Jump to content
Tuts 4 You

Need some little help with recognizing some functions

Spider

By Spider
in Programming and Coding

Recommended Posts

Spider

Spider

Posted
Posted (edited)

Hi, I'm analyzing a licensing process of a program and I came across those functions (bellow)

I found that it is using SHA-1, zlib decompression, upx for internal module, and not sure about RSA

zlib and upx functions I've already recognize them, but SHA-1 and RSA (?) are still under question.

Here are a part of function before the data is actually decrypted.

The Functie_RoR_cu_shl8 looks like SHA-1, and the cycle is feeding the digest (?).

I need to know if I understood this function correctly and if somebody recognize the Spider_Unknown_Function?

If you can help me understand better this peace of code.

Thanks.

All those inline algorithms looks like Crypto++ library or Botan..


void __cdecl Function_Decode()
{
  signed int v0; // edi@1
  char *tmp_Hardware_ID; // esi@1
  char v2; // zf@3
  char v3; // zf@4
  int new_lic_size; // edi@14
  unsigned int v5; // ecx@16
  void *v6; // ebx@16
  void *v7; // esi@16
  void *v8; // eax@16
  char v9; // al@17
  char v10; // zf@18
  int v11; // ebx@19
  void *v12; // edi@22
  unsigned int v13; // esi@22
  signed int v15; // eax@22
  signed int v17; // eax@22
  void *v18; // eax@22
  signed int v20; // eax@22
  signed int v22; // eax@22
  int v23; // eax@23
  int *v24; // eax@27
  signed int v25; // ecx@27
  int v26; // eax@30
  int v27; // esi@30
  char v28; // zf@32
  char v29; // zf@33
  void *v30; // eax@42
  signed int v31; // ecx@42
  int v32; // eax@45
  int v33; // esi@45
  unsigned int v34; // esi@45
  void *v35; // ebx@47
  void *v36; // [sp-4h] [bp-100h]@26
  void *v37; // [sp-4h] [bp-100h]@48
  char v38; // [sp+10h] [bp-ECh]@1
  void *v39; // [sp+14h] [bp-E8h]@22
  void *v40; // [sp+18h] [bp-E4h]@22
  void *v41; // [sp+1Ch] [bp-E0h]@22
  unsigned int v42; // [sp+20h] [bp-DCh]@19
  void *v43; // [sp+24h] [bp-D8h]@22
  int v44; // [sp+28h] [bp-D4h]@22
  void *v45; // [sp+2Ch] [bp-D0h]@22
  int v46; // [sp+30h] [bp-CCh]@22
  void *v47; // [sp+34h] [bp-C8h]@22
  int v48; // [sp+38h] [bp-C4h]@22
  void *v49; // [sp+3Ch] [bp-C0h]@22
  int v50; // [sp+40h] [bp-BCh]@22
  int v51; // [sp+44h] [bp-B8h]@31
  unsigned int v52; // [sp+48h] [bp-B4h]@30
  unsigned int Magic1; // [sp+4Ch] [bp-B0h]@1
  unsigned int Magic2; // [sp+50h] [bp-ACh]@1
  unsigned int Magic3; // [sp+54h] [bp-A8h]@1
  unsigned int Magic4; // [sp+58h] [bp-A4h]@1
  unsigned int Magic5; // [sp+5Ch] [bp-A0h]@1
  int v58; // [sp+60h] [bp-9Ch]@1
  int v59; // [sp+64h] [bp-98h]@1
  char v60[64]; // [sp+68h] [bp-94h]@3
  int v61; // [sp+A8h] [bp-54h]@1
  __int16 v62; // [sp+ACh] [bp-50h]@1
  unsigned int v63; // [sp+B8h] [bp-44h]@12
  unsigned int v64; // [sp+BCh] [bp-40h]@12
  unsigned int v65; // [sp+C0h] [bp-3Ch]@12
  unsigned int v66; // [sp+C4h] [bp-38h]@12
  unsigned int v67; // [sp+C8h] [bp-34h]@12
  char Hardware_ID; // [sp+CCh] [bp-30h]@1
  unsigned int v69; // [sp+E8h] [bp-14h]@1
  int v70; // [sp+F8h] [bp-4h]@22  v69 = (unsigned int)&v38 ^ dword_102B8090;
  sub_10081E20(&Hardware_ID); //Generates HWID
  v61 = 0;
  v59 = 0;
  v58 = 0;
  v62 = 0;
  Magic1 = 0x67452301u;
  Magic2 = 0xEFCDAB89u;
  Magic3 = 0x98BADCFEu;
  Magic4 = (unsigned int)&dword_10325476;       // // 0x10325476
  Magic5 = 0xC3D2E1F0u;
  v0 = 15;
  tmp_Hardware_ID = &Hardware_ID;
  while ( 1 )
  {                                             // SHA1 Algorithm
    --v0;
    if ( HIBYTE(v62) )
      break;
    v60[v61++] = *tmp_Hardware_ID;
    v2 = v58 == -8;
    v58 += 8;
    if ( v2 )
    {
      v3 = v59++ == -1;
      if ( v3 )
        HIBYTE(v62) = 1;
    }
    if ( v61 == 0x40 )
      Functie_RoR_cu_shl8(&Magic1);
    ++tmp_Hardware_ID;
    if ( !v0 )
    {
      if ( !HIBYTE(v62) )
      {
        if ( !(_BYTE)v62 )
        {
          sub_10083B20((int)&Magic1);
          LOBYTE(v62) = 1;
        }
        v63 = Magic1;
        v64 = Magic2;
        v65 = Magic3;
        v66 = Magic4;
        v67 = Magic5;
      }
      break;
    }
  }
  if ( License_Buffer )
  {
    new_lic_size = License_File_Handler - 68;
    if ( License_File_Handler - 68 >= (*(_DWORD *)License_Buffer ^ 0xABCDEF78u) )
      new_lic_size = *(_DWORD *)License_Buffer ^ 0xABCDEF78;
    v8 = operator new__(new_lic_size);
    v5 = 0;
    v6 = License_Buffer;
    v7 = v8;
    if ( new_lic_size )
    {
      do
      {
        v9 = *((_BYTE *)v6 + v5 + 4) ^ *((_BYTE *)&v63 + v5 % 0x14);
        ++v5;
        *((_BYTE *)v7 + v5 - 1) = v9;
      }
      while ( v5 < new_lic_size );
    }
    operator delete__(v6);
    v10 = *(_DWORD *)v7 == -324508640;
    License_Buffer = 0;
    if ( !v10 )
      goto LABEL_21;
    v42 = 0xBu * *((_DWORD *)v7 + 1) / 0xA;
    v11 = (int)operator new__(11 * v42 / 0xA);
    if ( zlib_uncompress(v11, (int *)&v42, (int)((char *)v7 + 8), new_lic_size - 8) )
    {
      operator delete__((void *)v11);
LABEL_21:
      operator delete__(v7);
      return;
    }
    operator delete__(v7);
    _ECX = 0;
    v46 = 32;
    v15 = 64;
    __asm { seto    cl }
    v41 = operator new(v15 | -_ECX);
    v45 = v41;
    v70 = 0;
    _ECX = 0;
    v50 = 32;
    v17 = 64;
    __asm { seto    cl }
    v18 = operator new(v17 | -_ECX);
    v40 = v18;
    v49 = v18;
    LOBYTE(v70) = 1;
    memcpy(v41, &unk_1026C500, 0x40u);
    memcpy(v18, &unk_1026C540, 0x40u);
    _ECX = 0;
    v48 = 32;
    v20 = 64;
    __asm { seto    cl }
    v39 = operator new(v20 | -_ECX);
    v47 = v39;
    LOBYTE(v70) = 2;
    _ECX = 0;
    v44 = 32;
    v22 = 64;
    __asm { seto    cl }
    v12 = operator new(v22 | -_ECX);
    v43 = v12;
    LOBYTE(v70) = 3;
    memcopy(v39, v11, 0x40u);
    Spider_Unknown_Function1((int)&v47, (int)&v45, (int)&v49, (int)&v43);
    v13 = 0;
    if ( v42 )                                  // DECODE FINAL MODULE
    {
      v23 = v11;
      do
      {
        *(_BYTE *)v23 ^= *((_BYTE *)v12 + ((2 - v11 + v23) & 0xF));
        ++v13;
        ++v23;
      }
      while ( v13 < v42 );
    }
    if ( *(_DWORD *)(v11 + 64) == -38177487 )
    {
      memcopy(v39, v11 + 68, 64);
      Spider_Unknown_Function1((int)&v47, (int)&v45, (int)&v49, (int)&v43);
      v24 = (int *)&v63;
      v25 = 20;
      while ( *(int *)((char *)v24 + v12 - &v63) == *v24 )
      {
        v25 -= 4;
        ++v24;
        if ( (unsigned int)v25 < 4 )
        {
          v26 = v42 - 260;
          v52 = v42 - 260;
          v61 = 0;
          v59 = 0;
          v58 = 0;
          v62 = 0;
          Magic1 = 0x67452301u;
          Magic2 = 0xEFCDAB89u;
          Magic3 = 0x98BADCFEu;
          Magic4 = (unsigned int)&dword_10325476;
          Magic5 = 0xC3D2E1F0u;
          v27 = v11 + 260;
          if ( v42 == 260 )
          {
LABEL_40:
            sub_10083B20((int)&Magic1);
LABEL_41:
            v63 = Magic1;
            v64 = Magic2;
            v65 = Magic3;
            v66 = Magic4;
            v67 = Magic5;
          }
          else
          {
            while ( 1 )
            {
              --v26;
              v51 = v26;
              if ( HIBYTE(v62) )
                break;
              v60[v61++] = *(_BYTE *)v27;
              v28 = v58 == -8;
              v58 += 8;
              if ( v28 )
              {
                v29 = v59++ == -1;
                if ( v29 )
                  HIBYTE(v62) = 1;
              }
              if ( v61 == 64 )
              {
                Functie_RoR_cu_shl8(&Magic1);
                v26 = v51;
              }
              ++v27;
              if ( !v26 )
              {
                if ( HIBYTE(v62) )
                  break;
                if ( (_BYTE)v62 != (_BYTE)v26 )
                  goto LABEL_41;
                goto LABEL_40;
              }
            }
          }
          memcopy(v39, v11 + 132, 64);
          Spider_Unknown_Function1((int)&v47, (int)&v45, (int)&v49, (int)&v43);
          v31 = 20;
          v30 = v12;
          while ( *(_DWORD *)((char *)v30 + (char *)&v63 - v12) == *(_DWORD *)v30 )
          {
            v31 -= 4;
            v30 = (char *)v30 + 4;
            if ( (unsigned int)v31 < 4 )
            {
              v34 = v52;
              License_Buffer = operator new__(v52);
              License_File_Handler = v34;
              memcopy(License_Buffer, v11 + 0x104, v34);
              operator delete__((void *)v11);
              v33 = Initiaza_UPX_Modulul(); //Initiate and unpack UPX
              v32 = Search_Function("CheckLicense"); //function search.

Here are additional calls


int __stdcall Functie_RoR_cu_shl8(int a1)
{
  int v1; // eax@1
  signed int v2; // ecx@1
  int v3; // esi@2
  int v4; // edx@2
  int v5; // esi@2
  int v6; // edx@2
  int v7; // esi@2
  char *v8; // eax@3
  signed int v9; // ebx@3
  int v10; // edx@4
  int v11; // esi@4
  int v12; // ecx@4
  int v13; // ebp@4
  int v14; // ebp@4
  int v15; // ebp@4
  int v16; // ebp@4
  int v17; // edx@4
  int v18; // eax@5
  int v19; // edx@5
  int v20; // ecx@5
  int v21; // esi@5
  int v22; // edi@6
  int v23; // ebx@6
  int v24; // edi@6
  int v25; // eax@6
  int v26; // edi@6
  int v27; // ST14_4@6
  int v28; // edi@6
  int v29; // esi@6
  int v30; // edx@6
  int v31; // edi@6
  int v32; // ST10_4@6
  int v33; // ecx@6
  int v34; // eax@6
  int v35; // ST14_4@6
  int v36; // eax@6
  int v37; // edx@6
  int v38; // ebp@6
  int v39; // ST14_4@6
  int v40; // esi@6
  int v41; // edi@6
  int v42; // ecx@6
  signed int v43; // eax@6
  int v44; // ST14_4@6
  signed int v45; // ebx@7
  int v46; // edi@8
  int v47; // edi@8
  int v48; // eax@8
  int v49; // edi@8
  int v50; // ST14_4@8
  int v51; // edi@8
  int v52; // esi@8
  int v53; // edx@8
  int v54; // edi@8
  int v55; // ebp@8
  int v56; // ecx@8
  int v57; // eax@8
  int v58; // ST14_4@8
  int v59; // eax@8
  int v60; // edx@8
  int v61; // ST14_4@8
  int v62; // ebp@8
  int v63; // edi@8
  int v64; // eax@8
  int v65; // esi@8
  int v66; // eax@8
  int v67; // ecx@8
  int v68; // ST14_4@8
  int v69; // esi@8
  int v70; // edi@10
  int v71; // edi@10
  int v72; // ebx@10
  int v73; // eax@10
  int v74; // ST10_4@10
  int v75; // edi@10
  int v76; // ebp@10
  int v77; // ebx@10
  int v78; // edx@10
  int v79; // esi@10
  int v80; // edx@10
  int v81; // edi@10
  int v82; // ST14_4@10
  int v83; // edx@10
  int v84; // ecx@10
  int v85; // ST10_4@10
  int v86; // eax@10
  int v87; // edx@10
  int v88; // edi@10
  int v89; // esi@10
  int v90; // ST14_4@10
  int v91; // esi@10
  int v92; // ebp@10
  int v93; // ecx@10
  int v94; // eax@10
  int v95; // ST14_4@10
  int v96; // edi@11
  int v97; // ebp@12
  int v98; // ebp@12
  int v99; // ebx@12
  int v100; // eax@12
  int v101; // ebx@12
  int v102; // ST10_4@12
  int v103; // edx@12
  int v104; // ebp@12
  int v105; // esi@12
  int v106; // edx@12
  int v107; // ebx@12
  int v108; // ST10_4@12
  int v109; // ecx@12
  int v110; // eax@12
  int v111; // ebp@12
  int v112; // eax@12
  int v113; // edx@12
  int v114; // ST10_4@12
  int v115; // ebx@12
  int v116; // esi@12
  int v117; // ebp@12
  int v118; // esi@12
  int v119; // eax@12
  int v120; // ST10_4@12
  int v121; // ebx@12
  unsigned __int8 v122; // sf@12
  unsigned __int8 v123; // of@12
  int result; // eax@13
  int v125; // ebx@13
  int v126; // esi@13
  int v127; // [sp+10h] [bp-148h]@5
  int v128; // [sp+14h] [bp-144h]@5
  int v129; // [sp+14h] [bp-144h]@9
  signed int v130; // [sp+14h] [bp-144h]@11
  int v131; // [sp+18h] [bp-140h]@2
  int v132; // [sp+1Ch] [bp-13Ch]@2
  int v133; // [sp+20h] [bp-138h]@2
  int v134; // [sp+24h] [bp-134h]@2
  int v135[4]; // [sp+28h] [bp-130h]@6
  char v136; // [sp+38h] [bp-120h]@3  v2 = 0;
  v1 = a1 + 29;
  do
  {
    v3 = *(_BYTE *)(v1 + 4);
    *(&v131 + v2) = *(_BYTE *)(v1 + 2) | ((*(_BYTE *)(v1 + 1) | ((*(_BYTE *)v1 | (*(_BYTE *)(v1 - 1) << 8)) << 8)) << 8);
    v4 = *(_BYTE *)(v1 + 6) | ((*(_BYTE *)(v1 + 5) | ((v3 | (*(_BYTE *)(v1 + 3) << 8)) << 8)) << 8);
    v5 = *(_BYTE *)(v1 + 8);
    *(&v132 + v2) = v4;
    v6 = *(_BYTE *)(v1 + 10) | ((*(_BYTE *)(v1 + 9) | ((v5 | (*(_BYTE *)(v1 + 7) << 8)) << 8)) << 8);
    v7 = *(_BYTE *)(v1 + 12);
    *(&v133 + v2) = v6;
    *(&v134 + v2) = *(_BYTE *)(v1 + 14) | ((*(_BYTE *)(v1 + 13) | ((v7 | (*(_BYTE *)(v1 + 11) << 8)) << 8)) << 8);
    v2 += 4;
    v1 += 16;
  }
  while ( v2 < 16 );
  v8 = &v136;
  v9 = 16;
  do
  {
    v10 = *((_DWORD *)v8 - 6);
    v11 = *((_DWORD *)v8 - 5);
    v12 = __ROL__(*(_DWORD *)v8 ^ v10 ^ *((_DWORD *)v8 + 5) ^ *((_DWORD *)v8 - 8), 1);
    v13 = __ROL__(v11 ^ *((_DWORD *)v8 + 1) ^ *((_DWORD *)v8 + 6) ^ *((_DWORD *)v8 - 7), 1);
    *((_DWORD *)v8 + 9) = v13;
    v14 = *((_DWORD *)v8 - 4) ^ *((_DWORD *)v8 + 7);
    *((_DWORD *)v8 + 8) = v12;
    v15 = *((_DWORD *)v8 + 2) ^ v14;
    v8 += 16;
    v16 = __ROL__(v10 ^ v15, 1);
    v17 = __ROL__(v11 ^ v12 ^ *((_DWORD *)v8 - 1) ^ *((_DWORD *)v8 - 7), 1);
    --v9;
    *((_DWORD *)v8 + 6) = v16;
    *((_DWORD *)v8 + 7) = v17;
  }
  while ( v9 );
  v21 = *(_DWORD *)a1;
  v18 = *(_DWORD *)(a1 + 4);
  v20 = *(_DWORD *)(a1 + 8);
  v19 = *(_DWORD *)(a1 + 12);
  v127 = *(_DWORD *)(a1 + 16);
  v128 = 0;
  do
  {
    v22 = __ROL__(v21, 5);
    v23 = v128;
    v24 = *(&v131 + v128) + (v18 & v20 | v19 & ~v18) + v22;
    v25 = __ROR__(v18, 2);
    v26 = v127 + 1518500249 + v24;
    v27 = v26;
    v26 = __ROL__(v26, 5);
    v28 = *(&v132 + v23) + (v21 & v25 | v20 & ~v21) + v26;
    v29 = __ROR__(v21, 2);
    v30 = v28 + v19 + 1518500249;
    v31 = v25;
    v32 = v20;
    v33 = v27;
    v34 = v27 & v29 | v25 & ~v27;
    v35 = v30;
    v30 = __ROL__(v30, 5);
    v36 = *(&v133 + v23) + v34 + v30 + v32 + 1518500249;
    v37 = v35;
    v38 = v29;
    v33 = __ROR__(v33, 2);
    v39 = v36;
    v36 = __ROL__(v36, 5);
    v40 = *(&v134 + v23) + (v37 & v33 | v29 & ~v37) + v36 + v31 + 1518500249;
    v41 = v33;
    v42 = v39;
    v19 = __ROR__(v37, 2);
    v43 = ~v39;
    v44 = v40;
    v40 = __ROL__(v40, 5);
    v21 = v38 + 1518500249 + v135[v23] + (v42 & v19 | v41 & v43) + v40;
    v18 = v44;
    v20 = __ROR__(v42, 2);
    v127 = v41;
    v128 = v23 + 5;
  }
  while ( v23 + 5 < 20 );
  v45 = 20;
  do
  {
    v46 = __ROL__(v21, 5);
    v47 = *(&v131 + v45) + (v18 ^ v20 ^ v19) + v46;
    v48 = __ROR__(v18, 2);
    v49 = v127 + 1859775393 + v47;
    v50 = v49;
    v49 = __ROL__(v49, 5);
    v51 = *(&v132 + v45) + (v21 ^ v48 ^ v20) + v49;
    v52 = __ROR__(v21, 2);
    v53 = v51 + v19 + 1859775393;
    v54 = v48;
    v55 = v20;
    v56 = v50;
    v57 = v50 ^ v52 ^ v48;
    v58 = v53;
    v53 = __ROL__(v53, 5);
    v56 = __ROR__(v56, 2);
    v59 = v55 + 1859775393 + *(&v133 + v45) + v57 + v53;
    v60 = v58;
    v61 = v59;
    v59 = __ROL__(v59, 5);
    v62 = v54;
    v63 = v52;
    v64 = *(&v134 + v45) + (v60 ^ v56 ^ v52) + v59;
    v19 = __ROR__(v60, 2);
    v65 = v62 + 1859775393 + v64;
    v66 = v56;
    v67 = v61;
    v68 = v65;
    v65 = __ROL__(v65, 5);
    v69 = v135[v45] + (v67 ^ v19 ^ v66) + v65;
    v45 += 5;
    v20 = __ROR__(v67, 2);
    v127 = v66;
    v18 = v68;
    v21 = v69 + v63 + 1859775393;
  }
  while ( v45 < 40 );
  v129 = 40;
  do
  {
    v70 = __ROL__(v21, 5);
    v71 = v127 + v70;
    v72 = *(&v131 + v129) + (v18 & v20 | v19 & (v18 | v20));
    v73 = __ROR__(v18, 2);
    v74 = v19;
    v75 = v72 + v71 - 1894007588;
    v76 = v75;
    v75 = __ROL__(v75, 5);
    v77 = v129;
    v78 = *(&v132 + v129) + (v21 & v73 | v20 & (v21 | v73));
    v79 = __ROR__(v21, 2);
    v80 = v78 + v74 + v75 - 1894007588;
    v81 = *(&v133 + v129) + (v76 & v79 | v73 & (v76 | v79));
    v82 = v80;
    v80 = __ROL__(v80, 5);
    v83 = v20 + v80;
    v84 = __ROR__(v76, 2);
    v85 = v73;
    v86 = v82;
    v87 = v81 + v83 - 1894007588;
    v88 = v79;
    v89 = *(&v134 + v77) + (v82 & v84 | v79 & (v82 | v84));
    v90 = v87;
    v87 = __ROL__(v87, 5);
    v86 = __ROR__(v86, 2);
    v91 = v89 + v85 + v87 - 1894007588;
    v19 = v86;
    v92 = v84;
    v93 = v90;
    v94 = v92 & (v90 | v86);
    v95 = v91;
    v91 = __ROL__(v91, 5);
    v21 = v135[v77] + (v93 & v19 | v94) + v88 + v91 - 1894007588;
    v18 = v95;
    v20 = __ROR__(v93, 2);
    v127 = v92;
    v129 = v77 + 5;
  }
  while ( v77 + 5 < 60 );
  v96 = 60;
  v130 = 60;
  do
  {
    v98 = *(&v131 + v96) + (v18 ^ v20 ^ v19);
    v99 = __ROL__(v21, 5);
    v100 = __ROR__(v18, 2);
    v101 = v98 - 899497514 + v127 + v99;
    v102 = v19;
    v103 = *(&v132 + v130) + (v21 ^ v100 ^ v20);
    v104 = v101;
    v101 = __ROL__(v101, 5);
    v105 = __ROR__(v21, 2);
    v106 = v103 + v102 + v101 - 899497514;
    v107 = v100;
    v108 = v20;
    v109 = v104;
    v110 = *(&v133 + v130) + (v104 ^ v105 ^ v100);
    v111 = v106;
    v106 = __ROL__(v106, 5);
    v109 = __ROR__(v109, 2);
    v112 = v110 + v108 + v106 - 899497514;
    v113 = v111;
    v114 = v107;
    v115 = v105;
    v116 = *(&v134 + v130) + (v111 ^ v109 ^ v105);
    v117 = v112;
    v112 = __ROL__(v112, 5);
    v19 = __ROR__(v113, 2);
    v118 = v116 + v114 + v112 - 899497514;
    v119 = v109;
    v120 = v115;
    v121 = v118;
    v118 = __ROL__(v118, 5);
    v96 = v130 + 5;
    v21 = v135[v130] + (v117 ^ v19 ^ v109) - 899497514 + v120 + v118;
    v20 = __ROR__(v117, 2);
    v123 = __SETO__(v130 + 5, 80);
    v122 = v130 - 75 < 0;
    v97 = v119;
    v127 = v119;
    v18 = v121;
    v130 += 5;
  }
  while ( v122 ^ v123 );
  v125 = v21 + *(_DWORD *)a1;
  v126 = v18 + *(_DWORD *)(a1 + 4);
  *(_DWORD *)(a1 + 8) += v20;
  *(_DWORD *)(a1 + 12) += v19;
  result = v97 + *(_DWORD *)(a1 + 16);
  *(_DWORD *)a1 = v125;
  *(_DWORD *)(a1 + 4) = v126;
  *(_DWORD *)(a1 + 16) = result;
  *(_DWORD *)(a1 + 92) = 0;
  return result;
}
----------------------------------------------------------------int __usercall sub_10083B20<eax>(int a1<esi>)
{
  signed int v1; // eax@1
  int v2; // eax@1
  unsigned __int8 v3; // zf@1
  char v4; // sf@1
  unsigned __int8 v5; // of@1
  char v7; // dl@9
  char v8; // al@9
  char v9; // cl@9
  char v10; // dl@9
  char v11; // al@9
  char v12; // cl@9
  char v13; // dl@9  v2 = *(_DWORD *)(a1 + 92);
  *(_BYTE *)(v2 + a1 + 28) = -128;
  ++*(_DWORD *)(a1 + 92);
  v5 = __SETO__(v2, 55);
  v3 = v2 == 55;
  v4 = v2 - 55 < 0;
  v1 = *(_DWORD *)(a1 + 92);
  if ( (unsigned __int8)(v4 ^ v5) | v3 )
  {
    for ( ; v1 < 56; v1 = *(_DWORD *)(a1 + 92) )
    {
      *(_BYTE *)(v1 + a1 + 28) = 0;
      ++*(_DWORD *)(a1 + 92);
    }
  }
  else
  {
    for ( ; v1 < 64; v1 = *(_DWORD *)(a1 + 92) )
    {
      *(_BYTE *)(v1 + a1 + 28) = 0;
      ++*(_DWORD *)(a1 + 92);
    }
    Functie_RoR_cu_shl8(a1);
    for ( ; *(_DWORD *)(a1 + 92) < 56; ++*(_DWORD *)(a1 + 92) )
      *(_BYTE *)(a1 + *(_DWORD *)(a1 + 92) + 28) = 0;
  }
  v7 = *(_BYTE *)(a1 + 26);
  v8 = *(_BYTE *)(a1 + 25);
  *(_BYTE *)(a1 + 84) = *(_BYTE *)(a1 + 27);
  v9 = *(_BYTE *)(a1 + 24);
  *(_BYTE *)(a1 + 85) = v7;
  v10 = *(_BYTE *)(a1 + 23);
  *(_BYTE *)(a1 + 86) = v8;
  v11 = *(_BYTE *)(a1 + 22);
  *(_BYTE *)(a1 + 87) = v9;
  v12 = *(_BYTE *)(a1 + 21);
  *(_BYTE *)(a1 + 88) = v10;
  v13 = *(_BYTE *)(a1 + 20);
  *(_BYTE *)(a1 + 89) = v11;
  *(_BYTE *)(a1 + 90) = v12;
  *(_BYTE *)(a1 + 91) = v13;
  return Functie_RoR_cu_shl8(a1);
}
--------------------------------------------void __cdecl Spider_Unknown_Function1(int a1, int a2, int a3, int a4)
{
  void *v4; // eax@1
  void *v5; // ebx@1
  void *v6; // ebp@1
  unsigned int v7; // esi@1
  int v9; // eax@1
  void *v10; // eax@1
  int v12; // eax@1
  int v13; // edx@2
  int i; // ecx@5
  int v15; // edi@5
  unsigned int v16; // ecx@5
  int v17; // eax@8
  unsigned int v18; // ecx@11
  void *v19; // eax@12
  char v20; // zf@17
  char v21; // [sp+17h] [bp-25h]@8
  unsigned int v22; // [sp+18h] [bp-24h]@9
  int v23; // [sp+1Ch] [bp-20h]@9
  void *v24; // [sp+20h] [bp-1Ch]@1
  int v25; // [sp+24h] [bp-18h]@1
  void *v26; // [sp+28h] [bp-14h]@1
  int v27; // [sp+2Ch] [bp-10h]@1
  int v28; // [sp+38h] [bp-4h]@1  _ECX = 0;
  v9 = 2 * (2 * *(_DWORD *)(a4 + 4) + 1);
  __asm { seto    cl }
  v25 = 2 * *(_DWORD *)(a4 + 4) + 1;
  v7 = v25;
  v10 = operator new(v9 | -_ECX);
  v5 = v10;
  v24 = v10;
  v28 = 0;
  _ECX = 0;
  v12 = 2 * v25;
  __asm { seto    cl }
  v27 = v25;
  v4 = operator new(v12 | -_ECX);
  v6 = v4;
  v26 = v4;
  if ( v25 )
  {
    v13 = v25;
    do
    {
      *(_WORD *)v4 = *(_WORD *)((char *)v4 + v5 - v6);
      v4 = (char *)v4 + 2;
      --v13;
    }
    while ( v13 );
  }
  LOBYTE(v28) = 1;
  *(_WORD *)v5 = 1;
  if ( v7 > 1 )
  {
    v16 = (v7 - 1) >> 1;
    memset((char *)v5 + 2, 0, 4 * v16);
    v15 = (int)(v5 + 4 * v16 + 2);
    for ( i = 2 * (((_BYTE)v7 - 1) & 1); i; --i )
    {
      *(_WORD *)v15 = 0;
      v15 += 2;
    }
  }
  v17 = *(_DWORD *)(a2 + 4);
  v21 = 1;
  if ( v17 )
  {
    do
    {
      v23 = v17 - 1;
      v22 = 32768;
      do
      {
        if ( !v21 )
        {
          v18 = 0;
          if ( v7 )
          {
            v19 = v6;
            if ( v7 > 0 )
            {
              do
              {
                *(_WORD *)v19 = *(_WORD *)((char *)v19 + v5 - v6);
                ++v18;
                v19 = (char *)v19 + 2;
              }
              while ( v18 < v7 );
            }
          }
          sub_10083000((int)&v24, (int)&v26);
          sub_100832E0((int)&v24, a3);
        }
        if ( *(_WORD *)(*(_DWORD *)a2 + 2 * v23) & (_WORD)v22 )
        {
          sub_10083000((int)&v24, a1);
          sub_100832E0((int)&v24, a3);
          v21 = 0;
        }
        v20 = v22 >> 1 == 0;
        v22 >>= 1;
      }
      while ( !v20 );
      v17 = v23;
    }
    while ( v23 );
  }
  sub_10082FC0(a4, (int)&v24);
  LOBYTE(v28) = 0;
  operator delete(v6);
  v28 = -1;
  operator delete(v5);
}

Sorry for big post didn't find a collapse tag.

Edited by Spider

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Go to topic listing
×
×
  • Create New...