Hard Live

Forbidden executable

100 points

12 Solves

Reverse Engineering

Hard

domin568

Community Rating: 4.40 / 5

Hey, I've got tiny binary, I cannot reverse it, even debug it till its end, but running it outside debugger causes no trouble. I'm wondering what is the value of ECX register when the program exits ? Provide it as decimal value in format CTFlearn{XXX}. Program is well written and not cause any exceptions or access violations in normal execution.

First 10 Solvers

Rank Username
1 domin568
2 ebouteillon
3 Ntoskrnl
4 Zipi
5 AzuxDario
Rank Username
6 Tearth
7 Jima
8 Caillou
9 mamimi1773
10 Rivit

  • ebouteillon

    Protected

    [REDACTED] This comment is only shown to users who have solved this challenge.

    • domin568

      Protected

      [REDACTED] This comment is only shown to users who have solved this challenge.

  • Tearth

    Protected

    [REDACTED] This comment is only shown to users who have solved this challenge.

    • Caillou

      Protected

      [REDACTED] This comment is only shown to users who have solved this challenge.

    • domin568

      Yeah, I cannot change it, there is no such possibility for me as challenge onwner. If somebody sees it from administration please change ECX to CX in challenge description.

  • b4el7d

    i think this EXE contains trojan Zpevdo.A Check this file.

    • domin568

      False positive, maybe because there are anti debug tricks out there.

    • Caillou

      The file is safe. Did the same alerts perhaps du to signature.

  • Caillou

    Protected

    [REDACTED] This comment is only shown to users who have solved this challenge.

  • Rivit

    Wow, really educating, really interesting (i'm not very good at asm), learned a lot of new cool stuff. Thanks!