📄 chap6-1-41.htm.primary
字号:
:00401036 83C4F8
add esp, FFFFFFF8 <br>
:00401039 8B1584314000 mov
edx, dword ptr [00403184] <br>
:0040103F 8955FC
mov dword ptr [ebp-04], edx ;将offsetOfPrettyPicture值保存在局部变量[ebp-04]中
<br>
:00401042 0AC0
or al, al <br>
:00401044 7509
jne 0040104F
;AL=0? <br>
:00401046 832D8431400010 sub dword
ptr [00403184], 00000010 ;AL=0,offsetOfPrettyPicture减0x10(向上移)
<br>
:0040104D EB1F
jmp 0040106E
<br>
<br>
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
<br>
|:00401044(C) <br>
| <br>
:0040104F 3C01
cmp al, 01
;AL=1? <br>
:00401051 7508
jne 0040105B
<br>
:00401053 FF0584314000 inc
dword ptr [00403184] ;AL=1,offsetOfPrettyPicture加0x01(向右移)
<br>
:00401059 EB13
jmp 0040106E <br>
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
<br>
|:00401051(C) <br>
| <br>
:0040105B 3C02
cmp al, 02
;AL=2? <br>
:0040105D 7509
jne 00401068 <br>
:0040105F 83058431400010 add dword
ptr [00403184], 00000010 ;AL=2,offsetOfPrettyPicture加0x10(向下移)
<br>
:00401066 EB06
jmp 0040106E <br>
<br>
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
<br>
|:0040105D(C) <br>
| <br>
:00401068 FF0D84314000 dec
dword ptr [00403184] ;AL=3,offsetOfPrettyPicture减0x01(向左移)
<br>
<br>
* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
<br>
|:0040104D(U), :00401059(U), :00401066(U) <br>
| <br>
:0040106E 8B1584314000 mov
edx, dword ptr [00403184] <br>
:00401074 8A02
mov al, byte ptr [edx] ;看offsetOfPrettyPicture处的值
<br>
:00401076 3C2A
cmp al, 2A
;为0x2A?'*' <br>
:00401078 7506
jne 00401080 <br>
:0040107A 33C0
xor eax, eax
;'*',则返回0,上一级的函数退出,永远没有机会注册 <br>
:0040107C C9
leave <br>
:0040107D C3
ret <br>
<br>
<br>
:0040107E EB33
jmp 004010B3 <br>
<br>
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
<br>
|:00401078(C) <br>
| <br>
:00401080 3C58
cmp al, 58
;为0x58?'X' <br>
:00401082 752F
jne 004010B3 <br>
:00401084 6A00
push 00000000
;'X',注册成功。在上面的图案中只有一个值是X(Exit) <br>
:00401086 8D1559334000 lea
edx, dword ptr [00403359] ;"Sucess..."
<br>
:0040108C 52
push edx <br>
:0040108D 8D15EC324000 lea
edx, dword ptr [004032EC] ;"Congratulations"....
<br>
:00401093 52
push edx <br>
:00401094 6A00
push 00000000 <br>
:00401096 8D15AC174000 lea
edx, dword ptr [004017AC] ;[User32.MessageBoxA];在SoftIce中可以看到这个提示
<br>
:0040109C FFD2
call edx
;恭喜你,到这里就会显示成功信息! <br>
:0040109E 8D157B324000 lea
edx, dword ptr [0040327B] <br>
:004010A4 52
push edx <br>
:004010A5 FF3520344000 push
dword ptr [00403420] <br>
:004010AB 8D15DC174000 lea
edx, dword ptr [004017DC] ;[User32.SetWindowTextA];同上
<br>
:004010B1 FFD2
call edx <br>
<br>
* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
<br>
|:0040107E(U), :00401082(C) <br>
| <br>
:004010B3 8B1584314000 mov
edx, dword ptr [00403184] <br>
:004010B9 C60243
mov byte ptr [edx], 43 ;将offsetOfPrettyPicture处的值改为0x43,即'C'
;(Current),代表当前位置 <br>
:004010BC 8B55FC
mov edx, dword ptr [ebp-04] ;则将以前的offsetOfPrettyPicture值调出
<br>
:004010BF C60220
mov byte ptr [edx], 20 ;将上一个经历过的offsetOfPrettyPicture处值设为
<br>
;0x20,即空格,表示已经走过的路 <br>
:004010C2 B801000000
mov eax, 00000001 <br>
:004010C7 C9
leave <br>
:004010C8 C3
ret <br>
<br>
经过这一番分析之后,才发现作者原来是在教我们玩一个小游戏。大致思路是这样,一共走18次,每次可以走4步(18次大循环和4次小循环),碰到'*'就game
over,其他的就可以continue,直到遇见'X',游戏就算过关了。在图案(事先我只是感到这些数据有些古怪,到了分析清楚算法之后,才发现这实际上是一个迷宫,我们的任务就是正确的从迷宫中闯出来!)里面,有一个唯一的'X',我就想,必须得到达这里才行,但是又不能碰到'*',刚开始试了好久,没想到合适的方法,直到我将数据区全部显示出来(将data区弄大了些),才发现这是一幅多么美妙的图片,到这里我不得不佩服作者的艺术天分!!!我把图片dump了出来,如下:
<br>
<br>
**************** <br>
C*......*...**** <br>
.*.****...*....* <br>
.*..**********.* <br>
..*....*...*...* <br>
*.****.*.*...*** <br>
*.*....*.******* <br>
..*.***..*.....* <br>
.*..***.**.***.* <br>
...****....*X..* <br>
**************** <br>
</p>
<p>看到了吗?不就是一个标准的迷宫?从C开始,到达X结束!而且路线已经非常清楚了,顺着'.'走就行了,连岔道都没有,呵呵,从来没有见到如此容易的迷宫,大概是作者对我们劳动的一种慰问吧。下面的就容易了,想大家都很清楚,按照上面的程序分析,'0'代表↑,'1'代表→,'2'代表↓,'3'代表←,看着图片一步步向前进,就可以得到一系列数据:
<br>
<br>
↓↓↓→ ↓↓↓← ↓↓→→ ↑→↑↑ →→→↑ ↑←←←
↑←↑↑ →→→→ →↓→→
<br>
2 2 2 1 2 2 2 3 2 2 1 1
0 1 0 0 1 1 1 0 0 3 3 3
0 3 0 0 1 1 1 1 1 2 1 1 <br>
↑→→↓ →→→↓ ↓←←↓ ←←↑← ←↓↓↓ ←↓↓→
→→↑↑ →→→→ ↓↓←←
<br>
0 1 1 2 1 1 1 2 2 3 3 2 3 3
0 3 3 2 2 2 3 2 2 1 1 1 0 0
1 1 1 1 2 2 3 3 <br>
<br>
看看我走的对不对。上面是所谓的4进制数,转换成16进制为 <br>
<br>
A9 AB A5 10 54 3F 30 55 65 16 56 BE F3 EA E9 50 55 AF
;KWAZYWEB.BIT <br>
<br>
成功之后的图案变成了下面的样子: <br>
<br>
**************** <br>
* * **** <br>
* **** * * <br>
* ********** * <br>
* * * * <br>
* **** * * *** <br>
* * * ******* <br>
* *** * * <br>
* *** ** *** * <br>
**** *C * <br>
**************** <br>
走过的地方都一贫如洗,呵呵 <br>
<br>
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -