Open this page:打开此页面:
Note注意
If you already have Visual C++ Build Tools installed, click the Start button, scroll to the V secton, expand " Visual Studion 2017 ", and click " Developer Command Prompt for VS 2017 ", as shown below.如果已经安装了Visual C ++ Build Tools,请单击“ 开始”按钮,滚动到V secton,展开“ Visual Studion 2017 ”,然后单击“ VS 2017的开发人员命令提示符 ”,如下所示。Then skip to the " Making the pwd Program in C++ " section, below on this page.然后跳到本页下面的“ 在C ++中制作pwd程序 ”部分。
https://visualstudio.microsoft.com/visual-cpp-build-tools/ https://visualstudio.microsoft.com/visual-cpp-build-tools/
Click the " Download Build Tools " button, as shown below.单击“ 下载构建工具 ”按钮,如下所示。
On the next page, in the "Build Tools for Visual Studio 2017" section, click the Download button, as shown below.在下一页的“Visual Studio 2017的构建工具”部分中,单击“ 下载”按钮,如下所示。
Save the vs_buildtools__935747363.1537797301.exe file in your Downloads folder.将vs_buildtools__935747363.1537797301.exe文件保存在Downloads文件夹中。
Double-click the the vs_buildtools__935747363.1537797301.exe file.双击vs_buildtools__935747363.1537797301.exe文件。
A box pops up, as shown below.弹出一个框,如下所示。
Click Continue .单击继续 。
Wait while software downloads and installs, as shown below.等待软件下载和安装,如下所示。
A large window appears, as shown below.出现一个大窗口,如下所示。
At the top left, click " Visual C++ build tools ".在左上角,单击“ Visual C ++构建工具 ”。
Click the Install button.单击“ 安装”按钮。
Wait while software downloads and installs., as shown below.等待软件下载并安装。,如下所示。
When the installation completes, you should see the screen shown below.安装完成后,您应该看到如下所示的屏幕。
Click Launch .单击“ 启动” A Developer Command Prompt window opens, as shown below.将打开“开发人员命令提示符”窗口,如下所示。
A box pops up, asking "Do you want to create a new file?".弹出一个框,询问“你想创建一个新文件吗?”。 Click Yes .单击是 。mkdir c:\127 mkdir c:\ 127 cd c:\127 cd c:\ 127 notepad pwd.cpp记事本pwd.cpp
Enter this code, as shown below:输入此代码,如下所示:
#include <iostream> #include <iostream> using namespace std; using namespace std; int test_pw() int test_pw() { { char pin[10]; char pin [10]; int x=15, i; int x = 15,i; cout << "Enter password: "; cout <<“输入密码:”; cin >> pin; cin >> pin; for (i=0; i<10; i+=2) x = (x & pin[i]) | for(i = 0; i <10; i + = 2)x =(x&pin [i])| pin[i+1];销第[i + 1]; if (x == 48) return 0; if(x == 48)返回0; else return 1;否则返回1; } } void main() void main() { { if (test_pw()) printf("Fail!\n"); if(test_pw())printf(“失败!\ n”); else printf("You win!\n"); else printf(“你赢了!\ n”); } }
In Notepad, click File , Save .在记事本中,单击“ 文件” ,“ 保存” 。
In the Developer Command Prompt window, execute these commands:在Developer Command Prompt窗口中,执行以下命令:
Two versions of the program are produced.制作了两个版本的程序。 The "pwd.exe" program has stack protections, but "pwdc.exe" does not, so it's slightly smaller, as shown below. “pwd.exe”程序具有堆栈保护,但“pwdc.exe”没有,因此它稍微小一些,如下所示。copy pwd.cpp pwdn.cpp copy pwd.cpp pwdn.cpp cl /EHsc pwd.cpp cl / EHsc pwd.cpp cl /EHsc /GS- pwdn.cpp cl / EHsc / GS- pwdn.cpp dir *.exe dir * .exe
https://www.hex-rays.com/products/ida/support/download_freeware.shtml https://www.hex-rays.com/products/ida/support/download_freeware.shtml
Download and install the Windows version, as shown below.下载并安装Windows版本,如下所示。
In the "IDA: Quick start" box, click New , as shown below.在“IDA:快速启动”框中,单击“ 新建” ,如下所示。
Navigate to the C:\127\pwd.exe file and double-click it.导航到C:\ 127 \ pwd.exe文件并双击它。
In the "Load a new file" box, click OK .在“加载新文件”框中,单击“ 确定” 。
IDA opens, showing some assembly code, as shown below. IDA打开,显示一些汇编代码,如下所示。
From the IDA menu, click View , " Open subviews ", Strings .在IDA菜单中,单击“ 查看” ,“ 打开子视图 ”,“ 字符串” 。
Double-click " Enter password ", as shown below.双击“ 输入密码 ”,如下所示。
The .rdata section appears, showing stored strings.出现.rdata部分,显示存储的字符串。 On the line containing "Enter password", find "DATA XREF".在包含“输入密码”的行上,找到“DATA XREF”。 Point to the address after the "DATA XREF" marker, as highlighted in yellow in the image below, and double-click it.指向“DATA XREF”标记后的地址,如下图中黄色突出显示,然后双击它。
The function prologue appears, with a line containing "security_cookie", as shown below.出现函数序言,其中包含一行“security_cookie”,如下所示。
The "security_cookie" line is gone, as shown below. “security_cookie”行已经消失,如下所示。
Enter a "Number of opcode bytes" of 6 as shown below.输入6的“操作码字节数”,如下所示。 Then click OK .然后单击确定 。
Find the hexadecimal values covered by a green box in the image below.找到下图中绿框所覆盖的十六进制值。 That's the flag.那是旗帜。
Posted: 10-27-18发表时间:10-27-18