结合题目,知道是一道迷宫题型
那么我们要做的就是
1.找到迷宫
2.确定方向(一般为wasd,但是可能会改)
3.确定起点
4.确定终点
// TAGS: dict_keys(['spawn'])
int __cdecl main(int argc, const char **argv, const char **envp)
{__int64 v3; // raxint v5[49]; // [rsp+0h] [rbp-270h] BYREFint v6[104]; // [rsp+D0h] [rbp-1A0h] BYREFv6[52] = 1;v6[53] = 1;v6[54] = -1;v6[55] = 1;v6[56] = -1;v6[57] = 1;v6[58] = -1;v6[59] = 0;v6[60] = 0;v6[61] = 0;v6[62] = 0;v6[63] = 1;v6[64] = -1;v6[65] = 0;v6[66] = 0;v6[67] = 1;v6[68] = 0;v6[69] = 0;v6[70] = 1;v6[71] = 0;v6[72] = -1;v6[73] = -1;v6[74] = 0;v6[75] = 1;v6[76] = 0;v6[77] = 1;v6[78] = -1;v6[79] = 0;v6[80] = -1;memset(&v6[81], 0, 20);v6[86] = 1;v6[87] = -1;v6[88] = -1;v6[89] = 1;v6[90] = -1;v6[91] = 0;v6[92] = -1;v6[93] = 2;v6[94] = 1;v6[95] = -1;v6[96] = 0;v6[97] = 0;v6[98] = -1;v6[99] = 1;v6[100] = 0;memset(v6, 0, 196);memset(v5, 0, sizeof(v5));Step_0(&v6[52], 7, v6);Step_1(v6, 7, v5);v3 = std::operator<<<std::char_traits<char>>(&_bss_start, "Please help me out!");std::ostream::operator<<(v3, &std::endl<char,std::char_traits<char>>);Step_2(v5, 7);system("pause");return 0;
}逻辑清晰明了
看见下面的step0,1,2三个函数
挨个跟进
显而易见
这是在初始化地图,而且我们可以知道 7应该就是我们的列数了(step0里面)
__int64 __fastcall Step_2(int (*a1)[7])
{int v1; // eax__int64 v2; // rax__int64 v3; // rax__int64 v5; // raxchar v6[35]; // [rsp+10h] [rbp-30h] BYREFchar v7; // [rsp+33h] [rbp-Dh] BYREFint v8; // [rsp+34h] [rbp-Ch]int v9; // [rsp+38h] [rbp-8h]int v10; // [rsp+3Ch] [rbp-4h]v10 = 0;v9 = 0;v8 = 0;while ( v8 <= 29 && (*a1)[7 * v10 + v9] == 1 ){std::operator>><char,std::char_traits<char>>(&std::cin, &v7);v1 = v8++;v6[v1] = v7;if ( v7 == 'd' ){++v9;}else if ( v7 > 'd' ){if ( v7 == 's' ){++v10;}else{if ( v7 != 'w' )goto LABEL_14;--v10;}}else if ( v7 == 'a' ){--v9;}else{
LABEL_14:v2 = std::operator<<<std::char_traits<char>>(&_bss_start, "include illegal words.");std::ostream::operator<<(v2, &MEMORY[0x7FA6E4F38680]);}}if ( v10 == 6 && v9 == 6 ){v3 = std::operator<<<std::char_traits<char>>(&_bss_start, "Congratulations!");std::ostream::operator<<(v3, &MEMORY[0x7FA6E4F38680]);output(v6, v8);return 1LL;}else{v5 = std::operator<<<std::char_traits<char>>(&_bss_start, "Oh no!,Please try again~~");std::ostream::operator<<(v5, &MEMORY[0x7FA6E4F38680]);return 0LL;}
}step2里面就是主要逻辑
可以看见,出发点是00
终点是6,6
方向操作为 wasd
动调获取数据
如果大家按byte来提取
地图是这样
1 0 0 0 0 0 0
0 0 0 0 0 1 0
0 0 1 0 0 0 1
0 0 0 1 0 0 0
1 0 0 0 0 0 0
0 1 0 0 0 1 0
0 0 0 0 0 0 0
0 0 0 1 0 0 0
1 0 0 0 1 0 0
0 1 0 0 0 0 0
0 0 1 0 0 0 1
0 0 0 1 0 0 0
0 0 0 0 0 0 0
0 0 0 0 0 1 0
0 0 1 0 0 0 0
0 0 0 0 0 0 0
1 0 0 0 1 0 0
0 1 0 0 0 1 0
0 0 0 0 0 0 0
0 0 0 0 0 0 0
1 0 0 0 0 0 0
0 0 0 0 0 0 0
0 0 1 0 0 0 1
0 0 0 1 0 0 0
1 0 0 0 1 0 0
0 1 0 0 0 1 0
0 0 1 0 0 0 0
0 0 0 1 0 0 0
????
你可能会很蒙蔽
这一看就不是迷宫啊!
我最开始也卡着
但是我们回去看一下
传入参数为V5
int类型
4字节!
所以我们提取要用dword
正确地图!
ssddwdwdddssaasasaaassddddwdds
UNCTF{ssddwdwdddssaasasaaassddddwdds}
这个头是我看的人家的
![P3501 [POI2010] ANT-Antisymmetry 反对称 题解(字符串哈希+二分)](https://i-blog.csdnimg.cn/direct/55f47c2e68814f238a01a0d318e86a8b.png)
