题目中有多个线程，如图：



其中不必要的检测线程处理掉：



在退出进程处，将其停止。

在此线程的上方有一些函数表的初始化操作，以下摘自IDA：

  fun_arr_412250[0] = (int)call_dec_20_401150;
  fun_arr_412250[1] = (int)call_eq0_401180;
  fun_arr_412250[2] = (int)call_eq_b3_4011B0;
  fun_arr_412250[3] = (int)call_dec_2_401090;
  fun_arr_412250[4] = (int)Failed_4010C0;
  fun_arr_412250[5] = (int)call_dec_3_4010F0;
  fun_arr_412250[6] = (int)call_eq_b3_4011B0;
  fun_arr_412250[7] = (int)call_eq_b1_401120;
  fun_arr_412250[8] = (int)sub_4011E0;
  fun_arr_412250[9] = (int)check_401500;
  fun_arr_412250[10] = (int)sub_401820;
  fun_arr_412250[11] = (int)sub_401B40;

v0 = 0;
  v47 = 0;
  memset(arr_in, 1, 0x1E4u);
  do
  {
    v41 = 2 * v0 + 12;
    v1 = 2 * v0 + 3;
    v42 = 0;
    v38 = 2 * v0 + 3;
    v44 = dword_412158;
    v2 = &arr_in[11 * v0];
    do
    {
      *v2 = arr_4110E0[(11 * (v1 % 11) + v41 % 11 + 127) % 128];
      if ( v0 == v42 )
      {
[COLOR="Red"]        if ( v0 == 10 )
          *v44 = 1;
        else
          *v2 = arr_410EE0[sn[v0]];[/COLOR]
      }
      ++v42;
      --v41;
      v1 = v38 + 1;
      ++v2;
      ++v44;
      ++v38;
    }
    while ( (signed int)v44 < (signed int)&unk_412184 );
    ++v0;
  }
  while ( v0 < 11 );

0x00, 0x2D, 0x42, 0x4C, 0x56, 0x60, 0x6A, 0x74, 0x05, 0x0F, 0x19
0x3B, 0x00, 0x4F, 0x59, 0x6E, 0x78, 0x09, 0x13, 0x1D, 0x27, 0x31
0x53, 0x5D, 0x00, 0x71, 0x02, 0x0C, 0x21, 0x2B, 0x35, 0x3F, 0x49
0x6B, 0x75, 0x06, 0x00, 0x1A, 0x24, 0x2E, 0x38, 0x4D, 0x57, 0x61
0x0A, 0x14, 0x1E, 0x28, 0x00, 0x3C, 0x46, 0x50, 0x5A, 0x64, 0x79
0x17, 0x2C, 0x36, 0x40, 0x4A, 0x00, 0x5E, 0x68, 0x72, 0x03, 0x0D
0x2F, 0x39, 0x43, 0x58, 0x62, 0x6C, 0x00, 0x07, 0x11, 0x1B, 0x25
0x47, 0x51, 0x5B, 0x65, 0x6F, 0x0B, 0x15, 0x00, 0x29, 0x33, 0x3D
0x5F, 0x69, 0x73, 0x04, 0x0E, 0x18, 0x22, 0x37,	0x00, 0x4B, 0x55
0x77, 0x08, 0x12, 0x1C, 0x26, 0x30, 0x3A, 0x44, 0x4E, 0x00, 0x6D
0x16, 0x20, 0x2A, 0x34, 0x3E, 0x48, 0x52, 0x5C, 0x66, 0x70, 0x01

[注意]传递专业知识、拓宽行业人脉——看雪讲师团队等你加入！