[看雪CTF2016]第九题分析-CTF对抗-看雪-安全社区|安全招聘|kanxue.com

[看雪CTF2016]第九题分析

发表于: 2016-11-18 17:22 3668

[看雪CTF2016]第九题分析

风间仁

2016-11-18 17:22

3668

1. 搜索字符串, 找到注册按钮处理过程

.text:00403160 sub_403160

.text:004031BC                 cmp     [ebp+var_C], 17h
.text:004031C0                 jz      short loc_4031C7
.text:004031C2                 jmp     loc_403B95

.text:0040325C                 mov     eax, [ebp+var_C]
.text:0040325F                 add     eax, 1
.text:00403262                 mov     [ebp+var_C], eax
.text:00403265                 cmp     [ebp+var_C], 5
.text:00403269                 jge     short loc_403289
.text:0040326B                 mov     ecx, [ebp+var_1EC]
.text:00403271                 imul    ecx, 1Ah
.text:00403274                 mov     edx, [ebp+sn]
.text:00403277                 add     edx, [ebp+var_C]
.text:0040327A                 movsx   eax, byte ptr [edx]
.text:0040327D                 lea     ecx, [ecx+eax-61h]
.text:00403281                 mov     [ebp+var_1EC], ecx
.text:00403287                 jmp     short loc_40325C

.text:004032EC                 mov     [ebp+var_1F4], 0
.text:004032F6                 mov     [ebp+var_C], 7
.text:004032FD                 jmp     short loc_403308
.text:004032FF                 mov     eax, [ebp+var_C]
.text:00403302                 add     eax, 1
.text:00403305                 mov     [ebp+var_C], eax
.text:00403308                 cmp     [ebp+var_C], 0Ch
.text:0040330C                 jge     short loc_40332C
.text:0040330E                 mov     ecx, [ebp+var_1F4]
.text:00403314                 imul    ecx, 1Ah
.text:00403317                 mov     edx, [ebp+sn]
.text:0040331A                 add     edx, [ebp+var_C]
.text:0040331D                 movsx   eax, byte ptr [edx]
.text:00403320                 lea     ecx, [ecx+eax-61h]
.text:00403324                 mov     [ebp+var_1F4], ecx
.text:0040332A                 jmp     short loc_4032FF

.text:004033A2                 mov     eax, [ebp+var_C]
.text:004033A5                 add     eax, 1
.text:004033A8                 mov     [ebp+var_C], eax
.text:004033AB                 cmp     [ebp+var_C], 17h
.text:004033AF                 jge     short loc_4033CF
.text:004033B1                 mov     ecx, [ebp+var_1F8]
.text:004033B7                 imul    ecx, 1Ah
.text:004033BA                 mov     edx, [ebp+sn]
.text:004033BD                 add     edx, [ebp+var_C]
.text:004033C0                 movsx   eax, byte ptr [edx]
.text:004033C3                 lea     ecx, [ecx+eax-61h]
.text:004033C7                 mov     [ebp+var_1F8], ecx
.text:004033CD                 jmp     short loc_4033A2

.text:00403435                 mov     [ebp+var_1FC], 0
.text:0040343F                 mov     [ebp+var_C], 15h
.text:00403446                 jmp     short loc_403451
.text:00403448                 mov     eax, [ebp+var_C]
.text:0040344B                 add     eax, 1
.text:0040344E                 mov     [ebp+var_C], eax
.text:00403451                 cmp     [ebp+var_C], 17h
.text:00403455                 jge     short loc_403475
.text:00403457                 mov     ecx, [ebp+var_1FC]
.text:0040345D                 imul    ecx, 1Ah
.text:00403460                 mov     edx, [ebp+sn]
.text:00403463                 add     edx, [ebp+var_C]
.text:00403466                 movsx   eax, byte ptr [edx]
.text:00403469                 lea     ecx, [ecx+eax-61h]
.text:0040346D                 mov     [ebp+var_1FC], ecx
.text:00403473                 jmp     short loc_403448

登录后可查看完整内容

[培训]内核驱动高级班，冲击BAT一流互联网大厂工作，每周日13:00-18:00直播授课

收藏・0

免费・2

支持