说是关于迷宫类题的,其实就是二维数组伪代码的审计问题
先上码
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
| __int64 __fastcall main(__int64 a1, char **a2, char **a3)
{
signed __int64 v3;
signed int v4;
bool v5;
bool v6;
const char *v7;
__int64 v9;
v9 = 0LL;
puts("Input flag:");
scanf("%s", &s1, 0LL);
if ( strlen(&s1) != 24 || strncmp(&s1, "nctf{", 5uLL) || *(&byte_6010BF + 24) != 125 )
{
NO_either:
puts("Wrong flag!");
exit(-1);
}
v3 = 5LL;
if ( strlen(&s1) - 1 > 5 )
{
while ( 1 )
{
v4 = *(&s1 + v3);
v5 = 0;
if ( v4 > 78 )
{
v4 = (unsigned __int8)v4;
if ( (unsigned __int8)v4 == 79 )
{
v6 = left((_DWORD *)&v9 + 1);
goto pre_ifboundary;
}
if ( v4 == 111 )
{
v6 = rignt((int *)&v9 + 1);
goto pre_ifboundary;
}
}
else
{
v4 = (unsigned __int8)v4;
if ( (unsigned __int8)v4 == 46 )
{
v6 = up(&v9);
goto pre_ifboundary;
}
if ( v4 == 48 )
{
v6 = down((int *)&v9);
pre_ifboundary:
v5 = v6;
goto ifboundary;
}
}
ifboundary:
if ( !(unsigned __int8)ifboundary_((__int64)asc_601060, SHIDWORD(v9), v9) )
goto NO_either;
if ( ++v3 >= strlen(&s1) - 1 )
{
if ( v5 )
break;
NO:
v7 = "Wrong flag!";
goto YES;
}
}
}
if ( asc_601060[8 * (signed int)v9 + SHIDWORD(v9)] != 35 )
goto NO;
v7 = "Congratulations!";
YES:
puts(v7);
return 0LL;
}
|
行走方向和标识符在注释处;
挑一个函数来讲left((_DWORD *)&v9 + 1):参数意思就是修改高32位,left里面的内容是(*传进来的地址)--
就是把二维数组[][]看成 [低32位](行)[高32位](列)
应该还有很多表示这种意思的伪代码,这里只记录一下这一种思想
具体迷宫问题可以参考https://ctf-wiki.github.io/ctf-wiki/reverse/maze/maze/
Comments