DebugTool: OD
MessageBoxA 下断,上层可以看到
004017EF CC int3
004017F0 55 push ebp
004017F1 8BEC mov ebp, esp
004017F3 83EC 48 sub esp, 48
004017F6 53 push ebx
004017F7 56 push esi
004017F8 57 push edi
004017F9 894D FC mov dword ptr [ebp-4], ecx
004017FC 8B45 FC mov eax, dword ptr [ebp-4]
004017FF 83C0 64 add eax, 64
00401802 50 push eax
00401803 68 EA030000 push 3EA
00401808 8B4D FC mov ecx, dword ptr [ebp-4]
0040180B E8 14060000 call <jmp.&MFC42.#3092_CWnd::GetDlgItem>
00401810 8BC8 mov ecx, eax
00401812 E8 07060000 call <jmp.&MFC42.#3874_CWnd::GetWindowTextA>
00401817 8B4D FC mov ecx, dword ptr [ebp-4]
0040181A 83C1 64 add ecx, 64
0040181D E8 AE000000 call 004018D0
00401822 50 push eax
00401823 8B4D FC mov ecx, dword ptr [ebp-4]
00401826 83C1 64 add ecx, 64
00401829 E8 EA050000 call <jmp.&MFC42.#2915_CString::GetBuffer>
0040182E 8945 F8 mov dword ptr [ebp-8], eax
00401831 8B4D F8 mov ecx, dword ptr [ebp-8]
00401834 51 push ecx
00401835 E8 5C060000 call <jmp.&MSVCRT.strlen>
0040183A 83C4 04 add esp, 4
0040183D 85C0 test eax, eax
0040183F 75 13 jnz short 00401854
00401841 6A 00 push 0
00401843 6A 00 push 0
00401845 68 98354000 push 00403598 ; ASCII "请输入pass!"
0040184A 8B4D FC mov ecx, dword ptr [ebp-4]
0040184D E8 C0050000 call <jmp.&MFC42.#4224_CWnd::MessageBoxA>
00401852 EB 21 jmp short 00401875
00401854 68 80354000 push 00403580 ; ASCII "WelcomeToKanXueCtf2017" ---->RightAnswer
00401859 8B55 F8 mov edx, dword ptr [ebp-8]
0040185C 52 push edx
0040185D E8 2E060000 call <jmp.&MSVCRT.strcmp>
00401862 83C4 08 add esp, 8
00401865 85C0 test eax, eax
00401867 75 07 jnz short 00401870 //判断是否相等
00401869 E8 02FFFFFF call 00401770 //pass!
0040186E EB 05 jmp short 00401875
00401870 E8 3BFFFFFF call 004017B0 //加油!
00401875 5F pop edi
00401876 5E pop esi
00401877 5B pop ebx
00401878 8BE5 mov esp, ebp
0040187A 5D pop ebp
0040187B C3 retn
0040187C CC int3
00401770 55 push ebp
00401771 8BEC mov ebp, esp
00401773 83EC 44 sub esp, 44
00401776 53 push ebx
00401777 56 push esi
00401778 57 push edi
00401779 6A 00 push 0
0040177B 68 68354000 push 00403568
00401780 68 60354000 push 00403560 ; ASCII "pass!"
00401785 6A 00 push 0
00401787 FF15 00324000 call dword ptr [<&USER32.MessageBoxA>] ; USER32.MessageBoxA
0040178D FF15 0C304000 call dword ptr [<&KERNEL32.GetCurrentProcess>] ; KERNEL32.GetCurrentProcess
00401793 8945 FC mov dword ptr [ebp-4], eax
00401796 6A 00 push 0
00401798 8B45 FC mov eax, dword ptr [ebp-4]
0040179B 50 push eax
0040179C FF15 00304000 call dword ptr [<&KERNEL32.TerminateProcess>] ; KERNEL32.TerminateProcess
004017A2 5F pop edi
004017A3 5E pop esi
004017A4 5B pop ebx
004017A5 8BE5 mov esp, ebp
004017A7 5D pop ebp
004017A8 C3 retn
[培训]《安卓高级研修班(网课)》月薪三万计划,掌握调试、分析还原ollvm、vmp的方法,定制art虚拟机自动化脱壳的方法
