Spider Posted March 14, 2010 Posted March 14, 2010 (edited) Hi, I'm analyzing a licensing process of a program and I came across those functions (bellow)I found that it is using SHA-1, zlib decompression, upx for internal module, and not sure about RSAzlib and upx functions I've already recognize them, but SHA-1 and RSA (?) are still under question.Here are a part of function before the data is actually decrypted.The Functie_RoR_cu_shl8 looks like SHA-1, and the cycle is feeding the digest (?).I need to know if I understood this function correctly and if somebody recognize the Spider_Unknown_Function?If you can help me understand better this peace of code.Thanks.All those inline algorithms looks like Crypto++ library or Botan..void __cdecl Function_Decode(){ signed int v0; // edi@1 char *tmp_Hardware_ID; // esi@1 char v2; // zf@3 char v3; // zf@4 int new_lic_size; // edi@14 unsigned int v5; // ecx@16 void *v6; // ebx@16 void *v7; // esi@16 void *v8; // eax@16 char v9; // al@17 char v10; // zf@18 int v11; // ebx@19 void *v12; // edi@22 unsigned int v13; // esi@22 signed int v15; // eax@22 signed int v17; // eax@22 void *v18; // eax@22 signed int v20; // eax@22 signed int v22; // eax@22 int v23; // eax@23 int *v24; // eax@27 signed int v25; // ecx@27 int v26; // eax@30 int v27; // esi@30 char v28; // zf@32 char v29; // zf@33 void *v30; // eax@42 signed int v31; // ecx@42 int v32; // eax@45 int v33; // esi@45 unsigned int v34; // esi@45 void *v35; // ebx@47 void *v36; // [sp-4h] [bp-100h]@26 void *v37; // [sp-4h] [bp-100h]@48 char v38; // [sp+10h] [bp-ECh]@1 void *v39; // [sp+14h] [bp-E8h]@22 void *v40; // [sp+18h] [bp-E4h]@22 void *v41; // [sp+1Ch] [bp-E0h]@22 unsigned int v42; // [sp+20h] [bp-DCh]@19 void *v43; // [sp+24h] [bp-D8h]@22 int v44; // [sp+28h] [bp-D4h]@22 void *v45; // [sp+2Ch] [bp-D0h]@22 int v46; // [sp+30h] [bp-CCh]@22 void *v47; // [sp+34h] [bp-C8h]@22 int v48; // [sp+38h] [bp-C4h]@22 void *v49; // [sp+3Ch] [bp-C0h]@22 int v50; // [sp+40h] [bp-BCh]@22 int v51; // [sp+44h] [bp-B8h]@31 unsigned int v52; // [sp+48h] [bp-B4h]@30 unsigned int Magic1; // [sp+4Ch] [bp-B0h]@1 unsigned int Magic2; // [sp+50h] [bp-ACh]@1 unsigned int Magic3; // [sp+54h] [bp-A8h]@1 unsigned int Magic4; // [sp+58h] [bp-A4h]@1 unsigned int Magic5; // [sp+5Ch] [bp-A0h]@1 int v58; // [sp+60h] [bp-9Ch]@1 int v59; // [sp+64h] [bp-98h]@1 char v60[64]; // [sp+68h] [bp-94h]@3 int v61; // [sp+A8h] [bp-54h]@1 __int16 v62; // [sp+ACh] [bp-50h]@1 unsigned int v63; // [sp+B8h] [bp-44h]@12 unsigned int v64; // [sp+BCh] [bp-40h]@12 unsigned int v65; // [sp+C0h] [bp-3Ch]@12 unsigned int v66; // [sp+C4h] [bp-38h]@12 unsigned int v67; // [sp+C8h] [bp-34h]@12 char Hardware_ID; // [sp+CCh] [bp-30h]@1 unsigned int v69; // [sp+E8h] [bp-14h]@1 int v70; // [sp+F8h] [bp-4h]@22 v69 = (unsigned int)&v38 ^ dword_102B8090; sub_10081E20(&Hardware_ID); //Generates HWID v61 = 0; v59 = 0; v58 = 0; v62 = 0; Magic1 = 0x67452301u; Magic2 = 0xEFCDAB89u; Magic3 = 0x98BADCFEu; Magic4 = (unsigned int)&dword_10325476; // // 0x10325476 Magic5 = 0xC3D2E1F0u; v0 = 15; tmp_Hardware_ID = &Hardware_ID; while ( 1 ) { // SHA1 Algorithm --v0; if ( HIBYTE(v62) ) break; v60[v61++] = *tmp_Hardware_ID; v2 = v58 == -8; v58 += 8; if ( v2 ) { v3 = v59++ == -1; if ( v3 ) HIBYTE(v62) = 1; } if ( v61 == 0x40 ) Functie_RoR_cu_shl8(&Magic1); ++tmp_Hardware_ID; if ( !v0 ) { if ( !HIBYTE(v62) ) { if ( !(_BYTE)v62 ) { sub_10083B20((int)&Magic1); LOBYTE(v62) = 1; } v63 = Magic1; v64 = Magic2; v65 = Magic3; v66 = Magic4; v67 = Magic5; } break; } } if ( License_Buffer ) { new_lic_size = License_File_Handler - 68; if ( License_File_Handler - 68 >= (*(_DWORD *)License_Buffer ^ 0xABCDEF78u) ) new_lic_size = *(_DWORD *)License_Buffer ^ 0xABCDEF78; v8 = operator new__(new_lic_size); v5 = 0; v6 = License_Buffer; v7 = v8; if ( new_lic_size ) { do { v9 = *((_BYTE *)v6 + v5 + 4) ^ *((_BYTE *)&v63 + v5 % 0x14); ++v5; *((_BYTE *)v7 + v5 - 1) = v9; } while ( v5 < new_lic_size ); } operator delete__(v6); v10 = *(_DWORD *)v7 == -324508640; License_Buffer = 0; if ( !v10 ) goto LABEL_21; v42 = 0xBu * *((_DWORD *)v7 + 1) / 0xA; v11 = (int)operator new__(11 * v42 / 0xA); if ( zlib_uncompress(v11, (int *)&v42, (int)((char *)v7 + 8), new_lic_size - 8) ) { operator delete__((void *)v11);LABEL_21: operator delete__(v7); return; } operator delete__(v7); _ECX = 0; v46 = 32; v15 = 64; __asm { seto cl } v41 = operator new(v15 | -_ECX); v45 = v41; v70 = 0; _ECX = 0; v50 = 32; v17 = 64; __asm { seto cl } v18 = operator new(v17 | -_ECX); v40 = v18; v49 = v18; LOBYTE(v70) = 1; memcpy(v41, &unk_1026C500, 0x40u); memcpy(v18, &unk_1026C540, 0x40u); _ECX = 0; v48 = 32; v20 = 64; __asm { seto cl } v39 = operator new(v20 | -_ECX); v47 = v39; LOBYTE(v70) = 2; _ECX = 0; v44 = 32; v22 = 64; __asm { seto cl } v12 = operator new(v22 | -_ECX); v43 = v12; LOBYTE(v70) = 3; memcopy(v39, v11, 0x40u); Spider_Unknown_Function1((int)&v47, (int)&v45, (int)&v49, (int)&v43); v13 = 0; if ( v42 ) // DECODE FINAL MODULE { v23 = v11; do { *(_BYTE *)v23 ^= *((_BYTE *)v12 + ((2 - v11 + v23) & 0xF)); ++v13; ++v23; } while ( v13 < v42 ); } if ( *(_DWORD *)(v11 + 64) == -38177487 ) { memcopy(v39, v11 + 68, 64); Spider_Unknown_Function1((int)&v47, (int)&v45, (int)&v49, (int)&v43); v24 = (int *)&v63; v25 = 20; while ( *(int *)((char *)v24 + v12 - &v63) == *v24 ) { v25 -= 4; ++v24; if ( (unsigned int)v25 < 4 ) { v26 = v42 - 260; v52 = v42 - 260; v61 = 0; v59 = 0; v58 = 0; v62 = 0; Magic1 = 0x67452301u; Magic2 = 0xEFCDAB89u; Magic3 = 0x98BADCFEu; Magic4 = (unsigned int)&dword_10325476; Magic5 = 0xC3D2E1F0u; v27 = v11 + 260; if ( v42 == 260 ) {LABEL_40: sub_10083B20((int)&Magic1);LABEL_41: v63 = Magic1; v64 = Magic2; v65 = Magic3; v66 = Magic4; v67 = Magic5; } else { while ( 1 ) { --v26; v51 = v26; if ( HIBYTE(v62) ) break; v60[v61++] = *(_BYTE *)v27; v28 = v58 == -8; v58 += 8; if ( v28 ) { v29 = v59++ == -1; if ( v29 ) HIBYTE(v62) = 1; } if ( v61 == 64 ) { Functie_RoR_cu_shl8(&Magic1); v26 = v51; } ++v27; if ( !v26 ) { if ( HIBYTE(v62) ) break; if ( (_BYTE)v62 != (_BYTE)v26 ) goto LABEL_41; goto LABEL_40; } } } memcopy(v39, v11 + 132, 64); Spider_Unknown_Function1((int)&v47, (int)&v45, (int)&v49, (int)&v43); v31 = 20; v30 = v12; while ( *(_DWORD *)((char *)v30 + (char *)&v63 - v12) == *(_DWORD *)v30 ) { v31 -= 4; v30 = (char *)v30 + 4; if ( (unsigned int)v31 < 4 ) { v34 = v52; License_Buffer = operator new__(v52); License_File_Handler = v34; memcopy(License_Buffer, v11 + 0x104, v34); operator delete__((void *)v11); v33 = Initiaza_UPX_Modulul(); //Initiate and unpack UPX v32 = Search_Function("CheckLicense"); //function search.Here are additional callsint __stdcall Functie_RoR_cu_shl8(int a1){ int v1; // eax@1 signed int v2; // ecx@1 int v3; // esi@2 int v4; // edx@2 int v5; // esi@2 int v6; // edx@2 int v7; // esi@2 char *v8; // eax@3 signed int v9; // ebx@3 int v10; // edx@4 int v11; // esi@4 int v12; // ecx@4 int v13; // ebp@4 int v14; // ebp@4 int v15; // ebp@4 int v16; // ebp@4 int v17; // edx@4 int v18; // eax@5 int v19; // edx@5 int v20; // ecx@5 int v21; // esi@5 int v22; // edi@6 int v23; // ebx@6 int v24; // edi@6 int v25; // eax@6 int v26; // edi@6 int v27; // ST14_4@6 int v28; // edi@6 int v29; // esi@6 int v30; // edx@6 int v31; // edi@6 int v32; // ST10_4@6 int v33; // ecx@6 int v34; // eax@6 int v35; // ST14_4@6 int v36; // eax@6 int v37; // edx@6 int v38; // ebp@6 int v39; // ST14_4@6 int v40; // esi@6 int v41; // edi@6 int v42; // ecx@6 signed int v43; // eax@6 int v44; // ST14_4@6 signed int v45; // ebx@7 int v46; // edi@8 int v47; // edi@8 int v48; // eax@8 int v49; // edi@8 int v50; // ST14_4@8 int v51; // edi@8 int v52; // esi@8 int v53; // edx@8 int v54; // edi@8 int v55; // ebp@8 int v56; // ecx@8 int v57; // eax@8 int v58; // ST14_4@8 int v59; // eax@8 int v60; // edx@8 int v61; // ST14_4@8 int v62; // ebp@8 int v63; // edi@8 int v64; // eax@8 int v65; // esi@8 int v66; // eax@8 int v67; // ecx@8 int v68; // ST14_4@8 int v69; // esi@8 int v70; // edi@10 int v71; // edi@10 int v72; // ebx@10 int v73; // eax@10 int v74; // ST10_4@10 int v75; // edi@10 int v76; // ebp@10 int v77; // ebx@10 int v78; // edx@10 int v79; // esi@10 int v80; // edx@10 int v81; // edi@10 int v82; // ST14_4@10 int v83; // edx@10 int v84; // ecx@10 int v85; // ST10_4@10 int v86; // eax@10 int v87; // edx@10 int v88; // edi@10 int v89; // esi@10 int v90; // ST14_4@10 int v91; // esi@10 int v92; // ebp@10 int v93; // ecx@10 int v94; // eax@10 int v95; // ST14_4@10 int v96; // edi@11 int v97; // ebp@12 int v98; // ebp@12 int v99; // ebx@12 int v100; // eax@12 int v101; // ebx@12 int v102; // ST10_4@12 int v103; // edx@12 int v104; // ebp@12 int v105; // esi@12 int v106; // edx@12 int v107; // ebx@12 int v108; // ST10_4@12 int v109; // ecx@12 int v110; // eax@12 int v111; // ebp@12 int v112; // eax@12 int v113; // edx@12 int v114; // ST10_4@12 int v115; // ebx@12 int v116; // esi@12 int v117; // ebp@12 int v118; // esi@12 int v119; // eax@12 int v120; // ST10_4@12 int v121; // ebx@12 unsigned __int8 v122; // sf@12 unsigned __int8 v123; // of@12 int result; // eax@13 int v125; // ebx@13 int v126; // esi@13 int v127; // [sp+10h] [bp-148h]@5 int v128; // [sp+14h] [bp-144h]@5 int v129; // [sp+14h] [bp-144h]@9 signed int v130; // [sp+14h] [bp-144h]@11 int v131; // [sp+18h] [bp-140h]@2 int v132; // [sp+1Ch] [bp-13Ch]@2 int v133; // [sp+20h] [bp-138h]@2 int v134; // [sp+24h] [bp-134h]@2 int v135[4]; // [sp+28h] [bp-130h]@6 char v136; // [sp+38h] [bp-120h]@3 v2 = 0; v1 = a1 + 29; do { v3 = *(_BYTE *)(v1 + 4); *(&v131 + v2) = *(_BYTE *)(v1 + 2) | ((*(_BYTE *)(v1 + 1) | ((*(_BYTE *)v1 | (*(_BYTE *)(v1 - 1) << 8)) << 8)) << 8); v4 = *(_BYTE *)(v1 + 6) | ((*(_BYTE *)(v1 + 5) | ((v3 | (*(_BYTE *)(v1 + 3) << 8)) << 8)) << 8); v5 = *(_BYTE *)(v1 + 8); *(&v132 + v2) = v4; v6 = *(_BYTE *)(v1 + 10) | ((*(_BYTE *)(v1 + 9) | ((v5 | (*(_BYTE *)(v1 + 7) << 8)) << 8)) << 8); v7 = *(_BYTE *)(v1 + 12); *(&v133 + v2) = v6; *(&v134 + v2) = *(_BYTE *)(v1 + 14) | ((*(_BYTE *)(v1 + 13) | ((v7 | (*(_BYTE *)(v1 + 11) << 8)) << 8)) << 8); v2 += 4; v1 += 16; } while ( v2 < 16 ); v8 = &v136; v9 = 16; do { v10 = *((_DWORD *)v8 - 6); v11 = *((_DWORD *)v8 - 5); v12 = __ROL__(*(_DWORD *)v8 ^ v10 ^ *((_DWORD *)v8 + 5) ^ *((_DWORD *)v8 - 8), 1); v13 = __ROL__(v11 ^ *((_DWORD *)v8 + 1) ^ *((_DWORD *)v8 + 6) ^ *((_DWORD *)v8 - 7), 1); *((_DWORD *)v8 + 9) = v13; v14 = *((_DWORD *)v8 - 4) ^ *((_DWORD *)v8 + 7); *((_DWORD *)v8 + 8) = v12; v15 = *((_DWORD *)v8 + 2) ^ v14; v8 += 16; v16 = __ROL__(v10 ^ v15, 1); v17 = __ROL__(v11 ^ v12 ^ *((_DWORD *)v8 - 1) ^ *((_DWORD *)v8 - 7), 1); --v9; *((_DWORD *)v8 + 6) = v16; *((_DWORD *)v8 + 7) = v17; } while ( v9 ); v21 = *(_DWORD *)a1; v18 = *(_DWORD *)(a1 + 4); v20 = *(_DWORD *)(a1 + 8); v19 = *(_DWORD *)(a1 + 12); v127 = *(_DWORD *)(a1 + 16); v128 = 0; do { v22 = __ROL__(v21, 5); v23 = v128; v24 = *(&v131 + v128) + (v18 & v20 | v19 & ~v18) + v22; v25 = __ROR__(v18, 2); v26 = v127 + 1518500249 + v24; v27 = v26; v26 = __ROL__(v26, 5); v28 = *(&v132 + v23) + (v21 & v25 | v20 & ~v21) + v26; v29 = __ROR__(v21, 2); v30 = v28 + v19 + 1518500249; v31 = v25; v32 = v20; v33 = v27; v34 = v27 & v29 | v25 & ~v27; v35 = v30; v30 = __ROL__(v30, 5); v36 = *(&v133 + v23) + v34 + v30 + v32 + 1518500249; v37 = v35; v38 = v29; v33 = __ROR__(v33, 2); v39 = v36; v36 = __ROL__(v36, 5); v40 = *(&v134 + v23) + (v37 & v33 | v29 & ~v37) + v36 + v31 + 1518500249; v41 = v33; v42 = v39; v19 = __ROR__(v37, 2); v43 = ~v39; v44 = v40; v40 = __ROL__(v40, 5); v21 = v38 + 1518500249 + v135[v23] + (v42 & v19 | v41 & v43) + v40; v18 = v44; v20 = __ROR__(v42, 2); v127 = v41; v128 = v23 + 5; } while ( v23 + 5 < 20 ); v45 = 20; do { v46 = __ROL__(v21, 5); v47 = *(&v131 + v45) + (v18 ^ v20 ^ v19) + v46; v48 = __ROR__(v18, 2); v49 = v127 + 1859775393 + v47; v50 = v49; v49 = __ROL__(v49, 5); v51 = *(&v132 + v45) + (v21 ^ v48 ^ v20) + v49; v52 = __ROR__(v21, 2); v53 = v51 + v19 + 1859775393; v54 = v48; v55 = v20; v56 = v50; v57 = v50 ^ v52 ^ v48; v58 = v53; v53 = __ROL__(v53, 5); v56 = __ROR__(v56, 2); v59 = v55 + 1859775393 + *(&v133 + v45) + v57 + v53; v60 = v58; v61 = v59; v59 = __ROL__(v59, 5); v62 = v54; v63 = v52; v64 = *(&v134 + v45) + (v60 ^ v56 ^ v52) + v59; v19 = __ROR__(v60, 2); v65 = v62 + 1859775393 + v64; v66 = v56; v67 = v61; v68 = v65; v65 = __ROL__(v65, 5); v69 = v135[v45] + (v67 ^ v19 ^ v66) + v65; v45 += 5; v20 = __ROR__(v67, 2); v127 = v66; v18 = v68; v21 = v69 + v63 + 1859775393; } while ( v45 < 40 ); v129 = 40; do { v70 = __ROL__(v21, 5); v71 = v127 + v70; v72 = *(&v131 + v129) + (v18 & v20 | v19 & (v18 | v20)); v73 = __ROR__(v18, 2); v74 = v19; v75 = v72 + v71 - 1894007588; v76 = v75; v75 = __ROL__(v75, 5); v77 = v129; v78 = *(&v132 + v129) + (v21 & v73 | v20 & (v21 | v73)); v79 = __ROR__(v21, 2); v80 = v78 + v74 + v75 - 1894007588; v81 = *(&v133 + v129) + (v76 & v79 | v73 & (v76 | v79)); v82 = v80; v80 = __ROL__(v80, 5); v83 = v20 + v80; v84 = __ROR__(v76, 2); v85 = v73; v86 = v82; v87 = v81 + v83 - 1894007588; v88 = v79; v89 = *(&v134 + v77) + (v82 & v84 | v79 & (v82 | v84)); v90 = v87; v87 = __ROL__(v87, 5); v86 = __ROR__(v86, 2); v91 = v89 + v85 + v87 - 1894007588; v19 = v86; v92 = v84; v93 = v90; v94 = v92 & (v90 | v86); v95 = v91; v91 = __ROL__(v91, 5); v21 = v135[v77] + (v93 & v19 | v94) + v88 + v91 - 1894007588; v18 = v95; v20 = __ROR__(v93, 2); v127 = v92; v129 = v77 + 5; } while ( v77 + 5 < 60 ); v96 = 60; v130 = 60; do { v98 = *(&v131 + v96) + (v18 ^ v20 ^ v19); v99 = __ROL__(v21, 5); v100 = __ROR__(v18, 2); v101 = v98 - 899497514 + v127 + v99; v102 = v19; v103 = *(&v132 + v130) + (v21 ^ v100 ^ v20); v104 = v101; v101 = __ROL__(v101, 5); v105 = __ROR__(v21, 2); v106 = v103 + v102 + v101 - 899497514; v107 = v100; v108 = v20; v109 = v104; v110 = *(&v133 + v130) + (v104 ^ v105 ^ v100); v111 = v106; v106 = __ROL__(v106, 5); v109 = __ROR__(v109, 2); v112 = v110 + v108 + v106 - 899497514; v113 = v111; v114 = v107; v115 = v105; v116 = *(&v134 + v130) + (v111 ^ v109 ^ v105); v117 = v112; v112 = __ROL__(v112, 5); v19 = __ROR__(v113, 2); v118 = v116 + v114 + v112 - 899497514; v119 = v109; v120 = v115; v121 = v118; v118 = __ROL__(v118, 5); v96 = v130 + 5; v21 = v135[v130] + (v117 ^ v19 ^ v109) - 899497514 + v120 + v118; v20 = __ROR__(v117, 2); v123 = __SETO__(v130 + 5, 80); v122 = v130 - 75 < 0; v97 = v119; v127 = v119; v18 = v121; v130 += 5; } while ( v122 ^ v123 ); v125 = v21 + *(_DWORD *)a1; v126 = v18 + *(_DWORD *)(a1 + 4); *(_DWORD *)(a1 + 8) += v20; *(_DWORD *)(a1 + 12) += v19; result = v97 + *(_DWORD *)(a1 + 16); *(_DWORD *)a1 = v125; *(_DWORD *)(a1 + 4) = v126; *(_DWORD *)(a1 + 16) = result; *(_DWORD *)(a1 + 92) = 0; return result;}----------------------------------------------------------------int __usercall sub_10083B20<eax>(int a1<esi>){ signed int v1; // eax@1 int v2; // eax@1 unsigned __int8 v3; // zf@1 char v4; // sf@1 unsigned __int8 v5; // of@1 char v7; // dl@9 char v8; // al@9 char v9; // cl@9 char v10; // dl@9 char v11; // al@9 char v12; // cl@9 char v13; // dl@9 v2 = *(_DWORD *)(a1 + 92); *(_BYTE *)(v2 + a1 + 28) = -128; ++*(_DWORD *)(a1 + 92); v5 = __SETO__(v2, 55); v3 = v2 == 55; v4 = v2 - 55 < 0; v1 = *(_DWORD *)(a1 + 92); if ( (unsigned __int8)(v4 ^ v5) | v3 ) { for ( ; v1 < 56; v1 = *(_DWORD *)(a1 + 92) ) { *(_BYTE *)(v1 + a1 + 28) = 0; ++*(_DWORD *)(a1 + 92); } } else { for ( ; v1 < 64; v1 = *(_DWORD *)(a1 + 92) ) { *(_BYTE *)(v1 + a1 + 28) = 0; ++*(_DWORD *)(a1 + 92); } Functie_RoR_cu_shl8(a1); for ( ; *(_DWORD *)(a1 + 92) < 56; ++*(_DWORD *)(a1 + 92) ) *(_BYTE *)(a1 + *(_DWORD *)(a1 + 92) + 28) = 0; } v7 = *(_BYTE *)(a1 + 26); v8 = *(_BYTE *)(a1 + 25); *(_BYTE *)(a1 + 84) = *(_BYTE *)(a1 + 27); v9 = *(_BYTE *)(a1 + 24); *(_BYTE *)(a1 + 85) = v7; v10 = *(_BYTE *)(a1 + 23); *(_BYTE *)(a1 + 86) = v8; v11 = *(_BYTE *)(a1 + 22); *(_BYTE *)(a1 + 87) = v9; v12 = *(_BYTE *)(a1 + 21); *(_BYTE *)(a1 + 88) = v10; v13 = *(_BYTE *)(a1 + 20); *(_BYTE *)(a1 + 89) = v11; *(_BYTE *)(a1 + 90) = v12; *(_BYTE *)(a1 + 91) = v13; return Functie_RoR_cu_shl8(a1);}--------------------------------------------void __cdecl Spider_Unknown_Function1(int a1, int a2, int a3, int a4){ void *v4; // eax@1 void *v5; // ebx@1 void *v6; // ebp@1 unsigned int v7; // esi@1 int v9; // eax@1 void *v10; // eax@1 int v12; // eax@1 int v13; // edx@2 int i; // ecx@5 int v15; // edi@5 unsigned int v16; // ecx@5 int v17; // eax@8 unsigned int v18; // ecx@11 void *v19; // eax@12 char v20; // zf@17 char v21; // [sp+17h] [bp-25h]@8 unsigned int v22; // [sp+18h] [bp-24h]@9 int v23; // [sp+1Ch] [bp-20h]@9 void *v24; // [sp+20h] [bp-1Ch]@1 int v25; // [sp+24h] [bp-18h]@1 void *v26; // [sp+28h] [bp-14h]@1 int v27; // [sp+2Ch] [bp-10h]@1 int v28; // [sp+38h] [bp-4h]@1 _ECX = 0; v9 = 2 * (2 * *(_DWORD *)(a4 + 4) + 1); __asm { seto cl } v25 = 2 * *(_DWORD *)(a4 + 4) + 1; v7 = v25; v10 = operator new(v9 | -_ECX); v5 = v10; v24 = v10; v28 = 0; _ECX = 0; v12 = 2 * v25; __asm { seto cl } v27 = v25; v4 = operator new(v12 | -_ECX); v6 = v4; v26 = v4; if ( v25 ) { v13 = v25; do { *(_WORD *)v4 = *(_WORD *)((char *)v4 + v5 - v6); v4 = (char *)v4 + 2; --v13; } while ( v13 ); } LOBYTE(v28) = 1; *(_WORD *)v5 = 1; if ( v7 > 1 ) { v16 = (v7 - 1) >> 1; memset((char *)v5 + 2, 0, 4 * v16); v15 = (int)(v5 + 4 * v16 + 2); for ( i = 2 * (((_BYTE)v7 - 1) & 1); i; --i ) { *(_WORD *)v15 = 0; v15 += 2; } } v17 = *(_DWORD *)(a2 + 4); v21 = 1; if ( v17 ) { do { v23 = v17 - 1; v22 = 32768; do { if ( !v21 ) { v18 = 0; if ( v7 ) { v19 = v6; if ( v7 > 0 ) { do { *(_WORD *)v19 = *(_WORD *)((char *)v19 + v5 - v6); ++v18; v19 = (char *)v19 + 2; } while ( v18 < v7 ); } } sub_10083000((int)&v24, (int)&v26); sub_100832E0((int)&v24, a3); } if ( *(_WORD *)(*(_DWORD *)a2 + 2 * v23) & (_WORD)v22 ) { sub_10083000((int)&v24, a1); sub_100832E0((int)&v24, a3); v21 = 0; } v20 = v22 >> 1 == 0; v22 >>= 1; } while ( !v20 ); v17 = v23; } while ( v23 ); } sub_10082FC0(a4, (int)&v24); LOBYTE(v28) = 0; operator delete(v6); v28 = -1; operator delete(v5);}Sorry for big post didn't find a collapse tag. Edited March 18, 2010 by Spider
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now