Page cover

Pseudocode Analysis

The next thing we need to do to narrow down our scope is analyze bits and pieces of the code. For us, I have screenshotted my example breakdown of this code. This breakdown will be explained a bit better in brief, but the screenshot is there to show you how I personally note and break down information.

After my modification and analysis

This was a much more cut version from the one below because shortly during analysis, the focus becomes very clear on where we need it to be.

The general breakdown

This function pretty much checks if a user presses the button, if they do, it goes onto taking the information, pushing fonts, printing the information, taking fonts off the stack (popping fonts) then will take the information we gave it into the input, push it to a function with an extra argument that converts to 'A' in ASCII and then checks if the result from that function is -1 in the case that fails.

Coincidence? I think not haha!

Explaining my conversions

So for the sake of this section, I will be explaining my major points of importance and conversions to help at least get to the understanding.

  • byte_140158DC0->Buffer: When you hover over this value in IDA, it gives you char39 which indicates that this is our input buffer. Not only is it used in this function and checked and passed to the function, but the buffer size is the limit of characters we have.

  • v49->LEN: This basically means that the what was v49 and is now LEN which is the length of the string stored in the buffer. I assumed this based on the way it was being used with the Buffer variable. This is the length because it iterates over the buffer and adds to LEN until it finishes.

  • v50->I: Also known as idx or simply index (even though I used 'i'), this was known as the index as it is used in the while line -> while ( Buffer[I] != 65 ) is comparing what is in the input buffer to the value '65' and we can see 'i' increase over time throughout the goto loops.

  • v51->Result: This was an interesting bit. Basically, the only way I really could tell it was the actual result being returned was due to the use of assigning -1 as a return value and of course the most notable combination of the ordinal value of 'A' with our index influencing the input and etc.

Exploring IoF
PreviousS2: Func AnalysisNextExploring IoF

Last updated