Hacking a DLL – Disassembly for beginners

At the beginning of this month, the Mossad published a hacking challenge. out of curiosity I took some time playing with it and while progressing within the challenge I discovered a dll file which should contain a hint (admin password for a fake chat room).

The interesting question is what do I do with it ?

The first step was opening the DLLfile in a hex editor and looking for interesting stuff. When doing that I’ve noticed that this is a WIN32 DLL:


And that it has some interesting things in it that will help me going to get the desired password:


My next step was loading the DLL into a disassembly tool (I’ve used the demo version of IDA) and checking what are the exports of this DLL:


From the disassembly of “Run” I can see that there is some input request from the user followed by many lines of code:


So now we have an export within the dll that we can call and see what happens. In order to do that I’ve wrote a short C++ program that loads the dll file and calls the “Run” function.

#include <windows.h>
#include <iostream>

typedef void(__cdecl *MYPROC)();

int main()
	HINSTANCE hinstLib = LoadLibrary(TEXT("PassMasterExtension3_1.dll"));

	if (!hinstLib) {
		std::cout << "Could not load the dynamic library" << std::endl;
		return EXIT_FAILURE;

	MYPROC proc = (MYPROC)GetProcAddress(hinstLib, "Run");


Running the program gave me the following output (I don’t know the password so I just entered a random string):


Instead of looking for the right password (there is a lot of code here), let’s try to see where is the password verification take place and try to override it so the program execution will continue the positive flow in the way that it would if we’ve entered the right password:


Looks like we found it, now let’s go back to the hex editor and change the “jnz” direction into “jz” direction:


After changing the hex value 75 into 74 and saving the file, I went back to my c++ program and re-ran it.


And we got the password 🙂



2 thoughts on “Hacking a DLL – Disassembly for beginners

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s