方法一:手动去除
将所有E9修改为90即可
方法二:花指令去除脚本
start_addr = 0x0000000140001454
end_addr = 0x00000001400015C7
print(start_addr)
print(end_addr)
for i in range(start_addr,end_addr):
if get_wide_byte(i) == 0xE9:
patch_byte(i,0x90)
print("{}处的花指令已去除".format(hex(i)))
int __fastcall main(int argc, const char **argv, const char **envp)
{
const char *v3; // rax
char v5[96]; // [rsp-A0h] [rbp-B8h] BYREF
char v6[56]; // [rsp-40h] [rbp-58h] BYREF
int i; // [rsp-8h] [rbp-20h]
int v8; // [rsp-4h] [rbp-1Ch]
_main();
v8 = 1;
strcpy(v6, "NRQ@PC}Vdn4tHV4Yi9cd#\\}jsXz3LMuaaY0}nj]`4a5&WoB4glB7~u");
printf("Input your flag:\n");
scanf("%100s", v5);
for ( i = 0; i < strlen(v5); ++i )
{
if ( (v6[i] ^ (i % 9)) != v5[i] )
{
v8 = 0;
break;
}
}
if ( v8 == 1 )
v3 = "Right! Congratulation!";
else
v3 = "Wrong! Try agian!";
printf("%s", v3);
return 0;
}
exp
enc = r"NRQ@PC}Vdn4tHV4Yi9cd#\}jsXz3LMuaaY0}nj]`4a5&WoB4glB7~u"
enc = ''.join(chr(ord(x) ^ (j % 9)) for x, j in zip(enc, range(len(enc))))
print(enc)
