1.打开文件
查壳
是32位的
shift+f12查看字符串 看到了一个base64加密的特征字符串
查看主函数
DialogBoxParam函数百度后得知是根据对话框模板资源创建一个模态的对话框,直接看函数主体。编写代码
if ( a2 == 272 )
return 1;
if ( a2 != 273 )
return 0;
if ( (_WORD)a3 == 1001 )
{
memset(&String, 0, 0xFFFFu);
GetDlgItemTextA(hDlg, 1000, &String, 0xFFFF);
if ( strlen(&String) == 8 )
{
v7 = 90;
v8 = 74;
v9 = 83;
v10 = 69;
v11 = 67;
v12 = 97;
v13 = 78;
v14 = 72;
v15 = 51;
v16 = 110;
v17 = 103;
sub_4010F0((int)&v7, 0, 10);
memset(&v26, 0, 0xFFFFu);
v26 = string[5];
v28 = string[7];
v27 = string[6];
v4 = sub_401000((int)&v26, strlen(&v26));
memset(&v26, 0, 0xFFFFu);
v27 = string[3];
v26 = string[2];
v28 = string[4];
v5 = sub_401000((int)&v26, strlen(&v26));
if ( String == v7 + 34
&& string[1] == v11
&& 4 * string[2] - 141 == 3 * v9
&& string[3] / 4 == 2 * (v14 / 9)
&& !strcmp(v4, "ak1w")
&& !strcmp(
v5,
"V1Ax") )
{
MessageBoxA(hDlg, "U g3t 1T!", "@_@", 0);
}
}
return 0;
}
if ( (_WORD)a3 != 1 && (_WORD)a3 != 2 )
return 0;
EndDialog(hDlg, (unsigned __int16)a3);
return 1;
}
base64解密
根据代码 处理string字符 得到flag
flag{UJWP1jMp}