Windows_Reverse1 2019_DDCTF
查壳
脱壳
脱壳后运行闪退,(或许需要修复下IAT??),先IDA 静态分析一下
int __cdecl main(int argc, const char **argv, const char **envp) { char v4; // [esp+4h] [ebp-804h] char v5; // [esp+5h] [ebp-803h] char v6; // [esp+404h] [ebp-404h] char Dst; // [esp+405h] [ebp-403h] v6 = 0; memset(&Dst, 0, 0x3FFu); v4 = 0; memset(&v5, 0, 0x3FFu); printf("please input code:"); scanf("%s", &v6); sub_401000(&v6); if ( !strcmp(&v4, "DDCTF{reverseME}") ) printf("You've got it!!%s\n", &v4); else printf("Try again later.\n"); return 0; }
关键函数sub_401000
unsigned int __cdecl sub_401000(const char *a1) { _BYTE *v1; // ecx unsigned int v2; // edi unsigned int result; // eax int v4; // ebx v2 = 0; result = strlen(a1); if ( result ) { v4 = a1 - v1; do { *v1 = byte_402FF8[(char)v1[v4]]; ++v2; ++v1; result = strlen(a1); } while ( v2 < result ); } return result; }