感谢奈沙夜影大佬的去花脚本
最后加法memcpy溢出一字节,导致只要比较一个字节。
int __cdecl main(int argc, const char **argv, const char **envp)
{
char *v3; // edx
int v4; // ecx
unsigned int v5; // eax
char *v6; // edx
int v7; // ecx
unsigned int v8; // eax
char *v9; // kr04_4
int v10; // esi
int v11; // edi
int v12; // ebx
int v14; // edx
int v15; // eax
int v16; // edx
int v17; // eax
int v18; // edx
int v19; // eax
int v20; // eax
int v21; // [esp+1Ch] [ebp-A0h]
int v22; // [esp+20h] [ebp-9Ch]
int v23; // [esp+24h] [ebp-98h]
int v24; // [esp+28h] [ebp-94h]
char v25; // [esp+2Ch] [ebp-90h]
int *v26; // [esp+3Ch] [ebp-80h]
int *v27; // [esp+40h] [ebp-7Ch]
int *v28; // [esp+44h] [ebp-78h]
int *v29; // [esp+48h] [ebp-74h]
int *v30; // [esp+4Ch] [ebp-70h]
int *v31; // [esp+50h] [ebp-6Ch]
int *v32; // [esp+54h] [ebp-68h]
int *v33; // [esp+58h] [ebp-64h]
void *v34; // [esp+5Ch] [ebp-60h]
int (*v35)(void); // [esp+60h] [ebp-5Ch]
int (*v36)(void); // [esp+64h] [ebp-58h]
int *v37; // [esp+68h] [ebp-54h]
char v38[76]; // [esp+70h] [ebp-4Ch]
sub_40CA20();
v26 = dword_401700;
v27 = dword_401740;
v28 = dword_4017B0;
v29 = dword_401890;
v30 = dword_4018F0;
v31 = dword_401570;
dword_4C5028 = 0;
v32 = dword_401820;
v33 = dword_401950;
v34 = &loc_401AB0;
v35 = (int (*)(void))dword_402F20;
v36 = sub_402F90;
dword_4C5024 = 0;
v37 = dword_401620;
v3 = a104010010e4b4c;
do
{
v4 = *(_DWORD *)v3;
v3 += 4;
v5 = ~v4 & (v4 - 16843009) & 0x80808080;
}
while ( !v5 );
if ( !(~v4 & (v4 - 16843009) & 0x8080) )
v5 >>= 16;
if ( !(~v4 & (v4 - 16843009) & 0x8080) )
v3 += 2;
sub_401B90(&F, a104010010e4b4c, (int)&v3[-__CFADD__((_BYTE)v5, (_BYTE)v5) - 4952195]);
v6 = a1e9705f8d92146;
do
{
v7 = *(_DWORD *)v6;
v6 += 4;
v8 = ~v7 & (v7 - 16843009) & 0x80808080;
}
while ( !v8 );
if ( !(~v7 & (v7 - 16843009) & 0x8080) )
v8 >>= 16;
if ( !(~v7 & (v7 - 16843009) & 0x8080) )
v6 += 2;
sub_401B90(&G, a1e9705f8d92146, (int)&v6[-__CFADD__((_BYTE)v8, (_BYTE)v8) - 4952147]);
v21 = dword_4C511C;
v22 = dword_4C5118;
((void (__cdecl *)(int))loc_403020)(dword_4C5120);
memset(v38, 0, 0x40u);
sub_4B2760((int)&dword_4BA660, v38);
v9 = &v38[strlen(v38)];
if ( (unsigned int)(v9 - v38 - 13) > 50 )
goto LABEL_22;
v10 = ((int (__cdecl *)(char *, int))loc_4030E0)(v38, 7);
v11 = ((int (__cdecl *)(char *, int))loc_4030E0)((char *)&v37 + v9 - v38 + 1, 7);
v12 = 0;
v24 = 0;
v23 = 0;
do
{
v25 = 15 - v12;
if ( (v12 & 1) == ((int (*)(void))(&v26)[v12])() )
{
++v23;
v10 = v35() ^ __ROR4__(v10, v12);
v11 = v36() ^ __ROR4__(v11, v25);
}
else
{
++v24;
v10 = v36() ^ __ROR4__(v10, v25);
v11 = v35() ^ __ROR4__(v11, v12);
}
++v12;
}
while ( v12 != 9 );
if ( !v23 || !v24 || v21 != 0x1B6BA97 || v22 != 0x44C4B4E0 || sub_401B90(&A, v38, strlen(v38)) < 0 )
goto LABEL_22;
LOBYTE(B.d[1]) = 0;
B.d[0] = F.d[0];
v14 = 4;
while ( 1 )
{
v15 = v14 - 1;
if ( *((_BYTE *)B.d + v14 - 1) )
break;
--v14;
if ( !v15 )
goto LABEL_29;
}
v15 = v14;
LABEL_29:
B.len = v15;
multi(&C, &A, &B);
LOBYTE(A.d[1]) = 0;
A.d[0] = 0xE053D0F;
v16 = 4;
while ( 1 )
{
v17 = v16 - 1;
if ( *((_BYTE *)A.d + v16 - 1) )
break;
--v16;
if ( !v17 )
goto LABEL_32;
}
v17 = v16;
A.len = v17;
divid(&C, &C, &A);
add(&C, &C, &F);
add(&C, &C, &G);
multi(&D, &F, &G);
sub(&B, &C, &D);
if ( B.len > 16 )
goto LABEL_22;
LABEL_32:
multi(&C, &C, &A);
LOBYTE(A.d[1]) = 0;
A.d[0] = 0x25;
v18 = 4;
while ( 1 )
{
v19 = v18 - 1;
if ( *((_BYTE *)A.d + v18 - 1) )
break;
--v18;
if ( !v19 )
goto LABEL_36;
}
v19 = v18;
LABEL_36:
A.len = v19;
multi(&D, &C, &A);
add(&D, &D, &D);
v20 = B.len;
if ( B.len == F.len )
{
while ( --v20 >= 0 )
{
if ( *((_BYTE *)B.d + v20) != *((_BYTE *)F.d + v20) )
goto LABEL_22;
}
((void (__cdecl *)(int))loc_403020)(0x1B6BA97);
}
else
{
LABEL_22:
((void (__cdecl *)(int))loc_403020)(v22);
}
return 0;
}
int __cdecl main(int argc, const char **argv, const char **envp)
{
char *v3; // edx
int v4; // ecx
unsigned int v5; // eax
char *v6; // edx
int v7; // ecx
unsigned int v8; // eax
char *v9; // kr04_4
int v10; // esi
int v11; // edi
int v12; // ebx
int v14; // edx
int v15; // eax
int v16; // edx
int v17; // eax
int v18; // edx
int v19; // eax
int v20; // eax
int v21; // [esp+1Ch] [ebp-A0h]
int v22; // [esp+20h] [ebp-9Ch]
int v23; // [esp+24h] [ebp-98h]
int v24; // [esp+28h] [ebp-94h]
char v25; // [esp+2Ch] [ebp-90h]
int *v26; // [esp+3Ch] [ebp-80h]
int *v27; // [esp+40h] [ebp-7Ch]
int *v28; // [esp+44h] [ebp-78h]
int *v29; // [esp+48h] [ebp-74h]
int *v30; // [esp+4Ch] [ebp-70h]
int *v31; // [esp+50h] [ebp-6Ch]
int *v32; // [esp+54h] [ebp-68h]
int *v33; // [esp+58h] [ebp-64h]
void *v34; // [esp+5Ch] [ebp-60h]
int (*v35)(void); // [esp+60h] [ebp-5Ch]
int (*v36)(void); // [esp+64h] [ebp-58h]
int *v37; // [esp+68h] [ebp-54h]
char v38[76]; // [esp+70h] [ebp-4Ch]
sub_40CA20();
v26 = dword_401700;
v27 = dword_401740;
v28 = dword_4017B0;
v29 = dword_401890;
v30 = dword_4018F0;
v31 = dword_401570;
dword_4C5028 = 0;
v32 = dword_401820;
v33 = dword_401950;
v34 = &loc_401AB0;
v35 = (int (*)(void))dword_402F20;
v36 = sub_402F90;
dword_4C5024 = 0;
v37 = dword_401620;
v3 = a104010010e4b4c;
do
{
v4 = *(_DWORD *)v3;
v3 += 4;
v5 = ~v4 & (v4 - 16843009) & 0x80808080;
}
while ( !v5 );
if ( !(~v4 & (v4 - 16843009) & 0x8080) )
v5 >>= 16;
if ( !(~v4 & (v4 - 16843009) & 0x8080) )
v3 += 2;
sub_401B90(&F, a104010010e4b4c, (int)&v3[-__CFADD__((_BYTE)v5, (_BYTE)v5) - 4952195]);
v6 = a1e9705f8d92146;
do
{
v7 = *(_DWORD *)v6;
v6 += 4;
v8 = ~v7 & (v7 - 16843009) & 0x80808080;
}
while ( !v8 );
if ( !(~v7 & (v7 - 16843009) & 0x8080) )
v8 >>= 16;
if ( !(~v7 & (v7 - 16843009) & 0x8080) )
v6 += 2;
sub_401B90(&G, a1e9705f8d92146, (int)&v6[-__CFADD__((_BYTE)v8, (_BYTE)v8) - 4952147]);
v21 = dword_4C511C;
v22 = dword_4C5118;
((void (__cdecl *)(int))loc_403020)(dword_4C5120);
memset(v38, 0, 0x40u);
sub_4B2760((int)&dword_4BA660, v38);
v9 = &v38[strlen(v38)];
if ( (unsigned int)(v9 - v38 - 13) > 50 )
goto LABEL_22;
v10 = ((int (__cdecl *)(char *, int))loc_4030E0)(v38, 7);
v11 = ((int (__cdecl *)(char *, int))loc_4030E0)((char *)&v37 + v9 - v38 + 1, 7);
v12 = 0;
v24 = 0;
v23 = 0;
[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课
最后于 2020-12-3 11:56
被kanxue编辑
,原因:
