学习笔记。
前言:不会,代码越简洁,越难受 T ^ T
下载 查壳。
UPX脱壳。
此题脱壳后的程序,是不能运行的。
网上wp,说是因为作者采用了ASLR(地址随机化)
解决方法:一:用XP运行调试。
方法二:
010修改
我反正全部改成00 00
这下就可以进行调试了。
做题方法一:我……你……nb。
攻防世界re Windows_Reverse1-CSDN博客
https://blog.csdn.net/2401_83086823/article/details/142079956
【接下来的操作很灵性,表示学到了。】
将DDCTF{reverseME}进行输入得到密文。
提取出来:
假想:将其密文再次输入会得到什么?
当时看见,人直接麻了。
就这么水灵灵的出来了? 全程不到一分钟。。。???靠。
方法二:
网上wp的常规做法。 就不写了。
因为 - - 我还没有理解透彻。后面能补就补 - -
大概分成两种:
①
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
int main()
{
unsigned char encode_tab[] =
{
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x7D,0xDF,0xBA,0x1A,0xB1,0x19,0xBF,0x44,
0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFE,0xFF,0xFF,0xFF,0x01,0x00,0x00,0x00,
0x7E,0x7D,0x7C,0x7B,0x7A,0x79,0x78,0x77,0x76,0x75,0x74,0x73,0x72,0x71,0x70,0x6F,
0x6E,0x6D,0x6C,0x6B,0x6A,0x69,0x68,0x67,0x66,0x65,0x64,0x63,0x62,0x61,0x60,0x5F,
0x5E,0x5D,0x5C,0x5B,0x5A,0x59,0x58,0x57,0x56,0x55,0x54,0x53,0x52,0x51,0x50,0x4F,
0x4E,0x4D,0x4C,0x4B,0x4A,0x49,0x48,0x47,0x46,0x45,0x44,0x43,0x42,0x41,0x40,0x3F,
0x3E,0x3D,0x3C,0x3B,0x3A,0x39,0x38,0x37,0x36,0x35,0x34,0x33,0x32,0x31,0x30,0x2F,
0x2E,0x2D,0x2C,0x2B,0x2A,0x29,0x28,0x27,0x26,0x25,0x24,0x23,0x22,0x21,0x20,0x00
};
unsigned char encode[] = "DDCTF{reverseME}";
char flag[] = " ";
for (int i = 0; i < strlen(encode); i++)
{
flag[i] = encode_tab[encode[i]];
printf("%c", flag[i]);
}
printf("\n");
system("pause");
return 0;
}
。。。取值是这个我不太理解。。。
②:
encode_tab = '~}|{zyxwvutsrqponmlkjihgfedcba`_^]\\[ZYXWVUTSRQPONMLKJIHGFEDCBA@?>=<;:9876543210/.-,+*)(\'&%$#"! '
base_addr = 0x20
encode = 'DDCTF{reverseME}'
for c in encode:
flag = chr((encode_tab.index(c) + 0x20))
print(flag,end='')
。。。这个取表 和我想的一样 ,但为什么+0x20不太理解。
《标记》
