BUUCTF Reverse reverse3 WriteUp

reverse3-WP

首先扔到IDA里面，解析出主函数如下

int __cdecl main_0(int argc, const char **argv, const char **envp)
{
   
  int v3; // ebx
  int v4; // edi
  int v5; // esi
  int v6; // eax
  const char *v7; // eax
  size_t v8; // eax
  char v10; // [esp+0h] [ebp-188h]
  char v11; // [esp+0h] [ebp-188h]
  signed int j; // [esp+DCh] [ebp-ACh]
  int i; // [esp+E8h] [ebp-A0h]
  signed int v14; // [esp+E8h] [ebp-A0h]
  char Destination[108]; // [esp+F4h] [ebp-94h] BYREF
  char Str[28]; // [esp+160h] [ebp-28h] BYREF
  char v17[8]; // [esp+17Ch] [ebp-Ch] BYREF

//初始化为0
  for ( i = 0; i < 100; ++i )
  {
   
    if ( (unsigned int)i >= 0x64 )
      j____report_rangecheckfailure(v3, v4, v5);
    Destination[i] = 0;
  }

  sub_41132F("please enter the flag:", v10);
  sub_411375("%20s", (char)Str);
  v6 = j_strlen(Str);
  v7 = (const char *)sub_4110BE((int)Str, v6, (int)v17);//关键点

  strncpy(Destination, v7, 0x28u