链接:
提取码:23gt
IDA64打开seven.sys,查看伪代码,先查看字符串
可以看到sub_1400012F0为关键函数
点击a0可以看到
又看到下面v5-=16,v5+=16,很容易想到是走迷宫,且每一行有16列
分析如下
也就是要从o通过.走到7
也就是要输入对应字符,但32之类无对应字符,所以不可能是直接输入。
在sub_140001000函数中可以发现
调用了驱动kbdclass.sys,经查阅知道了是根据键盘扫描码来进行输入读取的,上左下右分别对应16进制0x11,0x1e,0x1f,0x20,也就是wasd
所以从o到7就是:ddddddddddddddssaasasasasasasasasa
flag:hctf{ddddddddddddddssaasasasasasasasasa}
键盘扫描码:
Name Value Comment
VK_LBUTTON 01h Left mouse button.
VK_RBUTTON 02h Right mouse button.
VK_CANCEL 03h Used for control-break processing.
VK_MBUTTON 04h Middle mouse button (3-button mouse).
05h through 07h undefined.
VK_BACK 08h
VK_TAB 09h
0Ah and 0Bh undefined.
VK_CLEAR 0Ch
VK_RETURN 0Dh
0Eh and 0Fh undefined.
VK_SHIFT 10h
VK_CONTROL 11h
VK_MENU 12h
VK_PAUSE 13h
VK_CAPITAL 14h
15h through 1Ah undefined.
VK_ESCAPE 1Bh
1Ch through 1Fh undefined.
VK_SPACE 20h
VK_PRIOR 21h Page up.
VK_NEXT 22h Page down.
VK_END 23h
VK_HOME 24h
VK_LEFT 25h
VK_UP 26h
VK_RIGHT 27h
VK_DOWN 28h
VK_SELECT 29h
VK_PRINT 2Ah Only used by Nokia.
VK_EXECUTE 2Bh Never used.
VK_SNAPSHOT 2Ch SYSREQ key starting with Windows 3.0.
VK_INSERT 2Dh
VK_DELETE 2Eh
VK_HELP 2Fh
VK_0 30h
VK_1 31h
VK_2 32h
VK_3 33h
VK_4 34h
VK_5 35h
VK_6 36h
VK_7 37h
VK_8 38h
VK_9 39h
3Ah though 40h undefined.
VK_A 41h
VK_B 42h
VK_C 43h
VK_D 44h
VK_E 45h
VK_F 46h
VK_G 47h
VK_H 48h
VK_I 49h
VK_J 4Ah
VK_K 4Bh
VK_L 4Ch
VK_M 4Dh
VK_N 4Eh
VK_O 4Fh
VK_P 50h
VK_Q 51h
VK_R 52h
VK_S 53h
VK_T 54h
VK_U 55h
VK_V 56h
VK_W 57h
VK_X 58h
VK_Y 59h
VK_Z 5Ah
5Bh through 5Fh undefined.
VK_NUMPAD0 60h
VK_NUMPAD1 61h
VK_NUMPAD2 62h
VK_NUMPAD3 63h
VK_NUMPAD4 64h
VK_NUMPAD5 65h
VK_NUMPAD6 66h
VK_NUMPAD7 67h
VK_NUMPAD8 68h
VK_NUMPAD9 69h
VK_MULTIPLY 6Ah
VK_ADD 6Bh
VK_SEPARATER 6Ch Never generated by keyboard driver.
VK_SUBTRACT 6Dh
VK_DECIMAL 6Eh
VK_DIVIDE 6Fh
VK_F1 70h
VK_F2 71h
VK_F3 72h
VK_F4 73h
VK_F5 74h
VK_F6 75h
VK_F7 76h
VK_F8 77h
VK_F9 78h
VK_F10 79h
VK_F11 7Ah
VK_F12 7Bh
VK_F13 7Ch
VK_F14 7Dh
VK_F15 7Eh
VK_F16 7Fh
VK_F17 80h
VK_F18 81h
VK_F19 82h
VK_F20 83h
VK_F21 84h
VK_F22 85h
VK_F23 86h
VK_F24 87h
88h through 8Fh unassigned.
VK_NUMLOCK 090h NUMLOCK on all keyboards.
VK_OEM_SCROLL 091h SCROLL LOCK on all keyboards.
92h through B9h unassigned.
VK_OEM_1 0BAh Punctuation.
VK_OEM_PLUS 0BBh Punctuation.
VK_OEM_COMMA 0BCh Punctuation.
VK_OEM_MINUS 0BDh Punctuation.
VK_OEM_PERIOD 0BEh Punctuation.
VK_OEM_2 0BFh Punctuation.
VK_OEM_3 0C0h Punctuation.
C1h through DAh unassigned.
VK_OEM_4 0DBh Punctuation.
VK_OEM_5 0DCh Punctuation.
VK_OEM_6 0DDh Punctuation.
VK_OEM_7 0DEh Punctuation.
VK_OEM_8 0DFh Punctuation.
VK_F17 0E0h F17 key on Olivetti extended keyboard (internal use only).
VK_F18 0E1h F18 key on Olivetti extended keyboard (internal use only).
VK_OEM_102 0E2h < or | on IBM-compatible 102 enhanced keyboard (non-U.S.).
VK_ICO_HELP 0E3h Help key on Olivetti extended keyboard (internal use only).
VK_ICO_00 0E4h 00 key on Olivetti extended keyboard (internal use only).
E5h unassigned.
VK_ICO_CLEAR 0E6h Olivetti extended keyboard (internal use only).
E7h and E8h unassigned.
VK_OEM_RESET 0E9H Only used by Nokia.
VK_OEM_JUMP 0EAH Only used by Nokia.
VK_OEM_PA1 0EBH Only used by Nokia.
VK_OEM_PA2 0ECH Only used by Nokia.
VK_OEM_PA3 0EDH Only used by Nokia.
VK_OEM_WSCTRL 0EEH Only used by Nokia.
VK_OEM_CUSEL 0EFH Only used by Nokia.
VK_OEM_ATTN 0F0H Only used by Nokia.
VK_OEM_FINNISH 0F1H Only used by Nokia.
VK_OEM_COPY 0F2H Only used by Nokia.
VK_OEM_AUTO 0F3H Only used by Nokia.
VK_OEM_ENLW 0F4h Only used by Nokia.
VK_OEM_BACKTAB 0F5h Only used by Nokia.
VK_ATTN 0F6H
VK_CRSEL 0F7H
VK_EXSEL 0F8H
VK_EREOF 0F9H
VK_PLAY 0FAH
VK_ZOOM 0FBH
VK_NONAME 0FCH
VK_PA1 0FDH
VK_OEM_CLEAR 0FEH
本文发布于:2024-02-04 06:23:56,感谢您对本站的认可!
本文链接:https://www.4u4v.net/it/170700972153074.html
版权声明:本站内容均来自互联网,仅供演示用,请勿用于商业和其他非法用途。如果侵犯了您的权益请与我们联系,我们将在24小时内删除。
| 留言与评论(共有 0 条评论) |
