-
-
[原创]羊城杯部分逆向wp
-
发表于: 2021-9-14 11:18
-
有一个smc,
没发现反调试,直接调试解smc,调试直接跳过了一大串代码,来到关键处。
类似base64,不过加了个异或。
写脚本解密:
mainactivity:
得到用户名密码。
然后frida hook获取key:
就是一个换表base64,key就是被替换的表,解密即可。
xxtea加密,也不管他改没改了,调试直接dump代码。
然后分析vm,
前32个就是异或,后边分析出来是加减乘异或移位。
第一个check,直接拿去爆破。
第二个check:
得到的结果要注意开始会检查大小写,爆破可能有多个,通过调试过第二个check。
import base64
base_table = [
0xE4, 0xC4, 0xE7, 0xC7, 0xE6, 0xC6, 0xE1, 0xC1, 0xE0, 0xC0, 0xE3, 0xC3, 0xE2, 0xC2, 0xED, 0xCD,
0xEC, 0xCC, 0xEF, 0xCF, 0xEE, 0xCE, 0xE9, 0xC9, 0xE8, 0xC8, 0xEB, 0xCB, 0xEA, 0xCA, 0xF5, 0xD5,
0xF4, 0xD4, 0xF7, 0xD7, 0xF6, 0xD6, 0xF1, 0xD1, 0xF0, 0xD0, 0xF3, 0xD3, 0xF2, 0xD2, 0xFD, 0xDD,
0xFC, 0xDC, 0xFF, 0xDF, 0x95, 0x9C, 0x9D, 0x92, 0x93, 0x90, 0x91, 0x96, 0x97, 0x94, 0x8A, 0x8E
]base_table_str = []
for i in range(len(base_table)):
base_table_str.append(chr(base_table[i]))
a = "H>oQn6aqLr{DH6odhdm0dMe`MBo?lRglHtGPOdobDlknejmGI|ghDb<4"
tmp = [0xa6, 0xa3, 0xa9, 0xac]
a_res = []
ss = []
for i in range(len(a)-1):
a_res.append(ord(a[i])^tmp[i%4])
ss.append(chr(ord(a[i])^tmp[i%4]))
print(ss)
print(len(ss))
# for i in range(len(ss)):# print("\\x" + (hex(ord(ss[i]))[2:].rjust(2,'0')), end="")# aa = "\xee\x9d\xc3\xf8\xc8\x95\xcd\xd8\xea\xd1\xd7\xed\xee\x95\xc3\xcd\xce\xc7\xc1\x99\xc2\xee\xc9\xc9\xeb\xe1\xc3\x96\xca\xf1\xcb\xc5\xee\xd7\xeb\xf9\xe9\xc7\xc3\xcb\xe2\xcf\xc7\xc7\xc3\xc9\xc1\xee\xef\xdf\xcb\xc1\xe2\xc1\x90\x9d"aa_tmp = []
for i in range(len(ss)):
aa_tmp.append(base_table_str.index(ss[i]))
print(aa_tmp)
print(len(aa_tmp))
flag = ""
for i in range(0, 52, 4):
f1 = (aa_tmp[i] << 2) | ((aa_tmp[i+1] >> 4) & 3)
f2 = ((aa_tmp[i+1] << 4) | ((aa_tmp[i+2] >> 2) & 0xf)) & 0xff
f3 = ((aa_tmp[i+2] << 6) | (aa_tmp[i+3] & 0x3f)) & 0xff
flag += chr(f1) + chr(f2) + chr(f3)
f1 = (aa_tmp[52] << 2) | ((aa_tmp[53] >> 4) & 3)
f2 = ((aa_tmp[53] << 4) | ((aa_tmp[54] >> 2) & 0xf)) & 0xff
flag += chr(f1) + chr(f2)
print(flag)
import base64
base_table = [
0xE4, 0xC4, 0xE7, 0xC7, 0xE6, 0xC6, 0xE1, 0xC1, 0xE0, 0xC0, 0xE3, 0xC3, 0xE2, 0xC2, 0xED, 0xCD,
0xEC, 0xCC, 0xEF, 0xCF, 0xEE, 0xCE, 0xE9, 0xC9, 0xE8, 0xC8, 0xEB, 0xCB, 0xEA, 0xCA, 0xF5, 0xD5,
0xF4, 0xD4, 0xF7, 0xD7, 0xF6, 0xD6, 0xF1, 0xD1, 0xF0, 0xD0, 0xF3, 0xD3, 0xF2, 0xD2, 0xFD, 0xDD,
0xFC, 0xDC, 0xFF, 0xDF, 0x95, 0x9C, 0x9D, 0x92, 0x93, 0x90, 0x91, 0x96, 0x97, 0x94, 0x8A, 0x8E
]base_table_str = []
for i in range(len(base_table)):
base_table_str.append(chr(base_table[i]))
a = "H>oQn6aqLr{DH6odhdm0dMe`MBo?lRglHtGPOdobDlknejmGI|ghDb<4"
tmp = [0xa6, 0xa3, 0xa9, 0xac]
a_res = []
ss = []
for i in range(len(a)-1):
a_res.append(ord(a[i])^tmp[i%4])
ss.append(chr(ord(a[i])^tmp[i%4]))
print(ss)
print(len(ss))
# for i in range(len(ss)):# print("\\x" + (hex(ord(ss[i]))[2:].rjust(2,'0')), end="")# aa = "\xee\x9d\xc3\xf8\xc8\x95\xcd\xd8\xea\xd1\xd7\xed\xee\x95\xc3\xcd\xce\xc7\xc1\x99\xc2\xee\xc9\xc9\xeb\xe1\xc3\x96\xca\xf1\xcb\xc5\xee\xd7\xeb\xf9\xe9\xc7\xc3\xcb\xe2\xcf\xc7\xc7\xc3\xc9\xc1\xee\xef\xdf\xcb\xc1\xe2\xc1\x90\x9d"aa_tmp = []
for i in range(len(ss)):
aa_tmp.append(base_table_str.index(ss[i]))
print(aa_tmp)
print(len(aa_tmp))
flag = ""
for i in range(0, 52, 4):
f1 = (aa_tmp[i] << 2) | ((aa_tmp[i+1] >> 4) & 3)
f2 = ((aa_tmp[i+1] << 4) | ((aa_tmp[i+2] >> 2) & 0xf)) & 0xff
f3 = ((aa_tmp[i+2] << 6) | (aa_tmp[i+3] & 0x3f)) & 0xff
flag += chr(f1) + chr(f2) + chr(f3)
f1 = (aa_tmp[52] << 2) | ((aa_tmp[53] >> 4) & 3)
f2 = ((aa_tmp[53] << 4) | ((aa_tmp[54] >> 2) & 0xf)) & 0xff
flag += chr(f1) + chr(f2)
print(flag)
ss="c232666f1410b3f5010dc51cec341f58"
res = ""
for i in range(0,len(ss),2):
res += hex(int("0x" + ss[i:i+2], 16) + 1)[2:].rjust(2, "0")
print(res)
ss="c232666f1410b3f5010dc51cec341f58"
res = ""
for i in range(0,len(ss),2):
res += hex(int("0x" + ss[i:i+2], 16) + 1)[2:].rjust(2, "0")
print(res)
function main(){ Java.perform(function(){
var ByteString = Java.use("com.android.okhttp.okio.ByteString");
Java.use("top.zjax.login.EncodeUtils").encode.implementation = function(x, y, z){
console.log("start......");
var result = this.encode(x, y, z);
console.log("arg:", ByteString.of(x), y, ByteString.of(z).hex());
return result;
}
})
}setImmediate(main)function main(){ Java.perform(function(){
var ByteString = Java.use("com.android.okhttp.okio.ByteString");
Java.use("top.zjax.login.EncodeUtils").encode.implementation = function(x, y, z){
console.log("start......");
var result = this.encode(x, y, z);
console.log("arg:", ByteString.of(x), y, ByteString.of(z).hex());
return result;
}
})
}setImmediate(main)from z3 import *
# ss = [0x55, 0x89, 0xE5, 0x53, 0x83, 0xEC, 0x34, 0x8B, 0x45, 0x08, 0x89, 0x45, 0xD4, 0x65, 0xA1, 0x14, 0x00, 0x00, 0x00, 0x89, 0x45, 0xF4, 0x31, 0xC0, 0x8B, 0x45, 0xD4, 0x8B, 0x40, 0x20, 0x0F, 0xB6, 0x00, 0x3C, 0x71, 0x75, 0x2F, 0x8B, 0x45, 0xD4, 0x8B, 0x40, 0x18, 0x8D, 0x50, 0xFC, 0x8B, 0x45, 0xD4, 0x89, 0x50, 0x18, 0x8B, 0x45, 0xD4, 0x8B, 0x40, 0x18, 0x8B, 0x55, 0xD4, 0x8B, 0x52, 0x20, 0x8B, 0x52, 0x01, 0x89, 0x10, 0x8B, 0x45, 0xD4, 0x8B, 0x40, 0x20, 0x8D, 0x50, 0x05, 0x8B, 0x45, 0xD4, 0x89, 0x50, 0x20, 0x8B, 0x45, 0xD4, 0x8B, 0x40, 0x20, 0x0F, 0xB6, 0x00, 0x3C, 0x41, 0x75, 0x23, 0x8B, 0x45, 0xD4, 0x8B, 0x50, 0x04, 0x8B, 0x45, 0xD4, 0x8B, 0x40, 0x08, 0x01, 0xC2, 0x8B, 0x45, 0xD4, 0x89, 0x50, 0x04, 0x8B, 0x45, 0xD4, 0x8B, 0x40, 0x20, 0x8D, 0x50, 0x01, 0x8B, 0x45, 0xD4, 0x89, 0x50, 0x20, 0x8B, 0x45, 0xD4, 0x8B, 0x40, 0x20, 0x0F, 0xB6, 0x00, 0x3C, 0x42, 0x75, 0x23, 0x8B, 0x45, 0xD4, 0x8B, 0x50, 0x04, 0x8B, 0x45, 0xD4, 0x8B, 0x40, 0x10, 0x29, 0xC2, 0x8B, 0x45, 0xD4, 0x89, 0x50, 0x04, 0x8B, 0x45, 0xD4, 0x8B, 0x40, 0x20, 0x8D, 0x50, 0x01, 0x8B, 0x45, 0xD4, 0x89, 0x50, 0x20, 0x8B, 0x45, 0xD4, 0x8B, 0x40, 0x20, 0x0F, 0xB6, 0x00, 0x3C, 0x43, 0x75, 0x24, 0x8B, 0x45, 0xD4, 0x8B, 0x50, 0x04, 0x8B, 0x45, 0xD4, 0x8B, 0x40, 0x0C, 0x0F, 0xAF, 0xD0, 0x8B, 0x45, 0xD4, 0x89, 0x50, 0x04, 0x8B, 0x45, 0xD4, 0x8B, 0x40, 0x20, 0x8D, 0x50, 0x01, 0x8B, 0x45, 0xD4, 0x89, 0x50, 0x20, 0x8B, 0x45, 0xD4, 0x8B, 0x40, 0x20, 0x0F, 0xB6, 0x00, 0x3C, 0x37, 0x75, 0x1B, 0x8B, 0x45, 0xD4, 0x8B, 0x50, 0x14, 0x8B, 0x45, 0xD4, 0x89, 0x50, 0x04, 0x8B, 0x45, 0xD4, 0x8B, 0x40, 0x20, 0x8D, 0x50, 0x01, 0x8B, 0x45, 0xD4, 0x89, 0x50, 0x20, 0x8B, 0x45, 0xD4, 0x8B, 0x40, 0x20, 0x0F, 0xB6, 0x00, 0x3C, 0x38, 0x75, 0x23, 0x8B, 0x45, 0xD4, 0x8B, 0x50, 0x04, 0x8B, 0x45, 0xD4, 0x8B, 0x40, 0x10, 0x31, 0xC2, 0x8B, 0x45, 0xD4, 0x89, 0x50, 0x04, 0x8B, 0x45, 0xD4, 0x8B, 0x40, 0x20, 0x8D, 0x50, 0x01, 0x8B, 0x45, 0xD4, 0x89, 0x50, 0x20, 0x8B, 0x45, 0xD4, 0x8B, 0x40, 0x20, 0x0F, 0xB6, 0x00, 0x3C, 0x39, 0x75, 0x23, 0x8B, 0x45, 0xD4, 0x8B, 0x50, 0x04, 0x8B, 0x45, 0xD4, 0x8B, 0x40, 0x14, 0x31, 0xC2, 0x8B, 0x45, 0xD4, 0x89, 0x50, 0x04, 0x8B, 0x45, 0xD4, 0x8B, 0x40, 0x20, 0x8D, 0x50, 0x01, 0x8B, 0x45, 0xD4, 0x89, 0x50, 0x20, 0x8B, 0x45, 0xD4, 0x8B, 0x40, 0x20, 0x0F, 0xB6, 0x00, 0x3C, 0x35, 0x75, 0x1B, 0x8B, 0x45, 0xD4, 0x8B, 0x50, 0x04, 0x8B, 0x45, 0xD4, 0x89, 0x50, 0x14, 0x8B, 0x45, 0xD4, 0x8B, 0x40, 0x20, 0x8D, 0x50, 0x01, 0x8B, 0x45, 0xD4, 0x89, 0x50, 0x20, 0x8B, 0x45, 0xD4, 0x8B, 0x40, 0x20, 0x0F, 0xB6, 0x00, 0x3C, 0xF7, 0x75, 0x23, 0x8B, 0x45, 0xD4, 0x8B, 0x50, 0x24, 0x8B, 0x45, 0xD4, 0x8B, 0x40, 0x04, 0x01, 0xC2, 0x8B, 0x45, 0xD4, 0x89, 0x50, 0x24, 0x8B, 0x45, 0xD4, 0x8B, 0x40, 0x20, 0x8D, 0x50, 0x01, 0x8B, 0x45, 0xD4, 0x89, 0x50, 0x20, 0x8B, 0x45, 0xD4, 0x8B, 0x40, 0x20, 0x0F, 0xB6, 0x00, 0x3C, 0x44, 0x75, 0x2A, 0x8B, 0x45, 0xD4, 0x8B, 0x40, 0x04, 0x8B, 0x55, 0xD4, 0x8B, 0x5A, 0x14, 0xBA, 0x00, 0x00, 0x00, 0x00, 0xF7, 0xF3, 0x89, 0xC2, 0x8B, 0x45, 0xD4, 0x89, 0x50, 0x04, 0x8B, 0x45, 0xD4, 0x8B, 0x40, 0x20, 0x8D, 0x50, 0x01, 0x8B, 0x45, 0xD4, 0x89, 0x50, 0x20, 0x8B, 0x45, 0xD4, 0x8B, 0x40, 0x20, 0x0F, 0xB6, 0x00, 0x3C, 0x80, 0x75, 0x33, 0x8B, 0x5D, 0xD4, 0x83, 0xEC, 0x08, 0x6A, 0x01, 0xFF, 0x75, 0xD4, 0xE8, 0x9E, 0xFD, 0xFF, 0xFF, 0x83, 0xC4, 0x10, 0xC1, 0xE0, 0x02, 0x8D, 0x14, 0x03, 0x8B, 0x45, 0xD4, 0x8B, 0x40, 0x20, 0x8B, 0x40, 0x02, 0x89, 0x02, 0x8B, 0x45, 0xD4, 0x8B, 0x40, 0x20, 0x8D, 0x50, 0x06, 0x8B, 0x45, 0xD4, 0x89, 0x50, 0x20, 0x8B, 0x45, 0xD4, 0x8B, 0x40, 0x20, 0x0F, 0xB6, 0x00, 0x3C, 0x77, 0x75, 0x23, 0x8B, 0x45, 0xD4, 0x8B, 0x50, 0x04, 0x8B, 0x45, 0xD4, 0x8B, 0x40, 0x24, 0x31, 0xC2, 0x8B, 0x45, 0xD4, 0x89, 0x50, 0x04, 0x8B, 0x45, 0xD4, 0x8B, 0x40, 0x20, 0x8D, 0x50, 0x01, 0x8B, 0x45, 0xD4, 0x89, 0x50, 0x20, 0x8B, 0x45, 0xD4, 0x8B, 0x40, 0x20, 0x0F, 0xB6, 0x00, 0x3C, 0x53, 0x75, 0x27, 0x8B, 0x45, 0xD4, 0x8B, 0x40, 0x0C, 0x0F, 0xB6, 0x00, 0x0F, 0xBE, 0xC0, 0x83, 0xEC, 0x0C, 0x50, 0xE8, 0x4A, 0xFB, 0xFF, 0xFF, 0x83, 0xC4, 0x10, 0x8B, 0x45, 0xD4, 0x8B, 0x40, 0x20, 0x8D, 0x50, 0x02, 0x8B, 0x45, 0xD4, 0x89, 0x50, 0x20, 0x8B, 0x45, 0xD4, 0x8B, 0x40, 0x20, 0x0F, 0xB6, 0x00, 0x3C, 0x22, 0x75, 0x25, 0x8B, 0x45, 0xD4, 0x8B, 0x50, 0x04, 0x8B, 0x45, 0xD4, 0x8B, 0x40, 0x08, 0x89, 0xC1, 0xD3, 0xEA, 0x8B, 0x45, 0xD4, 0x89, 0x50, 0x04, 0x8B, 0x45, 0xD4, 0x8B, 0x40, 0x20, 0x8D, 0x50, 0x01, 0x8B, 0x45, 0xD4, 0x89, 0x50, 0x20, 0x8B, 0x45, 0xD4, 0x8B, 0x40, 0x20, 0x0F, 0xB6, 0x00, 0x3C, 0x23, 0x75, 0x25, 0x8B, 0x45, 0xD4, 0x8B, 0x50, 0x04, 0x8B, 0x45, 0xD4, 0x8B, 0x40, 0x08, 0x89, 0xC1, 0xD3, 0xE2, 0x8B, 0x45, 0xD4, 0x89, 0x50, 0x04, 0x8B, 0x45, 0xD4, 0x8B, 0x40, 0x20, 0x8D, 0x50, 0x01, 0x8B, 0x45, 0xD4, 0x89, 0x50, 0x20, 0x8B, 0x45, 0xD4, 0x8B, 0x40, 0x20, 0x0F, 0xB6, 0x00, 0x3C, 0x99, 0x0F, 0x84, 0x70, 0x04, 0x00, 0x00, 0x8B, 0x45, 0xD4, 0x8B, 0x40, 0x20, 0x0F, 0xB6, 0x00, 0x3C, 0x76, 0x75, 0x38, 0x8B, 0x45, 0xD4, 0x8B, 0x40, 0x18, 0x8B, 0x10, 0x8B, 0x45, 0xD4, 0x89, 0x50, 0x0C, 0x8B, 0x45, 0xD4, 0x8B, 0x40, 0x18, 0xC7, 0x00, 0x00, 0x00, 0x00, 0x00, 0x8B, 0x45, 0xD4, 0x8B, 0x40, 0x18, 0x8D, 0x50, 0x04, 0x8B, 0x45, 0xD4, 0x89, 0x50, 0x18, 0x8B, 0x45, 0xD4, 0x8B, 0x40, 0x20, 0x8D, 0x50, 0x05, 0x8B, 0x45, 0xD4, 0x89, 0x50, 0x20, 0x8B, 0x45, 0xD4, 0x8B, 0x40, 0x20, 0x0F, 0xB6, 0x00, 0x3C, 0x54, 0x75, 0x24, 0x8B, 0x45, 0xD4, 0x8B, 0x40, 0x0C, 0x89, 0x45, 0xE0, 0xE8, 0x03, 0xFA, 0xFF, 0xFF, 0x89, 0xC2, 0x8B, 0x45, 0xE0, 0x88, 0x10, 0x8B, 0x45, 0xD4, 0x8B, 0x40, 0x20, 0x8D, 0x50, 0x02, 0x8B, 0x45, 0xD4, 0x89, 0x50, 0x20, 0x8B, 0x45, 0xD4, 0x8B, 0x40, 0x20, 0x0F, 0xB6, 0x00, 0x3C, 0x30, 0x75, 0x23, 0x8B, 0x45, 0xD4, 0x8B, 0x50, 0x04, 0x8B, 0x45, 0xD4, 0x8B, 0x40, 0x08, 0x09, 0xC2, 0x8B, 0x45, 0xD4, 0x89, 0x50, 0x04, 0x8B, 0x45, 0xD4, 0x8B, 0x40, 0x20, 0x8D, 0x50, 0x01, 0x8B, 0x45, 0xD4, 0x89, 0x50, 0x20, 0x8B, 0x45, 0xD4, 0x8B, 0x40, 0x20, 0x0F, 0xB6, 0x00, 0x3C, 0x31, 0x75, 0x23, 0x8B, 0x45, 0xD4, 0x8B, 0x50, 0x04, 0x8B, 0x45, 0xD4, 0x8B, 0x40, 0x08, 0x21, 0xC2, 0x8B, 0x45, 0xD4, 0x89, 0x50, 0x04, 0x8B, 0x45, 0xD4, 0x8B, 0x40, 0x20, 0x8D, 0x50, 0x01, 0x8B, 0x45, 0xD4, 0x89, 0x50, 0x20, 0x8B, 0x45, 0xD4, 0x8B, 0x40, 0x20, 0x0F, 0xB6, 0x00, 0x3C, 0x32, 0x75, 0x24, 0x8B, 0x45, 0xD4, 0x8B, 0x40, 0x20, 0x83, 0xC0, 0x01, 0x0F, 0xB6, 0x00, 0x0F, 0xB6, 0xD0, 0x8B, 0x45, 0xD4, 0x89, 0x50, 0x0C, 0x8B, 0x45, 0xD4, 0x8B, 0x40, 0x20, 0x8D, 0x50, 0x02, 0x8B, 0x45, 0xD4, 0x89, 0x50, 0x20, 0x8B, 0x45, 0xD4, 0x8B, 0x40, 0x20, 0x0F, 0xB6, 0x00, 0x3C, 0x09, 0x75, 0x19, 0x8B, 0x45, 0xD4, 0xC7, 0x40, 0x04, 0x67, 0xF9, 0xEB, 0x6F, 0x8B, 0x45, 0xD4, 0x8B, 0x40, 0x20, 0x8D, 0x50, 0x01, 0x8B, 0x45, 0xD4, 0x89, 0x50, 0x20, 0x8B, 0x45, 0xD4, 0x8B, 0x40, 0x20, 0x0F, 0xB6, 0x00, 0x3C, 0x10, 0x75, 0x1B, 0x8B, 0x45, 0xD4, 0x8B, 0x50, 0x04, 0x8B, 0x45, 0xD4, 0x89, 0x50, 0x24, 0x8B, 0x45, 0xD4, 0x8B, 0x40, 0x20, 0x8D, 0x50, 0x01, 0x8B, 0x45, 0xD4, 0x89, 0x50, 0x20, 0x8B, 0x45, 0xD4, 0x8B, 0x40, 0x20, 0x0F, 0xB6, 0x00, 0x3C, 0x33, 0x75, 0x1B, 0x8B, 0x45, 0xD4, 0x8B, 0x50, 0x04, 0x8B, 0x45, 0xD4, 0x89, 0x50, 0x10, 0x8B, 0x45, 0xD4, 0x8B, 0x40, 0x20, 0x8D, 0x50, 0x01, 0x8B, 0x45, 0xD4, 0x89, 0x50, 0x20, 0x8B, 0x45, 0xD4, 0x8B, 0x40, 0x20, 0x0F, 0xB6, 0x00, 0x3C, 0x34, 0x75, 0x24, 0x8B, 0x45, 0xD4, 0x8B, 0x40, 0x20, 0x83, 0xC0, 0x01, 0x0F, 0xB6, 0x00, 0x0F, 0xB6, 0xD0, 0x8B, 0x45, 0xD4, 0x89, 0x50, 0x08, 0x8B, 0x45, 0xD4, 0x8B, 0x40, 0x20, 0x8D, 0x50, 0x02, 0x8B, 0x45, 0xD4, 0x89, 0x50, 0x20, 0x8B, 0x45, 0xD4, 0x8B, 0x40, 0x20, 0x0F, 0xB6, 0x00, 0x3C, 0xFE, 0x75, 0x1B, 0x8B, 0x45, 0xD4, 0x8B, 0x50, 0x24, 0x8B, 0x45, 0xD4, 0x89, 0x50, 0x04, 0x8B, 0x45, 0xD4, 0x8B, 0x40, 0x20, 0x8D, 0x50, 0x01, 0x8B, 0x45, 0xD4, 0x89, 0x50, 0x20, 0x8B, 0x45, 0xD4, 0x8B, 0x40, 0x20, 0x0F, 0xB6, 0x00, 0x3C, 0x11, 0x75, 0x26, 0x8B, 0x45, 0xD4, 0x8B, 0x40, 0x04, 0x83, 0xEC, 0x08, 0x50, 0x68, 0x40, 0x93, 0x04, 0x08, 0xE8, 0x5C, 0xF8, 0xFF, 0xFF, 0x83, 0xC4, 0x10, 0x8B, 0x45, 0xD4, 0x8B, 0x40, 0x20, 0x8D, 0x50, 0x01, 0x8B, 0x45, 0xD4, 0x89, 0x50, 0x20, 0x8B, 0x45, 0xD4, 0x8B, 0x40, 0x20, 0x0F, 0xB6, 0x00, 0x3C, 0xA0, 0x75, 0x28, 0x8B, 0x45, 0xD4, 0x8B, 0x40, 0x04, 0x3D, 0x67, 0xF9, 0xEB, 0x6F, 0x75, 0x11, 0x8B, 0x45, 0xD4, 0x8B, 0x40, 0x20, 0x8D, 0x50, 0x01, 0x8B, 0x45, 0xD4, 0x89, 0x50, 0x20, 0xEB, 0x0A, 0x83, 0xEC, 0x0C, 0x6A, 0x00, 0xE8, 0x55, 0xF8, 0xFF, 0xFF, 0x8B, 0x45, 0xD4, 0x8B, 0x40, 0x20, 0x0F, 0xB6, 0x00, 0x3C, 0xA1, 0x75, 0x42, 0x83, 0xEC, 0x04, 0x6A, 0x2C, 0x68, 0x40, 0xB3, 0x04, 0x08, 0x6A, 0x00, 0xE8, 0xE7, 0xF7, 0xFF, 0xFF, 0x83, 0xC4, 0x10, 0x83, 0xEC, 0x0C, 0x68, 0x40, 0xB3, 0x04, 0x08, 0xE8, 0x37, 0xF8, 0xFF, 0xFF, 0x83, 0xC4, 0x10, 0x83, 0xF8, 0x2C, 0x74, 0x0A, 0x83, 0xEC, 0x0C, 0x6A, 0x00, 0xE8, 0x15, 0xF8, 0xFF, 0xFF, 0x8B, 0x45, 0xD4, 0x8B, 0x40, 0x20, 0x8D, 0x50, 0x01, 0x8B, 0x45, 0xD4, 0x89, 0x50, 0x20, 0x8B, 0x45, 0xD4, 0x8B, 0x40, 0x20, 0x0F, 0xB6, 0x00, 0x3C, 0xB1, 0x75, 0x1B, 0x8B, 0x15, 0x80, 0xB0, 0x04, 0x08, 0x8B, 0x45, 0xD4, 0x89, 0x50, 0x24, 0x8B, 0x45, 0xD4, 0x8B, 0x40, 0x20, 0x8D, 0x50, 0x01, 0x8B, 0x45, 0xD4, 0x89, 0x50, 0x20, 0x8B, 0x45, 0xD4, 0x8B, 0x40, 0x20, 0x0F, 0xB6, 0x00, 0x3C, 0xB2, 0x75, 0x1B, 0x8B, 0x15, 0x84, 0xB0, 0x04, 0x08, 0x8B, 0x45, 0xD4, 0x89, 0x50, 0x24, 0x8B, 0x45, 0xD4, 0x8B, 0x40, 0x20, 0x8D, 0x50, 0x01, 0x8B, 0x45, 0xD4, 0x89, 0x50, 0x20, 0x8B, 0x45, 0xD4, 0x8B, 0x40, 0x20, 0x0F, 0xB6, 0x00, 0x3C, 0xA4, 0x75, 0x37, 0x8B, 0x45, 0xD4, 0x8B, 0x40, 0x20, 0x83, 0xC0, 0x01, 0x0F, 0xB6, 0x00, 0x0F, 0xB6, 0xC0, 0x89, 0x45, 0xE4, 0x8B, 0x45, 0xD4, 0x8B, 0x40, 0x04, 0x89, 0x45, 0xE8, 0x8B, 0x55, 0xE8, 0x8B, 0x45, 0xE4, 0x89, 0x14, 0x85, 0x80, 0xB0, 0x04, 0x08, 0x8B, 0x45, 0xD4, 0x8B, 0x40, 0x20, 0x8D, 0x50, 0x04, 0x8B, 0x45, 0xD4, 0x89, 0x50, 0x20, 0x8B, 0x45, 0xD4, 0x8B, 0x40, 0x20, 0x0F, 0xB6, 0x00, 0x3C, 0xB3, 0x75, 0x1B, 0x8B, 0x15, 0x88, 0xB0, 0x04, 0x08, 0x8B, 0x45, 0xD4, 0x89, 0x50, 0x24, 0x8B, 0x45, 0xD4, 0x8B, 0x40, 0x20, 0x8D, 0x50, 0x01, 0x8B, 0x45, 0xD4, 0x89, 0x50, 0x20, 0x8B, 0x45, 0xD4, 0x8B, 0x40, 0x20, 0x0F, 0xB6, 0x00, 0x3C, 0xB4, 0x75, 0x1B, 0x8B, 0x15, 0x8C, 0xB0, 0x04, 0x08, 0x8B, 0x45, 0xD4, 0x89, 0x50, 0x24, 0x8B, 0x45, 0xD4, 0x8B, 0x40, 0x20, 0x8D, 0x50, 0x01, 0x8B, 0x45, 0xD4, 0x89, 0x50, 0x20, 0x8B, 0x45, 0xD4, 0x8B, 0x40, 0x20, 0x0F, 0xB6, 0x00, 0x3C, 0xC1, 0x75, 0x35, 0x8B, 0x45, 0xD4, 0x8B, 0x40, 0x20, 0x83, 0xC0, 0x01, 0x0F, 0xB6, 0x00, 0x0F, 0xB6, 0xC0, 0x89, 0x45, 0xEC, 0x8B, 0x45, 0xEC, 0x05, 0x40, 0xB3, 0x04, 0x08, 0x0F, 0xB6, 0x00, 0x0F, 0xB6, 0xD0, 0x8B, 0x45, 0xD4, 0x89, 0x50, 0x04, 0x8B, 0x45, 0xD4, 0x8B, 0x40, 0x20, 0x8D, 0x50, 0x02, 0x8B, 0x45, 0xD4, 0x89, 0x50, 0x20, 0x8B, 0x45, 0xD4, 0x8B, 0x40, 0x20, 0x0F, 0xB6, 0x00, 0x3C, 0xC7, 0x75, 0x2B, 0x8B, 0x15, 0x60, 0xB0, 0x04, 0x08, 0x8B, 0x45, 0xD4, 0x8B, 0x40, 0x04, 0x39, 0xC2, 0x75, 0x11, 0x8B, 0x45, 0xD4, 0x8B, 0x40, 0x20, 0x8D, 0x50, 0x01, 0x8B, 0x45, 0xD4, 0x89, 0x50, 0x20, 0xEB, 0x0A, 0x83, 0xEC, 0x0C, 0x6A, 0x00, 0xE8, 0xA8, 0xF6, 0xFF, 0xFF, 0x8B, 0x45, 0xD4, 0x8B, 0x40, 0x20, 0x0F, 0xB6, 0x00, 0x3C, 0xC8, 0x75, 0x2B, 0x8B, 0x15, 0x64, 0xB0, 0x04, 0x08, 0x8B, 0x45, 0xD4, 0x8B, 0x40, 0x04, 0x39, 0xC2, 0x75, 0x11, 0x8B, 0x45, 0xD4, 0x8B, 0x40, 0x20, 0x8D, 0x50, 0x01, 0x8B, 0x45, 0xD4, 0x89, 0x50, 0x20, 0xEB, 0x0A, 0x83, 0xEC, 0x0C, 0x6A, 0x00, 0xE8, 0x70, 0xF6, 0xFF, 0xFF, 0x8B, 0x45, 0xD4, 0x8B, 0x40, 0x20, 0x0F, 0xB6, 0x00, 0x3C, 0xC2, 0x0F, 0x85, 0xCF, 0xF8, 0xFF, 0xFF, 0x8B, 0x45, 0xD4, 0x8B, 0x40, 0x20, 0x83, 0xC0, 0x01, 0x8B, 0x00, 0x89, 0x45, 0xF0, 0x8B, 0x45, 0xF0, 0x0F, 0xB6, 0xD0, 0x8B, 0x45, 0xD4, 0x8B, 0x40, 0x04, 0x39, 0xC2, 0x74, 0x0A, 0x83, 0xEC, 0x0C, 0x6A, 0x00, 0xE8, 0x37, 0xF6, 0xFF, 0xFF, 0x8B, 0x45, 0xD4, 0x8B, 0x40, 0x20, 0x8D, 0x50, 0x05, 0x8B, 0x45, 0xD4, 0x89, 0x50, 0x20, 0xE9, 0x93, 0xF8, 0xFF, 0xFF, 0x90, 0x90, 0x8B, 0x45, 0xF4, 0x65, 0x33, 0x05, 0x14, 0x00, 0x00, 0x00, 0x74, 0x05, 0xE8, 0xF0, 0xF5, 0xFF, 0xFF, 0x8B, 0x5D, 0xFC, 0xC9]# start = 0x80487A8# for i in range(len(ss)):# idc.PatchByte(start + i, ss[i])from z3 import *
# ss = [0x55, 0x89, 0xE5, 0x53, 0x83, 0xEC, 0x34, 0x8B, 0x45, 0x08, 0x89, 0x45, 0xD4, 0x65, 0xA1, 0x14, 0x00, 0x00, 0x00, 0x89, 0x45, 0xF4, 0x31, 0xC0, 0x8B, 0x45, 0xD4, 0x8B, 0x40, 0x20, 0x0F, 0xB6, 0x00, 0x3C, 0x71, 0x75, 0x2F, 0x8B, 0x45, 0xD4, 0x8B, 0x40, 0x18, 0x8D, 0x50, 0xFC, 0x8B, 0x45, 0xD4, 0x89, 0x50, 0x18, 0x8B, 0x45, 0xD4, 0x8B, 0x40, 0x18, 0x8B, 0x55, 0xD4, 0x8B, 0x52, 0x20, 0x8B, 0x52, 0x01, 0x89, 0x10, 0x8B, 0x45, 0xD4, 0x8B, 0x40, 0x20, 0x8D, 0x50, 0x05, 0x8B, 0x45, 0xD4, 0x89, 0x50, 0x20, 0x8B, 0x45, 0xD4, 0x8B, 0x40, 0x20, 0x0F, 0xB6, 0x00, 0x3C, 0x41, 0x75, 0x23, 0x8B, 0x45, 0xD4, 0x8B, 0x50, 0x04, 0x8B, 0x45, 0xD4, 0x8B, 0x40, 0x08, 0x01, 0xC2, 0x8B, 0x45, 0xD4, 0x89, 0x50, 0x04, 0x8B, 0x45, 0xD4, 0x8B, 0x40, 0x20, 0x8D, 0x50, 0x01, 0x8B, 0x45, 0xD4, 0x89, 0x50, 0x20, 0x8B, 0x45, 0xD4, 0x8B, 0x40, 0x20, 0x0F, 0xB6, 0x00, 0x3C, 0x42, 0x75, 0x23, 0x8B, 0x45, 0xD4, 0x8B, 0x50, 0x04, 0x8B, 0x45, 0xD4, 0x8B, 0x40, 0x10, 0x29, 0xC2, 0x8B, 0x45, 0xD4, 0x89, 0x50, 0x04, 0x8B, 0x45, 0xD4, 0x8B, 0x40, 0x20, 0x8D, 0x50, 0x01, 0x8B, 0x45, 0xD4, 0x89, 0x50, 0x20, 0x8B, 0x45, 0xD4, 0x8B, 0x40, 0x20, 0x0F, 0xB6, 0x00, 0x3C, 0x43, 0x75, 0x24, 0x8B, 0x45, 0xD4, 0x8B, 0x50, 0x04, 0x8B, 0x45, 0xD4, 0x8B, 0x40, 0x0C, 0x0F, 0xAF, 0xD0, 0x8B, 0x45, 0xD4, 0x89, 0x50, 0x04, 0x8B, 0x45, 0xD4, 0x8B, 0x40, 0x20, 0x8D, 0x50, 0x01, 0x8B, 0x45, 0xD4, 0x89, 0x50, 0x20, 0x8B, 0x45, 0xD4, 0x8B, 0x40, 0x20, 0x0F, 0xB6, 0x00, 0x3C, 0x37, 0x75, 0x1B, 0x8B, 0x45, 0xD4, 0x8B, 0x50, 0x14, 0x8B, 0x45, 0xD4, 0x89, 0x50, 0x04, 0x8B, 0x45, 0xD4, 0x8B, 0x40, 0x20, 0x8D, 0x50, 0x01, 0x8B, 0x45, 0xD4, 0x89, 0x50, 0x20, 0x8B, 0x45, 0xD4, 0x8B, 0x40, 0x20, 0x0F, 0xB6, 0x00, 0x3C, 0x38, 0x75, 0x23, 0x8B, 0x45, 0xD4, 0x8B, 0x50, 0x04, 0x8B, 0x45, 0xD4, 0x8B, 0x40, 0x10, 0x31, 0xC2, 0x8B, 0x45, 0xD4, 0x89, 0x50, 0x04, 0x8B, 0x45, 0xD4, 0x8B, 0x40, 0x20, 0x8D, 0x50, 0x01, 0x8B, 0x45, 0xD4, 0x89, 0x50, 0x20, 0x8B, 0x45, 0xD4, 0x8B, 0x40, 0x20, 0x0F, 0xB6, 0x00, 0x3C, 0x39, 0x75, 0x23, 0x8B, 0x45, 0xD4, 0x8B, 0x50, 0x04, 0x8B, 0x45, 0xD4, 0x8B, 0x40, 0x14, 0x31, 0xC2, 0x8B, 0x45, 0xD4, 0x89, 0x50, 0x04, 0x8B, 0x45, 0xD4, 0x8B, 0x40, 0x20, 0x8D, 0x50, 0x01, 0x8B, 0x45, 0xD4, 0x89, 0x50, 0x20, 0x8B, 0x45, 0xD4, 0x8B, 0x40, 0x20, 0x0F, 0xB6, 0x00, 0x3C, 0x35, 0x75, 0x1B, 0x8B, 0x45, 0xD4, 0x8B, 0x50, 0x04, 0x8B, 0x45, 0xD4, 0x89, 0x50, 0x14, 0x8B, 0x45, 0xD4, 0x8B, 0x40, 0x20, 0x8D, 0x50, 0x01, 0x8B, 0x45, 0xD4, 0x89, 0x50, 0x20, 0x8B, 0x45, 0xD4, 0x8B, 0x40, 0x20, 0x0F, 0xB6, 0x00, 0x3C, 0xF7, 0x75, 0x23, 0x8B, 0x45, 0xD4, 0x8B, 0x50, 0x24, 0x8B, 0x45, 0xD4, 0x8B, 0x40, 0x04, 0x01, 0xC2, 0x8B, 0x45, 0xD4, 0x89, 0x50, 0x24, 0x8B, 0x45, 0xD4, 0x8B, 0x40, 0x20, 0x8D, 0x50, 0x01, 0x8B, 0x45, 0xD4, 0x89, 0x50, 0x20, 0x8B, 0x45, 0xD4, 0x8B, 0x40, 0x20, 0x0F, 0xB6, 0x00, 0x3C, 0x44, 0x75, 0x2A, 0x8B, 0x45, 0xD4, 0x8B, 0x40, 0x04, 0x8B, 0x55, 0xD4, 0x8B, 0x5A, 0x14, 0xBA, 0x00, 0x00, 0x00, 0x00, 0xF7, 0xF3, 0x89, 0xC2, 0x8B, 0x45, 0xD4, 0x89, 0x50, 0x04, 0x8B, 0x45, 0xD4, 0x8B, 0x40, 0x20, 0x8D, 0x50, 0x01, 0x8B, 0x45, 0xD4, 0x89, 0x50, 0x20, 0x8B, 0x45, 0xD4, 0x8B, 0x40, 0x20, 0x0F, 0xB6, 0x00, 0x3C, 0x80, 0x75, 0x33, 0x8B, 0x5D, 0xD4, 0x83, 0xEC, 0x08, 0x6A, 0x01, 0xFF, 0x75, 0xD4, 0xE8, 0x9E, 0xFD, 0xFF, 0xFF, 0x83, 0xC4, 0x10, 0xC1, 0xE0, 0x02, 0x8D, 0x14, 0x03, 0x8B, 0x45, 0xD4, 0x8B, 0x40, 0x20, 0x8B, 0x40, 0x02, 0x89, 0x02, 0x8B, 0x45, 0xD4, 0x8B, 0x40, 0x20, 0x8D, 0x50, 0x06, 0x8B, 0x45, 0xD4, 0x89, 0x50, 0x20, 0x8B, 0x45, 0xD4, 0x8B, 0x40, 0x20, 0x0F, 0xB6, 0x00, 0x3C, 0x77, 0x75, 0x23, 0x8B, 0x45, 0xD4, 0x8B, 0x50, 0x04, 0x8B, 0x45, 0xD4, 0x8B, 0x40, 0x24, 0x31, 0xC2, 0x8B, 0x45, 0xD4, 0x89, 0x50, 0x04, 0x8B, 0x45, 0xD4, 0x8B, 0x40, 0x20, 0x8D, 0x50, 0x01, 0x8B, 0x45, 0xD4, 0x89, 0x50, 0x20, 0x8B, 0x45, 0xD4, 0x8B, 0x40, 0x20, 0x0F, 0xB6, 0x00, 0x3C, 0x53, 0x75, 0x27, 0x8B, 0x45, 0xD4, 0x8B, 0x40, 0x0C, 0x0F, 0xB6, 0x00, 0x0F, 0xBE, 0xC0, 0x83, 0xEC, 0x0C, 0x50, 0xE8, 0x4A, 0xFB, 0xFF, 0xFF, 0x83, 0xC4, 0x10, 0x8B, 0x45, 0xD4, 0x8B, 0x40, 0x20, 0x8D, 0x50, 0x02, 0x8B, 0x45, 0xD4, 0x89, 0x50, 0x20, 0x8B, 0x45, 0xD4, 0x8B, 0x40, 0x20, 0x0F, 0xB6, 0x00, 0x3C, 0x22, 0x75, 0x25, 0x8B, 0x45, 0xD4, 0x8B, 0x50, 0x04, 0x8B, 0x45, 0xD4, 0x8B, 0x40, 0x08, 0x89, 0xC1, 0xD3, 0xEA, 0x8B, 0x45, 0xD4, 0x89, 0x50, 0x04, 0x8B, 0x45, 0xD4, 0x8B, 0x40, 0x20, 0x8D, 0x50, 0x01, 0x8B, 0x45, 0xD4, 0x89, 0x50, 0x20, 0x8B, 0x45, 0xD4, 0x8B, 0x40, 0x20, 0x0F, 0xB6, 0x00, 0x3C, 0x23, 0x75, 0x25, 0x8B, 0x45, 0xD4, 0x8B, 0x50, 0x04, 0x8B, 0x45, 0xD4, 0x8B, 0x40, 0x08, 0x89, 0xC1, 0xD3, 0xE2, 0x8B, 0x45, 0xD4, 0x89, 0x50, 0x04, 0x8B, 0x45, 0xD4, 0x8B, 0x40, 0x20, 0x8D, 0x50, 0x01, 0x8B, 0x45, 0xD4, 0x89, 0x50, 0x20, 0x8B, 0x45, 0xD4, 0x8B, 0x40, 0x20, 0x0F, 0xB6, 0x00, 0x3C, 0x99, 0x0F, 0x84, 0x70, 0x04, 0x00, 0x00, 0x8B, 0x45, 0xD4, 0x8B, 0x40, 0x20, 0x0F, 0xB6, 0x00, 0x3C, 0x76, 0x75, 0x38, 0x8B, 0x45, 0xD4, 0x8B, 0x40, 0x18, 0x8B, 0x10, 0x8B, 0x45, 0xD4, 0x89, 0x50, 0x0C, 0x8B, 0x45, 0xD4, 0x8B, 0x40, 0x18, 0xC7, 0x00, 0x00, 0x00, 0x00, 0x00, 0x8B, 0x45, 0xD4, 0x8B, 0x40, 0x18, 0x8D, 0x50, 0x04, 0x8B, 0x45, 0xD4, 0x89, 0x50, 0x18, 0x8B, 0x45, 0xD4, 0x8B, 0x40, 0x20, 0x8D, 0x50, 0x05, 0x8B, 0x45, 0xD4, 0x89, 0x50, 0x20, 0x8B, 0x45, 0xD4, 0x8B, 0x40, 0x20, 0x0F, 0xB6, 0x00, 0x3C, 0x54, 0x75, 0x24, 0x8B, 0x45, 0xD4, 0x8B, 0x40, 0x0C, 0x89, 0x45, 0xE0, 0xE8, 0x03, 0xFA, 0xFF, 0xFF, 0x89, 0xC2, 0x8B, 0x45, 0xE0, 0x88, 0x10, 0x8B, 0x45, 0xD4, 0x8B, 0x40, 0x20, 0x8D, 0x50, 0x02, 0x8B, 0x45, 0xD4, 0x89, 0x50, 0x20, 0x8B, 0x45, 0xD4, 0x8B, 0x40, 0x20, 0x0F, 0xB6, 0x00, 0x3C, 0x30, 0x75, 0x23, 0x8B, 0x45, 0xD4, 0x8B, 0x50, 0x04, 0x8B, 0x45, 0xD4, 0x8B, 0x40, 0x08, 0x09, 0xC2, 0x8B, 0x45, 0xD4, 0x89, 0x50, 0x04, 0x8B, 0x45, 0xD4, 0x8B, 0x40, 0x20, 0x8D, 0x50, 0x01, 0x8B, 0x45, 0xD4, 0x89, 0x50, 0x20, 0x8B, 0x45, 0xD4, 0x8B, 0x40, 0x20, 0x0F, 0xB6, 0x00, 0x3C, 0x31, 0x75, 0x23, 0x8B, 0x45, 0xD4, 0x8B, 0x50, 0x04, 0x8B, 0x45, 0xD4, 0x8B, 0x40, 0x08, 0x21, 0xC2, 0x8B, 0x45, 0xD4, 0x89, 0x50, 0x04, 0x8B, 0x45, 0xD4, 0x8B, 0x40, 0x20, 0x8D, 0x50, 0x01, 0x8B, 0x45, 0xD4, 0x89, 0x50, 0x20, 0x8B, 0x45, 0xD4, 0x8B, 0x40, 0x20, 0x0F, 0xB6, 0x00, 0x3C, 0x32, 0x75, 0x24, 0x8B, 0x45, 0xD4, 0x8B, 0x40, 0x20, 0x83, 0xC0, 0x01, 0x0F, 0xB6, 0x00, 0x0F, 0xB6, 0xD0, 0x8B, 0x45, 0xD4, 0x89, 0x50, 0x0C, 0x8B, 0x45, 0xD4, 0x8B, 0x40, 0x20, 0x8D, 0x50, 0x02, 0x8B, 0x45, 0xD4, 0x89, 0x50, 0x20, 0x8B, 0x45, 0xD4, 0x8B, 0x40, 0x20, 0x0F, 0xB6, 0x00, 0x3C, 0x09, 0x75, 0x19, 0x8B, 0x45, 0xD4, 0xC7, 0x40, 0x04, 0x67, 0xF9, 0xEB, 0x6F, 0x8B, 0x45, 0xD4, 0x8B, 0x40, 0x20, 0x8D, 0x50, 0x01, 0x8B, 0x45, 0xD4, 0x89, 0x50, 0x20, 0x8B, 0x45, 0xD4, 0x8B, 0x40, 0x20, 0x0F, 0xB6, 0x00, 0x3C, 0x10, 0x75, 0x1B, 0x8B, 0x45, 0xD4, 0x8B, 0x50, 0x04, 0x8B, 0x45, 0xD4, 0x89, 0x50, 0x24, 0x8B, 0x45, 0xD4, 0x8B, 0x40, 0x20, 0x8D, 0x50, 0x01, 0x8B, 0x45, 0xD4, 0x89, 0x50, 0x20, 0x8B, 0x45, 0xD4, 0x8B, 0x40, 0x20, 0x0F, 0xB6, 0x00, 0x3C, 0x33, 0x75, 0x1B, 0x8B, 0x45, 0xD4, 0x8B, 0x50, 0x04, 0x8B, 0x45, 0xD4, 0x89, 0x50, 0x10, 0x8B, 0x45, 0xD4, 0x8B, 0x40, 0x20, 0x8D, 0x50, 0x01, 0x8B, 0x45, 0xD4, 0x89, 0x50, 0x20, 0x8B, 0x45, 0xD4, 0x8B, 0x40, 0x20, 0x0F, 0xB6, 0x00, 0x3C, 0x34, 0x75, 0x24, 0x8B, 0x45, 0xD4, 0x8B, 0x40, 0x20, 0x83, 0xC0, 0x01, 0x0F, 0xB6, 0x00, 0x0F, 0xB6, 0xD0, 0x8B, 0x45, 0xD4, 0x89, 0x50, 0x08, 0x8B, 0x45, 0xD4, 0x8B, 0x40, 0x20, 0x8D, 0x50, 0x02, 0x8B, 0x45, 0xD4, 0x89, 0x50, 0x20, 0x8B, 0x45, 0xD4, 0x8B, 0x40, 0x20, 0x0F, 0xB6, 0x00, 0x3C, 0xFE, 0x75, 0x1B, 0x8B, 0x45, 0xD4, 0x8B, 0x50, 0x24, 0x8B, 0x45, 0xD4, 0x89, 0x50, 0x04, 0x8B, 0x45, 0xD4, 0x8B, 0x40, 0x20, 0x8D, 0x50, 0x01, 0x8B, 0x45, 0xD4, 0x89, 0x50, 0x20, 0x8B, 0x45, 0xD4, 0x8B, 0x40, 0x20, 0x0F, 0xB6, 0x00, 0x3C, 0x11, 0x75, 0x26, 0x8B, 0x45, 0xD4, 0x8B, 0x40, 0x04, 0x83, 0xEC, 0x08, 0x50, 0x68, 0x40, 0x93, 0x04, 0x08, 0xE8, 0x5C, 0xF8, 0xFF, 0xFF, 0x83, 0xC4, 0x10, 0x8B, 0x45, 0xD4, 0x8B, 0x40, 0x20, 0x8D, 0x50, 0x01, 0x8B, 0x45, 0xD4, 0x89, 0x50, 0x20, 0x8B, 0x45, 0xD4, 0x8B, 0x40, 0x20, 0x0F, 0xB6, 0x00, 0x3C, 0xA0, 0x75, 0x28, 0x8B, 0x45, 0xD4, 0x8B, 0x40, 0x04, 0x3D, 0x67, 0xF9, 0xEB, 0x6F, 0x75, 0x11, 0x8B, 0x45, 0xD4, 0x8B, 0x40, 0x20, 0x8D, 0x50, 0x01, 0x8B, 0x45, 0xD4, 0x89, 0x50, 0x20, 0xEB, 0x0A, 0x83, 0xEC, 0x0C, 0x6A, 0x00, 0xE8, 0x55, 0xF8, 0xFF, 0xFF, 0x8B, 0x45, 0xD4, 0x8B, 0x40, 0x20, 0x0F, 0xB6, 0x00, 0x3C, 0xA1, 0x75, 0x42, 0x83, 0xEC, 0x04, 0x6A, 0x2C, 0x68, 0x40, 0xB3, 0x04, 0x08, 0x6A, 0x00, 0xE8, 0xE7, 0xF7, 0xFF, 0xFF, 0x83, 0xC4, 0x10, 0x83, 0xEC, 0x0C, 0x68, 0x40, 0xB3, 0x04, 0x08, 0xE8, 0x37, 0xF8, 0xFF, 0xFF, 0x83, 0xC4, 0x10, 0x83, 0xF8, 0x2C, 0x74, 0x0A, 0x83, 0xEC, 0x0C, 0x6A, 0x00, 0xE8, 0x15, 0xF8, 0xFF, 0xFF, 0x8B, 0x45, 0xD4, 0x8B, 0x40, 0x20, 0x8D, 0x50, 0x01, 0x8B, 0x45, 0xD4, 0x89, 0x50, 0x20, 0x8B, 0x45, 0xD4, 0x8B, 0x40, 0x20, 0x0F, 0xB6, 0x00, 0x3C, 0xB1, 0x75, 0x1B, 0x8B, 0x15, 0x80, 0xB0, 0x04, 0x08, 0x8B, 0x45, 0xD4, 0x89, 0x50, 0x24, 0x8B, 0x45, 0xD4, 0x8B, 0x40, 0x20, 0x8D, 0x50, 0x01, 0x8B, 0x45, 0xD4, 0x89, 0x50, 0x20, 0x8B, 0x45, 0xD4, 0x8B, 0x40, 0x20, 0x0F, 0xB6, 0x00, 0x3C, 0xB2, 0x75, 0x1B, 0x8B, 0x15, 0x84, 0xB0, 0x04, 0x08, 0x8B, 0x45, 0xD4, 0x89, 0x50, 0x24, 0x8B, 0x45, 0xD4, 0x8B, 0x40, 0x20, 0x8D, 0x50, 0x01, 0x8B, 0x45, 0xD4, 0x89, 0x50, 0x20, 0x8B, 0x45, 0xD4, 0x8B, 0x40, 0x20, 0x0F, 0xB6, 0x00, 0x3C, 0xA4, 0x75, 0x37, 0x8B, 0x45, 0xD4, 0x8B, 0x40, 0x20, 0x83, 0xC0, 0x01, 0x0F, 0xB6, 0x00, 0x0F, 0xB6, 0xC0, 0x89, 0x45, 0xE4, 0x8B, 0x45, 0xD4, 0x8B, 0x40, 0x04, 0x89, 0x45, 0xE8, 0x8B, 0x55, 0xE8, 0x8B, 0x45, 0xE4, 0x89, 0x14, 0x85, 0x80, 0xB0, 0x04, 0x08, 0x8B, 0x45, 0xD4, 0x8B, 0x40, 0x20, 0x8D, 0x50, 0x04, 0x8B, 0x45, 0xD4, 0x89, 0x50, 0x20, 0x8B, 0x45, 0xD4, 0x8B, 0x40, 0x20, 0x0F, 0xB6, 0x00, 0x3C, 0xB3, 0x75, 0x1B, 0x8B, 0x15, 0x88, 0xB0, 0x04, 0x08, 0x8B, 0x45, 0xD4, 0x89, 0x50, 0x24, 0x8B, 0x45, 0xD4, 0x8B, 0x40, 0x20, 0x8D, 0x50, 0x01, 0x8B, 0x45, 0xD4, 0x89, 0x50, 0x20, 0x8B, 0x45, 0xD4, 0x8B, 0x40, 0x20, 0x0F, 0xB6, 0x00, 0x3C, 0xB4, 0x75, 0x1B, 0x8B, 0x15, 0x8C, 0xB0, 0x04, 0x08, 0x8B, 0x45, 0xD4, 0x89, 0x50, 0x24, 0x8B, 0x45, 0xD4, 0x8B, 0x40, 0x20, 0x8D, 0x50, 0x01, 0x8B, 0x45, 0xD4, 0x89, 0x50, 0x20, 0x8B, 0x45, 0xD4, 0x8B, 0x40, 0x20, 0x0F, 0xB6, 0x00, 0x3C, 0xC1, 0x75, 0x35, 0x8B, 0x45, 0xD4, 0x8B, 0x40, 0x20, 0x83, 0xC0, 0x01, 0x0F, 0xB6, 0x00, 0x0F, 0xB6, 0xC0, 0x89, 0x45, 0xEC, 0x8B, 0x45, 0xEC, 0x05, 0x40, 0xB3, 0x04, 0x08, 0x0F, 0xB6, 0x00, 0x0F, 0xB6, 0xD0, 0x8B, 0x45, 0xD4, 0x89, 0x50, 0x04, 0x8B, 0x45, 0xD4, 0x8B, 0x40, 0x20, 0x8D, 0x50, 0x02, 0x8B, 0x45, 0xD4, 0x89, 0x50, 0x20, 0x8B, 0x45, 0xD4, 0x8B, 0x40, 0x20, 0x0F, 0xB6, 0x00, 0x3C, 0xC7, 0x75, 0x2B, 0x8B, 0x15, 0x60, 0xB0, 0x04, 0x08, 0x8B, 0x45, 0xD4, 0x8B, 0x40, 0x04, 0x39, 0xC2, 0x75, 0x11, 0x8B, 0x45, 0xD4, 0x8B, 0x40, 0x20, 0x8D, 0x50, 0x01, 0x8B, 0x45, 0xD4, 0x89, 0x50, 0x20, 0xEB, 0x0A, 0x83, 0xEC, 0x0C, 0x6A, 0x00, 0xE8, 0xA8, 0xF6, 0xFF, 0xFF, 0x8B, 0x45, 0xD4, 0x8B, 0x40, 0x20, 0x0F, 0xB6, 0x00, 0x3C, 0xC8, 0x75, 0x2B, 0x8B, 0x15, 0x64, 0xB0, 0x04, 0x08, 0x8B, 0x45, 0xD4, 0x8B, 0x40, 0x04, 0x39, 0xC2, 0x75, 0x11, 0x8B, 0x45, 0xD4, 0x8B, 0x40, 0x20, 0x8D, 0x50, 0x01, 0x8B, 0x45, 0xD4, 0x89, 0x50, 0x20, 0xEB, 0x0A, 0x83, 0xEC, 0x0C, 0x6A, 0x00, 0xE8, 0x70, 0xF6, 0xFF, 0xFF, 0x8B, 0x45, 0xD4, 0x8B, 0x40, 0x20, 0x0F, 0xB6, 0x00, 0x3C, 0xC2, 0x0F, 0x85, 0xCF, 0xF8, 0xFF, 0xFF, 0x8B, 0x45, 0xD4, 0x8B, 0x40, 0x20, 0x83, 0xC0, 0x01, 0x8B, 0x00, 0x89, 0x45, 0xF0, 0x8B, 0x45, 0xF0, 0x0F, 0xB6, 0xD0, 0x8B, 0x45, 0xD4, 0x8B, 0x40, 0x04, 0x39, 0xC2, 0x74, 0x0A, 0x83, 0xEC, 0x0C, 0x6A, 0x00, 0xE8, 0x37, 0xF6, 0xFF, 0xFF, 0x8B, 0x45, 0xD4, 0x8B, 0x40, 0x20, 0x8D, 0x50, 0x05, 0x8B, 0x45, 0xD4, 0x89, 0x50, 0x20, 0xE9, 0x93, 0xF8, 0xFF, 0xFF, 0x90, 0x90, 0x8B, 0x45, 0xF4, 0x65, 0x33, 0x05, 0x14, 0x00, 0x00, 0x00, 0x74, 0x05, 0xE8, 0xF0, 0xF5, 0xFF, 0xFF, 0x8B, 0x5D, 0xFC, 0xC9]# start = 0x80487A8# for i in range(len(ss)):# idc.PatchByte(start + i, ss[i])0xA1,
0xC1, 0x00, 0xB1, 0x77, 0xC2, 0x4A, 0x01, 0x00, 0x00, 0x7b^0x4a=
0xC1, 0x01, 0xB2, 0x77, 0xC2, 0x19, 0x01, 0x00, 0x00, 0x19^0x2f=
0xC1, 0x02, 0xB4, 0x77, 0xC2, 0xDD, 0x01, 0x00, 0x00, 0xe8^0xdd=
0xC1, 0x03, 0xB3, 0x77, 0xC2, 0x0F, 0x01, 0x00, 0x00, 0x0f^0x37=
0xC1, 0x04, 0xB2, 0x77, 0xC2, 0x1B, 0x01, 0x00, 0x00,
0xC1, 0x05, 0xB4, 0x77, 0xC2, 0x89, 0x01, 0x00, 0x00,
0xC1, 0x06, 0xB1, 0x77, 0xC2, 0x19, 0x01, 0x00, 0x00,
0xC1, 0x07, 0xB3, 0x77, 0xC2, 0x54, 0x01, 0x00, 0x00,
0xC1, 0x08, 0xB1, 0x77, 0xC2, 0x4F, 0x01, 0x00, 0x00,
0xC1, 0x09, 0xB1, 0x77, 0xC2, 0x4E, 0x01, 0x00, 0x00,
0xC1, 0x0A, 0xB3, 0x77, 0xC2, 0x55, 0x01, 0x00, 0x00,
0xC1, 0x0B, 0xB3, 0x77, 0xC2, 0x56, 0x01, 0x00, 0x00,
0xC1, 0x0C, 0xB4, 0x77, 0xC2, 0x8E, 0x00, 0x00, 0x00,
0xC1, 0x0D, 0xB2, 0x77, 0xC2, 0x49, 0x00, 0x00, 0x00,
0xC1, 0x0E, 0xB3, 0x77, 0xC2, 0x0E, 0x01, 0x00, 0x00,
0xC1, 0x0F, 0xB1, 0x77, 0xC2, 0x4B, 0x01, 0x00, 0x00,
0xC1, 0x10, 0xB3, 0x77, 0xC2, 0x06, 0x01, 0x00, 0x00,
0xC1, 0x11, 0xB3, 0x77, 0xC2, 0x54, 0x01, 0x00, 0x00,
0xC1, 0x12, 0xB2, 0x77, 0xC2, 0x1A, 0x00, 0x00, 0x00,
0xC1, 0x13, 0xB1, 0x77, 0xC2, 0x42, 0x01, 0x00, 0x00,
0xC1, 0x14, 0xB3, 0x77, 0xC2, 0x53, 0x01, 0x00, 0x00,
0xC1, 0x15, 0xB1, 0x77, 0xC2, 0x1F, 0x01, 0x00, 0x00,
0xC1, 0x16, 0xB3, 0x77, 0xC2, 0x52, 0x01, 0x00, 0x00,
0xC1, 0x17, 0xB4, 0x77, 0xC2, 0xDB, 0x00, 0x00, 0x00,
0xC1, 0x18, 0xB1, 0x77, 0xC2, 0x19, 0x01, 0x00, 0x00,
0xC1, 0x19, 0xB4, 0x77, 0xC2, 0xD9, 0x00, 0x00, 0x00,
0xC1, 0x1A, 0xB1, 0x77, 0xC2, 0x19, 0x01, 0x00, 0x00,
0xC1, 0x1B, 0xB3, 0x77, 0xC2, 0x55, 0x01, 0x00, 0x00,
0xC1, 0x1C, 0xB2, 0x77, 0xC2, 0x19, 0x00, 0x00, 0x00,
0xC1, 0x1D, 0xB3, 0x77, 0xC2, 0x00, 0x01, 0x00, 0x00,
0xC1, 0x1E, 0xB1, 0x77, 0xC2, 0x4B, 0x01, 0x00, 0x00,
0xC1, 0x1F, 0xB2, 0x77, 0xC2, 0x1E, 0x00, 0x00, 0x00,
0xC1, 0x20, 0x80, 0x02, 0x18, 0x00, 0x00, 0x00, 0x23, 0x10,
0xC1, 0x21, 0x80, 0x02, 0x10, 0x00, 0x00, 0x00, 0x23, 0xF7,
0xC1, 0x22, 0x80, 0x02, 0x08, 0x00, 0x00, 0x00, 0x23, 0xF7,
0xC1, 0x23,
0xF7,
0xFE,
0x80, 0x02, 0x05, 0x00, 0x00, 0x00,
0x22,
0x77,
0x10,
0x80, 0x02, 0x07, 0x00, 0x00, 0x00,
0x23,
0x80, 0x02, 0x23, 0x77, 0xF1, 0x98,
0x31, a[1] &= a[2]
0x77,
0x10,
0x80, 0x02, 0x18, 0x00, 0x00, 0x00,
0x23,
0x80, 0x02, 0x20, 0xB9, 0xE4, 0x35,
0x31,
0x77,
0x10,
0x80, 0x02, 0x12, 0x00, 0x00, 0x00,
0x22,
0x77,
0xA0, 0x6FEBF967
0xC1, 0x24, 0x80, 0x02, 0x18, 0x00, 0x00, 0x00, 0x23, 0x10,
0xC1, 0x25, 0x80, 0x02, 0x10, 0x00, 0x00, 0x00, 0x23, 0xF7,
0xC1, 0x26, 0x80, 0x02, 0x08, 0x00, 0x00, 0x00, 0x23, 0xF7,
0xC1, 0x27,
0xF7, a[9] += a[1]
0xFE, a[1] = a[9]
0x32, 0x20, a[3] = 0x20
0x43, a[1] *= a[3]
0x33, a[4] = a[1]
0x77, a[1] ^= a[9]
0x80, 0x02, 0x11, 0x00, 0x00, 0x00, a[2] = 0x11
0x22, a[1] >>= a[2]
0x35, a[5] = a[1]
0x37, a[1] = a[5]
0x38, a[1] ^= a[4]
0x77, a[1] ^= a[9]
0x80, 0x02, 0x0D, 0x00, 0x00, 0x00, a[2] = 0xD
0x23, a[1] <<= 0xD
0x77, a[1] ^= a[9]
0x38, a[1] ^= a[4]
0x39, a[1] ^= a[5]
0x10, a[9] = a[1]
0x32, 0x20, a[3] = 0x20
0x43, a[1] *= a[3]
0x33, a[4] = a[1]
0x77, a[1] ^= a[9]
0x80, 0x02, 0x11, 0x00, 0x00, 0x00, a[2] = 0x11
0x22, a[1] >>= a[2]
0x35, a[5] = a[1]
0x37, a[1] = a[5]
0x38, a[1] ^= a[4]
0x77, a[1] ^= a[9]
0x80, 0x02, 0x0D, 0x00, 0x00, 0x00, a[2] = 0xD
0x23, a[1] <<= 0xD
0x77, a[1] ^= a[9]
0x38, a[1] ^= a[4]
0x39, a[1] ^= a[5]
0xC7, a1 = 0xCF1304DC
0xC1, 0x28, 0x80, 0x02, 0x18, 0x00, 0x00, 0x00, 0x23, 0x10,
0xC1, 0x29, 0x80, 0x02, 0x10, 0x00, 0x00, 0x00, 0x23, 0xF7,
0xC1, 0x2A, 0x80, 0x02, 0x08, 0x00, 0x00, 0x00, 0x23, 0xF7,
0xC1, 0x2B,
0xF7,
0xFE,
0x32,
0x20,
0x43,
0x33,
0x77,
0x80, 0x02, 0x11, 0x00, 0x00, 0x00,
0x22,
0x35,
0x37,
0x38,
0x77,
0x80, 0x02, 0x0D, 0x00, 0x00, 0x00,
0x23,
0x77,
0x38,
0x39,
0x10,
0x32, 0x20,
0x43,
0x33,
0x77,
0x80, 0x02, 0x11, 0x00, 0x00, 0x00,
0x22,
0x35,
0x37,
0x38,
0x77,
0x80, 0x02, 0x0D, 0x00, 0x00, 0x00,
0x23,
0x77,
0x38,
0x39,
0xC8, 0x283B8E84
0x990xA1,
0xC1, 0x00, 0xB1, 0x77, 0xC2, 0x4A, 0x01, 0x00, 0x00, 0x7b^0x4a=
0xC1, 0x01, 0xB2, 0x77, 0xC2, 0x19, 0x01, 0x00, 0x00, 0x19^0x2f=
0xC1, 0x02, 0xB4, 0x77, 0xC2, 0xDD, 0x01, 0x00, 0x00, 0xe8^0xdd=
0xC1, 0x03, 0xB3, 0x77, 0xC2, 0x0F, 0x01, 0x00, 0x00, 0x0f^0x37=
0xC1, 0x04, 0xB2, 0x77, 0xC2, 0x1B, 0x01, 0x00, 0x00,
0xC1, 0x05, 0xB4, 0x77, 0xC2, 0x89, 0x01, 0x00, 0x00,
0xC1, 0x06, 0xB1, 0x77, 0xC2, 0x19, 0x01, 0x00, 0x00,
0xC1, 0x07, 0xB3, 0x77, 0xC2, 0x54, 0x01, 0x00, 0x00,
0xC1, 0x08, 0xB1, 0x77, 0xC2, 0x4F, 0x01, 0x00, 0x00,
0xC1, 0x09, 0xB1, 0x77, 0xC2, 0x4E, 0x01, 0x00, 0x00,
0xC1, 0x0A, 0xB3, 0x77, 0xC2, 0x55, 0x01, 0x00, 0x00,
0xC1, 0x0B, 0xB3, 0x77, 0xC2, 0x56, 0x01, 0x00, 0x00,
0xC1, 0x0C, 0xB4, 0x77, 0xC2, 0x8E, 0x00, 0x00, 0x00,
0xC1, 0x0D, 0xB2, 0x77, 0xC2, 0x49, 0x00, 0x00, 0x00,
0xC1, 0x0E, 0xB3, 0x77, 0xC2, 0x0E, 0x01, 0x00, 0x00,
0xC1, 0x0F, 0xB1, 0x77, 0xC2, 0x4B, 0x01, 0x00, 0x00,
0xC1, 0x10, 0xB3, 0x77, 0xC2, 0x06, 0x01, 0x00, 0x00,
0xC1, 0x11, 0xB3, 0x77, 0xC2, 0x54, 0x01, 0x00, 0x00,
0xC1, 0x12, 0xB2, 0x77, 0xC2, 0x1A, 0x00, 0x00, 0x00,
0xC1, 0x13, 0xB1, 0x77, 0xC2, 0x42, 0x01, 0x00, 0x00,
0xC1, 0x14, 0xB3, 0x77, 0xC2, 0x53, 0x01, 0x00, 0x00,
0xC1, 0x15, 0xB1, 0x77, 0xC2, 0x1F, 0x01, 0x00, 0x00,
0xC1, 0x16, 0xB3, 0x77, 0xC2, 0x52, 0x01, 0x00, 0x00,
0xC1, 0x17, 0xB4, 0x77, 0xC2, 0xDB, 0x00, 0x00, 0x00,
0xC1, 0x18, 0xB1, 0x77, 0xC2, 0x19, 0x01, 0x00, 0x00,
0xC1, 0x19, 0xB4, 0x77, 0xC2, 0xD9, 0x00, 0x00, 0x00,
0xC1, 0x1A, 0xB1, 0x77, 0xC2, 0x19, 0x01, 0x00, 0x00,
0xC1, 0x1B, 0xB3, 0x77, 0xC2, 0x55, 0x01, 0x00, 0x00,
0xC1, 0x1C, 0xB2, 0x77, 0xC2, 0x19, 0x00, 0x00, 0x00,
0xC1, 0x1D, 0xB3, 0x77, 0xC2, 0x00, 0x01, 0x00, 0x00,
0xC1, 0x1E, 0xB1, 0x77, 0xC2, 0x4B, 0x01, 0x00, 0x00,
0xC1, 0x1F, 0xB2, 0x77, 0xC2, 0x1E, 0x00, 0x00, 0x00,
0xC1, 0x20, 0x80, 0x02, 0x18, 0x00, 0x00, 0x00, 0x23, 0x10,
0xC1, 0x21, 0x80, 0x02, 0x10, 0x00, 0x00, 0x00, 0x23, 0xF7,
0xC1, 0x22, 0x80, 0x02, 0x08, 0x00, 0x00, 0x00, 0x23, 0xF7,
0xC1, 0x23,
0xF7,
0xFE,
0x80, 0x02, 0x05, 0x00, 0x00, 0x00,
0x22,
0x77,
0x10,
0x80, 0x02, 0x07, 0x00, 0x00, 0x00,
0x23,
0x80, 0x02, 0x23, 0x77, 0xF1, 0x98,
0x31, a[1] &= a[2]
0x77,
0x10,
0x80, 0x02, 0x18, 0x00, 0x00, 0x00,
0x23,
0x80, 0x02, 0x20, 0xB9, 0xE4, 0x35,
0x31,
0x77,
0x10,
0x80, 0x02, 0x12, 0x00, 0x00, 0x00,
0x22,
0x77,
0xA0, 0x6FEBF967
0xC1, 0x24, 0x80, 0x02, 0x18, 0x00, 0x00, 0x00, 0x23, 0x10,
0xC1, 0x25, 0x80, 0x02, 0x10, 0x00, 0x00, 0x00, 0x23, 0xF7,
0xC1, 0x26, 0x80, 0x02, 0x08, 0x00, 0x00, 0x00, 0x23, 0xF7,
0xC1, 0x27,
0xF7, a[9] += a[1]
0xFE, a[1] = a[9]
0x32, 0x20, a[3] = 0x20
0x43, a[1] *= a[3]
0x33, a[4] = a[1]
0x77, a[1] ^= a[9]
0x80, 0x02, 0x11, 0x00, 0x00, 0x00, a[2] = 0x11
0x22, a[1] >>= a[2]
0x35, a[5] = a[1]
0x37, a[1] = a[5]
0x38, a[1] ^= a[4]
0x77, a[1] ^= a[9]
0x80, 0x02, 0x0D, 0x00, 0x00, 0x00, a[2] = 0xD
0x23, a[1] <<= 0xD
0x77, a[1] ^= a[9]
0x38, a[1] ^= a[4]
0x39, a[1] ^= a[5]
0x10, a[9] = a[1]
[招生]科锐逆向工程师培训(2024年11月15日实地,远程教学同时开班, 第51期)
|
|
|---|---|
