Forbidden executable
100 points Hard

Hey, I've got tiny binary, I cannot reverse it, even debug it till its end, but running it outside debugger causes no trouble. I'm wondering what is the value of ECX register when the program exits ? Provide it as decimal value in format CTFlearn{XXX}. Program is well written and not cause any exceptions or access violations in normal execution.

impossible_disasm.exe
Flag
Rating 4.23
5
4
3
2
1

Discussion

Protected
0
Protected
0

flag is the value in cx not ecx?

1

Not much fun, but this program's really amazing, it's so delicate.

0

Educating, interesting, learned a lot of new cool stuff. Thanks!

1
Protected
-1

i think this EXE contains trojan Zpevdo.A Check this file.

0

False positive, maybe because there are anti debug tricks out there.

0

The file is safe. Did the same alerts perhaps du to signature.

0
Protected
0
Protected
0

Yeah, I cannot change it, there is no such possibility for me as challenge onwner. If somebody sees it from administration please change ECX to CX in challenge description.

2