-
-
[原创]CTF2017第一题分析
-
发表于: 2017-10-24 12:21 1979
-
根据“pass”,“恭喜”等关键字符串定位后,逻辑判断主函数为
sub_4017F0
int __thiscall sub_4017F0(CWnd *this)
{
struct CString *v1; // ST08_4@1
CWnd *v2; // eax@1
int v3; // eax@1
int result; // eax@2
char *Str; // [sp+4Ch] [bp-8h]@1
CWnd *v6; // [sp+50h] [bp-4h]@1
v6 = this;
v1 = (CWnd *)((char *)this + 100);
v2 = CWnd::GetDlgItem(this, 1002);
CWnd::GetWindowTextA(v2, v1);
v3 = sub_4018D0((char *)v6 + 100);
Str = CString::GetBuffer((CWnd *)((char *)v6 + 100), v3);
if ( strlen(Str) )
{
if ( !strcmp(Str, "WelcomeToKanXueCtf2017") )
result = sub_401770();
else
result = sub_4017B0();
}
else
{
result = CWnd::MessageBoxA(v6, "请输入pass!", 0, 0);
}
return result;
}
由此得出过关密码为 WelcomeToKanXueCtf2017
int __thiscall sub_4017F0(CWnd *this)
{
struct CString *v1; // ST08_4@1
CWnd *v2; // eax@1
int v3; // eax@1
int result; // eax@2
char *Str; // [sp+4Ch] [bp-8h]@1
CWnd *v6; // [sp+50h] [bp-4h]@1
v6 = this;
v1 = (CWnd *)((char *)this + 100);
v2 = CWnd::GetDlgItem(this, 1002);
CWnd::GetWindowTextA(v2, v1);
v3 = sub_4018D0((char *)v6 + 100);
Str = CString::GetBuffer((CWnd *)((char *)v6 + 100), v3);
if ( strlen(Str) )
{
if ( !strcmp(Str, "WelcomeToKanXueCtf2017") )
result = sub_401770();
else
result = sub_4017B0();
}
else
{
result = CWnd::MessageBoxA(v6, "请输入pass!", 0, 0);
}
return result;
}
由此得出过关密码为 WelcomeToKanXueCtf2017
[峰会]看雪.第八届安全开发者峰会10月23日上海龙之梦大酒店举办!
赞赏
他的文章
- [原创][原创]KCTF2023 第二题wp 8965
- [原创]KCTF2023 第一题wp 2783
- 漏洞分析CVE-2023-21716 9278
- [原创]lrzsz工具小记 7845
看原图
赞赏
雪币:
留言: