This is part of the assembler code
mov dword [esp+0x4], 0x80bf7a8
mov eax, dword [ebp-0x78] ; pointer to char array on heap
mov dword [esp], eax
call fcn.080482a0
...
0x080482a0 jmp dword [0x80ec03c]
...
0x080ec03c .dword 0x0805c260 ; sym.strcmp
So basically, this means strcmp(heap_ptr, 0x80bf7a8) is called, and I think I just need to look up what is at 0x80bf7a8. But I only find the following at that address:
0x080bf7a8 3000 xor byte [eax], al
I don't understand what's going on here. There are some strings right after that memory address, but they're strings that get printed by the program and it wouldn't make sense for them to be used in this strcmp (also they're at the wrong memory address anyway). But how can what looks to be an xor instruction be passed on as an argument to strcmp?
Or is that just a misinterpretation of my reverse engineering tool (radare2) and it's actually comparing the string on the heap to the word 3000, which is the null terminated ascii character for '0'?
Yep, it is '0' character. Radare just thought it is a code for some reason and disassmebled 30 00 into xor byte [eax], al.
It happens for IDA too, just mark this memory as data.