Lab-5 Solution

# Lab-5 Solution 1. This lab is similar to `lab4`, except that the binary is a PE64 executable. The source code is the same except for the flag, so the debugging procedure is similar to lab4 2. Launch x64dbg. Press File > Open ![](https://i.imgur.com/ictLGnZ.png) Choose `lab5.exe` and start debugging ![](https://i.imgur.com/8OMQa2S.png) 3. Now you need to find the main function. You can throw this executable into IDA and find the main address at the `Function` bar on the left side. ![](https://i.imgur.com/0DqDfVp.png) `main` calls two functions: `initialize` and `real_routine`. According to lab4, you'll probably want to look into `real_routine`, which is located at `0x4015BD`. ![](https://i.imgur.com/RlUkrvX.png) Now, head back to x64dbg and type `Ctrl-G` ![](https://i.imgur.com/MruLdN8.png) Type `4015BD` in the search bar, ![](https://i.imgur.com/JJPQYk5.png) Then press OK. ![](https://i.imgur.com/XBO4Mlq.png) Press `F2` at `4015BD` to add a breakpoint ![](https://i.imgur.com/U3xxZp1.png) Press several `F9` until the process stop at the breakpoint. Now you can debug the function! 4. Similarly, press several `F8` until you land on the `call read` instruction ![](https://i.imgur.com/EA5FpRI.png) Observe the flag comparison instructions similar to lab4. ![](https://i.imgur.com/Le0QQMC.png) Extract all bytes from the `cmp` instructions similar to lab4, and you can get the flag.