debug file: 链接: http://pan.baidu.com/s/1pJnwoob 密码: mfe6
请帮忙看下这个函数SNPSle_dcd7600bcfd6e0ca05f8cd0732bfb7ca是干什么的,是不是RSA算法?
根据调用“"rsa_eay.c"猜测可能是RSA算法,但始终不得要领,找不到public key(n和e)。
SNPSle_dcd7600bcfd6e0ca05f8cd0732bfb7ca => call SNPSle_f7c94ba85f016ab01b4ebe56a4a7d20652744f697ac58fac => call
rsa_eay.c*****************
IDA F5 => 伪代码
*****************
if (
SNPSle_dcd7600bcfd6e0ca05f8cd0732bfb7ca(v14, v17, v18, v13, 1) == -1 )
{
v15 = 0;
dword_282C990 = SNPSle_0b7605938c156c1e7171bec194fc1df0();
snpsFreeFunc(v18);
snpsFreeFunc(v17);
}
else
{
v15 = SNPSle_e70385d734271e1f();
SNPSle_a319640d45ef7860(v15, v18);
snpsFreeFunc(v18);
snpsFreeFunc(v17);
}
return v15;
********************************************
SNPSle_dcd7600bcfd6e0ca05f8cd0732bfb7ca函数
********************************************
.text:0129A65C mov edx, [esp+24h]
.text:0129A660 mov dword ptr [esp+10h], 1
.text:0129A668 mov [esp+0Ch], esi
.text:0129A66C mov [esp+8], edx
.text:0129A670 mov edx, [esp+20h]
.text:0129A674 mov [esp], eax
.text:0129A677 mov [esp+4], edx
.text:0129A67B call
SNPSle_dcd7600bcfd6e0ca05f8cd0732bfb7ca
.text:012FF9C0 SNPSle_dcd7600bcfd6e0ca05f8cd0732bfb7ca proc near
.text:012FF9C0 ; CODE XREF: SNPSle_8c043950c9569b2b28b737acdf3db27f+16Bp
.text:012FF9C0 ; SNPSle_5b20c9bca9f2e8472400b8222d99bf873af76a24be776844+6Fp ...
.text:012FF9C0
.text:012FF9C0 var_1C = dword ptr -1Ch
.text:012FF9C0 var_18 = dword ptr -18h
.text:012FF9C0 var_14 = dword ptr -14h
.text:012FF9C0 var_10 = dword ptr -10h
.text:012FF9C0 var_C = dword ptr -0Ch
.text:012FF9C0 arg_0 = dword ptr 4
.text:012FF9C0 arg_4 = dword ptr 8
.text:012FF9C0 arg_8 = dword ptr 0Ch
.text:012FF9C0 arg_C = dword ptr 10h
.text:012FF9C0 arg_10 = dword ptr 14h
.text:012FF9C0
.text:012FF9C0 sub esp, 1Ch
.text:012FF9C3 mov edx, [esp+1Ch+arg_C]
.text:012FF9C7 mov eax, [esp+1Ch+arg_10]
.text:012FF9CB mov ecx, [edx+8]
.text:012FF9CE mov [esp+1Ch+var_C], eax
.text:012FF9D2 mov eax, [esp+1Ch+arg_8]
.text:012FF9D6 mov [esp+1Ch+var_10], edx
.text:012FF9DA mov [esp+1Ch+var_14], eax
.text:012FF9DE mov eax, [esp+1Ch+arg_4]
.text:012FF9E2 mov [esp+1Ch+var_18], eax
.text:012FF9E6 mov eax, [esp+1Ch+arg_0]
.text:012FF9EA mov [esp+1Ch+var_1C], eax
.text:012FF9ED call dword ptr [ecx+8] => call 013BA9F0
SNPSle_f7c94ba85f016ab01b4ebe56a4a7d20652744f697ac58fac
.text:012FF9F0 add esp, 1Ch
.text:012FF9F3 retn
.text:012FF9F3 SNPSle_dcd7600bcfd6e0ca05f8cd0732bfb7ca endp
************************************************************
SNPSle_f7c94ba85f016ab01b4ebe56a4a7d20652744f697ac58fac函数
************************************************************
.text:013BA9F0
SNPSle_f7c94ba85f016ab01b4ebe56a4a7d20652744f697ac58fac proc near
.text:013BA9F0 ; DATA XREF: .data:02796748o
......
.text:013BAA9F lea eax, (aRsa_eay_c - 26FB44Ch)[ebx] ; "
rsa_eay.c"
......
.text:013BAE7D SNPSle_f7c94ba85f016ab01b4ebe56a4a7d20652744f697ac58fac endp
[招生]科锐逆向工程师培训(2024年11月15日实地,远程教学同时开班, 第51期)
