justdoit
This applet link: https: //pan.baidu.com/s/1Xyg5U5uj9rX8Un_b0fbYzw extraction code: acwt
only for the exchange of learning!
This is the teacher in the classroom to practice hand of a problem, there is no shell, so I did not go to him for shelling (in fact, I peeled a silly) with peid, this is page after opening
so I put this thing od pulled inside, tried the water, and the result is this:
as a white, I do not understand What is that, and then I lost the way to number two, no accident, error!
Then I wanted to see this in the end is what it is, so I just od it, turned up (because I analyzed, the teacher gave this thing, it should not be too hard, there will be no flag prompt, then only a possibility that flag in the comments inside), and sure enough, I am about to turn in despair, saw a note:
see Hello Word, so I made sure, this is the solution to a problem, and sure enough, lost in, is this;
summary, this water problem is really good, although I consequently will not, but the feeling is good water, meaning the teacher should let us know how od is used, it should also be used ida not too sure ... but it does not difficult;
maze
做出来了一道1+1等于二的题目,我感觉到了些许膨胀(菜的一批),然后老师又给了一道入门级的迷宫题,emmm,题目链接如下:
链接:https://pan.baidu.com/s/1HItSC6T6YifCHlkl0pAIAw 提取码:6rtl
打开这个exe是这样的
仔细一想,这不是一个矩阵迷宫题嘛,了解过算法的人一眼就能看出来,甚至于还可以写出来一个更为牛逼的迷宫题(显然我还没达到这种牛逼的程度),心理有个大概的了解,那接下来就是先尝试输入几个字试试喽,首先输入了1,啊~我死了;重新,输入2,一点问题都没得,说明这个东西是有道道可寻的,不过这样一直试可不行(这道题是可以的,后来知道这是个55矩阵,就一条路,所以一个一个试着来是可以的),万一这个东西是个200200的矩阵,就不行了,所以果断ida,拉进去之后,长这个样子:
然后空格看一下流程图,f5看一下了伪代码(这些基本用法自行百度嗷):
诶!发现伪代码有点好理解啊,首先是定义的数据,一个字符型(后面的是地址),然后都是32位的int(中间有一个是short int 16位),而且地址是连着的(如果不懂地址的话可以百度先学一下地址的知识),接下来就是赋值了,但是那个qmemcpy又是个啥,所以我去百度了一下,将以第二个参数地址为首地址的后面25个(0x19u按一下h就可以变为十进制)字符赋值给以v3(char)为首地址的25个字节,那么去看一下_data_start_是什么,双击它,跳过来了这个页面,
emmm,这玩意好像是111…这一串,也恰好是25个,诶~会不会这个就是地图呢?矩阵形式大概是这个样子:
* 1 1 1 1
0 1 0 0 0
0 1 0 1 0
0 0 0 1 0
1 1 1 1 #
这是我猜的,因为算法里面会有这种图,让走迷宫,再难一点的我都见过,所以如果我没猜错(为什么一定要猜呢?做题嘛!直觉很重要),从出发,然后到达#,而观察图得出结论,0代表可以走,而1代表不可以走,所以我按照这个试试,输入222441144222,发现直接没了,机敏的我想到,要么是成功了,要么是失败了(废话),成功的话就是一闪而过,没有停在这个窗口,而我又输入了这么多,我就感觉是成功了!(后来分析后果然是成功了),如果在比赛中或者其他时间做这题,到这里就可以了,得到了flag,那么还管什么为什么,但是作为小白的我不能这样,我要努力,所以我又分析一下为什么:
Firstly out, there is a 25 character string, and the character is v3, copy back 25;
then, the screen is captured v6, v6 is a 16-bit word type, V6 determination, if the input is 2, v4 ++ , then 3 v5-, 4 words v5 ++, and 1, it is V4-; and below it for a good understanding, in order to limit the data size, v4 address -, i, and then the value, i.e. v4, v5 They are greater than or equal to 0 and less than or equal 4, as for the v5 is how come, that is, v4 + i, i is not 1 thing? i is int type, (forced to explain! When I went to check), then you interesting, v8 take the address, after adding 5 V4 + v5-41 == 49, what does that mean? V8 is the address of minus 41, count, happens to be the first address v3, and then 5 v4 + v5, if v4 is x, and v5 is y, then it is much easier to handle, which is 5 v4 is to take a few lines (in fact, go directly down), such as a string of 111 101 000
* 1 1 1 1
0 1 0 0 0
from the next go to 0, you come directly on the line, represents the character was to go 1 5 empathy ( v4, v5) it means you are here, then you can understand, v4 ++ is x, is down x + 1, so this question came out, then I according to this feature, the anti write a c ++, is this of:
#include<iostream>
using namespace std;
int main()
{
char c; //捕获输入
string s="*11110100001010000101111#"; //迷宫数列
int x=0,y=0; //1,2,3,4对应的x,y
int z; //s的下标
cout<<"* 是起点,#是终点,0表示可以走,1表示有墙,不可以走!"<<endl;
for(int i=0;i<s.size();i++)
{
cout<<s[i];
if((i+1)%5==0)
cout<<endl;
}
while(1)
{
cout<<"you can choose one action to execute"<<endl;
cout<<"1 up"<<endl;
cout<<"2 down"<<endl;
cout<<"3 left"<<endl;
cout<<"4 right\n:";
cin>>c;
if(c=='1')
x--;
if(c=='2')
x++;
if(c=='3')
y--;
if(c=='4')
y++;
if(x<0 || x>5 || y<0 || y>5)
break;
z=5*x+y;
//cout<<z<<endl;
if(s[z]=='1')
break;
if(s[z]=='#')
{
cout<<"OK,you find the flag!"<<endl;
break;
}
}
return 0;
}
Call ~ over!
