首页
论坛
课程
招聘
[原创]有点小紧张
2010-10-20 11:59 3596

[原创]有点小紧张

2010-10-20 11:59
3596
收藏
点赞0
打赏
分享
最新回复 (1)
雪    币: 80
活跃值: 活跃值 (10)
能力值: ( LV3,RANK:30 )
在线值:
发帖
回帖
粉丝
finn 活跃值 2010-10-20 12:22
2
0
signed int __cdecl checkFun_401000()
{
  HANDLE v0; // eax@1
  void *pszFileContent; // ebp@1
  void *v2; // edi@1
  void *hFile; // esi@1
  HANDLE v4; // eax@1
  unsigned int dwFileLen; // ebx@2
  HMODULE hUser32Dll; // esi@3
  signed int iRetn; // [sp+10h] [bp-318h]@1
  void *v9; // [sp+14h] [bp-314h]@1
  HANDLE v10; // [sp+18h] [bp-310h]@1
  DWORD NumberOfBytesRead; // [sp+1Ch] [bp-30Ch]@1
  int (**v12)(); // [sp+20h] [bp-308h]@1
  char v13; // [sp+24h] [bp-304h]@4
  int v14; // [sp+A4h] [bp-284h]@1
  char v15; // [sp+A8h] [bp-280h]@6
  char Buffer; // [sp+128h] [bp-200h]@3

  iRetn = 0;
  v12 = &off_4050B4;
  v14 = (int)off_4050B0;
  NumberOfBytesRead = 0;
  v4 = HeapCreate(0, 0x1000u, 0x10000u);
  v2 = v4;
  v9 = v4;
  pszFileContent = HeapAlloc(v4, 0, 0x200u);
  v0 = CreateFileA("exploit.dat", 0x80000000u, 1u, 0, 4u, 0x80u, 0);
  hFile = v0;
  v10 = v0;
  if ( v0 != (HANDLE)-1 )
  {
    dwFileLen = GetFileSize(v0, 0);
    if ( dwFileLen <= 0x200 )
    {
      ReadFile(hFile, &Buffer, dwFileLen, &NumberOfBytesRead, 0);
      memcpy(pszFileContent, &Buffer, dwFileLen);
      memset(&Buffer, 0, 0x200u);
      hUser32Dll = LoadLibraryA("user32.dll");
      pfunMsgW = (int)GetProcAddress(hUser32Dll, "MessageBoxW");
      pfunMsgA = (int)GetProcAddress(hUser32Dll, "MessageBoxA");
      if ( dwFileLen <= 0x84 )
        memcpy(&v13, pszFileContent, dwFileLen);
      HeapFree(v9, 1u, pszFileContent);
      memset(pszFileContent, 0, 0x80u);
      if ( dwFileLen <= 0x84 )
        memcpy(&v15, pszFileContent, dwFileLen);     //  在此处溢出
      ((void (__thiscall *)(int (***)()))*v12)(&v12);    // Sleep (1000)
      (*(void (__thiscall **)(int *))v14)(&v14);           // MessageBox(Fail)
      v2 = v9;
      hFile = v10;
      iRetn = 1;
    }
  }
  if ( hFile )
    CloseHandle(hFile);
  if ( pszFileContent )
    HeapFree(v2, 1u, pszFileContent);
  if ( v2 )
    HeapDestroy(v2);
  return iRetn;
}
游客
登录 | 注册 方可回帖
返回