逆向攻防世界CTF系列19-srm-50
逆向攻防世界CTF系列19-srm-50
32位无壳
main函数看半天,字符串看半天没有思路
运行一下吧
Registration
搜索一下这个字符串
ctrl+x交叉引用
定位
INT_PTR __stdcall DialogFunc(HWND hDlg, UINT a2, WPARAM a3, LPARAM a4){
HMODULE ModuleHandleW; // eax
HICON IconW; // eax
HMODULE v7; // eax
HWND DlgItem; // eax
HCURSOR CursorW; // [esp-4h] [ebp-34Ch]
CHAR String[256]; // [esp+8h] [ebp-340h] BYREF
CHAR v11[256]; // [esp+108h] [ebp-240h] BYREF
CHAR Text[256]; // [esp+208h] [ebp-140h] BYREF
char Source[36]; // [esp+308h] [ebp-40h] BYREF
char v14[24]; // [esp+32Ch] [ebp-1Ch] BYREF
if ( a2 == 16 ) {
EndDialog(hDlg, 0);
return 0;
}
if ( a2 == 272 ) {
ModuleHandleW = GetModuleHandleW(0);
IconW = LoadIconW(ModuleHandleW, (LPCWSTR)0x67);
SetClassLongA(hDlg, -14, (LONG)IconW);
v7 = GetModuleHandleW(0);
CursorW = LoadCursorW(v7, (LPCWSTR)0x66);
DlgItem = GetDlgItem(hDlg, 1);
SetClassLongA(DlgItem, -12, (LONG)CursorW);
return 1;
}
if ( a2 != 273 || (unsigned __int16)a3 != 1 )
return 0;
memset(String, (unsigned __int16)a3 - 1, sizeof(String));
memset(v11, 0, sizeof(v11));
memset(Text, 0, sizeof(Text));
GetDlgItemTextA(hDlg, 1001, String, 256);
GetDlgItemTextA(hDlg, 1002, v11, 256);
if (strstr(String,"@") && strstr(String,".") && strstr(String,".")[1] && strstr(String,"@")[1] != 46){
strcpy(v14, "Registration failure.");
strcpy(Source, "Registration Success!\nYour flag is:");
if ( strlen(v11) == 16
&& v11[0] == 67
&& v11[15] == 88
&& v11[1] == 90
&& v11[14] == 65
&& v11[2] == 57
&& v11[13] == 98
&& v11[3] == 100
&& v11[12] == 55
&& v11[4] == 109
&& v11[11] == 71
&& v11[5] == 113
&& v11[10] == 57
&& v11[6] == 52
&& v11[9] == 103
&& v11[7] == 99
&& v11[8] == 56 ){
strcpy_s(Text, 0x100u, Source);
strcat_s(Text, 0x100u, v11);
}
else{
strcpy_s(Text, 0x100u, v14);
}
}
else{
strcpy_s(Text, 0x100u, "Your E-mail address in not valid.");
}
MessageBoxA(hDlg, Text, "Registeration", 0x40u);
return 1;
}
前面大半部分没什么用,跟窗口相关,后面有个邮箱匹配,下面的代码重点看看
得:CZ9dmq4c8g9G7bAX
评论
匿名评论
隐私政策
你无需删除空行,直接评论以获取最佳展示效果