先来一篇IDApyhotn的指令教程https://www.cnblogs.com/zydt10/p/17676018.html*
自己编的这题对应的exp
a = [0x11,0x22,0x33,0x44]
for i in range(38):
result = a[i & 3]
ida_bytes.patch_byte(0x403040+i,get_wide_byte(0x403040+i) ^ result)
在IDA中运行完exp之后,重新按C分析0x403040地址的代码,然后P重新生成函数来分析
exp
a = [0x7C, 0x82, 0x75, 0x7B, 0x6F, 0x47, 0x61, 0x57, 0x53, 0x25, 0x47, 0x53, 0x25, 0x84, 0x6A, 0x27, 0x68, 0x27, 0x67, 0x6A, 0x7D, 0x84, 0x7B, 0x35, 0x35, 0x48, 0x25, 0x7B, 0x7E, 0x6A, 0x33, 0x71]
for i in range(len(a)):
print(chr((a[i] - 5) ^ 0x11),end="")
flag{SMC_1S_1nt3r3sting!!R1ght?}
标签:REVERSE,0x7B,0x25,0x403040,0x6A,exp,IDApython,SMC From: https://www.cnblogs.com/ch3n/p/18019646