Obtain the file mystery.zip from the textbook website and extract the Windows executable mystery.exe.
a. What is the output when you run the program with each of the following usernames, assuming an incorrect serial number in each case?
i. mark
ii. markstamp
iii. markkram
b. Analyze the code to determine all restrictions, if any, on valid usernames. You will need to disassemble and/or debug the code.
c. This program uses an anti-debugging technique, namely, the Windows system function IsDebuggerPresent (). Analyze the code to determine what the program does in case a debugger is detected. Why is this better than simply terminating the program?
d. Patch the program so that you can debug it. That is, you need to nullify the effect of IsDebuggerPresent ().
e. By debugging the code, determine the corresponding valid serial number for each valid username that appears in part a. Hint: Debug the program and enter a username along with any serial number. At some point the program will compute the valid serial number corresponding to the entered username—it does this so that it can compare to the entered serial number. If you set a breakpoint at the correct location, the valid serial number will be stored in a register, which you can then observe.
f. Create a patched version of the code, mysteryPatch. exe that accepts any username/serial number pair.