Ponce v0.3.7
IDA 7.7
Windbg(x64) debugger
Analyzed executable: https://crackmes.one/crackme/62c5da5d33c5d44a934e9684 (The password for the files is "crackmes.one")
After symbolizing password memory and deepening into the strcmp function, I get an exception on the instructions msvcrt:75F096A8 test edx, 3:
Unhandled C++ exception: x8664Cpu::setConcreteRegisterValue(): You cannot set this concrete value (too big) to this register.
Log:
[+] Symbolizing memory from 0x61feb6 to 0x61febe. Total: 8 bytes
[+] Triton asking IDA for not syncronized memory address: 0x61feb6 Size: 1. Value: 0x61 (a)
[+] Triton asking IDA for not syncronized memory address: 0x61feb7 Size: 1. Value: 0x61 (a)
[+] Triton asking IDA for not syncronized memory address: 0x61feb8 Size: 1. Value: 0x61 (a)
[+] Triton asking IDA for not syncronized memory address: 0x61feb9 Size: 1. Value: 0x61 (a)
[+] Triton asking IDA for not syncronized memory address: 0x61feba Size: 1. Value: 0x61 (a)
[+] Triton asking IDA for not syncronized memory address: 0x61febb Size: 1. Value: 0x61 (a)
[+] Triton asking IDA for not syncronized memory address: 0x61febc Size: 1. Value: 0x61 (a)
[+] Triton asking IDA for not syncronized memory address: 0x61febd Size: 1. Value: 0x0
[+] Triton asking IDA for already syncronized memory address: 0x61feb6 Size: 1. Value: 0x61 (a)
[+] Triton asking IDA for already syncronized memory address: 0x61feb7 Size: 1. Value: 0x61 (a)
[+] Triton asking IDA for already syncronized memory address: 0x61feb8 Size: 1. Value: 0x61 (a)
[+] Triton asking IDA for already syncronized memory address: 0x61feb9 Size: 1. Value: 0x61 (a)
[+] Triton asking IDA for already syncronized memory address: 0x61feba Size: 1. Value: 0x61 (a)
[+] Triton asking IDA for already syncronized memory address: 0x61febb Size: 1. Value: 0x61 (a)
[+] Triton asking IDA for already syncronized memory address: 0x61febc Size: 1. Value: 0x61 (a)
[+] Triton asking IDA for already syncronized memory address: 0x61febd Size: 1. Value: 0x0
[+] Triton asking IDA for not syncronized register: rsp. IDA returns value: 0x61fea0
[+] Triton at 0x401493 : call 0x403b38 (Thread id: 8168)
warning: bad size for register 43 from the debugger.warning: bad size for register 44 from the debugger.warning: bad size for register 45 from the debugger.warning: bad size for register 46 from the debugger.warning: bad size for register 47 from the debugger.warning: bad size for register 48 from the debugger.warning: bad size for register 49 from the debugger.warning: bad size for register 50 from the debugger.warning: bad size for register 68 from the debugger.warning: bad size for register 69 from the debugger.warning: bad size for register 70 from the debugger.warning: bad size for register 71 from the debugger.warning: bad size for register 72 from the debugger.warning: bad size for register 73 from the debugger.warning: bad size for register 74 from the debugger.warning: bad size for register 75 from the debugger.Snapshot Taken
[+] Triton asking IDA for not syncronized memory address: 0x80bd32 Size: 8. Value: 0xd61000000000007e (~)
[+] Triton asking IDA for already syncronized register: rip. IDA returns value: 0x403b38 (8)
[+] Triton at 0x403b38 : jmp qword ptr [rip + 0x4081f4] (Thread id: 8168)
[+] Triton asking IDA for not syncronized register: rsp. IDA returns value: 0x61fe9c
[+] Triton asking IDA for not syncronized memory address: 0x61fea0 Size: 4. Value: 0x61feb6
[+] Triton asking IDA for already syncronized register: rsp. IDA returns value: 0x61fe9c
[+] Triton asking IDA for already syncronized register: rsp. IDA returns value: 0x61fe9c
[+] Triton at 0x75f096a0 : mov edx, dword ptr [rsp + 4] (Thread id: 8168)
PDBSRC: loading symbols for 'C:\WINDOWS\SysWOW64\msvcrt.dll'...
PDB: using PDBIDA provider
PDB: loading C:\Users\S6E22~1.TER\AppData\Local\Temp\ida\msvcrt.pdb\675427DAB9959F5DC0C0DCEF99DD36CE1\msvcrt.pdb
PDB: There is no type information
PDB: There is no IPI stream
Expected data back.
[+] Triton asking IDA for already syncronized register: rsp. IDA returns value: 0x61fe9c
[+] Triton asking IDA for not syncronized memory address: 0x61fea4 Size: 4. Value: 0x407070 (p)
[+] Triton asking IDA for already syncronized register: rsp. IDA returns value: 0x61fe9c
[+] Triton asking IDA for already syncronized register: rsp. IDA returns value: 0x61fe9c
[+] Triton at 0x75f096a4 : mov ecx, dword ptr [rsp + 8] (Thread id: 8168)
But for Ponce v0.3.3 it just prints to the "Output": Instruction at 0x75f096a8 not supported by Triton: test edx, 3 (Thread id: ####)
Ponce v0.3.7
IDA 7.7
Windbg(x64) debugger
Analyzed executable: https://crackmes.one/crackme/62c5da5d33c5d44a934e9684 (The password for the files is "crackmes.one")
After symbolizing password memory and deepening into the strcmp function, I get an exception on the instructions
msvcrt:75F096A8 test edx, 3:Log:
But for Ponce v0.3.3 it just prints to the "Output":
Instruction at 0x75f096a8 not supported by Triton: test edx, 3 (Thread id: ####)