前一段时间,有个朋友让我帮他逆向一个东西,抠出其中的代码,存储为汇编的文件,VC下编译运行。
汇编文件的代码:
.686p
.model flat,c
option casemap : none
extern sprintf:proc
extern strcat:proc
.data
___security_cookie dd 0BB40E64Eh
a02x_0 db "%02X"
.code
public sub_40B444
sub_40B444 proc near ; CODE XREF: sub_40CCEA+A4p
;Source = byte ptr -14h
;var_4 = dword ptr -4
;arg_0 = dword ptr 8
;arg_4 = dword ptr 0Ch
;arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 14h
mov eax, dword ptr ___security_cookie ; "N鍬?
xor eax, ebp
mov [ebp-4], eax
push ebx
mov ebx, [ebp+8]
push esi
mov esi, [ebp+10h]
push edi
xor edi, edi
cmp [ebp+0Ch], edi
mov byte ptr [esi], 0
jbe short loc_40B48E
loc_40B467: ; CODE XREF: sub_40B444+48j
movzx eax, byte ptr [ebx+edi]
push eax
lea eax, [ebp-14h]
push offset a02x_0 ; "%02X"
push eax ; Dest
call sprintf
lea eax, [ebp-14h]
push eax ; Source
push esi ; Dest
call strcat
add esp, 14h
inc edi
cmp edi, [ebp+0Ch]
jb short loc_40B467
loc_40B48E: ; CODE XREF: sub_40B444+21j
mov ecx, [ebp-4]
pop edi
pop esi
xor ecx, ebp
leave
retn
sub_40B444 endp
end
示例代码如下:
#include "stdafx.h"
#include <Windows.h>
extern "C" {
char* sub_40B444(char*,int,char*);
}
int _tmain(int argc, _TCHAR* argv[])
{
char* pszBuf = new char[1024];
memset( pszBuf , 0 , 1024 );
strcpy_s( pszBuf , 1024 , "des:" );
sub_40B444( "你总是说我在,这样孤单时候,才能想起与你联络" , strlen("你总是说我在,这样孤单时候,才能想起与你联络") , pszBuf );
printf_s( "format string : %s\n" , "你总是说我在,这样孤单时候,才能想起与你联络" );
printf_s( "format string : %s\n" , pszBuf );
if( pszBuf != NULL )
{
delete[]pszBuf;
pszBuf = NULL;
}
return 0;
}
在此,记录一下,做个标记.
[课程]Android-CTF解题方法汇总!
