NullCon CTF: Reverse Level 5 (500 points)
The first thing I did was making a static analysis. When you open the executable with IDA Pro, the first thing you see is the WinMain function: Analyzing the first function of WinMain (Sub_401250), you can see that it contains anti-debug mechanisms, so when the program is run, it will have put a break point and change EIP value for skip this function: Once I saw what the first function did, I went to the second function of WinMain (sub_401110), the first thing…