初学IDA,有些看不懂,从dll文件中反汇编出来加密和解密的代码,a1估计是字节数组,另外a2和a3没看懂,请大神们帮看看
加密后的数组前几位如下:
byte[] str = { 0, 1, 35, 13, 76, 23, 0, 0,
-54, 0, -4, 1, 46, 2, -8, 2, 0, 0, 0, 0, 0, 0, 112, 1, 9, 0, 24, 1,
77, 0, 0, 0, 26, 0, 14, 0, 0, 0, 48, 2, -109, 6, -50, 7, 23, 8........}
下面是解密代码:
signed int __usercall sub_100010B0@<eax>(int a1@<eax>, int a2@<ecx>, int a3)
{
int v3; // esi@1
signed int result; // eax@2
int v5; // edi@5
int v6; // eax@5
int v7; // esi@6
int v8; // ebx@6
int v9; // ecx@6
unsigned __int8 v10; // al@7
int v11; // [sp+4h] [bp-4h]@5
v3 = a1;
if ( a2 < 16 || *(_BYTE *)a1 || *(_BYTE *)(a1 + 1) != 1 )
{
result = -1;
}
else
{
v5 = *(_BYTE *)(a1 + 4) + ((*(_BYTE *)(a1 + 5) + ((*(_BYTE *)(a1 + 6) + (*(_BYTE *)(a1 + 7) << 8)) << 8)) << 8);
v6 = *(_BYTE *)(a1 + 2) + (*(_BYTE *)(a1 + 3) << 8);
v11 = *(_BYTE *)(v3 + 2) + (*(_BYTE *)(v3 + 3) << 8);
if ( a2 < 2 * v5 + 8 )
goto LABEL_14;
v7 = v3 + 8;
v8 = 0;
v9 = 0;
if ( v5 > 0 )
{
do
{
v10 = (*(_BYTE *)(v7 + 2 * v9) + ((unsigned int)*(_BYTE *)(v7 + 2 * v9 + 1) << 8))
/ ((unsigned int)(unsigned __int8)v9 + 1);
*(_BYTE *)(++v9 + a3 - 1) = v10;
v8 = (unsigned __int16)(v8 + v10);
}
while ( v9 < v5 );
v6 = v11;
}
if ( v6 == v8 )
result = v5;
else
LABEL_14:
result = -1;
}
return result;
}
下面是加密代码
signed int __usercall sub_10001030@<eax>(int a1@<edx>, int a2, signed int a3)
{
__int16 v3; // ax@1
signed int v4; // ebx@1
signed int v5; // esi@1
int v6; // edi@2
int v7; // ecx@2
*(_BYTE *)a1 = 0;
*(_BYTE *)(a1 + 1) = 1;
*(_BYTE *)(a1 + 5) = BYTE1(a3);
*(_BYTE *)(a1 + 6) = a3 >> 16;
*(_BYTE *)(a1 + 7) = BYTE3(a3);
v3 = 0;
v4 = 0;
v5 = 8;
for ( *(_BYTE *)(a1 + 4) = a3; v4 < a3; v5 += 2 )
{
v6 = *(_BYTE *)(v4 + a2);
v7 = v6 * ((unsigned __int8)v4 + 1);
*(_BYTE *)(a1 + v5) = v7;
*(_BYTE *)(a1 + v5 + 1) = BYTE1(v7);
++v4;
v3 += v6;
}
*(_BYTE *)(a1 + 2) = v3;
*(_BYTE *)(a1 + 3) = HIBYTE(v3);
return v5;
}
[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课
