这题还是比较简单的,不过好象还有后半部分,只是做题时间比较紧,所以提交成功就没看后半部分了
IDA中F5,分析见注释:
主函数:
int __thiscall sub_4014C0(void *this)
{
unsigned int v1; // ebx
char *Str; // [esp+0h] [ebp-68h]
char v4[4]; // [esp+10h] [ebp-58h]
char v5[32]; // [esp+20h] [ebp-48h]
char sn[28]; // [esp+40h] [ebp-28h]
sub_404930(0x10u, (int)this, (int)Str);
sub_4044B0();
v1 = 0;
*(_DWORD *)v5 = 'yt^';
*(_DWORD *)&v5[4] = '+pLc';
*(_DWORD *)&v5[8] = 'a+SG';
*(_DWORD *)&v5[12] = 'G-QG';
*(_DWORD *)&v5[16] = 'Gl(V';
*(_DWORD *)&v5[20] = ')y}J';
*(_DWORD *)&v5[24] = 'SGA)';
*(_DWORD *)&v5[28] = 'ea+';
strcpy(v4, "Ansome_Is_Wrong");
while ( v1 < strlen(v5) )
{
v5[v1] ^= 0x18u;
++v1;
}
puts("Please Input Your Key_ Now!");
scanf("%s", sn); // 输入SN
if ( check_8_20(sn) ) // 检查SN[8-20] 为 "X1Y0uN3tG00d"
{
sub_401460(sn); // 这儿验证SN长度要为24,SN前8位要为"20101001",验证成功后会缓冲区溢出,用最后4位计算后覆盖返回地址,从而改变程序流程, 后四位为"HaCk"
// 所以整个SN为 "20101001X1Y0uN3tG00dHaCk"
system("pause");
}
else
{
puts(v4);
}
return 0;
}
signed int __cdecl check_8_20(char *sn)
{
signed int v1; // ecx
signed int v2; // edx
signed int result; // eax
char v4[12]; // [esp+0h] [ebp-38h]
char v5[20]; // [esp+10h] [ebp-28h]
v1 = 8;
v2 = 0;
strcpy(v5, "Your_Input_Is_Wrong");
strcpy(v4, "X1Y0uN3tG00d");
while ( v4[v2] == sn[v1] ) // SN[8-19] 为 "X1Y0uN3tG00d"
{
++v2;
++v1;
if ( v2 > 11 )
{
result = 1;
if ( sn[20] == 'H' ) // SN[20] 要为"H"
return result;
return 0;
}
}
return 0;
}
int __cdecl sub_401460(char *sn)
{
char Dest[16]; // [esp+8h] [ebp-10h] //缓冲区只有16字节,要COPY24字节,在IDA STACK中能看到SN[20-23]覆盖返回地址
-00000018 ; D/A/* : change type (data/ascii/array)
-00000018 ; N : rename
-00000018 ; U : undefine
-00000018 ; Use data definition commands to create local variables and function arguments.
-00000018 ; Two special fields " r" and " s" represent return address and saved registers.
-00000018 ; Frame size: 18; Saved regs: 4; Purge: 0
-00000018 ;
-00000018
-00000018 Str dd ? ; offset
-00000014 Source dd ? ; offset
-00000010 Dest db 16 dup(?)
+00000000 s db 4 dup(?)
+00000004 r db 4 dup(?) //SN[20-23]覆盖返回地址
[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课
最后于 2019-3-24 22:50
被AloneWolf编辑
,原因:
