网站 › 『脱壳破解讨论求助区』 › IDA Pro 代码如何理解

yinhao1979 发表于 2022-10-17 22:51

IDA Pro 代码如何理解

void *v214; // BYREF
// 这个 v214 new 的 void* 是什么类型数据？
v214 = operator new(0x520u);

if ( v214 )
      //unk_43C908 这种 unk 开头的变量要怎么看数据？
      v10 = (size_t *)((int (__stdcall *)(int, int, void *, void *))sub_426E40)((int)v8, Length,&unk_43C908,&unk_43CA10);
else
      v10 = 0;

_DWORD *__thiscall sub_426E40(_DWORD *this, int a2, int a3, void *Src, void *a5)
{
// 这边对 this 地址偏移是什么意思，应该如何理解？
sub_427160(this + 11, Src, 0x104u);
sub_427160(this + 76, a5, 0x2C4u);
*this = 1;
}

void *__cdecl sub_427160(void *a1, void *Src, size_t Size)
{
void *result; // eax

result = (void *)Size;
if ( Size )
    // 这边 a1 是上面方法传过来的 this + 11 和 this + 76 这边数据是复制到哪边去了？
    return memcpy(a1, Src, Size);
return result;
}

爱飞的猫 发表于 2022-11-24 02:30

```cpp
    auto decrypted_data = BrainSeeDecrypt(g_encrypted_data, sizeof(g_encrypted_data));
```

此处的 `sizeof(g_encrypted_data)` 应为 `len`。

我的 demo 的定义是 `unsigned char g_encrypted_data`，因此计算 `sizeof(g_encrypted_data)` 得到的是 `6628`；你这里的类型是指针，得到的是 `4`。

此外你可以直接用 `vector` 来避免手动管理内存：

```cpp
    std::vector<uint8_t> buffer_vec();
    ifstream fl("GUJUNYI_20200718.ban", ios::in | ios::binary);
    fl.seekg( 0, ios::end );
    buffer_vec.resize(fl.tellg()); // 更改容器大小
    fl.seekg(0, ios::beg);
    fl.read(reinterpret_cast<char*>(buffer_vec.data()), len);
    fl.close();


    std::cout << " GUJUNYI_20200718.ban read len: " << buffer_vec.size() << std::endl;

    auto decrypted_data = BrainSeeDecrypt(buffer_vec.data(), buffer_vec.size());
    std::ofstream ofs(L"dump.bin", std::ios::binary);
    ofs.write(reinterpret_cast<char*>(decrypted_data.data()), decrypted_data.size());
    ofs.close();

    std::cout << "写出了 " << decrypted_data.size() << " 字节到 'dump.bin'" << std::endl;
```

yinhao1979 发表于 2022-10-19 08:09

本帖最后由 yinhao1979 于 2022-10-19 08:12 编辑

爱飞的猫 发表于 2022-10-19 00:29
最好是把文件发出来一起看

unk* 的数据类型和大小都是未知，只有在运行的时候分析或根据操作这部分内存 ...
完整代码上传了，有点长，主要就是加注释那段不是太理解，主要是对指针偏移，初始化，赋值换来换去不太理解

int __thiscall sub_41AEF0(CDocument *this, char *a2)
{
int v3; // eax
const char *v4; // eax
char *v5; // ecx
signed int Length; // edi
void *v8; // ebx
int v9; // eax
size_t *v10; // edi
HFONT Font; // eax
bool v12; // zf
signed int i; // eax
int v14; // edi
int v15; // ebx
int v16; // edx
char *(__cdecl *v17)(const char *, const char *); // edi
char *v18; // eax
char *v19; // eax
char *v20; // eax
char *v21; // eax
int v22; // eax
char *v23; // edi
int v24; // eax
const char *v25; // edi
char *v26; // eax
char *v27; // ebx
int v28; // eax
int v29; // eax
int v30; // eax
int v31; // eax
int v32; // eax
int v33; // eax
int v34; // eax
int v35; // eax
int v36; // eax
int v37; // eax
int v38; // eax
int v39; // eax
int v40; // eax
int v41; // eax
int v42; // eax
int v43; // eax
int v44; // eax
int v45; // eax
int v46; // eax
int v47; // eax
int v48; // eax
int v49; // eax
int v50; // eax
int v51; // eax
int v52; // eax
int v53; // eax
int v54; // eax
int *v55; // ebx
int v56; // eax
const char *v57; // eax
int *v58; // edi
int v59; // eax
int v60; // eax
int v61; // eax
int v62; // eax
int *v63; // edi
int v64; // eax
int v65; // eax
int v66; // eax
int v67; // eax
int v68; // eax
int v69; // eax
int v70; // eax
int v71; // eax
int v72; // eax
int v73; // eax
const char *v74; // eax
int v75; // eax
int v76; // eax
int v77; // eax
int v78; // eax
int v79; // eax
int v80; // eax
int v81; // eax
int v82; // eax
int v83; // eax
int v84; // eax
int v85; // eax
int v86; // eax
int StringA; // eax
const char *v88; // eax
int v89; // eax
const char *v90; // eax
int *v91; // edi
int v92; // eax
int v93; // eax
int v94; // eax
int v95; // eax
int v96; // eax
int v97; // eax
int v98; // eax
int v99; // eax
int v100; // eax
int v101; // eax
int v102; // eax
int v103; // eax
int v104; // eax
int v105; // eax
int v106; // eax
int v107; // eax
int v108; // eax
const char *v109; // eax
int *v110; // edi
int v111; // eax
int v112; // eax
int v113; // eax
int v114; // eax
int v115; // eax
int v116; // eax
int v117; // eax
int v118; // eax
int v119; // eax
int v120; // eax
int v121; // eax
int v122; // eax
int *v123; // ecx
int v124; // eax
int v125; // eax
int v126; // eax
int v127; // eax
int v128; // eax
const char *v129; // eax
int v130; // eax
int v131; // eax
int v132; // eax
int v133; // eax
int v134; // eax
const char *v135; // eax
int v136; // eax
int v137; // eax
int v138; // eax
int v139; // eax
int v140; // eax
int v141; // eax
int v142; // eax
int v143; // eax
int v144; // eax
int v145; // eax
int v146; // eax
const char *v147; // eax
int v148; // eax
int v149; // eax
int v150; // eax
int v151; // eax
int v152; // eax
int v153; // eax
int v154; // eax
int *v155; // edi
int v156; // eax
const char *v157; // eax
int v158; // eax
int v159; // eax
int v160; // eax
int v161; // eax
int v162; // eax
int v163; // eax
int v164; // eax
int *v165; // edi
int v166; // eax
int v167; // eax
int v168; // eax
int v169; // eax
int v170; // eax
int v171; // eax
int v172; // eax
char *v173; // eax
char *v174; // eax
int v175; // eax
int v176; // eax
int v177; // eax
int v178; // eax
char *v179; // eax
char *v180; // eax
char *v181; // eax
char *v182; // eax
char *v183; // eax
int v184; // eax
int v185; // eax
int v186; // eax
int v187; // edi
int v188; // eax
int v189; // edx
int v190; //
unsigned int v191; //
unsigned int v192; //
unsigned int v193; //
char *v194; //
char *v195; //
char *v196; //
char *v197; //
char *v198; //
char *v199; //
char *v200; //
unsigned int v201; //
unsigned int v202; //
unsigned int v203; //
unsigned int v204; //
unsigned int v205; //
char *v206; //
int v207; //
int v208; //
unsigned int v209; //
int v210; // BYREF
char v211; // BYREF
char v212; // BYREF
char *Context; // BYREF
void *v214; // BYREF
CDocument *v215; // BYREF
char v216; // BYREF
char v217; // BYREF
int v218; // BYREF
int v219; // BYREF
void **v220; //
int v221; //
int v222; //
void (__cdecl *v223)(void *); //
int v224; // BYREF
char v225; // BYREF
int v226; // BYREF
char v227; // BYREF
char *v228; // BYREF
char v229; // BYREF
int j; // BYREF
char v231; // BYREF
char Str; // BYREF
int *v233; //
int v234; //

v233 = &v210;
v215 = this;
v228 = a2;
v226 = 0;
ATL::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>::operator=((char *)this + 240, a2);
if ( !CDocument::OnOpenDocument(this, a2) )
    return 0;
*((_DWORD *)this + 1594) = 0;
CFile::CFile((CFile *)v212);
v234 = 1;
if ( !CFile::Open((CFile *)v212, a2, 0, 0) )
{
    v208 = ATL::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>(
             v217,
             a2);
    LOBYTE(v234) = 2;
    v3 = sub_4022A0(&v226, v208, " open failed");
    LOBYTE(v234) = 3;
    v4 = (const char *)ATL::CSimpleStringT<char,1>::operator char const *(v3, 0);
    AfxMessageBox(v4, v209, 0);
    ATL::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>::~CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>(&v226);
    v5 = v217;
LABEL_4:
    ATL::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>::~CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>(v5);
    v234 = -1;
    CFile::~CFile((CFile *)v212);
    return 0;
}
v234 = 0;
Length = CFile::GetLength((CFile *)v212);
v8 = operator new[](Length);
CFile::Read((CFile *)v212, v8, Length);
CFile::Close((CFile *)v212);
ATL::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>(
    v225,
    v228);
LOBYTE(v234) = 5;
v228 = (char *)(-1 - ATL::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>::ReverseFind(v225, 46));
v9 = ATL::CSimpleStringT<char,1>::GetLength(v225);
ATL::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>::Right(v225, v216, &v228);
LOBYTE(v234) = 6;
if ( ATL::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>::Compare(v216, &unk_433DA4) )
{
    // 这种操作是指针赋值给 v12 并且设置初始值为0的意思吗？
    v12 = *((_DWORD *)this + 55) == 0;
    // 这种赋值的意思是将 地址对应的值设置为长度吗？
    *((_DWORD *)this + 56) = Length;
    if ( v12 )
      // 上面如果是已经对 v12 赋值为 *((_DWORD *)this + 55) 这个地址，这边这个操作还是对同一个地址再做一次初始化吗？
      *((_DWORD *)this + 55) = operator new[](Length);
    // 这边这个操作是不是可以理解为将 v8 数据复制到 *((_DWORD *)this + 55) 这个地址？是不是就是对应到 v12 指向地址？
    for ( i = 0; i < Length; ++i )
      *(_BYTE *)(i + *((_DWORD *)this + 55)) = *((_BYTE *)v8 + i);
}
else
{
    // 这个v214初始化就看不懂了，不理解和下面v10有什么关系
    v214 = operator new(0x520u);
    LOBYTE(v234) = 7;
    if ( v214 )
      v10 = (size_t *)((int (__stdcall *)(int, int, void *, void *))sub_426E40)(
                        (int)v8,
                        Length,
                        &unk_43C908,
                        &unk_43CA10);
    else
      v10 = 0;
    LOBYTE(v234) = 6;
    // 下面几个步骤都用到 v10 , 但是动态调试时 v10 数据也没变化
    if ( !sub_426EE0(v10) )
    {
      AfxMessageBox("Resolving failed for file Decryption", 0, 0);
LABEL_12:
      ATL::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>::~CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>(v216);
      v5 = v225;
      goto LABEL_4;
    }
    if ( !sub_4269D0(v10) )
    {
      AfxMessageBox("Signature checking failed", 0, 0);
      goto LABEL_12;
    }
    if ( !sub_427020((int)v10, 1) )
    {
      AfxMessageBox("Descryption failed for file format", 0, 0);
      goto LABEL_12;
    }
    Font = CMFCCaptionBar::OnGetFont((CMFCCaptionBar *)v10);
    v12 = *((_DWORD *)this + 55) == 0;
    *((_DWORD *)this + 56) = Font;
    if ( v12 )
      *((_DWORD *)this + 55) = operator new[]((unsigned int)Font);
    ((void (__stdcall *)(void *, int, size_t))sub_4269A0)(*((void **)this + 55), 0, 0);
    if ( v10 )
    {
      sub_4268F0((int)v10);
      operator delete(v10);
    }
}
operator delete(v8);
v14 = *((_DWORD *)this + 56);
// 这一步动态调试可以打印出来 this 地址为 0x4840000 和方法入参 CDocument *this一样 ，但是这边 *((_DWORD *)this + 55) 后 v15 0xBCF6578
// 0xBCF6578 和 0x4840000 + 55 对应不起来，不知道要如何理解了？
v15 = *((_DWORD *)this + 55);
v218 = (int)&unk_434118;
std::ios::ios(v224);
LOBYTE(v234) = 8;
v226 = 1;
std::istream::istream(v218, v219, 0, 0);
v16 = *(_DWORD *)(v218 + 4);
v234 = 9;
*(int *)((char *)v218 + v16) = (int)&std::istrstream::`vftable';
v214 = v219;
std::streambuf::streambuf(v219);
LOBYTE(v234) = 10;
v219 = (int)&std::strstreambuf::`vftable';
sub_416050(v14, v14 >> 31, v15, 0, 2);
v17 = strstr;
LOBYTE(v234) = 11;
do
{
    std::istream::getline(v218, Str, 1024, 0);
    if ( strstr(Str, "#") )
      *strstr(Str, "#") = 0;
}
while ( !Str );
v18 = strstr(Str, ",");
if ( v18 )
{
    v19 = strtok_s(v18 + 1, ".", &Context);
    *((_DWORD *)this + 54) = 1000000 * atol(v19);
    v20 = strtok_s(0, ".", &Context);
    *((_DWORD *)this + 54) += 1000 * atol(v20);
    v21 = strtok_s(0, "\n", &Context);
    v17 = strstr;
    *((_DWORD *)this + 54) += atol(v21);
}
else
{
    *((_DWORD *)this + 54) = 0;
}
v22 = sub_4197C0(v218, v231);
sub_4197C0(v22, Str);
v23 = v17(Str, "-");
if ( v23 )
{
    *v23 = 0;
    v25 = v23 + 1;
    *((_DWORD *)this + 66) = atoi(Str);
    v26 = strstr(v25, "-");
    v27 = v26;
    if ( v26 )
    {
      *v26 = 0;
      *((_DWORD *)this + 67) = atoi(v25);
      v24 = atoi(v27 + 1);
    }
    else
    {
      *((_DWORD *)this + 67) = 0;
      v24 = atoi(v25);
    }
}
else
{
    *((_DWORD *)this + 66) = 0;
    *((_DWORD *)this + 67) = 0;
    v24 = atoi(Str);
}
*((_DWORD *)this + 68) = v24;
std::istream::getline(v218, Str, 1024, 0);
v28 = sub_4197C0(v218, v231);
sub_4197C0(v28, Str);
ATL::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>::operator=((char *)this + 260, Str);
std::istream::getline(v218, Str, 1024, 0);
v29 = sub_4197C0(v218, v231);
v30 = std::istream::operator>>(v29, (char *)this + 276);
v31 = sub_419980(v30, &v227);
v32 = std::istream::operator>>(v31, (char *)this + 280);
v33 = sub_419980(v32, &v227);
std::istream::operator>>(v33, (char *)this + 284);
std::istream::getline(v218, Str, 1024, 0);
v34 = sub_4197C0(v218, v231);
std::istream::operator>>(v34, (char *)this + 288);
std::istream::getline(v218, Str, 1024, 0);
v35 = sub_4197C0(v218, v231);
sub_4197C0(v35, Str);
if ( !strcmp(Str, "Male") )
    v36 = 1;
else
    v36 = (strcmp(Str, "Female") != 0) - 1;
*((_DWORD *)this + 73) = v36;
std::istream::getline(v218, Str, 1024, 0);
v37 = sub_4197C0(v218, v231);
std::istream::operator>>(v37, (char *)this + 296);
std::istream::getline(v218, Str, 1024, 0);
v38 = sub_4197C0(v218, v231);
std::istream::operator>>(v38, (char *)this + 304);
std::istream::getline(v218, Str, 1024, 0);
v39 = sub_4197C0(v218, v231);
std::istream::operator>>(v39, (char *)this + 320);
std::istream::getline(v218, Str, 1024, 0);
v40 = sub_4197C0(v218, v231);
std::istream::operator>>(v40, (char *)this + 312);
std::istream::getline(v218, Str, 1024, 0);
v41 = sub_4197C0(v218, v231);
sub_4197C0(v41, Str);
if ( !strcmp(Str, "A") )
{
    v42 = 1101;
}
else if ( !strcmp(Str, "AB") )
{
    v42 = 1102;
}
else if ( !strcmp(Str, "B") )
{
    v42 = 1103;
}
else
{
    v42 = 4 * (strcmp(Str, "O") == 0) + 1100;
}
*((_DWORD *)this + 82) = v42;
std::istream::getline(v218, Str, 1024, 0);
v43 = sub_4197C0(v218, v231);
std::istream::operator>>(v43, (char *)this + 332);
std::istream::getline(v218, Str, 1024, 0);
v44 = sub_4197C0(v218, v231);
sub_4197C0(v44, Str);
if ( !strcmp(Str, "Normal") )
{
    v45 = 1106;
}
else if ( !strcmp(Str, "High") )
{
    v45 = 1105;
}
else
{
    v45 = 1107 - (strcmp(Str, "Low") != 0);
}
*((_DWORD *)this + 84) = v45;
std::istream::getline(v218, Str, 1024, 0);
v46 = sub_4197C0(v218, v231);
sub_4197C0(v46, Str);
if ( !strcmp(Str, "Normal") )
{
    v47 = 1106;
}
else if ( !strcmp(Str, "High") )
{
    v47 = 1105;
}
else
{
    v47 = 1107 - (strcmp(Str, "Low") != 0);
}
*((_DWORD *)this + 85) = v47;
std::istream::getline(v218, Str, 1024, 0);
sub_4197C0(v218, v231);
std::istream::getline(v218, Str, 1024, 0);
ATL::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>::operator=((char *)this + 344, Str);
ATL::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>::TrimLeft((char *)this + 344, "\t ");
ATL::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>::TrimRight((char *)this + 344, "\r\n");
sub_4197C0(v218, v231);
std::istream::getline(v218, Str, 1024, 0);
ATL::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>::operator=((char *)this + 348, Str);
ATL::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>::TrimLeft((char *)this + 348, "\t ");
ATL::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>::TrimRight((char *)this + 348, "\r\n");
std::istream::getline(v218, Str, 1024, 0);
std::istream::getline(v218, Str, 1024, 0);
v48 = sub_4197C0(v218, v231);
std::istream::operator>>(v48, (char *)this + 360);
std::istream::getline(v218, Str, 1024, 0);
sub_4197C0(v218, v231);
std::istream::getline(v218, Str, 1024, 0);
ATL::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>::operator=((char *)this + 352, Str);
ATL::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>::TrimLeft((char *)this + 352, "\t ");
ATL::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>::TrimRight((char *)this + 352, "\r\n");
sub_4197C0(v218, v231);
std::istream::getline(v218, Str, 1024, 0);
ATL::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>::operator=((char *)this + 356, Str);
ATL::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>::TrimLeft((char *)this + 356, "\t ");
ATL::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>::TrimRight((char *)this + 356, "\r\n");
sub_4197C0(v218, v231);
std::istream::getline(v218, Str, 1024, 0);
ATL::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>::operator=((char *)this + 364, Str);
ATL::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>::TrimLeft((char *)this + 364, "\t ");
ATL::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>::TrimRight((char *)this + 364, "\r\n");
sub_4197C0(v218, v231);
std::istream::getline(v218, Str, 1024, 0);
ATL::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>::operator=((char *)this + 368, Str);
ATL::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>::TrimLeft((char *)this + 368, "\t ");
ATL::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>::TrimRight((char *)this + 368, "\r\n");
v49 = sub_4197C0(v218, v231);
std::istream::operator>>(v49, (char *)this + 384);
std::istream::getline(v218, Str, 1024, 0);
v50 = sub_4197C0(v218, v231);
v51 = std::istream::operator>>(v50, (char *)this + 372);
v52 = sub_419980(v51, &v227);
v53 = std::istream::operator>>(v52, (char *)this + 376);
v54 = sub_419980(v53, &v227);
std::istream::operator>>(v54, (char *)this + 380);
std::istream::getline(v218, Str, 1024, 0);
AfxGetModuleState();
ATL::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>(v229);
LOBYTE(v234) = 12;
if ( !ATL::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>::LoadStringA(v229, 11066) )
    AfxMessageBox("Not found on StringTable", 0, 0);
*((double *)this + 242) = 0.0;
*((double *)this + 244) = 0.0;
v55 = (int *)((char *)this + 392);
*((double *)this + 243) = 0.0;
*((_DWORD *)this + 98) = -1;
sub_4197C0(v218, v231);
if ( !strstr(v231, asc_434400) )
{
    v56 = sub_4022A0(&v228, v229, "CODE-1");
    LOBYTE(v234) = 13;
    v57 = (const char *)ATL::CSimpleStringT<char,1>::operator char const *(v56, 0);
    AfxMessageBox(v57, v204, 0);
    LOBYTE(v234) = 12;
    ATL::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>::~CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>(&v228);
}
std::istream::getline(v218, Str, 1024, 0);
v58 = (int *)((char *)this + 388);
std::istream::operator>>(v218, (char *)this + 388);
v59 = 0;
j = 0;
if ( *((int *)this + 97) > 0 )
{
    do
    {
      std::istream::operator>>(v218, (char *)this + 8 * v59 + 400);
      v59 = j + 1;
      j = v59;
    }
    while ( v59 < *v58 );
}
std::istream::getline(v218, Str, 1024, 0);
std::istream::operator>>(v218, (char *)this + 388);
v60 = 0;
for ( j = 0; v60 < *v58; j = v60 )
{
    std::istream::operator>>(v218, (char *)this + 8 * v60 + 640);
    v60 = j + 1;
}
if ( !strcmp(v231, asc_4343EC) )
{
    std::istream::getline(v218, Str, 1024, 0);
    std::istream::operator>>(v218, (char *)this + 392);
    v61 = 0;
    for ( j = 0; v61 < *v55; j = v61 )
    {
      std::istream::operator>>(v218, (char *)this + 8 * v61 + 880);
      v61 = j + 1;
    }
    std::istream::getline(v218, Str, 1024, 0);
    std::istream::operator>>(v218, (char *)this + 392);
    v62 = 0;
    for ( j = 0; v62 < *v55; j = v62 )
    {
      std::istream::operator>>(v218, (char *)this + 8 * v62 + 1360);
      v62 = j + 1;
    }
}
std::istream::getline(v218, Str, 1024, 0);
sub_4197C0(v218, v231);
std::istream::getline(v218, Str, 1024, 0);
v63 = (int *)((char *)this + 396);
std::istream::operator>>(v218, (char *)this + 396);
v64 = 0;
j = 0;
if ( *((int *)this + 99) > 0 )
{
    do
    {
      std::istream::operator>>(v218, (char *)this + 8 * v64 + 1840);
      v64 = j + 1;
      j = v64;
    }
    while ( v64 < *v63 );
}
std::istream::getline(v218, Str, 1024, 0);
std::istream::operator>>(v218, (char *)this + 396);
v65 = 0;
for ( j = 0; v65 < *v63; j = v65 )
{
    std::istream::operator>>(v218, (char *)this + 8 * v65 + 1888);
    v65 = j + 1;
}
std::istream::getline(v218, Str, 1024, 0);
sub_4197C0(v218, v231);
if ( *v55 > 0 )
    std::istream::operator>>(v218, (char *)this + 1936);
v66 = std::istream::operator>>(v218, (char *)this + 1944);
std::istream::operator>>(v66, (char *)this + 1952);
std::istream::getline(v218, Str, 1024, 0);
v67 = sub_4197C0(v218, v231);
v68 = std::istream::operator>>(v67, (char *)this + 1960);
std::istream::operator>>(v68, (char *)this + 1968);
std::istream::getline(v218, Str, 1024, 0);
v69 = sub_4197C0(v218, v231);
v70 = std::istream::operator>>(v69, (char *)this + 1976);
std::istream::operator>>(v70, (char *)this + 1984);
std::istream::getline(v218, Str, 1024, 0);
v71 = sub_4197C0(v218, v231);
v72 = std::istream::operator>>(v71, (char *)this + 1992);
std::istream::operator>>(v72, (char *)this + 2000);
std::istream::getline(v218, Str, 1024, 0);
sub_4197C0(v218, v231);
if ( strcmp(v231, asc_4343E0) )
{
    v73 = sub_4022A0(&v228, v229, "CODE-2");
    LOBYTE(v234) = 14;
    v74 = (const char *)ATL::CSimpleStringT<char,1>::operator char const *(v73, 0);
    AfxMessageBox(v74, v205, 0);
    LOBYTE(v234) = 12;
    ATL::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>::~CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>(&v228);
}
std::istream::getline(v218, Str, 1024, 0);
v75 = sub_4197C0(v218, v231);
std::istream::operator>>(v75, (char *)this + 2008);
std::istream::getline(v218, Str, 1024, 0);
v76 = sub_4197C0(v218, v231);
std::istream::operator>>(v76, (char *)this + 2016);
std::istream::getline(v218, Str, 1024, 0);
v77 = sub_4197C0(v218, v231);
std::istream::operator>>(v77, (char *)this + 2024);
std::istream::getline(v218, Str, 1024, 0);
v78 = sub_4197C0(v218, v231);
std::istream::operator>>(v78, (char *)this + 2032);
std::istream::getline(v218, Str, 1024, 0);
v79 = sub_4197C0(v218, v231);
std::istream::operator>>(v79, (char *)this + 2040);
std::istream::getline(v218, Str, 1024, 0);
v80 = sub_4197C0(v218, v231);
std::istream::operator>>(v80, (char *)this + 2048);
std::istream::getline(v218, Str, 1024, 0);
v81 = sub_4197C0(v218, v231);
std::istream::operator>>(v81, (char *)this + 2056);
std::istream::getline(v218, Str, 1024, 0);
v82 = sub_4197C0(v218, v231);
std::istream::operator>>(v82, (char *)this + 2064);
std::istream::getline(v218, Str, 1024, 0);
v83 = sub_4197C0(v218, v231);
std::istream::operator>>(v83, (char *)this + 2072);
std::istream::getline(v218, Str, 1024, 0);
v84 = sub_4197C0(v218, v231);
std::istream::operator>>(v84, (char *)this + 2080);
std::istream::getline(v218, Str, 1024, 0);
v85 = sub_4197C0(v218, v231);
std::istream::operator>>(v85, (char *)this + 2088);
std::istream::getline(v218, Str, 1024, 0);
v86 = sub_4197C0(v218, v231);
sub_4197C0(v86, (char *)this + 2096);
std::istream::getline(v218, Str, 1024, 0);
if ( !strcmp((const char *)this + 2096, byte_4343D0) )
{
    StringA = ATL::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>::LoadStringA(v229, 11034);
}
else if ( !strcmp((const char *)this + 2096, byte_4343C8) )
{
    StringA = ATL::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>::LoadStringA(v229, 11035);
}
else
{
    if ( strcmp((const char *)this + 2096, byte_4343C0) )
      goto LABEL_86;
    StringA = ATL::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>::LoadStringA(v229, 11036);
}
if ( !StringA )
    AfxMessageBox("Not found on StringTable", 0, 0);
LABEL_86:
v88 = (const char *)ATL::CSimpleStringT<char,1>::operator char const *(v229, v207);
strcpy_s((char *)this + 2096, 0x1Eu, v88);
*((double *)this + 417) = -1.0e10;
*((double *)this + 387) = -1.0e10;
*((double *)this + 357) = -1.0e10;
*((double *)this + 327) = -1.0e10;
*((double *)this + 297) = -1.0e10;
*((double *)this + 267) = -1.0e10;
sub_4197C0(v218, v231);
if ( !strstr(v231, asc_4343B4) )
{
    v89 = sub_4022A0(&v228, v229, "CODE-3");
    LOBYTE(v234) = 15;
    v90 = (const char *)ATL::CSimpleStringT<char,1>::operator char const *(v89, 0);
    AfxMessageBox(v90, v202, 0);
    LOBYTE(v234) = 12;
    ATL::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>::~CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>(&v228);
}
std::istream::getline(v218, Str, 1024, 0);
v91 = (int *)((char *)this + 2128);
std::istream::operator>>(v218, (char *)this + 2128);
v92 = 0;
j = 0;
if ( *((int *)this + 532) > 0 )
{
    do
    {
      std::istream::operator>>(v218, (char *)this + 8 * v92 + 2136);
      v92 = j + 1;
      j = v92;
    }
    while ( v92 < *v91 );
}
std::istream::getline(v218, Str, 1024, 0);
std::istream::operator>>(v218, (char *)this + 2128);
v93 = 0;
for ( j = 0; v93 < *v91; j = v93 )
{
    std::istream::operator>>(v218, (char *)this + 8 * v93 + 2376);
    v93 = j + 1;
}
if ( !strcmp(v231, asc_4343A0) )
{
    std::istream::getline(v218, Str, 1024, 0);
    std::istream::operator>>(v218, (char *)this + 2128);
    v94 = 0;
    for ( j = 0; v94 < *v91; j = v94 )
    {
      std::istream::operator>>(v218, (char *)this + 8 * v94 + 2616);
      v94 = j + 1;
    }
    std::istream::getline(v218, Str, 1024, 0);
    std::istream::operator>>(v218, (char *)this + 2128);
    v95 = 0;
    for ( j = 0; v95 < *v91; j = v95 )
    {
      std::istream::operator>>(v218, (char *)this + 8 * v95 + 2856);
      v95 = j + 1;
    }
    std::istream::getline(v218, Str, 1024, 0);
    std::istream::operator>>(v218, (char *)this + 2128);
    v96 = 0;
    for ( j = 0; v96 < *v91; j = v96 )
    {
      std::istream::operator>>(v218, (char *)this + 8 * v96 + 3096);
      v96 = j + 1;
    }
    std::istream::getline(v218, Str, 1024, 0);
    std::istream::operator>>(v218, (char *)this + 2128);
    v97 = 0;
    for ( j = 0; v97 < *v91; j = v97 )
    {
      std::istream::operator>>(v218, (char *)this + 8 * v97 + 3336);
      v97 = j + 1;
    }
}
std::istream::getline(v218, Str, 1024, 0);
v98 = sub_4197C0(v218, v231);
v99 = std::istream::operator>>(v98, (char *)this + 3576);
std::istream::operator>>(v99, (char *)this + 3584);
std::istream::getline(v218, Str, 1024, 0);
v100 = sub_4197C0(v218, v231);
v101 = std::istream::operator>>(v100, (char *)this + 3592);
std::istream::operator>>(v101, (char *)this + 3600);
std::istream::getline(v218, Str, 1024, 0);
v102 = sub_4197C0(v218, v231);
v103 = std::istream::operator>>(v102, (char *)this + 3608);
std::istream::operator>>(v103, (char *)this + 3616);
std::istream::getline(v218, Str, 1024, 0);
v104 = sub_4197C0(v218, v231);
v105 = std::istream::operator>>(v104, (char *)this + 3624);
std::istream::operator>>(v105, (char *)this + 3632);
std::istream::getline(v218, Str, 1024, 0);
v106 = sub_4197C0(v218, v231);
v107 = std::istream::operator>>(v106, (char *)this + 3640);
std::istream::operator>>(v107, (char *)this + 3648);
std::istream::getline(v218, Str, 1024, 0);
*((double *)this + 647) = 0.0;
*((double *)this + 646) = 0.0;
*((double *)this + 608) = -1.0e10;
*((double *)this + 578) = -1.0e10;
*((double *)this + 548) = -1.0e10;
*((double *)this + 518) = -1.0e10;
*((double *)this + 488) = -1.0e10;
*((double *)this + 458) = -1.0e10;
sub_4197C0(v218, v231);
if ( !strstr(v231, asc_434394) )
{
    v108 = sub_4022A0(&v228, v229, "CODE-4");
    LOBYTE(v234) = 16;
    v109 = (const char *)ATL::CSimpleStringT<char,1>::operator char const *(v108, 0);
    AfxMessageBox(v109, v203, 0);
    LOBYTE(v234) = 12;
    ATL::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>::~CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>(&v228);
}
std::istream::getline(v218, Str, 1024, 0);
v110 = (int *)((char *)this + 3656);
std::istream::operator>>(v218, (char *)this + 3656);
v111 = 0;
j = 0;
if ( *((int *)this + 914) > 0 )
{
    do
    {
      std::istream::operator>>(v218, (char *)this + 8 * v111 + 3664);
      v111 = j + 1;
      j = v111;
    }
    while ( v111 < *v110 );
}
std::istream::getline(v218, Str, 1024, 0);
std::istream::operator>>(v218, (char *)this + 3656);
v112 = 0;
for ( j = 0; v112 < *v110; j = v112 )
{
    std::istream::operator>>(v218, (char *)this + 8 * v112 + 3904);
    v112 = j + 1;
}
if ( !strcmp(v231, asc_434380) )
{
    std::istream::getline(v218, Str, 1024, 0);
    std::istream::operator>>(v218, (char *)this + 3656);
    v113 = 0;
    for ( j = 0; v113 < *v110; j = v113 )
    {
      std::istream::operator>>(v218, (char *)this + 8 * v113 + 4144);
      v113 = j + 1;
    }
    std::istream::getline(v218, Str, 1024, 0);
    std::istream::operator>>(v218, (char *)this + 3656);
    v114 = 0;
    for ( j = 0; v114 < *v110; j = v114 )
    {
      std::istream::operator>>(v218, (char *)this + 8 * v114 + 4384);
      v114 = j + 1;
    }
    std::istream::getline(v218, Str, 1024, 0);
    std::istream::operator>>(v218, (char *)this + 3656);
    v115 = 0;
    for ( j = 0; v115 < *v110; j = v115 )
    {
      std::istream::operator>>(v218, (char *)this + 8 * v115 + 4624);
      v115 = j + 1;
    }
    std::istream::getline(v218, Str, 1024, 0);
    std::istream::operator>>(v218, (char *)this + 3656);
    v116 = 0;
    for ( j = 0; v116 < *v110; j = v116 )
    {
      std::istream::operator>>(v218, (char *)this + 8 * v116 + 4864);
      v116 = j + 1;
    }
}
std::istream::getline(v218, Str, 1024, 0);
v117 = sub_4197C0(v218, v231);
v118 = std::istream::operator>>(v117, (char *)this + 5104);
std::istream::operator>>(v118, (char *)this + 5112);
std::istream::getline(v218, Str, 1024, 0);
v119 = sub_4197C0(v218, v231);
v120 = std::istream::operator>>(v119, (char *)this + 5120);
std::istream::operator>>(v120, (char *)this + 5128);
std::istream::getline(v218, Str, 1024, 0);
v121 = sub_4197C0(v218, v231);
std::istream::operator>>(v121, (char *)this + 5136);
std::istream::getline(v218, Str, 1024, 0);
v122 = sub_4197C0(v218, v231);
std::istream::operator>>(v122, (char *)this + 5144);
std::istream::getline(v218, Str, 1024, 0);
sub_4197C0(v218, v231);
v123 = v218;
if ( *((double *)this + 518) <= -1.0e10 )
{
    v206 = (char *)this + 5168;
}
else
{
    std::istream::operator>>(v218, (char *)this + 5152);
    std::istream::getline(v218, Str, 1024, 0);
    v124 = sub_4197C0(v218, v231);
    std::istream::operator>>(v124, (char *)this + 5160);
    std::istream::getline(v218, Str, 1024, 0);
    v125 = sub_4197C0(v218, v231);
    v206 = (char *)this + 5176;
    v123 = (int *)std::istream::operator>>(v125, (char *)this + 5168);
}
std::istream::operator>>(v123, v206);
std::istream::getline(v218, Str, 1024, 0);
v126 = sub_4197C0(v218, v231);
sub_4197C0(v126, Str);
if ( !strcmp(Str, byte_434378) )
{
    v127 = ATL::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>::LoadStringA(v229, 11070);
}
else
{
    if ( strcmp(Str, byte_434370) )
      goto LABEL_125;
    v127 = ATL::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>::LoadStringA(v229, 11071);
}
if ( !v127 )
    AfxMessageBox("Not found on StringTable", 0, 0);
LABEL_125:
ATL::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>::operator=((char *)this + 5184, v229);
std::istream::getline(v218, Str, 1024, 0);
sub_4197C0(v218, v231);
if ( strcmp(v231, asc_434364) )
{
    v128 = sub_4022A0(&v228, v229, "CODE-5");
    LOBYTE(v234) = 17;
    v129 = (const char *)ATL::CSimpleStringT<char,1>::operator char const *(v128, 0);
    AfxMessageBox(v129, v201, 0);
    LOBYTE(v234) = 12;
    ATL::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>::~CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>(&v228);
}
std::istream::getline(v218, Str, 1024, 0);
std::istream::operator>>(v218, (char *)this + 5188);
v130 = 0;
for ( j = 0; v130 < *((_DWORD *)this + 1297); j = v130 )
{
    std::istream::operator>>(v218, (char *)this + 8 * v130 + 5192);
    v130 = j + 1;
}
std::istream::getline(v218, Str, 1024, 0);
v131 = sub_4197C0(v218, v231);
sub_4197C0(v131, Str);
if ( !strcmp(Str, byte_434354) )
{
    v132 = ATL::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>::LoadStringA(v229, 11072);
    goto LABEL_133;
}
if ( !strcmp(Str, byte_43434C) )
{
    v132 = ATL::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>::LoadStringA(v229, 11073);
LABEL_133:
    if ( !v132 )
      AfxMessageBox("Not found on StringTable", 0, 0);
}
ATL::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>::operator=((char *)this + 5440, v229);
std::istream::getline(v218, Str, 1024, 0);
v133 = sub_4197C0(v218, v231);
std::istream::operator>>(v133, (char *)this + 5432);
std::istream::getline(v218, Str, 1024, 0);
sub_4197C0(v218, v231);
if ( strcmp(v231, asc_43433C) )
{
    v134 = sub_4022A0(&v228, v229, "CODE-6");
    LOBYTE(v234) = 18;
    v135 = (const char *)ATL::CSimpleStringT<char,1>::operator char const *(v134, 0);
    AfxMessageBox(v135, v191, 0);
    LOBYTE(v234) = 12;
    ATL::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>::~CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>(&v228);
}
std::istream::getline(v218, Str, 1024, 0);
sub_4197C0(v218, v231);
v136 = 0;
j = 0;
do
{
    v194 = (char *)this + 8 * v136 + 5480;
    v137 = std::istream::operator>>(v218, (char *)this + 8 * v136 + 5448);
    std::istream::operator>>(v137, v194);
    std::istream::getline(v218, Str, 1024, 0);
    v136 = j + 1;
    j = v136;
}
while ( v136 < 4 );
sub_4197C0(v218, v231);
v138 = 0;
j = 0;
do
{
    v195 = (char *)this + 8 * v138 + 5544;
    v139 = std::istream::operator>>(v218, (char *)this + 8 * v138 + 5512);
    std::istream::operator>>(v139, v195);
    std::istream::getline(v218, Str, 1024, 0);
    v138 = j + 1;
    j = v138;
}
while ( v138 < 4 );
v140 = sub_4197C0(v218, v231);
v141 = std::istream::operator>>(v140, (char *)this + 5576);
std::istream::operator>>(v141, (char *)this + 5584);
std::istream::getline(v218, Str, 1024, 0);
v142 = sub_4197C0(v218, v231);
v143 = std::istream::operator>>(v142, (char *)this + 5592);
std::istream::operator>>(v143, (char *)this + 5600);
std::istream::getline(v218, Str, 1024, 0);
v144 = sub_4197C0(v218, v231);
v145 = std::istream::operator>>(v144, (char *)this + 5608);
std::istream::operator>>(v145, (char *)this + 5616);
std::istream::getline(v218, Str, 1024, 0);
sub_4197C0(v218, v231);
if ( strcmp(v231, asc_434324) )
{
    v146 = sub_4022A0(&v228, v229, "CODE-7");
    LOBYTE(v234) = 19;
    v147 = (const char *)ATL::CSimpleStringT<char,1>::operator char const *(v146, 0);
    AfxMessageBox(v147, v192, 0);
    LOBYTE(v234) = 12;
    ATL::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>::~CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>(&v228);
}
std::istream::getline(v218, Str, 1024, 0);
sub_4197C0(v218, v231);
v148 = 0;
j = 0;
do
{
    v196 = (char *)this + 8 * v148 + 5672;
    v149 = std::istream::operator>>(v218, (char *)this + 8 * v148 + 5624);
    std::istream::operator>>(v149, v196);
    std::istream::getline(v218, Str, 1024, 0);
    v148 = j + 1;
    j = v148;
}
while ( v148 < 6 );
sub_4197C0(v218, v231);
v150 = 0;
j = 0;
do
{
    v197 = (char *)this + 8 * v150 + 5768;
    v151 = std::istream::operator>>(v218, (char *)this + 8 * v150 + 5720);
    std::istream::operator>>(v151, v197);
    std::istream::getline(v218, Str, 1024, 0);
    v150 = j + 1;
    j = v150;
}
while ( v150 < 6 );
v152 = sub_4197C0(v218, v231);
std::istream::operator>>(v152, (char *)this + 5816);
std::istream::getline(v218, Str, 1024, 0);
v153 = sub_4197C0(v218, v231);
std::istream::operator>>(v153, (char *)this + 5824);
std::istream::getline(v218, Str, 1024, 0);
v154 = sub_4197C0(v218, v231);
std::istream::operator>>(v154, (char *)this + 5832);
std::istream::getline(v218, Str, 1024, 0);
*((double *)this + 769) = -1.0e10;
*((double *)this + 763) = -1.0e10;
*((double *)this + 757) = -1.0e10;
*((double *)this + 751) = -1.0e10;
v155 = (int *)((char *)this + 5904);
*((double *)this + 745) = -1.0e10;
*((double *)this + 739) = -1.0e10;
*((_DWORD *)this + 1476) = 0;
sub_4197C0(v218, v231);
if ( !strstr(v231, asc_434310) )
{
    v156 = sub_4022A0(&v228, v229, "CODE-8");
    LOBYTE(v234) = 20;
    v157 = (const char *)ATL::CSimpleStringT<char,1>::operator char const *(v156, 0);
    AfxMessageBox(v157, v193, 0);
    LOBYTE(v234) = 12;
    ATL::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>::~CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>(&v228);
}
std::istream::getline(v218, Str, 1024, 0);
v158 = sub_4197C0(v218, Str);
std::istream::operator>>(v158, (char *)this + 5840);
if ( !strcmp(v231, asc_4342F8) )
{
    std::istream::getline(v218, Str, 1024, 0);
    std::istream::operator>>(v218, (char *)this + 5904);
    v159 = 0;
    for ( j = 0; v159 < *v155; j = v159 )
    {
      std::istream::operator>>(v218, (char *)this + 8 * v159 + 5912);
      v159 = j + 1;
    }
    std::istream::operator>>(v218, (char *)this + 5904);
    v160 = 0;
    for ( j = 0; v160 < *v155; j = v160 )
    {
      std::istream::operator>>(v218, (char *)this + 8 * v160 + 5960);
      v160 = j + 1;
    }
    std::istream::operator>>(v218, (char *)this + 5904);
    v161 = 0;
    for ( j = 0; v161 < *v155; j = v161 )
    {
      std::istream::operator>>(v218, (char *)this + 8 * v161 + 6008);
      v161 = j + 1;
    }
    std::istream::operator>>(v218, (char *)this + 5904);
    v162 = 0;
    for ( j = 0; v162 < *v155; j = v162 )
    {
      std::istream::operator>>(v218, (char *)this + 8 * v162 + 6056);
      v162 = j + 1;
    }
    std::istream::operator>>(v218, (char *)this + 5904);
    v163 = 0;
    for ( j = 0; v163 < *v155; j = v163 )
    {
      std::istream::operator>>(v218, (char *)this + 8 * v163 + 6104);
      v163 = j + 1;
    }
    std::istream::operator>>(v218, (char *)this + 5904);
    v164 = 0;
    for ( j = 0; v164 < *v155; j = v164 )
    {
      std::istream::operator>>(v218, (char *)this + 8 * v164 + 6152);
      v164 = j + 1;
    }
    std::istream::getline(v218, Str, 1024, 0);
    v165 = (int *)((char *)this + 6200);
    std::istream::operator>>(v218, (char *)this + 6200);
    v166 = 0;
    j = 0;
    if ( *((int *)this + 1550) > 0 )
    {
      do
      {
      v198 = (char *)this + 8 * v166 + 6232;
      v167 = std::istream::operator>>(v218, (char *)this + 8 * v166 + 6208);
      std::istream::operator>>(v167, v198);
      v166 = j + 1;
      j = v166;
      }
      while ( v166 < *v165 );
    }
    std::istream::getline(v218, Str, 1024, 0);
    std::istream::operator>>(v218, (char *)this + 6200);
    v168 = 0;
    for ( j = 0; v168 < *v165; j = v168 )
    {
      v199 = (char *)this + 8 * v168 + 6280;
      v169 = std::istream::operator>>(v218, (char *)this + 8 * v168 + 6256);
      std::istream::operator>>(v169, v199);
      v168 = j + 1;
    }
    std::istream::getline(v218, Str, 1024, 0);
    std::istream::operator>>(v218, (char *)this + 6200);
    v170 = 0;
    for ( j = 0; v170 < *v165; j = v170 )
    {
      v200 = (char *)this + 8 * v170 + 6328;
      v171 = std::istream::operator>>(v218, (char *)this + 8 * v170 + 6304);
      std::istream::operator>>(v171, v200);
      v170 = j + 1;
    }
    std::istream::getline(v218, Str, 1024, 0);
}
std::istream::getline(v218, Str, 1024, 0);
sub_4197C0(v218, v231);
if ( !strcmp(v231, asc_4342E4) )
{
    std::istream::getline(v218, Str, 1024, 0);
    v172 = sub_4197C0(v218, v231);
    sub_4197C0(v172, Str);
    v12 = strstr(Str, "NULL") == 0;
    v173 = (char *)&unk_432AC5;
    if ( v12 )
      v173 = Str;
    ATL::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>::operator=((char *)this + 5848, v173);
    std::istream::getline(v218, Str, 1024, 0);
    v12 = strstr(Str, "NULL") == 0;
    v174 = (char *)&unk_432AC5;
    if ( v12 )
      v174 = Str;
    ATL::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>::operator=((char *)this + 5852, v174);
    ATL::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>::TrimLeft((char *)this + 5852, "\t ");
    ATL::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>::TrimRight((char *)this + 5852, "\t ");
    v175 = sub_4197C0(v218, v231);
    v176 = std::istream::operator>>(v175, (char *)this + 5856);
    sub_4197C0(v176, Str);
    ATL::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>::operator=((char *)this + 5860, Str);
    v177 = std::istream::operator>>(v218, (char *)this + 5864);
    sub_4197C0(v177, Str);
    ATL::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>::operator=((char *)this + 5868, Str);
    v178 = std::istream::operator>>(v218, (char *)this + 5872);
    sub_4197C0(v178, Str);
    ATL::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>::operator=((char *)this + 5876, Str);
    std::istream::getline(v218, Str, 1024, 0);
    sub_4197C0(v218, v231);
    std::istream::getline(v218, Str, 1024, 0);
    v12 = strstr(Str, "NULL") == 0;
    v179 = (char *)&unk_432AC5;
    if ( v12 )
      v179 = Str;
    ATL::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>::operator=((char *)this + 5880, v179);
    ATL::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>::TrimLeft((char *)this + 5880, "\t ");
    ATL::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>::TrimRight((char *)this + 5880, "\t ");
    sub_4197C0(v218, v231);
    std::istream::getline(v218, Str, 1024, 0);
    v12 = strstr(Str, "NULL") == 0;
    v180 = (char *)&unk_432AC5;
    if ( v12 )
      v180 = Str;
    ATL::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>::operator=((char *)this + 5884, v180);
    ATL::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>::TrimLeft((char *)this + 5884, "\t ");
    ATL::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>::TrimRight((char *)this + 5884, "\t ");
    sub_4197C0(v218, v231);
    std::istream::getline(v218, Str, 1024, 0);
    v12 = strstr(Str, "NULL") == 0;
    v181 = (char *)&unk_432AC5;
    if ( v12 )
      v181 = Str;
    ATL::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>::operator=((char *)this + 5888, v181);
    ATL::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>::TrimLeft((char *)this + 5888, "\t ");
    ATL::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>::TrimRight((char *)this + 5888, "\t ");
    sub_4197C0(v218, v231);
    std::istream::getline(v218, Str, 1024, 0);
    v12 = strstr(Str, "NULL") == 0;
    v182 = (char *)&unk_432AC5;
    if ( v12 )
      v182 = Str;
    ATL::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>::operator=((char *)this + 5892, v182);
    ATL::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>::TrimLeft((char *)this + 5892, "\t ");
    ATL::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>::TrimRight((char *)this + 5892, "\t ");
    sub_4197C0(v218, v231);
    std::istream::getline(v218, Str, 1024, 0);
    v12 = strstr(Str, "NULL") == 0;
    v183 = (char *)&unk_432AC5;
    if ( v12 )
      v183 = Str;
    ATL::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>::operator=((char *)this + 5896, v183);
    ATL::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>::TrimLeft((char *)this + 5896, "\t ");
    ATL::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>::TrimRight((char *)this + 5896, "\t ");
    v184 = sub_4197C0(v218, v231);
    std::istream::operator>>(v184, &j);
    std::istream::read(v218, Str, 1, 0);
    std::istream::read(v218, Str, j, j >> 31);
    Str = 0;
    ATL::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>::operator=((char *)this + 5900, Str);
}
else
{
    ATL::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>::operator=((char *)this + 5848, &unk_432AC5);
    ATL::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>::operator=((char *)this + 5852, &unk_432AC5);
    ATL::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>(&v226);
    LOBYTE(v234) = 21;
    if ( !ATL::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>::LoadStringA(&v226, 11004) )
      AfxMessageBox("Not found on StringTable", 0, 0);
    ATL::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>(v217);
    LOBYTE(v234) = 22;
    if ( !ATL::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>::LoadStringA(v217, 11006) )
      AfxMessageBox("Not found on StringTable", 0, 0);
    ATL::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>(&v215);
    LOBYTE(v234) = 23;
    if ( !ATL::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>::LoadStringA(&v215, 11005) )
      AfxMessageBox("Not found on StringTable", 0, 0);
    *((_DWORD *)this + 1464) = 0;
    ATL::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>::operator=((char *)this + 5860, &v226);
    *((_DWORD *)this + 1466) = 0;
    ATL::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>::operator=((char *)this + 5868, v217);
    *((_DWORD *)this + 1468) = 0;
    ATL::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>::operator=((char *)this + 5876, &v215);
    ATL::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>::operator=((char *)this + 5880, &unk_432AC5);
    ATL::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>::operator=((char *)this + 5884, &unk_432AC5);
    ATL::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>::operator=((char *)this + 5888, &unk_432AC5);
    ATL::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>::operator=((char *)this + 5892, &unk_432AC5);
    ATL::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>::operator=((char *)this + 5896, &unk_432AC5);
    ATL::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>::operator=((char *)this + 5900, &unk_432AC5);
    ATL::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>::~CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>(&v215);
    ATL::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>::~CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>(v217);
    LOBYTE(v234) = 12;
    ATL::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>::~CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>(&v226);
}
v185 = sub_417B90(&v214, &unk_433864, (char *)this + 240);
LOBYTE(v234) = 24;
v186 = sub_4022A0(v211, v185, &unk_433860);
v187 = *(_DWORD *)this;
LOBYTE(v234) = 25;
v188 = ATL::CSimpleStringT<char,1>::operator char const *(v186, v190);
(*(void (__thiscall **)(CDocument *, int))(v187 + 92))(this, v188);
ATL::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>::~CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>(v211);
ATL::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>::~CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>(&v214);
ATL::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>::~CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>(v229);
v189 = *(_DWORD *)(v218 + 4);
v228 = (char *)v224;
*(int *)((char *)v218 + v189) = (int)&std::istrstream::`vftable';
v226 = (int)v219;
v219 = (int)&std::strstreambuf::`vftable';
LOBYTE(v234) = 27;
if ( (v222 & 9) == 1 )
{
    if ( v223 )
      v223(*v220);
    else
      operator delete[](*v220);
}
v222 &= 0xFFFFFFF6;
v221 = 0;
LOBYTE(v234) = 26;
std::streambuf::~streambuf<char,std::char_traits<char>>(v219);
*(int *)((char *)v218 + *(_DWORD *)(v218 + 4)) = (int)std::istream::`vftable';
LOBYTE(v234) = 6;
v224 = (int)std::ios_base::`vftable';
std::ios_base::_Ios_base_dtor((struct std::ios_base *)v224);
ATL::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>::~CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>(v216);
ATL::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>::~CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>(v225);
v234 = -1;
CFile::~CFile((CFile *)v212);
return 1;
}

爱飞的猫 发表于 2022-10-18 18:00

void* 表示未知类型的指针。你可以改成 char* 凑合着用。
unk 开头直接双击查看，如果看不到内容表示这个地址不在 exe 内，可能是动态分配。用调试器附加或 cheat engine 之类的内存查看工具看这个地址的内存。
this 地址偏移你把它当普通的偏移看就行。this 是一个结构体指针（vtable）。
sub_427160 是 memcpy 的包装，前两个参数是指针。

sub_427160(this + 11, Src, 0x104u); 从 src 复制 0x104 字节到 this + 11 处
sub_427160(this + 76, a5, 0x2C4u); 从 a5 复制 0x2c4 字节到 this + 76 处

看起来像是有覆盖。

this 这个变量看起来更像是一个 char* 指针变量，而不是一个类的实例。

yinhao1979 发表于 2022-10-18 22:16

本帖最后由 yinhao1979 于 2022-10-18 22:33 编辑

爱飞的猫 发表于 2022-10-18 18:00
void* 表示未知类型的指针。你可以改成 char* 凑合着用。
unk 开头直接双击查看，如果看不到内容表示这个 ...
谢谢爱飞的猫 用调试器附加或 cheat engine 之类的内存查看工具看这个地址的内存方法还没用过，我用动态调试断点后通过下面的脚本可以得到这个地址的byte数据，但是长度我是自己随意输入的，
有没有什么办法知道unk 数据的长度的数据类型？或转为字符串
def getEncodeStr6(addr, len, fmt):
    print("addr = > %06X %d" % (addr, addr))
    out = ""
    outstr = ""
    pos = 0
    posSplit = 0
    while(True):
      ch = idaapi.get_byte(addr)
      if pos < len:
            #out += chr(ch)
            out += (fmt % ch)
            #out += ("%d " % ch)
            #print("%02x" % ch)
            outstr += chr(ch)
      else:
            break
      addr += 1
      pos += 1
      posSplit = pos%195
      if posSplit == 0:
         outstr += " "
      
    print("pos = > %d %d" % (pos, posSplit))
    print("outstr = > %s" % outstr)
    return out
sub_426E40 是一个 thiscall 方法中参数 _DWORD *this 调用时没传入，应该是编译器自动加上，我看有些文章说是指向函数，这个this在方法内使用 this + 11, this + 76 去做内存复制，
后续数据我应该如何获取？不知道如何和后续程序的指针对应上，这边有点不太理解，这个操作最后对应在操作哪个变量，是不是 memcpy 后的数据都在 v10 这个指针里面？
这样理解对吗？完整方法如下：
_DWORD *__thiscall sub_426E40(_DWORD *this, int a2, int a3, void *Src, void *a5)
{
sub_427160(this + 11, Src, 0x104u);
sub_427160(this + 76, a5, 0x2C4u);
*this = 1;
sub_4269E0(this);
// 这种 this 和 this+245 是不是一样都是地址偏移意思？
this = 0;   
this = 0;
this = 0;
this = 0;
*((_BYTE *)this + 1036) = 0;
this = 0;
this = 0;
*((_BYTE *)this + 1172) = 0;
*((_BYTE *)this + 1180) = 0;
this = 0;
this = a2;
this = a3;
return this;
}

爱飞的猫 发表于 2022-10-19 00:29

最好是把文件发出来一起看

unk* 的数据类型和大小都是未知，只有在运行的时候分析或根据操作这部分内存的代码进行分析总结。IDA 的自动分析也不是一定靠谱的，因为有时候编译器优化会干扰分析。

如果数据已知是字符串，你可以一直读下去直到遇到 00 字节的时候停止。（Unicode 字符串则是等到遇到 00 00 字节时停止）。


// 这种 this 和 this+245 是不是一样都是地址偏移意思？
this = 0;
是也不是，this 的类型是 dword*，因此地址偏移是 this 指向的地址 + 254 × 4 （dword 是四字节）。


sub_427160(this + 11, Src, 0x104u);
sub_427160(this + 76, a5, 0x2C4u);

知道 this 是 dword* 后，（76-11）×4=260 字节，刚好是 0x104 的大小，第一个call参数的复制的字节数。

爱飞的猫 发表于 2022-10-20 01:44

建议发原文件和调试步骤，单纯看伪代码能看出来的东西不多。

另外你可以试试 插件，将 `this + xxx` 变成更容易阅读的结构体。

: https://www.52pojie.cn/thread-1493644-1-1.html

```c
if ( ATL::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>::Compare(v216, &unk_433DA4) )
{
    // 这种操作是指针赋值给 v12 并且设置初始值为0的意思吗？
    // A: 检测 this 是不是 0，是一个 Boolean 类型。
    v12 = *((_DWORD *)this + 55) == 0;
   
    // 这种赋值的意思是将 地址对应的值设置为长度吗？
    // A: this = Length; => v212 这个文件的长度
    *((_DWORD *)this + 56) = Length;

    if ( v12 )
      // 上面如果是已经对 v12 赋值为 *((_DWORD *)this + 55) 这个地址，这边这个操作还是对同一个地址再做一次初始化吗？
      // A: 这个才是初始化。你可以理解为这样：
      //    if (!this->buffer) this->buffer = new char;
      //    其中 !this->buffer 就是 v12
      *((_DWORD *)this + 55) = operator new[](Length);

    // 这边这个操作是不是可以理解为将 v8 数据复制到 *((_DWORD *)this + 55) 这个地址？是不是就是对应到 v12 指向地址？
    // A: this = b8
    //    将文件内容拷贝到内存。
    for ( i = 0; i < Length; ++i )
      *(_BYTE *)(i + *((_DWORD *)this + 55)) = *((_BYTE *)v8 + i);
}
else
{
    // 这个v214初始化就看不懂了，不理解和下面v10有什么关系
    // A: v10 应该是一个类的实例，sub_426E40 应该是这个类的 constructor 构造函数。
    //    返回值和 v214 可以当作同一个东西。
    v214 = operator new(0x520u);
    LOBYTE(v234) = 7;
    if ( v214 )
      v10 = (size_t *)((int (__stdcall *)(int, int, void *, void *))sub_426E40)(
                        (int)v8,
                        Length,
                        &unk_43C908,
                        &unk_43CA10);
    else
      v10 = 0;
    LOBYTE(v234) = 6;
    // 下面几个步骤都用到 v10 , 但是动态调试时 v10 数据也没变化
    // A: v10 是个结构体，有 0x520 (1312) 字节，结构体内又有指针（例如偏移 55*4 处是读入文件的内存地址）
    if ( !sub_426EE0(v10) )
    {
      AfxMessageBox("Resolving failed for file Decryption", 0, 0);
LABEL_12:
      ATL::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>::~CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>(v216);
      v5 = v225;
      goto LABEL_4;
    }
    if ( !sub_4269D0(v10) )
    {
      AfxMessageBox("Signature checking failed", 0, 0);
      goto LABEL_12;
    }
    if ( !sub_427020((int)v10, 1) )
    {
      AfxMessageBox("Descryption failed for file format", 0, 0);
      goto LABEL_12;
    }
    Font = CMFCCaptionBar::OnGetFont((CMFCCaptionBar *)v10);
    v12 = *((_DWORD *)this + 55) == 0;
    *((_DWORD *)this + 56) = Font;
    if ( v12 )
      *((_DWORD *)this + 55) = operator new[]((unsigned int)Font);
    ((void (__stdcall *)(void *, int, size_t))sub_4269A0)(*((void **)this + 55), 0, 0);
    if ( v10 )
    {
      sub_4268F0((int)v10);
      operator delete(v10);
    }
}
operator delete(v8);
v14 = *((_DWORD *)this + 56);
// 这一步动态调试可以打印出来 this 地址为 0x4840000 和方法入参 CDocument *this一样 ，但是这边 *((_DWORD *)this + 55) 后 v15 0xBCF6578
// 0xBCF6578 和 0x4840000 + 55 对应不起来，不知道要如何理解了？
// A: 查看内存 +0x37*4 的值（假设 ecx = this 的值）。
//    "*((_DWORD *) ...)" 最前面的星号 "*" 表示读取这个地址指向的内容。
//    v15 应该是解密后的文件头（DWORD = 四字节）。
v15 = *((_DWORD *)this + 55);
```

yinhao1979 发表于 2022-10-20 22:07

本帖最后由 yinhao1979 于 2022-10-20 22:10 编辑

非常感谢， HexRaysCodeXplorer 插件下载后如何使用？有链接文档吗？直接把压缩包下载解压文件复制到 IDA Pro程序 plugins目录下面重启就可以使用了吗？

另外你说把文件和调试步骤发出来，文件是 指 exe 文件目录吗？调试步骤是指 IDA Pro 7.6 里面每一步的参数及输入输出吗？

yinhao1979 发表于 2022-10-26 20:23

爱飞的猫 发表于 2022-10-20 01:44
建议发原文件和调试步骤，单纯看伪代码能看出来的东西不多。

另外你可以试试 [ ...

我想判断 sub 方法是哪种系统或库方法，有没办法 ？

爱飞的猫 发表于 2022-10-27 05:11

文件指的是 exe/dll 可执行文件
调试步骤是触发你在看的这个函数的方法，例如“主界面选择注册，输入 123 后点击确定后触发”

我想判断 sub 方法是哪种系统或库方法，有没办法 ？
如果是粉红色，一般是系统的方法。识别为 sub_ 一般都是静态链接的，只能手动分析。

yinhao1979 发表于 2022-10-27 19:49

爱飞的猫 发表于 2022-10-27 05:11
文件指的是 exe/dll 可执行文件
调试步骤是触发你在看的这个函数的方法，例如“主界面选择注册，输入 123...
具体调试文件及调试步骤可以点击下载，https://www.lrmsoft.cn/debug.zip调试过程及分析的代码段我也写 step.txt 文件中，主要一些 sub_ 开头方法不知道要如何分析 {:1_893:}

查看完整版本: IDA Pro 代码如何理解