I've replaced the sum of characters code with a loop that produces a value for the sum and proceeds. In case the sum is invalid, it jumps back to the original position and increments the sum.
- Code: Select all
0040103F . BA 00000000 MOV EDX,0 ; Executed only during the first time
00401044 . EB 08 JMP SHORT mod.0040104E ; Executed only during the first time
00401046 > 61 POPAD
00401047 . 42 INC EDX
00401048 . 8955 E4 MOV DWORD PTR SS:[EBP-1C],EDX
0040104B . 60 PUSHAD
0040104C . EB 45 JMP SHORT mod.00401093 ; The part of the code that does the test
0040104E > 60 PUSHAD
;4F till 63 are NOP
; Instead of printing invalid password, it jumps back to the loop
00401193 ^0F85 B4FEFFFF JNZ app7win.00401046
I observe that [EBP-18] remains the same 11F regardless of the value of [EBP-1C], so that's why it doesn't work. I don't know why this happens.
Please don't consider this as a spoiler because it doesn't work.
EDIT: I've solved it. I made the mistake of assuming that PUSHAD would leave the system in the original state and I forgot to clear the values of [EBP-18] etc. Once I reset them back to 0, the answer appeared.