0062D2DC 26 DB 26 ; CHAR '&'
0062D2DD 00 DB 00
0062D2DE 00 DB 00
0062D2DF 00 DB 00
0062D2E0 FF DB FF
0062D2E1 FF DB FF
0062D2E2 FF DB FF
0062D2E3 FF DB FF
0062D2E4 . 0C 00 OR AL,0
0062D2E6 > 0000 ADD BYTE PTR DS:[EAX],AL
0062D2E8 . 75 70 JNZ SHORT manager_.0062D35A
0062D2EA . 64:61 POPAD ; 多余前缀
0062D2EC . 74 65 JE SHORT manager_.0062D353
0062D2EE . 73 65 JNB SHORT manager_.0062D355
0062D2F0 . 72 76 JB SHORT manager_.0062D368
0062D2F2 . 65:72 00 JB SHORT manager_.0062D2F5 ; 多余前缀
0062D2F5 > 0000 ADD BYTE PTR DS:[EAX],AL
0062D2F7 . 00FF ADD BH,BH
0062D2F9 FF DB FF
0062D2FA FF DB FF
0062D2FB FF DB FF
0062D2FC 0A DB 0A
0062D2FD 00 DB 00
0062D2FE 00 DB 00
0062D2FF 00 DB 00
0062D300 . 6E 75 6D 62 6>ASCII "numberuser",0
0062D30B 00 DB 00
0062D30C . FFFFFFFF DD FFFFFFFF
0062D310 . 05000000 DD 00000005
0062D314 . 63 61 6E 64 6>ASCII "cando",0
0062D31A 00 DB 00
0062D31B 00 DB 00
0062D31C . FFFFFFFF DD FFFFFFFF
0062D320 . 04000000 DD 00000004
0062D324 . 6C 67 69 64 0>ASCII "lgid",0
0062D329 00 DB 00
0062D32A 00 DB 00
0062D32B 00 DB 00
0062D32C . FFFFFFFF DD FFFFFFFF
0062D330 . 04000000 DD 00000004
0062D334 . 70 73 77 64 0>ASCII "pswd",0
0062D339 00 DB 00
0062D33A 00 DB 00
0062D33B 00 DB 00
0062D33C . FFFFFFFF DD FFFFFFFF
0062D340 . 03000000 DD 00000003
0062D344 . 43 55 55 00 ASCII "CUU",0
0062D348 . FFFFFFFF DD FFFFFFFF
0062D34C . 03000000 DD 00000003
0062D350 . 52 43 47 00 ASCII "RCG",0
上面是改过的汇编
下面是没有改过的汇编
005E1DEC . BA E4205E00 MOV EDX,dumped_1.005E20E4 ; &
005E1DF1 . E8 82E7E2FF CALL dumped_1.00410578
005E1DF6 . 8B55 B4 MOV EDX,DWORD PTR SS:[EBP-4C]
005E1DF9 . 8B45 F4 MOV EAX,DWORD PTR SS:[EBP-C]
005E1DFC . 8B08 MOV ECX,DWORD PTR DS:[EAX]
005E1DFE . FF51 2C CALL DWORD PTR DS:[ECX+2C]
005E1E01 . 8D4D A0 LEA ECX,DWORD PTR SS:[EBP-60]
005E1E04 . BA F0205E00 MOV EDX,dumped_1.005E20F0 ; updateserver
005E1E09 . 8B45 F4 MOV EAX,DWORD PTR SS:[EBP-C]
005E1E0C . E8 E705E4FF CALL dumped_1.004223F8
005E1E11 . 8B55 A0 MOV EDX,DWORD PTR SS:[EBP-60]
005E1E14 . B8 E4735F00 MOV EAX,dumped_1.005F73E4
005E1E19 . E8 8234E2FF CALL dumped_1.004052A0
005E1E1E . 8D4D 9C LEA ECX,DWORD PTR SS:[EBP-64]
005E1E21 . BA 08215E00 MOV EDX,dumped_1.005E2108 ; numberuser
005E1E26 . 8B45 F4 MOV EAX,DWORD PTR SS:[EBP-C]
005E1E29 . E8 CA05E4FF CALL dumped_1.004223F8
005E1E2E . 8B45 9C MOV EAX,DWORD PTR SS:[EBP-64]
005E1E31 . E8 FA88E2FF CALL dumped_1.0040A730
005E1E36 . 8D4D 98 LEA ECX,DWORD PTR SS:[EBP-68]
005E1E39 . BA 1C215E00 MOV EDX,dumped_1.005E211C ; cando
005E1E3E . 8B45 F4 MOV EAX,DWORD PTR SS:[EBP-C]
005E1E41 . E8 B205E4FF CALL dumped_1.004223F8
005E1E46 . 8B45 98 MOV EAX,DWORD PTR SS:[EBP-68]
005E1E49 . E8 7E8AE2FF CALL dumped_1.0040A8CC
005E1E4E . A2 04745F00 MOV BYTE PTR DS:[5F7404],AL
005E1E53 . 8D4D 94 LEA ECX,DWORD PTR SS:[EBP-6C]
005E1E56 . BA 2C215E00 MOV EDX,dumped_1.005E212C ; lgid
005E1E5B . 8B45 F4 MOV EAX,DWORD PTR SS:[EBP-C]
005E1E5E . E8 9505E4FF CALL dumped_1.004223F8
005E1E63 . 8B55 94 MOV EDX,DWORD PTR SS:[EBP-6C]
005E1E66 . A1 28365F00 MOV EAX,DWORD PTR DS:[5F3628]
005E1E6B . E8 3034E2FF CALL dumped_1.004052A0
005E1E70 . 8D4D 90 LEA ECX,DWORD PTR SS:[EBP-70]
005E1E73 . BA 3C215E00 MOV EDX,dumped_1.005E213C ; pswd
005E1E78 . 8B45 F4 MOV EAX,DWORD PTR SS:[EBP-C]
005E1E7B . E8 7805E4FF CALL dumped_1.004223F8
005E1E80 . 8B55 90 MOV EDX,DWORD PTR SS:[EBP-70]
005E1E83 . A1 4C305F00 MOV EAX,DWORD PTR DS:[5F304C]
005E1E88 . E8 1334E2FF CALL dumped_1.004052A0
005E1E8D . 8D4D 8C LEA ECX,DWORD PTR SS:[EBP-74]
005E1E90 . BA 4C215E00 MOV EDX,dumped_1.005E214C ; cuu
005E1E95 . 8B45 F4 MOV EAX,DWORD PTR SS:[EBP-C]
005E1E98 . E8 5B05E4FF CALL dumped_1.004223F8
005E1E9D . 8B55 8C MOV EDX,DWORD PTR SS:[EBP-74]
005E1EA0 . A1 402E5F00 MOV EAX,DWORD PTR DS:[5F2E40]
005E1EA5 . E8 F633E2FF CALL dumped_1.004052A0
005E1EAA . 8D4D 88 LEA ECX,DWORD PTR SS:[EBP-78]
005E1EAD . BA 58215E00 MOV EDX,dumped_1.005E2158 ; rcg
[课程]Android-CTF解题方法汇总!
