picoCTF - RE - Hurry up! Wait!

最新推荐文章于 2024-04-01 21:10:53 发布
最新推荐文章于 2024-04-01 21:10:53 发布
阅读量387 收藏
点赞数
分类专栏: CTF
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/yyyayo/article/details/118645631
版权

代码转载自:https://github.com/Dvd848/CTFs/blob/master/2021_picoCTF/Hurry_up_Wait.md 添加了部分备注。

下面这部分代码在 Ghidra - Window - Python 中运行:

import sys

# 给出 offset,得到地址
def getAddress(offset):
	return currentProgram.getAddressFactory().getDefaultAddressSpace().getAddress(offset)

listing = currentProgram.getListing()
functionManager = currentProgram.getFunctionManager()

# getGlobalFunctions 会返回 [FUN_0010298a] 这个 list
main_func = getGlobalFunctions("FUN_0010298a")[0]

# listing.getCodeUnits() 可以得到提供的地址范围内的所有 code/instructions,codeUnit 就是一条指令
# main_func.getBody() 会得到这个函数的 body 的地址范围:[[0010298a, 00102a26] ]
# Iterate the instructions that FUN_0010298a() is composed of
for codeUnit in listing.getCodeUnits(main_func.getBody(), True):

	if not codeUnit.toString().startswith("CALL"):
		# Ignore anything that isn't a "call"
		continue
	
	# codeUnit.getAddress(0) 得到指令中的地址(一般是 offset 而非真正的地址)
	# functionManager.getFunctionAt(address) 获取指定 address 的函数,注意 getAddress 函数是自定义的
	callee = functionManager.getFunctionAt(getAddress(str(codeUnit.getAddress(0))))
	if not callee.getName().startswith("FUN_"):
		# In practice - skip ada__calendar__delays__delay_for()
		continue

	for cu in listing.getCodeUnits(callee.getBody(), True):
		# Iterate the instructions that the callee is composed of
		if not cu.toString().startswith("LEA RAX"):
			# Ignore anything that isn't LEA RAX, [addr]
			#  since that's the instruction that loads the flag character to be printed
			continue
		
		# cu.getScalar(1) 获取指令中的第1个(实际是第2个)标量,前面应该还有第0个标量
		# Check what's at "addr" and print it
		sys.stdout.write(chr(getByte(getAddress(str(cu.getScalar(1))))))

print("")
yyyayo
关注
  • 0
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
专栏目录
Groovy-in-hurry:赶时间
06-30
Groovy-in-hurry-with-Git Groovy 赶时间和 GIT 介绍
ember-select2-hurry:EmberJS的快速而肮脏的select2组件
05-04
灰烬选择2赶时间 EmberJS的快速而又肮脏的select2组件。 用法 当地建议 {{select-2 content=suggestedItemsList // [{id: 1, label: 'foo'}, ...] value=selectedValue // filled when an item is selected ...
Hurry Up
觅梦云的专栏
08-04 772
Problem Description GG is some what afraid of his MM. Once his MM asks, he will always try his best to rush to their home. Obvious, he can run home in straight line directly. Alternatively, he can
2021 Picoctf pwn部分wp
weixin_46521144的博客
07-18 504
首先说一下,是参考了校内学长的复盘讲解hhh,这也是第一次直接接触在线的ctf而不是靶场。 Gauntlet1 在ida里面看一下。这三道Gauntlet都是一个类型的,漏洞都是一个格式化字符串+栈溢出。 那就很容易直接把shellcraft.sh()写道栈上,因为一开始给打印了背写区域的起始位置并且使可执行的栈,一溢出就会跳转到我们写的shellcraft上面执行。注意中间还要有个格式化字符串的额send,不要忘了,之前卡在这里好久啊。。。 exp from pwn import * context.
新概念英语(1-43)Hurry up!
weixin_30924087的博客
04-17 96
新概念英语(1-43)Hurry up! How do you know Sam doesn't make the tea very often? A:Can you make the tea, Sam? B:Yes, of course I can, Penny. A:Is there any water in this kettle? B:Yes, there is. A:Wher...
C++经典算法题-Press any key to change color, do you want to try it. Please hurry up!
逍遥云恋
01-08 882
1. 题目 题目:Press any key to change color, do you want to try it. Please hurry up! 2. 代码示例 #include <conio.h> void main(void) { int color; for (color = 0; color < 8; colo...
Lesson Forty-Three Hurry up! 快点!
MichaelHu的专栏
12-28 928
Can you make the tea,Sam?你会沏茶吗,Sam?Yes,of course I can,Penny.会,我当然会了,Penny.Is there any water in this kettle?这个水壶里有水吗?Yes, there is.有的.Wheres the tea?茶叶在哪?Its over there,behind t
picoCTF2020-RE
煤矿路口西的博客
11-11 364
picoCTF Reverse Engineering vault-door-training [vault-door-training](Your mission is to enter Dr. Evil’s laboratory and retrieve the blueprints for his Doomsday Project. The laboratory is protected by a series of locked vault doors. Each door is contro.
Lesson 43 Hurry up!
weixin_30788239的博客
08-03 132
英音版录音 下载地址http://bbs.enfamily.cn/upfile/nce/book1/NCE1043.mp3美音版录音 Lesson 43Hurry up!快点! Listen to the tape then answer this question. How do you know Sam doesn't make the tea very often...
Hurry home & 下班回家-crx插件
04-02
语言:中文 (简体) 平平安安上班,高高兴兴下班 用于帮助上班人员时刻提醒自己距离下班时间还剩下多长的时间,把握时间,提高工作效率今天距离下班时间还剩下多久的时时间本周距离周末的时间剩余多久本月距离月底的...
Hurry-crx插件
04-04
语言:English 快点-Google幻灯片计时器 快点是Google幻灯片的扩展程序,可显示演示文稿还剩多少时间。 请参阅https://github.com/laffra/hurry获取源代码和/或如果您更喜欢在本地安装扩展程序。
题目:Press any key to change color, do you want to try it. Please hurry up!
04-01 3661
There is no nutrition in the blog content. After reading it, you will not only suffer from malnutrition, but also impotence. The blog content is all parallel goods. Those who are worried about being cheated should leave quickly.
Lesson 43 Hurry up! 快点!
浅浅的小溪
01-05 839
Listen to the tape then answer this question. How do you know Sam doesnt make the tea very often?  听录音,然后回答问题。你怎么知道萨姆不常沏茶?  PENNY: Can you make the tea, Sam?  SAM:   Yes, of course I can, Penny
rockyou.txt
06-06
rockyou
ASP+ACCESS网上人才信息管理系统(源代码+论文)【ASP】.zip
最新发布
06-06
ASP+ACCESS网上人才信息管理系统(源代码+论文)【ASP】
河北金融学院经济大数据课设2024年 软科学校爬虫课设
06-06
河北金融学院经济大数据课设2024年 软科学校爬虫课设
c语言Press any key to change color, do you want to try it.Please hurry up!
05-26
Sorry, as an AI language model, I do not have the ability to physically interact with you and perform actions in the real world. However, I can guide you on how to implement this functionality in C language. To implement "Press any key to change color" functionality in C language, you can use the following code: ``` #include <stdio.h> #include <conio.h> #include <windows.h> int main() { int color = 0; while(1) { printf("Press any key to change color\n"); getch(); color++; if(color > 15) { color = 0; } SetConsoleTextAttribute(GetStdHandle(STD_OUTPUT_HANDLE), color); printf("Hello World!\n"); } return 0; } ``` This code uses the `getch()` function from `conio.h` header file to wait for a key press. Then, it changes the text color by using the `SetConsoleTextAttribute()` function from `windows.h` header file. The `color` variable is incremented for each key press and reset to 0 when it reaches 15. I hope this helps you.

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值