Jump to content
View in the app

A better way to browse. Learn more.
Tuts 4 You

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

Need some little help with recognizing some functions

Spider
Spider
in Programming and Coding

Featured Replies

Posted

Hi, I'm analyzing a licensing process of a program and I came across those functions (bellow)

I found that it is using SHA-1, zlib decompression, upx for internal module, and not sure about RSA

zlib and upx functions I've already recognize them, but SHA-1 and RSA (?) are still under question.

Here are a part of function before the data is actually decrypted.

The Functie_RoR_cu_shl8 looks like SHA-1, and the cycle is feeding the digest (?).

I need to know if I understood this function correctly and if somebody recognize the Spider_Unknown_Function?

If you can help me understand better this peace of code.

Thanks.

All those inline algorithms looks like Crypto++ library or Botan..


void __cdecl Function_Decode()
{
  signed int v0; // edi@1
  char *tmp_Hardware_ID; // esi@1
  char v2; // zf@3
  char v3; // zf@4
  int new_lic_size; // edi@14
  unsigned int v5; // ecx@16
  void *v6; // ebx@16
  void *v7; // esi@16
  void *v8; // eax@16
  char v9; // al@17
  char v10; // zf@18
  int v11; // ebx@19
  void *v12; // edi@22
  unsigned int v13; // esi@22
  signed int v15; // eax@22
  signed int v17; // eax@22
  void *v18; // eax@22
  signed int v20; // eax@22
  signed int v22; // eax@22
  int v23; // eax@23
  int *v24; // eax@27
  signed int v25; // ecx@27
  int v26; // eax@30
  int v27; // esi@30
  char v28; // zf@32
  char v29; // zf@33
  void *v30; // eax@42
  signed int v31; // ecx@42
  int v32; // eax@45
  int v33; // esi@45
  unsigned int v34; // esi@45
  void *v35; // ebx@47
  void *v36; // [sp-4h] [bp-100h]@26
  void *v37; // [sp-4h] [bp-100h]@48
  char v38; // [sp+10h] [bp-ECh]@1
  void *v39; // [sp+14h] [bp-E8h]@22
  void *v40; // [sp+18h] [bp-E4h]@22
  void *v41; // [sp+1Ch] [bp-E0h]@22
  unsigned int v42; // [sp+20h] [bp-DCh]@19
  void *v43; // [sp+24h] [bp-D8h]@22
  int v44; // [sp+28h] [bp-D4h]@22
  void *v45; // [sp+2Ch] [bp-D0h]@22
  int v46; // [sp+30h] [bp-CCh]@22
  void *v47; // [sp+34h] [bp-C8h]@22
  int v48; // [sp+38h] [bp-C4h]@22
  void *v49; // [sp+3Ch] [bp-C0h]@22
  int v50; // [sp+40h] [bp-BCh]@22
  int v51; // [sp+44h] [bp-B8h]@31
  unsigned int v52; // [sp+48h] [bp-B4h]@30
  unsigned int Magic1; // [sp+4Ch] [bp-B0h]@1
  unsigned int Magic2; // [sp+50h] [bp-ACh]@1
  unsigned int Magic3; // [sp+54h] [bp-A8h]@1
  unsigned int Magic4; // [sp+58h] [bp-A4h]@1
  unsigned int Magic5; // [sp+5Ch] [bp-A0h]@1
  int v58; // [sp+60h] [bp-9Ch]@1
  int v59; // [sp+64h] [bp-98h]@1
  char v60[64]; // [sp+68h] [bp-94h]@3
  int v61; // [sp+A8h] [bp-54h]@1
  __int16 v62; // [sp+ACh] [bp-50h]@1
  unsigned int v63; // [sp+B8h] [bp-44h]@12
  unsigned int v64; // [sp+BCh] [bp-40h]@12
  unsigned int v65; // [sp+C0h] [bp-3Ch]@12
  unsigned int v66; // [sp+C4h] [bp-38h]@12
  unsigned int v67; // [sp+C8h] [bp-34h]@12
  char Hardware_ID; // [sp+CCh] [bp-30h]@1
  unsigned int v69; // [sp+E8h] [bp-14h]@1
  int v70; // [sp+F8h] [bp-4h]@22  v69 = (unsigned int)&v38 ^ dword_102B8090;
  sub_10081E20(&Hardware_ID); //Generates HWID
  v61 = 0;
  v59 = 0;
  v58 = 0;
  v62 = 0;
  Magic1 = 0x67452301u;
  Magic2 = 0xEFCDAB89u;
  Magic3 = 0x98BADCFEu;
  Magic4 = (unsigned int)&dword_10325476;       // // 0x10325476
  Magic5 = 0xC3D2E1F0u;
  v0 = 15;
  tmp_Hardware_ID = &Hardware_ID;
  while ( 1 )
  {                                             // SHA1 Algorithm
    --v0;
    if ( HIBYTE(v62) )
      break;
    v60[v61++] = *tmp_Hardware_ID;
    v2 = v58 == -8;
    v58 += 8;
    if ( v2 )
    {
      v3 = v59++ == -1;
      if ( v3 )
        HIBYTE(v62) = 1;
    }
    if ( v61 == 0x40 )
      Functie_RoR_cu_shl8(&Magic1);
    ++tmp_Hardware_ID;
    if ( !v0 )
    {
      if ( !HIBYTE(v62) )
      {
        if ( !(_BYTE)v62 )
        {
          sub_10083B20((int)&Magic1);
          LOBYTE(v62) = 1;
        }
        v63 = Magic1;
        v64 = Magic2;
        v65 = Magic3;
        v66 = Magic4;
        v67 = Magic5;
      }
      break;
    }
  }
  if ( License_Buffer )
  {
    new_lic_size = License_File_Handler - 68;
    if ( License_File_Handler - 68 >= (*(_DWORD *)License_Buffer ^ 0xABCDEF78u) )
      new_lic_size = *(_DWORD *)License_Buffer ^ 0xABCDEF78;
    v8 = operator new__(new_lic_size);
    v5 = 0;
    v6 = License_Buffer;
    v7 = v8;
    if ( new_lic_size )
    {
      do
      {
        v9 = *((_BYTE *)v6 + v5 + 4) ^ *((_BYTE *)&v63 + v5 % 0x14);
        ++v5;
        *((_BYTE *)v7 + v5 - 1) = v9;
      }
      while ( v5 < new_lic_size );
    }
    operator delete__(v6);
    v10 = *(_DWORD *)v7 == -324508640;
    License_Buffer = 0;
    if ( !v10 )
      goto LABEL_21;
    v42 = 0xBu * *((_DWORD *)v7 + 1) / 0xA;
    v11 = (int)operator new__(11 * v42 / 0xA);
    if ( zlib_uncompress(v11, (int *)&v42, (int)((char *)v7 + 8), new_lic_size - 8) )
    {
      operator delete__((void *)v11);
LABEL_21:
      operator delete__(v7);
      return;
    }
    operator delete__(v7);
    _ECX = 0;
    v46 = 32;
    v15 = 64;
    __asm { seto    cl }
    v41 = operator new(v15 | -_ECX);
    v45 = v41;
    v70 = 0;
    _ECX = 0;
    v50 = 32;
    v17 = 64;
    __asm { seto    cl }
    v18 = operator new(v17 | -_ECX);
    v40 = v18;
    v49 = v18;
    LOBYTE(v70) = 1;
    memcpy(v41, &unk_1026C500, 0x40u);
    memcpy(v18, &unk_1026C540, 0x40u);
    _ECX = 0;
    v48 = 32;
    v20 = 64;
    __asm { seto    cl }
    v39 = operator new(v20 | -_ECX);
    v47 = v39;
    LOBYTE(v70) = 2;
    _ECX = 0;
    v44 = 32;
    v22 = 64;
    __asm { seto    cl }
    v12 = operator new(v22 | -_ECX);
    v43 = v12;
    LOBYTE(v70) = 3;
    memcopy(v39, v11, 0x40u);
    Spider_Unknown_Function1((int)&v47, (int)&v45, (int)&v49, (int)&v43);
    v13 = 0;
    if ( v42 )                                  // DECODE FINAL MODULE
    {
      v23 = v11;
      do
      {
        *(_BYTE *)v23 ^= *((_BYTE *)v12 + ((2 - v11 + v23) & 0xF));
        ++v13;
        ++v23;
      }
      while ( v13 < v42 );
    }
    if ( *(_DWORD *)(v11 + 64) == -38177487 )
    {
      memcopy(v39, v11 + 68, 64);
      Spider_Unknown_Function1((int)&v47, (int)&v45, (int)&v49, (int)&v43);
      v24 = (int *)&v63;
      v25 = 20;
      while ( *(int *)((char *)v24 + v12 - &v63) == *v24 )
      {
        v25 -= 4;
        ++v24;
        if ( (unsigned int)v25 < 4 )
        {
          v26 = v42 - 260;
          v52 = v42 - 260;
          v61 = 0;
          v59 = 0;
          v58 = 0;
          v62 = 0;
          Magic1 = 0x67452301u;
          Magic2 = 0xEFCDAB89u;
          Magic3 = 0x98BADCFEu;
          Magic4 = (unsigned int)&dword_10325476;
          Magic5 = 0xC3D2E1F0u;
          v27 = v11 + 260;
          if ( v42 == 260 )
          {
LABEL_40:
            sub_10083B20((int)&Magic1);
LABEL_41:
            v63 = Magic1;
            v64 = Magic2;
            v65 = Magic3;
            v66 = Magic4;
            v67 = Magic5;
          }
          else
          {
            while ( 1 )
            {
              --v26;
              v51 = v26;
              if ( HIBYTE(v62) )
                break;
              v60[v61++] = *(_BYTE *)v27;
              v28 = v58 == -8;
              v58 += 8;
              if ( v28 )
              {
                v29 = v59++ == -1;
                if ( v29 )
                  HIBYTE(v62) = 1;
              }
              if ( v61 == 64 )
              {
                Functie_RoR_cu_shl8(&Magic1);
                v26 = v51;
              }
              ++v27;
              if ( !v26 )
              {
                if ( HIBYTE(v62) )
                  break;
                if ( (_BYTE)v62 != (_BYTE)v26 )
                  goto LABEL_41;
                goto LABEL_40;
              }
            }
          }
          memcopy(v39, v11 + 132, 64);
          Spider_Unknown_Function1((int)&v47, (int)&v45, (int)&v49, (int)&v43);
          v31 = 20;
          v30 = v12;
          while ( *(_DWORD *)((char *)v30 + (char *)&v63 - v12) == *(_DWORD *)v30 )
          {
            v31 -= 4;
            v30 = (char *)v30 + 4;
            if ( (unsigned int)v31 < 4 )
            {
              v34 = v52;
              License_Buffer = operator new__(v52);
              License_File_Handler = v34;
              memcopy(License_Buffer, v11 + 0x104, v34);
              operator delete__((void *)v11);
              v33 = Initiaza_UPX_Modulul(); //Initiate and unpack UPX
              v32 = Search_Function("CheckLicense"); //function search.

Here are additional calls


int __stdcall Functie_RoR_cu_shl8(int a1)
{
  int v1; // eax@1
  signed int v2; // ecx@1
  int v3; // esi@2
  int v4; // edx@2
  int v5; // esi@2
  int v6; // edx@2
  int v7; // esi@2
  char *v8; // eax@3
  signed int v9; // ebx@3
  int v10; // edx@4
  int v11; // esi@4
  int v12; // ecx@4
  int v13; // ebp@4
  int v14; // ebp@4
  int v15; // ebp@4
  int v16; // ebp@4
  int v17; // edx@4
  int v18; // eax@5
  int v19; // edx@5
  int v20; // ecx@5
  int v21; // esi@5
  int v22; // edi@6
  int v23; // ebx@6
  int v24; // edi@6
  int v25; // eax@6
  int v26; // edi@6
  int v27; // ST14_4@6
  int v28; // edi@6
  int v29; // esi@6
  int v30; // edx@6
  int v31; // edi@6
  int v32; // ST10_4@6
  int v33; // ecx@6
  int v34; // eax@6
  int v35; // ST14_4@6
  int v36; // eax@6
  int v37; // edx@6
  int v38; // ebp@6
  int v39; // ST14_4@6
  int v40; // esi@6
  int v41; // edi@6
  int v42; // ecx@6
  signed int v43; // eax@6
  int v44; // ST14_4@6
  signed int v45; // ebx@7
  int v46; // edi@8
  int v47; // edi@8
  int v48; // eax@8
  int v49; // edi@8
  int v50; // ST14_4@8
  int v51; // edi@8
  int v52; // esi@8
  int v53; // edx@8
  int v54; // edi@8
  int v55; // ebp@8
  int v56; // ecx@8
  int v57; // eax@8
  int v58; // ST14_4@8
  int v59; // eax@8
  int v60; // edx@8
  int v61; // ST14_4@8
  int v62; // ebp@8
  int v63; // edi@8
  int v64; // eax@8
  int v65; // esi@8
  int v66; // eax@8
  int v67; // ecx@8
  int v68; // ST14_4@8
  int v69; // esi@8
  int v70; // edi@10
  int v71; // edi@10
  int v72; // ebx@10
  int v73; // eax@10
  int v74; // ST10_4@10
  int v75; // edi@10
  int v76; // ebp@10
  int v77; // ebx@10
  int v78; // edx@10
  int v79; // esi@10
  int v80; // edx@10
  int v81; // edi@10
  int v82; // ST14_4@10
  int v83; // edx@10
  int v84; // ecx@10
  int v85; // ST10_4@10
  int v86; // eax@10
  int v87; // edx@10
  int v88; // edi@10
  int v89; // esi@10
  int v90; // ST14_4@10
  int v91; // esi@10
  int v92; // ebp@10
  int v93; // ecx@10
  int v94; // eax@10
  int v95; // ST14_4@10
  int v96; // edi@11
  int v97; // ebp@12
  int v98; // ebp@12
  int v99; // ebx@12
  int v100; // eax@12
  int v101; // ebx@12
  int v102; // ST10_4@12
  int v103; // edx@12
  int v104; // ebp@12
  int v105; // esi@12
  int v106; // edx@12
  int v107; // ebx@12
  int v108; // ST10_4@12
  int v109; // ecx@12
  int v110; // eax@12
  int v111; // ebp@12
  int v112; // eax@12
  int v113; // edx@12
  int v114; // ST10_4@12
  int v115; // ebx@12
  int v116; // esi@12
  int v117; // ebp@12
  int v118; // esi@12
  int v119; // eax@12
  int v120; // ST10_4@12
  int v121; // ebx@12
  unsigned __int8 v122; // sf@12
  unsigned __int8 v123; // of@12
  int result; // eax@13
  int v125; // ebx@13
  int v126; // esi@13
  int v127; // [sp+10h] [bp-148h]@5
  int v128; // [sp+14h] [bp-144h]@5
  int v129; // [sp+14h] [bp-144h]@9
  signed int v130; // [sp+14h] [bp-144h]@11
  int v131; // [sp+18h] [bp-140h]@2
  int v132; // [sp+1Ch] [bp-13Ch]@2
  int v133; // [sp+20h] [bp-138h]@2
  int v134; // [sp+24h] [bp-134h]@2
  int v135[4]; // [sp+28h] [bp-130h]@6
  char v136; // [sp+38h] [bp-120h]@3  v2 = 0;
  v1 = a1 + 29;
  do
  {
    v3 = *(_BYTE *)(v1 + 4);
    *(&v131 + v2) = *(_BYTE *)(v1 + 2) | ((*(_BYTE *)(v1 + 1) | ((*(_BYTE *)v1 | (*(_BYTE *)(v1 - 1) << 8)) << 8)) << 8);
    v4 = *(_BYTE *)(v1 + 6) | ((*(_BYTE *)(v1 + 5) | ((v3 | (*(_BYTE *)(v1 + 3) << 8)) << 8)) << 8);
    v5 = *(_BYTE *)(v1 + 8);
    *(&v132 + v2) = v4;
    v6 = *(_BYTE *)(v1 + 10) | ((*(_BYTE *)(v1 + 9) | ((v5 | (*(_BYTE *)(v1 + 7) << 8)) << 8)) << 8);
    v7 = *(_BYTE *)(v1 + 12);
    *(&v133 + v2) = v6;
    *(&v134 + v2) = *(_BYTE *)(v1 + 14) | ((*(_BYTE *)(v1 + 13) | ((v7 | (*(_BYTE *)(v1 + 11) << 8)) << 8)) << 8);
    v2 += 4;
    v1 += 16;
  }
  while ( v2 < 16 );
  v8 = &v136;
  v9 = 16;
  do
  {
    v10 = *((_DWORD *)v8 - 6);
    v11 = *((_DWORD *)v8 - 5);
    v12 = __ROL__(*(_DWORD *)v8 ^ v10 ^ *((_DWORD *)v8 + 5) ^ *((_DWORD *)v8 - 8), 1);
    v13 = __ROL__(v11 ^ *((_DWORD *)v8 + 1) ^ *((_DWORD *)v8 + 6) ^ *((_DWORD *)v8 - 7), 1);
    *((_DWORD *)v8 + 9) = v13;
    v14 = *((_DWORD *)v8 - 4) ^ *((_DWORD *)v8 + 7);
    *((_DWORD *)v8 + 8) = v12;
    v15 = *((_DWORD *)v8 + 2) ^ v14;
    v8 += 16;
    v16 = __ROL__(v10 ^ v15, 1);
    v17 = __ROL__(v11 ^ v12 ^ *((_DWORD *)v8 - 1) ^ *((_DWORD *)v8 - 7), 1);
    --v9;
    *((_DWORD *)v8 + 6) = v16;
    *((_DWORD *)v8 + 7) = v17;
  }
  while ( v9 );
  v21 = *(_DWORD *)a1;
  v18 = *(_DWORD *)(a1 + 4);
  v20 = *(_DWORD *)(a1 + 8);
  v19 = *(_DWORD *)(a1 + 12);
  v127 = *(_DWORD *)(a1 + 16);
  v128 = 0;
  do
  {
    v22 = __ROL__(v21, 5);
    v23 = v128;
    v24 = *(&v131 + v128) + (v18 & v20 | v19 & ~v18) + v22;
    v25 = __ROR__(v18, 2);
    v26 = v127 + 1518500249 + v24;
    v27 = v26;
    v26 = __ROL__(v26, 5);
    v28 = *(&v132 + v23) + (v21 & v25 | v20 & ~v21) + v26;
    v29 = __ROR__(v21, 2);
    v30 = v28 + v19 + 1518500249;
    v31 = v25;
    v32 = v20;
    v33 = v27;
    v34 = v27 & v29 | v25 & ~v27;
    v35 = v30;
    v30 = __ROL__(v30, 5);
    v36 = *(&v133 + v23) + v34 + v30 + v32 + 1518500249;
    v37 = v35;
    v38 = v29;
    v33 = __ROR__(v33, 2);
    v39 = v36;
    v36 = __ROL__(v36, 5);
    v40 = *(&v134 + v23) + (v37 & v33 | v29 & ~v37) + v36 + v31 + 1518500249;
    v41 = v33;
    v42 = v39;
    v19 = __ROR__(v37, 2);
    v43 = ~v39;
    v44 = v40;
    v40 = __ROL__(v40, 5);
    v21 = v38 + 1518500249 + v135[v23] + (v42 & v19 | v41 & v43) + v40;
    v18 = v44;
    v20 = __ROR__(v42, 2);
    v127 = v41;
    v128 = v23 + 5;
  }
  while ( v23 + 5 < 20 );
  v45 = 20;
  do
  {
    v46 = __ROL__(v21, 5);
    v47 = *(&v131 + v45) + (v18 ^ v20 ^ v19) + v46;
    v48 = __ROR__(v18, 2);
    v49 = v127 + 1859775393 + v47;
    v50 = v49;
    v49 = __ROL__(v49, 5);
    v51 = *(&v132 + v45) + (v21 ^ v48 ^ v20) + v49;
    v52 = __ROR__(v21, 2);
    v53 = v51 + v19 + 1859775393;
    v54 = v48;
    v55 = v20;
    v56 = v50;
    v57 = v50 ^ v52 ^ v48;
    v58 = v53;
    v53 = __ROL__(v53, 5);
    v56 = __ROR__(v56, 2);
    v59 = v55 + 1859775393 + *(&v133 + v45) + v57 + v53;
    v60 = v58;
    v61 = v59;
    v59 = __ROL__(v59, 5);
    v62 = v54;
    v63 = v52;
    v64 = *(&v134 + v45) + (v60 ^ v56 ^ v52) + v59;
    v19 = __ROR__(v60, 2);
    v65 = v62 + 1859775393 + v64;
    v66 = v56;
    v67 = v61;
    v68 = v65;
    v65 = __ROL__(v65, 5);
    v69 = v135[v45] + (v67 ^ v19 ^ v66) + v65;
    v45 += 5;
    v20 = __ROR__(v67, 2);
    v127 = v66;
    v18 = v68;
    v21 = v69 + v63 + 1859775393;
  }
  while ( v45 < 40 );
  v129 = 40;
  do
  {
    v70 = __ROL__(v21, 5);
    v71 = v127 + v70;
    v72 = *(&v131 + v129) + (v18 & v20 | v19 & (v18 | v20));
    v73 = __ROR__(v18, 2);
    v74 = v19;
    v75 = v72 + v71 - 1894007588;
    v76 = v75;
    v75 = __ROL__(v75, 5);
    v77 = v129;
    v78 = *(&v132 + v129) + (v21 & v73 | v20 & (v21 | v73));
    v79 = __ROR__(v21, 2);
    v80 = v78 + v74 + v75 - 1894007588;
    v81 = *(&v133 + v129) + (v76 & v79 | v73 & (v76 | v79));
    v82 = v80;
    v80 = __ROL__(v80, 5);
    v83 = v20 + v80;
    v84 = __ROR__(v76, 2);
    v85 = v73;
    v86 = v82;
    v87 = v81 + v83 - 1894007588;
    v88 = v79;
    v89 = *(&v134 + v77) + (v82 & v84 | v79 & (v82 | v84));
    v90 = v87;
    v87 = __ROL__(v87, 5);
    v86 = __ROR__(v86, 2);
    v91 = v89 + v85 + v87 - 1894007588;
    v19 = v86;
    v92 = v84;
    v93 = v90;
    v94 = v92 & (v90 | v86);
    v95 = v91;
    v91 = __ROL__(v91, 5);
    v21 = v135[v77] + (v93 & v19 | v94) + v88 + v91 - 1894007588;
    v18 = v95;
    v20 = __ROR__(v93, 2);
    v127 = v92;
    v129 = v77 + 5;
  }
  while ( v77 + 5 < 60 );
  v96 = 60;
  v130 = 60;
  do
  {
    v98 = *(&v131 + v96) + (v18 ^ v20 ^ v19);
    v99 = __ROL__(v21, 5);
    v100 = __ROR__(v18, 2);
    v101 = v98 - 899497514 + v127 + v99;
    v102 = v19;
    v103 = *(&v132 + v130) + (v21 ^ v100 ^ v20);
    v104 = v101;
    v101 = __ROL__(v101, 5);
    v105 = __ROR__(v21, 2);
    v106 = v103 + v102 + v101 - 899497514;
    v107 = v100;
    v108 = v20;
    v109 = v104;
    v110 = *(&v133 + v130) + (v104 ^ v105 ^ v100);
    v111 = v106;
    v106 = __ROL__(v106, 5);
    v109 = __ROR__(v109, 2);
    v112 = v110 + v108 + v106 - 899497514;
    v113 = v111;
    v114 = v107;
    v115 = v105;
    v116 = *(&v134 + v130) + (v111 ^ v109 ^ v105);
    v117 = v112;
    v112 = __ROL__(v112, 5);
    v19 = __ROR__(v113, 2);
    v118 = v116 + v114 + v112 - 899497514;
    v119 = v109;
    v120 = v115;
    v121 = v118;
    v118 = __ROL__(v118, 5);
    v96 = v130 + 5;
    v21 = v135[v130] + (v117 ^ v19 ^ v109) - 899497514 + v120 + v118;
    v20 = __ROR__(v117, 2);
    v123 = __SETO__(v130 + 5, 80);
    v122 = v130 - 75 < 0;
    v97 = v119;
    v127 = v119;
    v18 = v121;
    v130 += 5;
  }
  while ( v122 ^ v123 );
  v125 = v21 + *(_DWORD *)a1;
  v126 = v18 + *(_DWORD *)(a1 + 4);
  *(_DWORD *)(a1 + 8) += v20;
  *(_DWORD *)(a1 + 12) += v19;
  result = v97 + *(_DWORD *)(a1 + 16);
  *(_DWORD *)a1 = v125;
  *(_DWORD *)(a1 + 4) = v126;
  *(_DWORD *)(a1 + 16) = result;
  *(_DWORD *)(a1 + 92) = 0;
  return result;
}
----------------------------------------------------------------int __usercall sub_10083B20<eax>(int a1<esi>)
{
  signed int v1; // eax@1
  int v2; // eax@1
  unsigned __int8 v3; // zf@1
  char v4; // sf@1
  unsigned __int8 v5; // of@1
  char v7; // dl@9
  char v8; // al@9
  char v9; // cl@9
  char v10; // dl@9
  char v11; // al@9
  char v12; // cl@9
  char v13; // dl@9  v2 = *(_DWORD *)(a1 + 92);
  *(_BYTE *)(v2 + a1 + 28) = -128;
  ++*(_DWORD *)(a1 + 92);
  v5 = __SETO__(v2, 55);
  v3 = v2 == 55;
  v4 = v2 - 55 < 0;
  v1 = *(_DWORD *)(a1 + 92);
  if ( (unsigned __int8)(v4 ^ v5) | v3 )
  {
    for ( ; v1 < 56; v1 = *(_DWORD *)(a1 + 92) )
    {
      *(_BYTE *)(v1 + a1 + 28) = 0;
      ++*(_DWORD *)(a1 + 92);
    }
  }
  else
  {
    for ( ; v1 < 64; v1 = *(_DWORD *)(a1 + 92) )
    {
      *(_BYTE *)(v1 + a1 + 28) = 0;
      ++*(_DWORD *)(a1 + 92);
    }
    Functie_RoR_cu_shl8(a1);
    for ( ; *(_DWORD *)(a1 + 92) < 56; ++*(_DWORD *)(a1 + 92) )
      *(_BYTE *)(a1 + *(_DWORD *)(a1 + 92) + 28) = 0;
  }
  v7 = *(_BYTE *)(a1 + 26);
  v8 = *(_BYTE *)(a1 + 25);
  *(_BYTE *)(a1 + 84) = *(_BYTE *)(a1 + 27);
  v9 = *(_BYTE *)(a1 + 24);
  *(_BYTE *)(a1 + 85) = v7;
  v10 = *(_BYTE *)(a1 + 23);
  *(_BYTE *)(a1 + 86) = v8;
  v11 = *(_BYTE *)(a1 + 22);
  *(_BYTE *)(a1 + 87) = v9;
  v12 = *(_BYTE *)(a1 + 21);
  *(_BYTE *)(a1 + 88) = v10;
  v13 = *(_BYTE *)(a1 + 20);
  *(_BYTE *)(a1 + 89) = v11;
  *(_BYTE *)(a1 + 90) = v12;
  *(_BYTE *)(a1 + 91) = v13;
  return Functie_RoR_cu_shl8(a1);
}
--------------------------------------------void __cdecl Spider_Unknown_Function1(int a1, int a2, int a3, int a4)
{
  void *v4; // eax@1
  void *v5; // ebx@1
  void *v6; // ebp@1
  unsigned int v7; // esi@1
  int v9; // eax@1
  void *v10; // eax@1
  int v12; // eax@1
  int v13; // edx@2
  int i; // ecx@5
  int v15; // edi@5
  unsigned int v16; // ecx@5
  int v17; // eax@8
  unsigned int v18; // ecx@11
  void *v19; // eax@12
  char v20; // zf@17
  char v21; // [sp+17h] [bp-25h]@8
  unsigned int v22; // [sp+18h] [bp-24h]@9
  int v23; // [sp+1Ch] [bp-20h]@9
  void *v24; // [sp+20h] [bp-1Ch]@1
  int v25; // [sp+24h] [bp-18h]@1
  void *v26; // [sp+28h] [bp-14h]@1
  int v27; // [sp+2Ch] [bp-10h]@1
  int v28; // [sp+38h] [bp-4h]@1  _ECX = 0;
  v9 = 2 * (2 * *(_DWORD *)(a4 + 4) + 1);
  __asm { seto    cl }
  v25 = 2 * *(_DWORD *)(a4 + 4) + 1;
  v7 = v25;
  v10 = operator new(v9 | -_ECX);
  v5 = v10;
  v24 = v10;
  v28 = 0;
  _ECX = 0;
  v12 = 2 * v25;
  __asm { seto    cl }
  v27 = v25;
  v4 = operator new(v12 | -_ECX);
  v6 = v4;
  v26 = v4;
  if ( v25 )
  {
    v13 = v25;
    do
    {
      *(_WORD *)v4 = *(_WORD *)((char *)v4 + v5 - v6);
      v4 = (char *)v4 + 2;
      --v13;
    }
    while ( v13 );
  }
  LOBYTE(v28) = 1;
  *(_WORD *)v5 = 1;
  if ( v7 > 1 )
  {
    v16 = (v7 - 1) >> 1;
    memset((char *)v5 + 2, 0, 4 * v16);
    v15 = (int)(v5 + 4 * v16 + 2);
    for ( i = 2 * (((_BYTE)v7 - 1) & 1); i; --i )
    {
      *(_WORD *)v15 = 0;
      v15 += 2;
    }
  }
  v17 = *(_DWORD *)(a2 + 4);
  v21 = 1;
  if ( v17 )
  {
    do
    {
      v23 = v17 - 1;
      v22 = 32768;
      do
      {
        if ( !v21 )
        {
          v18 = 0;
          if ( v7 )
          {
            v19 = v6;
            if ( v7 > 0 )
            {
              do
              {
                *(_WORD *)v19 = *(_WORD *)((char *)v19 + v5 - v6);
                ++v18;
                v19 = (char *)v19 + 2;
              }
              while ( v18 < v7 );
            }
          }
          sub_10083000((int)&v24, (int)&v26);
          sub_100832E0((int)&v24, a3);
        }
        if ( *(_WORD *)(*(_DWORD *)a2 + 2 * v23) & (_WORD)v22 )
        {
          sub_10083000((int)&v24, a1);
          sub_100832E0((int)&v24, a3);
          v21 = 0;
        }
        v20 = v22 >> 1 == 0;
        v22 >>= 1;
      }
      while ( !v20 );
      v17 = v23;
    }
    while ( v23 );
  }
  sub_10082FC0(a4, (int)&v24);
  LOBYTE(v28) = 0;
  operator delete(v6);
  v28 = -1;
  operator delete(v5);
}

Sorry for big post didn't find a collapse tag.

Edited by Spider

  • Author

Anyone? :unsure:

Create an account or sign in to comment

Go to topic listing

Configure browser push notifications
Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.