
21 0x0000e9c0 0x004103c0 35 36 .rdata ascii %u:%u: Invalid character value `%c`
22 0x0000e9e4 0x004103e4 38 39 .rdata ascii %u:%u: Unexpected EOF in block comment
23 0x0000ea0c 0x0041040c 31 32 .rdata ascii %u:%u: Comment not allowed here
24 0x0000ea2c 0x0041042c 21 22 .rdata ascii %u:%u: EOF unexpected
25 0x0000ea44 0x00410444 50 51 .rdata ascii %u:%u: Unexpected `%c` in comment opening sequence
26 0x0000ea77 0x00410477 29 30 .rdata ascii %u:%u: Trailing garbage: `%c`
27 0x0000ea95 0x00410495 21 22 .rdata ascii %u:%u: Unexpected `]`
28 0x0000eaac 0x004104ac 31 32 .rdata ascii %u:%u: Expected `,` before `%c`
29 0x0000eacc 0x004104cc 31 32 .rdata ascii %u:%u: Expected `:` before `%c`
30 0x0000eaec 0x004104ec 41 42 .rdata ascii %u:%u: Unexpected `%c` when seeking value
31 0x0000eb18 0x00410518 30 31 .rdata ascii %u:%u: Expected `,` before `"`
32 0x0000eb38 0x00410538 32 33 .rdata ascii %u:%u: Unexpected `%c` in object
33 0x0000eb5c 0x0041055c 33 34 .rdata ascii %u:%u: Unexpected `0` before `%c`
34 0x0000eb80 0x00410580 32 33 .rdata ascii %u:%u: Expected digit before `.`
35 0x0000eba4 0x004105a4 31 32 .rdata ascii %u:%u: Expected digit after `.`
36 0x0000ebc4 0x004105c4 31 32 .rdata ascii %u:%u: Expected digit after `e`
37 0x0000ebe4 0x004105e4 20 21 .rdata ascii %u:%u: Unknown value
38 0x0000ebfc 0x004105fc 33 34 .rdata ascii %u:%u: Too long (caught overflow)
39 0x0000eda0 0x004107a0 4 5 .rdata ascii \\n\\v\\f\\r
40 0x0000edc0 0x004107c0 4 5 .rdata ascii \\n\\v\\f\\r
41 0x0000ede0 0x004107e0 131 132 .rdata ascii ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/ h@
42 0x0000ee7c 0x0041087c 13 14 .rdata ascii Unknown error
43 0x0000ee8c 0x0041088c 42 43 .rdata ascii _matherr(): %s in %s(%g, %g) (retval=%g)\\n
44 0x0000eeb8 0x004108b8 30 31 .rdata ascii Argument domain error (DOMAIN)
45 0x0000eed7 0x004108d7 27 28 .rdata ascii Argument singularity (SIGN)
46 0x0000eef4 0x004108f4 31 32 .rdata ascii Overflow range error (OVERFLOW)
47 0x0000ef14 0x00410914 53 54 .rdata ascii The result is too small to be represented (UNDERFLOW)
48 0x0000ef4c 0x0041094c 34 35 .rdata ascii Total loss of significance (TLOSS)
49 0x0000ef70 0x00410970 36 37 .rdata ascii Partial loss of significance (PLOSS)
50 0x0000efb0 0x004109b0 27 28 .rdata ascii Mingw-w64 runtime failure:\\n
51 0x0000efcc 0x004109cc 31 32 .rdata ascii Address %p has no image-section
52 0x0000efec 0x004109ec 48 49 .rdata ascii VirtualQuery failed for %d bytes at address %p
53 0x0000f020 0x00410a20 38 39 .rdata ascii VirtualProtect failed with code 0x%x
54 0x0000f048 0x00410a48 49 50 .rdata ascii Unknown pseudo relocation protocol version %d.\\n
55 0x0000f07c 0x00410a7c 41 42 .rdata ascii Unknown pseudo relocation bit size %d.\\n
56 0x0000f0a8 0x00410aa8 82 83 .rdata ascii %d bit pseudo relocation at %p out of range, targeting %p, yielding the value %p.\\n
57 0x0000f144 0x00410b44 6 7 .rdata ascii (null)
58 0x0000f14c 0x00410b4c 6 14 .rdata utf16le (null)
59 0x0000f2d0 0x00410cd0 8 9 .rdata ascii Infinity
60 0x0000f2e8 0x00410ce8 4 5 .rdata ascii aCoc
61 0x0000f307 0x00410d07 5 6 .rdata ascii <2ZGU
62 0x0000f3bc 0x00410dbc 4 5 .rdata ascii vH7B
63 0x0000f3ec 0x00410dec 4 5 .rdata ascii W4vC
64 0x0000f3f2 0x00410df2 5 7 .rdata utf8 NgmkC
65 0x0000f43e 0x00410e3e 4 5 .rdata ascii [%Co
66 0x0000f475 0x00410e75 4 5 .rdata ascii O8M2
67 0x0000f4a0 0x00410ea0 10 22 .rdata utf16le msvcrt.dll
68 0x0000f4b6 0x00410eb6 19 20 .rdata ascii ___lc_codepage_func
69 0x0000f4ca 0x00410eca 13 14 .rdata ascii __lc_codepage
70 0x0000f4d8 0x00410ed8 42 43 .rdata ascii GCC: (Rev4, Built by MSYS2 project) 12.2.0
71 0x0000f504 0x00410f04 42 43 .rdata ascii GCC: (Rev4, Built by MSYS2 project) 12.2.0
72 0x0000f530 0x00410f30 42 43 .rdata ascii GCC: (Rev4, Built by MSYS2 project) 12.2.0
73 0x0000f55c 0x00410f5c 42 43 .rdata ascii GCC: (Rev4, Built by MSYS2 project) 12.2.0
74 0x0000f588 0x00410f88 42 43 .rdata ascii GCC: (Rev4, Built by MSYS2 project) 12.2.0
75 0x0000f5b4 0x00410fb4 42 43 .rdata ascii GCC: (Rev4, Built by MSYS2 project) 12.2.0
76 0x0000f5e0 0x00410fe0 42 43 .rdata ascii GCC: (Rev4, Built by MSYS2 project) 12.2.0
77 0x0000f60c 0x0041100c 42 43 .rdata ascii GCC: (Rev4, Built by MSYS2 project) 12.2.0
78 0x0000f638 0x00411038 42 43 .rdata ascii GCC: (Rev4, Built by MSYS2 project) 12.2.0
79 0x0000f664 0x00411064 42 43 .rdata ascii GCC: (Rev4, Built by MSYS2 project) 12.2.0
80 0x0000f690 0x00411090 42 43 .rdata ascii GCC: (Rev4, Built by MSYS2 project) 12.2.0
81 0x0000f6bc 0x004110bc 42 43 .rdata ascii GCC: (Rev4, Built by MSYS2 project) 12.2.0
82 0x0000f6e8 0x004110e8 42 43 .rdata ascii GCC: (Rev4, Built by MSYS2 project) 12.2.0
83 0x0000f714 0x00411114 42 43 .rdata ascii GCC: (Rev4, Built by MSYS2 project) 12.2.0
84 0x0000f740 0x00411140 42 43 .rdata ascii GCC: (Rev4, Built by MSYS2 project) 12.2.0
85 0x0000f76c 0x0041116c 42 43 .rdata ascii GCC: (Rev4, Built by MSYS2 project) 12.2.0
86 0x0000f798 0x00411198 42 43 .rdata ascii GCC: (Rev4, Built by MSYS2 project) 12.2.0
87 0x0000f7c4 0x004111c4 42 43 .rdata ascii GCC: (Rev4, Built by MSYS2 project) 12.2.0
88 0x0000f7f0 0x004111f0 42 43 .rdata ascii GCC: (Rev4, Built by MSYS2 project) 12.2.0
89 0x0000f81c 0x0041121c 42 43 .rdata ascii GCC: (Rev4, Built by MSYS2 project) 12.2.0
90 0x0000f848 0x00411248 42 43 .rdata ascii GCC: (Rev4, Built by MSYS2 project) 12.2.0
91 0x0000f874 0x00411274 42 43 .rdata ascii GCC: (Rev4, Built by MSYS2 project) 12.2.0
92 0x0000f8a0 0x004112a0 42 43 .rdata ascii GCC: (Rev4, Built by MSYS2 project) 12.2.0
93 0x0000f8cc 0x004112cc 42 43 .rdata ascii GCC: (Rev4, Built by MSYS2 project) 12.2.0
94 0x0000f8f8 0x004112f8 42 43 .rdata ascii GCC: (Rev4, Built by MSYS2 project) 12.2.0
95 0x0000f924 0x00411324 42 43 .rdata ascii GCC: (Rev4, Built by MSYS2 project) 12.2.0
96 0x0000f950 0x00411350 42 43 .rdata ascii GCC: (Rev4, Built by MSYS2 project) 12.2.0
97 0x0000f97c 0x0041137c 42 43 .rdata ascii GCC: (Rev4, Built by MSYS2 project) 12.2.0
98 0x0000f9a8 0x004113a8 42 43 .rdata ascii GCC: (Rev4, Built by MSYS2 project) 12.2.0
99 0x0000f9d4 0x004113d4 42 43 .rdata ascii GCC: (Rev4, Built by MSYS2 project) 12.2.0
100 0x0000fa00 0x00411400 42 43 .rdata ascii GCC: (Rev4, Built by MSYS2 project) 12.2.0
101 0x0000fa2c 0x0041142c 42 43 .rdata ascii GCC: (Rev4, Built by MSYS2 project) 12.2.0
102 0x0000fa58 0x00411458 42 43 .rdata ascii GCC: (Rev4, Built by MSYS2 project) 12.2.0
103 0x0000fa84 0x00411484 42 43 .rdata ascii GCC: (Rev4, Built by MSYS2 project) 12.2.0
104 0x0000fab0 0x004114b0 42 43 .rdata ascii GCC: (Rev4, Built by MSYS2 project) 12.2.0
105 0x0000fadc 0x004114dc 42 43 .rdata ascii GCC: (Rev4, Built by MSYS2 project) 12.2.0
106 0x0000fb08 0x00411508 42 43 .rdata ascii GCC: (Rev4, Built by MSYS2 project) 12.2.0
107 0x0000fb34 0x00411534 42 43 .rdata ascii GCC: (Rev4, Built by MSYS2 project) 12.2.0
108 0x0000fb60 0x00411560 42 43 .rdata ascii GCC: (Rev4, Built by MSYS2 project) 12.2.0
109 0x0000fb8c 0x0041158c 42 43 .rdata ascii GCC: (Rev4, Built by MSYS2 project) 12.2.0
110 0x0000fbb8 0x004115b8 42 43 .rdata ascii GCC: (Rev4, Built by MSYS2 project) 12.2.0
111 0x0000fbe4 0x004115e4 42 43 .rdata ascii GCC: (Rev4, Built by MSYS2 project) 12.2.0
112 0x0000fc10 0x00411610 42 43 .rdata ascii GCC: (Rev4, Built by MSYS2 project) 12.2.0
113 0x0000fc3c 0x0041163c 42 43 .rdata ascii GCC: (Rev4, Built by MSYS2 project) 12.2.0
114 0x0000fc68 0x00411668 42 43 .rdata ascii GCC: (Rev4, Built by MSYS2 project) 12.2.0
115 0x0000fc94 0x00411694 42 43 .rdata ascii GCC: (Rev4, Built by MSYS2 project) 12.2.0
116 0x0000fcc0 0x004116c0 42 43 .rdata ascii GCC: (Rev4, Built by MSYS2 project) 12.2.0
117 0x0000fcec 0x004116ec 42 43 .rdata ascii GCC: (Rev4, Built by MSYS2 project) 12.2.0
118 0x0000fd18 0x00411718 42 43 .rdata ascii GCC: (Rev4, Built by MSYS2 project) 12.2.0
119 0x0000fd44 0x00411744 42 43 .rdata ascii GCC: (Rev4, Built by MSYS2 project) 12.2.0
120 0x0000fd70 0x00411770 42 43 .rdata ascii GCC: (Rev4, Built by MSYS2 project) 12.2.0
0 0x00012c58 0x00419058 1167 1168 .rsrc ascii <?xml version="1.0" encoding="UTF-8" standalone="yes"?>\\n<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">\\n <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">\\n <security>\\n <requestedPrivileges>\\n <requestedExecutionLevel level="asInvoker"/>\\n </requestedPrivileges>\\n </security>\\n </trustInfo>\\n <compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1">\\n <application>\\n <!--The ID below indicates application support for Windows Vista -->\\n <supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"/>\\n <!--The ID below indicates application support for Windows 7 -->\\n <supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"/>\\n <!--The ID below indicates application support for Windows 8 -->\\n <supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"/>\\n <!--The ID below indicates application support for Windows 8.1 -->\\n <supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}"/> \\n <!--The ID below indicates application support for Windows 10 -->\\n <supportedOS Id="{8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a}"/> \\n </application>\\n </compatibility>\\n</assembly>\\n
On peut obtenir une information intéressante sur les métadonnées du programe
[0x004014b0]> i
fd 3
file ./challenge.exe
size 0x13c0e
humansz 79.0K
minopsz 1
maxopsz 16
invopsz 1
mode r-x
format pe
iorw false
block 0x100
type EXEC (Executable file)
arch x86
baddr 0x400000
binsz 80910
bintype pe
bits 32
canary false
retguard false
class PE32
cmp.csum 0x00014634
compiled Tue Jan 10 05:21:27 2023
crypto false
endian little
havecode true
hdr.csum 0x00014634
laddr 0x0
lang c
linenum true
lsyms true
machine i386
nx true
os windows
overlay true
cc cdecl
pic true
relocs false
signed false
sanitize false
static false
stripped true
subsys Windows CUI
va true