(编辑:jimmy 日期: 2024/12/25 浏览:2)
image-20220309132114998.png
1
image-20220309132505801.png
2
image-20220309133047232.png
3
00401337 |. 8B4424 08 mov eax,dword ptr ss:[esp+0x8] ; kernel32.BaseThreadInitThunk0040133B |. 83C4 08 add esp,0x80040133E |. 83F8 01 cmp eax,0x100401341 |. 75 07 jnz short 1c40a4a4.0040134A 00401343 |. 68 90A04000 push 1c40a4a4.0040A090 ; Right!flag is your input\n00401348 |. EB 05 jmp short 1c40a4a4.0040134F0040134A |> 68 C0A04000 push 1c40a4a4.0040A0C0 ; Wrong!\n0040134F |> E8 1C000000 call 1c40a4a4.00401370
image-20220309133848337.png
4
image-20220309134206340.png
5
004012A4 |. 68 D0A04000 push 1c40a4a4.0040A0D0 ; Please input flag:004012A9 |. E8 C2000000 call 1c40a4a4.00401370004012AE |. 8D4424 0C lea eax,dword ptr ss:[esp+0xC]004012B2 |. 50 push eax004012B3 |. 68 C8A04000 push 1c40a4a4.0040A0C8 ; %31s004012B8 |. E8 7A010000 call 1c40a4a4.00401437004012BD |. 8D7C24 14 lea edi,dword ptr ss:[esp+0x14]004012C1 |. 83C9 FF or ecx,0xFFFFFFFF004012C4 |. 33C0 xor eax,eax004012C6 |. 83C4 0C add esp,0xC004012C9 |. F2:AE repne scas byte ptr es:[edi]004012CB |. F7D1 not ecx004012CD |. 49 dec ecx004012CE |. 5F pop edi004012CF |. 83F9 13 cmp ecx,0x13004012D2 |. 74 1D je short 1c40a4a4.004012F1004012D4 |. 68 C0A04000 push 1c40a4a4.0040A0C0 ; Wrong!\n004012D9 |. E8 92000000 call 1c40a4a4.00401370004012DE |. 68 B8A04000 push 1c40a4a4.0040A0B8 ; pause004012E3 |. E8 B9000000 call 1c40a4a4.004013A1
image-20220309134907327.png
6
image-20220309141751019.png
7
image-20220309141448868.png
8
image-20220309142842863.png
9
image-20220309143216877.png
10
image-20220309143526185.png
11
image-20220309143820697.png
12
image-20220309180546210.png
13
int __cdecl sub_401000(int a1, int a2){ char i; // al char v3; // bl char v4; // cl int v5; // eax for ( i = 0; i < a2; ++i ) { if ( i == 18 ) { *(_BYTE *)(a1 + 18) ^= 0x13u; } else { if ( i % 2 ) v3 = *(_BYTE *)(i + a1) - i; else v3 = *(_BYTE *)(i + a1 + 2); *(_BYTE *)(i + a1) = i ^ v3; } } v4 = 0; if ( a2 <= 0 ) return 1; v5 = 0; while ( byte_40A030[v5] == *(_BYTE *)(v5 + a1) ) { v5 = ++v4; if ( v4 >= a2 ) return 1; } return 0;}
image-20220309181313579.png
14
0040108C . 56 push esi0040108D . 57 push edi0040108E . E8 6DFFFFFF call 1c40a4a4.00401000
//c调用约定void add(a,b){}//对应汇编push bpush acall add
image-20220309183642625.png
15
image-20220309183957081.png
16
if ( v5 ) *lpNumberOfBytesWritten = 1;
image-20220309190345090.png
17
if ( NumberOfBytesWritten == 1 ) sub_401370(aRightFlagIsYou); else sub_401370(aWrong);
image-20220309191048516.png
18
if ( ++result >= (int)(v3 - 1) ) { if ( result == 21 ) { result = (int)a2; *a2 = 1; } return result; }
#include <stdio.h>#include <Windows.h>int main(){ int v3 = 0; unsigned char a1[] = { 0x61, 0x6A, 0x79, 0x67, 0x6B, 0x46, 0x6D, 0x2E, 0x7F, 0x5F, 0x7E, 0x2D, 0x53, 0x56, 0x7B, 0x38, 0x6D, 0x4C, 0x6E, 0x00 }; for (size_t i = 19; i >0; i--) { if (i == 18) { *(BYTE *)(a1 + 18) ^= 0x13; } else { v3 = *(BYTE *)(i + a1) ^ i; if (i%2) { *(BYTE *)(i + a1) = v3 + i; } else { *(BYTE *)(i + a1 + 2) = v3; } } } printf("%s",a1); system("pause"); return 0;}