buuctf reserve 10,12；打印PE文件信息函数

最新推荐文章于 2024-10-04 23:00:36 发布

咔咔aa～

最新推荐文章于 2024-10-04 23:00:36 发布

阅读量403

点赞数 10

文章标签： c语言

本文链接：https://blog.csdn.net/2301_80394594/article/details/135972633

版权

本文讲述了使用IDA工具对包含加密和字符串处理的二进制代码进行逆向工程的过程，涉及无壳64位程序的分析，包括Decry函数的解密步骤以及PE文件头部信息的打印方法。

摘要由CSDN通过智能技术生成

1.simplerev

先放到EXE中，发现无壳，64位

用ida64打开，F5反汇编，用R将ARSCII数字换成字符

发现重要操作Decry，双击进入分析

将src和v9转换为字符串，需要注意的是，在IDA中遇到数字转字符时，需要将转换后的字符进行反转

进入join操作，发现就是将两个字符串拼接到一起

strcat即为拼接函数

由此，可以得出text='killshadow',key='ADSFKNDCLS',v5=10

for ( i = 0; i < v5; ++i )
  {
    if ( key[v3 % v5] > 'A' && key[v3 % v5] <= 'Z' )
      key[i] = key[v3 % v5] + 32;
    ++v3;
  }

而根据这段代码，可以知道key中的大写字母都换成了小写，故key[ ]=adsfkndcls

回到Decry，依据它下面几行代码，写脚本进行解密，得出flag

#include <stdio.h>

int main() {
	int i, j, v3 = 10;
	char key[] = {"adsfkndcls"};
	char text[] = {"killshadow"};
	char flag[11] = {0};
	char v1;
	for (i = 0; i < 10; i++) {
		for (j = 0; j < 128; ++j) {
			if (j < 'A' || j > 'z' && j < 'a') {
				continue;
			}
			if ((j - 39 - key[v3 % 10] + 97) % 26 + 97 == text[i]) {
				printf("%c", j);
				v3++;
				break;
			}
		}
	}
	return 0;
}

2.luck_guy

先放入IDA中

无壳，64位，用IDA打开，F5反汇编

进入patch_me ,发现必须是偶数才能get flag，然后双击进入

分析代码，为switch case语句，case1即将f1和f2连到一起，可双击查看f1到f1的值

case2和3应该没什么用，case4即将s赋给f2，点击r将s转化为字符，注意是倒着的，然后分析case5，写脚本得出flag

#include <stdio.h>
#include <stdlib.h>

int main() {
	char f1[] = "GXY{do_not_";
	char f2[] = "icug`of\x7F";
	for ( int j = 0; j <= 7; ++j ) {
		if ( j % 2 == 1 )
			f2[j] -= 2;
		else
			--f2[j];
	}
	puts(f1);
	puts(f2);

	return 0;
}

//flag{do_not_hate_me}

3.打印PE文件信息函数

#include <iostream>
using namespace std;
#include <windows.h>
#include <string.h>

//打印PE文件信息
void PrintAllPEHeasers(void *pFileBuffer) {
	PIMAGE_DOS_HEADER pDosHeader = NULL;
	PIMAGE_NT_HEADERS pNTHeader = NULL;
	PIMAGE_FILE_HEADER pPEHeader = NULL;
	PIMAGE_OPTIONAL_HEADER32 pOptionHeader = NULL;
	PIMAGE_SECTION_HEADER pSectionHeader = NULL;
	pDosHeader = (PIMAGE_DOS_HEADER)pFileBuffer;
	pNTHeader = (PIMAGE_NT_HEADERS)((BYTE *)pFileBuffer + pDosHeader->e_lfanew);
	pPEHeader = (PIMAGE_FILE_HEADER)((BYTE *)pNTHeader + sizeof(DWORD));
	pOptionHeader = (PIMAGE_OPTIONAL_HEADER32)((BYTE *)pPEHeader + IMAGE_SIZEOF_FILE_HEADER);
	pSectionHeader = (PIMAGE_SECTION_HEADER)((BYTE *)pOptionHeader + pPEHeader->SizeOfOptionalHeader);
	cout << hex << "-----------IMAGE_DOS_HEADER_BASE---------" << endl;
	cout << hex << "|-e_magic                           = " << pDosHeader->e_magic << endl;
	cout << hex << "|-e_lfanew                          = " << pDosHeader->e_lfanew << endl;
	cout << hex << "|" << endl;
	cout << hex << "|------------------IMAGE_NT_HEADERS_BASE-----------------" << endl;
	cout << hex << "|-signature                         = " << IMAGE_NT_SIGNATURE << endl;
	cout << hex << "|" << endl;
	cout << hex << "|---------IMAGE_FILE_HEADER_BASE---------" << endl;
	cout << hex << "||-Machine                          = " << pPEHeader->Machine << endl;
	cout << hex << "||-NumberOfSections                 = " << pPEHeader->NumberOfSections << endl;
	cout << hex << "||-TimeDataStamp                    = " << pPEHeader->TimeDateStamp << endl;
	cout << hex << "||-PointerToSymbolicTable           = " << pPEHeader->PointerToSymbolTable << endl;
	cout << hex << "||-NumberOfSymbols                  = " << pPEHeader->NumberOfSymbols << endl;
	cout << hex << "||-SizeOfOptionalHeader             = " << pPEHeader->SizeOfOptionalHeader << endl;
	cout << hex << "||-Characteristics                  = " << pPEHeader->Characteristics << endl;
	cout << hex << "||" << endl;
	cout << hex << "||-----------IMAGE_OPTIONAL_HEADER---------" << endl;
	cout << hex << "||-Magic                            = " << pOptionHeader->Magic << endl;
	printf("||-MajorLinkerVersion               = %x\n", pOptionHeader->MajorLinkerVersion);
	printf("||-MinorLinkerVersion               = %x\n", pOptionHeader->MinorLinkerVersion);
	cout << hex << "||-SizeOfCode                       = " << pOptionHeader->SizeOfCode << endl;
	cout << hex << "||-SizeOfInitializedData            = " << pOptionHeader->SizeOfInitializedData << endl;
	cout << hex << "||-SizeOfUninitializedData          = " << pOptionHeader->SizeOfUninitializedData << endl;
	cout << hex << "||-AddressOfEntryPoint              = " << pOptionHeader->AddressOfEntryPoint << endl;
	cout << hex << "||-BaseOfCode                       = " << pOptionHeader->BaseOfCode << endl;
	cout << hex << "||-BaseOfData                       = " << pOptionHeader->BaseOfData << endl;
	cout << hex << "||" << endl;
	cout << hex << "||-----------NT 结构增加的领域---------" << endl;
	cout << hex << "||-ImageBase                        = " << pOptionHeader->ImageBase << endl;
	cout << hex << "||-SectionAlignment                 = " << pOptionHeader->SectionAlignment << endl;
	cout << hex << "||-FileAlignment                    = " << pOptionHeader->FileAlignment << endl;
	cout << hex << "||-MajorOperatingSystemVersion      = " << pOptionHeader->MajorOperatingSystemVersion << endl;
	cout << hex << "||-MinorOperatingSystemVersion      = " << pOptionHeader->MinorOperatingSystemVersion << endl;
	cout << hex << "||-MajorImageVersion                = " << pOptionHeader->MajorImageVersion << endl;
	cout << hex << "||-MinorImageVersion                = " << pOptionHeader->MinorImageVersion << endl;
	cout << hex << "||-MajorSubsystemVersion            = " << pOptionHeader->MajorSubsystemVersion << endl;
	cout << hex << "||-MinorSubsystemVersion            = " << pOptionHeader->MinorSubsystemVersion << endl;
	cout << hex << "||-Win32VersionValue                = " << pOptionHeader->Win32VersionValue << endl;
	cout << hex << "||-SizeOfImage                      = " << pOptionHeader->SizeOfImage << endl;
	cout << hex << "||-SizeOfHeaders                    = " << pOptionHeader->SizeOfHeaders << endl;
	cout << hex << "||-CheckSum                         = " << pOptionHeader->CheckSum << endl;
	cout << hex << "||-Subsystem                        = " << pOptionHeader->Subsystem << endl;
	cout << hex << "||-DllCharacteristics               = " << pOptionHeader->DllCharacteristics << endl;
	cout << hex << "||-SizeOfStackReserve               = " << pOptionHeader->SizeOfStackReserve << endl;
	cout << hex << "||-SizeOfStackCommit                = " << pOptionHeader->SizeOfStackCommit << endl;
	cout << hex << "||-SizeOfHeapReserve                = " << pOptionHeader->SizeOfHeapReserve << endl;
	cout << hex << "||-SizeOfHeapCommit                 = " << pOptionHeader->SizeOfHeapCommit << endl;
	cout << hex << "||-LoaderFlags                      = " << pOptionHeader->LoaderFlags << endl;
	cout << hex << "||-NumberOfRvaAndSizes              = " << pOptionHeader->NumberOfRvaAndSizes << endl;
	cout << hex << "|" << endl;
	cout << hex << "|-------PE结构大小----------------------" << endl;
	cout << hex << "|-sizeof(IMAGE_DOS_HEADER)          = " << sizeof(IMAGE_DOS_HEADER) << endl;
	cout << hex << "|-sizeof(IMAGE_FILE_HEADER)         = " << sizeof(IMAGE_FILE_HEADER) << endl;
	cout << hex << "|-sizeof(IMAGE_OPTIONAL_HEADER)     = " << sizeof(IMAGE_OPTIONAL_HEADER) << endl;
	cout << hex << "|-realSizeof(IMAGE_OPTIONAL_HEADER) = " << sizeof(IMAGE_OPTIONAL_HEADER) << endl;
	cout << hex << "|-sizeof(IMAGE_NT_HEADERS)          = " << sizeof(IMAGE_NT_HEADERS) << endl;
	cout << hex << "|" << endl;
	cout << hex << "|-------文件中PE头基址----------------------" << endl;
	cout << hex << "|-IMAGE_DOS_HEADER_BASE             = " << (void *)((BYTE *)pDosHeader - (BYTE *)pDosHeader) << endl;
	cout << hex << "|-IMAGE_NT_HEADERS_BASE             = " << (void *)((BYTE *)pNTHeader - (BYTE *)pDosHeader) << endl;
	cout << hex << "|-IMAGE_FILE_HEADER_BASE            = " << (void *)((BYTE *)pPEHeader - (BYTE *)pDosHeader) << endl;
	cout << hex << "|-IMAGE_OPTIONAL_HEADER_BASE        = " << (void *)((BYTE *)pOptionHeader - (BYTE *)pDosHeader) << endl;
	cout << hex << "|" << endl;
//打印节表
	for (int i = pPEHeader->NumberOfSections; i > 0; i--) {
		void *position = pSectionHeader + i * IMAGE_SIZEOF_SECTION_HEADER;
		cout << hex << "|----------------------------------------" << endl;
		cout << hex << "|---------------节表" << i + 1 << "--------------" << endl;
		cout << hex << "||-SectionName               = " << pSectionHeader->Name << endl;
		cout << hex << "||-BaseAddress               = " << (void *)((char *)position - (char *)pDosHeader) << endl;
		cout << hex << "||-MemoryBaseAddress         = " << (void *)(char *)position << endl;
		printf("||-VirtualSize               = %x\n", pSectionHeader->Misc);
		cout << hex << "||-VirtualAddress            = " << pSectionHeader->VirtualAddress << endl;
		cout << hex << "||-SizeOfRawData             = " << pSectionHeader->SizeOfRawData << endl;
		cout << hex << "||-PointerToRawData          = " << pSectionHeader->PointerToRawData << endl;
		cout << hex << "||-PointerToRelocations      = " << pSectionHeader->PointerToRelocations << endl;
		cout << hex << "||-PointerToLinenumbers      = " << pSectionHeader->PointerToLinenumbers << endl;
		cout << hex << "||-NumberOfRelocation        = " << pSectionHeader->NumberOfRelocations << endl;
		cout << hex << "||-NumberOfLinenumbers       = " << pSectionHeader->NumberOfLinenumbers << endl;
		cout << hex << "||-Characteristics           = " << pSectionHeader->Characteristics << endl;
	}
}