Can't understant instruction strcmp() in this code

Question

I have some problem understanding a code.

Can you please help me to understand this line of code :

strcmp("admin",*(char **)(users + (long)local_24 * 0x10 + 8));

Full code :

void test(void){
  int iVar1;
  long in_FS_OFFSET;
  int local_24;
  undefined1 *local_20;
  FILE *local_18;
  long local_10;

  local_10 = *(long *)(in_FS_OFFSET + 0x28);
  printf("\n[+] User ID to login with: ");
  fflush(stdout);
  __isoc99_scanf(&DAT_00102079,&local_24);
  getchar();
  if ((local_24 < 0) || (nb_users <= local_24)) {
    puts("[-] Invalid user ID.");
  }
  else {
    local_20 = users + (long)local_24 * 0x10;
    iVar1 = strcmp("admin",*(char **)(users + (long)local_24 * 0x10 + 8));
    if (iVar1 == 0) {
      puts("[+] Welcome back, admin!");
      local_18 = fopen("flag.txt","r");
      while( true ) {
        iVar1 = fgetc(local_18);
        if ((char)iVar1 == -1) break;
        putchar((int)(char)iVar1);
      }
    }
    else {
      puts("[-] You are not admin.");
    }
  }
  if (local_10 != *(long *)(in_FS_OFFSET + 0x28)) {
                    /* WARNING: Subroutine does not return */
    __stack_chk_fail();
  }
  return;
}

(Users represents a username that the user can choose.)

Thank you !

`strcmp()` compares the first and second arguments. It returns `0` if they are equal. So your statement checks if `*(char **)(users + (long)local_24 * 0x10 + 8)` is/points to `"admin"` — pmg, May 28 '22 at 17:04
`strcmp` is fully documented [here](https://www.cplusplus.com/reference/cstring/strcmp/). It's hard to tell what that specific line of code does without more details. What is `users`, for example? — Robert Harvey, May 28 '22 at 17:08

Allan Wind · Answer 1 · 2022-05-28T17:16:42.390

1

strcmp() compares two strings (const char *). It returns zero if the two strings are identical and for your code non-zero if they are not. See strcmp(3) for more information. The first string is "admin" and the 2nd string is *(char **)(users + (long)local_24 * 0x10 + 8). The initial * dereference the (char **) so you have a string. You are not telling us what users is but my guess is that it is an array of structs (serialized to a file). (long)local_24 is a count of structs each 0x10 (16) in size, and 8 is the offset into the struct. This should use #define and/or sizeof() to be more readable.

edited May 28 '22 at 17:16

answered May 28 '22 at 17:05

Allan Wind

23,068
5
28
38

Thank you for your answers, I've now understood how the program works, but do you know what does 0x10 represents ? – som-gif May 28 '22 at 17:23
My guess is length of struct user (possible something that is 8 bytes followed by another 8 bytes string). You would have to inspect users with a debugger or print it out to see what it is. – Allan Wind May 28 '22 at 17:24
If I'm not wrong, users is a username (a string) that the user can choose. – som-gif May 28 '22 at 17:26
"The first string is `"admin"` and the 2nd string is `*(char **)(users + (long)local_24 * 0x10 + 8)`." lacks clarity for a leaner. `"admin"` is a _string_. `*(char **)(users + (long)local_24 * 0x10 + 8)` is a _pointer_. `strcmp(a,b)` compares 2 _strings_: what `a,b` point to. `strcmp(a,b)` does not compare `a,b`. Keeping the distinction between a _string_ and a _pointer_ is useful for learners. – chux - Reinstate Monica May 28 '22 at 18:01
@chux-ReinstateMonica I used the definition from the man page "compares the two strings" which makes no mention of pointers (other than as a analogy for `const char *`). Not sure talking about pointers makes it more clear, but maybe op will weight in. – Allan Wind May 28 '22 at 18:06

Can't understant instruction strcmp() in this code

1 Answers1