-
-
[看雪CTF2016]第十四题分析
-
发表于:
2016-11-28 23:18
4085
-
sn长度为39
.text:00401C7D cmp eax, 27h
.text:00401C86 cmp word ptr [esi], 'a'
.text:00401C8A jnz loc_4032A4
.text:00401C90 cmp word ptr [esi+2], 'c'
.text:00401C95 jnz loc_4032A4
.text:00401C9B cmp word ptr [esi+4], 'd'
.text:00401CA0 jnz loc_4032A4
.text:00401CA6 cmp word ptr [esi+8], 'b'
.text:00401CAB jnz loc_4032A4
.text:00401CF0 movzx ecx, [ebp+eax*2+var_470]
.text:00401CF8 cmp ecx, 'a'
.text:00401CFB jb loc_4032A4
.text:00401D01 cmp ecx, 'd'
.text:00401D04 ja loc_4032A4
.text:00401D0A inc eax
.text:00401D0B cmp eax, 20h
.text:00401D0E jl short loc_401CF0
.text:00401D20 lea edx, [ebp+bits]
.text:00401D26 lea ecx, [ebp+var_470]
.text:00401D2C call sub_403A50
.text:00401D31 cmp [ebp+bits+7Ch], 0
.text:00401D39 jnz loc_4032A4
.text:00401D3F cmp [ebp+bits+7Ah], 0
.text:00401D47 jz loc_4032A4
.text:00401D52 movzx ecx, word ptr [esi+eax*2]
.text:00401D56 cmp ecx, 61h
.text:00401D59 jb loc_4032A4
.text:00401D5F cmp ecx, 7Ah
.text:00401D62 ja loc_4032A4
.text:00401D68 inc eax
.text:00401D69 cmp eax, 27h
.text:00401D6C jl short loc_401D52
.text:0040210B push offset aSdbwriteqwordt ; "SdbWriteQWORDTag"
.text:00402110 push eax ; hModule
.text:00402111 call ds:GetProcAddress
.text:00402117 push dword ptr [ebp+var_DDC]
.text:0040211D push dword ptr [ebp+var_DDC+4]
.text:00402123 push [ebp+var_DD0]
.text:00402129 push [ebp+var_DCC]
.text:0040212F call eax
[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课
