学习笔记。
前言:不会,代码越简洁,越难受 T ^ T
下载 查壳。
UPX脱壳。
此题脱壳后的程序,是不能运行的。
网上wp,说是因为作者采用了ASLR(地址随机化)
解决方法:一:用XP运行调试。
方法二:
010修改
我反正全部改成00 00
这下就可以进行调试了。
做题方法一:我……你……nb。
攻防世界re Windows_Reverse1-CSDN博客https://blog.csdn.net/2401_83086823/article/details/142079956
【接下来的操作很灵性,表示学到了。】
将DDCTF{reverseME}进行输入得到密文。
提取出来:
假想:将其密文再次输入会得到什么?
当时看见,人直接麻了。
就这么水灵灵的出来了? 全程不到一分钟。。。???靠。
方法二:
网上wp的常规做法。 就不写了。
因为 - - 我还没有理解透彻。后面能补就补 - -
大概分成两种:
①
#include <stdio.h>
#include <string.h>
#include <stdlib.h>int main()
{unsigned char encode_tab[] ={0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x7D,0xDF,0xBA,0x1A,0xB1,0x19,0xBF,0x44,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFE,0xFF,0xFF,0xFF,0x01,0x00,0x00,0x00,0x7E,0x7D,0x7C,0x7B,0x7A,0x79,0x78,0x77,0x76,0x75,0x74,0x73,0x72,0x71,0x70,0x6F,0x6E,0x6D,0x6C,0x6B,0x6A,0x69,0x68,0x67,0x66,0x65,0x64,0x63,0x62,0x61,0x60,0x5F,0x5E,0x5D,0x5C,0x5B,0x5A,0x59,0x58,0x57,0x56,0x55,0x54,0x53,0x52,0x51,0x50,0x4F,0x4E,0x4D,0x4C,0x4B,0x4A,0x49,0x48,0x47,0x46,0x45,0x44,0x43,0x42,0x41,0x40,0x3F,0x3E,0x3D,0x3C,0x3B,0x3A,0x39,0x38,0x37,0x36,0x35,0x34,0x33,0x32,0x31,0x30,0x2F,0x2E,0x2D,0x2C,0x2B,0x2A,0x29,0x28,0x27,0x26,0x25,0x24,0x23,0x22,0x21,0x20,0x00};unsigned char encode[] = "DDCTF{reverseME}";char flag[] = " ";for (int i = 0; i < strlen(encode); i++){flag[i] = encode_tab[encode[i]];printf("%c", flag[i]);}printf("\n");system("pause");return 0;
}
。。。取值是这个我不太理解。。。
②:
encode_tab = '~}|{zyxwvutsrqponmlkjihgfedcba`_^]\\[ZYXWVUTSRQPONMLKJIHGFEDCBA@?>=<;:9876543210/.-,+*)(\'&%$#"! '
base_addr = 0x20encode = 'DDCTF{reverseME}'for c in encode:flag = chr((encode_tab.index(c) + 0x20))print(flag,end='')
。。。这个取表 和我想的一样 ,但为什么+0x20不太理解。
《标记》