方法一:手动去除
将所有E9修改为90即可
方法二:花指令去除脚本
start_addr = 0x0000000140001454
end_addr = 0x00000001400015C7
print(start_addr)
print(end_addr)
for i in range(start_addr,end_addr):if get_wide_byte(i) == 0xE9:patch_byte(i,0x90)print("{}处的花指令已去除".format(hex(i)))
int __fastcall main(int argc, const char **argv, const char **envp)
{const char *v3; // raxchar v5[96]; // [rsp-A0h] [rbp-B8h] BYREFchar v6[56]; // [rsp-40h] [rbp-58h] BYREFint i; // [rsp-8h] [rbp-20h]int v8; // [rsp-4h] [rbp-1Ch]_main();v8 = 1;strcpy(v6, "NRQ@PC}Vdn4tHV4Yi9cd#\\}jsXz3LMuaaY0}nj]`4a5&WoB4glB7~u");printf("Input your flag:\n");scanf("%100s", v5);for ( i = 0; i < strlen(v5); ++i ){if ( (v6[i] ^ (i % 9)) != v5[i] ){v8 = 0;break;}}if ( v8 == 1 )v3 = "Right! Congratulation!";elsev3 = "Wrong! Try agian!";printf("%s", v3);return 0;
}
exp
enc = r"NRQ@PC}Vdn4tHV4Yi9cd#\}jsXz3LMuaaY0}nj]`4a5&WoB4glB7~u"
enc = ''.join(chr(ord(x) ^ (j % 9)) for x, j in zip(enc, range(len(enc))))
print(enc)
)
