-
-
[原创]ttEncrypt加密逆向分析(详细版)
-
发表于: 2025-3-31 11:34
-
ttEncrypt加密方式已经是公开的秘密了,网上已经有公开的文章分析:https://bbs.kanxue.com/thread-282300.htm
本文只是公开自己的分析过程,供新手参考学习。
EncryptorUtil 类的 ttEncrypt 函数用于对一段二进制数据加密(用于http请求body加密),函数定义如下:
函数传入 byte[] 和 长度,返回一个 byte[],其 native 层代码位于 libEncryptor.so 中
IDA 反编译 so 发现并没有直接jni 绑定,因此 hook RegisterNatives 函数寻找绑定的 native 层函数地址:
打印输出:
[RegisterNatives] method_count: 0x1 0x76d0acbd6c libEncryptor.so!0xd6c
[RegisterNatives] java_class: com.bytedance.frameworks.encryptor.EncryptorUtil name: ttEncrypt sig: ([BI)[B fnPtr: 0x76d0ad2d88 module_name: libEncryptor.so module_base: 0x76d0acb000 offset: 0x7d88
native 层函数位于文件偏移 0x7d88 处。
反编译代码如下:
这是补全变量类型后的反编译代码,获取传入的 jbytearray 后,转成 jbyte*,重新申请 size+118大小的内存,然后调用 sub_2BD4函数处理,如果处理的长度大于 0,则调用NewByteArray、SetByteArrayRegion 拷贝处理的结果并返回,否则返回 NULL。因此函数sub_2BD4 内部会处理加密逻辑,并且加密后的大小是 size + 118.
汇编代码对应如下:
反编译 sub_2BD4:
实际是调用 sub_2D28,并传入了一些参数,我们看汇编代码看参数是怎么传递的:
这个函数有 5 个参数,
参数 1:地址 0xB2C0,是一个数据段的地址,看起来像是一个字节码序列
参数 2:是一个参数指针,里面保存了调用者传入的 4 个参数,即 jbyte和 jsize char 和 int*
参数 3:0
参数 4:地址 0x21CE0,像是一个地址数组
参数 5:是一个地址,里面保存了函数 sub_2D1C 和 sp +0x510
函数 sub_2D28 反编译代码:
控制流图:
反编译代码完全看不懂处理的逻辑,并且控制流非常复杂。有点像控制流平坦化混淆,结合了虚假控制流等,因为在控制流上有非常多平行的基本块,通过一个 dispatch 在分发。但是控制流平坦化的逻辑是每个基本块末尾会有一个常量衔接了另一个基本块。而且控制流平坦化一般不涉及到对函数参数的处理,涉及的一般是基本块或指令。这个应该是虚拟机混淆。
再次查看函数 sub_2BD4 的汇编指令,发现函数头部 SP, SP, #0x520 申请的栈空间特别大,函数内部只需要很小的栈空间,然后参数5中传入 sp+0x510,栈中的一个地址,所以参数5指向的栈地址,应该是虚拟机的内存和context所需的内存大小,在函数sub_2BD4栈中分配,但是并没有初始化操作,只是将这个栈内存指针传递到了 sub_2D28 这个虚拟机函数,那么在虚拟机函数中一定会做初始化。
分析虚拟机函数:
虚拟机函数的第一个基本块,保存了虚拟机函数所需要的 5 个参数,
参数1保存在 [X19 - 0x138],同时也在寄存器 X0中。
参数2保存在 [X19 - 0x110],这是一个参数指针,指针里有4个原函数运行参数。
参数3保存在 [X19 - 0x108],值为0。
参数4保存在 [X19-0x100],是一个地址数组
参数5的部分 [X19- 0xF8],是一个函数地址
接着给部分寄存器赋值常量和跳转表,无跳转跳转到 loc_2DD8 运行,因此继续分析 loc_2DD8 处的汇编指令:
上述的代码块像是取值和分发环节,从 X0 寄存器取出4字节,保存到 W12中, 低 6 位W12[0-5]作为操作码,是一个索引,根据这个索引定位到跳转地址。W8 = W12[16:20],W9 = W12[21:25],W10 = W12[ 31,12:15],W11 = W12[26:30],还有 6-11位域没有处理。
接下来就是指令的译码环节:
字节码指令的起始位置是 0xB2C0,结束位置在B5B3:
字节码的总长度是 0x2F4,每个指令占4个字节,因此一共有0xBD个指令,十进制是 189个 ,写一个脚本统计字节码中出现的所有操作码:
输出如下:
40: 28
59: 56
47: 57
2: 38
15: 2
42: 2
4: 1
62: 1
21: 2
54: 2
先分析出现最多的操作码:47,X28存放了跳转表的起始地址,文件偏移 0xA960处:
跳转地址保存在 0xA960 + 47 * 4 = 0xAA1C处:
跳转地址是 loc_333C:
再次解析字节码,当 opcode = 47时,输出第二个操作码:
输出如下:
op1: 40: 28
op1: 59: 56
op1: 2: 38
op1: 15: 2
op1: 42: 2
op1: 4: 1
op1: 62: 1
op1: 21: 2
op1: 54: 2
op1: 47, op2: 24: 30
op1: 47, op2: 3: 1
op1: 47, op2: 49: 2
op1: 47, op2: 39: 8
op1: 47, op2: 22: 15
op1: 47, op2: 26: 1
当 op2 = 24时,跳转地址保存在 0xAFD8 + 4 * 24 = 0xB038:
因此 op1 = 47 & op2 = 24的解码地址是 loc_411c:
虚拟机函数的入口代码块有对 W23 和 W24寄存器赋值:
loc_41AC:
def_4104(应该是虚拟指令执行结束后的尾部):
这个基本块执行后,更新了当前字节码的地址,保存到了X21寄存器只想的内存中。但是还没有完成当前指令的功能。跳回到了 loc_2DD4 ,回到了指令分发块。 可能这个指令的前面会设置控制变量 [X19 - 0x20] 的值,1、2、3会跳转到不同分支继续执行。
先跳过这个指令,分析 op1 = 59 的情况:
跳转地址保存在 0xA960 + 59 * 4 = 0xAA4C处:
跳转地址位于 loc_2F70:
上述基本块从W12寄存器中提取出一个16位的常数,具体提取方式是 W11[0:5] = W12[6:11] ,W11[6] = W12[26] W11[7:11] = W12[27:31],W11[12:15] = W12[12:15] , W9 = W12[21:25] 取出了一个虚拟寄存器的地址,这是一个索引,ADD X9, X21, W9,UXTW#3 计算虚拟寄存器的具体地址,接着 LDR X9, [X9,#8] 取出虚拟寄存器的值 ADD X9, X9, W11,SXTH,虚拟寄存器的值+常数偏移 → X9 = vXn + imm
跳转到 loc_356C继续执行:
W8 = W12[16:20],也是从字节码中提取的一个虚拟寄存器索引, ADD X8, X21, W8, UXTW#3 ,得到虚拟寄存器的实际地址, LDR X8, [X8, #8],得到虚拟寄存器的值保存在X8, STR X8. [X9],即将一个虚拟寄存器的值保存在另一个虚拟寄存器指向的地址+偏移处。
通过上面分析可知,W12[21:25] 是目标寄存器索引,W12[16:20]是源寄存器索引,W12[6:11, 26, 27:31, 12:15] 是常数 ,即 op1 = 59 的指令是 STR Xn , [Xd + imm],是一个存储指令。
接着分析 op1 = 2时的指令处理流程:
跳转地址在 loc_2E50:
字节码的常量是 W12[6:11, 26, 27:31, 12:15] 组成,同上一个指令一样。 W8 = W12[16:20],W9 = W12[21:25] , 这里取 W9作为虚拟寄存器 + imm得到一个内存地址,继续看跳转后 loc_ox33D8逻辑:
这里很简单,从虚拟原寄存器+偏移指向的地址取出值,保存到X9,然后跳转到 loc_3C1C:
W8 是另一个虚拟寄存器偏移,X21 + W8 * 8,指向了虚拟寄存器地址,STR X9, [X8,#8] 即将上一步从虚拟寄存器+偏移地址处的值,保存到了W8指向的虚拟寄存器。所以这是一个LOAD指令: LOAD Xd, [Xn, #imme],目的寄存器 = [源寄存器+常量]
其中 W8 是目的寄存器索引,W9 是源寄存器索引
后面 def_4104 的操作就是把虚拟 PC 的指针移动 4 个字节,因为每次取的字节码就是 4 个字节。然后判断 [X19,#-0x20] 的值是否是 1 2 3,分别对应不同的操作,最后判断X0,也就是虚拟PC的值是否是0,如果不是0,则跳转到 loc_2DD4 进行下一轮的取值和分发
所以 def_4104 应该是每个虚拟指令结束后的公共操作,主要作用是 移动PC 到下一个虚拟指令地址,并通过 [X19,#-0x20] 这个状态控制变量决定是否做其他操作,暂时未分析到对 [X19,#-0x20] 赋值的地方。
接着分析op1 = 40时的流程:
跳转地址保存在 A960 + 40 * 4 = AA00 → loc_3044
这里看起来对应了多个 case 的跳转,W10 是从指令中取出来的一个常量,op = 40 和 13 的下一步处理都在 loc_3144
上面分析可知,op1 = 40 是一个加法指令,W8表示目标寄存器, W9表示源寄存器,指令是 ADD Xd,Xn,#imme。16位常量是 W12[6:11,27:31,26,12:15]
接着分析op1 = 15流程:
A960 + 15 * 4 = A99C →loc_2ECC:
跳转到 0x2F1C:
地址 0x35C8:
如果 X9 = X11,跳转到0x2F64,否则跳转到 0x3628 :
这里像是一个比较指令,CMP Xn, Xm,比较后设置相关的虚拟寄存器值和控制变量的值。保存PC指针值到 [X19,#-0x18],这里PC指针值可能会根据指令中的常量计算得到。
有些指令会设置控制变量,以及指令之间有前后关联,这次根据虚拟指令的执行顺序,逐个分析:
op1 = 40 ADD
op1 = 59 STR
op1 = 59
op1 = 59
op1 = 59
op1 = 59
op1 = 59
op1 = 59
op1 = 59
op1 = 59
op1 = 59
op1 = 47, op2 = 24
op1 = 2 LOAD
op1 = 2
op1 = 2
op1 = 2
op1 = 2
op1 = 2
op1 = 2
op1 = 2
op1 = 2
op1 = 2
op1 = 2
op1 = 2
op1 = 40
op1 = 59
op1 = 2
op1 = 47, op2 = 3
op1 = 15
op1 = 47, op2 = 49
op1 = 42
op1 = 59
op1 = 59
op1 = 4
op1 = 62
op1 = 47, op2 = 39
op1 = 59
op1 = 47, op2 = 39
op1 = 59
op1 = 47, op2 = 39
op1 = 59
op1 = 47, op2 = 39
op1 = 59
op1 = 47, op2 = 39
op1 = 59
op1 = 47, op2 = 39
op1 = 47, op2 = 39
op1 = 47, op2 = 39
op1 = 40
op1 = 59
op1 = 40
op1 = 47, op2 = 24
op1 = 47, op2 = 24
op1 = 59
op1 = 47, op2 = 22
op1 = 59
op1 = 59
op1 = 2
op1 = 59
op1 = 40
op1 = 47, op2 = 24
op1 = 47, op2 = 22
op1 = 47, op2 = 24
op1 = 40
op1 = 40
op1 = 59
op1 = 47, op2 = 24
op1 = 47, op2 = 22
op1 = 47, op2 = 24
op1 = 40
op1 = 59
op1 = 2
op1 = 47, op2 = 24
op1 = 47, op2 = 22
op1 = 47, op2 = 24
op1 = 40
op1 = 59
op1 = 59
op1 = 59
op1 = 59
op1 = 59
op1 = 2
op1 = 59
op1 = 47, op2 = 24
op1 = 47, op2 = 22
op1 = 47, op2 = 24
op1 = 40
op1 = 40
op1 = 59
op1 = 47, op2 = 24
op1 = 47, op2 = 22
op1 = 47, op2 = 24
op1 = 40
op1 = 2
op1 = 59
op1 = 2
op1 = 59
op1 = 59
op1 = 2
op1 = 47, op2 = 24
op1 = 47, op2 = 22
op1 = 40
op1 = 40
op1 = 40
op1 = 59
op1 = 59
op1 = 59
op1 = 2
op1 = 47, op2 = 24
op1 = 47, op2 = 22
op1 = 47, op2 = 24
op1 = 40
op1 = 40
op1 = 59
op1 = 47, op2 = 24
op1 = 59
op1 = 59
op1 = 47, op2 = 24
op1 = 47, op2 = 24
op1 = 47, op2 = 22
op1 = 47, op2 = 24
op1 = 21
op1 = 59
op1 = 2
op1 = 59
op1 = 54
op1 = 2
op1 = 47, op2 = 24
op1 = 47, op2 = 22
op1 = 40
op1 = 40
op1 = 21
op1 = 40
op1 = 59
op1 = 54
op1 = 59
op1 = 59
op1 = 59
op1 = 59
op1 = 59
op1 = 2
op1 = 40
op1 = 59
op1 = 2
op1 = 47, op2 = 24
op1 = 47, op2 = 22
op1 = 40
op1 = 2
op1 = 15
op1 = 47, op2 = 49
op1 = 40
op1 = 2
op1 = 42
op1 = 59
op1 = 2
op1 = 59
op1 = 59
op1 = 40
op1 = 2
op1 = 47, op2 = 24
op1 = 47, op2 = 22
op1 = 47, op2 = 24
op1 = 59
op1 = 40
op1 = 47, op2 = 24
op1 = 47, op2 = 22
op1 = 47, op2 = 24
op1 = 40
op1 = 59
op1 = 47, op2 = 24
op1 = 47, op2 = 22
op1 = 47, op2 = 24
op1 = 40
op1 = 59
op1 = 47, op2 = 24
op1 = 47, op2 = 22
op1 = 47, op2 = 24
op1 = 2
op1 = 2
op1 = 2
op1 = 2
op1 = 2
op1 = 2
op1 = 2
op1 = 2
op1 = 2
op1 = 2
op1 = 47, op2 = 26
op1 = 40
那么接下来分析 op1 = 47, op2 = 24 对应的指令:
op1 = 47 时的跳转基地值位于 0xAFD8,op2=24 时,跳转地址保存在 0xAFD8 + 24 * 4 = 0xB038,实际地址为 loc_411C:
所以这个虚拟指令的含义是 Xd = Xt >> (Xn & 0x3F) ,是一个右移位运算,将一个虚拟寄存器的值取低 6 位,这个值就是移动的次数。
接下啦分析 op1 = 47, op2 = 3 对应的虚拟指令:
跳转地址保存在 0xAFE4中,跳转地址是 def_4104 (前面分析过这是一个虚拟指令执行后的共用结尾,但是里面有判断控制变量后二次跳转,以及下一个opcode不为0时,跳转到 loc_2DD4):
loc_2DD4对应取操作码和分发。所以啥都没干,这是一个 NOP指令?
接下来分析 op1 = 47, op2 = 49,这是CMP指令的下一条指令,跳转地址保存在 49 * 4 + 0xAFD8 = 0xB09C:
这个虚拟指令像是 LSL Xd , Xn, Xt
接下来分析 op1 = 42:
上述汇编块主要做了两件事, [X19,#-0x18] 保存下一个指令地址,指令地址跟指令中的常数有关, [X19,#-0x20] = 2
继续分析 op1 = 4:
这是一个常量移位运算和赋值 MOV Xd, #imee, LSL #0x16.
下一个 op1 = 62:
这是一个或运算, Xd = Xn | (#imme & 0xFFFF), 只对低16位进行或运算操作。
下一个 op1 = 47, op2 = 39,跳转地址保存在 0xB074:
这个跳转好像有问题,先分析下一个
分析了几次 op1 = 47 的情况发现有问题,发现handler都不太对,再次分析 op1 = 47时,对op2的分发情况:
问题出现在 SUB W14, W13, #0x6F 没有分析对,0x6F是7位,一个op用6位编码,而47对应的十六进制是 0x2F,因此 当 op1 = 0x2f时, (W13 - 0x6F) >> 6 等同于 (W13 >> 6) -1,等同于 op2 -1 ,即二次跳转的下标是 op2 -1,不是op2
再次分析 op1 = 47 & op2 = 24:
0xAFD8 + 23 * 4 = 0xB034,跳转地址是 loc_3AD0 (IDA后面的case 干扰了分析,不仔细分析还以为是下一个):
上面的代码块可以明显看出,对应的虚拟指令是 ORR Xd, Xn, Xt,是一个或运算指令。
再次分析 op1 = 47, op2 = 3:
所以这个指令是 CMP Xn, Xt; SET Xd, LT。比较两个寄存器的值,如果小于,则设置目标寄存器为1,否则设置为0
再次分析 op1 = 47, op2 = 49,跳转地址保存在 0xB098,跳转地址是loc_3A60:
这个指令是 LSL Xd, Xn , #imme ,将一个寄存器的值,左移指定位数,保存到另一个寄存器。这里的 #imme是 W11的值,也就是某个虚拟寄存器的下标,这里直接使用当成了位移的个数,当W11 = 0,时,就是一个NOP指令
再次分析 op1 = 47, op2 = 39,跳转地址保存在 0xB070,跳转地址是 loc_3364:
所以又是一个加法操作, Xd = Xn + Xt
接下来分析 op1 = 47, op2 = 22,跳转地址保存在 0xB02C,跳转地址是 loc_4094:
上述汇编代码设置 [X19,#-0x18] 为某个虚拟寄存器的值,设置 [X19,#-0x20] 的值为 2 。
虚拟指令公共末尾处,当 [X19 - 0x20] 的值为 1 或 3 时:
所以当 把 [X19,#-0x20] 地址写入 1 或者 3 时,此时是一个函数调用流程。跳转指令一定会涉及到对虚拟机传入的参数处理,以及返回值的处理,这里先跳过具体的细节,分析下一条虚拟指令。
接着分析 op1 = 21:
上述代码先取出一个常量保存在 W10, 取出虚拟寄存器保存在 X9,相加后保存在另一个虚拟寄存器中,即加法指令: Xd = Xn + #imme;
接着分析 op1 = 54:
看起来是一个 store指令, STORE Xn, [Xd + #imme] ,取出一个32位虚拟寄存器的值,保存到另一个寄存器指向的地址+偏移处。
接着分析 op1 = 47, op2 = 49:
这是一个左移位指令。
接着分析 op1 = 47, op2 = 26:
操作 [X19,#-0x20] = 2 & [X19,#-0x18] = Xn & next
到目前为止,这个函数涉及的虚拟指令的含义都清楚了,但是还有几处细节需要继续分析:
1、虚拟Context 和 虚拟内存(栈),具体对应哪个内存区域,怎么划分。
2、真实寄存器的使用情况,以及与虚拟堆栈和虚拟寄存器的对应。
3、虚拟机入口,虚拟机参数和函数参数具体保存在了虚拟寄存器和虚拟内存哪个具体位置,以及初始化时具体做什么了操作。
4、[X19,#-0x18] 和 [X19,#-0x20] 这两个变量赋值后的处理流程细节。这里应该涉及到了函数调用和退出虚拟机。
5、函数调用时的参数和返回值处理细节。
1、虚拟空间划分。
进入虚拟机前的函数在栈中分配了虚拟空间,并通过第 5 个参数传入了内存指针,用于虚拟空间操作,具体是
将虚拟内存的首地址保存在了 X19 寄存器中,在 VM初始化过程中,涉及到对虚拟内存指针的赋值操作:
同时在寻找虚拟寄存器过程中,是以X21寄存器作为基地值,偏移值是 下标 * 8 + 8,如下方的代码,下标范围是 0-31,共 32 个虚拟寄存器:
而取下一个虚拟指令是根据 X21寄存器:
根据上面的代码逻辑,得出结论:
1、X21,也就是 X19 - 0x138 保存了虚拟 PC地址。
2、 X21 + i * 8 + 8 表示虚拟寄存器 Xi,i用 5 位 表示,取值范围 0 -31,共 32 个虚拟寄存器:
X19 - 0x130 表示 虚拟寄存器 X0
X19 - 0x128 表示 虚拟寄存器 X1
X19 - 0x120 表示 虚拟寄存器 X2
X19 - 0x118 表示 虚拟寄存器 X3
X19 - 0x110 表示 虚拟寄存器 X4
X19 - 0x108 表示 虚拟寄存器 X5
X19 - 0x100 表示 虚拟寄存器 X6
X19 - 0xF8 表示 虚拟寄存器 X7
X19 - 0xF0 表示 虚拟寄存器 X8
X19 - 0xE8 表示 虚拟寄存器 X9
X19 - 0xE0 表示 虚拟寄存器 X10
X19 - 0xD8 表示 虚拟寄存器 X11
X19 - 0xD0 表示 虚拟寄存器 X12
X19 - 0xC8 表示 虚拟寄存器 X13
X19 - 0xC0 表示 虚拟寄存器 X14
X19 - 0xB8 表示 虚拟寄存器 X15
X19 - 0xB0 表示 虚拟寄存器 X16
X19 - 0xA8 表示 虚拟寄存器 X17
X19 - 0xA0 表示 虚拟寄存器 X18
X19 - 0x98 表示 虚拟寄存器 X19
X19 - 0x90 表示 虚拟寄存器 X20
X19 - 0x88 表示 虚拟寄存器 X21
X19 - 0x80 表示 虚拟寄存器 X22
X19 - 0x78 表示 虚拟寄存器 X23
X19 - 0x70 表示 虚拟寄存器 X24
X19 - 0x68 表示 虚拟寄存器 X25
X19 - 0x60 表示 虚拟寄存器 X26
X19 - 0x58 表示 虚拟寄存器 X27
X19 - 0x50 表示 虚拟寄存器 X28
X19 - 0x48 表示 虚拟寄存器 X29
X19 - 0x40 表示 虚拟寄存器 X30
X19 - 0x38 表示 虚拟寄存器 X31
根据前面的分析可知:
X19 - 0x20 表示控制变量,控制流程和函数调用
X19 - 0x18 用于配合控制变量保存地址
X19 - 0x10 表示函数的返回地址
X19 - 0x8 表示初始的 PC地址,即 opcode 首地址
虚拟机初始化时 [X19 - 0x48] = X8 = X19 - 0x150,即虚拟寄存器 X29 = X19 -0x150,应该对应虚拟栈,即虚拟寄存器X29是虚拟 SP寄存器,初始时,指向 X19 - 0x150
同时,根据虚拟寄存器的表示,就可以清楚的知道,函数的参数在初始化时,保存在了哪个虚拟寄存器中,这个在第 3 点详细分析。
2、真实寄存器使用
根据前面对每个 handler 的逻辑分析,总结下真实寄存器的使用情况:
X0 主要用于虚拟 PC寻址,保存当前虚拟 PC地址,或者函数调用和跳转时的取地址。
X1 主要用于取控制变量并判断。
X2 暂未发现特殊用处
X3 暂未发现特殊用处
X4 暂未发现特殊用处
X5 暂未发现特殊用处
X6 暂未发现特殊用处
X7 暂未发现特殊用处
W8 虚拟寄存器索引
W9 虚拟寄存器索引
W10 虚拟寄存器索引
W11 虚拟寄存器索引
W12 虚拟指令
W13 虚拟指令操作码
X14 暂未发现特殊用处
X15 暂未发现特殊用处
X16 暂未发现特殊用处
X17 暂未发现特殊用处
X18 暂未发现特殊用处
X19 虚拟内存指针
X20 暂未发现特殊用处
X21 虚拟 Context指针
X22 跳转表
X23 跳转表
…………
3、初始化时函数参数
上述代码是虚拟机初始化时对参数的处理逻辑:
真实函数参数指针保存在 [X19 - 0x110],即虚拟寄存器 X4。
参数 3 保存在 [X19 - 0x108],即虚拟寄存器 X5 = 0。
参数4 ,函数地址, 保存在 [X19-0x100],即虚拟寄存器 X6。
跳板函数sub_2D1C保存在 [X19- 0xF8],即虚拟寄存器 X7。
初始化时其它操作:
上述代码对应 虚拟寄存器 X0 = 0,虚拟寄存器 X31 = 0
上述代码对应 虚拟寄存器 X29 = X19 - 0x150(AND操作后,抹去最低 4 位,16 字节对齐,值变小了,所以是 X19 = 0x150)
4、控制变量处理流程
在handler 末尾,基本块 def_4104 会对控制变量做处理,同时取指令开头,基本块 loc_2DD8 也会对控制变量做处理,同时某些handler 中,会对控制变量赋值操作。
这次以 op1 = 47, op2 = 22,为例,详细分析控制变量的处理流程:
1)根据前面的分析,handler 执行后, [X19,#-0x18] 为某个虚拟寄存器的值,设置 [X19,#-0x20] 的值为 2。
2)末尾 def_4104 关于控制变量的处理逻辑:
即当 [X19,#-0x20] 等于 2 时,跳转到 loc_3C54,当 [X19,#-0x20] 等于 1 或 3 时,跳转到 loc_3E70。loc_3C54的逻辑很简单:
只要 X0的值不为 0,跳转到 loc_2DD4 继续执行,这个地址就是取指令的开头,如果不涉及控制变量,会跳转到 loc_2DD8。正常执行虚拟指令时, PC的值不会为 0。此时会进入下一个虚拟指令的取指和执行环节。
接着分析取指部分:
所以取指令时,如果发现 [X19,#-0x20] 等于 2,会将 [X19,#-0x20] 赋值为 3,那么当前指令执行结束后,在末尾 def_4104会继续执行上一个指令,完成函数调用或跳转。因此包含 [X19,#-0x20] = 2操作的指令,实际执行时间是下一条指令后面。
3)分析控制变量实际处理逻辑
控制变量值为 1 或 3 时,跳转到 loc_3E70:
4)结论
跳转指令、函数调用指令、退出虚拟机指令,通过设置 [X19,#-0x20] 的值来实现,[X19,#-0x20]设置为 2 时,会在执行下一个指令后,再在末尾执行这条指令,当执行函数调用时,[X19,#-0x18] 必须设置成跳板函数地址。函数执行完后,会从 [X19,#-0x10] 恢复虚拟PC。当执行跳转指令时,[X19,#-0x18]必须设置成下一个虚拟指令地址,会用这个地址更新虚拟 PC。当退出虚拟机时,设置 [X19,#-0x18]为 0。
5、函数调用细节
函数调用通过跳板函数实现,跳板函数逻辑如下:
这个逻辑非常简单,参数 1 传入地址,参数 2 传入参数指针,直接调用参数 1 的地址。这里不涉及对返回值的处理。所以返回值应该保存在参数指针中,并且调用的地址是一个对 api的 wrap.
通过上面的分析,对虚拟指令的控制逻辑已经非常清楚了,下面再次分析前面没有完全识别的虚拟指令:
op1 = 15 时
op1 = 42时
op1 = 47, op2 = 22(可能是函数调用)
op1 = 47, op2 = 26
1)当op1 = 15 时
根据前面的细节分析,如果 [X19,#-0x20] = 1,指令末尾会进行跳转操作,如果 [X19,#-0x20] = 2,会在下一条指令结束后执行跳转操作。这条指令当 Xm = Xn时,[X19,#-0x20] = 2,[X19,#-0x18] = PC + #imme,当 Xm != Xn时,[X19,#-0x20] = 1,且 [X19,#-0x18] = PC + 8。所以这是一个条件跳转指令,当 Xm != Xn时,直接在指令末尾跳转到当前 PC+8处,当 Xm = Xn 时,跳转到 PC + #imme 处。巧合的是,这条指令的后是一个 NOP指令,所以 PC+8就是下一条指令,这条指令可以认为是,B.EQ,相等时跳转
2)当 op1 = 42时
述指令执行后 [X19,#-0x20] = 2,[X19,#-0x18] = PC首地址 + #imme, 因此这是一个无条件跳转指令 B #imme
3)op1 = 47, op2 = 22
这条指令执行后,[X19,#-0x20] = 2,[X19,#-0x18] = Xm,这里可以猜测,虚拟指令执行到这里的时候 Xm一定等于 X22跳板函数地址,因为函数调用时必须保证 [X19,#-0x18] 指向跳板函数地址,并且[X19,#-0x10] 会保存下一条虚拟指令地址。所以这是一个函数调用指令。 BR Xm。当然也可能是跳转指令或退出指令,取决于实际执行上下文时的 Xm值
4) op1 = 47, op2 = 26时
指令执行后 [X19,#-0x20] = 2,且 [X19,#-0x18] = Xm,当 Xm = 0 时,退出虚拟机,并且没有进入通用末尾,直接跳转到下一个指令分发处。所以很大可能还是执行下一个指令后退出虚拟机。
5)函数执行和跳转具体逻辑
上述代码无论时跳转还是函数调用,都会 使用[X19,#-0x18]保存的值更新虚拟 PC,如果是函数调用指令,调用完后会从 [X19,#-0x10] 处取值更新虚拟 PC,然后执行下一条虚拟指令。
在虚拟指令中进行函数调用时,br Xm,这个虚拟寄存器 Xm一定是跳板函数的地址,虚拟寄存器 X4保存实际调用函数的地址,虚拟寄存器 X5保存了参数指针和返回值地址。
所有虚拟指令已分析完,最后反汇编,分析算法
上述虚拟指令的逻辑如下:
1、同 ARM64平台的函数调用一样,先申请函数栈空间,然后保存现场环境,即必要的一些寄存器保存起来,函数执行完后再恢复。
2、转存真实的函数参数和读取加密后的函数地址。
3、分析参数,目标内存大小必须要至少比原二进制大 0x76,这和后面算法的流程有关,若不满足,则跳转后退出。
4、解密函数地址,解密方式就是与常量 0xFFA10620相加,带符号。
5、实际的算法流程,算法流程在后面解释。
7、free释放算法处理中malloc申请的内存。
8、函数调用完,恢复寄存器,函数返回。
关于函数参数和返回值的处理:
虚拟寄存器 X4存放了实际函数地址
虚拟寄存器 X5是一个地址,里面连续存储了参数参数列表和返回值,以 malloc_wrap为例,位于 0x2C50
经过逐行分析,上述代码的逻辑已经很清楚了。
1、首先申请 0x20字节内存,并生成随机数填满。
2、申请内存用于保存 key 和 iv
3、根据随机数,调用另一个 vm混淆的函数,生成aes加密需要的 key 和 iv,都是 0x10字节。该 VM函数暂未分析。
4、再次申请 size + 0x40字节的内存空间。
5、sha512计算原二进制的 hash,得到一个长度为 0x40字节,将 hash和原二进制都保存到上面申请的地址中。
6、拷贝 6 字节 magic和 0x20字节随机数到目标的内存的前面
6字节 flag是 "\x74\x63\x05\x10\x00\x00"
7、aes加密,待加密数据是第 5 步获取的二进制串,保存到目标内存+0x26偏移处。
8、释放内存,释放了 aes_key内存、iv内存、rand内存和 hash拼接串内存。
该虚拟机方案总结
1、虚拟指令使用固定 4 字节编码,操作码可能有 1 个或2个,操作码使用 6 位编码,寄存器使用5 位编码,因此一条指令可以表示 2 个操作码和 4 个寄存器,寄存器可以有 32 个。
2、使用一个控制变量实现函数调用和跳转指令,控制变量的值是 0 1 2 3,其中 0 是默认值,表示没有跳转相关指令。1会在指令结束后执行跳转,2 会在下一个指令的开头赋值成 3,并在下一个指令结束后执行跳转或函数调用或退出。会有一个地址变量决定是什么操作,如果地址是 0,表示退出虚拟机,如果等于跳板函数地址,则执行函数调用,否则执行跳转操作。如果时函数调用,则在调用完后,从返回地址变量中恢复下一个虚拟指令地址。
3、函数调用使用一个跳板函数实现,调用跳板函数时,参数 1 是实际函数地址,参数 2 是参数和返回值指针,这里的实际函数地址也是对实际真实函数的一个包装,目的时可以从参数指针中取出参数并调用,并且保存返回值。
4 、虚拟机调用的外部函数存放在一个函数表中,函数地址有加密,并在虚拟指令执行时解密,解密方式只是一个加法运算。
分析另一个 VM混淆函数
虚拟指令中会调用函数地址 0x2CA4,这是一个wrap,用于传入随机数,生成aes_key,和 iv,真实的函数也使用vm混淆过,但为了还原算法,也必须分析这个函数的逻辑
这个函数通过指针传递了 6 个参数,通过前面的分析可以知道,这 6 个参数分别是 pRand, randLen, pKey, keyLen, pIV, ivLen。函数代码如下
这个也函数也只是调用虚拟机函数的入口,传入字节码地址等参数,实际是调用 vm混淆函数 sub_4C80。这里的逻辑和上面分析的 sub_2BD4一样。
这个虚拟机函数的字节码地址位于0xDFC0,字节码长度为 0x1C8,解释器逻辑和前面的一样,统计字节码个数如下:
op1: 40: 15
op1: 59: 38
op1: 2: 27
op1: 4: 1
op1: 62: 1
op1: 47, op2: 24: 16
op1: 47, op2: 39: 6
op1: 47, op2: 22: 9
op1: 47, op2: 26: 1
涉及的字节码前面都有分析过,那么分析参数传递后直接反汇编成伪代码:
虚拟机初始化代码:
上述代码是虚拟机初始化时对参数的处理逻辑:
真实函数参数指针保存在 [X19 - 0x110],即虚拟寄存器 X4。
参数 3 保存在 [X19 - 0x108],即虚拟寄存器 X5 = 0。
参数4 ,函数地址, 保存在 [X19-0x100],即虚拟寄存器 X6。
跳板函数sub_4C74保存在 [X19- 0xF8],即虚拟寄存器 X7。
初始化时其它操作:
上述代码对应 虚拟寄存器 X0 = 0,虚拟寄存器 X31 = 0
上述代码对应 虚拟寄存器 X29 = X19 - 0x150(AND操作后,抹去最低 4 位,16 字节对齐,值变小了,所以是 X19 = 0x150)
上面的分析可以看出。初始化方式和前面的虚拟机函数一模一样,那么直接套用原来的方式即可反汇编字节码。
伪汇编代码:
这个虚拟函数的作用就是初始化 aes加密用的 key 和 iv。其中涉及到对函数 0x4BB8的调用,这个函数传入内存首地址,内存长 0x80,前 0x40是一个 sha512的值,后 0x40未初始化,以及传入了一个0x40的偏移,和一个 0x40长度。这个函数的逻辑分析完后,整个算法的逻辑也就清楚了。
上面代码的逻辑其实很简单,从 0xDF80 取二进制数据,从 0xDF40 取二进制数据,循环 40 次,每次取一个字节,异或运算后保存到了传入内存地址的后 40 字节里。
0xDF80定义如下:
0xDF40定义如下
vm 加密过程中只是调用外部函数完成加密,并没有在虚拟机中做每个字节的数据加密处理,因此不用完全还原虚拟机也可以调试出算法内容。但是这个虚拟机只是一个基础,tt 系列的参数签名算法中,在虚拟机环境做了更复杂的加密处理,并且指令的编码方式也更复杂。有了这个基础后,再分析tt 系列的其它加密算法就水到渠成了。
public static native byte[] ttEncrypt(byte[] bArr, int i);
public static native byte[] ttEncrypt(byte[] bArr, int i);
Interceptor.attach(addrRegisterNatives, { onEnter: function (args) {
console.log("[RegisterNatives] method_count:", args[3], DebugSymbol.fromAddress(this.returnAddress));
var env = args[0];
var java_class = args[1];
var class_name = Java.vm.tryGetEnv().getClassName(java_class);
var methods_ptr = ptr(args[2]);
var method_count = parseInt(args[3]);
for (var i = 0; i < method_count; i++) {
var name_ptr = Memory.readPointer(methods_ptr.add(i * Process.pointerSize * 3));
var sig_ptr = Memory.readPointer(methods_ptr.add(i * Process.pointerSize * 3 + Process.pointerSize));
var fnPtr_ptr = Memory.readPointer(methods_ptr.add(i * Process.pointerSize * 3 + Process.pointerSize * 2));
var name = Memory.readCString(name_ptr);
var sig = Memory.readCString(sig_ptr);
var find_module = Process.findModuleByAddress(fnPtr_ptr);
console.log("[RegisterNatives] java_class:", class_name, "name:", name, "sig:", sig, "fnPtr:", fnPtr_ptr, "module_name:", find_module.name, "module_base:", find_module.base, "offset:", ptr(fnPtr_ptr).sub(find_module.base));
}
},
onLeave: function (retval) { }
});Interceptor.attach(addrRegisterNatives, { onEnter: function (args) {
console.log("[RegisterNatives] method_count:", args[3], DebugSymbol.fromAddress(this.returnAddress));
var env = args[0];
var java_class = args[1];
var class_name = Java.vm.tryGetEnv().getClassName(java_class);
var methods_ptr = ptr(args[2]);
var method_count = parseInt(args[3]);
for (var i = 0; i < method_count; i++) {
var name_ptr = Memory.readPointer(methods_ptr.add(i * Process.pointerSize * 3));
var sig_ptr = Memory.readPointer(methods_ptr.add(i * Process.pointerSize * 3 + Process.pointerSize));
var fnPtr_ptr = Memory.readPointer(methods_ptr.add(i * Process.pointerSize * 3 + Process.pointerSize * 2));
var name = Memory.readCString(name_ptr);
var sig = Memory.readCString(sig_ptr);
var find_module = Process.findModuleByAddress(fnPtr_ptr);
console.log("[RegisterNatives] java_class:", class_name, "name:", name, "sig:", sig, "fnPtr:", fnPtr_ptr, "module_name:", find_module.name, "module_base:", find_module.base, "offset:", ptr(fnPtr_ptr).sub(find_module.base));
}
},
onLeave: function (retval) { }
});jbyteArray __fastcall sub_7D88(JNIEnv *env, jclass thiz, jbyteArray jarray, jint size)
{ unsigned __int64 v4; // x25
int v5; // w24
jbyteArray v6; // x19
JNIEnv *v7; // x20
JNIEnv *v8; // x23
jbyte *v9; // x21
__int64 v10; // x22
__int64 v11; // [xsp+0h] [xbp-50h]
__int64 v12; // [xsp+8h] [xbp-48h]
v4 = _ReadStatusReg(ARM64_SYSREG(3, 3, 13, 0, 2));
v5 = size;
v6 = jarray;
v7 = env;
v8 = 0LL;
v12 = *(_QWORD *)(v4 + 40);
if ( jarray && (signed int)size >= 1 )
{
env = (JNIEnv *)(*env)->GetByteArrayElements(env, jarray, 0LL);
v9 = (jbyte *)env;
if ( env )
{
v11 = v5 + 118;
v10 = malloc(v5 + 118);
if ( v10 )
{
sub_2BD4((__int64)v9, v5, v10, (__int64)&v11);
if ( v11 )
{
v8 = (JNIEnv *)((__int64 (__fastcall *)(JNIEnv *))(*v7)->NewByteArray)(v7);
((void (__fastcall *)(JNIEnv *, JNIEnv *, _QWORD, _QWORD, __int64))(*v7)->SetByteArrayRegion)(
v7,
v8,
0LL,
(unsigned int)v11,
v10);
}
else
{
v8 = 0LL;
}
((void (__fastcall *)(JNIEnv *, jbyteArray, jbyte *, _QWORD))(*v7)->ReleaseByteArrayElements)(v7, v6, v9, 0LL);
env = (JNIEnv *)free(v10);
}
else
{
env = (JNIEnv *)((__int64 (__fastcall *)(JNIEnv *, jbyteArray, jbyte *, _QWORD))(*v7)->ReleaseByteArrayElements)(
v7,
v6,
v9,
0LL);
v8 = 0LL;
}
}
else
{
v8 = 0LL;
}
}
if ( *(_QWORD *)(v4 + 40) == v12 )
env = v8;
return (jbyteArray)env;
}jbyteArray __fastcall sub_7D88(JNIEnv *env, jclass thiz, jbyteArray jarray, jint size)
{ unsigned __int64 v4; // x25
int v5; // w24
jbyteArray v6; // x19
JNIEnv *v7; // x20
JNIEnv *v8; // x23
jbyte *v9; // x21
__int64 v10; // x22
__int64 v11; // [xsp+0h] [xbp-50h]
__int64 v12; // [xsp+8h] [xbp-48h]
v4 = _ReadStatusReg(ARM64_SYSREG(3, 3, 13, 0, 2));
v5 = size;
v6 = jarray;
v7 = env;
v8 = 0LL;
v12 = *(_QWORD *)(v4 + 40);
if ( jarray && (signed int)size >= 1 )
{
env = (JNIEnv *)(*env)->GetByteArrayElements(env, jarray, 0LL);
v9 = (jbyte *)env;
if ( env )
{
v11 = v5 + 118;
v10 = malloc(v5 + 118);
if ( v10 )
{
sub_2BD4((__int64)v9, v5, v10, (__int64)&v11);
if ( v11 )
{
v8 = (JNIEnv *)((__int64 (__fastcall *)(JNIEnv *))(*v7)->NewByteArray)(v7);
((void (__fastcall *)(JNIEnv *, JNIEnv *, _QWORD, _QWORD, __int64))(*v7)->SetByteArrayRegion)(
v7,
v8,
0LL,
(unsigned int)v11,
v10);
}
else
{
v8 = 0LL;
}
((void (__fastcall *)(JNIEnv *, jbyteArray, jbyte *, _QWORD))(*v7)->ReleaseByteArrayElements)(v7, v6, v9, 0LL);
env = (JNIEnv *)free(v10);
}
else
{
env = (JNIEnv *)((__int64 (__fastcall *)(JNIEnv *, jbyteArray, jbyte *, _QWORD))(*v7)->ReleaseByteArrayElements)(
v7,
v6,
v9,
0LL);
v8 = 0LL;
}
}
else
{
v8 = 0LL;
}
}
if ( *(_QWORD *)(v4 + 40) == v12 )
env = v8;
return (jbyteArray)env;
}void __fastcall sub_2BD4(jbyte *a1, jsize a2, char *a3, int *a4)
{ unsigned __int64 v4; // x19
jbyte *v5; // [xsp+8h] [xbp-528h]
jsize v6; // [xsp+10h] [xbp-520h]
char *v7; // [xsp+18h] [xbp-518h]
int *v8; // [xsp+20h] [xbp-510h]
__int64 (__fastcall *v9)(__int64 (__fastcall *)(__int64), __int64); // [xsp+28h] [xbp-508h]
__int64 *v10; // [xsp+30h] [xbp-500h]
__int64 v11; // [xsp+510h] [xbp-20h]
__int64 v12; // [xsp+518h] [xbp-18h]
v4 = _ReadStatusReg(ARM64_SYSREG(3, 3, 13, 0, 2));
v12 = *(_QWORD *)(v4 + 40);
v5 = a1;
v6 = a2;
v7 = a3;
v8 = a4;
v9 = sub_2D1C;
v10 = &v11;
sub_2D28((unsigned int *)&unk_B2C0, (__int64)&v5, 0LL, (__int64)&off_21CE0, (__int64)&v9);
*(_QWORD *)(v4 + 40);
}void __fastcall sub_2BD4(jbyte *a1, jsize a2, char *a3, int *a4)
{ unsigned __int64 v4; // x19
jbyte *v5; // [xsp+8h] [xbp-528h]
jsize v6; // [xsp+10h] [xbp-520h]
char *v7; // [xsp+18h] [xbp-518h]
int *v8; // [xsp+20h] [xbp-510h]
__int64 (__fastcall *v9)(__int64 (__fastcall *)(__int64), __int64); // [xsp+28h] [xbp-508h]
__int64 *v10; // [xsp+30h] [xbp-500h]
__int64 v11; // [xsp+510h] [xbp-20h]
__int64 v12; // [xsp+518h] [xbp-18h]
v4 = _ReadStatusReg(ARM64_SYSREG(3, 3, 13, 0, 2));
v12 = *(_QWORD *)(v4 + 40);
v5 = a1;
v6 = a2;
v7 = a3;
v8 = a4;
v9 = sub_2D1C;
v10 = &v11;
sub_2D28((unsigned int *)&unk_B2C0, (__int64)&v5, 0LL, (__int64)&off_21CE0, (__int64)&v9);
*(_QWORD *)(v4 + 40);
}unsigned int *__fastcall sub_2D28(unsigned int *result, __int64 a2, __int64 a3, __int64 a4, __int64 a5)
{ __int64 v5; // x19
unsigned int *v6; // x20
unsigned int **v7; // x21
_QWORD *v8; // x4
_QWORD *v9; // x5
signed __int64 v10; // x1
unsigned __int64 *v11; // x6
unsigned __int64 *v12; // x7
unsigned int v13; // w12
unsigned int v14; // w16
unsigned int v15; // w15
unsigned int v16; // w14
unsigned int v17; // w10
unsigned int v18; // w11
unsigned __int64 v19; // x9
__int64 v20; // x8
unsigned int v21; // w13
unsigned int v22; // w18
unsigned int v23; // w17
__int64 v24; // x11
bool v25; // zf
int v26; // w11
signed __int64 v27; // x8
signed int v28; // w10
unsigned int *v29; // x11
unsigned int v30; // w13
unsigned int *v31; // x9
signed __int64 v32; // x8
signed int v33; // w11
signed int v34; // w9
unsigned __int64 v35; // x9
_QWORD *v36; // x10
__int64 v37; // x11
char v38; // w9
unsigned __int64 v39; // x8
unsigned __int64 v40; // x9
int v41; // w11
int v42; // w10
int v43; // w11
int v44; // w10
int v45; // w8
int v46; // w12
signed __int64 v47; // x9
unsigned int *v48; // x10
signed __int64 v49; // x12
signed __int64 v50; // x10
_BOOL4 v51; // w11
bool v52; // nf
signed int v53; // w8
_BOOL4 v54; // w9
signed int v55; // w10
int v56; // w13
unsigned int v57; // w10
unsigned __int64 v58; // t2
int v59; // w10
int v60; // w11
unsigned int *v61; // x13
signed __int64 v62; // x11
signed int v63; // w9
signed __int64 v64; // x8
signed int v65; // w11
signed int v66; // w9
unsigned int v67; // w11
unsigned __int64 v68; // t2
int v69; // w10
unsigned int v70; // w11
unsigned int v71; // w12
__int64 v72; // x9
__int64 v73; // x8
int v74; // w13
unsigned __int64 v75; // t2
int v76; // w11
__int64 v77; // x11
char v78; // w9
_DWORD *v79; // x10
int v80; // w11
char v81; // w9
int v82; // w8
unsigned int v83; // w9
int v84; // w11
char v85; // w9
signed int v86; // w12
unsigned __int8 v87; // vf
_BOOL4 v88; // w13
int v89; // w11
signed __int64 v90; // x8
_BOOL4 v91; // w13
int v92; // w11
signed __int64 v93; // x9
__int64 v94; // x9
unsigned __int64 v95; // x8
unsigned __int64 v96; // x10
int v97; // w9
signed __int64 v98; // x9
signed int v99; // w8
unsigned __int64 v100; // x9
unsigned __int64 v101; // x8
unsigned __int64 v102; // x10
int v103; // w9
unsigned int v104; // w8
int v105; // w10
int v106; // w9
signed __int64 v107; // x9
__int64 v108; // x8
signed __int64 v109; // x9
unsigned __int64 v110; // x8
int v111; // w11
__int64 v112; // x8
int v113; // w11
signed __int64 v114; // x11
int v115; // w8
signed __int64 v116; // x9
__int64 v117; // x8
unsigned int v118; // w11
unsigned int v119; // w12
__int64 v120; // x9
__int64 v121; // x8
unsigned __int64 v122; // x8
unsigned __int64 v123; // x9
unsigned __int64 v124; // x8
_QWORD *v125; // x24
_QWORD *v126; // x26
unsigned __int64 *v127; // ST08_8
unsigned __int64 *v128; // x23
signed int v129; // w12
_BOOL4 v130; // w13
int v131; // w11
signed __int64 v132; // x8
unsigned __int64 v133; // x8
unsigned __int64 v134; // x8
bool v135; // cf
_QWORD *v136; // x8
unsigned int *v137; // x8
__int64 v138; // x9
__int64 v139; // x8
unsigned int *v140; // x13
signed __int64 v141; // x8
signed __int64 v142; // x9
signed int v143; // w12
signed int v144; // w10
__int64 v145; // x9
__int64 v146; // x8
signed __int64 v147; // x9
__int64 v148; // x8
__int64 v149; // x8
signed int v150; // w11
unsigned int *v151; // x8
_BOOL4 v152; // w13
int v153; // w12
signed __int64 v154; // x9
v6 = *(unsigned int **)a5;
v5 = *(_QWORD *)(a5 + 8);
*(_QWORD *)(v5 - 56) = 0LL;
*(_QWORD *)(v5 - 304) = 0LL;
v7 = (unsigned int **)(v5 - 312);
v8 = (_QWORD *)(v5 - 272);
v9 = (_QWORD *)(v5 - 264);
*(_QWORD *)(v5 - 72) = (v5 - 328) & 0xFFFFFFFFFFFFFFF0LL;
*(_QWORD *)(v5 - 32) = 0LL;
*(_QWORD *)(v5 - 272) = a2;
*(_QWORD *)(v5 - 264) = a3;
*(_QWORD *)(v5 - 256) = a4;
*(_QWORD *)(v5 - 248) = v6;
*(_QWORD *)(v5 - 312) = result;
*(_QWORD *)(v5 - 8) = result;
if ( result )
{
v10 = 0LL;
v11 = (unsigned __int64 *)(v5 - 40);
v12 = (unsigned __int64 *)(v5 - 48);
while ( 1 )
{
v13 = *result;
if ( v10 == 2 )
{
v10 = 3LL;
*(_QWORD *)(v5 - 32) = 3LL;
}
v14 = v13 & 0x10000000;
v15 = v13 & 0x20000000;
v16 = v13 & 0x40000000;
v17 = (v13 >> 11) & 2 | (v13 >> 31) | (v13 >> 11) & 4 | (v13 >> 11) & 8 | (v13 >> 11) & 0x10;
v18 = ((v13 & 0x10000000) >> 26) & 0xFFFFFFFC | (v13 >> 26) & 3 | ((v13 & 0x20000000) >> 26);
v19 = (v13 >> 21) & 0x1F;
v20 = (v13 >> 16) & 0x1F;
LABEL_7: v21 = v13 & 0x80000000;
v22 = v13 & 0x4000000;
while ( 2 )
{
v23 = v13 & 0x8000000;
v24 = v18 | (v16 >> 26);
switch ( v17 )
{
case 0u:
case 2u:
case 8u:
case 0x12u:
case 0x1Fu:
case 0x21u:
case 0x22u:
case 0x27u:
case 0x2Bu:
case 0x30u:
case 0x31u:
case 0x33u:
case 0x37u:
v25 = v17 == 55;
if ( v17 <= 0x37 )
{
v26 = (v13 >> 6) & 0x3F;
v13 = (unsigned __int16)(v13 & 0xF000) | (v22 >> 20);
v18 = v13 | v26 | (v23 >> 20) | (v14 >> 20) | (v15 >> 20) | (v16 >> 20) | (v21 >> 20);
v19 = (unsigned __int64)v7[(unsigned int)v19 + 1] + (signed __int16)v18;
switch ( v13 )
{
case 0u:
v19 = *(signed __int16 *)v19;
goto LABEL_236;
case 2u:
v19 = *(_QWORD *)v19;
goto LABEL_236;
case 8u:
v19 = *(char *)v19;
goto LABEL_236;
case 0x12u:
v27 = (signed __int64)&v7[(unsigned int)v20];
v19 = *(_DWORD *)(v27 + 8) & (unsigned int)(-1 << (32 - 8 * (v19 & 3))) | (*(_DWORD *)(v19 & 0xFFFFFFFFFFFFFFFCLL) >> 8 * (v19 & 3));
goto LABEL_237;
case 0x21u:
v19 = *(unsigned __int8 *)v19;
goto LABEL_236;
case 0x22u:
v27 = (signed __int64)&v7[(unsigned int)v20];
v19 = *(_QWORD *)(v27 + 8) & (-1LL << (64 - 8 * ((unsigned __int8)v19 & 7u))) | (*(_QWORD *)(v19 & 0xFFFFFFFFFFFFFFF8LL) >> 8 * ((unsigned __int8)v19 & 7u));
goto LABEL_237;
case 0x27u:
case 0x31u:
v27 = (signed __int64)&v7[(unsigned int)v20];
v19 = *(_QWORD *)(v27 + 8) & (0xFFFFFFFFFFFFFFuLL >> 8 * ((unsigned __int8)v19 & 7u)) | (*(_QWORD *)(v19 & 0xFFFFFFFFFFFFFFF8LL) << (56 - 8 * ((unsigned __int8)v19 & 7u)));
goto LABEL_237;
case 0x2Bu:
v19 = *(signed int *)v19;
goto LABEL_236;
case 0x30u:
v19 = *(unsigned __int16 *)v19;
goto LABEL_236;
case 0x33u:
v19 = *(unsigned int *)v19;
goto LABEL_236;
case 0x37u:
v27 = (signed __int64)&v7[(unsigned int)v20];
v19 = *(_DWORD *)(v27 + 8) & (0xFFFFFFu >> 8 * (v19 & 3)) | (*(_DWORD *)(v19 & 0xFFFFFFFFFFFFFFFCLL) << (24 - 8 * (v19 & 3)));
goto LABEL_237;
case 0x38u:
continue;
case 0x39u:
case 0x3Bu:
case 0x3Cu:
case 0x3Du:
case 0x3Eu:
case 0x3Fu:
goto LABEL_218;
case 0x3Au:
goto LABEL_7;
default:
goto def_4104;
}
}
goto def_4104;
case 3u:
case 5u:
case 0xFu:
case 0x1Au:
case 0x2Cu:
case 0x2Du:
case 0x3Au:
case 0x3Fu:
if ( !v10 )
{
v28 = 0;
v29 = 0LL;
v30 = (signed int)((v13 & 0xF000 | (v22 >> 20) | (v13 >> 6) & 0x3F | (v23 >> 20) | (v14 >> 20) | (v15 >> 20) | (v16 >> 20) | (v21 >> 20)) << 16) >> 14;
switch ( v13 & 0x3F )
{
case 3u:
case 0x1Au:
case 0x2Du:
case 0x3Fu:
goto LABEL_15;
case 5u:
case 0xFu:
case 0x2Cu:
case 0x3Au:
v29 = v7[(unsigned int)v20 + 1];
LABEL_15: v31 = v7[(unsigned int)v19 + 1];
v32 = (signed __int64)result + (signed int)(v30 + 4);
switch ( (_DWORD)v32 )
{
case 0:
if ( (signed __int64)v31 <= 0 )
goto LABEL_112;
goto LABEL_17;
case 2:
if ( v31 == v29 )
goto LABEL_112;
goto LABEL_17;
case 0xC:
if ( v31 == v29 )
goto LABEL_17;
goto LABEL_112;
case 0x17:
v25 = v31 == 0LL;
v52 = (signed __int64)v31 < 0;
v34 = 1;
if ( !v52 && !v25 )
goto LABEL_109;
goto LABEL_113;
case 0x29:
v25 = v31 == v29;
v34 = 1;
if ( !v25 )
goto LABEL_113;
goto LABEL_109;
case 0x2A:
v87 = __OFSUB__(v31, 1LL);
v52 = (signed __int64)v31 - 1 < 0;
v34 = 1;
if ( !(v52 ^ v87) )
goto LABEL_113;
goto LABEL_109;
case 0x37:
v25 = v31 == v29;
v34 = 1;
if ( v25 )
goto LABEL_113;
LABEL_109: v33 = 0;
goto LABEL_110;
case 0x3C:
if ( (signed __int64)v31 < 1 )
{
LABEL_17: v33 = 0;
v34 = 0;
LABEL_110: v28 = 0;
v86 = 1;
}
else
{
LABEL_112: v34 = 0;
LABEL_113: v86 = 0;
v28 = 0;
v32 = (signed __int64)(result + 2);
v33 = 1;
}
goto LABEL_114;
default:
goto def_4104;
}
goto def_4104;
case 0x11u:
v28 = 31;
goto LABEL_95;
case 0x2Au:
LABEL_95: v33 = 0;
v34 = 0;
v86 = 1;
v32 = *(_QWORD *)(v5 - 8) + v30;
LABEL_114: v88 = v34 != 0;
v89 = v33 & v88;
*(_QWORD *)(v5 - 24) = v32;
if ( v89 & 1 || !v34 || v86 & v88 )
{
v90 = 1LL;
if ( !v89 )
v90 = 2LL;
*(_QWORD *)(v5 - 32) = v90;
}
goto LABEL_120;
default:
goto def_4104;
}
}
goto def_4104;
case 4u:
case 0x20u:
case 0x38u:
case 0x3Eu:
v41 = v13 & 0x3F;
v42 = v13 & 0xF000 | (v22 >> 20) | (v13 >> 6) & 0x3F | (v23 >> 20) | (v14 >> 20) | (v15 >> 20) | (v16 >> 20) | (v21 >> 20);
if ( v41 > 55 )
{
if ( v41 == 56 )
{
*(_QWORD *)(v5 - 304 + 8LL * (unsigned int)v20) = *(_QWORD *)(v5 - 304 + 8LL * (unsigned int)v19) ^ (unsigned __int16)v42;
}
else if ( v41 == 62 )
{
*(_QWORD *)(v5 - 304 + 8LL * (unsigned int)v20) = *(_QWORD *)(v5 - 304 + 8LL * (unsigned int)v19) | (unsigned __int16)v42;
}
}
else
{
if ( v41 == 4 )
{
LODWORD(v19) = (v13 & 0xF000 | (v22 >> 20) | (v13 >> 6) & 0x3F | (v23 >> 20) | (v14 >> 20) | (v15 >> 20) | (v16 >> 20) | (v21 >> 20)) << 16;
goto LABEL_92;
}
if ( v41 == 32 )
*(_QWORD *)(v5 - 304 + 8LL * (unsigned int)v20) = *(_QWORD *)(v5 - 304 + 8LL * (unsigned int)v19) & (unsigned __int16)v42;
}
goto def_4104;
case 0xAu:
case 0xBu:
case 0xEu:
case 0x14u:
case 0x16u:
case 0x24u:
case 0x36u:
case 0x3Bu:
v35 = (unsigned __int64)v7[(unsigned int)v19 + 1]
+ (v13 & 0xF000 | (v22 >> 20) | (v13 >> 6) & 0x3F | (v23 >> 20) | (v14 >> 20) | (v15 >> 20) | (v16 >> 20) | (v21 >> 20));
switch ( v13 & 0x3F )
{
case 0xAu:
v36 = (_QWORD *)(v35 & 0xFFFFFFFFFFFFFFF8LL);
v37 = *(_QWORD *)(v35 & 0xFFFFFFFFFFFFFFF8LL);
v38 = 8 * (v35 & 7);
v39 = (unsigned __int64)v7[(unsigned int)v20 + 1] >> (56 - v38);
v40 = v37 & (-256LL << v38);
goto LABEL_83;
case 0xBu:
v36 = (_QWORD *)(v35 & 0xFFFFFFFFFFFFFFF8LL);
v77 = *(_QWORD *)(v35 & 0xFFFFFFFFFFFFFFF8LL);
v78 = 8 * (v35 & 7);
v39 = (_QWORD)v7[(unsigned int)v20 + 1] << v78;
v40 = v77 & (0xFFFFFFFFFFFFFFFFLL >> (64 - v78));
LABEL_83: *v36 = v40 | v39;
goto def_4104;
case 0xEu:
*(_BYTE *)v35 = v7[(unsigned int)v20 + 1];
goto def_4104;
case 0x14u:
*(_WORD *)v35 = v7[(unsigned int)v20 + 1];
goto def_4104;
case 0x16u:
v79 = (_DWORD *)(v35 & 0xFFFFFFFFFFFFFFFCLL);
v80 = *(_DWORD *)(v35 & 0xFFFFFFFFFFFFFFFCLL);
v81 = 8 * (v35 & 3);
v82 = LODWORD(v7[(unsigned int)v20 + 1]) >> (24 - v81);
v83 = v80 & (-256 << v81);
goto LABEL_88;
case 0x24u:
v79 = (_DWORD *)(v35 & 0xFFFFFFFFFFFFFFFCLL);
v84 = *(_DWORD *)(v35 & 0xFFFFFFFFFFFFFFFCLL);
v85 = 8 * (v35 & 3);
v82 = LODWORD(v7[(unsigned int)v20 + 1]) << v85;
v83 = v84 & (0xFFFFFFFF >> (32 - v85));
LABEL_88: *v79 = v83 | v82;
break;
case 0x36u:
*(_DWORD *)v35 = v7[(unsigned int)v20 + 1];
break;
case 0x3Bu:
*(_QWORD *)v35 = v7[(unsigned int)v20 + 1];
break;
default:
goto def_4104;
}
goto def_4104;
case 0xDu:
case 0x15u:
case 0x1Bu:
case 0x28u:
v43 = v13 & 0x3F;
v44 = v13 & 0xF000 | (v22 >> 20) | (v13 >> 6) & 0x3F | (v23 >> 20) | (v14 >> 20) | (v15 >> 20) | (v16 >> 20) | (v21 >> 20);
if ( v43 == 13 || v43 == 40 )
{
*(_QWORD *)(v5 - 304 + 8LL * (unsigned int)v20) = *(_QWORD *)(v5 - 304 + 8LL * (unsigned int)v19)
+ (signed __int16)v44;
}
else if ( v43 == 21 )
{
*(_QWORD *)(v5 - 304 + 8LL * (unsigned int)v20) = *(signed int *)(v5 - 304 + 8 * v19)
+ (signed __int64)(signed __int16)v44;
}
goto def_4104;
case 0x10u:
v56 = v13 & 0xFFF;
if ( v56 > 2639 )
{
if ( v56 > 3727 )
{
if ( v56 != 3728 )
{
if ( v56 == 3792 )
{
LODWORD(v24) = v24 | 0x20;
}
else
{
if ( v56 != 3984 )
goto def_4104;
v17 |= 0x20u;
}
}
if ( (signed int)(v24 + v17) <= 63 )
{
v19 = (unsigned __int64)v7[(unsigned int)v19 + 1];
if ( v17 != 63 )
v19 = (v19 >> v24) & ~(-1LL << ((unsigned __int8)v17 + 1));
LABEL_236: v27 = (signed __int64)&v7[(unsigned int)v20];
LABEL_237: *(_QWORD *)(v27 + 8) = v19;
goto def_4104;
}
goto def_4104;
}
if ( v56 != 2640 )
{
if ( v56 == 2768 && v17 >= (unsigned int)v24 )
*(_QWORD *)(v5 - 304 + 8 * v20) = *(_DWORD *)(v5 - 304 + 8 * v20) & (-1 << v17) | ((*(_DWORD *)(v5 - 304 + 8 * v19) & ~(-1 << (1 - v24 + v17))) << v24) | *(_DWORD *)(v5 - 304 + 8 * v20) & ~(-1 << v24);
goto def_4104;
}
}
else
{
if ( v56 > 655 )
{
if ( v56 != 656 && v56 != 1680 )
{
if ( v56 != 2256 )
goto def_4104;
goto LABEL_163;
}
v97 = v13 & 0x7C000FFF;
if ( (signed int)(v13 & 0x7C000FFF) <= 1275069071 )
{
if ( v97 == 201328272 )
{
v134 = *(_QWORD *)(v5 - 304 + 8LL * (unsigned int)v20);
*(_QWORD *)(v5 - 304 + 8LL * v17) = __ROR8__(
(v134 << 16) & 0xFFFF0000FFFF0000LL | (v134 >> 16) & 0xFFFF0000FFFFLL,
32);
}
else if ( v97 == 939524752 )
{
*(_QWORD *)(v5 - 304 + 8LL * v17) = *(char *)(v5 - 304 + 8 * v20);
}
goto def_4104;
}
if ( v97 == 1275069072 )
{
*(_QWORD *)(v5 - 304 + 8LL * v17) = *(signed __int16 *)(v5 - 304 + 8 * v20);
goto def_4104;
}
if ( v97 == 1409287824 )
{
v133 = *(_QWORD *)(v5 - 304 + 8LL * (unsigned int)v20);
*(_QWORD *)(v5 - 304 + 8LL * v17) = (v133 << 8) & 0xFF00FF00FF00FF00LL | (v133 >> 8) & 0xFF00FF00FF00FFLL;
goto def_4104;
}
if ( v97 != 1946157712 )
goto def_4104;
v98 = v5 - 304;
v99 = (*(_DWORD *)(v5 - 304 + 8 * v20) << 8) & 0xFF00FF00 | (*(_DWORD *)(v5 - 304 + 8 * v20) >> 8) & 0xFF00FF;
goto LABEL_372;
}
if ( v56 == 16 )
{
if ( v17 + (unsigned int)v24 > 0x1F )
goto def_4104;
LODWORD(v19) = v7[(unsigned int)v19 + 1];
if ( v17 != 31 )
LODWORD(v19) = ((unsigned int)v19 >> v24) & ~(-2 << v17);
LABEL_92: v19 = (signed int)v19;
goto LABEL_236;
}
if ( v56 != 144 )
goto def_4104;
LODWORD(v24) = v24 | 0x20;
LABEL_163: v17 |= 0x20u;
}
if ( (signed int)v17 >= (signed int)v24 )
*(_QWORD *)(v5 - 304 + 8 * v20) = *(_QWORD *)(v5 - 304 + 8 * v20) & (-1LL << v17) | ((*(_QWORD *)(v5 - 304 + 8LL * (unsigned int)v19) & ~(-1LL << ((unsigned __int8)v17 + 1 - (unsigned __int8)v24))) << v24) | *(_QWORD *)(v5 - 304 + 8 * v20) & ~(-1LL << v24);
goto def_4104;
case 0x11u:
case 0x2Au:
if ( v10 )
goto def_4104;
v45 = v13 & 0x3F;
v46 = v13 & 0x3FFF000 | (v22 >> 20) | (v13 >> 6) & 0x3F | (v23 >> 20) | (v14 >> 20) | (v15 >> 20) | (v16 >> 20) | (v21 >> 20);
if ( v45 == 17 )
{
v53 = 31;
LABEL_129: v51 = 0;
v55 = 0;
v49 = *(_QWORD *)(v5 - 8) + (unsigned int)(v46 * 4);
v54 = 1;
goto LABEL_130;
}
if ( v45 == 42 )
{
v53 = 0;
goto LABEL_129;
}
if ( v45 != 26 )
goto def_4104;
v47 = (signed __int64)v7[(unsigned int)v19 + 1];
v48 = &result[v46];
v49 = (signed __int64)(result + 2);
v50 = (signed __int64)(v48 + 1);
v51 = v47 < 1;
v25 = v47 == 0;
v52 = v47 < 0;
v53 = 0;
v54 = v47 > 0;
if ( !v52 && !v25 )
v49 = v50;
v55 = 1;
LABEL_130: v91 = v55 != 0;
v92 = v51 && v91;
*(_QWORD *)(v5 - 24) = v49;
if ( v92 & 1 || !v55 || v54 && v91 )
{
v93 = 1LL;
if ( !v92 )
v93 = 2LL;
*(_QWORD *)(v5 - 32) = v93;
}
LABEL_136: if ( v53 >= 1 )
{
LABEL_137: v7[v53 + 1] = result + 2;
*(_QWORD *)(v5 - 16) = result + 2;
}
goto def_4104;
case 0x17u:
LODWORD(v20) = v13 & 0x1F003F;
HIDWORD(v58) = (v13 & 0x1F003F) - 65559;
LODWORD(v58) = (v13 & 0x1F003F) - 65559;
v57 = v58 >> 16;
if ( v57 > 0x1A || !((1 << v57) & 0x4842861) || v10 )
goto def_4104;
v59 = v13 & 0x1F003F;
v13 = (signed int)((v13 & 0xF000 | (v22 >> 20) | (v13 >> 6) & 0x3F | (v23 >> 20) | (v14 >> 20) | (v15 >> 20) | (v16 >> 20) | (v21 >> 20)) << 16) >> 14;
if ( (signed int)(v20 & 0x1FFFFF) <= 65558 )
{
v60 = v59 - 3;
v28 = 0;
v61 = result;
switch ( v60 )
{
case 0:
case 23:
case 42:
case 60:
goto LABEL_50;
case 2:
case 12:
case 41:
case 55:
goto LABEL_51;
case 14:
v28 = 31;
goto LABEL_279;
case 39:
LABEL_279: v65 = 0;
v66 = 0;
v64 = *(_QWORD *)(v5 - 8) + v13;
goto LABEL_290;
default:
goto def_4104;
}
goto def_4104;
}
if ( v59 > 917526 )
{
if ( v59 > 1572886 )
{
if ( v59 != 1769495 )
{
v25 = v59 == 1572887;
LABEL_218: if ( !v25 )
goto def_4104;
}
}
else if ( v59 != 917527 && v59 != 1245207 )
{
goto def_4104;
}
}
else if ( v59 > 458774 )
{
if ( v59 != 458775 && v59 != 786455 )
goto def_4104;
}
else if ( v59 != 65559 && v59 != 393239 )
{
goto def_4104;
}
LABEL_50: v61 = 0LL;
LABEL_51: v62 = (signed __int64)v7[(unsigned int)v19 + 1];
v63 = v20 & 0x1FFFFF;
v64 = (signed __int64)result + (signed int)(v13 + 4);
if ( v63 > 65558 )
{
if ( v63 > 917526 )
{
if ( v63 > 1572886 )
{
if ( v63 == 1572887 )
{
v66 = 1;
if ( v62 & 0x8000000000000000LL )
goto LABEL_294;
goto LABEL_288;
}
if ( v63 == 1769495 )
{
v28 = 31;
v66 = 1;
if ( v62 & 0x8000000000000000LL )
{
LABEL_311: v65 = 0;
LABEL_290: v129 = 1;
LABEL_301: v130 = v66 != 0;
v131 = v65 & v130;
*(_QWORD *)(v5 - 24) = v64;
if ( !(v131 & 1) && v66 && !(v129 & v130) )
{
LABEL_120: if ( v28 < 1 )
goto def_4104;
LABEL_121: v7[v28 + 1] = result + 2;
*(_QWORD *)(v5 - 16) = result + 2;
goto def_4104;
}
v132 = 1LL;
if ( !v131 )
v132 = 2LL;
*(_QWORD *)(v5 - 32) = v132;
if ( v28 >= 1 )
goto LABEL_121;
goto def_4104;
}
goto LABEL_300;
}
}
else
{
if ( v63 == 917527 )
{
v28 = 31;
v66 = 1;
if ( !(v62 & 0x8000000000000000LL) )
goto LABEL_311;
goto LABEL_300;
}
if ( v63 == 1245207 )
{
if ( v62 & 0x8000000000000000LL )
{
LABEL_298: v28 = 0;
LABEL_299: v66 = 0;
LABEL_300: v129 = 0;
v64 = (signed __int64)(result + 2);
v65 = 1;
goto LABEL_301;
}
LABEL_54: v65 = 0;
v66 = 0;
LABEL_289: v28 = 0;
goto LABEL_290;
}
}
}
else if ( v63 > 458774 )
{
if ( v63 == 458775 )
{
v66 = 1;
if ( !(v62 & 0x8000000000000000LL) )
{
LABEL_294: v28 = 0;
goto LABEL_300;
}
LABEL_288: v65 = 0;
goto LABEL_289;
}
if ( v63 == 786455 )
{
v28 = 31;
if ( v62 & 0x8000000000000000LL )
goto LABEL_299;
LABEL_227: v65 = 0;
v66 = 0;
goto LABEL_290;
}
}
else
{
if ( v63 == 65559 )
{
if ( !(v62 & 0x8000000000000000LL) )
goto LABEL_298;
goto LABEL_54;
}
if ( v63 == 393239 )
{
v28 = 31;
if ( !(v62 & 0x8000000000000000LL) )
goto LABEL_299;
goto LABEL_227;
}
}
}
else
{
switch ( v63 )
{
case 3:
if ( v62 > 0 )
goto LABEL_54;
goto LABEL_298;
case 5:
if ( (unsigned int *)v62 == v61 )
goto LABEL_298;
goto LABEL_54;
case 15:
if ( (unsigned int *)v62 != v61 )
goto LABEL_298;
goto LABEL_54;
case 26:
v66 = 1;
if ( v62 > 0 )
goto LABEL_288;
goto LABEL_294;
case 44:
v66 = 1;
if ( (unsigned int *)v62 != v61 )
goto LABEL_294;
goto LABEL_288;
case 45:
v66 = 1;
if ( v62 >= 1 )
goto LABEL_294;
goto LABEL_288;
case 58:
v66 = 1;
if ( (unsigned int *)v62 != v61 )
goto LABEL_288;
goto LABEL_294;
case 63:
if ( v62 >= 1 )
goto LABEL_298;
goto LABEL_54;
default:
goto def_4104;
}
}
goto def_4104;
case 0x23u:
*(_QWORD *)(v5 - 304 + 8LL * (unsigned int)v20) = *(_QWORD *)(v5 - 304 + 8LL * (unsigned int)v19) < (unsigned __int64)(signed __int16)(v13 & 0xF000 | (v22 >> 20) | (v13 >> 6) & 0x3F | (v23 >> 20) | (v14 >> 20) | (v15 >> 20) | (v16 >> 20) | (v21 >> 20));
goto def_4104;
case 0x29u:
HIDWORD(v68) = (v13 & 0xFFF) - 425;
LODWORD(v68) = (v13 & 0xFFF) - 425;
v67 = v68 >> 6;
if ( v67 > 0x1A )
goto def_4104;
if ( !((1 << v67) & 0x4000032) )
{
if ( v67 != 2 )
goto def_4104;
v76 = v13 & 0xFFF;
if ( v76 > 2158 )
{
if ( v76 > 2542 )
{
LABEL_67: if ( v76 == 2543 )
goto LABEL_159;
if ( v76 == 2671 )
goto LABEL_250;
if ( v76 != 3375 )
goto def_4104;
LABEL_256: v114 = v5 - 304;
v115 = *(_DWORD *)(v5 - 304 + 8 * v20) + *(_DWORD *)(v5 - 304 + 8 * v19);
}
else
{
LABEL_157: if ( v76 != 2159 )
{
if ( v76 != 2415 )
goto def_4104;
LABEL_159: *(_QWORD *)(v5 - 304 + 8LL * v17) = *(_QWORD *)(v5 - 304 + 8LL * (unsigned int)v20)
+ *(_QWORD *)(v5 - 304 + 8LL * (unsigned int)v19);
goto def_4104;
}
LABEL_250: v114 = v5 - 304;
v115 = *(_DWORD *)(v5 - 304 + 8 * v19) - *(_DWORD *)(v5 - 304 + 8 * v20);
}
LABEL_257: *(_QWORD *)(v114 + 8LL * v17) = v115;
goto def_4104;
}
if ( v76 > 942 )
{
LABEL_258: if ( v76 == 943 || v76 == 1775 )
*(_QWORD *)(v5 - 304 + 8LL * v17) = *(_QWORD *)(v5 - 304 + 8LL * (unsigned int)v19)
- *(_QWORD *)(v5 - 304 + 8LL * (unsigned int)v20);
}
else
{
if ( v76 == 495 )
goto LABEL_256;
LABEL_222: if ( v76 == 553 )
*(_QWORD *)(v5 - 304 + 8LL * v17) = *(signed int *)(v5 - 304 + 8 * v20)
* (signed __int64)*(signed int *)(v5 - 304 + 8 * v19);
}
goto def_4104;
}
v69 = v13 & 0xFFF;
if ( v69 <= 1902 )
{
if ( v69 > 744 )
{
if ( v69 != 745 )
{
if ( v69 == 1327 )
goto LABEL_389;
if ( v69 != 1839 )
goto def_4104;
LABEL_187: v100 = *(_QWORD *)(v5 - 304 + 8LL * (unsigned int)v19);
v101 = *(_QWORD *)(v5 - 304 + 8LL * (unsigned int)v20);
v102 = (unsigned __int128)((signed __int64)v101 * (signed __int128)(signed __int64)v100) >> 64;
LABEL_403: *v12 = v101 * v100;
*v11 = v102;
goto def_4104;
}
v118 = *(_DWORD *)v11;
v119 = *(_DWORD *)v12;
v120 = *(signed int *)(v5 - 304 + 8 * v19);
v121 = *(signed int *)(v5 - 304 + 8 * v20);
}
else
{
if ( v69 == 431 )
goto LABEL_391;
if ( v69 != 489 )
{
if ( v69 != 681 )
goto def_4104;
v70 = *(_DWORD *)v11;
v71 = *(_DWORD *)v12;
v72 = *(unsigned int *)(v5 - 304 + 8 * v19);
v73 = *(unsigned int *)(v5 - 304 + 8 * v20);
goto LABEL_274;
}
v118 = *(_DWORD *)v11;
v119 = *(_DWORD *)v12;
v120 = *(unsigned int *)(v5 - 304 + 8 * v19);
v121 = *(unsigned int *)(v5 - 304 + 8 * v20);
}
v122 = (v119 | ((unsigned __int64)v118 << 32)) - v121 * v120;
LABEL_277: v123 = (unsigned int)v122;
v124 = v122 >> 32;
LABEL_393: *v12 = v123;
*v11 = v124;
goto def_4104;
}
if ( v69 <= 2350 )
{
if ( v69 == 1903 )
goto LABEL_402;
if ( v69 != 2089 )
{
if ( v69 != 2223 )
goto def_4104;
goto LABEL_153;
}
v70 = *(_DWORD *)v11;
v71 = *(_DWORD *)v12;
v72 = *(signed int *)(v5 - 304 + 8 * v19);
v73 = *(signed int *)(v5 - 304 + 8 * v20);
LABEL_274: v122 = (v71 | ((unsigned __int64)v70 << 32)) + v73 * v72;
goto LABEL_277;
}
if ( v69 == 2351 )
goto LABEL_328;
if ( v69 == 2863 )
goto LABEL_397;
if ( v69 != 3503 )
goto def_4104;
goto LABEL_191;
case 0x2Fu:
v74 = v13 & 0xFFF;
HIDWORD(v75) = v74 - 111;
LODWORD(v75) = v74 - 111;
switch ( (unsigned int)(v75 >> 6) )
{
case 0u:
case 3u:
case 9u:
case 0xFu:
case 0x2Eu:
case 0x3Du:
goto def_4104;
case 1u:
case 0xBu:
case 0x34u:
v113 = v13 & 0x4000FFF;
if ( (v13 & 0x4000FFF) == 67109679 )
v74 = 67109679;
goto LABEL_336;
case 2u:
v135 = *(_QWORD *)(v5 - 304 + 8LL * (unsigned int)v19) >= *(_QWORD *)(v5 - 304 + 8LL * (unsigned int)v20);
v136 = (_QWORD *)(v5 - 304 + 8LL * v17);
if ( !v135 )
goto LABEL_355;
goto LABEL_321;
case 6u:
case 0xDu:
case 0x1Au:
case 0x20u:
case 0x24u:
case 0x26u:
case 0x28u:
case 0x33u:
v76 = v13 & 0xFFF;
if ( v76 > 2158 )
{
if ( v76 <= 2542 )
goto LABEL_157;
goto LABEL_67;
}
if ( v76 > 942 )
goto LABEL_258;
if ( v76 != 495 )
goto LABEL_222;
goto LABEL_256;
case 0xAu:
case 0x30u:
goto LABEL_198;
case 0xCu:
case 0x17u:
case 0x1Fu:
case 0x3Cu:
v111 = v13 & 0xFFF;
if ( v111 > 2094 )
{
if ( v111 == 2095 )
{
*(_QWORD *)(v5 - 304 + 8LL * v17) = ~(*(_QWORD *)(v5 - 304 + 8LL * (unsigned int)v20) | *(_QWORD *)(v5 - 304 + 8LL * (unsigned int)v19));
}
else if ( v111 == 3951 )
{
*(_QWORD *)(v5 - 304 + 8LL * v17) = *(_QWORD *)(v5 - 304 + 8LL * (unsigned int)v20) & *(_QWORD *)(v5 - 304 + 8LL * (unsigned int)v19);
}
}
else if ( v111 == 879 )
{
*(_QWORD *)(v5 - 304 + 8LL * v17) = *(_QWORD *)(v5 - 304 + 8LL * (unsigned int)v20) ^ *(_QWORD *)(v5 - 304 + 8LL * (unsigned int)v19);
}
else if ( v111 == 1583 )
{
*(_QWORD *)(v5 - 304 + 8LL * v17) = *(_QWORD *)(v5 - 304 + 8LL * (unsigned int)v20) | *(_QWORD *)(v5 - 304 + 8LL * (unsigned int)v19);
}
goto def_4104;
case 0xEu:
case 0x10u:
case 0x22u:
case 0x2Cu:
case 0x31u:
v106 = v13 & 0x200FFF;
if ( (v13 & 0x200FFF) == 2099439 )
v74 = 2099439;
goto LABEL_194;
case 0x15u:
if ( v10 )
goto def_4104;
v53 = 0;
v140 = 0LL;
switch ( v13 & 0xFFF )
{
case 3u:
case 0x1Au:
case 0x2Du:
case 0x3Fu:
goto LABEL_332;
case 4u:
case 6u:
case 7u:
case 8u:
case 9u:
case 0xAu:
case 0xBu:
case 0xCu:
case 0xDu:
case 0xEu:
case 0x10u:
case 0x12u:
case 0x13u:
case 0x14u:
case 0x15u:
case 0x16u:
case 0x17u:
case 0x18u:
case 0x19u:
case 0x1Bu:
case 0x1Cu:
case 0x1Du:
case 0x1Eu:
case 0x1Fu:
case 0x20u:
case 0x21u:
case 0x22u:
case 0x23u:
case 0x24u:
case 0x25u:
case 0x26u:
case 0x27u:
case 0x28u:
case 0x29u:
case 0x2Bu:
case 0x2Eu:
case 0x2Fu:
case 0x30u:
case 0x31u:
case 0x32u:
case 0x33u:
case 0x34u:
case 0x35u:
case 0x36u:
case 0x37u:
case 0x38u:
case 0x39u:
case 0x3Bu:
case 0x3Cu:
case 0x3Du:
case 0x3Eu:
goto def_4104;
case 5u:
case 0xFu:
case 0x2Cu:
case 0x3Au:
v140 = v7[v17 + 1];
LABEL_332: v141 = (signed __int64)v7[(unsigned int)v19 + 1];
v142 = (signed __int64)result + (unsigned int)(v24 + 4);
switch ( (_DWORD)v141 )
{
case 0:
if ( v141 <= 0 )
goto LABEL_424;
goto LABEL_334;
case 2:
if ( (unsigned int *)v141 == v140 )
goto LABEL_424;
goto LABEL_334;
case 0xC:
if ( (unsigned int *)v141 == v140 )
goto LABEL_334;
goto LABEL_424;
case 0x17:
v144 = 1;
if ( v141 <= 0 )
goto LABEL_425;
goto LABEL_421;
case 0x29:
v144 = 1;
if ( (unsigned int *)v141 != v140 )
goto LABEL_425;
goto LABEL_421;
case 0x2A:
v144 = 1;
if ( v141 < 1 )
goto LABEL_421;
goto LABEL_425;
case 0x37:
v144 = 1;
if ( (unsigned int *)v141 == v140 )
goto LABEL_425;
LABEL_421: v143 = 0;
goto LABEL_422;
case 0x3C:
if ( v141 >= 1 )
{
LABEL_424: v144 = 0;
LABEL_425: v150 = 0;
v53 = 0;
v142 = (signed __int64)(result + 2);
v143 = 1;
goto LABEL_432;
}
LABEL_334: v143 = 0;
v144 = 0;
LABEL_422: v53 = 0;
break;
default:
goto def_4104;
}
goto LABEL_431;
case 0x11u:
v53 = 31;
break;
case 0x2Au:
break;
}
v143 = 0;
v144 = 0;
v142 = *(_QWORD *)(v5 - 8) + v24;
LABEL_431: v150 = 1;
LABEL_432: v152 = v144 != 0;
v153 = v143 & v152;
*(_QWORD *)(v5 - 24) = v142;
if ( !(v153 & 1) && v144 && !(v150 & v152) )
goto LABEL_136;
v154 = 1LL;
if ( !v153 )
v154 = 2LL;
*(_QWORD *)(v5 - 32) = v154;
if ( v53 >= 1 )
goto LABEL_137;
goto def_4104;
case 0x16u:
case 0x3Eu:
goto LABEL_338;
case 0x18u:
v113 = v13 & 0x4000FFF;
LABEL_336: if ( v113 == 67110511 )
v74 = 67110511;
LABEL_338: if ( v74 > 3438 )
{
if ( v74 > 67109678 )
{
if ( v74 == 67109679 )
{
*(_QWORD *)(v5 - 304 + 8LL * v17) = __ROR8__(
*(_QWORD *)(v5 - 304 + 8LL * (unsigned int)v20),
*(_BYTE *)(v5 - 304 + 8 * v19) & 0x3F);
goto def_4104;
}
if ( v74 != 67110511 )
goto def_4104;
v114 = v5 - 304;
v115 = __ROR4__(*(_DWORD *)(v5 - 304 + 8 * v20), *(_BYTE *)(v5 - 304 + 8 * v19) & 0x1F);
}
else
{
if ( v74 == 3439 )
{
*(_QWORD *)(v5 - 304 + 8LL * v17) = *(_QWORD *)(v5 - 304 + 8LL * (unsigned int)v20) << (*(_BYTE *)(v5 - 304 + 8LL * (unsigned int)v19) & 0x3F);
goto def_4104;
}
if ( v74 != 4079 )
goto def_4104;
v114 = v5 - 304;
v115 = *(_DWORD *)(v5 - 304 + 8 * v20) << (*(_BYTE *)(v5 - 304 + 8 * v19) & 0x1F);
}
}
else
{
if ( v74 <= 1518 )
{
if ( v74 == 175 )
{
*(_QWORD *)(v5 - 304 + 8LL * v17) = *(_QWORD *)(v5 - 304 + 8LL * (unsigned int)v20) >> (*(_BYTE *)(v5 - 304 + 8LL * (unsigned int)v19) & 0x3F);
}
else if ( v74 == 815 )
{
*(_QWORD *)(v5 - 304 + 8LL * v17) = *(_QWORD *)(v5 - 304 + 8LL * (unsigned int)v20) >> (*(_BYTE *)(v5 - 304 + 8LL * (unsigned int)v19) & 0x3F);
}
goto def_4104;
}
if ( v74 == 1519 )
{
v114 = v5 - 304;
v115 = *(_DWORD *)(v5 - 304 + 8 * v20) >> (*(_BYTE *)(v5 - 304 + 8 * v19) & 0x1F);
}
else
{
if ( v74 != 1647 )
goto def_4104;
v114 = v5 - 304;
v115 = *(_DWORD *)(v5 - 304 + 8 * v20) >> (*(_BYTE *)(v5 - 304 + 8 * v19) & 0x1F);
}
}
goto LABEL_257;
case 0x29u:
v145 = *(_QWORD *)(v5 - 304 + 8LL * (unsigned int)v19);
v146 = *(_QWORD *)(v5 - 304 + 8LL * (unsigned int)v20);
v87 = __OFSUB__(v145, v146);
v52 = v145 - v146 < 0;
v136 = (_QWORD *)(v5 - 304 + 8LL * v17);
if ( v52 ^ v87 )
LABEL_355: *v136 = 1LL;
else
LABEL_321: *v136 = 0LL;
goto def_4104;
case 0x2Du:
v106 = v13 & 0x200FFF;
goto LABEL_196;
case 0x3Bu:
v106 = v13 & 0x200FFF;
LABEL_194: if ( v106 == 2101039 )
v74 = 2101039;
LABEL_196: if ( v106 == 2100143 )
v74 = 2100143;
LABEL_198: if ( v74 <= 3182 )
{
if ( v74 <= 2286 )
{
if ( v74 == 751 )
{
v98 = v5 - 304;
v99 = *(_DWORD *)(v5 - 304 + 8 * v20) >> v24;
goto LABEL_372;
}
if ( v74 != 1007 )
{
if ( v74 != 1135 )
goto def_4104;
v107 = v5 - 304;
v108 = *(_QWORD *)(v5 - 304 + 8LL * (unsigned int)v20);
goto LABEL_364;
}
v147 = v5 - 304;
v148 = *(_QWORD *)(v5 - 304 + 8LL * (unsigned int)v20);
LOBYTE(v24) = v24 | 0x20;
LABEL_368: *(_QWORD *)(v147 + 8LL * v17) = v148 >> v24;
goto def_4104;
}
if ( v74 != 2287 )
{
if ( v74 != 2927 )
{
if ( v74 != 2991 )
goto def_4104;
v98 = v5 - 304;
v99 = *(_DWORD *)(v5 - 304 + 8 * v20) >> v24;
goto LABEL_372;
}
v147 = v5 - 304;
v148 = *(_QWORD *)(v5 - 304 + 8LL * (unsigned int)v20);
goto LABEL_368;
}
v109 = v5 - 304;
v110 = *(_QWORD *)(v5 - 304 + 8LL * (unsigned int)v20);
goto LABEL_366;
}
if ( v74 <= 2099438 )
{
if ( v74 == 3183 )
{
v98 = v5 - 304;
v99 = *(_DWORD *)(v5 - 304 + 8 * v20) << v24;
goto LABEL_372;
}
if ( v74 == 3247 )
{
v107 = v5 - 304;
v108 = *(_QWORD *)(v5 - 304 + 8LL * (unsigned int)v20);
LOBYTE(v24) = v24 | 0x20;
LABEL_364: *(_QWORD *)(v107 + 8LL * v17) = v108 << v24;
goto def_4104;
}
if ( v74 != 3887 )
goto def_4104;
v109 = v5 - 304;
v110 = *(_QWORD *)(v5 - 304 + 8LL * (unsigned int)v20);
LOBYTE(v24) = v24 | 0x20;
LABEL_366: *(_QWORD *)(v109 + 8LL * v17) = v110 >> v24;
goto def_4104;
}
switch ( v74 )
{
case 2099439:
v116 = v5 - 304;
v117 = *(_QWORD *)(v5 - 304 + 8LL * (unsigned int)v20);
break;
case 2100143:
v98 = v5 - 304;
v99 = __ROR4__(*(_DWORD *)(v5 - 304 + 8 * v20), v24);
LABEL_372: *(_QWORD *)(v98 + 8LL * v17) = v99;
goto def_4104;
case 2101039:
v116 = v5 - 304;
v117 = *(_QWORD *)(v5 - 304 + 8LL * (unsigned int)v20);
LOBYTE(v24) = v24 | 0x20;
break;
default:
goto def_4104;
}
*(_QWORD *)(v116 + 8LL * v17) = __ROR8__(v117, v24);
def_4104: v112 = *(_QWORD *)(v5 - 32);
result = *v7 + 1;
*v7 = result;
if ( v112 == 2 )
goto LABEL_242;
if ( v112 == 3 || v112 == 1 )
{
result = *(unsigned int **)(v5 - 24);
*(_QWORD *)(v5 - 32) = 0LL;
*v7 = result;
if ( result != v6 )
{
LABEL_242: if ( !result )
return result;
goto LABEL_3;
}
}
else if ( result != v6 )
{
goto LABEL_242;
}
v125 = v8;
v126 = v9;
v127 = v11;
v128 = v12;
((void (__fastcall *)(_QWORD, _QWORD))v6)(*v8, *v9);
v11 = v127;
result = *(unsigned int **)(v5 - 16);
v12 = v128;
v8 = v125;
v9 = v126;
*v7 = result;
if ( !result )
return result;
LABEL_3: v10 = *(_QWORD *)(v5 - 32);
break;
default:
if ( v74 <= 2350 )
{
if ( v74 <= 1710 )
{
switch ( v74 )
{
case 431:
LABEL_391: v138 = *(unsigned int *)(v5 - 304 + 8 * v19);
v139 = *(unsigned int *)(v5 - 304 + 8 * v20);
LABEL_392: v149 = v139 * v138;
v123 = (signed int)v149;
v124 = v149 >> 32;
goto LABEL_393;
case 1263:
if ( !v7[(unsigned int)v20 + 1] )
goto LABEL_430;
break;
case 1327:
LABEL_389: v103 = *(_DWORD *)(v5 - 304 + 8 * v19);
v104 = *(_DWORD *)(v5 - 304 + 8 * v20);
v105 = v103 / v104;
LABEL_390: *v11 = (signed int)(v103 - v105 * v104);
*v12 = v105;
goto def_4104;
}
}
else
{
if ( v74 > 1902 )
{
if ( v74 == 1903 )
{
LABEL_402: v100 = *(_QWORD *)(v5 - 304 + 8LL * (unsigned int)v19);
v101 = *(_QWORD *)(v5 - 304 + 8LL * (unsigned int)v20);
v102 = v101 * (unsigned __int128)v100 >> 64;
goto LABEL_403;
}
if ( v74 != 2223 )
goto def_4104;
LABEL_153: v94 = *(_QWORD *)(v5 - 304 + 8LL * (unsigned int)v19);
v95 = *(_QWORD *)(v5 - 304 + 8LL * (unsigned int)v20);
v96 = v94 / v95;
LABEL_398: *v11 = v94 - v96 * v95;
*v12 = v96;
goto def_4104;
}
if ( v74 != 1711 )
{
if ( v74 != 1839 )
goto def_4104;
goto LABEL_187;
}
if ( !v10 )
{
v151 = v7[(unsigned int)v19 + 1];
++result;
*(_QWORD *)(v5 - 32) = 2LL;
*(_QWORD *)(v5 - 24) = v151;
*v7 = result;
if ( !result )
return result;
goto LABEL_3;
}
}
}
else
{
if ( v74 > 3502 )
{
if ( v74 > 3630 )
{
if ( v74 == 3631 )
{
v137 = (unsigned int *)*v11;
goto LABEL_440;
}
if ( v74 != 3759 || !v7[(unsigned int)v20 + 1] )
goto def_4104;
LABEL_430: *(_QWORD *)(v5 - 304 + 8LL * v17) = *(_QWORD *)(v5 - 304 + 8LL * (unsigned int)v19);
goto def_4104;
}
if ( v74 != 3503 )
{
if ( v74 == 3567 )
*v12 = (unsigned __int64)v7[(unsigned int)v19 + 1];
goto def_4104;
}
LABEL_191: v103 = *(_DWORD *)(v5 - 304 + 8 * v19);
v104 = *(_DWORD *)(v5 - 304 + 8 * v20);
v105 = v103 / (signed int)v104;
goto LABEL_390;
}
if ( v74 > 2862 )
{
if ( v74 != 2863 )
{
if ( v74 == 3311 )
*v11 = (unsigned __int64)v7[(unsigned int)v19 + 1];
goto def_4104;
}
LABEL_397: v94 = *(_QWORD *)(v5 - 304 + 8LL * (unsigned int)v19);
v95 = *(_QWORD *)(v5 - 304 + 8LL * (unsigned int)v20);
v96 = v94 / (signed __int64)v95;
goto LABEL_398;
}
if ( v74 == 2351 )
{
LABEL_328: v138 = *(signed int *)(v5 - 304 + 8 * v19);
v139 = *(signed int *)(v5 - 304 + 8 * v20);
goto LABEL_392;
}
if ( v74 == 2479 )
{
v137 = (unsigned int *)*v12;
LABEL_440: v7[v17 + 1] = v137;
goto def_4104;
}
}
goto def_4104;
}
break;
case 0x32u:
*(_QWORD *)(v5 - 304 + 8LL * (unsigned int)v20) = *(_QWORD *)(v5 - 304 + 8LL * (unsigned int)v19) < (signed __int64)(signed __int16)(v13 & 0xF000 | (v22 >> 20) | (v13 >> 6) & 0x3F | (v23 >> 20) | (v14 >> 20) | (v15 >> 20) | (v16 >> 20) | (v21 >> 20));
goto def_4104;
default:
goto def_4104;
}
break;
}
}
}
return result;
}unsigned int *__fastcall sub_2D28(unsigned int *result, __int64 a2, __int64 a3, __int64 a4, __int64 a5)
{ __int64 v5; // x19
unsigned int *v6; // x20
unsigned int **v7; // x21
_QWORD *v8; // x4
_QWORD *v9; // x5
signed __int64 v10; // x1
unsigned __int64 *v11; // x6
unsigned __int64 *v12; // x7
unsigned int v13; // w12
unsigned int v14; // w16
unsigned int v15; // w15
unsigned int v16; // w14
unsigned int v17; // w10
unsigned int v18; // w11
unsigned __int64 v19; // x9
__int64 v20; // x8
unsigned int v21; // w13
unsigned int v22; // w18
unsigned int v23; // w17
__int64 v24; // x11
bool v25; // zf
int v26; // w11
signed __int64 v27; // x8
signed int v28; // w10
unsigned int *v29; // x11
unsigned int v30; // w13
unsigned int *v31; // x9
signed __int64 v32; // x8
signed int v33; // w11
signed int v34; // w9
unsigned __int64 v35; // x9
_QWORD *v36; // x10
__int64 v37; // x11
char v38; // w9
unsigned __int64 v39; // x8
unsigned __int64 v40; // x9
int v41; // w11
int v42; // w10
int v43; // w11
int v44; // w10
int v45; // w8
int v46; // w12
signed __int64 v47; // x9
unsigned int *v48; // x10
signed __int64 v49; // x12
signed __int64 v50; // x10
_BOOL4 v51; // w11
bool v52; // nf
signed int v53; // w8
_BOOL4 v54; // w9
signed int v55; // w10
int v56; // w13
unsigned int v57; // w10
unsigned __int64 v58; // t2
int v59; // w10
int v60; // w11
unsigned int *v61; // x13
signed __int64 v62; // x11
signed int v63; // w9
signed __int64 v64; // x8
signed int v65; // w11
signed int v66; // w9
unsigned int v67; // w11
unsigned __int64 v68; // t2
int v69; // w10
unsigned int v70; // w11
unsigned int v71; // w12
__int64 v72; // x9
__int64 v73; // x8
int v74; // w13
unsigned __int64 v75; // t2
int v76; // w11
__int64 v77; // x11
char v78; // w9
_DWORD *v79; // x10
int v80; // w11
char v81; // w9
int v82; // w8
unsigned int v83; // w9
int v84; // w11
char v85; // w9
signed int v86; // w12
unsigned __int8 v87; // vf
_BOOL4 v88; // w13
int v89; // w11
signed __int64 v90; // x8
_BOOL4 v91; // w13
int v92; // w11
signed __int64 v93; // x9
__int64 v94; // x9
unsigned __int64 v95; // x8
unsigned __int64 v96; // x10
int v97; // w9
signed __int64 v98; // x9
signed int v99; // w8
unsigned __int64 v100; // x9
unsigned __int64 v101; // x8
unsigned __int64 v102; // x10
int v103; // w9
unsigned int v104; // w8
int v105; // w10
int v106; // w9
signed __int64 v107; // x9
__int64 v108; // x8
signed __int64 v109; // x9
unsigned __int64 v110; // x8
int v111; // w11
__int64 v112; // x8
int v113; // w11
signed __int64 v114; // x11
int v115; // w8
signed __int64 v116; // x9
__int64 v117; // x8
unsigned int v118; // w11
unsigned int v119; // w12
__int64 v120; // x9
__int64 v121; // x8
unsigned __int64 v122; // x8
unsigned __int64 v123; // x9
unsigned __int64 v124; // x8
_QWORD *v125; // x24
_QWORD *v126; // x26
unsigned __int64 *v127; // ST08_8
unsigned __int64 *v128; // x23
signed int v129; // w12
_BOOL4 v130; // w13
int v131; // w11
signed __int64 v132; // x8
unsigned __int64 v133; // x8
unsigned __int64 v134; // x8
bool v135; // cf
_QWORD *v136; // x8
unsigned int *v137; // x8
__int64 v138; // x9
__int64 v139; // x8
unsigned int *v140; // x13
signed __int64 v141; // x8
signed __int64 v142; // x9
signed int v143; // w12
signed int v144; // w10
__int64 v145; // x9
__int64 v146; // x8
signed __int64 v147; // x9
__int64 v148; // x8
__int64 v149; // x8
signed int v150; // w11
unsigned int *v151; // x8
_BOOL4 v152; // w13
int v153; // w12
signed __int64 v154; // x9
v6 = *(unsigned int **)a5;
v5 = *(_QWORD *)(a5 + 8);
*(_QWORD *)(v5 - 56) = 0LL;
*(_QWORD *)(v5 - 304) = 0LL;
v7 = (unsigned int **)(v5 - 312);
v8 = (_QWORD *)(v5 - 272);
v9 = (_QWORD *)(v5 - 264);
*(_QWORD *)(v5 - 72) = (v5 - 328) & 0xFFFFFFFFFFFFFFF0LL;
*(_QWORD *)(v5 - 32) = 0LL;
*(_QWORD *)(v5 - 272) = a2;
*(_QWORD *)(v5 - 264) = a3;
*(_QWORD *)(v5 - 256) = a4;
*(_QWORD *)(v5 - 248) = v6;
*(_QWORD *)(v5 - 312) = result;
*(_QWORD *)(v5 - 8) = result;
if ( result )
{
v10 = 0LL;
v11 = (unsigned __int64 *)(v5 - 40);
v12 = (unsigned __int64 *)(v5 - 48);
while ( 1 )
{
v13 = *result;
if ( v10 == 2 )
{
v10 = 3LL;
*(_QWORD *)(v5 - 32) = 3LL;
}
v14 = v13 & 0x10000000;
v15 = v13 & 0x20000000;
v16 = v13 & 0x40000000;
v17 = (v13 >> 11) & 2 | (v13 >> 31) | (v13 >> 11) & 4 | (v13 >> 11) & 8 | (v13 >> 11) & 0x10;
v18 = ((v13 & 0x10000000) >> 26) & 0xFFFFFFFC | (v13 >> 26) & 3 | ((v13 & 0x20000000) >> 26);
v19 = (v13 >> 21) & 0x1F;
v20 = (v13 >> 16) & 0x1F;
LABEL_7: v21 = v13 & 0x80000000;
v22 = v13 & 0x4000000;
while ( 2 )
{
v23 = v13 & 0x8000000;
v24 = v18 | (v16 >> 26);
switch ( v17 )
{
case 0u:
case 2u:
case 8u:
case 0x12u:
case 0x1Fu:
case 0x21u:
case 0x22u:
case 0x27u:
case 0x2Bu:
case 0x30u:
case 0x31u:
case 0x33u:
case 0x37u:
v25 = v17 == 55;
if ( v17 <= 0x37 )
{
v26 = (v13 >> 6) & 0x3F;
v13 = (unsigned __int16)(v13 & 0xF000) | (v22 >> 20);
v18 = v13 | v26 | (v23 >> 20) | (v14 >> 20) | (v15 >> 20) | (v16 >> 20) | (v21 >> 20);
v19 = (unsigned __int64)v7[(unsigned int)v19 + 1] + (signed __int16)v18;
switch ( v13 )
{
case 0u:
v19 = *(signed __int16 *)v19;
goto LABEL_236;
case 2u:
v19 = *(_QWORD *)v19;
goto LABEL_236;
case 8u:
v19 = *(char *)v19;
goto LABEL_236;
case 0x12u:
v27 = (signed __int64)&v7[(unsigned int)v20];
v19 = *(_DWORD *)(v27 + 8) & (unsigned int)(-1 << (32 - 8 * (v19 & 3))) | (*(_DWORD *)(v19 & 0xFFFFFFFFFFFFFFFCLL) >> 8 * (v19 & 3));
goto LABEL_237;
case 0x21u:
v19 = *(unsigned __int8 *)v19;
goto LABEL_236;
case 0x22u:
v27 = (signed __int64)&v7[(unsigned int)v20];
v19 = *(_QWORD *)(v27 + 8) & (-1LL << (64 - 8 * ((unsigned __int8)v19 & 7u))) | (*(_QWORD *)(v19 & 0xFFFFFFFFFFFFFFF8LL) >> 8 * ((unsigned __int8)v19 & 7u));
goto LABEL_237;
case 0x27u:
case 0x31u:
v27 = (signed __int64)&v7[(unsigned int)v20];
v19 = *(_QWORD *)(v27 + 8) & (0xFFFFFFFFFFFFFFuLL >> 8 * ((unsigned __int8)v19 & 7u)) | (*(_QWORD *)(v19 & 0xFFFFFFFFFFFFFFF8LL) << (56 - 8 * ((unsigned __int8)v19 & 7u)));
goto LABEL_237;
case 0x2Bu:
v19 = *(signed int *)v19;
goto LABEL_236;
case 0x30u:
v19 = *(unsigned __int16 *)v19;
goto LABEL_236;
case 0x33u:
v19 = *(unsigned int *)v19;
goto LABEL_236;
case 0x37u:
v27 = (signed __int64)&v7[(unsigned int)v20];
v19 = *(_DWORD *)(v27 + 8) & (0xFFFFFFu >> 8 * (v19 & 3)) | (*(_DWORD *)(v19 & 0xFFFFFFFFFFFFFFFCLL) << (24 - 8 * (v19 & 3)));
goto LABEL_237;
case 0x38u:
continue;
case 0x39u:
case 0x3Bu:
case 0x3Cu:
case 0x3Du:
case 0x3Eu:
case 0x3Fu:
goto LABEL_218;
case 0x3Au:
goto LABEL_7;
default:
goto def_4104;
}
}
goto def_4104;
case 3u:
case 5u:
case 0xFu:
case 0x1Au:
case 0x2Cu:
case 0x2Du:
case 0x3Au:
case 0x3Fu:
if ( !v10 )
{
v28 = 0;
v29 = 0LL;
v30 = (signed int)((v13 & 0xF000 | (v22 >> 20) | (v13 >> 6) & 0x3F | (v23 >> 20) | (v14 >> 20) | (v15 >> 20) | (v16 >> 20) | (v21 >> 20)) << 16) >> 14;
switch ( v13 & 0x3F )
{
case 3u:
case 0x1Au:
case 0x2Du:
case 0x3Fu:
goto LABEL_15;
case 5u:
case 0xFu:
case 0x2Cu:
case 0x3Au:
v29 = v7[(unsigned int)v20 + 1];
LABEL_15: v31 = v7[(unsigned int)v19 + 1];
v32 = (signed __int64)result + (signed int)(v30 + 4);
switch ( (_DWORD)v32 )
{
case 0:
if ( (signed __int64)v31 <= 0 )
goto LABEL_112;
goto LABEL_17;
case 2:
if ( v31 == v29 )
goto LABEL_112;
goto LABEL_17;
case 0xC:
if ( v31 == v29 )
goto LABEL_17;
goto LABEL_112;
case 0x17:
v25 = v31 == 0LL;
v52 = (signed __int64)v31 < 0;
v34 = 1;
if ( !v52 && !v25 )
goto LABEL_109;
goto LABEL_113;
case 0x29:
v25 = v31 == v29;
v34 = 1;
if ( !v25 )
goto LABEL_113;
goto LABEL_109;
case 0x2A:
v87 = __OFSUB__(v31, 1LL);
v52 = (signed __int64)v31 - 1 < 0;
v34 = 1;
if ( !(v52 ^ v87) )
goto LABEL_113;
goto LABEL_109;
case 0x37:
v25 = v31 == v29;
v34 = 1;
if ( v25 )
goto LABEL_113;
LABEL_109: v33 = 0;
goto LABEL_110;
case 0x3C:
if ( (signed __int64)v31 < 1 )
{
LABEL_17: v33 = 0;
v34 = 0;
LABEL_110: v28 = 0;
v86 = 1;
}
else
{
LABEL_112: v34 = 0;
LABEL_113: v86 = 0;
v28 = 0;
v32 = (signed __int64)(result + 2);
v33 = 1;
}
goto LABEL_114;
default:
goto def_4104;
}
goto def_4104;
case 0x11u:
v28 = 31;
goto LABEL_95;
case 0x2Au:
LABEL_95: v33 = 0;
v34 = 0;
v86 = 1;
v32 = *(_QWORD *)(v5 - 8) + v30;
LABEL_114: v88 = v34 != 0;
v89 = v33 & v88;
*(_QWORD *)(v5 - 24) = v32;
if ( v89 & 1 || !v34 || v86 & v88 )
{
v90 = 1LL;
if ( !v89 )
v90 = 2LL;
*(_QWORD *)(v5 - 32) = v90;
}
goto LABEL_120;
default:
goto def_4104;
}
}
goto def_4104;
case 4u:
case 0x20u:
case 0x38u:
case 0x3Eu:
v41 = v13 & 0x3F;
v42 = v13 & 0xF000 | (v22 >> 20) | (v13 >> 6) & 0x3F | (v23 >> 20) | (v14 >> 20) | (v15 >> 20) | (v16 >> 20) | (v21 >> 20);
if ( v41 > 55 )
{
if ( v41 == 56 )
{
*(_QWORD *)(v5 - 304 + 8LL * (unsigned int)v20) = *(_QWORD *)(v5 - 304 + 8LL * (unsigned int)v19) ^ (unsigned __int16)v42;
}
else if ( v41 == 62 )
{
*(_QWORD *)(v5 - 304 + 8LL * (unsigned int)v20) = *(_QWORD *)(v5 - 304 + 8LL * (unsigned int)v19) | (unsigned __int16)v42;
}
}
else
{
if ( v41 == 4 )
{
LODWORD(v19) = (v13 & 0xF000 | (v22 >> 20) | (v13 >> 6) & 0x3F | (v23 >> 20) | (v14 >> 20) | (v15 >> 20) | (v16 >> 20) | (v21 >> 20)) << 16;
goto LABEL_92;
}
if ( v41 == 32 )
*(_QWORD *)(v5 - 304 + 8LL * (unsigned int)v20) = *(_QWORD *)(v5 - 304 + 8LL * (unsigned int)v19) & (unsigned __int16)v42;
}
goto def_4104;
case 0xAu:
case 0xBu:
case 0xEu:
case 0x14u:
case 0x16u:
case 0x24u:
case 0x36u:
case 0x3Bu:
v35 = (unsigned __int64)v7[(unsigned int)v19 + 1]
+ (v13 & 0xF000 | (v22 >> 20) | (v13 >> 6) & 0x3F | (v23 >> 20) | (v14 >> 20) | (v15 >> 20) | (v16 >> 20) | (v21 >> 20));
switch ( v13 & 0x3F )
{
case 0xAu:
v36 = (_QWORD *)(v35 & 0xFFFFFFFFFFFFFFF8LL);
v37 = *(_QWORD *)(v35 & 0xFFFFFFFFFFFFFFF8LL);
v38 = 8 * (v35 & 7);
v39 = (unsigned __int64)v7[(unsigned int)v20 + 1] >> (56 - v38);
v40 = v37 & (-256LL << v38);
goto LABEL_83;
case 0xBu:
v36 = (_QWORD *)(v35 & 0xFFFFFFFFFFFFFFF8LL);
v77 = *(_QWORD *)(v35 & 0xFFFFFFFFFFFFFFF8LL);
v78 = 8 * (v35 & 7);
v39 = (_QWORD)v7[(unsigned int)v20 + 1] << v78;
v40 = v77 & (0xFFFFFFFFFFFFFFFFLL >> (64 - v78));
LABEL_83: *v36 = v40 | v39;
goto def_4104;
case 0xEu:
*(_BYTE *)v35 = v7[(unsigned int)v20 + 1];
goto def_4104;
case 0x14u:
*(_WORD *)v35 = v7[(unsigned int)v20 + 1];
goto def_4104;
case 0x16u:
v79 = (_DWORD *)(v35 & 0xFFFFFFFFFFFFFFFCLL);
v80 = *(_DWORD *)(v35 & 0xFFFFFFFFFFFFFFFCLL);
v81 = 8 * (v35 & 3);
v82 = LODWORD(v7[(unsigned int)v20 + 1]) >> (24 - v81);
v83 = v80 & (-256 << v81);
goto LABEL_88;
case 0x24u:
v79 = (_DWORD *)(v35 & 0xFFFFFFFFFFFFFFFCLL);
v84 = *(_DWORD *)(v35 & 0xFFFFFFFFFFFFFFFCLL);
v85 = 8 * (v35 & 3);
v82 = LODWORD(v7[(unsigned int)v20 + 1]) << v85;
v83 = v84 & (0xFFFFFFFF >> (32 - v85));
LABEL_88: *v79 = v83 | v82;
break;
case 0x36u:
*(_DWORD *)v35 = v7[(unsigned int)v20 + 1];
break;
case 0x3Bu:
*(_QWORD *)v35 = v7[(unsigned int)v20 + 1];
break;
default:
goto def_4104;
}
goto def_4104;
case 0xDu:
case 0x15u:
case 0x1Bu:
case 0x28u:
v43 = v13 & 0x3F;
v44 = v13 & 0xF000 | (v22 >> 20) | (v13 >> 6) & 0x3F | (v23 >> 20) | (v14 >> 20) | (v15 >> 20) | (v16 >> 20) | (v21 >> 20);
if ( v43 == 13 || v43 == 40 )
{
*(_QWORD *)(v5 - 304 + 8LL * (unsigned int)v20) = *(_QWORD *)(v5 - 304 + 8LL * (unsigned int)v19)
+ (signed __int16)v44;
}
else if ( v43 == 21 )
{
*(_QWORD *)(v5 - 304 + 8LL * (unsigned int)v20) = *(signed int *)(v5 - 304 + 8 * v19)
+ (signed __int64)(signed __int16)v44;
}
goto def_4104;
case 0x10u:
v56 = v13 & 0xFFF;
if ( v56 > 2639 )
{
if ( v56 > 3727 )
{
if ( v56 != 3728 )
{
if ( v56 == 3792 )
{
LODWORD(v24) = v24 | 0x20;
}
else
{
if ( v56 != 3984 )
goto def_4104;
v17 |= 0x20u;
}
}
if ( (signed int)(v24 + v17) <= 63 )
{
v19 = (unsigned __int64)v7[(unsigned int)v19 + 1];
if ( v17 != 63 )
v19 = (v19 >> v24) & ~(-1LL << ((unsigned __int8)v17 + 1));
LABEL_236: v27 = (signed __int64)&v7[(unsigned int)v20];
LABEL_237: *(_QWORD *)(v27 + 8) = v19;
goto def_4104;
}
goto def_4104;
}
if ( v56 != 2640 )
{
if ( v56 == 2768 && v17 >= (unsigned int)v24 )
*(_QWORD *)(v5 - 304 + 8 * v20) = *(_DWORD *)(v5 - 304 + 8 * v20) & (-1 << v17) | ((*(_DWORD *)(v5 - 304 + 8 * v19) & ~(-1 << (1 - v24 + v17))) << v24) | *(_DWORD *)(v5 - 304 + 8 * v20) & ~(-1 << v24);
goto def_4104;
}
}
else
{
if ( v56 > 655 )
{
if ( v56 != 656 && v56 != 1680 )
{
if ( v56 != 2256 )
goto def_4104;
goto LABEL_163;
}
v97 = v13 & 0x7C000FFF;
if ( (signed int)(v13 & 0x7C000FFF) <= 1275069071 )
{
if ( v97 == 201328272 )
{
v134 = *(_QWORD *)(v5 - 304 + 8LL * (unsigned int)v20);
*(_QWORD *)(v5 - 304 + 8LL * v17) = __ROR8__(
(v134 << 16) & 0xFFFF0000FFFF0000LL | (v134 >> 16) & 0xFFFF0000FFFFLL,
32);
}
else if ( v97 == 939524752 )
{
*(_QWORD *)(v5 - 304 + 8LL * v17) = *(char *)(v5 - 304 + 8 * v20);
}
goto def_4104;
}
if ( v97 == 1275069072 )
{
*(_QWORD *)(v5 - 304 + 8LL * v17) = *(signed __int16 *)(v5 - 304 + 8 * v20);
goto def_4104;
}
if ( v97 == 1409287824 )
{
v133 = *(_QWORD *)(v5 - 304 + 8LL * (unsigned int)v20);
*(_QWORD *)(v5 - 304 + 8LL * v17) = (v133 << 8) & 0xFF00FF00FF00FF00LL | (v133 >> 8) & 0xFF00FF00FF00FFLL;
goto def_4104;
}
if ( v97 != 1946157712 )
goto def_4104;
v98 = v5 - 304;
v99 = (*(_DWORD *)(v5 - 304 + 8 * v20) << 8) & 0xFF00FF00 | (*(_DWORD *)(v5 - 304 + 8 * v20) >> 8) & 0xFF00FF;
goto LABEL_372;
}
if ( v56 == 16 )
{
if ( v17 + (unsigned int)v24 > 0x1F )
goto def_4104;
LODWORD(v19) = v7[(unsigned int)v19 + 1];
if ( v17 != 31 )
LODWORD(v19) = ((unsigned int)v19 >> v24) & ~(-2 << v17);
LABEL_92: v19 = (signed int)v19;
goto LABEL_236;
}
if ( v56 != 144 )
goto def_4104;
LODWORD(v24) = v24 | 0x20;
LABEL_163: v17 |= 0x20u;
}
if ( (signed int)v17 >= (signed int)v24 )
*(_QWORD *)(v5 - 304 + 8 * v20) = *(_QWORD *)(v5 - 304 + 8 * v20) & (-1LL << v17) | ((*(_QWORD *)(v5 - 304 + 8LL * (unsigned int)v19) & ~(-1LL << ((unsigned __int8)v17 + 1 - (unsigned __int8)v24))) << v24) | *(_QWORD *)(v5 - 304 + 8 * v20) & ~(-1LL << v24);
goto def_4104;
case 0x11u:
case 0x2Au:
if ( v10 )
goto def_4104;
v45 = v13 & 0x3F;
v46 = v13 & 0x3FFF000 | (v22 >> 20) | (v13 >> 6) & 0x3F | (v23 >> 20) | (v14 >> 20) | (v15 >> 20) | (v16 >> 20) | (v21 >> 20);
if ( v45 == 17 )
{
v53 = 31;
LABEL_129: v51 = 0;
v55 = 0;
v49 = *(_QWORD *)(v5 - 8) + (unsigned int)(v46 * 4);
v54 = 1;
goto LABEL_130;
}
if ( v45 == 42 )
{
v53 = 0;
goto LABEL_129;
}
if ( v45 != 26 )
goto def_4104;
v47 = (signed __int64)v7[(unsigned int)v19 + 1];
v48 = &result[v46];
v49 = (signed __int64)(result + 2);
v50 = (signed __int64)(v48 + 1);
v51 = v47 < 1;
v25 = v47 == 0;
v52 = v47 < 0;
v53 = 0;
v54 = v47 > 0;
if ( !v52 && !v25 )
v49 = v50;
v55 = 1;
LABEL_130: v91 = v55 != 0;
v92 = v51 && v91;
*(_QWORD *)(v5 - 24) = v49;
if ( v92 & 1 || !v55 || v54 && v91 )
{
v93 = 1LL;
if ( !v92 )
v93 = 2LL;
*(_QWORD *)(v5 - 32) = v93;
}
LABEL_136: if ( v53 >= 1 )
{
LABEL_137: v7[v53 + 1] = result + 2;
*(_QWORD *)(v5 - 16) = result + 2;
}
goto def_4104;
case 0x17u:
LODWORD(v20) = v13 & 0x1F003F;
HIDWORD(v58) = (v13 & 0x1F003F) - 65559;
LODWORD(v58) = (v13 & 0x1F003F) - 65559;
v57 = v58 >> 16;
if ( v57 > 0x1A || !((1 << v57) & 0x4842861) || v10 )
goto def_4104;
v59 = v13 & 0x1F003F;
v13 = (signed int)((v13 & 0xF000 | (v22 >> 20) | (v13 >> 6) & 0x3F | (v23 >> 20) | (v14 >> 20) | (v15 >> 20) | (v16 >> 20) | (v21 >> 20)) << 16) >> 14;
if ( (signed int)(v20 & 0x1FFFFF) <= 65558 )
{
v60 = v59 - 3;
v28 = 0;
v61 = result;
switch ( v60 )
{
case 0:
case 23:
case 42:
case 60:
goto LABEL_50;
case 2:
case 12:
case 41:
case 55:
goto LABEL_51;
case 14:
v28 = 31;
goto LABEL_279;
case 39:
LABEL_279: v65 = 0;
v66 = 0;
v64 = *(_QWORD *)(v5 - 8) + v13;
goto LABEL_290;
default:
goto def_4104;
}
goto def_4104;
}
if ( v59 > 917526 )
{
if ( v59 > 1572886 )
{
if ( v59 != 1769495 )
{
v25 = v59 == 1572887;
LABEL_218: if ( !v25 )
goto def_4104;
}
}
else if ( v59 != 917527 && v59 != 1245207 )
{
goto def_4104;
}
}
else if ( v59 > 458774 )
{
if ( v59 != 458775 && v59 != 786455 )
goto def_4104;
}
else if ( v59 != 65559 && v59 != 393239 )
{
goto def_4104;
}
LABEL_50: v61 = 0LL;
LABEL_51: v62 = (signed __int64)v7[(unsigned int)v19 + 1];
v63 = v20 & 0x1FFFFF;
v64 = (signed __int64)result + (signed int)(v13 + 4);
if ( v63 > 65558 )
{
if ( v63 > 917526 )
{
if ( v63 > 1572886 )
{
if ( v63 == 1572887 )
{
v66 = 1;
if ( v62 & 0x8000000000000000LL )
goto LABEL_294;
goto LABEL_288;
}
if ( v63 == 1769495 )
{
v28 = 31;
v66 = 1;
if ( v62 & 0x8000000000000000LL )
{
LABEL_311: v65 = 0;
LABEL_290: v129 = 1;
LABEL_301: v130 = v66 != 0;
v131 = v65 & v130;
*(_QWORD *)(v5 - 24) = v64;
if ( !(v131 & 1) && v66 && !(v129 & v130) )
{
LABEL_120: if ( v28 < 1 )
goto def_4104;
LABEL_121: v7[v28 + 1] = result + 2;
*(_QWORD *)(v5 - 16) = result + 2;
goto def_4104;
}
v132 = 1LL;
if ( !v131 )
v132 = 2LL;
*(_QWORD *)(v5 - 32) = v132;
if ( v28 >= 1 )
goto LABEL_121;
goto def_4104;
}
goto LABEL_300;
}
}
else
{
if ( v63 == 917527 )
{
v28 = 31;
v66 = 1;
if ( !(v62 & 0x8000000000000000LL) )
goto LABEL_311;
goto LABEL_300;
}
if ( v63 == 1245207 )
{
if ( v62 & 0x8000000000000000LL )
{
LABEL_298: v28 = 0;
LABEL_299: v66 = 0;
LABEL_300: v129 = 0;
v64 = (signed __int64)(result + 2);
v65 = 1;
goto LABEL_301;
}
LABEL_54: v65 = 0;
v66 = 0;
LABEL_289: v28 = 0;
goto LABEL_290;
}
}
}
else if ( v63 > 458774 )
{
if ( v63 == 458775 )
{
v66 = 1;
if ( !(v62 & 0x8000000000000000LL) )
{
LABEL_294: v28 = 0;
goto LABEL_300;
}
LABEL_288: v65 = 0;
goto LABEL_289;
}
if ( v63 == 786455 )
{
v28 = 31;
if ( v62 & 0x8000000000000000LL )
goto LABEL_299;
LABEL_227: v65 = 0;
v66 = 0;
goto LABEL_290;
}
}
else
{
if ( v63 == 65559 )
{
if ( !(v62 & 0x8000000000000000LL) )
goto LABEL_298;
goto LABEL_54;
}
if ( v63 == 393239 )
{
v28 = 31;
if ( !(v62 & 0x8000000000000000LL) )
goto LABEL_299;
goto LABEL_227;
}
}
}
else
{
switch ( v63 )
{
case 3:
if ( v62 > 0 )
goto LABEL_54;
goto LABEL_298;
case 5:
if ( (unsigned int *)v62 == v61 )
goto LABEL_298;
goto LABEL_54;
case 15:
if ( (unsigned int *)v62 != v61 )
goto LABEL_298;
goto LABEL_54;
case 26:
v66 = 1;
if ( v62 > 0 )
goto LABEL_288;
goto LABEL_294;
case 44:
v66 = 1;
if ( (unsigned int *)v62 != v61 )
goto LABEL_294;
goto LABEL_288;
case 45:
v66 = 1;
if ( v62 >= 1 )
goto LABEL_294;
goto LABEL_288;
case 58:
v66 = 1;
if ( (unsigned int *)v62 != v61 )
goto LABEL_288;
goto LABEL_294;
case 63:
if ( v62 >= 1 )
goto LABEL_298;
goto LABEL_54;
default:
goto def_4104;
}
}
goto def_4104;
case 0x23u:
*(_QWORD *)(v5 - 304 + 8LL * (unsigned int)v20) = *(_QWORD *)(v5 - 304 + 8LL * (unsigned int)v19) < (unsigned __int64)(signed __int16)(v13 & 0xF000 | (v22 >> 20) | (v13 >> 6) & 0x3F | (v23 >> 20) | (v14 >> 20) | (v15 >> 20) | (v16 >> 20) | (v21 >> 20));
goto def_4104;
case 0x29u:
HIDWORD(v68) = (v13 & 0xFFF) - 425;
LODWORD(v68) = (v13 & 0xFFF) - 425;
v67 = v68 >> 6;
if ( v67 > 0x1A )
goto def_4104;
if ( !((1 << v67) & 0x4000032) )
{
if ( v67 != 2 )
goto def_4104;
v76 = v13 & 0xFFF;
if ( v76 > 2158 )
{
if ( v76 > 2542 )
{
LABEL_67: if ( v76 == 2543 )
goto LABEL_159;
if ( v76 == 2671 )
goto LABEL_250;
if ( v76 != 3375 )
goto def_4104;
LABEL_256: v114 = v5 - 304;
v115 = *(_DWORD *)(v5 - 304 + 8 * v20) + *(_DWORD *)(v5 - 304 + 8 * v19);
}
else
{
LABEL_157: if ( v76 != 2159 )
{
if ( v76 != 2415 )
goto def_4104;
LABEL_159: *(_QWORD *)(v5 - 304 + 8LL * v17) = *(_QWORD *)(v5 - 304 + 8LL * (unsigned int)v20)
+ *(_QWORD *)(v5 - 304 + 8LL * (unsigned int)v19);
goto def_4104;
}
LABEL_250: v114 = v5 - 304;
v115 = *(_DWORD *)(v5 - 304 + 8 * v19) - *(_DWORD *)(v5 - 304 + 8 * v20);
}
LABEL_257: *(_QWORD *)(v114 + 8LL * v17) = v115;
goto def_4104;
}
if ( v76 > 942 )
{
LABEL_258: if ( v76 == 943 || v76 == 1775 )
*(_QWORD *)(v5 - 304 + 8LL * v17) = *(_QWORD *)(v5 - 304 + 8LL * (unsigned int)v19)
- *(_QWORD *)(v5 - 304 + 8LL * (unsigned int)v20);
}
else
{
if ( v76 == 495 )
goto LABEL_256;
LABEL_222: if ( v76 == 553 )
*(_QWORD *)(v5 - 304 + 8LL * v17) = *(signed int *)(v5 - 304 + 8 * v20)
* (signed __int64)*(signed int *)(v5 - 304 + 8 * v19);
}
goto def_4104;
}
v69 = v13 & 0xFFF;
if ( v69 <= 1902 )
{
if ( v69 > 744 )
{
if ( v69 != 745 )
{
if ( v69 == 1327 )
goto LABEL_389;
if ( v69 != 1839 )
goto def_4104;
LABEL_187: v100 = *(_QWORD *)(v5 - 304 + 8LL * (unsigned int)v19);
v101 = *(_QWORD *)(v5 - 304 + 8LL * (unsigned int)v20);
v102 = (unsigned __int128)((signed __int64)v101 * (signed __int128)(signed __int64)v100) >> 64;
LABEL_403: *v12 = v101 * v100;
*v11 = v102;
goto def_4104;
}
v118 = *(_DWORD *)v11;
v119 = *(_DWORD *)v12;
v120 = *(signed int *)(v5 - 304 + 8 * v19);
v121 = *(signed int *)(v5 - 304 + 8 * v20);
}
else
{
if ( v69 == 431 )
goto LABEL_391;
if ( v69 != 489 )
{
if ( v69 != 681 )
goto def_4104;
v70 = *(_DWORD *)v11;
v71 = *(_DWORD *)v12;
v72 = *(unsigned int *)(v5 - 304 + 8 * v19);
v73 = *(unsigned int *)(v5 - 304 + 8 * v20);
goto LABEL_274;
}
v118 = *(_DWORD *)v11;
v119 = *(_DWORD *)v12;
v120 = *(unsigned int *)(v5 - 304 + 8 * v19);
v121 = *(unsigned int *)(v5 - 304 + 8 * v20);
}
v122 = (v119 | ((unsigned __int64)v118 << 32)) - v121 * v120;
LABEL_277: v123 = (unsigned int)v122;
v124 = v122 >> 32;
LABEL_393: *v12 = v123;
*v11 = v124;
goto def_4104;
}
if ( v69 <= 2350 )
{
if ( v69 == 1903 )
goto LABEL_402;
if ( v69 != 2089 )
{
if ( v69 != 2223 )
goto def_4104;
goto LABEL_153;
}
v70 = *(_DWORD *)v11;
v71 = *(_DWORD *)v12;
v72 = *(signed int *)(v5 - 304 + 8 * v19);
v73 = *(signed int *)(v5 - 304 + 8 * v20);
LABEL_274: v122 = (v71 | ((unsigned __int64)v70 << 32)) + v73 * v72;
goto LABEL_277;
}
if ( v69 == 2351 )
goto LABEL_328;
if ( v69 == 2863 )
goto LABEL_397;
if ( v69 != 3503 )
goto def_4104;
goto LABEL_191;
case 0x2Fu:
v74 = v13 & 0xFFF;
HIDWORD(v75) = v74 - 111;
LODWORD(v75) = v74 - 111;
switch ( (unsigned int)(v75 >> 6) )
{
case 0u:
case 3u:
case 9u:
case 0xFu:
case 0x2Eu:
case 0x3Du:
goto def_4104;
case 1u:
case 0xBu:
case 0x34u:
v113 = v13 & 0x4000FFF;
if ( (v13 & 0x4000FFF) == 67109679 )
v74 = 67109679;
goto LABEL_336;
case 2u:
v135 = *(_QWORD *)(v5 - 304 + 8LL * (unsigned int)v19) >= *(_QWORD *)(v5 - 304 + 8LL * (unsigned int)v20);
v136 = (_QWORD *)(v5 - 304 + 8LL * v17);
if ( !v135 )
goto LABEL_355;
goto LABEL_321;
case 6u:
case 0xDu:
case 0x1Au:
case 0x20u:
case 0x24u:
case 0x26u:
case 0x28u:
case 0x33u:
v76 = v13 & 0xFFF;
if ( v76 > 2158 )
{
if ( v76 <= 2542 )
goto LABEL_157;
goto LABEL_67;
}
if ( v76 > 942 )
goto LABEL_258;
if ( v76 != 495 )
goto LABEL_222;
goto LABEL_256;
case 0xAu:
case 0x30u:
goto LABEL_198;
case 0xCu:
case 0x17u:
case 0x1Fu:
case 0x3Cu:
v111 = v13 & 0xFFF;
if ( v111 > 2094 )
{
if ( v111 == 2095 )
{
*(_QWORD *)(v5 - 304 + 8LL * v17) = ~(*(_QWORD *)(v5 - 304 + 8LL * (unsigned int)v20) | *(_QWORD *)(v5 - 304 + 8LL * (unsigned int)v19));
}
else if ( v111 == 3951 )
{
*(_QWORD *)(v5 - 304 + 8LL * v17) = *(_QWORD *)(v5 - 304 + 8LL * (unsigned int)v20) & *(_QWORD *)(v5 - 304 + 8LL * (unsigned int)v19);
}
}
else if ( v111 == 879 )
{
*(_QWORD *)(v5 - 304 + 8LL * v17) = *(_QWORD *)(v5 - 304 + 8LL * (unsigned int)v20) ^ *(_QWORD *)(v5 - 304 + 8LL * (unsigned int)v19);
}
else if ( v111 == 1583 )
{
*(_QWORD *)(v5 - 304 + 8LL * v17) = *(_QWORD *)(v5 - 304 + 8LL * (unsigned int)v20) | *(_QWORD *)(v5 - 304 + 8LL * (unsigned int)v19);
}
goto def_4104;
case 0xEu:
case 0x10u:
case 0x22u:
case 0x2Cu:
case 0x31u:
v106 = v13 & 0x200FFF;
if ( (v13 & 0x200FFF) == 2099439 )
v74 = 2099439;
goto LABEL_194;
case 0x15u:
if ( v10 )
goto def_4104;
v53 = 0;
v140 = 0LL;
switch ( v13 & 0xFFF )
{
case 3u:
case 0x1Au:
case 0x2Du:
case 0x3Fu:
goto LABEL_332;
case 4u:
case 6u:
case 7u:
case 8u:
case 9u:
case 0xAu:
case 0xBu:
case 0xCu:
case 0xDu:
case 0xEu:
case 0x10u:
case 0x12u:
case 0x13u:
case 0x14u:
case 0x15u:
case 0x16u:
case 0x17u:
case 0x18u:
case 0x19u:
case 0x1Bu:
case 0x1Cu:
case 0x1Du:
case 0x1Eu:
case 0x1Fu:
case 0x20u:
case 0x21u:
case 0x22u:
case 0x23u:
case 0x24u:
case 0x25u:
case 0x26u:
case 0x27u:
case 0x28u:
case 0x29u:
case 0x2Bu:
case 0x2Eu:
case 0x2Fu:
case 0x30u:
case 0x31u:
case 0x32u:
case 0x33u:
case 0x34u:
case 0x35u:
case 0x36u:
case 0x37u:
case 0x38u:
case 0x39u:
case 0x3Bu:
case 0x3Cu:
case 0x3Du:
case 0x3Eu:
goto def_4104;
case 5u:
case 0xFu:
case 0x2Cu:
case 0x3Au:
v140 = v7[v17 + 1];
LABEL_332: v141 = (signed __int64)v7[(unsigned int)v19 + 1];
v142 = (signed __int64)result + (unsigned int)(v24 + 4);
switch ( (_DWORD)v141 )
{
case 0:
if ( v141 <= 0 )
goto LABEL_424;
goto LABEL_334;
case 2:
if ( (unsigned int *)v141 == v140 )
goto LABEL_424;
goto LABEL_334;
case 0xC:
if ( (unsigned int *)v141 == v140 )
goto LABEL_334;
goto LABEL_424;
case 0x17:
v144 = 1;
if ( v141 <= 0 )
goto LABEL_425;
goto LABEL_421;
case 0x29:
v144 = 1;
if ( (unsigned int *)v141 != v140 )
goto LABEL_425;
goto LABEL_421;
case 0x2A:
v144 = 1;
if ( v141 < 1 )
goto LABEL_421;
goto LABEL_425;
case 0x37:
v144 = 1;
if ( (unsigned int *)v141 == v140 )
goto LABEL_425;
LABEL_421: v143 = 0;
goto LABEL_422;
case 0x3C:
if ( v141 >= 1 )
{
LABEL_424: v144 = 0;
LABEL_425: v150 = 0;
v53 = 0;
v142 = (signed __int64)(result + 2);
v143 = 1;
goto LABEL_432;
}
LABEL_334: v143 = 0;
v144 = 0;
LABEL_422: v53 = 0;
break;
default:
goto def_4104;
}
goto LABEL_431;
case 0x11u:
v53 = 31;
break;
case 0x2Au:
break;
}
v143 = 0;
v144 = 0;
v142 = *(_QWORD *)(v5 - 8) + v24;
LABEL_431: v150 = 1;
LABEL_432: v152 = v144 != 0;
v153 = v143 & v152;
*(_QWORD *)(v5 - 24) = v142;
if ( !(v153 & 1) && v144 && !(v150 & v152) )
goto LABEL_136;
v154 = 1LL;
if ( !v153 )
v154 = 2LL;
*(_QWORD *)(v5 - 32) = v154;
if ( v53 >= 1 )
goto LABEL_137;
goto def_4104;
case 0x16u:
case 0x3Eu:
goto LABEL_338;
case 0x18u:
v113 = v13 & 0x4000FFF;
LABEL_336: if ( v113 == 67110511 )
v74 = 67110511;
LABEL_338: if ( v74 > 3438 )
{
if ( v74 > 67109678 )
{
if ( v74 == 67109679 )
{
*(_QWORD *)(v5 - 304 + 8LL * v17) = __ROR8__(
*(_QWORD *)(v5 - 304 + 8LL * (unsigned int)v20),
*(_BYTE *)(v5 - 304 + 8 * v19) & 0x3F);
goto def_4104;
}
if ( v74 != 67110511 )
goto def_4104;
v114 = v5 - 304;
v115 = __ROR4__(*(_DWORD *)(v5 - 304 + 8 * v20), *(_BYTE *)(v5 - 304 + 8 * v19) & 0x1F);
}
else
{
if ( v74 == 3439 )
{
*(_QWORD *)(v5 - 304 + 8LL * v17) = *(_QWORD *)(v5 - 304 + 8LL * (unsigned int)v20) << (*(_BYTE *)(v5 - 304 + 8LL * (unsigned int)v19) & 0x3F);
goto def_4104;
}
if ( v74 != 4079 )
goto def_4104;
v114 = v5 - 304;
v115 = *(_DWORD *)(v5 - 304 + 8 * v20) << (*(_BYTE *)(v5 - 304 + 8 * v19) & 0x1F);
}
}
else
{
if ( v74 <= 1518 )
{
if ( v74 == 175 )
{
*(_QWORD *)(v5 - 304 + 8LL * v17) = *(_QWORD *)(v5 - 304 + 8LL * (unsigned int)v20) >> (*(_BYTE *)(v5 - 304 + 8LL * (unsigned int)v19) & 0x3F);
}
else if ( v74 == 815 )
{
*(_QWORD *)(v5 - 304 + 8LL * v17) = *(_QWORD *)(v5 - 304 + 8LL * (unsigned int)v20) >> (*(_BYTE *)(v5 - 304 + 8LL * (unsigned int)v19) & 0x3F);
}
goto def_4104;
}
if ( v74 == 1519 )
{
v114 = v5 - 304;
v115 = *(_DWORD *)(v5 - 304 + 8 * v20) >> (*(_BYTE *)(v5 - 304 + 8 * v19) & 0x1F);
}
else
{
if ( v74 != 1647 )
goto def_4104;
v114 = v5 - 304;
v115 = *(_DWORD *)(v5 - 304 + 8 * v20) >> (*(_BYTE *)(v5 - 304 + 8 * v19) & 0x1F);
}
}
goto LABEL_257;
case 0x29u:
v145 = *(_QWORD *)(v5 - 304 + 8LL * (unsigned int)v19);
v146 = *(_QWORD *)(v5 - 304 + 8LL * (unsigned int)v20);
v87 = __OFSUB__(v145, v146);
v52 = v145 - v146 < 0;
v136 = (_QWORD *)(v5 - 304 + 8LL * v17);
if ( v52 ^ v87 )
LABEL_355: *v136 = 1LL;
else
LABEL_321: *v136 = 0LL;
goto def_4104;
case 0x2Du:
v106 = v13 & 0x200FFF;
goto LABEL_196;
case 0x3Bu:
v106 = v13 & 0x200FFF;
LABEL_194: if ( v106 == 2101039 )
v74 = 2101039;
LABEL_196: if ( v106 == 2100143 )
v74 = 2100143;
LABEL_198: if ( v74 <= 3182 )
{
if ( v74 <= 2286 )
{
if ( v74 == 751 )
{
v98 = v5 - 304;
v99 = *(_DWORD *)(v5 - 304 + 8 * v20) >> v24;
goto LABEL_372;
}
if ( v74 != 1007 )
{
if ( v74 != 1135 )
goto def_4104;
v107 = v5 - 304;
v108 = *(_QWORD *)(v5 - 304 + 8LL * (unsigned int)v20);
goto LABEL_364;
}
v147 = v5 - 304;
v148 = *(_QWORD *)(v5 - 304 + 8LL * (unsigned int)v20);
LOBYTE(v24) = v24 | 0x20;
LABEL_368: *(_QWORD *)(v147 + 8LL * v17) = v148 >> v24;
goto def_4104;
}
if ( v74 != 2287 )
{
if ( v74 != 2927 )
{
if ( v74 != 2991 )
goto def_4104;
v98 = v5 - 304;
v99 = *(_DWORD *)(v5 - 304 + 8 * v20) >> v24;
goto LABEL_372;
}
v147 = v5 - 304;
v148 = *(_QWORD *)(v5 - 304 + 8LL * (unsigned int)v20);
goto LABEL_368;
}
v109 = v5 - 304;
v110 = *(_QWORD *)(v5 - 304 + 8LL * (unsigned int)v20);
goto LABEL_366;
}
if ( v74 <= 2099438 )
{
if ( v74 == 3183 )
{
v98 = v5 - 304;
v99 = *(_DWORD *)(v5 - 304 + 8 * v20) << v24;
goto LABEL_372;
}
if ( v74 == 3247 )
{
v107 = v5 - 304;
v108 = *(_QWORD *)(v5 - 304 + 8LL * (unsigned int)v20);
LOBYTE(v24) = v24 | 0x20;
LABEL_364: *(_QWORD *)(v107 + 8LL * v17) = v108 << v24;
goto def_4104;
}
if ( v74 != 3887 )
goto def_4104;
v109 = v5 - 304;
v110 = *(_QWORD *)(v5 - 304 + 8LL * (unsigned int)v20);
LOBYTE(v24) = v24 | 0x20;
LABEL_366: *(_QWORD *)(v109 + 8LL * v17) = v110 >> v24;
goto def_4104;
}
switch ( v74 )
{
case 2099439:
v116 = v5 - 304;
v117 = *(_QWORD *)(v5 - 304 + 8LL * (unsigned int)v20);
break;
case 2100143:
v98 = v5 - 304;
v99 = __ROR4__(*(_DWORD *)(v5 - 304 + 8 * v20), v24);
LABEL_372: *(_QWORD *)(v98 + 8LL * v17) = v99;
goto def_4104;
case 2101039:
v116 = v5 - 304;
v117 = *(_QWORD *)(v5 - 304 + 8LL * (unsigned int)v20);
LOBYTE(v24) = v24 | 0x20;
break;
default:
goto def_4104;
}
*(_QWORD *)(v116 + 8LL * v17) = __ROR8__(v117, v24);
def_4104: v112 = *(_QWORD *)(v5 - 32);
result = *v7 + 1;
*v7 = result;
if ( v112 == 2 )
goto LABEL_242;
if ( v112 == 3 || v112 == 1 )
{
result = *(unsigned int **)(v5 - 24);
*(_QWORD *)(v5 - 32) = 0LL;
*v7 = result;
if ( result != v6 )
{
LABEL_242: if ( !result )
return result;
goto LABEL_3;
}
}
else if ( result != v6 )
{
goto LABEL_242;
}
v125 = v8;
v126 = v9;
v127 = v11;
v128 = v12;
((void (__fastcall *)(_QWORD, _QWORD))v6)(*v8, *v9);
v11 = v127;
result = *(unsigned int **)(v5 - 16);
v12 = v128;
v8 = v125;
v9 = v126;
*v7 = result;
if ( !result )
return result;
LABEL_3: v10 = *(_QWORD *)(v5 - 32);
break;
default:
if ( v74 <= 2350 )
{
if ( v74 <= 1710 )
{
switch ( v74 )
{
case 431:
LABEL_391: v138 = *(unsigned int *)(v5 - 304 + 8 * v19);
v139 = *(unsigned int *)(v5 - 304 + 8 * v20);
LABEL_392: v149 = v139 * v138;
v123 = (signed int)v149;
v124 = v149 >> 32;
goto LABEL_393;
case 1263:
if ( !v7[(unsigned int)v20 + 1] )
goto LABEL_430;
break;
case 1327:
LABEL_389: v103 = *(_DWORD *)(v5 - 304 + 8 * v19);
v104 = *(_DWORD *)(v5 - 304 + 8 * v20);
v105 = v103 / v104;
LABEL_390: *v11 = (signed int)(v103 - v105 * v104);
*v12 = v105;
goto def_4104;
}
}
else
{
if ( v74 > 1902 )
{
if ( v74 == 1903 )
{
LABEL_402: v100 = *(_QWORD *)(v5 - 304 + 8LL * (unsigned int)v19);
v101 = *(_QWORD *)(v5 - 304 + 8LL * (unsigned int)v20);
v102 = v101 * (unsigned __int128)v100 >> 64;
goto LABEL_403;
}
if ( v74 != 2223 )
goto def_4104;
LABEL_153: v94 = *(_QWORD *)(v5 - 304 + 8LL * (unsigned int)v19);
v95 = *(_QWORD *)(v5 - 304 + 8LL * (unsigned int)v20);
v96 = v94 / v95;
LABEL_398: *v11 = v94 - v96 * v95;
*v12 = v96;
goto def_4104;
}
if ( v74 != 1711 )
{
if ( v74 != 1839 )
goto def_4104;
goto LABEL_187;
}
if ( !v10 )
{
v151 = v7[(unsigned int)v19 + 1];
++result;
*(_QWORD *)(v5 - 32) = 2LL;
*(_QWORD *)(v5 - 24) = v151;
*v7 = result;
if ( !result )
return result;
goto LABEL_3;
}
}
}
else
{
if ( v74 > 3502 )
{
if ( v74 > 3630 )
{
if ( v74 == 3631 )
{
v137 = (unsigned int *)*v11;
goto LABEL_440;
}
if ( v74 != 3759 || !v7[(unsigned int)v20 + 1] )
goto def_4104;
LABEL_430: *(_QWORD *)(v5 - 304 + 8LL * v17) = *(_QWORD *)(v5 - 304 + 8LL * (unsigned int)v19);
goto def_4104;
}
if ( v74 != 3503 )
{
if ( v74 == 3567 )
*v12 = (unsigned __int64)v7[(unsigned int)v19 + 1];
goto def_4104;
}
LABEL_191: v103 = *(_DWORD *)(v5 - 304 + 8 * v19);
v104 = *(_DWORD *)(v5 - 304 + 8 * v20);
v105 = v103 / (signed int)v104;
goto LABEL_390;
}
if ( v74 > 2862 )
{
if ( v74 != 2863 )
{
if ( v74 == 3311 )
*v11 = (unsigned __int64)v7[(unsigned int)v19 + 1];
goto def_4104;
}
LABEL_397: v94 = *(_QWORD *)(v5 - 304 + 8LL * (unsigned int)v19);
v95 = *(_QWORD *)(v5 - 304 + 8LL * (unsigned int)v20);
v96 = v94 / (signed __int64)v95;
goto LABEL_398;
}
if ( v74 == 2351 )
{
LABEL_328: v138 = *(signed int *)(v5 - 304 + 8 * v19);
v139 = *(signed int *)(v5 - 304 + 8 * v20);
goto LABEL_392;
}
if ( v74 == 2479 )
{
v137 = (unsigned int *)*v12;
LABEL_440: v7[v17 + 1] = v137;
goto def_4104;
}
}
goto def_4104;
}
break;
case 0x32u:
*(_QWORD *)(v5 - 304 + 8LL * (unsigned int)v20) = *(_QWORD *)(v5 - 304 + 8LL * (unsigned int)v19) < (signed __int64)(signed __int16)(v13 & 0xF000 | (v22 >> 20) | (v13 >> 6) & 0x3F | (v23 >> 20) | (v14 >> 20) | (v15 >> 20) | (v16 >> 20) | (v21 >> 20));
goto def_4104;
default:
goto def_4104;
}
break;
}
}
}
return result;
}.text:0000000000002D28 sub_2D28 ; CODE XREF: sub_2BD4+54↑p
.text:0000000000002D28
.text:0000000000002D28 var_58 = -0x58
.text:0000000000002D28 var_50 = -0x50
.text:0000000000002D28 var_40 = -0x40
.text:0000000000002D28 var_30 = -0x30
.text:0000000000002D28 var_20 = -0x20
.text:0000000000002D28 var_10 = -0x10
.text:0000000000002D28 var_s0 = 0
.text:0000000000002D28
.text:0000000000002D28 ; __unwind {
.text:0000000000002D28 SUB SP, SP, #0x70 函数分配栈空间
.text:0000000000002D2C STP X28, X27, [SP,#0x60+var_50] 开始保存上个函数的寄存器环境
.text:0000000000002D30 STP X26, X25, [SP,#0x60+var_40]
.text:0000000000002D34 STP X24, X23, [SP,#0x60+var_30]
.text:0000000000002D38 STP X22, X21, [SP,#0x60+var_20]
.text:0000000000002D3C STP X20, X19, [SP,#0x60+var_10]
.text:0000000000002D40 STP X29, X30, [SP,#0x60+var_s0]
.text:0000000000002D44 ADD X29, SP, #0x60 X29是当前函数开始可用的局部变量空间
.text:0000000000002D48 LDP X20, X19, [X4] X4是传入的第5个参数,也就是函数 sub_2D1C 和 虚拟内存的起始地址(上一个函数的栈帧中),保存在X20和X19中
.text:0000000000002D4C SUB X8, X19, #0x130 X8 = X19 - 0x130
.text:0000000000002D50 STUR XZR, [X19,#-0x38] [X19 -0x38] = 0
.text:0000000000002D54 STR XZR, [X8] [X19 - 0x130] = 0
.text:0000000000002D58 SUB X8, X19, #0x148 X8 = X19 - 0x148
.text:0000000000002D5C SUB X21, X19, #0x138 X21 = X19 - 0x138
.text:0000000000002D60 AND X8, X8, #0xFFFFFFFFFFFFFFF0 16字节对齐
.text:0000000000002D64 SUB X4, X19, #0x110 X4 = X19 - 0x110
.text:0000000000002D68 SUB X5, X19, #0x108 X5 = X19 - 0x108
.text:0000000000002D6C STUR X8, [X19,#-0x48] [X19 - 0x48] = X8 = X19 - 0x148
.text:0000000000002D70 STUR XZR, [X19,#-0x20] [X19 - 0x20] = 0
.text:0000000000002D74 STR X1, [X4] [X19 - 0x110] = X1 = 参数2,函数参数指针,传入的jbyte* 等参数
.text:0000000000002D78 STR X2, [X5] [X19 - 0x108] = X2 = 0, 参数3 是0
.text:0000000000002D7C STP X3, X20, [X19,#-0x100] [X19-0x100] = 参数4 = 一个地址数组。 [X19- 0xF8] = X20 = sub_2D1C 函数地址
.text:0000000000002D80 STR X0, [X21] [X19 - 0x138] = X0 = 参数1,可能是字节码序列
.text:0000000000002D84 STUR X0, [X19,#-8] [X19 - 0x8] = X0
.text:0000000000002D88 CBZ X0, loc_4654 校验X0值是否正确,loc_4654是虚拟机函数结束
.text:0000000000002D8C MOV W23, #0x32F W23 = 0x32F
.text:0000000000002D90 MOV W24, #0xFFF
.text:0000000000002D94 ADRP X28, #jpt_2E4C@PAGE 这些应该是跳转表
.text:0000000000002D98 ADRP X22, #jpt_2E94@PAGE
.text:0000000000002D9C ADRP X27, #jpt_2F18@PAGE
.text:0000000000002DA0 ADRP X25, #jpt_2FB8@PAGE
.text:0000000000002DA4 MOV X1, XZR X1 = 0
.text:0000000000002DA8 SUB X6, X19, #0x28 x6 = x19 - 0x28
.text:0000000000002DAC SUB X7, X19, #0x30 X7 = X19 - 0x30
.text:0000000000002DB0 MOVK W23, #0x400,LSL#16 W23[16:31] = (0x400 << 16) --> W23 = 0x0400032F
.text:0000000000002DB4 MOVK W24, #0x20,LSL#16 W24[16:31] = (0x0020 << 16) --> W24 = 0x00200FFF
.text:0000000000002DB8 MOV W26, #3 W26 = 3
.text:0000000000002DBC ADD X28, X28, #jpt_2E4C@PAGEOFF
.text:0000000000002DC0 ADD X22, X22, #jpt_2E94@PAGEOFF
.text:0000000000002DC4 MOV W30, #0x20 W30 = 0x20
.text:0000000000002DC8 ADD X27, X27, #jpt_2F18@PAGEOFF
.text:0000000000002DCC ADD X25, X25, #jpt_2FB8@PAGEOFF
.text:0000000000002DD0 B loc_2DD8
.text:0000000000002D28 sub_2D28 ; CODE XREF: sub_2BD4+54↑p
.text:0000000000002D28
.text:0000000000002D28 var_58 = -0x58
.text:0000000000002D28 var_50 = -0x50
.text:0000000000002D28 var_40 = -0x40
.text:0000000000002D28 var_30 = -0x30
.text:0000000000002D28 var_20 = -0x20
.text:0000000000002D28 var_10 = -0x10
.text:0000000000002D28 var_s0 = 0
.text:0000000000002D28
.text:0000000000002D28 ; __unwind {
.text:0000000000002D28 SUB SP, SP, #0x70 函数分配栈空间
.text:0000000000002D2C STP X28, X27, [SP,#0x60+var_50] 开始保存上个函数的寄存器环境
.text:0000000000002D30 STP X26, X25, [SP,#0x60+var_40]
.text:0000000000002D34 STP X24, X23, [SP,#0x60+var_30]
.text:0000000000002D38 STP X22, X21, [SP,#0x60+var_20]
.text:0000000000002D3C STP X20, X19, [SP,#0x60+var_10]
.text:0000000000002D40 STP X29, X30, [SP,#0x60+var_s0]
.text:0000000000002D44 ADD X29, SP, #0x60 X29是当前函数开始可用的局部变量空间
.text:0000000000002D48 LDP X20, X19, [X4] X4是传入的第5个参数,也就是函数 sub_2D1C 和 虚拟内存的起始地址(上一个函数的栈帧中),保存在X20和X19中
.text:0000000000002D4C SUB X8, X19, #0x130 X8 = X19 - 0x130
.text:0000000000002D50 STUR XZR, [X19,#-0x38] [X19 -0x38] = 0
.text:0000000000002D54 STR XZR, [X8] [X19 - 0x130] = 0
.text:0000000000002D58 SUB X8, X19, #0x148 X8 = X19 - 0x148
.text:0000000000002D5C SUB X21, X19, #0x138 X21 = X19 - 0x138
.text:0000000000002D60 AND X8, X8, #0xFFFFFFFFFFFFFFF0 16字节对齐
.text:0000000000002D64 SUB X4, X19, #0x110 X4 = X19 - 0x110
.text:0000000000002D68 SUB X5, X19, #0x108 X5 = X19 - 0x108
.text:0000000000002D6C STUR X8, [X19,#-0x48] [X19 - 0x48] = X8 = X19 - 0x148
.text:0000000000002D70 STUR XZR, [X19,#-0x20] [X19 - 0x20] = 0
.text:0000000000002D74 STR X1, [X4] [X19 - 0x110] = X1 = 参数2,函数参数指针,传入的jbyte* 等参数
.text:0000000000002D78 STR X2, [X5] [X19 - 0x108] = X2 = 0, 参数3 是0
.text:0000000000002D7C STP X3, X20, [X19,#-0x100] [X19-0x100] = 参数4 = 一个地址数组。 [X19- 0xF8] = X20 = sub_2D1C 函数地址
.text:0000000000002D80 STR X0, [X21] [X19 - 0x138] = X0 = 参数1,可能是字节码序列
.text:0000000000002D84 STUR X0, [X19,#-8] [X19 - 0x8] = X0
.text:0000000000002D88 CBZ X0, loc_4654 校验X0值是否正确,loc_4654是虚拟机函数结束
.text:0000000000002D8C MOV W23, #0x32F W23 = 0x32F
.text:0000000000002D90 MOV W24, #0xFFF
.text:0000000000002D94 ADRP X28, #jpt_2E4C@PAGE 这些应该是跳转表
.text:0000000000002D98 ADRP X22, #jpt_2E94@PAGE
.text:0000000000002D9C ADRP X27, #jpt_2F18@PAGE
.text:0000000000002DA0 ADRP X25, #jpt_2FB8@PAGE
.text:0000000000002DA4 MOV X1, XZR X1 = 0
.text:0000000000002DA8 SUB X6, X19, #0x28 x6 = x19 - 0x28
.text:0000000000002DAC SUB X7, X19, #0x30 X7 = X19 - 0x30
.text:0000000000002DB0 MOVK W23, #0x400,LSL#16 W23[16:31] = (0x400 << 16) --> W23 = 0x0400032F
.text:0000000000002DB4 MOVK W24, #0x20,LSL#16 W24[16:31] = (0x0020 << 16) --> W24 = 0x00200FFF
.text:0000000000002DB8 MOV W26, #3 W26 = 3
.text:0000000000002DBC ADD X28, X28, #jpt_2E4C@PAGEOFF
.text:0000000000002DC0 ADD X22, X22, #jpt_2E94@PAGEOFF
.text:0000000000002DC4 MOV W30, #0x20 W30 = 0x20
.text:0000000000002DC8 ADD X27, X27, #jpt_2F18@PAGEOFF
.text:0000000000002DCC ADD X25, X25, #jpt_2FB8@PAGEOFF
.text:0000000000002DD0 B loc_2DD8
[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课
最后于 2025-3-31 11:43
被CCTV果冻爽编辑
,原因:
赞赏记录
参与人
雪币
留言
时间
mb_jwvcvtfi
感谢你分享这么好的资源!
19小时前
mb_ygbywaup
期待更多优质内容的分享,论坛有你更精彩!
23小时前
ldljlzw
为你点赞!
1天前
2beNo2
感谢你分享这么好的资源!
1天前
mb_posiqsug
这个讨论对我很有帮助,谢谢!
1天前
mb_bogoqnvg
感谢你分享这么好的资源!
1天前
wx_ㅤ_683
期待更多优质内容的分享,论坛有你更精彩!
2天前
陈可牛
你的分享对大家帮助很大,非常感谢!
2天前
git_99394jiangyei
非常支持你的观点!
2天前
0x指纹
+1
你的帖子非常有用,感谢分享!
2天前
P_Hac
为你点赞!
2天前
qqizai
期待更多优质内容的分享,论坛有你更精彩!
2天前
leiusurely
你的分享对大家帮助很大,非常感谢!
2天前
loveqiao
感谢你分享这么好的资源!
2天前
mb_hhiypuwp
非常支持你的观点!
2天前
天水姜伯约
感谢你分享这么好的资源!
2天前
沈聽白
感谢你的积极参与,期待更多精彩内容!
2天前
百事可乐就好
你的帖子非常有用,感谢分享!
2天前
yuzhouheike
感谢你分享这么好的资源!
3天前
海带
你的帖子非常有用,感谢分享!
3天前
mb_rjdrqvpa
感谢你的积极参与,期待更多精彩内容!
5天前
wx_byte
你的帖子非常有用,感谢分享!
6天前
小秃秃驴
谢谢你的细致分析,受益匪浅!
6天前
crackwiki
为你点赞!
6天前
我是小三
你的分享对大家帮助很大,非常感谢!
6天前
养只猫不好么
谢谢你的细致分析,受益匪浅!
2025-4-1 15:11
陈某人
为你点赞!
2025-4-1 15:04
New对象处
感谢你的贡献,论坛因你而更加精彩!
2025-4-1 14:31
mb_fzcenzlx
你的分享对大家帮助很大,非常感谢!
2025-4-1 11:18
mb_tzwqsbxd
为你点赞!
2025-4-1 11:04
wx_funcrever
你的帖子非常有用,感谢分享!
2025-4-1 10:57
Mezone0
感谢你分享这么好的资源!
2025-4-1 10:54
杨如画
你的帖子非常有用,感谢分享!
2025-4-1 09:56
.KK
感谢你的积极参与,期待更多精彩内容!
2025-4-1 09:54
huangyalei
感谢你分享这么好的资源!
2025-3-31 22:50
mb_asiwnxyv
感谢你的积极参与,期待更多精彩内容!
2025-3-31 18:32
顽劣
你的分享对大家帮助很大,非常感谢!
2025-3-31 17:59
mb_iesvmzqc
感谢你分享这么好的资源!
2025-3-31 14:47
熊趴趴来
感谢你的积极参与,期待更多精彩内容!
2025-3-31 14:22
令狐双
这个讨论对我很有帮助,谢谢!
2025-3-31 13:37
快乐的小跳蛙
你的分享对大家帮助很大,非常感谢!
2025-3-31 13:09
东方玻璃
你的帖子非常有用,感谢分享!
2025-3-31 13:00
mb_ldbucrik
谢谢你的细致分析,受益匪浅!
2025-3-31 12:56
kkte
请注意发帖规范,保持良好的讨论环境!
2025-3-31 12:55
岁月。
非常支持你的观点!
2025-3-31 11:53
|
|
|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
 
|
|
|
|
|
|
|
|
|
|
