[原创]BUUCTF逆向题：[MRCTF2020]hello_world_go-CTF对抗-看雪-安全社区|安全招聘|kanxue.com

[原创]BUUCTF逆向题：[MRCTF2020]hello_world_go

发表于: 2022-3-24 20:37 5324

[原创]BUUCTF逆向题：[MRCTF2020]hello_world_go

宇宙大魔王

2022-3-24 20:37

5324

1.基本信息探查：

1.EXEinfo：

64位，无壳，ELF文件

2.运行一下：

2.IDA分析：

先look一下主函数：

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

void __cdecl main_main()
{
  int v0; // edi
  __int64 v1; // rsi
  __int64 v2; // r8
  __int64 v3; // r9
  __int64 v4; // r8
  __int64 v5; // r9
  int v6; // edx
  __int64 v7; // r8
  __int64 v8; // r9
  __int64 v9; // rcx
  __int64 v10; // rax
  int v11; // edx
  __int64 v12; // rax
  __int64 *v13; // [rsp+8h] [rbp-A8h]
  char v14; // [rsp+18h] [rbp-98h]
  __int64 v15; // [rsp+20h] [rbp-90h]
  __int64 v16; // [rsp+28h] [rbp-88h]
  __int64 v17; // [rsp+58h] [rbp-58h]
  __int64 *v18; // [rsp+60h] [rbp-50h]
  __int128 v19; // [rsp+68h] [rbp-48h] BYREF
  void *v20; // [rsp+78h] [rbp-38h] BYREF
  void **v21; // [rsp+80h] [rbp-30h] BYREF
  __int128 v22; // [rsp+88h] [rbp-28h] BYREF
  __int128 v23; // [rsp+98h] [rbp-18h] BYREF
 
  if ( (unsigned __int64)&v21 <= *(_QWORD *)(__readfsqword(0xFFFFFFF8) + 16) )
    runtime_morestack_noctxt();
  runtime_newobject(v0, v1);
  v18 = v13;
  *(_QWORD *)&v23 = &unk_4AC9C0;
  *((_QWORD *)&v23 + 1) = &off_4EA530;
  fmt_Fprint(
    v0,
    v1,
    (unsigned int)&v23,
    (unsigned int)&unk_4AC9C0,
    v2,
    v3,
    (__int64)&go_itab__os_File_io_Writer,
    os_Stdout,
    (__int64)&v23);
  *(_QWORD *)&v22 = &unk_4A96A0;
  *((_QWORD *)&v22 + 1) = v18;
  fmt_Fscanf(
    v0,
    v1,
    (unsigned int)&go_itab__os_File_io_Reader,
    (unsigned int)&v22,
    v4,
    v5,
    (__int64)&go_itab__os_File_io_Reader,
    os_Stdin,
    (__int64)&unk_4D07C9,
    2LL,
    (__int64)&v22,
    1LL);
  v9 = v18[1];
  v10 = *v18;
  if ( v9 != 24 )
    goto LABEL_3;
  v17 = *v18;
  runtime_memequal(v0, v1, v6, (unsigned int)&unk_4D3C58, v7, v8, (__int64)&unk_4D3C58, v10);
  if ( !v14 )
  {
    LOBYTE(v10) = v17;
    LODWORD(v9) = 24;
LABEL_3:
    runtime_cmpstring(v0, v1, (unsigned int)&unk_4D3C58, v9, v7, v8, (__int64)&unk_4D3C58, 24LL, v10);
    if ( v15 >= 0 )
      v12 = 1LL;
    else
      v12 = -1LL;
    goto LABEL_5;
  }
  v12 = 0LL;
LABEL_5:
  if ( v12 )
  {
    *(_QWORD *)&v19 = &unk_4AC9C0;
    *((_QWORD *)&v19 + 1) = &off_4EA550;
    fmt_Fprintln(
      v0,
      v1,
      v11,
      (unsigned int)&go_itab__os_File_io_Writer,
      v7,
      v8,
      (__int64)&go_itab__os_File_io_Writer,
      os_Stdout,
      (__int64)&v19,
      1LL,
      1LL,
      v16);
  }
  else
  {
    v20 = &unk_4AC9C0;
    v21 = &off_4EA540;
    fmt_Fprintln(
      v0,
      v1,
      v11,
      (unsigned int)&go_itab__os_File_io_Writer,
      v7,
      v8,
      (__int64)&go_itab__os_File_io_Writer,
      os_Stdout,
      (__int64)&v20,
      1LL,
      1LL,
      v16);
  }
}