Jump to content
Tuts 4 You

Need some little help with recognizing some functions


Spider

Recommended Posts

Posted (edited)

Hi, I'm analyzing a licensing process of a program and I came across those functions (bellow)

I found that it is using SHA-1, zlib decompression, upx for internal module, and not sure about RSA

zlib and upx functions I've already recognize them, but SHA-1 and RSA (?) are still under question.

Here are a part of function before the data is actually decrypted.

The Functie_RoR_cu_shl8 looks like SHA-1, and the cycle is feeding the digest (?).

I need to know if I understood this function correctly and if somebody recognize the Spider_Unknown_Function?

If you can help me understand better this peace of code.

Thanks.

All those inline algorithms looks like Crypto++ library or Botan..


void __cdecl Function_Decode()
{
signed int v0; // edi@1
char *tmp_Hardware_ID; // esi@1
char v2; // zf@3
char v3; // zf@4
int new_lic_size; // edi@14
unsigned int v5; // ecx@16
void *v6; // ebx@16
void *v7; // esi@16
void *v8; // eax@16
char v9; // al@17
char v10; // zf@18
int v11; // ebx@19
void *v12; // edi@22
unsigned int v13; // esi@22
signed int v15; // eax@22
signed int v17; // eax@22
void *v18; // eax@22
signed int v20; // eax@22
signed int v22; // eax@22
int v23; // eax@23
int *v24; // eax@27
signed int v25; // ecx@27
int v26; // eax@30
int v27; // esi@30
char v28; // zf@32
char v29; // zf@33
void *v30; // eax@42
signed int v31; // ecx@42
int v32; // eax@45
int v33; // esi@45
unsigned int v34; // esi@45
void *v35; // ebx@47
void *v36; // [sp-4h] [bp-100h]@26
void *v37; // [sp-4h] [bp-100h]@48
char v38; // [sp+10h] [bp-ECh]@1
void *v39; // [sp+14h] [bp-E8h]@22
void *v40; // [sp+18h] [bp-E4h]@22
void *v41; // [sp+1Ch] [bp-E0h]@22
unsigned int v42; // [sp+20h] [bp-DCh]@19
void *v43; // [sp+24h] [bp-D8h]@22
int v44; // [sp+28h] [bp-D4h]@22
void *v45; // [sp+2Ch] [bp-D0h]@22
int v46; // [sp+30h] [bp-CCh]@22
void *v47; // [sp+34h] [bp-C8h]@22
int v48; // [sp+38h] [bp-C4h]@22
void *v49; // [sp+3Ch] [bp-C0h]@22
int v50; // [sp+40h] [bp-BCh]@22
int v51; // [sp+44h] [bp-B8h]@31
unsigned int v52; // [sp+48h] [bp-B4h]@30
unsigned int Magic1; // [sp+4Ch] [bp-B0h]@1
unsigned int Magic2; // [sp+50h] [bp-ACh]@1
unsigned int Magic3; // [sp+54h] [bp-A8h]@1
unsigned int Magic4; // [sp+58h] [bp-A4h]@1
unsigned int Magic5; // [sp+5Ch] [bp-A0h]@1
int v58; // [sp+60h] [bp-9Ch]@1
int v59; // [sp+64h] [bp-98h]@1
char v60[64]; // [sp+68h] [bp-94h]@3
int v61; // [sp+A8h] [bp-54h]@1
__int16 v62; // [sp+ACh] [bp-50h]@1
unsigned int v63; // [sp+B8h] [bp-44h]@12
unsigned int v64; // [sp+BCh] [bp-40h]@12
unsigned int v65; // [sp+C0h] [bp-3Ch]@12
unsigned int v66; // [sp+C4h] [bp-38h]@12
unsigned int v67; // [sp+C8h] [bp-34h]@12
char Hardware_ID; // [sp+CCh] [bp-30h]@1
unsigned int v69; // [sp+E8h] [bp-14h]@1
int v70; // [sp+F8h] [bp-4h]@22 v69 = (unsigned int)&v38 ^ dword_102B8090;
sub_10081E20(&Hardware_ID); //Generates HWID
v61 = 0;
v59 = 0;
v58 = 0;
v62 = 0;
Magic1 = 0x67452301u;
Magic2 = 0xEFCDAB89u;
Magic3 = 0x98BADCFEu;
Magic4 = (unsigned int)&dword_10325476; // // 0x10325476
Magic5 = 0xC3D2E1F0u;
v0 = 15;
tmp_Hardware_ID = &Hardware_ID;
while ( 1 )
{ // SHA1 Algorithm
--v0;
if ( HIBYTE(v62) )
break;
v60[v61++] = *tmp_Hardware_ID;
v2 = v58 == -8;
v58 += 8;
if ( v2 )
{
v3 = v59++ == -1;
if ( v3 )
HIBYTE(v62) = 1;
}
if ( v61 == 0x40 )
Functie_RoR_cu_shl8(&Magic1);
++tmp_Hardware_ID;
if ( !v0 )
{
if ( !HIBYTE(v62) )
{
if ( !(_BYTE)v62 )
{
sub_10083B20((int)&Magic1);
LOBYTE(v62) = 1;
}
v63 = Magic1;
v64 = Magic2;
v65 = Magic3;
v66 = Magic4;
v67 = Magic5;
}
break;
}
}
if ( License_Buffer )
{
new_lic_size = License_File_Handler - 68;
if ( License_File_Handler - 68 >= (*(_DWORD *)License_Buffer ^ 0xABCDEF78u) )
new_lic_size = *(_DWORD *)License_Buffer ^ 0xABCDEF78;
v8 = operator new__(new_lic_size);
v5 = 0;
v6 = License_Buffer;
v7 = v8;
if ( new_lic_size )
{
do
{
v9 = *((_BYTE *)v6 + v5 + 4) ^ *((_BYTE *)&v63 + v5 % 0x14);
++v5;
*((_BYTE *)v7 + v5 - 1) = v9;
}
while ( v5 < new_lic_size );
}
operator delete__(v6);
v10 = *(_DWORD *)v7 == -324508640;
License_Buffer = 0;
if ( !v10 )
goto LABEL_21;
v42 = 0xBu * *((_DWORD *)v7 + 1) / 0xA;
v11 = (int)operator new__(11 * v42 / 0xA);
if ( zlib_uncompress(v11, (int *)&v42, (int)((char *)v7 + 8), new_lic_size - 8) )
{
operator delete__((void *)v11);
LABEL_21:
operator delete__(v7);
return;
}
operator delete__(v7);
_ECX = 0;
v46 = 32;
v15 = 64;
__asm { seto cl }
v41 = operator new(v15 | -_ECX);
v45 = v41;
v70 = 0;
_ECX = 0;
v50 = 32;
v17 = 64;
__asm { seto cl }
v18 = operator new(v17 | -_ECX);
v40 = v18;
v49 = v18;
LOBYTE(v70) = 1;
memcpy(v41, &unk_1026C500, 0x40u);
memcpy(v18, &unk_1026C540, 0x40u);
_ECX = 0;
v48 = 32;
v20 = 64;
__asm { seto cl }
v39 = operator new(v20 | -_ECX);
v47 = v39;
LOBYTE(v70) = 2;
_ECX = 0;
v44 = 32;
v22 = 64;
__asm { seto cl }
v12 = operator new(v22 | -_ECX);
v43 = v12;
LOBYTE(v70) = 3;
memcopy(v39, v11, 0x40u);
Spider_Unknown_Function1((int)&v47, (int)&v45, (int)&v49, (int)&v43);
v13 = 0;
if ( v42 ) // DECODE FINAL MODULE
{
v23 = v11;
do
{
*(_BYTE *)v23 ^= *((_BYTE *)v12 + ((2 - v11 + v23) & 0xF));
++v13;
++v23;
}
while ( v13 < v42 );
}
if ( *(_DWORD *)(v11 + 64) == -38177487 )
{
memcopy(v39, v11 + 68, 64);
Spider_Unknown_Function1((int)&v47, (int)&v45, (int)&v49, (int)&v43);
v24 = (int *)&v63;
v25 = 20;
while ( *(int *)((char *)v24 + v12 - &v63) == *v24 )
{
v25 -= 4;
++v24;
if ( (unsigned int)v25 < 4 )
{
v26 = v42 - 260;
v52 = v42 - 260;
v61 = 0;
v59 = 0;
v58 = 0;
v62 = 0;
Magic1 = 0x67452301u;
Magic2 = 0xEFCDAB89u;
Magic3 = 0x98BADCFEu;
Magic4 = (unsigned int)&dword_10325476;
Magic5 = 0xC3D2E1F0u;
v27 = v11 + 260;
if ( v42 == 260 )
{
LABEL_40:
sub_10083B20((int)&Magic1);
LABEL_41:
v63 = Magic1;
v64 = Magic2;
v65 = Magic3;
v66 = Magic4;
v67 = Magic5;
}
else
{
while ( 1 )
{
--v26;
v51 = v26;
if ( HIBYTE(v62) )
break;
v60[v61++] = *(_BYTE *)v27;
v28 = v58 == -8;
v58 += 8;
if ( v28 )
{
v29 = v59++ == -1;
if ( v29 )
HIBYTE(v62) = 1;
}
if ( v61 == 64 )
{
Functie_RoR_cu_shl8(&Magic1);
v26 = v51;
}
++v27;
if ( !v26 )
{
if ( HIBYTE(v62) )
break;
if ( (_BYTE)v62 != (_BYTE)v26 )
goto LABEL_41;
goto LABEL_40;
}
}
}
memcopy(v39, v11 + 132, 64);
Spider_Unknown_Function1((int)&v47, (int)&v45, (int)&v49, (int)&v43);
v31 = 20;
v30 = v12;
while ( *(_DWORD *)((char *)v30 + (char *)&v63 - v12) == *(_DWORD *)v30 )
{
v31 -= 4;
v30 = (char *)v30 + 4;
if ( (unsigned int)v31 < 4 )
{
v34 = v52;
License_Buffer = operator new__(v52);
License_File_Handler = v34;
memcopy(License_Buffer, v11 + 0x104, v34);
operator delete__((void *)v11);
v33 = Initiaza_UPX_Modulul(); //Initiate and unpack UPX
v32 = Search_Function("CheckLicense"); //function search.

Here are additional calls


int __stdcall Functie_RoR_cu_shl8(int a1)
{
int v1; // eax@1
signed int v2; // ecx@1
int v3; // esi@2
int v4; // edx@2
int v5; // esi@2
int v6; // edx@2
int v7; // esi@2
char *v8; // eax@3
signed int v9; // ebx@3
int v10; // edx@4
int v11; // esi@4
int v12; // ecx@4
int v13; // ebp@4
int v14; // ebp@4
int v15; // ebp@4
int v16; // ebp@4
int v17; // edx@4
int v18; // eax@5
int v19; // edx@5
int v20; // ecx@5
int v21; // esi@5
int v22; // edi@6
int v23; // ebx@6
int v24; // edi@6
int v25; // eax@6
int v26; // edi@6
int v27; // ST14_4@6
int v28; // edi@6
int v29; // esi@6
int v30; // edx@6
int v31; // edi@6
int v32; // ST10_4@6
int v33; // ecx@6
int v34; // eax@6
int v35; // ST14_4@6
int v36; // eax@6
int v37; // edx@6
int v38; // ebp@6
int v39; // ST14_4@6
int v40; // esi@6
int v41; // edi@6
int v42; // ecx@6
signed int v43; // eax@6
int v44; // ST14_4@6
signed int v45; // ebx@7
int v46; // edi@8
int v47; // edi@8
int v48; // eax@8
int v49; // edi@8
int v50; // ST14_4@8
int v51; // edi@8
int v52; // esi@8
int v53; // edx@8
int v54; // edi@8
int v55; // ebp@8
int v56; // ecx@8
int v57; // eax@8
int v58; // ST14_4@8
int v59; // eax@8
int v60; // edx@8
int v61; // ST14_4@8
int v62; // ebp@8
int v63; // edi@8
int v64; // eax@8
int v65; // esi@8
int v66; // eax@8
int v67; // ecx@8
int v68; // ST14_4@8
int v69; // esi@8
int v70; // edi@10
int v71; // edi@10
int v72; // ebx@10
int v73; // eax@10
int v74; // ST10_4@10
int v75; // edi@10
int v76; // ebp@10
int v77; // ebx@10
int v78; // edx@10
int v79; // esi@10
int v80; // edx@10
int v81; // edi@10
int v82; // ST14_4@10
int v83; // edx@10
int v84; // ecx@10
int v85; // ST10_4@10
int v86; // eax@10
int v87; // edx@10
int v88; // edi@10
int v89; // esi@10
int v90; // ST14_4@10
int v91; // esi@10
int v92; // ebp@10
int v93; // ecx@10
int v94; // eax@10
int v95; // ST14_4@10
int v96; // edi@11
int v97; // ebp@12
int v98; // ebp@12
int v99; // ebx@12
int v100; // eax@12
int v101; // ebx@12
int v102; // ST10_4@12
int v103; // edx@12
int v104; // ebp@12
int v105; // esi@12
int v106; // edx@12
int v107; // ebx@12
int v108; // ST10_4@12
int v109; // ecx@12
int v110; // eax@12
int v111; // ebp@12
int v112; // eax@12
int v113; // edx@12
int v114; // ST10_4@12
int v115; // ebx@12
int v116; // esi@12
int v117; // ebp@12
int v118; // esi@12
int v119; // eax@12
int v120; // ST10_4@12
int v121; // ebx@12
unsigned __int8 v122; // sf@12
unsigned __int8 v123; // of@12
int result; // eax@13
int v125; // ebx@13
int v126; // esi@13
int v127; // [sp+10h] [bp-148h]@5
int v128; // [sp+14h] [bp-144h]@5
int v129; // [sp+14h] [bp-144h]@9
signed int v130; // [sp+14h] [bp-144h]@11
int v131; // [sp+18h] [bp-140h]@2
int v132; // [sp+1Ch] [bp-13Ch]@2
int v133; // [sp+20h] [bp-138h]@2
int v134; // [sp+24h] [bp-134h]@2
int v135[4]; // [sp+28h] [bp-130h]@6
char v136; // [sp+38h] [bp-120h]@3 v2 = 0;
v1 = a1 + 29;
do
{
v3 = *(_BYTE *)(v1 + 4);
*(&v131 + v2) = *(_BYTE *)(v1 + 2) | ((*(_BYTE *)(v1 + 1) | ((*(_BYTE *)v1 | (*(_BYTE *)(v1 - 1) << 8)) << 8)) << 8);
v4 = *(_BYTE *)(v1 + 6) | ((*(_BYTE *)(v1 + 5) | ((v3 | (*(_BYTE *)(v1 + 3) << 8)) << 8)) << 8);
v5 = *(_BYTE *)(v1 + 8);
*(&v132 + v2) = v4;
v6 = *(_BYTE *)(v1 + 10) | ((*(_BYTE *)(v1 + 9) | ((v5 | (*(_BYTE *)(v1 + 7) << 8)) << 8)) << 8);
v7 = *(_BYTE *)(v1 + 12);
*(&v133 + v2) = v6;
*(&v134 + v2) = *(_BYTE *)(v1 + 14) | ((*(_BYTE *)(v1 + 13) | ((v7 | (*(_BYTE *)(v1 + 11) << 8)) << 8)) << 8);
v2 += 4;
v1 += 16;
}
while ( v2 < 16 );
v8 = &v136;
v9 = 16;
do
{
v10 = *((_DWORD *)v8 - 6);
v11 = *((_DWORD *)v8 - 5);
v12 = __ROL__(*(_DWORD *)v8 ^ v10 ^ *((_DWORD *)v8 + 5) ^ *((_DWORD *)v8 - 8), 1);
v13 = __ROL__(v11 ^ *((_DWORD *)v8 + 1) ^ *((_DWORD *)v8 + 6) ^ *((_DWORD *)v8 - 7), 1);
*((_DWORD *)v8 + 9) = v13;
v14 = *((_DWORD *)v8 - 4) ^ *((_DWORD *)v8 + 7);
*((_DWORD *)v8 + 8) = v12;
v15 = *((_DWORD *)v8 + 2) ^ v14;
v8 += 16;
v16 = __ROL__(v10 ^ v15, 1);
v17 = __ROL__(v11 ^ v12 ^ *((_DWORD *)v8 - 1) ^ *((_DWORD *)v8 - 7), 1);
--v9;
*((_DWORD *)v8 + 6) = v16;
*((_DWORD *)v8 + 7) = v17;
}
while ( v9 );
v21 = *(_DWORD *)a1;
v18 = *(_DWORD *)(a1 + 4);
v20 = *(_DWORD *)(a1 + 8);
v19 = *(_DWORD *)(a1 + 12);
v127 = *(_DWORD *)(a1 + 16);
v128 = 0;
do
{
v22 = __ROL__(v21, 5);
v23 = v128;
v24 = *(&v131 + v128) + (v18 & v20 | v19 & ~v18) + v22;
v25 = __ROR__(v18, 2);
v26 = v127 + 1518500249 + v24;
v27 = v26;
v26 = __ROL__(v26, 5);
v28 = *(&v132 + v23) + (v21 & v25 | v20 & ~v21) + v26;
v29 = __ROR__(v21, 2);
v30 = v28 + v19 + 1518500249;
v31 = v25;
v32 = v20;
v33 = v27;
v34 = v27 & v29 | v25 & ~v27;
v35 = v30;
v30 = __ROL__(v30, 5);
v36 = *(&v133 + v23) + v34 + v30 + v32 + 1518500249;
v37 = v35;
v38 = v29;
v33 = __ROR__(v33, 2);
v39 = v36;
v36 = __ROL__(v36, 5);
v40 = *(&v134 + v23) + (v37 & v33 | v29 & ~v37) + v36 + v31 + 1518500249;
v41 = v33;
v42 = v39;
v19 = __ROR__(v37, 2);
v43 = ~v39;
v44 = v40;
v40 = __ROL__(v40, 5);
v21 = v38 + 1518500249 + v135[v23] + (v42 & v19 | v41 & v43) + v40;
v18 = v44;
v20 = __ROR__(v42, 2);
v127 = v41;
v128 = v23 + 5;
}
while ( v23 + 5 < 20 );
v45 = 20;
do
{
v46 = __ROL__(v21, 5);
v47 = *(&v131 + v45) + (v18 ^ v20 ^ v19) + v46;
v48 = __ROR__(v18, 2);
v49 = v127 + 1859775393 + v47;
v50 = v49;
v49 = __ROL__(v49, 5);
v51 = *(&v132 + v45) + (v21 ^ v48 ^ v20) + v49;
v52 = __ROR__(v21, 2);
v53 = v51 + v19 + 1859775393;
v54 = v48;
v55 = v20;
v56 = v50;
v57 = v50 ^ v52 ^ v48;
v58 = v53;
v53 = __ROL__(v53, 5);
v56 = __ROR__(v56, 2);
v59 = v55 + 1859775393 + *(&v133 + v45) + v57 + v53;
v60 = v58;
v61 = v59;
v59 = __ROL__(v59, 5);
v62 = v54;
v63 = v52;
v64 = *(&v134 + v45) + (v60 ^ v56 ^ v52) + v59;
v19 = __ROR__(v60, 2);
v65 = v62 + 1859775393 + v64;
v66 = v56;
v67 = v61;
v68 = v65;
v65 = __ROL__(v65, 5);
v69 = v135[v45] + (v67 ^ v19 ^ v66) + v65;
v45 += 5;
v20 = __ROR__(v67, 2);
v127 = v66;
v18 = v68;
v21 = v69 + v63 + 1859775393;
}
while ( v45 < 40 );
v129 = 40;
do
{
v70 = __ROL__(v21, 5);
v71 = v127 + v70;
v72 = *(&v131 + v129) + (v18 & v20 | v19 & (v18 | v20));
v73 = __ROR__(v18, 2);
v74 = v19;
v75 = v72 + v71 - 1894007588;
v76 = v75;
v75 = __ROL__(v75, 5);
v77 = v129;
v78 = *(&v132 + v129) + (v21 & v73 | v20 & (v21 | v73));
v79 = __ROR__(v21, 2);
v80 = v78 + v74 + v75 - 1894007588;
v81 = *(&v133 + v129) + (v76 & v79 | v73 & (v76 | v79));
v82 = v80;
v80 = __ROL__(v80, 5);
v83 = v20 + v80;
v84 = __ROR__(v76, 2);
v85 = v73;
v86 = v82;
v87 = v81 + v83 - 1894007588;
v88 = v79;
v89 = *(&v134 + v77) + (v82 & v84 | v79 & (v82 | v84));
v90 = v87;
v87 = __ROL__(v87, 5);
v86 = __ROR__(v86, 2);
v91 = v89 + v85 + v87 - 1894007588;
v19 = v86;
v92 = v84;
v93 = v90;
v94 = v92 & (v90 | v86);
v95 = v91;
v91 = __ROL__(v91, 5);
v21 = v135[v77] + (v93 & v19 | v94) + v88 + v91 - 1894007588;
v18 = v95;
v20 = __ROR__(v93, 2);
v127 = v92;
v129 = v77 + 5;
}
while ( v77 + 5 < 60 );
v96 = 60;
v130 = 60;
do
{
v98 = *(&v131 + v96) + (v18 ^ v20 ^ v19);
v99 = __ROL__(v21, 5);
v100 = __ROR__(v18, 2);
v101 = v98 - 899497514 + v127 + v99;
v102 = v19;
v103 = *(&v132 + v130) + (v21 ^ v100 ^ v20);
v104 = v101;
v101 = __ROL__(v101, 5);
v105 = __ROR__(v21, 2);
v106 = v103 + v102 + v101 - 899497514;
v107 = v100;
v108 = v20;
v109 = v104;
v110 = *(&v133 + v130) + (v104 ^ v105 ^ v100);
v111 = v106;
v106 = __ROL__(v106, 5);
v109 = __ROR__(v109, 2);
v112 = v110 + v108 + v106 - 899497514;
v113 = v111;
v114 = v107;
v115 = v105;
v116 = *(&v134 + v130) + (v111 ^ v109 ^ v105);
v117 = v112;
v112 = __ROL__(v112, 5);
v19 = __ROR__(v113, 2);
v118 = v116 + v114 + v112 - 899497514;
v119 = v109;
v120 = v115;
v121 = v118;
v118 = __ROL__(v118, 5);
v96 = v130 + 5;
v21 = v135[v130] + (v117 ^ v19 ^ v109) - 899497514 + v120 + v118;
v20 = __ROR__(v117, 2);
v123 = __SETO__(v130 + 5, 80);
v122 = v130 - 75 < 0;
v97 = v119;
v127 = v119;
v18 = v121;
v130 += 5;
}
while ( v122 ^ v123 );
v125 = v21 + *(_DWORD *)a1;
v126 = v18 + *(_DWORD *)(a1 + 4);
*(_DWORD *)(a1 + 8) += v20;
*(_DWORD *)(a1 + 12) += v19;
result = v97 + *(_DWORD *)(a1 + 16);
*(_DWORD *)a1 = v125;
*(_DWORD *)(a1 + 4) = v126;
*(_DWORD *)(a1 + 16) = result;
*(_DWORD *)(a1 + 92) = 0;
return result;
}
----------------------------------------------------------------int __usercall sub_10083B20<eax>(int a1<esi>)
{
signed int v1; // eax@1
int v2; // eax@1
unsigned __int8 v3; // zf@1
char v4; // sf@1
unsigned __int8 v5; // of@1
char v7; // dl@9
char v8; // al@9
char v9; // cl@9
char v10; // dl@9
char v11; // al@9
char v12; // cl@9
char v13; // dl@9 v2 = *(_DWORD *)(a1 + 92);
*(_BYTE *)(v2 + a1 + 28) = -128;
++*(_DWORD *)(a1 + 92);
v5 = __SETO__(v2, 55);
v3 = v2 == 55;
v4 = v2 - 55 < 0;
v1 = *(_DWORD *)(a1 + 92);
if ( (unsigned __int8)(v4 ^ v5) | v3 )
{
for ( ; v1 < 56; v1 = *(_DWORD *)(a1 + 92) )
{
*(_BYTE *)(v1 + a1 + 28) = 0;
++*(_DWORD *)(a1 + 92);
}
}
else
{
for ( ; v1 < 64; v1 = *(_DWORD *)(a1 + 92) )
{
*(_BYTE *)(v1 + a1 + 28) = 0;
++*(_DWORD *)(a1 + 92);
}
Functie_RoR_cu_shl8(a1);
for ( ; *(_DWORD *)(a1 + 92) < 56; ++*(_DWORD *)(a1 + 92) )
*(_BYTE *)(a1 + *(_DWORD *)(a1 + 92) + 28) = 0;
}
v7 = *(_BYTE *)(a1 + 26);
v8 = *(_BYTE *)(a1 + 25);
*(_BYTE *)(a1 + 84) = *(_BYTE *)(a1 + 27);
v9 = *(_BYTE *)(a1 + 24);
*(_BYTE *)(a1 + 85) = v7;
v10 = *(_BYTE *)(a1 + 23);
*(_BYTE *)(a1 + 86) = v8;
v11 = *(_BYTE *)(a1 + 22);
*(_BYTE *)(a1 + 87) = v9;
v12 = *(_BYTE *)(a1 + 21);
*(_BYTE *)(a1 + 88) = v10;
v13 = *(_BYTE *)(a1 + 20);
*(_BYTE *)(a1 + 89) = v11;
*(_BYTE *)(a1 + 90) = v12;
*(_BYTE *)(a1 + 91) = v13;
return Functie_RoR_cu_shl8(a1);
}
--------------------------------------------void __cdecl Spider_Unknown_Function1(int a1, int a2, int a3, int a4)
{
void *v4; // eax@1
void *v5; // ebx@1
void *v6; // ebp@1
unsigned int v7; // esi@1
int v9; // eax@1
void *v10; // eax@1
int v12; // eax@1
int v13; // edx@2
int i; // ecx@5
int v15; // edi@5
unsigned int v16; // ecx@5
int v17; // eax@8
unsigned int v18; // ecx@11
void *v19; // eax@12
char v20; // zf@17
char v21; // [sp+17h] [bp-25h]@8
unsigned int v22; // [sp+18h] [bp-24h]@9
int v23; // [sp+1Ch] [bp-20h]@9
void *v24; // [sp+20h] [bp-1Ch]@1
int v25; // [sp+24h] [bp-18h]@1
void *v26; // [sp+28h] [bp-14h]@1
int v27; // [sp+2Ch] [bp-10h]@1
int v28; // [sp+38h] [bp-4h]@1 _ECX = 0;
v9 = 2 * (2 * *(_DWORD *)(a4 + 4) + 1);
__asm { seto cl }
v25 = 2 * *(_DWORD *)(a4 + 4) + 1;
v7 = v25;
v10 = operator new(v9 | -_ECX);
v5 = v10;
v24 = v10;
v28 = 0;
_ECX = 0;
v12 = 2 * v25;
__asm { seto cl }
v27 = v25;
v4 = operator new(v12 | -_ECX);
v6 = v4;
v26 = v4;
if ( v25 )
{
v13 = v25;
do
{
*(_WORD *)v4 = *(_WORD *)((char *)v4 + v5 - v6);
v4 = (char *)v4 + 2;
--v13;
}
while ( v13 );
}
LOBYTE(v28) = 1;
*(_WORD *)v5 = 1;
if ( v7 > 1 )
{
v16 = (v7 - 1) >> 1;
memset((char *)v5 + 2, 0, 4 * v16);
v15 = (int)(v5 + 4 * v16 + 2);
for ( i = 2 * (((_BYTE)v7 - 1) & 1); i; --i )
{
*(_WORD *)v15 = 0;
v15 += 2;
}
}
v17 = *(_DWORD *)(a2 + 4);
v21 = 1;
if ( v17 )
{
do
{
v23 = v17 - 1;
v22 = 32768;
do
{
if ( !v21 )
{
v18 = 0;
if ( v7 )
{
v19 = v6;
if ( v7 > 0 )
{
do
{
*(_WORD *)v19 = *(_WORD *)((char *)v19 + v5 - v6);
++v18;
v19 = (char *)v19 + 2;
}
while ( v18 < v7 );
}
}
sub_10083000((int)&v24, (int)&v26);
sub_100832E0((int)&v24, a3);
}
if ( *(_WORD *)(*(_DWORD *)a2 + 2 * v23) & (_WORD)v22 )
{
sub_10083000((int)&v24, a1);
sub_100832E0((int)&v24, a3);
v21 = 0;
}
v20 = v22 >> 1 == 0;
v22 >>= 1;
}
while ( !v20 );
v17 = v23;
}
while ( v23 );
}
sub_10082FC0(a4, (int)&v24);
LOBYTE(v28) = 0;
operator delete(v6);
v28 = -1;
operator delete(v5);
}

Sorry for big post didn't find a collapse tag.

Edited by Spider

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...