Bad idea: build a captcha library that embeds DOSBox so it can make you beat levels/puzzles from DOS games to continue.
-
yeah this is some windows 3.x-ass code. They definitely recompiled it as 32bit and did all the changes that required, but the general feel of the code is that it's 3.x code, with how it handles most things.
-
WHAT IN THE BORLAND TURBO C PLUS PLUS IS GOING ON HERE?
-
Ghidra is better at reversing MSVC-style arguments than Borland-style. Makes sense. Probably not a lot of Evil Malware written in Borland Turbo C++ these days
-
What happened: I'm looking at a function that's clearly a strcmp of some kind. It seems to compare against a length, so... strncmp? looks like it, except it takes FOUR ARGUMENTS?! what could this be?
I look at several variants of strncmp to see if there's a 4-argument version, then give up and look back at ghidra's decompilation: it never uses argument 1.
-
there's some nonsense going on here with pascal calling convention but I think I'm too tired already to figure out the exact details well enough to explain it.
-
but the bottom line is that it's not a 4-argument function, it's a 3-argument function. the decompiler just didn't get the calling convention exactly right.
-
so I live another day, safe from the horror that is the 4-argument strcmp.
what does it do? how does it work? I don't want to know.
-
Foone🏳️⚧️replied to Foone🏳️⚧️ last edited by [email protected]
I figured out the hypothetical 4-argument strcmp:
it's a locale-specific strnnicmp.That's stricmp (compare insensitively) and also strncmp (compare only the first n characters), but with TWO LENGTHS! Why? To compare two strings of different lengths, case-insensitively.
-
and you might say "why would you compare two strings you know are of different lengths, of course they're not equal"
Well, if the compare is case insensitive, they might still match... in a german locale!
-
To greatly oversimplify, the german letter "ß" is lowercase, and in uppercase you write it "SS".
So if you have two strings, one reading "straße" and one reading "STRASSE", they are different lengths (6 vs 7), but case insensitively comparing them should return a match.
-
Try it out on your local javascript console:
>> "Straße".length
6
>> "Straße".toUpperCase().length
7 -
so yeah hypothetically if you had a version of stricmp that was strncmp and compared two strings of different length, this might still be a match, if your locale treated the German Eszett this way.
-
enough writing about FICTIONAL C LIBRARY FUNCTIONS, what the hell writing brain, let's get back to reverse engineering
-
someone should write a fictional programming library reference book.
like, fit enough interesting ideas in about what the fictional world needs functions for, worldbuild in the cracks, but stay clearly still a dry list of man pages?
-
@foone Once upon a time, eszett was a lowercase-only letter, and supposed to become SS when upcased.
But then, Unicode happened, and now there's an uppercase eszett.
1E9E;LATIN CAPITAL LETTER SHARP S;Lu;0;L;;;;;N;;;;00DF; -
@foone huh, it'd fit right in with the debugging simulator / mystery game I'm totally going to make one day in my copious free time
-
@clayote lemme know if you do (or just wanna share your ideas), it sounds exactly up my alley!
-
writer-brain grabs the mic:
C'S MEMORY HANDLING IS SO BAD IT CAN BE EXPLOITED BY THE GERMAN LANGUAGE ITSELF -
@foone The idea is that a fictionalized version of the Hans Reiser murder happened, and to find out who the killer is, and why they did it, and where the body is, you have to reverse engineer his "home automation" software that kills people. To do this, you use something much like Ghidra, or probably closer to a scripting language's debugger for playability's sake, and have to red-team his underhanded murder code to find out which totally innocuous functions aren't.
-
@clayote that sounds awesome!
