Local variable addressing in Ghidra

Asked May 20 '21 at 15:42

Active May 20 '21 at 15:42

Viewed 1,236 times

I've been trying to solve a crackme challenge by examining it's decompiled version by Ghidra. So I figured the code where the strcmp is done as shown in the figure below. Now I need to to patch the program to make it print the password if strcmp fails.

The password is stored in local_40

But I don't know how to patch the instruction to print out the value at local_40

Instead of MOV dword ptr [ESP],0x4b1050 what variable in this instruction should be edited? If my understanding is correct then the above instruction is loading the ESP register with the value at 0x4b1050 so how will I get the address of local_40?

asked May 20 '21 at 15:42

Nimrod

1

Please don't post images of text, copy the text into the post directly. – EOF May 20 '21 at 15:53
@EOF Images of what text? – Nimrod May 20 '21 at 15:58
1

`local_40` seems to be at `ebp-0x3c`. You should be able to fit `lea eax, [ebp-0x3c] / mov DWORD [esp], eax` in place of the `mov`. – Margaret Bloom May 20 '21 at 18:09
a much easier solution would be to pactch `JNZ` to `JZ` at `0x401508` :) – ivg Jun 17 '21 at 20:09

Local variable addressing in Ghidra

0 Answers0