PMA 41: Windows 10 with Analysis Tools
In the "x86 Native Tools Command Prompt for VS 2019" window, execute these commands, as shown below:
mkdir c:\99
cd c:\99
notepad 99.cpp
Notepad asks if you want to create a new file. Click Yes.
Enter this source code, as shown below:
#include <iostream>
using namespace std;
void main()
{
printf("99 bottles of beer on the wall,\n");
printf("99 bottles of beer!\n");
printf("Press ENTER to continue\n");
while( getchar() != '\n' );
}
Save the file.
In the "x86 Native Tools Command Prompt for VS 2019" window, execute these commands, as shown below:
cl /EHsc 99.cpp
99.exe
In the lower section (userland), find the 99.exe process, as shown below.
Click 99.exe to highlight it.
Then, from the menu bar, click View, "Show Lower Pane".
Click View, "Lower Pane View", DLLs.
These are the libraries used by the 99.exe process.
At the bottom. notice the three wow libraries (Windows on Windows). These are used to run 32-bit code on a 64-bit operating system.
PMA 105.1: WOW DLLs (5 pts)
Find the word covered by a green box in the image below.That's the flag.
In the Properties sheet, click the Strings tab.
At the bottom, click the Image button to examine the disk file 99.exe.
Scroll down and find the "99 bottles of beer" strings from your source code, as shown below.
As you can see, strings in the C source code appear in plaintext in the compiled disk file.
At the bottom, click the Memory button to examine the RAM used by this process.
Scroll down and find the "99 bottles of beer" strings from your source code, as shown below.
As you can see, strings in the C source code also appear in plaintext in RAM.
PMA 105.2: Parent (5 pts)
In the Properties sheet, click the Image tab.Find the word covered by a green box in the image below.
That's the flag.
Posted 9-8-2020
Flag images updated 3-22-2021
Updated for the new Windows with Tools VM 7-14-2021
