-
-
[原创]某游戏的lua解密部分
-
2015-4-8 19:07
13942
-
http://bbs.pediy.com/showthread.php?p=1292078
这个游戏的,lua解密部分,,
本来某面试公司出的面试题,没想到有人做了出来,
原来我做了一些重复劳动,,
不过上面的帖子并没有把“用特殊的luac特殊处理过的脚本”还原回来的部分,,
我在这里补上
http://yunpan.cn/cVdPh9rT9Fpv8 (提取码:490a)
http://yunpan.cn/cVdSX5ULtxJPZ (提取码:f446)
下面的函数是symbexec函数,可以比对着lua的源码看。。。
觉得没什么营养,,不分析了
int __fastcall sub_50FCC4A0(int a1, int a2, int a3)
{
int v3; // r3@1
int v4; // r4@1
int result; // r0@1
int v6; // r3@5
int v7; // r5@9
unsigned int v8; // r7@10
unsigned int v9; // r2@10
unsigned int v10; // r3@12
int v11; // r3@12
signed int v12; // r6@16
int v13; // r7@17
int v14; // r12@23
int v15; // r2@26
int v16; // r3@26
int v17; // r0@27
int v18; // r0@44
int v19; // r3@63
bool v20; // cf@69
int v21; // r7@69
int v22; // r6@76
signed int v23; // r0@84
signed int v24; // r3@85
int v25; // [sp+4h] [bp-54h]@11
int v26; // [sp+8h] [bp-50h]@1
int v27; // [sp+Ch] [bp-4Ch]@1
int v28; // [sp+10h] [bp-48h]@8
int v29; // [sp+14h] [bp-44h]@1
unsigned int v30; // [sp+18h] [bp-40h]@12
int v31; // [sp+1Ch] [bp-3Ch]@9
unsigned int v32; // [sp+20h] [bp-38h]@10
char v33; // [sp+24h] [bp-34h]@2
int v34; // [sp+2Ch] [bp-2Ch]@10
int v35; // [sp+30h] [bp-28h]@4
int v36; // [sp+34h] [bp-24h]@1
int v37; // [sp+3Ch] [bp-1Ch]@9
v36 = a2;
v27 = a3;
v29 = *(_DWORD *)(a1 + 44);
v3 = *(_BYTE *)(a1 + 75);
v4 = a1;
result = 0;
v26 = v3;
if ( (unsigned int)v3 > 0xFA )
return result;
v33 = *(_BYTE *)(v4 + 74);
if ( *(_BYTE *)(v4 + 73) + (v33 & 1) > v3 )
return result;
if ( (v33 & 5) == 4 )
return result;
v35 = *(_BYTE *)(v4 + 72);
if ( *(_DWORD *)(v4 + 36) > v35 )
return result;
v6 = *(_DWORD *)(v4 + 48);
if ( v6 != v29 )
{
if ( v6 )
return result;
}
result = 0;
if ( v29 <= 0 )
return result;
v28 = *(_DWORD *)(v4 + 12);
if ( byte_512DE058[*(_DWORD *)(4 * (v29 - 1) + *(_DWORD *)(v4 + 12)) & 0x3F] != 30 )
return result;
v31 = v29 - 1;
v7 = 0;
v37 = a3 - 255 - (((unsigned int)(a3 - 255) < 1) + a3 - 256);
while ( 1 )
{
if ( v7 >= v36 )
return *(_DWORD *)(4 * v31 + v28);
v8 = *(_DWORD *)(v28 + 4 * v7);
v34 = v28 + 4 * v7;
v9 = byte_512DE058[v8 & 0x3F];
v32 = v9;
if ( v9 > 0x25 )
return 0;
v25 = (v8 >> 6) & 0xFF;
if ( v25 >= v26 )
return 0;
v10 = off_512DE0E4[v9];
v30 = v10;
v11 = v10 & 3;
if ( v11 == 1 )
{
v12 = v8 >> 14;
v13 = 0;
if ( ((v30 >> 4) & 3) == 3 && v12 >= *(_DWORD *)(v4 + 40) )
return v13;
}
else if ( v11 )
{
if ( v11 == 2 )
{
v12 = (v8 >> 14) - 0x1FFFF;
v13 = 0;
if ( ((v30 >> 4) & 3) == 2 )
{
v14 = v7 + 1 + v12;
if ( v14 < 0 || v14 >= v29 )
return v13;
if ( v14 )
{
v15 = 0;
v16 = 0;
do
{
v17 = *(_DWORD *)(v28 + 4 * v14 + v15 - 4);
if ( byte_512DE058[v17 & 0x3F] != 34 )
break;
if ( (unsigned int)(v17 << 9) >> 23 )
break;
++v16;
v15 -= 4;
}
while ( v16 < v14 );
v13 = v16 & 1;
if ( v16 & 1 )
return 0;
}
else
{
v13 = 0;
}
}
}
else
{
v13 = 0;
v12 = 0;
}
}
else
{
v12 = v8 >> 23;
result = sub_50FCC2E8(v4, v8 >> 23, (v30 >> 4) & 3);
if ( !result )
return result;
v13 = v8 << 9 >> 23;
result = sub_50FCC2E8(v4, v13, (v30 >> 2) & 3);
if ( !result )
return result;
}
if ( v30 & 0x40 && v25 == v27 )
v31 = v7;
if ( v30 & 0x80 && (v7 + 2 >= v29 || byte_512DE058[*(_DWORD *)(4 * (v7 + 1) + v28) & 0x3F] != 22) )
return 0;
if ( v32 - 2 <= 0x23 )
break;
def_17367E:
++v7;
}
switch ( v32 )
{
case 2u:
if ( v13 != 1 )
goto def_17367E;
if ( v7 + 2 >= v29 )
return 0;
v18 = *(_DWORD *)(4 * (v7 + 1) + v28);
if ( byte_512DE058[v18 & 0x3F] != 34 )
goto def_17367E;
result = (unsigned int)(v18 << 9) >> 23;
if ( result )
goto def_17367E;
return result;
case 3u:
if ( !((((unsigned int)v27 >> 31) + (v12 >= (unsigned int)v27) + (v12 >> 31)) & 0xFF)
|| !((((unsigned int)v25 >> 31) + (v27 >= (unsigned int)v25) + (v27 >> 31)) & 0xFF) )
goto def_17367E;
goto LABEL_97;
case 4u:
case 8u:
v13 = v35;
goto LABEL_56;
case 5u:
case 7u:
if ( *(_DWORD *)(*(_DWORD *)(v4 + 8) + 16 * v12 + 8) != 4 )
return 0;
goto def_17367E;
case 0xBu:
if ( v25 + 1 >= v26 )
return 0;
if ( v27 == v25 + 1 )
goto LABEL_97;
goto def_17367E;
case 0x15u:
LABEL_56:
if ( v12 >= v13 )
return 0;
goto def_17367E;
case 0x21u:
if ( !v13 )
return v13;
if ( v25 + 2 + v13 >= v26 )
return 0;
if ( v25 + 1 >= v27 )
goto def_17367E;
goto LABEL_97;
case 0x1Fu:
case 0x20u:
if ( v25 + 3 < v26 )
goto LABEL_63;
return 0;
case 0x16u:
LABEL_63:
v19 = v7 + 1 + v12;
if ( v7 < v19 && v37 && v19 <= v36 )
v7 += v12;
goto def_17367E;
case 0x1Cu:
case 0x1Du:
if ( v12 && v25 + v12 > v26 )
return 0;
v20 = (unsigned int)v13 >= 1;
v21 = v13 - 1;
if ( v20 )
{
if ( v21 && v25 + v21 > v26 )
return 0;
}
else
{
result = sub_50FCC46C(*(_DWORD *)(4 * (v7 + 1) + v28));
if ( !result )
return result;
}
if ( v27 >= v25 )
LABEL_97:
v31 = v7;
goto def_17367E;
case 0x1Eu:
v22 = v12 - 1;
if ( v22 <= 0 )
goto def_17367E;
goto LABEL_95;
case 0x22u:
if ( v12 > 0 && v25 + v12 >= v26 )
return 0;
if ( !v13 )
{
++v7;
if ( v7 >= v29 - 1 )
return v13;
}
goto def_17367E;
case 0x24u:
if ( v12 >= *(_DWORD *)(v4 + 52) )
return 0;
v23 = *(_BYTE *)(*(_DWORD *)(4 * v12 + *(_DWORD *)(v4 + 16)) + 72);
if ( v7 + v23 >= v29 )
return 0;
v24 = 1;
while ( 2 )
{
if ( v24 > v23 )
{
if ( v27 != 255 )
v7 += v23;
goto def_17367E;
}
if ( !byte_512DE058[*(_DWORD *)(v34 + 4 * v24) & 0x3F] || byte_512DE058[*(_DWORD *)(v34 + 4 * v24) & 0x3F] == 4 )
{
++v24;
continue;
}
return 0;
}
case 0x25u:
if ( (v33 & 6) != 2 )
return 0;
v20 = (unsigned int)v12 >= 1;
v22 = v12 - 1;
if ( !v20 )
{
result = sub_50FCC46C(*(_DWORD *)(4 * (v7 + 1) + v28));
if ( !result )
return result;
}
LABEL_95:
if ( v25 + v22 > v26 )
return 0;
goto def_17367E;
default:
goto def_17367E;
}
}
ps:重点在这一句
if ( byte_512DE058[*(_DWORD *)(4 * (v29 - 1) + *(_DWORD *)(v4 + 12)) & 0x3F]
对应着的源码是GET_OPCODE
[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课