分析MBR。用VMware將硬盤掛載,而後建立虛擬機,修改啓動參數ide
debugStub.listen.guest32 = "TRUE"debug
debugStub.hideBreakpoints = "TRUE"調試
monitor.debugOnStartGuest32 = "TRUE"server
使其等待調試器附加,而後用ida鏈接remote gdb server,在入口處下斷點,F8觀察,到檢測輸入的部分直接改掉寄存器,讓程序運行到解密flag處,而後F9就得到flagblog