第一层考点:dump内存
1
2
3
4
5
6
7
8
9
10
11
12
13
14
| dword_403370 = 0;
v1 = &unk_403384;
byte_403374 = 48;
v2 = 0;
dword_403378 = (int)&unk_403380;
do
{
v3 = dword_402178[v2];
++v2;
*(v1 - 1) = v3;
*v1 = (char *)&unk_403380 + 12 * dword_402274[v2];
v1[1] = (char *)&unk_403380 + 12 * dword_4021F4[v2];
v1 += 3;
}
|
在OD中执行完后dump出403348内存的值
第二层考点:OD下断
核心算法
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
| v4 = dword_403370;
v5 = byte_403374;
v6 = 5;
v7 = dword_403378;
do
{
v11 = *(&v12 + v6);
if ( *(_DWORD *)v7 + v5 == v11 )
{
v7 = *(_DWORD *)(v7 + 4);
}
else
{
if ( v5 - *(_DWORD *)v7 != v11 )
{
sub_401020("This is not flag~\n", v10);
system("pause");
exit(1);
}
v7 = *(_DWORD *)(v7 + 8);
}
v5 = *(&v12 + v6);
++v4;
++v6;
byte_403374 = v5;
dword_403378 = v7;
dword_403370 = v4;
}
|
最后v7要为0x4034f4。根据dump出的数据在两处if处下断,人工逆运算便可得出flag
flag{d8b0bc97a6c0ba27}