首页
社区
课程
招聘
问答 CTF 排行榜 知识库 工具下载 峰会 看雪商城 证书查询
  1. 社区
  2. 软件逆向
    3. 发新帖
[求助]在看别人的一个CR,我对此段用IDA反汇编,伪代码如下,谁能给解释下?谢谢
发表于: 2017-6-19 13:58 3458

[求助]在看别人的一个CR,我对此段用IDA反汇编,伪代码如下,谁能给解释下?谢谢

雪中夕阳 活跃值
2017-6-19 13:58
3458

__int64 v21; // [sp+118h] [bp-20h]@1

  unsigned int v22; // [sp+120h] [bp-18h]@12

  __int64 v23; // [sp+140h] [bp+8h]@1

  __int64 v24; // [sp+148h] [bp+10h]@1

 

  v24 = a2;

  v23 = a1;

  v21 = -2i64;

  sub_18005B0E0(&v12);

  if ( sub_18005B230(&v12, v24, 64i64) )

  {

    v6 = v14;

    v9 = v13;

    v11 = 0;

    if ( sub_18005B530(v23, v13, &v11) )

    {

      if ( sub_18005B580(v23, v9) )

      {

        Dst = 0;

        memcpy(&Dst, (const void *)(v9 + 122), 4ui64);

        if ( Dst == *(_DWORD *)(v23 + 28) )

        {

          LODWORD(Size) = 0;

          memset(*(void **)(v23 + 16), 0, *(_DWORD *)(v23 + 24));

          memcpy(&Size, (const void *)(v9 + 126), 2ui64);

          if ( (_WORD)Size )

          {

            memcpy(*(void **)(v23 + 16), (const void *)(v9 + 128), (unsigned int)Size);

            sub_1800D8980(&v7);

            sub_1800D86B0(&v7, v11 + v9, v6 - v11);

            sub_1800D87E0(&v5, &v7);

            v3 = *(_QWORD *)(v23 + 8);

            v4 = *(_QWORD *)(v23 + 16);

            HIDWORD(Size) = sub_1800D8600(0, (unsigned __int64)&v5, 20i64);

            if ( HIDWORD(Size) == 1 )

              v22 = 0;

            else

              v22 = 39;

            v20 = v22;

            std::locale::_Locimp::~_Locimp((std::locale::_Locimp *)&v12);

            result = v20;

          }

          else

          {

            v19 = 39;

            std::locale::_Locimp::~_Locimp((std::locale::_Locimp *)&v12);

            result = v19;

          }

        }

        else

        {

          v18 = 39;

          std::locale::_Locimp::~_Locimp((std::locale::_Locimp *)&v12);

          result = v18;

        }

      }

      else

      {

        v17 = 31;

        std::locale::_Locimp::~_Locimp((std::locale::_Locimp *)&v12);

        result = v17;

      }

    }

    else

    {

      v16 = 29;

      std::locale::_Locimp::~_Locimp((std::locale::_Locimp *)&v12);

      result = v16;

    }

  }

  else

  {

    v15 = 21;

    std::locale::_Locimp::~_Locimp((std::locale::_Locimp *)&v12);

    result = v15;

  }

  return result;

}



[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课

收藏
免费 0
支持
分享
最新回复 (2)
雪中夕阳
雪    币: 144
活跃值: (33)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
私信
2

原汇编

.text:0000000180058FA0                 call    sub_1800D87E0

.text:0000000180058FA5                 mov     rax, [rsp+138h+arg_0]

.text:0000000180058FAD                 mov     rax, [rax+8]

.text:0000000180058FB1                 mov     [rsp+138h+var_110], rax

.text:0000000180058FB6                 mov     eax, dword ptr [rsp+138h+Size]

.text:0000000180058FBD                 mov     [rsp+138h+var_118], eax

.text:0000000180058FC1                 mov     r9, [rsp+138h+arg_0]

.text:0000000180058FC9                 mov     r9, [r9+10h]

.text:0000000180058FCD                 mov     r8d, 14h

.text:0000000180058FD3                 lea     rdx, [rsp+138h+var_F8]

.text:0000000180058FD8                 xor     ecx, ecx

.text:0000000180058FDA                 call    sub_1800D8600

.text:0000000180058FDF                 mov     dword ptr [rsp+138h+Size+4], eax

.text:0000000180058FE6                 cmp     dword ptr [rsp+138h+Size+4], 1

.text:0000000180058FEE                 jnz     short loc_180058FFD

.text:0000000180058FF0                 mov     [rsp+138h+var_18], 0

.text:0000000180058FFB                 jmp     short loc_180059008

.text:0000000180058FFD ; ---------------------------------------------------------------------------

.text:0000000180058FFD

.text:0000000180058FFD loc_180058FFD:                          ; CODE XREF: sub_180058D30+2BEj

.text:0000000180058FFD                 mov     [rsp+138h+var_18], 27h

.text:0000000180059008

.text:0000000180059008 loc_180059008:                          ; CODE XREF: sub_180058D30+2CBj

.text:0000000180059008                 mov     eax, [rsp+138h+var_18]

.text:000000018005900F                 mov     [rsp+138h+var_24], eax

.text:0000000180059016

.text:0000000180059016 loc_180059016:                          ; DATA XREF: .rdata:stru_18019DFD8o

.text:0000000180059016                 lea     rcx, [rsp+138h+var_60] ; this

.text:000000018005901E                 call    ??1_Locimp@locale@std@@MEAA@XZ ; std::locale::_Locimp::~_Locimp(void)

.text:0000000180059023                 mov     eax, [rsp+138h+var_24]

.text:000000018005902A

.text:000000018005902A loc_18005902A:                          ; CODE XREF: sub_180058D30+7Bj

.text:000000018005902A                                         ; sub_180058D30+E6j ...

.text:000000018005902A                 mov     rcx, [rsp+138h+var_10]

.text:0000000180059032                 xor     rcx, rsp        ; StackCookie

.text:0000000180059035                 call    __security_check_cookie

.text:000000018005903A                 add     rsp, 138h

.text:0000000180059041                 retn

.text:0000000180059041 sub_180058D30   endp



CR是对058FEE                 jnz     short loc_180058FFD进行了nop。请问哪个是关键call?

2017-6-19 14:00
0
雪中夕阳
雪    币: 144
活跃值: (33)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
私信
3
已经解决,结贴吧
2017-6-29 09:26
0
游客
登录 | 注册 方可回帖
回帖 表情 雪币赚取及消费
高级回复
返回
//