-
-
[原创]处理VM的一种特殊方法和思路
-
发表于: 2021-6-24 02:04
-
备注:下面是一种处理VM的方法,其实还不够完善,栈用数组来模拟的话反编译出来还是不太好看(虽然比直接撕汇编好),如果有什么思路大家可以提出建议。
整体概述:①先拖入IDA分析,得到"指令"和opcode;②通过python得到它的汇编;③将opcode_key重编为C语法(数组模拟栈,变量模拟寄存器);④重新将exe拖入IDA进行分析或调试
下面给两个例子:一个是基于栈的(类似python那种),一个是用函数模拟普通指令的(有寄存器也有栈)
这道题之前讲VM的时候讲过,比较经典的一道VM
直接给一个之前的我分析这个VM的链接
https://bbs.pediy.com/thread-267670.htm
准备好"栈",push,pop等,寄存器变量等
(根据之前得到的汇编信息来写前缀)
opcode_key变为:
脚本:
最后运行之后得到:
手动处理一些细节的地方,粘贴到前缀的后面
注:,只要编译不报错能得到exe就行,有些恢复的不是很完全,就不能完全正确运行,不过这个还勉强
分析逻辑后写出解题脚本即可:
这个是一个基于栈的虚拟机,比较繁杂的一道题目
main函数中先从我们输入的参数所对应的文件中读取opcode,然后做一些虚拟机的准备,之后调用一个函数VM,里面用while循环来是实现dispatch,传入了一个地址(经过后面分析,这个地址是结构体的首地址)
在结合了VM函数内那些分析之后重命名如下
结构体如下:
这里补充一句,IDA是严格按照指针的性质来反编译的,指针加减偏移的字节,根据它反编译前面的有个()里面的来具体而定
在VM函数中一些具体的取结构体中的值
主要就是用while循环来实现dispatcher,然后下方就是逐个进行分析了
仔细看注释:
可以整理得到初步的opcode_key(这个vm的指令集):
一点也没简化过的,用来对照IDA进行理解
理解指令并简化:
运行之后得到它的汇编
如下:
手动处理一些细节的地方,粘贴到前缀的后面:
然后可得到exe
分析技巧,观察一下会发现都是push push,然后pop pop之后进行运算这种,大脑里面想像一个栈,跟着看就行
最后写出解题脚本
#include <stdio.h>#include <stdlib.h>#include <string.h>void push(int stack[], int* rsp, int data)
{ *rsp = *rsp + 1;
stack[*rsp] = data;
}int pop(int stack[], int* rsp)
{ int ret = stack[*rsp];
stack[*rsp] = 0;
*rsp = *rsp-1;
return ret;
}int main()
{ int rsp = -1;
int stack[10] = {0};
int e_flag;
int i=0;
int reg0, reg1, reg2, reg3;
char* string[5] = {"right", "wrong", "puts", "plz input:", "hacker"};
char input[0x30];
return 0;
}#include <stdio.h>#include <stdlib.h>#include <string.h>void push(int stack[], int* rsp, int data)
{ *rsp = *rsp + 1;
stack[*rsp] = data;
}int pop(int stack[], int* rsp)
{ int ret = stack[*rsp];
stack[*rsp] = 0;
*rsp = *rsp-1;
return ret;
}int main()
{ int rsp = -1;
int stack[10] = {0};
int e_flag;
int i=0;
int reg0, reg1, reg2, reg3;
char* string[5] = {"right", "wrong", "puts", "plz input:", "hacker"};
char input[0x30];
return 0;
}opcode_key = {
0: 'nop',
1: 'reg{}={};',
2: 'push(stack, &rsp, {});',
3: 'push(stack, &rsp, reg{});',
4: 'reg{}=pop(stack, &rsp);',
5: 'printf("%s",string[reg3]);',
6: 'reg{}+=reg{};',
7: 'reg{}-=reg{};',
8: 'reg{}*=reg{};',
9: 'reg{}%=reg{};',
10: 'reg{}^=reg{};',
11: 'goto _(3*{}-3);', # 3*{}-3
12: 'e_flag = reg{} - reg{};',
13: 'if(e_flag) goto _rip+3; else goto _(3*{}-3);',
14: 'if(e_flag) goto _(3*{}-3); else goto _rip+3;',
15: 'if(e_flag <= 0) goto _rip+3; else goto _(3*{}-3);',
16: 'if(e_flag >= 0) goto _rip+3; else goto _(3*{}-3);',
17: 'scanf("%s",input);',
18: 'mem_init {} {}',
19: 'reg{}=pop(stack, &rsp);',
20: 'reg{}=input[{}];',
0xff: 'exit(0);'}
opcode_key = {
0: 'nop',
1: 'reg{}={};',
2: 'push(stack, &rsp, {});',
3: 'push(stack, &rsp, reg{});',
4: 'reg{}=pop(stack, &rsp);',
5: 'printf("%s",string[reg3]);',
6: 'reg{}+=reg{};',
7: 'reg{}-=reg{};',
8: 'reg{}*=reg{};',
9: 'reg{}%=reg{};',
10: 'reg{}^=reg{};',
11: 'goto _(3*{}-3);', # 3*{}-3
12: 'e_flag = reg{} - reg{};',
13: 'if(e_flag) goto _rip+3; else goto _(3*{}-3);',
14: 'if(e_flag) goto _(3*{}-3); else goto _rip+3;',
15: 'if(e_flag <= 0) goto _rip+3; else goto _(3*{}-3);',
16: 'if(e_flag >= 0) goto _rip+3; else goto _(3*{}-3);',
17: 'scanf("%s",input);',
18: 'mem_init {} {}',
19: 'reg{}=pop(stack, &rsp);',
20: 'reg{}=input[{}];',
0xff: 'exit(0);'}
# _*_ coding: utf-8 _*_# editor: SYJ# function: Reversed By SYJ# describe:opcode_team = [0x01, 0x03, 0x03, 0x05, 0x00, 0x00, 0x11, 0x00, 0x00, 0x01, 0x01, 0x11, 0x0C, 0x00, 0x01, 0x0D, 0x0A, 0x00, 0x01, 0x03, 0x01, 0x05, 0x00, 0x00, 0xFF, 0x00, 0x00, 0x01, 0x02, 0x00, 0x01, 0x00, 0x11, 0x0C, 0x00, 0x02, 0x0D, 0x2B, 0x00, 0x14, 0x00, 0x02, 0x01, 0x01, 0x61, 0x0C, 0x00, 0x01, 0x10, 0x1A, 0x00, 0x01, 0x01, 0x7A, 0x0C, 0x00, 0x01, 0x0F, 0x1A, 0x00, 0x01, 0x01, 0x47, 0x0A, 0x00, 0x01, 0x01, 0x01, 0x01, 0x06, 0x00, 0x01, 0x0B, 0x24, 0x00, 0x01, 0x01, 0x41, 0x0C, 0x00, 0x01, 0x10, 0x24, 0x00, 0x01, 0x01, 0x5A, 0x0C, 0x00, 0x01, 0x0F, 0x24, 0x00, 0x01, 0x01, 0x4B, 0x0A, 0x00, 0x01, 0x01, 0x01, 0x01, 0x07, 0x00, 0x01, 0x01, 0x01, 0x10, 0x09, 0x00, 0x01, 0x03, 0x01, 0x00, 0x03, 0x00, 0x00, 0x01, 0x01, 0x01, 0x06, 0x02, 0x01, 0x0B, 0x0B, 0x00, 0x02, 0x07, 0x00, 0x02, 0x0D, 0x00, 0x02, 0x00, 0x00, 0x02, 0x05, 0x00, 0x02, 0x01, 0x00, 0x02, 0x0C, 0x00, 0x02, 0x01, 0x00, 0x02, 0x00, 0x00, 0x02, 0x00, 0x00, 0x02, 0x0D, 0x00, 0x02, 0x05, 0x00, 0x02, 0x0F, 0x00, 0x02, 0x00, 0x00, 0x02, 0x09, 0x00, 0x02, 0x05, 0x00, 0x02, 0x0F, 0x00, 0x02, 0x03, 0x00, 0x02, 0x00, 0x00, 0x02, 0x02, 0x00, 0x02, 0x05, 0x00, 0x02, 0x03, 0x00, 0x02, 0x03, 0x00, 0x02, 0x01, 0x00, 0x02, 0x07, 0x00, 0x02, 0x07, 0x00, 0x02, 0x0B, 0x00, 0x02, 0x02, 0x00, 0x02, 0x01, 0x00, 0x02, 0x02, 0x00, 0x02, 0x07, 0x00, 0x02, 0x02, 0x00, 0x02, 0x0C, 0x00, 0x02, 0x02, 0x00, 0x02, 0x02, 0x00, 0x01, 0x02, 0x01, 0x13, 0x01, 0x02, 0x04, 0x00, 0x00, 0x0C, 0x00, 0x01, 0x0E, 0x5B, 0x00, 0x01, 0x01, 0x22, 0x0C, 0x02, 0x01, 0x0D, 0x59, 0x00, 0x01, 0x01, 0x01, 0x06, 0x02, 0x01, 0x0B, 0x4E, 0x00, 0x01, 0x03, 0x00, 0x05, 0x00, 0x00, 0xFF, 0x00, 0x00, 0x01, 0x03, 0x01, 0x05, 0x00, 0x00, 0xFF, 0x00, 0x00, 0x00]
opcode_key = {
0: 'nop',
1: 'reg{}={};',
2: 'push(stack, &rsp, {});',
3: 'push(stack, &rsp, reg{});',
4: 'reg{}=pop(stack, &rsp);',
5: 'printf("%s",string[reg3]);',
6: 'reg{}+=reg{};',
7: 'reg{}-=reg{};',
8: 'reg{}*=reg{};',
9: 'reg{}%=reg{};',
10: 'reg{}^=reg{};',
11: 'goto _(3*{}-3);', # 3*{}-3
12: 'e_flag = reg{} - reg{};',
13: 'if(e_flag) goto _rip+3; else goto _(3*{}-3);',
14: 'if(e_flag) goto _(3*{}-3); else goto _rip+3;',
15: 'if(e_flag <= 0) goto _rip+3; else goto _(3*{}-3);',
16: 'if(e_flag >= 0) goto _rip+3; else goto _(3*{}-3);',
17: 'scanf("%s",input);',
18: 'mem_init {} {}',
19: 'reg{}=pop(stack, &rsp);',
20: 'reg{}=input[{}];',
0xff: 'exit(0);'}
rip = 0
all = len(opcode_team)
while rip < all:
x = opcode_team[rip]
if x != 0:
print("_" + str(hex(rip)) + ": " + opcode_key[x].format(opcode_team[rip+1], (opcode_team[rip+2])))
rip += 3
else:
print("_" + str(hex(rip)) + ": " + opcode_key[x].format(hex(rip+1)))
rip += 1
# _*_ coding: utf-8 _*_# editor: SYJ# function: Reversed By SYJ# describe:opcode_team = [0x01, 0x03, 0x03, 0x05, 0x00, 0x00, 0x11, 0x00, 0x00, 0x01, 0x01, 0x11, 0x0C, 0x00, 0x01, 0x0D, 0x0A, 0x00, 0x01, 0x03, 0x01, 0x05, 0x00, 0x00, 0xFF, 0x00, 0x00, 0x01, 0x02, 0x00, 0x01, 0x00, 0x11, 0x0C, 0x00, 0x02, 0x0D, 0x2B, 0x00, 0x14, 0x00, 0x02, 0x01, 0x01, 0x61, 0x0C, 0x00, 0x01, 0x10, 0x1A, 0x00, 0x01, 0x01, 0x7A, 0x0C, 0x00, 0x01, 0x0F, 0x1A, 0x00, 0x01, 0x01, 0x47, 0x0A, 0x00, 0x01, 0x01, 0x01, 0x01, 0x06, 0x00, 0x01, 0x0B, 0x24, 0x00, 0x01, 0x01, 0x41, 0x0C, 0x00, 0x01, 0x10, 0x24, 0x00, 0x01, 0x01, 0x5A, 0x0C, 0x00, 0x01, 0x0F, 0x24, 0x00, 0x01, 0x01, 0x4B, 0x0A, 0x00, 0x01, 0x01, 0x01, 0x01, 0x07, 0x00, 0x01, 0x01, 0x01, 0x10, 0x09, 0x00, 0x01, 0x03, 0x01, 0x00, 0x03, 0x00, 0x00, 0x01, 0x01, 0x01, 0x06, 0x02, 0x01, 0x0B, 0x0B, 0x00, 0x02, 0x07, 0x00, 0x02, 0x0D, 0x00, 0x02, 0x00, 0x00, 0x02, 0x05, 0x00, 0x02, 0x01, 0x00, 0x02, 0x0C, 0x00, 0x02, 0x01, 0x00, 0x02, 0x00, 0x00, 0x02, 0x00, 0x00, 0x02, 0x0D, 0x00, 0x02, 0x05, 0x00, 0x02, 0x0F, 0x00, 0x02, 0x00, 0x00, 0x02, 0x09, 0x00, 0x02, 0x05, 0x00, 0x02, 0x0F, 0x00, 0x02, 0x03, 0x00, 0x02, 0x00, 0x00, 0x02, 0x02, 0x00, 0x02, 0x05, 0x00, 0x02, 0x03, 0x00, 0x02, 0x03, 0x00, 0x02, 0x01, 0x00, 0x02, 0x07, 0x00, 0x02, 0x07, 0x00, 0x02, 0x0B, 0x00, 0x02, 0x02, 0x00, 0x02, 0x01, 0x00, 0x02, 0x02, 0x00, 0x02, 0x07, 0x00, 0x02, 0x02, 0x00, 0x02, 0x0C, 0x00, 0x02, 0x02, 0x00, 0x02, 0x02, 0x00, 0x01, 0x02, 0x01, 0x13, 0x01, 0x02, 0x04, 0x00, 0x00, 0x0C, 0x00, 0x01, 0x0E, 0x5B, 0x00, 0x01, 0x01, 0x22, 0x0C, 0x02, 0x01, 0x0D, 0x59, 0x00, 0x01, 0x01, 0x01, 0x06, 0x02, 0x01, 0x0B, 0x4E, 0x00, 0x01, 0x03, 0x00, 0x05, 0x00, 0x00, 0xFF, 0x00, 0x00, 0x01, 0x03, 0x01, 0x05, 0x00, 0x00, 0xFF, 0x00, 0x00, 0x00]
opcode_key = {
0: 'nop',
1: 'reg{}={};',
2: 'push(stack, &rsp, {});',
3: 'push(stack, &rsp, reg{});',
4: 'reg{}=pop(stack, &rsp);',
5: 'printf("%s",string[reg3]);',
6: 'reg{}+=reg{};',
7: 'reg{}-=reg{};',
8: 'reg{}*=reg{};',
9: 'reg{}%=reg{};',
10: 'reg{}^=reg{};',
11: 'goto _(3*{}-3);', # 3*{}-3
12: 'e_flag = reg{} - reg{};',
13: 'if(e_flag) goto _rip+3; else goto _(3*{}-3);',
14: 'if(e_flag) goto _(3*{}-3); else goto _rip+3;',
15: 'if(e_flag <= 0) goto _rip+3; else goto _(3*{}-3);',
16: 'if(e_flag >= 0) goto _rip+3; else goto _(3*{}-3);',
17: 'scanf("%s",input);',
18: 'mem_init {} {}',
19: 'reg{}=pop(stack, &rsp);',
20: 'reg{}=input[{}];',
0xff: 'exit(0);'}
rip = 0
all = len(opcode_team)
while rip < all:
x = opcode_team[rip]
if x != 0:
print("_" + str(hex(rip)) + ": " + opcode_key[x].format(opcode_team[rip+1], (opcode_team[rip+2])))
rip += 3
else:
print("_" + str(hex(rip)) + ": " + opcode_key[x].format(hex(rip+1)))
rip += 1
_0x0: reg3=3;
_0x3: printf("%s",string[reg3]);
_0x6: scanf("%s",input);
_0x9: reg1=17;
_0xc: e_flag = reg0 - reg1;
_0xf: if(e_flag) goto _rip+3; else goto _(3*10-3);
_0x12: reg3=1;
_0x15: printf("%s",string[reg3]);
_0x18: exit(0);
_0x1b: reg2=0;
_0x1e: reg0=17;
_0x21: e_flag = reg0 - reg2;
_0x24: if(e_flag) goto _rip+3; else goto _(3*43-3);
_0x27: reg0=input[2];
_0x2a: reg1=97;
_0x2d: e_flag = reg0 - reg1;
_0x30: if(e_flag >= 0) goto _rip+3; else goto _(3*26-3);
_0x33: reg1=122;
_0x36: e_flag = reg0 - reg1;
_0x39: if(e_flag <= 0) goto _rip+3; else goto _(3*26-3);
_0x3c: reg1=71;
_0x3f: reg0^=reg1;
_0x42: reg1=1;
_0x45: reg0+=reg1;
_0x48: goto _(3*36-3);
_0x4b: reg1=65;
_0x4e: e_flag = reg0 - reg1;
_0x51: if(e_flag >= 0) goto _rip+3; else goto _(3*36-3);
_0x54: reg1=90;
_0x57: e_flag = reg0 - reg1;
_0x5a: if(e_flag <= 0) goto _rip+3; else goto _(3*36-3);
_0x5d: reg1=75;
_0x60: reg0^=reg1;
_0x63: reg1=1;
_0x66: reg0-=reg1;
_0x69: reg1=16;
_0x6c: reg0%=reg1;
_0x6f: push(stack, &rsp, reg1);_0x72: push(stack, &rsp, reg0);_0x75: reg1=1;
_0x78: reg2+=reg1;
_0x7b: goto _(3*11-3);
_0x7e: push(stack, &rsp, 7);
_0x81: push(stack, &rsp, 13);
_0x84: push(stack, &rsp, 0);
_0x87: push(stack, &rsp, 5);
_0x8a: push(stack, &rsp, 1);
_0x8d: push(stack, &rsp, 12);
_0x90: push(stack, &rsp, 1);
_0x93: push(stack, &rsp, 0);
_0x96: push(stack, &rsp, 0);
_0x99: push(stack, &rsp, 13);
_0x9c: push(stack, &rsp, 5);
_0x9f: push(stack, &rsp, 15);
_0xa2: push(stack, &rsp, 0);
_0xa5: push(stack, &rsp, 9);
_0xa8: push(stack, &rsp, 5);
_0xab: push(stack, &rsp, 15);
_0xae: push(stack, &rsp, 3);
_0xb1: push(stack, &rsp, 0);
_0xb4: push(stack, &rsp, 2);
_0xb7: push(stack, &rsp, 5);
_0xba: push(stack, &rsp, 3);
_0xbd: push(stack, &rsp, 3);
_0xc0: push(stack, &rsp, 1);
_0xc3: push(stack, &rsp, 7);
_0xc6: push(stack, &rsp, 7);
_0xc9: push(stack, &rsp, 11);
_0xcc: push(stack, &rsp, 2);
_0xcf: push(stack, &rsp, 1);
_0xd2: push(stack, &rsp, 2);
_0xd5: push(stack, &rsp, 7);
_0xd8: push(stack, &rsp, 2);
_0xdb: push(stack, &rsp, 12);
_0xde: push(stack, &rsp, 2);
_0xe1: push(stack, &rsp, 2);
_0xe4: reg2=1;
_0xe7: reg1=pop(stack, &rsp);
_0xea: reg0=pop(stack, &rsp);
_0xed: e_flag = reg0 - reg1;
_0xf0: if(e_flag) goto _(3*91-3); else goto _rip+3;
_0xf3: reg1=34;
_0xf6: e_flag = reg2 - reg1;
_0xf9: if(e_flag) goto _rip+3; else goto _(3*89-3);
_0xfc: reg1=1;
_0xff: reg2+=reg1;
_0x102: goto _(3*78-3);
_0x105: reg3=0;
_0x108: printf("%s",string[reg3]);
_0x10b: exit(0);
_0x10e: reg3=1;
_0x111: printf("%s",string[reg3]);
_0x114: exit(0);
_0x117: nop_0x0: reg3=3;
_0x3: printf("%s",string[reg3]);
_0x6: scanf("%s",input);
_0x9: reg1=17;
_0xc: e_flag = reg0 - reg1;
_0xf: if(e_flag) goto _rip+3; else goto _(3*10-3);
_0x12: reg3=1;
_0x15: printf("%s",string[reg3]);
_0x18: exit(0);
_0x1b: reg2=0;
_0x1e: reg0=17;
_0x21: e_flag = reg0 - reg2;
_0x24: if(e_flag) goto _rip+3; else goto _(3*43-3);
_0x27: reg0=input[2];
_0x2a: reg1=97;
_0x2d: e_flag = reg0 - reg1;
_0x30: if(e_flag >= 0) goto _rip+3; else goto _(3*26-3);
_0x33: reg1=122;
_0x36: e_flag = reg0 - reg1;
_0x39: if(e_flag <= 0) goto _rip+3; else goto _(3*26-3);
_0x3c: reg1=71;
_0x3f: reg0^=reg1;
_0x42: reg1=1;
_0x45: reg0+=reg1;
_0x48: goto _(3*36-3);
_0x4b: reg1=65;
_0x4e: e_flag = reg0 - reg1;
_0x51: if(e_flag >= 0) goto _rip+3; else goto _(3*36-3);
_0x54: reg1=90;
_0x57: e_flag = reg0 - reg1;
_0x5a: if(e_flag <= 0) goto _rip+3; else goto _(3*36-3);
_0x5d: reg1=75;
_0x60: reg0^=reg1;
_0x63: reg1=1;
_0x66: reg0-=reg1;
_0x69: reg1=16;
_0x6c: reg0%=reg1;
_0x6f: push(stack, &rsp, reg1);_0x72: push(stack, &rsp, reg0);_0x75: reg1=1;
_0x78: reg2+=reg1;
_0x7b: goto _(3*11-3);
_0x7e: push(stack, &rsp, 7);
_0x81: push(stack, &rsp, 13);
_0x84: push(stack, &rsp, 0);
_0x87: push(stack, &rsp, 5);
_0x8a: push(stack, &rsp, 1);
_0x8d: push(stack, &rsp, 12);
_0x90: push(stack, &rsp, 1);
_0x93: push(stack, &rsp, 0);
_0x96: push(stack, &rsp, 0);
_0x99: push(stack, &rsp, 13);
_0x9c: push(stack, &rsp, 5);
_0x9f: push(stack, &rsp, 15);
_0xa2: push(stack, &rsp, 0);
_0xa5: push(stack, &rsp, 9);
_0xa8: push(stack, &rsp, 5);
_0xab: push(stack, &rsp, 15);
_0xae: push(stack, &rsp, 3);
_0xb1: push(stack, &rsp, 0);
_0xb4: push(stack, &rsp, 2);
_0xb7: push(stack, &rsp, 5);
_0xba: push(stack, &rsp, 3);
_0xbd: push(stack, &rsp, 3);
_0xc0: push(stack, &rsp, 1);
_0xc3: push(stack, &rsp, 7);
_0xc6: push(stack, &rsp, 7);
_0xc9: push(stack, &rsp, 11);
_0xcc: push(stack, &rsp, 2);
_0xcf: push(stack, &rsp, 1);
_0xd2: push(stack, &rsp, 2);
_0xd5: push(stack, &rsp, 7);
_0xd8: push(stack, &rsp, 2);
_0xdb: push(stack, &rsp, 12);
_0xde: push(stack, &rsp, 2);
_0xe1: push(stack, &rsp, 2);
_0xe4: reg2=1;
_0xe7: reg1=pop(stack, &rsp);
_0xea: reg0=pop(stack, &rsp);
_0xed: e_flag = reg0 - reg1;
_0xf0: if(e_flag) goto _(3*91-3); else goto _rip+3;
_0xf3: reg1=34;
_0xf6: e_flag = reg2 - reg1;
_0xf9: if(e_flag) goto _rip+3; else goto _(3*89-3);
_0xfc: reg1=1;
_0xff: reg2+=reg1;
_0x102: goto _(3*78-3);
_0x105: reg3=0;
_0x108: printf("%s",string[reg3]);
_0x10b: exit(0);
_0x10e: reg3=1;
_0x111: printf("%s",string[reg3]);
_0x114: exit(0);
_0x117: nop#include <stdio.h>#include <stdlib.h>#include <string.h>void push(int stack[], int* rsp, int data)
{ *rsp = *rsp + 1;
stack[*rsp] = data;
}int pop(int stack[], int* rsp)
{ int ret = stack[*rsp];
stack[*rsp] = 0;
*rsp = *rsp-1;
return ret;
}int main()
{ int rsp = -1;
int stack[10] = {0};
int e_flag;
int i=0;
int reg0, reg1, reg2, reg3;
char* string[5] = {"right", "wrong", "puts", "plz input:", "hacker"};
char input[0x30];
_0x0: reg3=3;
_0x3: printf("%s",string[reg3]);
_0x6: scanf("%s",input);reg0=strlen(input);
_0x9: reg1=17;
_0xc: e_flag = reg0 - reg1;
_0xf: if(e_flag) {goto _0x12;} else {goto _0x1b;}
_0x12: reg3=1;
_0x15: printf("%s",string[reg3]);
_0x18: exit(0);
_0x1b: reg2=0;
_0x1e: reg0=17;
_0x21: e_flag = reg0 - reg2;
_0x24: if(e_flag) {goto _0x27;} else {goto _0x7e;}
_0x27: reg0=input[2];
_0x2a: reg1=97;
_0x2d: e_flag = reg0 - reg1;
_0x30: if(e_flag >= 0) {goto _0x33;} else {goto _0x4b;}
_0x33: reg1=122;
_0x36: e_flag = reg0 - reg1;
_0x39: if(e_flag <= 0) {goto _0x3c;} else {goto _0x4b;}
_0x3c: reg1=71;
_0x3f: reg0^=reg1;
_0x42: reg1=1;
_0x45: reg0+=reg1;
_0x48: goto _0x69;_0x4b: reg1=65;
_0x4e: e_flag = reg0 - reg1;
_0x51: if(e_flag >= 0) {goto _0x54;} else {goto _0x69;}
_0x54: reg1=90;
_0x57: e_flag = reg0 - reg1;
_0x5a: if(e_flag <= 0) {goto _0x5d;} else {goto _0x69;}
_0x5d: reg1=75;
_0x60: reg0^=reg1;
_0x63: reg1=1;
_0x66: reg0-=reg1;
_0x69: reg1=reg0/16;
_0x6c: reg0%=16;
_0x6f: push(stack, &rsp, reg1);_0x72: push(stack, &rsp, reg0);_0x75: reg1=1;
_0x78: reg2+=reg1;
_0x7b: goto _0x1e;_0x7e: push(stack, &rsp, 7);
_0x81: push(stack, &rsp, 13);
_0x84: push(stack, &rsp, 0);
_0x87: push(stack, &rsp, 5);
_0x8a: push(stack, &rsp, 1);
_0x8d: push(stack, &rsp, 12);
_0x90: push(stack, &rsp, 1);
_0x93: push(stack, &rsp, 0);
_0x96: push(stack, &rsp, 0);
_0x99: push(stack, &rsp, 13);
_0x9c: push(stack, &rsp, 5);
_0x9f: push(stack, &rsp, 15);
_0xa2: push(stack, &rsp, 0);
_0xa5: push(stack, &rsp, 9);
_0xa8: push(stack, &rsp, 5);
_0xab: push(stack, &rsp, 15);
_0xae: push(stack, &rsp, 3);
_0xb1: push(stack, &rsp, 0);
_0xb4: push(stack, &rsp, 2);
_0xb7: push(stack, &rsp, 5);
_0xba: push(stack, &rsp, 3);
_0xbd: push(stack, &rsp, 3);
_0xc0: push(stack, &rsp, 1);
_0xc3: push(stack, &rsp, 7);
_0xc6: push(stack, &rsp, 7);
_0xc9: push(stack, &rsp, 11);
_0xcc: push(stack, &rsp, 2);
_0xcf: push(stack, &rsp, 1);
_0xd2: push(stack, &rsp, 2);
_0xd5: push(stack, &rsp, 7);
_0xd8: push(stack, &rsp, 2);
_0xdb: push(stack, &rsp, 12);
_0xde: push(stack, &rsp, 2);
_0xe1: push(stack, &rsp, 2);
_0xe4: reg2=1;
_0xe7: reg1=pop(stack, &rsp);
_0xea: reg0=pop(stack, &rsp);
_0xed: e_flag = reg0 - reg1;
_0xf0: if(e_flag) {goto _0x10e;} else {goto _0xf3;}
_0xf3: reg1=34;
_0xf6: e_flag = reg2 - reg1;
_0xf9: if(e_flag) {goto _0xfc;} else {goto _0x108;}
_0xfc: reg1=1;
_0xff: reg2+=reg1;
_0x102: goto _0xe7;_0x105: reg3=0;
_0x108: printf("%s",string[reg3]);
_0x10b: exit(0);
_0x10e: reg3=1;
_0x111: printf("%s",string[reg3]);
_0x114: exit(0);
return 0;
}#include <stdio.h>#include <stdlib.h>#include <string.h>void push(int stack[], int* rsp, int data)
{ *rsp = *rsp + 1;
stack[*rsp] = data;
}int pop(int stack[], int* rsp)
{ int ret = stack[*rsp];
stack[*rsp] = 0;
*rsp = *rsp-1;
return ret;
}int main()
{ int rsp = -1;
int stack[10] = {0};
int e_flag;
int i=0;
int reg0, reg1, reg2, reg3;
char* string[5] = {"right", "wrong", "puts", "plz input:", "hacker"};
char input[0x30];
_0x0: reg3=3;
_0x3: printf("%s",string[reg3]);
_0x6: scanf("%s",input);reg0=strlen(input);
_0x9: reg1=17;
_0xc: e_flag = reg0 - reg1;
_0xf: if(e_flag) {goto _0x12;} else {goto _0x1b;}
_0x12: reg3=1;
_0x15: printf("%s",string[reg3]);
_0x18: exit(0);
_0x1b: reg2=0;
_0x1e: reg0=17;
_0x21: e_flag = reg0 - reg2;
_0x24: if(e_flag) {goto _0x27;} else {goto _0x7e;}
_0x27: reg0=input[2];
_0x2a: reg1=97;
_0x2d: e_flag = reg0 - reg1;
_0x30: if(e_flag >= 0) {goto _0x33;} else {goto _0x4b;}
_0x33: reg1=122;
_0x36: e_flag = reg0 - reg1;
_0x39: if(e_flag <= 0) {goto _0x3c;} else {goto _0x4b;}
_0x3c: reg1=71;
_0x3f: reg0^=reg1;
_0x42: reg1=1;
_0x45: reg0+=reg1;
_0x48: goto _0x69;_0x4b: reg1=65;
_0x4e: e_flag = reg0 - reg1;
_0x51: if(e_flag >= 0) {goto _0x54;} else {goto _0x69;}
_0x54: reg1=90;
_0x57: e_flag = reg0 - reg1;
_0x5a: if(e_flag <= 0) {goto _0x5d;} else {goto _0x69;}
_0x5d: reg1=75;
_0x60: reg0^=reg1;
_0x63: reg1=1;
_0x66: reg0-=reg1;
_0x69: reg1=reg0/16;
_0x6c: reg0%=16;
_0x6f: push(stack, &rsp, reg1);_0x72: push(stack, &rsp, reg0);_0x75: reg1=1;
_0x78: reg2+=reg1;
_0x7b: goto _0x1e;_0x7e: push(stack, &rsp, 7);
_0x81: push(stack, &rsp, 13);
_0x84: push(stack, &rsp, 0);
_0x87: push(stack, &rsp, 5);
_0x8a: push(stack, &rsp, 1);
_0x8d: push(stack, &rsp, 12);
_0x90: push(stack, &rsp, 1);
_0x93: push(stack, &rsp, 0);
_0x96: push(stack, &rsp, 0);
_0x99: push(stack, &rsp, 13);
_0x9c: push(stack, &rsp, 5);
_0x9f: push(stack, &rsp, 15);
_0xa2: push(stack, &rsp, 0);
_0xa5: push(stack, &rsp, 9);
_0xa8: push(stack, &rsp, 5);
_0xab: push(stack, &rsp, 15);
_0xae: push(stack, &rsp, 3);
_0xb1: push(stack, &rsp, 0);
_0xb4: push(stack, &rsp, 2);
_0xb7: push(stack, &rsp, 5);
_0xba: push(stack, &rsp, 3);
_0xbd: push(stack, &rsp, 3);
_0xc0: push(stack, &rsp, 1);
_0xc3: push(stack, &rsp, 7);
_0xc6: push(stack, &rsp, 7);
_0xc9: push(stack, &rsp, 11);
_0xcc: push(stack, &rsp, 2);
_0xcf: push(stack, &rsp, 1);
_0xd2: push(stack, &rsp, 2);
_0xd5: push(stack, &rsp, 7);
_0xd8: push(stack, &rsp, 2);
_0xdb: push(stack, &rsp, 12);
_0xde: push(stack, &rsp, 2);
_0xe1: push(stack, &rsp, 2);
_0xe4: reg2=1;
_0xe7: reg1=pop(stack, &rsp);
_0xea: reg0=pop(stack, &rsp);
_0xed: e_flag = reg0 - reg1;
_0xf0: if(e_flag) {goto _0x10e;} else {goto _0xf3;}
_0xf3: reg1=34;
_0xf6: e_flag = reg2 - reg1;
_0xf9: if(e_flag) {goto _0xfc;} else {goto _0x108;}
_0xfc: reg1=1;
_0xff: reg2+=reg1;
_0x102: goto _0xe7;_0x105: reg3=0;
_0x108: printf("%s",string[reg3]);
_0x10b: exit(0);
_0x10e: reg3=1;
_0x111: printf("%s",string[reg3]);
_0x114: exit(0);
return 0;
}int __cdecl __noreturn main(int argc, const char **argv, const char **envp)
{ int v3; // kr00_4
char input[48]; // [rsp+20h] [rbp-B0h] BYREF
char *string[5]; // [rsp+50h] [rbp-80h]
int stack[10]; // [rsp+80h] [rbp-50h] BYREF
int rsp_0; // [rsp+B4h] [rbp-1Ch] BYREF
int e_flag; // [rsp+B8h] [rbp-18h]
int reg1; // [rsp+BCh] [rbp-14h]
int reg3; // [rsp+C0h] [rbp-10h]
int i; // [rsp+C4h] [rbp-Ch]
int j; // [rsp+C8h] [rbp-8h]
int reg0; // [rsp+CCh] [rbp-4h]
_main(argc, argv, envp);
rsp_0 = -1;
memset(stack, 0, sizeof(stack));
i = 0;
string[0] = "right";
string[1] = "wrong";
string[2] = "puts";
string[3] = "plz input:";
string[4] = "hacker";
reg3 = 3;
printf("%s", "plz input:");
scanf("%s", input);
reg0 = strlen(input);
reg1 = 17;
e_flag = reg0 - 17;
if ( reg0 != 17 )
{
reg3 = 1;
printf("%s", string[1]);
exit(0);
}
for ( j = 0; ; ++j )
{
reg0 = 17;
e_flag = 17 - j;
if ( j == 17 )
break;
reg0 = input[2];
reg1 = 97;
e_flag = input[2] - 97;
if ( e_flag < 0 || (reg1 = 'z', e_flag = reg0 - 'z', reg0 - 'z' > 0) )
{
reg1 = 'A';
e_flag = reg0 - 'A';
if ( reg0 - 'A' >= 0 )
{
reg1 = 'Z';
e_flag = reg0 - 'Z';
if ( reg0 - 'Z' <= 0 ) // 'A' - 'Z'
{
reg0 ^= 75u;
reg1 = 1;
--reg0;
}
}
}
else // 'a' - 'z'
{
reg0 ^= 71u;
reg1 = 1;
++reg0;
}
v3 = reg0;
reg1 = reg0 / 16;
reg0 %= 16;
push(stack, &rsp_0, v3 / 16); //push进除16的整数
push(stack, &rsp_0, reg0); //push进%16的整数
reg1 = 1;
}
push(stack, &rsp_0, 7);
push(stack, &rsp_0, 13);
push(stack, &rsp_0, 0);
push(stack, &rsp_0, 5);
push(stack, &rsp_0, 1);
push(stack, &rsp_0, 12);
push(stack, &rsp_0, 1);
push(stack, &rsp_0, 0);
push(stack, &rsp_0, 0);
push(stack, &rsp_0, 13);
push(stack, &rsp_0, 5);
push(stack, &rsp_0, 15);
push(stack, &rsp_0, 0);
push(stack, &rsp_0, 9);
push(stack, &rsp_0, 5);
push(stack, &rsp_0, 15);
push(stack, &rsp_0, 3);
push(stack, &rsp_0, 0);
push(stack, &rsp_0, 2);
push(stack, &rsp_0, 5);
push(stack, &rsp_0, 3);
push(stack, &rsp_0, 3);
push(stack, &rsp_0, 1);
push(stack, &rsp_0, 7);
push(stack, &rsp_0, 7);
push(stack, &rsp_0, 11);
push(stack, &rsp_0, 2);
push(stack, &rsp_0, 1);
push(stack, &rsp_0, 2);
push(stack, &rsp_0, 7);
push(stack, &rsp_0, 2);
push(stack, &rsp_0, 12);
push(stack, &rsp_0, 2);
push(stack, &rsp_0, 2);
for ( j = 1; ; ++j )
{
reg1 = pop(stack, &rsp_0);
reg0 = pop(stack, &rsp_0);
e_flag = reg0 - reg1;
if ( reg0 != reg1 )
break;
reg1 = 34;
e_flag = j - 34;
if ( j == 34 )
{
printf("%s", string[reg3]);
exit(0);
}
reg1 = 1;
}
reg3 = 1;
printf("%s", string[1]);
exit(0);
}int __cdecl __noreturn main(int argc, const char **argv, const char **envp)
{ int v3; // kr00_4
char input[48]; // [rsp+20h] [rbp-B0h] BYREF
char *string[5]; // [rsp+50h] [rbp-80h]
int stack[10]; // [rsp+80h] [rbp-50h] BYREF
int rsp_0; // [rsp+B4h] [rbp-1Ch] BYREF
int e_flag; // [rsp+B8h] [rbp-18h]
int reg1; // [rsp+BCh] [rbp-14h]
int reg3; // [rsp+C0h] [rbp-10h]
int i; // [rsp+C4h] [rbp-Ch]
int j; // [rsp+C8h] [rbp-8h]
int reg0; // [rsp+CCh] [rbp-4h]
_main(argc, argv, envp);
rsp_0 = -1;
memset(stack, 0, sizeof(stack));
i = 0;
string[0] = "right";
string[1] = "wrong";
string[2] = "puts";
string[3] = "plz input:";
string[4] = "hacker";
reg3 = 3;
printf("%s", "plz input:");
scanf("%s", input);
reg0 = strlen(input);
reg1 = 17;
e_flag = reg0 - 17;
if ( reg0 != 17 )
{
reg3 = 1;
printf("%s", string[1]);
exit(0);
}
for ( j = 0; ; ++j )
{
reg0 = 17;
e_flag = 17 - j;
if ( j == 17 )
break;
reg0 = input[2];
reg1 = 97;
e_flag = input[2] - 97;
if ( e_flag < 0 || (reg1 = 'z', e_flag = reg0 - 'z', reg0 - 'z' > 0) )
{
reg1 = 'A';
e_flag = reg0 - 'A';
if ( reg0 - 'A' >= 0 )
{
reg1 = 'Z';
e_flag = reg0 - 'Z';
if ( reg0 - 'Z' <= 0 ) // 'A' - 'Z'
{
reg0 ^= 75u;
reg1 = 1;
--reg0;
}
}
}
else // 'a' - 'z'
{
reg0 ^= 71u;
reg1 = 1;
++reg0;
}
v3 = reg0;
reg1 = reg0 / 16;
reg0 %= 16;
push(stack, &rsp_0, v3 / 16); //push进除16的整数
push(stack, &rsp_0, reg0); //push进%16的整数
reg1 = 1;
}
push(stack, &rsp_0, 7);
push(stack, &rsp_0, 13);
push(stack, &rsp_0, 0);
push(stack, &rsp_0, 5);
push(stack, &rsp_0, 1);
push(stack, &rsp_0, 12);
push(stack, &rsp_0, 1);
push(stack, &rsp_0, 0);
push(stack, &rsp_0, 0);
push(stack, &rsp_0, 13);
push(stack, &rsp_0, 5);
push(stack, &rsp_0, 15);
push(stack, &rsp_0, 0);
push(stack, &rsp_0, 9);
push(stack, &rsp_0, 5);
push(stack, &rsp_0, 15);
push(stack, &rsp_0, 3);
push(stack, &rsp_0, 0);
push(stack, &rsp_0, 2);
push(stack, &rsp_0, 5);
push(stack, &rsp_0, 3);
push(stack, &rsp_0, 3);
push(stack, &rsp_0, 1);
push(stack, &rsp_0, 7);
push(stack, &rsp_0, 7);
push(stack, &rsp_0, 11);
push(stack, &rsp_0, 2);
push(stack, &rsp_0, 1);
push(stack, &rsp_0, 2);
push(stack, &rsp_0, 7);
push(stack, &rsp_0, 2);
push(stack, &rsp_0, 12);
push(stack, &rsp_0, 2);
push(stack, &rsp_0, 2);
for ( j = 1; ; ++j )
{
reg1 = pop(stack, &rsp_0);
reg0 = pop(stack, &rsp_0);
e_flag = reg0 - reg1;
if ( reg0 != reg1 )
break;
reg1 = 34;
e_flag = j - 34;
if ( j == 34 )
{
printf("%s", string[reg3]);
exit(0);
}
reg1 = 1;
}
reg3 = 1;
printf("%s", string[1]);
exit(0);
}cmp_data = [0x7,0xd,0x0,0x5,0x1,0xc,0x1,0x0,0x0,0xd,0x5,0xf,0x0,0x9,0x5,0xf,0x3,0x0,0x2,0x5,0x3,0x3,0x1,0x7,0x7,0xb,0x2,0x1,0x2,0x7,0x2,0xc,0x2,0x2,]
cmp_data = cmp_data[::-1]
print(cmp_data)
flag = ''
for i in range(0, 34, 2):
temp = cmp_data[i] + cmp_data[i+1]*16
x = ((temp+1) ^ 75)
y = ((temp-1) ^ 71)
if (x >= 65) and (x <= 90): # 'A'-'Z'
flag += chr(x)
elif (y >= 97) and (y <= 122): # 'a' - 'z'
flag += chr(y)
else:
flag += chr(temp) # 没有处于'a'-'z'或'A'-'Z'之间
print(flag)
# flag{Such_A_EZVM}cmp_data = [0x7,0xd,0x0,0x5,0x1,0xc,0x1,0x0,0x0,0xd,0x5,0xf,0x0,0x9,0x5,0xf,0x3,0x0,0x2,0x5,0x3,0x3,0x1,0x7,0x7,0xb,0x2,0x1,0x2,0x7,0x2,0xc,0x2,0x2,]
cmp_data = cmp_data[::-1]
print(cmp_data)
flag = ''
for i in range(0, 34, 2):
temp = cmp_data[i] + cmp_data[i+1]*16
x = ((temp+1) ^ 75)
y = ((temp-1) ^ 71)
if (x >= 65) and (x <= 90): # 'A'-'Z'
flag += chr(x)
elif (y >= 97) and (y <= 122): # 'a' - 'z'
flag += chr(y)
else:
flag += chr(temp) # 没有处于'a'-'z'或'A'-'Z'之间
print(flag)
# flag{Such_A_EZVM}__int64 __fastcall main(int a1, char **a2, char **a3)
{ void *opcode; // rbx
FILE *fp; // rbp
void *v5; // rbx
char v7[5]; // [rsp+3h] [rbp-25h] BYREF
unsigned __int64 v8; // [rsp+8h] [rbp-20h]
v8 = __readfsqword(0x28u);
opcode = malloc(0x400uLL);
if ( a1 > 1 )
{
fp = fopen(a2[1], "rb");
fread(opcode, 1uLL, 1000uLL, fp);
fclose(fp);
}
code_adr = opcode;
rip_ = 0;
rsp_ = 0;
v5 = malloc(0x100uLL);
save_local = (__int64)malloc(0x100uLL);
stack = (__int64)v5;
v7[0] = 0;
save_cnt = (__int64)v7;
v7[1] = 0;
v7[2] = 0;
v7[3] = 0;
v7[4] = 0;
VM((unsigned int *)&rip_);
return 0LL;
}__int64 __fastcall main(int a1, char **a2, char **a3)
{ void *opcode; // rbx
FILE *fp; // rbp
void *v5; // rbx
char v7[5]; // [rsp+3h] [rbp-25h] BYREF
unsigned __int64 v8; // [rsp+8h] [rbp-20h]
v8 = __readfsqword(0x28u);
opcode = malloc(0x400uLL);
if ( a1 > 1 )
{
fp = fopen(a2[1], "rb");
fread(opcode, 1uLL, 1000uLL, fp);
fclose(fp);
}
code_adr = opcode;
rip_ = 0;
rsp_ = 0;
v5 = malloc(0x100uLL);
save_local = (__int64)malloc(0x100uLL);
stack = (__int64)v5;
v7[0] = 0;
save_cnt = (__int64)v7;
v7[1] = 0;
v7[2] = 0;
v7[3] = 0;
v7[4] = 0;
VM((unsigned int *)&rip_);
return 0LL;
}.bss:00000000006020A0 rip_ dd ? ; DATA XREF: main+6A↑w
.bss:00000000006020A0 ; main+9C↑o
.bss:00000000006020A4 rsp_ dd ? ; DATA XREF: main+74↑w
.bss:00000000006020A8 code_adr dq ? ; DATA XREF: main+63↑w
.bss:00000000006020B0 stack dq ? ; DATA XREF: main+A1↑w
.bss:00000000006020B8 save_local dq ? ; DATA XREF: main+90↑w
.bss:00000000006020C0 save_cnt dq ? ; DATA XREF: main+AD↑w
.bss:00000000006020A0 rip_ dd ? ; DATA XREF: main+6A↑w
.bss:00000000006020A0 ; main+9C↑o
.bss:00000000006020A4 rsp_ dd ? ; DATA XREF: main+74↑w
.bss:00000000006020A8 code_adr dq ? ; DATA XREF: main+63↑w
.bss:00000000006020B0 stack dq ? ; DATA XREF: main+A1↑w
.bss:00000000006020B8 save_local dq ? ; DATA XREF: main+90↑w
.bss:00000000006020C0 save_cnt dq ? ; DATA XREF: main+AD↑w
struct _VM{ dword rip_;
dword rsp_;
qword* code_adr;
qword* stack;
qword* save_local; //存放本地变量的地方,三个数组
qword* save_cnt; //存放计数变量的数组的指针
}VMStruct;struct _VM{ dword rip_;
dword rsp_;
qword* code_adr;
qword* stack;
qword* save_local; //存放本地变量的地方,三个数组
qword* save_cnt; //存放计数变量的数组的指针
}VMStruct;*(_BYTE *)(code + rip__1) //根据rip执行对应指令,取操作码
*(code + rip__1 + 1) //操作数,单操作码才会出现这个变量
VMstruct[1] //栈顶rsp,表示栈内有几个数据
*VMStruct //rip
*((_QWORD *)VMStruct + 1); //qword指针+1说明偏移8字节,取到了code
*((_QWORD *)VMStruct + 2) //偏移2个8字节,偏移16字节取到stack
*((_QWORD *)VMStruct + 3) //取到一片用来存储数据(数组)的空间
*((_QWORD *)VMStruct + 4) //取到储存循环变量的地址
*(_BYTE *)(code + rip__1) //根据rip执行对应指令,取操作码
*(code + rip__1 + 1) //操作数,单操作码才会出现这个变量
VMstruct[1] //栈顶rsp,表示栈内有几个数据
*VMStruct //rip
*((_QWORD *)VMStruct + 1); //qword指针+1说明偏移8字节,取到了code
*((_QWORD *)VMStruct + 2) //偏移2个8字节,偏移16字节取到stack
*((_QWORD *)VMStruct + 3) //取到一片用来存储数据(数组)的空间
*((_QWORD *)VMStruct + 4) //取到储存循环变量的地址
__int64 __fastcall dispatcher(unsigned int *VMStruct)
{ __int64 code; // rcx
__int64 rip_; // rax
__int64 rip__1; // rdx
unsigned int v5; // eax
__int64 stack_5; // rcx
_BYTE *v7; // rdx
signed int v8; // eax
char b; // al
unsigned int v10; // edx
__int64 save_cnt_1; // rsi
_BYTE *v12; // rax
__int64 v13; // rcx
char v14; // cl
int data_1; // er8
signed int v16; // edx
__int64 v17; // rdi
signed int v18; // esi
int v19; // er8
signed int v20; // edx
__int64 v21; // rdi
signed int v22; // esi
int data; // er8
signed int v24; // edx
__int64 v25; // rdi
signed int v26; // esi
signed int v27; // edx
__int64 v28; // rdi
signed int v29; // esi
int data_3; // er8
signed int v31; // edx
__int64 v32; // rdi
signed int v33; // esi
int data_2; // edi
signed int v35; // edx
__int64 v36; // r8
signed int v37; // esi
signed int v38; // ecx
_BYTE *v39; // rax
__int64 stack_3; // rdx
signed int v41; // eax
signed int v42; // esi
char v43; // cl
char v44; // cl
signed int v45; // eax
signed int v46; // esi
char v47; // cl
char v48; // cl
signed int v49; // eax
signed int v50; // esi
char v51; // cl
char v52; // cl
signed int v53; // eax
__int64 v54; // rdx
signed int v55; // esi
unsigned __int8 v56; // cl
_BYTE *v57; // rdx
signed int v58; // eax
__int64 v59; // rdx
signed int v60; // ecx
unsigned __int8 v61; // si
signed int v62; // edx
__int64 v63; // rcx
signed int v64; // esi
char v65; // al
signed int v66; // eax
char v67; // si
signed int rip__2; // eax
signed int v69; // esi
char v70; // cl
char v71; // cl
_BYTE *lo_var; // rdx
__int64 stack_2; // rcx
signed int v74; // eax
__int64 reg1; // rax
__int64 save_local; // rdx
char reg0; // cl
__int64 rsp__1; // rax
__int64 stack_1; // rdx
__int64 stack; // rdx
_IO_FILE *v81; // rsi
signed int rsp_1; // eax
char input_char; // al
__int64 rsp_; // rdx
__int64 stack_4; // rcx
code = *((_QWORD *)VMStruct + 1);
rip_ = *VMStruct;
while ( 2 ) // 循环
{
rip__1 = (int)rip_;
LABEL_3: switch ( *(_BYTE *)(code + rip__1) )
{
case 1: // getc,push rip+=1
input_char = _IO_getc(stdin);
rsp_ = (int)VMStruct[1];
stack_4 = *((_QWORD *)VMStruct + 2);
VMStruct[1] = rsp_ + 1;
*(_BYTE *)(stack_4 + rsp_) = input_char;
code = *((_QWORD *)VMStruct + 1);
rip_ = *VMStruct + 1;
*VMStruct = rip_;
continue;
case 2: // pop,putc rip+=1
stack = *((_QWORD *)VMStruct + 2);
v81 = stdout;
rsp_1 = VMStruct[1] - 1;
VMStruct[1] = rsp_1;
_IO_putc(*(unsigned __int8 *)(stack + rsp_1), v81);
code = *((_QWORD *)VMStruct + 1);
rip_ = *VMStruct + 1;
*VMStruct = rip_;
continue;
case 3: // nop rip+=1
rip_ = (unsigned int)(rip_ + 1);
*VMStruct = rip_;
continue;
case 4: // mov reg0, data; push reg0 rip+=2
reg0 = *(_BYTE *)(code + rip__1 + 1);
goto push_reg0;
case 5: // mov reg1, data; mov reg0, *(cnt_adr+reg1); push reg0; rip += 2
reg1 = *(unsigned __int8 *)(code + rip__1 + 1);
save_local = *((_QWORD *)VMStruct + 4);
goto pop_reg0;
case 6: // pop *(cnt_adr+data) rip+=2
lo_var = (_BYTE *)(*((_QWORD *)VMStruct + 4) + *(unsigned __int8 *)(code + rip__1 + 1));
goto pop_to_local;
case 7: // mov reg1, data; mov reg0, *(save_local + reg1); push reg0; rip+=2
reg1 = *(unsigned __int8 *)(code + rip__1 + 1);
save_local = *((_QWORD *)VMStruct + 3);
pop_reg0: reg0 = *(_BYTE *)(save_local + reg1);
push_reg0: rsp__1 = (int)VMStruct[1];
stack_1 = *((_QWORD *)VMStruct + 2);
VMStruct[1] = rsp__1 + 1;
*(_BYTE *)(stack_1 + rsp__1) = reg0; // push reg0
code = *((_QWORD *)VMStruct + 1);
rip_ = *VMStruct + 2; // get_next_opcode_index
*VMStruct = rip_;
continue;
case 8: // pop *(save_local+data) rip+=2
lo_var = (_BYTE *)(*((_QWORD *)VMStruct + 3) + *(unsigned __int8 *)(code + rip__1 + 1));// get_local_adr
pop_to_local: stack_2 = *((_QWORD *)VMStruct + 2);
v74 = VMStruct[1] - 1;
VMStruct[1] = v74;
*lo_var = *(_BYTE *)(stack_2 + v74);
code = *((_QWORD *)VMStruct + 1);
rip_ = *VMStruct + 2;
*VMStruct = rip_;
continue;
case 9: // pop rax; pop rbx; push rbx+rax; rip+= 1
rip__2 = VMStruct[1];
stack_3 = *((_QWORD *)VMStruct + 2);
v69 = rip__2 - 1;
rip__2 -= 2;
VMStruct[1] = v69;
v70 = *(_BYTE *)(stack_3 + v69);
VMStruct[1] = rip__2;
v39 = (_BYTE *)(stack_3 + rip__2);
v71 = *v39 + v70;
VMStruct[1] = v69;
LOBYTE(stack_3) = v71;
goto LABEL_28;
case 10: // pop rax; pop rbx; push rbx-rax; rip+= 1
v66 = VMStruct[1];
stack_3 = *((_QWORD *)VMStruct + 2);
v38 = v66 - 1;
v66 -= 2;
VMStruct[1] = v38;
v67 = *(_BYTE *)(stack_3 + v38);
VMStruct[1] = v66;
v39 = (_BYTE *)(stack_3 + v66);
LOBYTE(stack_3) = *v39 - v67;
goto LABEL_27;
case 11: // pop rax; pop rbx; push rbx*rax; rip+= 1
v62 = VMStruct[1];
v63 = *((_QWORD *)VMStruct + 2);
v64 = v62 - 1;
v62 -= 2;
VMStruct[1] = v64;
v65 = *(_BYTE *)(v63 + v64);
VMStruct[1] = v62;
v7 = (_BYTE *)(v63 + v62);
b = *v7 * v65;
VMStruct[1] = v64;
goto LABEL_8;
case 12: // pop rax; pop rbx; push rbx/rax; rip+= 1
v58 = VMStruct[1];
v59 = *((_QWORD *)VMStruct + 2);
v60 = v58 - 1;
v58 -= 2;
VMStruct[1] = v60;
v61 = *(_BYTE *)(v59 + v60);
VMStruct[1] = v58;
v7 = (_BYTE *)(v58 + v59);
rip_ = (unsigned __int8)*v7;
if ( !v61 )
return rip_;
VMStruct[1] = v60;
b = (unsigned __int16)rip_ / v61;
goto LABEL_8;
case 13: // pop rax; pop rbx; push rbx%rax; rip+= 1
v53 = VMStruct[1];
v54 = *((_QWORD *)VMStruct + 2);
v55 = v53 - 1;
v53 -= 2;
VMStruct[1] = v55;
v56 = *(_BYTE *)(v54 + v55);
VMStruct[1] = v53;
v57 = (_BYTE *)(v53 + v54);
LOWORD(v53) = (unsigned __int8)*v57;
VMStruct[1] = v55;
rip_ = (unsigned __int8)((unsigned __int16)v53 % v56);
*v57 = rip_;
if ( !v56 )
return rip_;
goto LABEL_9;
case 14: // pop eax; pop ebx; push ebx^eax; rip+= 1
v49 = VMStruct[1];
stack_3 = *((_QWORD *)VMStruct + 2);
v50 = v49 - 1;
v49 -= 2;
VMStruct[1] = v50;
v51 = *(_BYTE *)(stack_3 + v50);
VMStruct[1] = v49;
v39 = (_BYTE *)(stack_3 + v49);
v52 = *v39 ^ v51;
VMStruct[1] = v50;
LOBYTE(stack_3) = v52;
goto LABEL_28;
case 15: // pop rax; pop rbx; push rbx&rax; rip+= 1
v45 = VMStruct[1];
stack_3 = *((_QWORD *)VMStruct + 2);
v46 = v45 - 1;
v45 -= 2;
VMStruct[1] = v46;
v47 = *(_BYTE *)(stack_3 + v46);
VMStruct[1] = v45;
v39 = (_BYTE *)(stack_3 + v45);
v48 = *v39 & v47;
VMStruct[1] = v46;
LOBYTE(stack_3) = v48;
goto LABEL_28;
case 16: // pop rax; pop rbx; push rbx|rax; rip+= 1
v41 = VMStruct[1];
stack_3 = *((_QWORD *)VMStruct + 2);
v42 = v41 - 1;
v41 -= 2;
VMStruct[1] = v42;
v43 = *(_BYTE *)(stack_3 + v42);
VMStruct[1] = v41;
v39 = (_BYTE *)(stack_3 + v41);
v44 = *v39 | v43;
VMStruct[1] = v42;
LOBYTE(stack_3) = v44;
goto LABEL_28;
case 17: // pop reg; push -reg; rip+=1
v38 = VMStruct[1];
VMStruct[1] = v38 - 1;
v39 = (_BYTE *)(*((_QWORD *)VMStruct + 2) + v38 - 1);
LODWORD(stack_3) = -(unsigned __int8)*v39;
goto LABEL_27;
case 18: // pop reg; push ~reg; rip+=1
v38 = VMStruct[1];
VMStruct[1] = v38 - 1;
v39 = (_BYTE *)(*((_QWORD *)VMStruct + 2) + v38 - 1);
LOBYTE(stack_3) = ~*v39;
LABEL_27: VMStruct[1] = v38;
LABEL_28: *v39 = stack_3;
code = *((_QWORD *)VMStruct + 1);
rip_ = *VMStruct + 1;
*VMStruct = rip_;
continue;
case 19: // pop rax; pop rbx; if stack[rax] != stack[rbx]: rip+=2
// else rip+=data
data_1 = *(unsigned __int8 *)(code + rip__1 + 1);
v27 = VMStruct[1];
v28 = *((_QWORD *)VMStruct + 2);
v29 = v27 - 1;
v27 -= 2;
VMStruct[1] = v29;
LOBYTE(v29) = *(_BYTE *)(v28 + v29);
VMStruct[1] = v27;
if ( *(_BYTE *)(v28 + v27) != (_BYTE)v29 )
goto LABEL_21;
goto LABEL_15;
case 20: // pop rax; pop rbx; if stack[rax] == stack[rbx]: rip+=2
// else rip+=data
data_2 = *(char *)(code + rip__1 + 1);
v35 = VMStruct[1];
v36 = *((_QWORD *)VMStruct + 2);
v37 = v35 - 1;
v35 -= 2;
VMStruct[1] = v37;
LOBYTE(v37) = *(_BYTE *)(v36 + v37);
VMStruct[1] = v35;
if ( *(_BYTE *)(v36 + v35) == (_BYTE)v37 )
goto LABEL_21;
rip_ = (unsigned int)(data_2 + rip_);
*VMStruct = rip_;
continue;
case 21: // pop rax; pop rbx; if stack[rax] >= stack[rbx]: rip+=2
data_3 = *(char *)(code + rip__1 + 1); // else: rip+=data
v31 = VMStruct[1];
v32 = *((_QWORD *)VMStruct + 2);
v33 = v31 - 1;
v31 -= 2;
VMStruct[1] = v33;
LOBYTE(v33) = *(_BYTE *)(v32 + v33);
VMStruct[1] = v31;
if ( *(_BYTE *)(v32 + v31) <= (unsigned __int8)v33 )
goto LABEL_21;
rip_ = (unsigned int)(data_3 + rip_);
*VMStruct = rip_;
continue;
case 22: // pop rax; pop rbx; if stack[rax] > stack[rbx]: rip+=2
data = *(char *)(code + rip__1 + 1); // else: rip+=data
v24 = VMStruct[1];
v25 = *((_QWORD *)VMStruct + 2);
v26 = v24 - 1;
v24 -= 2;
VMStruct[1] = v26;
LOBYTE(v26) = *(_BYTE *)(v25 + v26);
VMStruct[1] = v24;
if ( *(_BYTE *)(v25 + v24) < (unsigned __int8)v26 )
goto LABEL_21;
rip_ = (unsigned int)(data + rip_);
*VMStruct = rip_;
continue;
case 23: // pop rax; pop rbx; if stack[rax] <= stack[rbx]: rip+=2
v19 = *(char *)(code + rip__1 + 1); // else: rip+=data
v20 = VMStruct[1];
v21 = *((_QWORD *)VMStruct + 2);
v22 = v20 - 1;
v20 -= 2;
VMStruct[1] = v22;
LOBYTE(v22) = *(_BYTE *)(v21 + v22);
VMStruct[1] = v20;
if ( *(_BYTE *)(v21 + v20) >= (unsigned __int8)v22 )
goto LABEL_21;
rip_ = (unsigned int)(v19 + rip_);
*VMStruct = rip_;
continue;
case 24: // pop rax; pop rbx; if stack[rax] < stack[rbx]: rip+=2
data_1 = *(char *)(code + rip__1 + 1); // else rip+=data
v16 = VMStruct[1];
v17 = *((_QWORD *)VMStruct + 2);
v18 = v16 - 1;
v16 -= 2;
VMStruct[1] = v18;
LOBYTE(v18) = *(_BYTE *)(v17 + v18);
VMStruct[1] = v16;
if ( *(_BYTE *)(v17 + v16) > (unsigned __int8)v18 )
{
LABEL_21: rip_ = (unsigned int)(rip_ + 2);
*VMStruct = rip_;
}
else
{
LABEL_15: rip_ = (unsigned int)(data_1 + rip_);
*VMStruct = rip_;
}
continue;
case 25: // pop rax; push *(save_local+rax) rip+=1
v10 = VMStruct[1];
save_cnt_1 = *((_QWORD *)VMStruct + 3);
VMStruct[1] = v10 - 1;
v12 = (_BYTE *)(*((_QWORD *)VMStruct + 2) + (int)(v10 - 1));
v13 = (unsigned __int8)*v12;
goto LABEL_11;
case 26: // pop rax; pop rbx; mov *(save_local+rax), rbx
v5 = VMStruct[1];
stack_5 = *((_QWORD *)VMStruct + 2);
VMStruct[1] = v5 - 1;
v7 = (_BYTE *)(*((_QWORD *)VMStruct + 3) + *(unsigned __int8 *)(stack_5 + (int)(v5 - 1)));
goto LABEL_7;
case 27: // pop rax; push *(save_cnt+rax) rip+=1
v10 = VMStruct[1];
save_cnt_1 = *((_QWORD *)VMStruct + 4);
VMStruct[1] = v10 - 1;
v12 = (_BYTE *)(*((_QWORD *)VMStruct + 2) + (int)(v10 - 1));
v13 = (unsigned __int8)*v12;
LABEL_11: v14 = *(_BYTE *)(save_cnt_1 + v13);
VMStruct[1] = v10;
*v12 = v14;
code = *((_QWORD *)VMStruct + 1);
rip_ = *VMStruct + 1;
*VMStruct = rip_;
continue;
case 28: // pop rax; pop rbx; mov *(save_cnt+rax), rbx; rip+=1
v5 = VMStruct[1];
stack_5 = *((_QWORD *)VMStruct + 2);
VMStruct[1] = v5 - 1;
v7 = (_BYTE *)(*((_QWORD *)VMStruct + 4) + *(unsigned __int8 *)(stack_5 + (int)(v5 - 1)));
LABEL_7: v8 = v5 - 2;
VMStruct[1] = v8;
b = *(_BYTE *)(stack_5 + v8);
LABEL_8: *v7 = b;
LABEL_9: code = *((_QWORD *)VMStruct + 1);
rip_ = *VMStruct + 1;
*VMStruct = rip_;
continue;
case 29: // if *(code+data) <= 29: while_continue
// else: return
// (这个功能就是判断是否执行到了最后,因为给的opcode最后一个就是30)
rip_ = (unsigned int)(*(char *)(code + rip__1 + 1) + (_DWORD)rip_);
rip__1 = (int)rip_;
*VMStruct = rip_;
if ( *(_BYTE *)(code + (int)rip_) <= 29u )
goto LABEL_3;
return rip_;
default:
return rip_;
}
}
}__int64 __fastcall dispatcher(unsigned int *VMStruct)
{ __int64 code; // rcx
__int64 rip_; // rax
__int64 rip__1; // rdx
unsigned int v5; // eax
__int64 stack_5; // rcx
_BYTE *v7; // rdx
signed int v8; // eax
char b; // al
unsigned int v10; // edx
__int64 save_cnt_1; // rsi
_BYTE *v12; // rax
__int64 v13; // rcx
char v14; // cl
int data_1; // er8
signed int v16; // edx
__int64 v17; // rdi
signed int v18; // esi
int v19; // er8
signed int v20; // edx
__int64 v21; // rdi
signed int v22; // esi
int data; // er8
signed int v24; // edx
__int64 v25; // rdi
signed int v26; // esi
signed int v27; // edx
__int64 v28; // rdi
signed int v29; // esi
int data_3; // er8
signed int v31; // edx
__int64 v32; // rdi
signed int v33; // esi
int data_2; // edi
signed int v35; // edx
__int64 v36; // r8
signed int v37; // esi
signed int v38; // ecx
_BYTE *v39; // rax
__int64 stack_3; // rdx
signed int v41; // eax
signed int v42; // esi
char v43; // cl
char v44; // cl
signed int v45; // eax
signed int v46; // esi
char v47; // cl
char v48; // cl
signed int v49; // eax
signed int v50; // esi
char v51; // cl
char v52; // cl
signed int v53; // eax
__int64 v54; // rdx
signed int v55; // esi
unsigned __int8 v56; // cl
_BYTE *v57; // rdx
signed int v58; // eax
__int64 v59; // rdx
signed int v60; // ecx
unsigned __int8 v61; // si
signed int v62; // edx
__int64 v63; // rcx
signed int v64; // esi
char v65; // al
signed int v66; // eax
char v67; // si
signed int rip__2; // eax
signed int v69; // esi
char v70; // cl
char v71; // cl
_BYTE *lo_var; // rdx
__int64 stack_2; // rcx
signed int v74; // eax
__int64 reg1; // rax
__int64 save_local; // rdx
char reg0; // cl
__int64 rsp__1; // rax
__int64 stack_1; // rdx
__int64 stack; // rdx
_IO_FILE *v81; // rsi
signed int rsp_1; // eax
char input_char; // al
__int64 rsp_; // rdx
__int64 stack_4; // rcx
code = *((_QWORD *)VMStruct + 1);
rip_ = *VMStruct;
while ( 2 ) // 循环
{
rip__1 = (int)rip_;
LABEL_3: switch ( *(_BYTE *)(code + rip__1) )
{
case 1: // getc,push rip+=1
input_char = _IO_getc(stdin);
rsp_ = (int)VMStruct[1];
stack_4 = *((_QWORD *)VMStruct + 2);
VMStruct[1] = rsp_ + 1;
*(_BYTE *)(stack_4 + rsp_) = input_char;
code = *((_QWORD *)VMStruct + 1);
rip_ = *VMStruct + 1;
*VMStruct = rip_;
continue;
case 2: // pop,putc rip+=1
stack = *((_QWORD *)VMStruct + 2);
v81 = stdout;
rsp_1 = VMStruct[1] - 1;
VMStruct[1] = rsp_1;
_IO_putc(*(unsigned __int8 *)(stack + rsp_1), v81);
code = *((_QWORD *)VMStruct + 1);
rip_ = *VMStruct + 1;
*VMStruct = rip_;
continue;
case 3: // nop rip+=1
rip_ = (unsigned int)(rip_ + 1);
*VMStruct = rip_;
continue;
case 4: // mov reg0, data; push reg0 rip+=2
reg0 = *(_BYTE *)(code + rip__1 + 1);
goto push_reg0;
case 5: // mov reg1, data; mov reg0, *(cnt_adr+reg1); push reg0; rip += 2
reg1 = *(unsigned __int8 *)(code + rip__1 + 1);
save_local = *((_QWORD *)VMStruct + 4);
goto pop_reg0;
case 6: // pop *(cnt_adr+data) rip+=2
lo_var = (_BYTE *)(*((_QWORD *)VMStruct + 4) + *(unsigned __int8 *)(code + rip__1 + 1));
goto pop_to_local;
case 7: // mov reg1, data; mov reg0, *(save_local + reg1); push reg0; rip+=2
reg1 = *(unsigned __int8 *)(code + rip__1 + 1);
save_local = *((_QWORD *)VMStruct + 3);
pop_reg0: reg0 = *(_BYTE *)(save_local + reg1);
push_reg0: rsp__1 = (int)VMStruct[1];
stack_1 = *((_QWORD *)VMStruct + 2);
VMStruct[1] = rsp__1 + 1;
*(_BYTE *)(stack_1 + rsp__1) = reg0; // push reg0
code = *((_QWORD *)VMStruct + 1);
rip_ = *VMStruct + 2; // get_next_opcode_index
*VMStruct = rip_;
continue;
case 8: // pop *(save_local+data) rip+=2
lo_var = (_BYTE *)(*((_QWORD *)VMStruct + 3) + *(unsigned __int8 *)(code + rip__1 + 1));// get_local_adr
pop_to_local: stack_2 = *((_QWORD *)VMStruct + 2);
v74 = VMStruct[1] - 1;
VMStruct[1] = v74;
*lo_var = *(_BYTE *)(stack_2 + v74);
code = *((_QWORD *)VMStruct + 1);
rip_ = *VMStruct + 2;
*VMStruct = rip_;
continue;
case 9: // pop rax; pop rbx; push rbx+rax; rip+= 1
rip__2 = VMStruct[1];
stack_3 = *((_QWORD *)VMStruct + 2);
v69 = rip__2 - 1;
rip__2 -= 2;
VMStruct[1] = v69;
v70 = *(_BYTE *)(stack_3 + v69);
VMStruct[1] = rip__2;
v39 = (_BYTE *)(stack_3 + rip__2);
v71 = *v39 + v70;
VMStruct[1] = v69;
LOBYTE(stack_3) = v71;
goto LABEL_28;
case 10: // pop rax; pop rbx; push rbx-rax; rip+= 1
v66 = VMStruct[1];
stack_3 = *((_QWORD *)VMStruct + 2);
v38 = v66 - 1;
v66 -= 2;
VMStruct[1] = v38;
v67 = *(_BYTE *)(stack_3 + v38);
VMStruct[1] = v66;
v39 = (_BYTE *)(stack_3 + v66);
LOBYTE(stack_3) = *v39 - v67;
goto LABEL_27;
case 11: // pop rax; pop rbx; push rbx*rax; rip+= 1
v62 = VMStruct[1];
v63 = *((_QWORD *)VMStruct + 2);
v64 = v62 - 1;
v62 -= 2;
VMStruct[1] = v64;
v65 = *(_BYTE *)(v63 + v64);
VMStruct[1] = v62;
v7 = (_BYTE *)(v63 + v62);
b = *v7 * v65;
VMStruct[1] = v64;
goto LABEL_8;
case 12: // pop rax; pop rbx; push rbx/rax; rip+= 1
v58 = VMStruct[1];
v59 = *((_QWORD *)VMStruct + 2);
v60 = v58 - 1;
v58 -= 2;
VMStruct[1] = v60;
v61 = *(_BYTE *)(v59 + v60);
VMStruct[1] = v58;
v7 = (_BYTE *)(v58 + v59);
rip_ = (unsigned __int8)*v7;
if ( !v61 )
return rip_;
VMStruct[1] = v60;
b = (unsigned __int16)rip_ / v61;
goto LABEL_8;
case 13: // pop rax; pop rbx; push rbx%rax; rip+= 1
v53 = VMStruct[1];
v54 = *((_QWORD *)VMStruct + 2);
v55 = v53 - 1;
v53 -= 2;
VMStruct[1] = v55;
v56 = *(_BYTE *)(v54 + v55);
VMStruct[1] = v53;
v57 = (_BYTE *)(v53 + v54);
LOWORD(v53) = (unsigned __int8)*v57;
VMStruct[1] = v55;
rip_ = (unsigned __int8)((unsigned __int16)v53 % v56);
*v57 = rip_;
if ( !v56 )
return rip_;
goto LABEL_9;
case 14: // pop eax; pop ebx; push ebx^eax; rip+= 1
v49 = VMStruct[1];
stack_3 = *((_QWORD *)VMStruct + 2);
v50 = v49 - 1;
v49 -= 2;
VMStruct[1] = v50;
v51 = *(_BYTE *)(stack_3 + v50);
VMStruct[1] = v49;
v39 = (_BYTE *)(stack_3 + v49);
v52 = *v39 ^ v51;
VMStruct[1] = v50;
LOBYTE(stack_3) = v52;
goto LABEL_28;
case 15: // pop rax; pop rbx; push rbx&rax; rip+= 1
v45 = VMStruct[1];
stack_3 = *((_QWORD *)VMStruct + 2);
v46 = v45 - 1;
v45 -= 2;
VMStruct[1] = v46;
v47 = *(_BYTE *)(stack_3 + v46);
VMStruct[1] = v45;
v39 = (_BYTE *)(stack_3 + v45);
v48 = *v39 & v47;
VMStruct[1] = v46;
LOBYTE(stack_3) = v48;
goto LABEL_28;
case 16: // pop rax; pop rbx; push rbx|rax; rip+= 1
v41 = VMStruct[1];
stack_3 = *((_QWORD *)VMStruct + 2);
v42 = v41 - 1;
v41 -= 2;
VMStruct[1] = v42;
v43 = *(_BYTE *)(stack_3 + v42);
VMStruct[1] = v41;
v39 = (_BYTE *)(stack_3 + v41);
v44 = *v39 | v43;
VMStruct[1] = v42;
LOBYTE(stack_3) = v44;
goto LABEL_28;
case 17: // pop reg; push -reg; rip+=1
v38 = VMStruct[1];
VMStruct[1] = v38 - 1;
v39 = (_BYTE *)(*((_QWORD *)VMStruct + 2) + v38 - 1);
LODWORD(stack_3) = -(unsigned __int8)*v39;
goto LABEL_27;
case 18: // pop reg; push ~reg; rip+=1
v38 = VMStruct[1];
VMStruct[1] = v38 - 1;
v39 = (_BYTE *)(*((_QWORD *)VMStruct + 2) + v38 - 1);
LOBYTE(stack_3) = ~*v39;
LABEL_27: VMStruct[1] = v38;
LABEL_28: *v39 = stack_3;
code = *((_QWORD *)VMStruct + 1);
rip_ = *VMStruct + 1;
*VMStruct = rip_;
continue;
case 19: // pop rax; pop rbx; if stack[rax] != stack[rbx]: rip+=2
// else rip+=data
data_1 = *(unsigned __int8 *)(code + rip__1 + 1);
v27 = VMStruct[1];
v28 = *((_QWORD *)VMStruct + 2);
v29 = v27 - 1;
v27 -= 2;
VMStruct[1] = v29;
LOBYTE(v29) = *(_BYTE *)(v28 + v29);
VMStruct[1] = v27;
if ( *(_BYTE *)(v28 + v27) != (_BYTE)v29 )
goto LABEL_21;
goto LABEL_15;
case 20: // pop rax; pop rbx; if stack[rax] == stack[rbx]: rip+=2
// else rip+=data
data_2 = *(char *)(code + rip__1 + 1);
v35 = VMStruct[1];
v36 = *((_QWORD *)VMStruct + 2);
v37 = v35 - 1;
v35 -= 2;
VMStruct[1] = v37;
LOBYTE(v37) = *(_BYTE *)(v36 + v37);
VMStruct[1] = v35;
if ( *(_BYTE *)(v36 + v35) == (_BYTE)v37 )
goto LABEL_21;
rip_ = (unsigned int)(data_2 + rip_);
*VMStruct = rip_;
continue;
case 21: // pop rax; pop rbx; if stack[rax] >= stack[rbx]: rip+=2
data_3 = *(char *)(code + rip__1 + 1); // else: rip+=data
v31 = VMStruct[1];
v32 = *((_QWORD *)VMStruct + 2);
v33 = v31 - 1;
v31 -= 2;
VMStruct[1] = v33;
LOBYTE(v33) = *(_BYTE *)(v32 + v33);
VMStruct[1] = v31;
if ( *(_BYTE *)(v32 + v31) <= (unsigned __int8)v33 )
goto LABEL_21;
rip_ = (unsigned int)(data_3 + rip_);
*VMStruct = rip_;
continue;
case 22: // pop rax; pop rbx; if stack[rax] > stack[rbx]: rip+=2
data = *(char *)(code + rip__1 + 1); // else: rip+=data
v24 = VMStruct[1];
v25 = *((_QWORD *)VMStruct + 2);
v26 = v24 - 1;
v24 -= 2;
VMStruct[1] = v26;
LOBYTE(v26) = *(_BYTE *)(v25 + v26);
VMStruct[1] = v24;
if ( *(_BYTE *)(v25 + v24) < (unsigned __int8)v26 )
goto LABEL_21;
rip_ = (unsigned int)(data + rip_);
*VMStruct = rip_;
continue;
case 23: // pop rax; pop rbx; if stack[rax] <= stack[rbx]: rip+=2
v19 = *(char *)(code + rip__1 + 1); // else: rip+=data
v20 = VMStruct[1];
v21 = *((_QWORD *)VMStruct + 2);
v22 = v20 - 1;
v20 -= 2;
VMStruct[1] = v22;
LOBYTE(v22) = *(_BYTE *)(v21 + v22);
VMStruct[1] = v20;
if ( *(_BYTE *)(v21 + v20) >= (unsigned __int8)v22 )
goto LABEL_21;
rip_ = (unsigned int)(v19 + rip_);
*VMStruct = rip_;
continue;
case 24: // pop rax; pop rbx; if stack[rax] < stack[rbx]: rip+=2
data_1 = *(char *)(code + rip__1 + 1); // else rip+=data
v16 = VMStruct[1];
v17 = *((_QWORD *)VMStruct + 2);
v18 = v16 - 1;
v16 -= 2;
VMStruct[1] = v18;
LOBYTE(v18) = *(_BYTE *)(v17 + v18);
VMStruct[1] = v16;
if ( *(_BYTE *)(v17 + v16) > (unsigned __int8)v18 )
{
LABEL_21: rip_ = (unsigned int)(rip_ + 2);
*VMStruct = rip_;
}
else
{
LABEL_15: rip_ = (unsigned int)(data_1 + rip_);
*VMStruct = rip_;
}
continue;
case 25: // pop rax; push *(save_local+rax) rip+=1
v10 = VMStruct[1];
save_cnt_1 = *((_QWORD *)VMStruct + 3);
VMStruct[1] = v10 - 1;
v12 = (_BYTE *)(*((_QWORD *)VMStruct + 2) + (int)(v10 - 1));
v13 = (unsigned __int8)*v12;
goto LABEL_11;
case 26: // pop rax; pop rbx; mov *(save_local+rax), rbx
v5 = VMStruct[1];
stack_5 = *((_QWORD *)VMStruct + 2);
VMStruct[1] = v5 - 1;
v7 = (_BYTE *)(*((_QWORD *)VMStruct + 3) + *(unsigned __int8 *)(stack_5 + (int)(v5 - 1)));
goto LABEL_7;
case 27: // pop rax; push *(save_cnt+rax) rip+=1
v10 = VMStruct[1];
save_cnt_1 = *((_QWORD *)VMStruct + 4);
VMStruct[1] = v10 - 1;
v12 = (_BYTE *)(*((_QWORD *)VMStruct + 2) + (int)(v10 - 1));
v13 = (unsigned __int8)*v12;
LABEL_11: v14 = *(_BYTE *)(save_cnt_1 + v13);
VMStruct[1] = v10;
*v12 = v14;
code = *((_QWORD *)VMStruct + 1);
rip_ = *VMStruct + 1;
*VMStruct = rip_;
continue;
case 28: // pop rax; pop rbx; mov *(save_cnt+rax), rbx; rip+=1
v5 = VMStruct[1];
stack_5 = *((_QWORD *)VMStruct + 2);
VMStruct[1] = v5 - 1;
v7 = (_BYTE *)(*((_QWORD *)VMStruct + 4) + *(unsigned __int8 *)(stack_5 + (int)(v5 - 1)));
LABEL_7: v8 = v5 - 2;
VMStruct[1] = v8;
b = *(_BYTE *)(stack_5 + v8);
LABEL_8: *v7 = b;
LABEL_9: code = *((_QWORD *)VMStruct + 1);
rip_ = *VMStruct + 1;
*VMStruct = rip_;
continue;
case 29: // if *(code+data) <= 29: while_continue
// else: return
// (这个功能就是判断是否执行到了最后,因为给的opcode最后一个就是30)
rip_ = (unsigned int)(*(char *)(code + rip__1 + 1) + (_DWORD)rip_);
rip__1 = (int)rip_;
*VMStruct = rip_;
if ( *(_BYTE *)(code + (int)rip_) <= 29u )
goto LABEL_3;
return rip_;
default:
return rip_;
}
}
}opcode_key = {
1: "getc,push",
2: "pop,putc",
3: "nop",
4: "mov reg0,{}; push reg0",
5: "mov reg1,{}; mov reg0,*(cnt_adr+reg1); push reg0",
6: "pop *(cnt_adr+{})",
7: "mov reg1,{}; mov reg0,*(save_cnt + reg1); push reg0",
8: "pop *(save_local+{})",
9: "pop rax; pop rbx; push rbx+rax",
10: "pop rax; pop rbx; push rbx-rax",
11: "pop rax; pop rbx; push rbx*rax",
12: "pop rax; pop rbx; push rbx/rax",
13: "pop rax; pop rbx; push rbx%rax",
14: "pop eax; pop ebx; push ebx^eax",
15: "pop rax; pop rbx; push rbx&rax",
16: "pop rax; pop rbx; push rbx|rax",
17: "pop reg; push (-reg)",
18: "pop reg; push ~(reg)",
19: "pop rax; pop rbx; if stack[rax]!=stack[rbx]:rip+=2 else:rip+={}",
20: "pop rax; pop rbx; if stack[rax]==stack[rbx]:rip+=2 else:rip+={}",
21: "pop rax; pop rbx; if stack[rax]>=stack[rbx]:rip+=2 else:rip+={}",
22: "pop rax; pop rbx; if stack[rax]>stack[rbx]:rip+=2 else:rip+={}",
23: "pop rax; pop rbx; if stack[rax]<=stack[rbx]:rip+=2 else:rip+={}",
24: "pop rax; pop rbx; if stack[rax]<stack[rbx]:rip+=2 else:rip+={}",
25: "pop rax; push *(save_local+rax)",
26: "pop rax; pop rbx; mov *(save_local+rax), rbx",
27: "pop rax; push *(save_cnt+rax)",
28: "pop rax; pop rbx; mov *(save_cnt+rax), rbx",
29: "exit",
30: "exit"
}
opcode_key = {
1: "getc,push",
2: "pop,putc",
3: "nop",
4: "mov reg0,{}; push reg0",
5: "mov reg1,{}; mov reg0,*(cnt_adr+reg1); push reg0",
6: "pop *(cnt_adr+{})",
7: "mov reg1,{}; mov reg0,*(save_cnt + reg1); push reg0",
8: "pop *(save_local+{})",
9: "pop rax; pop rbx; push rbx+rax",
10: "pop rax; pop rbx; push rbx-rax",
11: "pop rax; pop rbx; push rbx*rax",
12: "pop rax; pop rbx; push rbx/rax",
13: "pop rax; pop rbx; push rbx%rax",
14: "pop eax; pop ebx; push ebx^eax",
15: "pop rax; pop rbx; push rbx&rax",
16: "pop rax; pop rbx; push rbx|rax",
17: "pop reg; push (-reg)",
18: "pop reg; push ~(reg)",
19: "pop rax; pop rbx; if stack[rax]!=stack[rbx]:rip+=2 else:rip+={}",
20: "pop rax; pop rbx; if stack[rax]==stack[rbx]:rip+=2 else:rip+={}",
21: "pop rax; pop rbx; if stack[rax]>=stack[rbx]:rip+=2 else:rip+={}",
22: "pop rax; pop rbx; if stack[rax]>stack[rbx]:rip+=2 else:rip+={}",
23: "pop rax; pop rbx; if stack[rax]<=stack[rbx]:rip+=2 else:rip+={}",
24: "pop rax; pop rbx; if stack[rax]<stack[rbx]:rip+=2 else:rip+={}",
25: "pop rax; push *(save_local+rax)",
26: "pop rax; pop rbx; mov *(save_local+rax), rbx",
27: "pop rax; push *(save_cnt+rax)",
28: "pop rax; pop rbx; mov *(save_cnt+rax), rbx",
29: "exit",
30: "exit"
}
opcode_key = {
1: "push getc",
2: "putc pop",
3: "nop",
4: "push {}",
5: "push *(cnt_adr+{})",
6: "pop *(cnt_adr+{})",
7: "push *(save_local + {})",
8: "pop *(save_local+{})",
9: "pop rax; pop rbx; push rbx+rax",
10: "pop rax; pop rbx; push rbx-rax",
11: "pop rax; pop rbx; push rbx*rax",
12: "pop rax; pop rbx; push rbx/rax",
13: "pop rax; pop rbx; push rbx%rax",
14: "pop eax; pop ebx; push ebx^eax",
15: "pop rax; pop rbx; push rbx&rax",
16: "pop rax; pop rbx; push rbx|rax",
17: "pop reg; push (-reg)",
18: "pop reg; push ~(reg)",
19: "pop rax; pop rbx; if stack[rax]!=stack[rbx]:rip+=2 else:rip+={}",
20: "pop rax; pop rbx; if stack[rax]==stack[rbx]:rip+=2 else:rip+={}",
21: "pop rax; pop rbx; if stack[rax]>=stack[rbx]:rip+=2 else:rip+={}",
22: "pop rax; pop rbx; if stack[rax]>stack[rbx]:rip+=2 else:rip+={}",
23: "pop rax; pop rbx; if stack[rax]<=stack[rbx]:rip+=2 else:rip+={}",
24: "pop rax; pop rbx; if stack[rax]<stack[rbx]:rip+=2 else:rip+={}",
25: "pop rax; push *(save_local+rax)",
26: "pop rax; pop rbx; mov *(save_local+rax), rbx",
27: "pop rax; push *(save_cnt+rax)",
28: "pop rax; pop rbx; mov *(save_cnt+rax), rbx",
29: "jmp {}",
30: "exit"
}
opcode_key = {
1: "push getc",
2: "putc pop",
3: "nop",
4: "push {}",
5: "push *(cnt_adr+{})",
6: "pop *(cnt_adr+{})",
7: "push *(save_local + {})",
8: "pop *(save_local+{})",
9: "pop rax; pop rbx; push rbx+rax",
10: "pop rax; pop rbx; push rbx-rax",
11: "pop rax; pop rbx; push rbx*rax",
12: "pop rax; pop rbx; push rbx/rax",
13: "pop rax; pop rbx; push rbx%rax",
14: "pop eax; pop ebx; push ebx^eax",
15: "pop rax; pop rbx; push rbx&rax",
16: "pop rax; pop rbx; push rbx|rax",
17: "pop reg; push (-reg)",
18: "pop reg; push ~(reg)",
19: "pop rax; pop rbx; if stack[rax]!=stack[rbx]:rip+=2 else:rip+={}",
20: "pop rax; pop rbx; if stack[rax]==stack[rbx]:rip+=2 else:rip+={}",
21: "pop rax; pop rbx; if stack[rax]>=stack[rbx]:rip+=2 else:rip+={}",
22: "pop rax; pop rbx; if stack[rax]>stack[rbx]:rip+=2 else:rip+={}",
23: "pop rax; pop rbx; if stack[rax]<=stack[rbx]:rip+=2 else:rip+={}",
24: "pop rax; pop rbx; if stack[rax]<stack[rbx]:rip+=2 else:rip+={}",
25: "pop rax; push *(save_local+rax)",
26: "pop rax; pop rbx; mov *(save_local+rax), rbx",
27: "pop rax; push *(save_cnt+rax)",
28: "pop rax; pop rbx; mov *(save_cnt+rax), rbx",
29: "jmp {}",
30: "exit"
}
# _*_ coding: utf-8 _*_# editor: SYJ# function: Reversed By SYJ# describe:"""# first_part: 给一个数组赋值code_index = 0 # x在opcode_team中的下标while code_index <= 0xA6: x = opcode_team[code_index]
if x in opcode_key:
print(opcode_key[x].format(hex(opcode_team[code_index+1])))
code_index += 2
# print(hex(code_index))[0x66, 0x4E, 0xA9, 0xFD, 0x3C, 0x55, 0x90, 0x24, 0x57, 0xF6, 0x5D, 0xB1, 0x01, 0x20, 0x81, 0xFD, 0x36, 0xA9, 0x1F, 0xA1, 0x0E, 0x0D, 0x80, 0x8F, 0xCE, 0x77, 0xE8, 0x23, 0x9E, 0x27, 0x60, 0x2F, 0xA5, 0xCF, 0x1B, 0xBD, 0x32, 0xDB, 0xFF, 0x28, 0xA4, 0x5D]# second_partwhile code_index <= 0x124: x = opcode_team[code_index]
if x == 1:
print(opcode_key[x])
code_index += 1
elif x == 8:
print(opcode_key[x].format(hex(opcode_team[code_index+1])))
code_index += 2
# print(hex(code_index))"""import ctypes
opcode_team = [0x04, 0x66, 0x08, 0x32, 0x04, 0x4E, 0x08, 0x33, 0x04, 0xA9, 0x08, 0x34, 0x04, 0xFD, 0x08, 0x35, 0x04, 0x3C, 0x08, 0x36, 0x04, 0x55, 0x08, 0x37, 0x04, 0x90, 0x08, 0x38, 0x04, 0x24, 0x08, 0x39, 0x04, 0x57, 0x08, 0x3A, 0x04, 0xF6, 0x08, 0x3B, 0x04, 0x5D, 0x08, 0x3C, 0x04, 0xB1, 0x08, 0x3D, 0x04, 0x01, 0x08, 0x3E, 0x04, 0x20, 0x08, 0x3F, 0x04, 0x81, 0x08, 0x40, 0x04, 0xFD, 0x08, 0x41, 0x04, 0x36, 0x08, 0x42, 0x04, 0xA9, 0x08, 0x43, 0x04, 0x1F, 0x08, 0x44, 0x04, 0xA1, 0x08, 0x45, 0x04, 0x0E, 0x08, 0x46, 0x04, 0x0D, 0x08, 0x47, 0x04, 0x80, 0x08, 0x48, 0x04, 0x8F, 0x08, 0x49, 0x04, 0xCE, 0x08, 0x4A, 0x04, 0x77, 0x08, 0x4B, 0x04, 0xE8, 0x08, 0x4C, 0x04, 0x23, 0x08, 0x4D, 0x04, 0x9E, 0x08, 0x4E, 0x04, 0x27, 0x08, 0x4F, 0x04, 0x60, 0x08, 0x50, 0x04, 0x2F, 0x08, 0x51, 0x04, 0xA5, 0x08, 0x52, 0x04, 0xCF, 0x08, 0x53, 0x04, 0x1B, 0x08, 0x54, 0x04, 0xBD, 0x08, 0x55, 0x04, 0x32, 0x08, 0x56, 0x04, 0xDB, 0x08, 0x57, 0x04, 0xFF, 0x08, 0x58, 0x04, 0x28, 0x08, 0x59, 0x04, 0xA4, 0x08, 0x5A, 0x04, 0x5D, 0x08, 0x5B, 0x01, 0x08, 0x64, 0x01, 0x08, 0x65, 0x01, 0x08, 0x66, 0x01, 0x08, 0x67, 0x01, 0x08, 0x68, 0x01, 0x08, 0x69, 0x01, 0x08, 0x6A, 0x01, 0x08, 0x6B, 0x01, 0x08, 0x6C, 0x01, 0x08, 0x6D, 0x01, 0x08, 0x6E, 0x01, 0x08, 0x6F, 0x01, 0x08, 0x70, 0x01, 0x08, 0x71, 0x01, 0x08, 0x72, 0x01, 0x08, 0x73, 0x01, 0x08, 0x74, 0x01, 0x08, 0x75, 0x01, 0x08, 0x76, 0x01, 0x08, 0x77, 0x01, 0x08, 0x78, 0x01, 0x08, 0x79, 0x01, 0x08, 0x7A, 0x01, 0x08, 0x7B, 0x01, 0x08, 0x7C, 0x01, 0x08, 0x7D, 0x01, 0x08, 0x7E, 0x01, 0x08, 0x7F, 0x01, 0x08, 0x80, 0x01, 0x08, 0x81, 0x01, 0x08, 0x82, 0x01, 0x08, 0x83, 0x01, 0x08, 0x84, 0x01, 0x08, 0x85, 0x01, 0x08, 0x86, 0x01, 0x08, 0x87, 0x01, 0x08, 0x88, 0x01, 0x08, 0x89, 0x01, 0x08, 0x8A, 0x01, 0x08, 0x8B, 0x01, 0x08, 0x8C, 0x01, 0x08, 0x8D, 0x04, 0x00, 0x06, 0x00, 0x05, 0x00, 0x04, 0x07, 0x16, 0x56, 0x04, 0x00, 0x06, 0x01, 0x05, 0x01, 0x04, 0x06, 0x16, 0x42, 0x05, 0x00, 0x04, 0x06, 0x0B, 0x05, 0x01, 0x09, 0x04, 0x64, 0x09, 0x19, 0x12, 0x05, 0x00, 0x05, 0x01, 0x04, 0x02, 0x09, 0x0B, 0x0F, 0x04, 0x64, 0x05, 0x00, 0x04, 0x06, 0x0B, 0x05, 0x01, 0x09, 0x09, 0x19, 0x05, 0x00, 0x05, 0x01, 0x04, 0x02, 0x09, 0x0B, 0x12, 0x0F, 0x10, 0x05, 0x01, 0x04, 0x07, 0x0B, 0x05, 0x00, 0x09, 0x1A, 0x05, 0x01, 0x04, 0x01, 0x09, 0x04, 0x01, 0x1C, 0x1D, 0xBC, 0x05, 0x00, 0x04, 0x01, 0x09, 0x04, 0x00, 0x1C, 0x1D, 0xA8, 0x04, 0x01, 0x06, 0x00, 0x05, 0x00, 0x04, 0x2A, 0x16, 0x34, 0x05, 0x00, 0x04, 0x02, 0x0D, 0x04, 0x00, 0x14, 0x0F, 0x05, 0x00, 0x19, 0x05, 0x00, 0x04, 0x01, 0x0A, 0x19, 0x09, 0x05, 0x00, 0x1A, 0x05, 0x00, 0x04, 0x02, 0x0D, 0x04, 0x01, 0x14, 0x0B, 0x04, 0x6B, 0x05, 0x00, 0x19, 0x0B, 0x05, 0x00, 0x1A, 0x05, 0x00, 0x04, 0x01, 0x09, 0x04, 0x00, 0x1C, 0x1D, 0xCA, 0x04, 0x00, 0x06, 0x00, 0x05, 0x00, 0x04, 0x29, 0x18, 0x04, 0x1D, 0x1B, 0x05, 0x00, 0x19, 0x04, 0x32, 0x05, 0x00, 0x09, 0x19, 0x14, 0x0C, 0x05, 0x00, 0x04, 0x01, 0x09, 0x04, 0x00, 0x1C, 0x1D, 0xE5, 0x04, 0x6E, 0x02, 0x1E, 0x04, 0x79, 0x02, 0x1E]
opcode_key = {
1: "push getc",
2: "putc pop",
3: "nop",
4: "push {}",
5: "push *(cnt_adr+{})",
6: "pop *(cnt_adr+{})",
7: "push *(save_local + {})",
8: "pop *(save_local+{})",
9: "pop rax; pop rbx; push rbx+rax",
10: "pop rax; pop rbx; push rbx-rax",
11: "pop rax; pop rbx; push rbx*rax",
12: "pop rax; pop rbx; push rbx/rax",
13: "pop rax; pop rbx; push rbx%rax",
14: "pop eax; pop ebx; push ebx^eax",
15: "pop rax; pop rbx; push rbx&rax",
16: "pop rax; pop rbx; push rbx|rax",
17: "pop reg; push (-reg)",
18: "pop reg; push ~(reg)",
19: "pop rax; pop rbx; if stack[rax]!=stack[rbx]:rip+=2 else:rip+={}",
20: "pop rax; pop rbx; if stack[rax]==stack[rbx]:rip+=2 else:rip+={}",
21: "pop rax; pop rbx; if stack[rax]>=stack[rbx]:rip+=2 else:rip+={}",
22: "pop rax; pop rbx; if stack[rax]>stack[rbx]:rip+=2 else:rip+={}",
23: "pop rax; pop rbx; if stack[rax]<=stack[rbx]:rip+=2 else:rip+={}",
24: "pop rax; pop rbx; if stack[rax]<stack[rbx]:rip+=2 else:rip+={}",
25: "pop rax; push *(save_local+rax)",
26: "pop rax; pop rbx; mov *(save_local+rax), rbx",
27: "pop rax; push *(save_cnt+rax)",
28: "pop rax; pop rbx; mov *(save_cnt+rax), rbx",
29: "jmp {}",
30: "exit"
}
code_index = 0
judge = [19, 20, 21, 22, 23, 24] # 存放那几个跳转的opcode
change1 = [1, 2, 3, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 25, 26, 27, 28] # rip+=1
change2 = [4, 5, 6, 7, 8] # rip+=2
while code_index <= 0x1E8:
x = opcode_team[code_index]
if x in change1:
print("_" + hex(code_index) + ": " + opcode_key[x])
if x == 2 and opcode_team[code_index+1] == 0x1E:
code_index += 2
continue
code_index += 1
elif x in change2:
print("_" + hex(code_index) + ": " + opcode_key[x].format(hex(opcode_team[code_index+1])))
code_index += 2
elif x == 19:
print("_" + hex(code_index) + ": " + opcode_key[x].format(hex(code_index+2), hex(code_index+opcode_team[code_index+1])))
code_index += 2
elif x == 20:
print("_" + hex(code_index) + ": " + opcode_key[x].format(hex(code_index+2), hex(code_index+opcode_team[code_index+1])))
code_index += 2
elif x == 21:
print("_" + hex(code_index) + ": " + opcode_key[x].format(hex(code_index+2), hex(code_index+opcode_team[code_index+1])))
code_index += 2
elif x == 22:
print("_" + hex(code_index) + ": " + opcode_key[x].format(hex(code_index+2), hex(code_index+opcode_team[code_index+1])))
code_index += 2
elif x == 23:
print("_" + hex(code_index) + ": " + opcode_key[x].format(hex(code_index+2), hex(code_index+opcode_team[code_index+1])))
code_index += 2
elif x == 24:
print("_" + hex(code_index) + ": " + opcode_key[x].format(hex(code_index+2), hex(code_index+opcode_team[code_index+1])))
code_index += 2
elif x == 29:
print("_" + hex(code_index) + ": " + opcode_key[x].format(hex(eval(hex(code_index)+"+"+(str(ctypes.c_byte(opcode_team[code_index+1]))[7:-1])))))
code_index += 2
else:
continue
# _*_ coding: utf-8 _*_# editor: SYJ# function: Reversed By SYJ# describe:"""# first_part: 给一个数组赋值code_index = 0 # x在opcode_team中的下标while code_index <= 0xA6: x = opcode_team[code_index]
if x in opcode_key:
print(opcode_key[x].format(hex(opcode_team[code_index+1])))
code_index += 2
# print(hex(code_index))[0x66, 0x4E, 0xA9, 0xFD, 0x3C, 0x55, 0x90, 0x24, 0x57, 0xF6, 0x5D, 0xB1, 0x01, 0x20, 0x81, 0xFD, 0x36, 0xA9, 0x1F, 0xA1, 0x0E, 0x0D, 0x80, 0x8F, 0xCE, 0x77, 0xE8, 0x23, 0x9E, 0x27, 0x60, 0x2F, 0xA5, 0xCF, 0x1B, 0xBD, 0x32, 0xDB, 0xFF, 0x28, 0xA4, 0x5D]# second_partwhile code_index <= 0x124: x = opcode_team[code_index]
if x == 1:
print(opcode_key[x])
code_index += 1
elif x == 8:
print(opcode_key[x].format(hex(opcode_team[code_index+1])))
code_index += 2
# print(hex(code_index))"""import ctypes
opcode_team = [0x04, 0x66, 0x08, 0x32, 0x04, 0x4E, 0x08, 0x33, 0x04, 0xA9, 0x08, 0x34, 0x04, 0xFD, 0x08, 0x35, 0x04, 0x3C, 0x08, 0x36, 0x04, 0x55, 0x08, 0x37, 0x04, 0x90, 0x08, 0x38, 0x04, 0x24, 0x08, 0x39, 0x04, 0x57, 0x08, 0x3A, 0x04, 0xF6, 0x08, 0x3B, 0x04, 0x5D, 0x08, 0x3C, 0x04, 0xB1, 0x08, 0x3D, 0x04, 0x01, 0x08, 0x3E, 0x04, 0x20, 0x08, 0x3F, 0x04, 0x81, 0x08, 0x40, 0x04, 0xFD, 0x08, 0x41, 0x04, 0x36, 0x08, 0x42, 0x04, 0xA9, 0x08, 0x43, 0x04, 0x1F, 0x08, 0x44, 0x04, 0xA1, 0x08, 0x45, 0x04, 0x0E, 0x08, 0x46, 0x04, 0x0D, 0x08, 0x47, 0x04, 0x80, 0x08, 0x48, 0x04, 0x8F, 0x08, 0x49, 0x04, 0xCE, 0x08, 0x4A, 0x04, 0x77, 0x08, 0x4B, 0x04, 0xE8, 0x08, 0x4C, 0x04, 0x23, 0x08, 0x4D, 0x04, 0x9E, 0x08, 0x4E, 0x04, 0x27, 0x08, 0x4F, 0x04, 0x60, 0x08, 0x50, 0x04, 0x2F, 0x08, 0x51, 0x04, 0xA5, 0x08, 0x52, 0x04, 0xCF, 0x08, 0x53, 0x04, 0x1B, 0x08, 0x54, 0x04, 0xBD, 0x08, 0x55, 0x04, 0x32, 0x08, 0x56, 0x04, 0xDB, 0x08, 0x57, 0x04, 0xFF, 0x08, 0x58, 0x04, 0x28, 0x08, 0x59, 0x04, 0xA4, 0x08, 0x5A, 0x04, 0x5D, 0x08, 0x5B, 0x01, 0x08, 0x64, 0x01, 0x08, 0x65, 0x01, 0x08, 0x66, 0x01, 0x08, 0x67, 0x01, 0x08, 0x68, 0x01, 0x08, 0x69, 0x01, 0x08, 0x6A, 0x01, 0x08, 0x6B, 0x01, 0x08, 0x6C, 0x01, 0x08, 0x6D, 0x01, 0x08, 0x6E, 0x01, 0x08, 0x6F, 0x01, 0x08, 0x70, 0x01, 0x08, 0x71, 0x01, 0x08, 0x72, 0x01, 0x08, 0x73, 0x01, 0x08, 0x74, 0x01, 0x08, 0x75, 0x01, 0x08, 0x76, 0x01, 0x08, 0x77, 0x01, 0x08, 0x78, 0x01, 0x08, 0x79, 0x01, 0x08, 0x7A, 0x01, 0x08, 0x7B, 0x01, 0x08, 0x7C, 0x01, 0x08, 0x7D, 0x01, 0x08, 0x7E, 0x01, 0x08, 0x7F, 0x01, 0x08, 0x80, 0x01, 0x08, 0x81, 0x01, 0x08, 0x82, 0x01, 0x08, 0x83, 0x01, 0x08, 0x84, 0x01, 0x08, 0x85, 0x01, 0x08, 0x86, 0x01, 0x08, 0x87, 0x01, 0x08, 0x88, 0x01, 0x08, 0x89, 0x01, 0x08, 0x8A, 0x01, 0x08, 0x8B, 0x01, 0x08, 0x8C, 0x01, 0x08, 0x8D, 0x04, 0x00, 0x06, 0x00, 0x05, 0x00, 0x04, 0x07, 0x16, 0x56, 0x04, 0x00, 0x06, 0x01, 0x05, 0x01, 0x04, 0x06, 0x16, 0x42, 0x05, 0x00, 0x04, 0x06, 0x0B, 0x05, 0x01, 0x09, 0x04, 0x64, 0x09, 0x19, 0x12, 0x05, 0x00, 0x05, 0x01, 0x04, 0x02, 0x09, 0x0B, 0x0F, 0x04, 0x64, 0x05, 0x00, 0x04, 0x06, 0x0B, 0x05, 0x01, 0x09, 0x09, 0x19, 0x05, 0x00, 0x05, 0x01, 0x04, 0x02, 0x09, 0x0B, 0x12, 0x0F, 0x10, 0x05, 0x01, 0x04, 0x07, 0x0B, 0x05, 0x00, 0x09, 0x1A, 0x05, 0x01, 0x04, 0x01, 0x09, 0x04, 0x01, 0x1C, 0x1D, 0xBC, 0x05, 0x00, 0x04, 0x01, 0x09, 0x04, 0x00, 0x1C, 0x1D, 0xA8, 0x04, 0x01, 0x06, 0x00, 0x05, 0x00, 0x04, 0x2A, 0x16, 0x34, 0x05, 0x00, 0x04, 0x02, 0x0D, 0x04, 0x00, 0x14, 0x0F, 0x05, 0x00, 0x19, 0x05, 0x00, 0x04, 0x01, 0x0A, 0x19, 0x09, 0x05, 0x00, 0x1A, 0x05, 0x00, 0x04, 0x02, 0x0D, 0x04, 0x01, 0x14, 0x0B, 0x04, 0x6B, 0x05, 0x00, 0x19, 0x0B, 0x05, 0x00, 0x1A, 0x05, 0x00, 0x04, 0x01, 0x09, 0x04, 0x00, 0x1C, 0x1D, 0xCA, 0x04, 0x00, 0x06, 0x00, 0x05, 0x00, 0x04, 0x29, 0x18, 0x04, 0x1D, 0x1B, 0x05, 0x00, 0x19, 0x04, 0x32, 0x05, 0x00, 0x09, 0x19, 0x14, 0x0C, 0x05, 0x00, 0x04, 0x01, 0x09, 0x04, 0x00, 0x1C, 0x1D, 0xE5, 0x04, 0x6E, 0x02, 0x1E, 0x04, 0x79, 0x02, 0x1E]
opcode_key = {
1: "push getc",
2: "putc pop",
3: "nop",
4: "push {}",
5: "push *(cnt_adr+{})",
6: "pop *(cnt_adr+{})",
7: "push *(save_local + {})",
8: "pop *(save_local+{})",
9: "pop rax; pop rbx; push rbx+rax",
10: "pop rax; pop rbx; push rbx-rax",
11: "pop rax; pop rbx; push rbx*rax",
12: "pop rax; pop rbx; push rbx/rax",
13: "pop rax; pop rbx; push rbx%rax",
14: "pop eax; pop ebx; push ebx^eax",
15: "pop rax; pop rbx; push rbx&rax",
16: "pop rax; pop rbx; push rbx|rax",
17: "pop reg; push (-reg)",
18: "pop reg; push ~(reg)",
19: "pop rax; pop rbx; if stack[rax]!=stack[rbx]:rip+=2 else:rip+={}",
20: "pop rax; pop rbx; if stack[rax]==stack[rbx]:rip+=2 else:rip+={}",
21: "pop rax; pop rbx; if stack[rax]>=stack[rbx]:rip+=2 else:rip+={}",
22: "pop rax; pop rbx; if stack[rax]>stack[rbx]:rip+=2 else:rip+={}",
23: "pop rax; pop rbx; if stack[rax]<=stack[rbx]:rip+=2 else:rip+={}",
24: "pop rax; pop rbx; if stack[rax]<stack[rbx]:rip+=2 else:rip+={}",
25: "pop rax; push *(save_local+rax)",
26: "pop rax; pop rbx; mov *(save_local+rax), rbx",
27: "pop rax; push *(save_cnt+rax)",
28: "pop rax; pop rbx; mov *(save_cnt+rax), rbx",
29: "jmp {}",
30: "exit"
}
code_index = 0
judge = [19, 20, 21, 22, 23, 24] # 存放那几个跳转的opcode
change1 = [1, 2, 3, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 25, 26, 27, 28] # rip+=1
change2 = [4, 5, 6, 7, 8] # rip+=2
while code_index <= 0x1E8:
x = opcode_team[code_index]
if x in change1:
print("_" + hex(code_index) + ": " + opcode_key[x])
if x == 2 and opcode_team[code_index+1] == 0x1E:
code_index += 2
continue
code_index += 1
elif x in change2:
print("_" + hex(code_index) + ": " + opcode_key[x].format(hex(opcode_team[code_index+1])))
code_index += 2
elif x == 19:
print("_" + hex(code_index) + ": " + opcode_key[x].format(hex(code_index+2), hex(code_index+opcode_team[code_index+1])))
code_index += 2
elif x == 20:
print("_" + hex(code_index) + ": " + opcode_key[x].format(hex(code_index+2), hex(code_index+opcode_team[code_index+1])))
code_index += 2
elif x == 21:
print("_" + hex(code_index) + ": " + opcode_key[x].format(hex(code_index+2), hex(code_index+opcode_team[code_index+1])))
code_index += 2
elif x == 22:
print("_" + hex(code_index) + ": " + opcode_key[x].format(hex(code_index+2), hex(code_index+opcode_team[code_index+1])))
code_index += 2
elif x == 23:
print("_" + hex(code_index) + ": " + opcode_key[x].format(hex(code_index+2), hex(code_index+opcode_team[code_index+1])))
code_index += 2
elif x == 24:
print("_" + hex(code_index) + ": " + opcode_key[x].format(hex(code_index+2), hex(code_index+opcode_team[code_index+1])))
code_index += 2
elif x == 29:
print("_" + hex(code_index) + ": " + opcode_key[x].format(hex(eval(hex(code_index)+"+"+(str(ctypes.c_byte(opcode_team[code_index+1]))[7:-1])))))
code_index += 2
else:
continue
_0x0: push 0x66
_0x2: pop *(save_local+0x32)
_0x4: push 0x4e
_0x6: pop *(save_local+0x33)
_0x8: push 0xa9
_0xa: pop *(save_local+0x34)
_0xc: push 0xfd
_0xe: pop *(save_local+0x35)
_0x10: push 0x3c
_0x12: pop *(save_local+0x36)
_0x14: push 0x55
_0x16: pop *(save_local+0x37)
_0x18: push 0x90
_0x1a: pop *(save_local+0x38)
_0x1c: push 0x24
_0x1e: pop *(save_local+0x39)
_0x20: push 0x57
_0x22: pop *(save_local+0x3a)
_0x24: push 0xf6
_0x26: pop *(save_local+0x3b)
_0x28: push 0x5d
_0x2a: pop *(save_local+0x3c)
_0x2c: push 0xb1
_0x2e: pop *(save_local+0x3d)
_0x30: push 0x1
_0x32: pop *(save_local+0x3e)
_0x34: push 0x20
_0x36: pop *(save_local+0x3f)
_0x38: push 0x81
_0x3a: pop *(save_local+0x40)
_0x3c: push 0xfd
_0x3e: pop *(save_local+0x41)
_0x40: push 0x36
_0x42: pop *(save_local+0x42)
_0x44: push 0xa9
_0x46: pop *(save_local+0x43)
_0x48: push 0x1f
_0x4a: pop *(save_local+0x44)
_0x4c: push 0xa1
_0x4e: pop *(save_local+0x45)
_0x50: push 0xe
_0x52: pop *(save_local+0x46)
_0x54: push 0xd
_0x56: pop *(save_local+0x47)
_0x58: push 0x80
_0x5a: pop *(save_local+0x48)
_0x5c: push 0x8f
_0x5e: pop *(save_local+0x49)
_0x60: push 0xce
_0x62: pop *(save_local+0x4a)
_0x64: push 0x77
_0x66: pop *(save_local+0x4b)
_0x68: push 0xe8
_0x6a: pop *(save_local+0x4c)
_0x6c: push 0x23
_0x6e: pop *(save_local+0x4d)
_0x70: push 0x9e
_0x72: pop *(save_local+0x4e)
_0x74: push 0x27
_0x76: pop *(save_local+0x4f)
_0x78: push 0x60
_0x7a: pop *(save_local+0x50)
_0x7c: push 0x2f
_0x7e: pop *(save_local+0x51)
_0x80: push 0xa5
_0x82: pop *(save_local+0x52)
_0x84: push 0xcf
_0x86: pop *(save_local+0x53)
_0x88: push 0x1b
_0x8a: pop *(save_local+0x54)
_0x8c: push 0xbd
_0x8e: pop *(save_local+0x55)
_0x90: push 0x32
_0x92: pop *(save_local+0x56)
_0x94: push 0xdb
_0x96: pop *(save_local+0x57)
_0x98: push 0xff
_0x9a: pop *(save_local+0x58)
_0x9c: push 0x28
_0x9e: pop *(save_local+0x59)
_0xa0: push 0xa4
_0xa2: pop *(save_local+0x5a)
_0xa4: push 0x5d
_0xa6: pop *(save_local+0x5b)
_0xa8: push getc_0xa9: pop *(save_local+0x64)
_0xab: push getc_0xac: pop *(save_local+0x65)
_0xae: push getc_0xaf: pop *(save_local+0x66)
_0xb1: push getc_0xb2: pop *(save_local+0x67)
_0xb4: push getc_0xb5: pop *(save_local+0x68)
_0xb7: push getc_0xb8: pop *(save_local+0x69)
_0xba: push getc_0xbb: pop *(save_local+0x6a)
_0xbd: push getc_0xbe: pop *(save_local+0x6b)
_0xc0: push getc_0xc1: pop *(save_local+0x6c)
_0xc3: push getc_0xc4: pop *(save_local+0x6d)
_0xc6: push getc_0xc7: pop *(save_local+0x6e)
_0xc9: push getc_0xca: pop *(save_local+0x6f)
_0xcc: push getc_0xcd: pop *(save_local+0x70)
_0xcf: push getc_0xd0: pop *(save_local+0x71)
_0xd2: push getc_0xd3: pop *(save_local+0x72)
_0xd5: push getc_0xd6: pop *(save_local+0x73)
_0xd8: push getc_0xd9: pop *(save_local+0x74)
_0xdb: push getc_0xdc: pop *(save_local+0x75)
_0xde: push getc_0xdf: pop *(save_local+0x76)
_0xe1: push getc_0xe2: pop *(save_local+0x77)
_0xe4: push getc_0xe5: pop *(save_local+0x78)
_0xe7: push getc_0xe8: pop *(save_local+0x79)
_0xea: push getc_0xeb: pop *(save_local+0x7a)
_0xed: push getc_0xee: pop *(save_local+0x7b)
_0xf0: push getc_0xf1: pop *(save_local+0x7c)
_0xf3: push getc_0xf4: pop *(save_local+0x7d)
_0xf6: push getc_0xf7: pop *(save_local+0x7e)
_0xf9: push getc_0xfa: pop *(save_local+0x7f)
_0xfc: push getc_0xfd: pop *(save_local+0x80)
_0xff: push getc_0x100: pop *(save_local+0x81)
_0x102: push getc_0x103: pop *(save_local+0x82)
_0x105: push getc_0x106: pop *(save_local+0x83)
_0x108: push getc_0x109: pop *(save_local+0x84)
_0x10b: push getc_0x10c: pop *(save_local+0x85)
_0x10e: push getc_0x10f: pop *(save_local+0x86)
_0x111: push getc_0x112: pop *(save_local+0x87)
_0x114: push getc_0x115: pop *(save_local+0x88)
_0x117: push getc_0x118: pop *(save_local+0x89)
_0x11a: push getc_0x11b: pop *(save_local+0x8a)
_0x11d: push getc_0x11e: pop *(save_local+0x8b)
_0x120: push getc_0x121: pop *(save_local+0x8c)
_0x123: push getc_0x124: pop *(save_local+0x8d)
_0x126: push 0x0
_0x128: pop *(cnt_adr+0x0)
_0x12a: push *(cnt_adr+0x0)
_0x12c: push 0x7
_0x12e: pop rax; pop rbx; if stack[rax]>stack[rbx]:rip+=2 else:rip+=0x130
_0x130: push 0x0
_0x132: pop *(cnt_adr+0x1)
_0x134: push *(cnt_adr+0x1)
_0x136: push 0x6
_0x138: pop rax; pop rbx; if stack[rax]>stack[rbx]:rip+=2 else:rip+=0x13a
_0x13a: push *(cnt_adr+0x0)
_0x13c: push 0x6
_0x13e: pop rax; pop rbx; push rbx*rax
_0x13f: push *(cnt_adr+0x1)
_0x141: pop rax; pop rbx; push rbx+rax
_0x142: push 0x64
_0x144: pop rax; pop rbx; push rbx+rax
_0x145: pop rax; push *(save_local+rax)
_0x146: pop reg; push ~(reg)_0x147: push *(cnt_adr+0x0)
_0x149: push *(cnt_adr+0x1)
_0x14b: push 0x2
_0x14d: pop rax; pop rbx; push rbx+rax
_0x14e: pop rax; pop rbx; push rbx*rax
_0x14f: pop rax; pop rbx; push rbx&rax_0x150: push 0x64
_0x152: push *(cnt_adr+0x0)
_0x154: push 0x6
_0x156: pop rax; pop rbx; push rbx*rax
_0x157: push *(cnt_adr+0x1)
_0x159: pop rax; pop rbx; push rbx+rax
_0x15a: pop rax; pop rbx; push rbx+rax
_0x15b: pop rax; push *(save_local+rax)
_0x15c: push *(cnt_adr+0x0)
_0x15e: push *(cnt_adr+0x1)
_0x160: push 0x2
_0x162: pop rax; pop rbx; push rbx+rax
_0x163: pop rax; pop rbx; push rbx*rax
_0x164: pop reg; push ~(reg)_0x165: pop rax; pop rbx; push rbx&rax_0x166: pop rax; pop rbx; push rbx|rax_0x167: push *(cnt_adr+0x1)
_0x169: push 0x7
_0x16b: pop rax; pop rbx; push rbx*rax
_0x16c: push *(cnt_adr+0x0)
_0x16e: pop rax; pop rbx; push rbx+rax
_0x16f: pop rax; pop rbx; mov *(save_local+rax), rbx
_0x170: push *(cnt_adr+0x1)
_0x172: push 0x1
_0x174: pop rax; pop rbx; push rbx+rax
_0x175: push 0x1
_0x177: pop rax; pop rbx; mov *(save_cnt+rax), rbx
_0x178: jmp 0x134
_0x17a: push *(cnt_adr+0x0)
_0x17c: push 0x1
_0x17e: pop rax; pop rbx; push rbx+rax
_0x17f: push 0x0
_0x181: pop rax; pop rbx; mov *(save_cnt+rax), rbx
_0x182: jmp 0x12a
_0x184: push 0x1
_0x186: pop *(cnt_adr+0x0)
_0x188: push *(cnt_adr+0x0)
_0x18a: push 0x2a
_0x18c: pop rax; pop rbx; if stack[rax]>stack[rbx]:rip+=2 else:rip+=0x18e
_0x18e: push *(cnt_adr+0x0)
_0x190: push 0x2
_0x192: pop rax; pop rbx; push rbx%rax
_0x193: push 0x0
_0x195: pop rax; pop rbx; if stack[rax]==stack[rbx]:rip+=2 else:rip+=0x197
_0x197: push *(cnt_adr+0x0)
_0x199: pop rax; push *(save_local+rax)
_0x19a: push *(cnt_adr+0x0)
_0x19c: push 0x1
_0x19e: pop rax; pop rbx; push rbx-rax
_0x19f: pop rax; push *(save_local+rax)
_0x1a0: pop rax; pop rbx; push rbx+rax
_0x1a1: push *(cnt_adr+0x0)
_0x1a3: pop rax; pop rbx; mov *(save_local+rax), rbx
_0x1a4: push *(cnt_adr+0x0)
_0x1a6: push 0x2
_0x1a8: pop rax; pop rbx; push rbx%rax
_0x1a9: push 0x1
_0x1ab: pop rax; pop rbx; if stack[rax]==stack[rbx]:rip+=2 else:rip+=0x1ad
_0x1ad: push 0x6b
_0x1af: push *(cnt_adr+0x0)
_0x1b1: pop rax; push *(save_local+rax)
_0x1b2: pop rax; pop rbx; push rbx*rax
_0x1b3: push *(cnt_adr+0x0)
_0x1b5: pop rax; pop rbx; mov *(save_local+rax), rbx
_0x1b6: push *(cnt_adr+0x0)
_0x1b8: push 0x1
_0x1ba: pop rax; pop rbx; push rbx+rax
_0x1bb: push 0x0
_0x1bd: pop rax; pop rbx; mov *(save_cnt+rax), rbx
_0x1be: jmp 0x188
_0x1c0: push 0x0
_0x1c2: pop *(cnt_adr+0x0)
_0x1c4: push *(cnt_adr+0x0)
_0x1c6: push 0x29
_0x1c8: pop rax; pop rbx; if stack[rax]<stack[rbx]:rip+=2 else:rip+=0x1ca
_0x1ca: jmp 0x1e5
_0x1cc: push *(cnt_adr+0x0)
_0x1ce: pop rax; push *(save_local+rax)
_0x1cf: push 0x32
_0x1d1: push *(cnt_adr+0x0)
_0x1d3: pop rax; pop rbx; push rbx+rax
_0x1d4: pop rax; push *(save_local+rax)
_0x1d5: pop rax; pop rbx; if stack[rax]==stack[rbx]:rip+=2 else:rip+=0x1d7
_0x1d7: push *(cnt_adr+0x0)
_0x1d9: push 0x1
_0x1db: pop rax; pop rbx; push rbx+rax
_0x1dc: push 0x0
_0x1de: pop rax; pop rbx; mov *(save_cnt+rax), rbx
_0x1df: jmp 0x1c4
_0x1e1: push 0x6e
_0x1e3: putc pop_0x1e5: push 0x79
_0x1e7: putc pop_0x0: push 0x66
_0x2: pop *(save_local+0x32)
_0x4: push 0x4e
_0x6: pop *(save_local+0x33)
_0x8: push 0xa9
_0xa: pop *(save_local+0x34)
_0xc: push 0xfd
_0xe: pop *(save_local+0x35)
_0x10: push 0x3c
_0x12: pop *(save_local+0x36)
_0x14: push 0x55
_0x16: pop *(save_local+0x37)
_0x18: push 0x90
_0x1a: pop *(save_local+0x38)
_0x1c: push 0x24
_0x1e: pop *(save_local+0x39)
_0x20: push 0x57
_0x22: pop *(save_local+0x3a)
_0x24: push 0xf6
_0x26: pop *(save_local+0x3b)
_0x28: push 0x5d
_0x2a: pop *(save_local+0x3c)
_0x2c: push 0xb1
_0x2e: pop *(save_local+0x3d)
_0x30: push 0x1
_0x32: pop *(save_local+0x3e)
_0x34: push 0x20
_0x36: pop *(save_local+0x3f)
_0x38: push 0x81
_0x3a: pop *(save_local+0x40)
_0x3c: push 0xfd
_0x3e: pop *(save_local+0x41)
_0x40: push 0x36
_0x42: pop *(save_local+0x42)
_0x44: push 0xa9
_0x46: pop *(save_local+0x43)
_0x48: push 0x1f
_0x4a: pop *(save_local+0x44)
_0x4c: push 0xa1
_0x4e: pop *(save_local+0x45)
_0x50: push 0xe
_0x52: pop *(save_local+0x46)
_0x54: push 0xd
_0x56: pop *(save_local+0x47)
_0x58: push 0x80
_0x5a: pop *(save_local+0x48)
_0x5c: push 0x8f
_0x5e: pop *(save_local+0x49)
_0x60: push 0xce
_0x62: pop *(save_local+0x4a)
_0x64: push 0x77
_0x66: pop *(save_local+0x4b)
_0x68: push 0xe8
_0x6a: pop *(save_local+0x4c)
_0x6c: push 0x23
_0x6e: pop *(save_local+0x4d)
_0x70: push 0x9e
_0x72: pop *(save_local+0x4e)
_0x74: push 0x27
_0x76: pop *(save_local+0x4f)
_0x78: push 0x60
_0x7a: pop *(save_local+0x50)
_0x7c: push 0x2f
_0x7e: pop *(save_local+0x51)
_0x80: push 0xa5
_0x82: pop *(save_local+0x52)
_0x84: push 0xcf
_0x86: pop *(save_local+0x53)
_0x88: push 0x1b
_0x8a: pop *(save_local+0x54)
_0x8c: push 0xbd
_0x8e: pop *(save_local+0x55)
_0x90: push 0x32
_0x92: pop *(save_local+0x56)
_0x94: push 0xdb
_0x96: pop *(save_local+0x57)
_0x98: push 0xff
_0x9a: pop *(save_local+0x58)
_0x9c: push 0x28
_0x9e: pop *(save_local+0x59)
_0xa0: push 0xa4
_0xa2: pop *(save_local+0x5a)
_0xa4: push 0x5d
_0xa6: pop *(save_local+0x5b)
_0xa8: push getc_0xa9: pop *(save_local+0x64)
_0xab: push getc_0xac: pop *(save_local+0x65)
_0xae: push getc_0xaf: pop *(save_local+0x66)
_0xb1: push getc_0xb2: pop *(save_local+0x67)
_0xb4: push getc_0xb5: pop *(save_local+0x68)
_0xb7: push getc_0xb8: pop *(save_local+0x69)
_0xba: push getc_0xbb: pop *(save_local+0x6a)
_0xbd: push getc_0xbe: pop *(save_local+0x6b)
_0xc0: push getc_0xc1: pop *(save_local+0x6c)
_0xc3: push getc_0xc4: pop *(save_local+0x6d)
_0xc6: push getc_0xc7: pop *(save_local+0x6e)
_0xc9: push getc_0xca: pop *(save_local+0x6f)
_0xcc: push getc_0xcd: pop *(save_local+0x70)
_0xcf: push getc_0xd0: pop *(save_local+0x71)
_0xd2: push getc[招生]科锐逆向工程师培训(2024年11月15日实地,远程教学同时开班, 第51期)
|
|
|---|---|
|
|
|
|
|
|
|
|
|
|
|
lz用的编译器和命令行参数能不能发一下
|
|
|
|
|
|
|
|
|
|
