首页
社区
课程
招聘
问答 CTF 排行榜 知识库 工具下载 峰会 看雪商城 证书查询
  1. 社区
  2. CTF对抗
    3. 发新帖
[原创]第一题 Helllo-CTF
发表于: 2017-10-24 14:01 2602

[原创]第一题 Helllo-CTF

yber 活跃值
2017-10-24 14:01
2602
1.启动程序,输入任意注册码,如下图
2.开启windbg,按F6附加到hello.exe程序,输入~*k命令,查看所有线程的调用堆栈。
0  Id: 3930.2730 Suspend: 1 Teb: 002e7000 Unfrozen
ChildEBP RetAddr  
0019f148 74d4d20f win32u!NtUserWaitMessage+0xc
0019f188 74d5eb3c USER32!DialogBox2+0x102
0019f1b8 74daed29 USER32!InternalDialogBox+0xd1
0019f26c 7403390c USER32!SoftModalMessageBox+0xb99
0019f274 74dadf18 win32u!NtUserModifyUserStartupInfoFlags+0xc
0019f4b0 004017cd USER32!MessageBoxWorker+0x29a
0019f518 00401875 hello+0x17cd
0019f574 66f46015 hello+0x1875
0019f57c 66f3eceb MFC42!Mfc42CfgThunk0+0x15
0019f590 66f414ba MFC42!_AfxDispatchCmdMsg+0x7b
0019f5c8 66f73707 MFC42!CCmdTarget::OnCmdMsg+0xba
0019f5f0 66f3dd67 MFC42!CPropertySheet::OnCmdMsg+0x27
0019f6a0 66f3dfb0 MFC42!CWnd::OnCommand+0x1d7
0019f738 66f3e5c0 MFC42!CWnd::OnWndMsg+0x1b0
0019f764 66f39508 MFC42!CWnd::WindowProc+0x40
0019f7e4 66f393d1 MFC42!AfxCallWndProc+0x108
0019f828 74d72f8b MFC42!AfxWndProcBase+0xf1
0019f854 74d65443 USER32!_InternalCallWinProc+0x2b
0019f93c 74d50bec USER32!UserCallWinProcCheckWow+0x2d3
0019f9a0 74d5090f USER32!SendMessageWorker+0x26c
0019f9d8 74d8f0b2 USER32!SendMessageW+0x13f
0019fa00 74d8ea03 USER32!xxxButtonNotifyParent+0x66
0019fa28 74d8de86 USER32!xxxBNReleaseCapture+0x150
0019fac4 74d8d322 USER32!ButtonWndProcWorker+0xad6
0019faf0 74d72f8b USER32!ButtonWndProcA+0x52
0019fb1c 74d65443 USER32!_InternalCallWinProc+0x2b
0019fc04 74d64dd2 USER32!UserCallWinProcCheckWow+0x2d3
0019fc78 74d4d42b USER32!DispatchMessageWorker+0x222
0019fca8 74d4a65e USER32!IsDialogMessageW+0xeb
0019fcd4 66f7c80b USER32!IsDialogMessageA+0x4e
0019fcf0 66f604ce MFC42!CWnd::IsDialogMessageA+0x4b
0019fd00 66f73a24 MFC42!CWnd::PreTranslateInput+0x2e
0019fd14 66f352fd MFC42!CDialog::PreTranslateMessage+0x94
0019fd48 66f35403 MFC42!CWinThread::PreTranslateMessage+0xdd
0019fd64 66f605ed MFC42!CWinThread::PumpMessage+0x43
0019fd90 66f7343d MFC42!CWnd::RunModalLoop+0x10d
0019fddc 004011a8 MFC42!CDialog::DoModal+0xed
0019feb4 66f43e95 hello+0x11a8
0019fed0 00402043 MFC42!AfxWinMain+0x75
0019ff80 76c98744 hello+0x2043
0019ff94 76ff582d KERNEL32!BaseThreadInitThunk+0x24
0019ffdc 76ff57fd ntdll!__RtlUserThreadStart+0x2f
0019ffec 00000000 ntdll!_RtlUserThreadStart+0x1b
0019f518 00401875 hello+0x17cd
0019f574 66f46015 hello+0x1875  这两处即hello.exe中调用MessageBox的地方,
即004017cd ,00401875

3.开启IDA,打开Hello.exe ,按 键盘 g,定位到 004017cd ,00401875


SHfffjsho.text:00401854 ; ---------------------------------------------------------------------------
.text:00401854
.text:00401854 loc_401854:                             ; CODE XREF: sub_4017F0+4F↑j
.text:00401854                 push    offset Str2     ; "WelcomeToKanXueCtf2017"
.text:00401859                 mov     edx, [ebp+Str]
.text:0040185C                 push    edx             ; Str1
.text:0040185D                 call    strcmp
.text:00401862                 add     esp, 8
.text:00401865                 test    eax, eax
.text:00401867                 jnz     short loc_401870
.text:00401869                 call    ShowSuccMsgsub_401770
.text:0040186E                 jmp     short loc_401875
.text:00401870 ; ---------------------------------------------------------------------------
.text:00401870
.text:00401870 loc_401870:                             ; CODE XREF: sub_4017F0+77↑j
.text:00401870                 call    ShowErrMsgsub_4017B0
.text:00401875
.text:00401875 loc_401875:                             ; CODE XREF: sub_4017F0+62↑j
.text:00401875                                         ; sub_4017F0+7E↑j
.text:00401875                 pop     edi
.text:00401876                 pop     esi
.text:00401877                 pop     ebx
.text:00401878                 mov     esp, ebp
.text:0040187A                 pop     ebp
.text:0040187B                 retn
.text:0040187B sub_4017F0      endp

分析以上代码发现程序对比字符串 WelcomeToKanXueCtf2017,一致即弹出成功对话框。

总结:windbg 快速定位弹框。





							


[注意]传递专业知识、拓宽行业人脉——看雪讲师团队等你加入!




	
					

														
							
							
							

													


						

													


						

																				

					

				


				

					


						

							
							

								收藏
								
							

						

						

							
							

								免费
								0
							


						

						

							
							

								支持
							

						

						

							

								
								

									分享
								

							

							
						


					

				

			

							
							                
                
                
                			

				

					

						
							

								
									

										

											最新回复 (1)
										

										

											

											
										

									

										
							

						
						

															
				
																			
										
					

																													
										

						
							

								
									
								
								

									

										
										

											

												
												yber
												
											

											

												雪    币:
												
													
													9													
												
											

																																	

												活跃值:
												
												
												
											
												(180)
											

																						

												能力值:
												
												
												
												
												( LV6,RANK:90 )
												
											

											

												在线值:
												
													
												
												
											

										

										
									

									
									

										

											
发帖

											
										

										

											
回帖

											
												
										

										

											
粉丝

											
												
										

										
										
									

									

										
																														

																							
																						
										

										

											
												私信
											
										


									

								

							

							

								
								
							

							
							
							
								
						
							

								

									
									
									
								

								

									

									

																																						
										

									

																		2
									
	
								

							

							
							

																								为什么代码都显示不了,								
																																
								
							

							

								

									2017-10-24 14:56
								

								

									

									

																																						
										
																				
										
										
																			
										

	

										
																			

									
										

		
		
		
		
						
					
		0
	

									
																	

							

								
					

								
				
														

								
								
									


										

											
游客

											

										

										

											

												

													登录 | 注册 方可回帖
												

											

										

										

											

												

													回帖

													表情
													雪币赚取及消费
												

												


													 高级回复

												

											

										

									

										
							

													
					

				

			

			

					
			
			
			
			返回
		

	

	























































    
    
    
    
    











//