1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91
|
//main函数
.text:0040106F .text:0040106F ; --------------------------------------------------------------------------- .text:00401070 db 20h dup(0CCh) .text:00401090 .text:00401090 ; =============== S U B R O U T I N E ======================================= .text:00401090 .text:00401090 ; Attributes: bp-based frame .text:00401090 .text:00401090 ; int __cdecl main(int argc, const char **argv, const char **envp) .text:00401090 _main proc near ; CODE XREF: _main_0j .text:00401090 .text:00401090 var_448 = byte ptr -448h .text:00401090 File = dword ptr -408h .text:00401090 Str1 = byte ptr -404h .text:00401090 var_4 = dword ptr -4 .text:00401090 argc = dword ptr 8 .text:00401090 argv = dword ptr 0Ch .text:00401090 envp = dword ptr 10h .text:00401090 .text:00401090 push ebp .text:00401091 mov ebp, esp .text:00401093 sub esp, 448h .text:00401099 push ebx .text:0040109A push esi .text:0040109B push edi .text:0040109C lea edi, [ebp+var_448] .text:004010A2 mov ecx, 112h .text:004010A7 mov eax, 0CCCCCCCCh .text:004010AC rep stosd .text:004010AE mov [ebp+var_4], 0 .text:004010B5 mov esi, esp .text:004010B7 push offset LibFileName ; "user32.dll" .text:004010BC call ds:__imp__LoadLibraryA@4 ; LoadLibraryA(x) .text:004010C2 cmp esi, esp .text:004010C4 call __chkesp .text:004010C9 push offset Mode ; "rw+" .text:004010CE push offset Filename ; "password.txt" .text:004010D3 call _fopen .text:004010D8 add esp, 8 .text:004010DB mov [ebp+File], eax .text:004010E1 cmp [ebp+File], 0 .text:004010E8 jnz short loc_4010F1 .text:004010EA push 0 ; Code .text:004010EC call _exit .text:004010F1 ; --------------------------------------------------------------------------- .text:004010F1 .text:004010F1 loc_4010F1: ; CODE XREF: _main+58j .text:004010F1 lea eax, [ebp+Str1] .text:004010F7 push eax .text:004010F8 push offset Format ; "%s" .text:004010FD mov ecx, [ebp+File] .text:00401103 push ecx ; File .text:00401104 call _fscanf .text:00401109 add esp, 0Ch .text:0040110C lea edx, [ebp+Str1] .text:00401112 push edx ; Str1 .text:00401113 call j__verify_password .text:00401118 add esp, 4 .text:0040111B mov [ebp+var_4], eax .text:0040111E cmp [ebp+var_4], 0 .text:00401122 jz short loc_401133 .text:00401124 push offset aIncorrectPassw ; "incorrect password!n" .text:00401129 call _printf .text:0040112E add esp, 4 .text:00401131 jmp short loc_401140 .text:00401133 ; --------------------------------------------------------------------------- .text:00401133 .text:00401133 loc_401133: ; CODE XREF: _main+92j .text:00401133 push offset aCongratulation ; "Congratulation! You have passed the ver"... .text:00401138 大专栏 CTF-0day2-栈溢出(3)-植入代码 call _printf .text:0040113D add esp, 4 .text:00401140 .text:00401140 loc_401140: ; CODE XREF: _main+A1j .text:00401140 mov eax, [ebp+File] .text:00401146 push eax ; File .text:00401147 call _fclose .text:0040114C add esp, 4 .text:0040114F pop edi .text:00401150 pop esi .text:00401151 pop ebx .text:00401152 add esp, 448h .text:00401158 cmp ebp, esp .text:0040115A call __chkesp .text:0040115F mov esp, ebp .text:00401161 pop ebp .text:00401162 retn .text:00401162 _main endp
|