DontEatMe

BUU
Created At :
Views 👀 :
  1. BUU DontEatMe

BUU DontEatMe

分析后很容易直到是个迷宫题,但是对输入有一个加密,用FindCrypt发现时BlowFish加密,先动态调试得到迷宫路线,然后blowfish解密即可得到flag

然后发现有反调试

image-20231219203045844

1
2
3
4
5
6
7
NTSYSAPI NTSTATUS ZwSetInformationThread(
  [in] HANDLE          ThreadHandle,     
 [in] THREADINFOCLASS ThreadInformationClass,
  [in] PVOID           ThreadInformation,
  [in] ULONG           ThreadInformationLength
);

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
typedef enum _THREADINFOCLASS {
    ThreadBasicInformation,
    ThreadTimes,
    ThreadPriority,
    ThreadBasePriority,
    ThreadAffinityMask,
    ThreadImpersonationToken,
    ThreadDescriptorTableEntry,
    ThreadEnableAlignmentFaultFixup,
    ThreadEventPair,
    ThreadQuerySetWin32StartAddress,
    ThreadZeroTlsCell,
    ThreadPerformanceCount,
    ThreadAmILastThread,
    ThreadIdealProcessor,
    ThreadPriorityBoost,
    ThreadSetTlsArrayAddress,
    ThreadIsIoPending,
    ThreadHideFromDebugger  //检测是否debug
}THREAD_INFO_CLASS;

传入的参数是0x11,正好对应了ThreadHideFromDebugger,因此用ollydebug调试时将传入的参数修改就能过掉反调试得到迷宫的地图,然后进行解密1702990130725

因为输入的路径为16位,所以密文也取16位,后面的是空格加密后的密文

转载请注明来源,欢迎对文章中的引用来源进行考证,欢迎指出任何有错误或不够清晰的表达。可以在下面评论区评论,也可以邮件至 3049155267@qq.com

💰

©n1ng

Built with Hexo and 3-hexo theme

×

Help us with donation