求助: 汇编还原为C代码
萌新一个, 各位大佬麻烦看看```
mov rdi, rax ; s
mov , r8
mov , rax
call _strlen
mov rdi,
mov ecx, 20h ; ' '
mov rdx, r12
mov rsi, rax
call sub_2CB0
movzx eax, byte ptr
movzx ecx, byte ptr
lea r10,
mov r8,
lea r9,
mov edx, eax
and eax, 0Fh
movzx r11d, byte ptr
mov eax, ecx
shr dl, 4
and ecx, 0Fh
shr al, 4
and edx, 0Fh
and eax, 0Fh
movzx edi, byte ptr
movzx edx, byte ptr
movzx esi, byte ptr
mov , dil
mov byte ptr , sil
mov byte ptr , dl
mov byte ptr , r11b
lea r11,
loc_1BF2:
movzx ecx, byte ptr
movzx edx, byte ptr
add r9, 0Ah
add r11, 5
mov edi, ecx
and ecx, 0Fh
movzx esi, byte ptr
shr dil, 4
mov ecx, edx
and edx, 0Fh
and edi, 0Fh
shr cl, 4
movzx eax, byte ptr
mov , sil
and ecx, 0Fh
movzx esi, byte ptr
movzx edi, byte ptr
mov , al
movzx eax, byte ptr
mov edx, esi
and esi, 0Fh
mov , dil
shr dl, 4
mov , al
movzx eax, byte ptr
and edx, 0Fh
movzx edi, byte ptr
movzx ecx, byte ptr
mov esi, eax
and eax, 0Fh
mov , dil
shr sil, 4
mov , cl
movzx ecx, byte ptr
and esi, 0Fh
movzx eax, byte ptr
movzx edx, byte ptr
mov , cl
mov edi, eax
mov , dl
and eax, 0Fh
shr dil, 4
movzx edx, byte ptr
and edi, 0Fh
movzx esi, byte ptr
mov , sil
mov , dl
cmp r11, r10
jnz loc_1BF2
```
… 都用 IDA 了,在 IDA 按 F5 生成 C 伪码 void convert_string(char *str) {
int len = strlen(str);
for (int i = 0; i < len; i += 2) {
unsigned char high = str;
unsigned char low = str;
unsigned char result;
result = (high & 0x0F) | ((low & 0x0F) << 4);
result = ((high & 0xF0) >> 4) | ((low & 0xF0) >> 4);
result = ((high & 0xF0) >> 4) | ((low & 0xF0) >> 4);
result = ((high & 0xF0) >> 4) | ((low & 0xF0) >> 4);
printf("%c%c%c%c", result, result, result, result);
}
}AI转的,不知道对不对 完全不知道如何下手, 看来基础知识还是太欠缺了 从控制台计算输入长度,随后调用 sub_2CB0看传参方式这是64位程序字符串 字符串长度 还有个缓冲区,后面那一大坨在做位操作进行某种计算。
不用担心不知道如何下手,前面的都是汇编简单指令,涉及到加解密谁来都头疼。 void function_name() {
char *stream = (char *)rax;
char *var_740 = (char *)r8;
char *var_420 = rbp + 0x420;
char *var_4E0 = rbp + 0x4E0;
size_t length = strlen(stream);
for (int i = 0; i < length; i += 2) {
char byte1 = stream;
char byte2 = stream;
int nibble1 = byte1 & 0x0F;
int nibble2 = byte1 >> 4;
int nibble3 = byte2 & 0x0F;
int nibble4 = byte2 >> 4;
char value1 = (rbx + nibble1) & 0xFF;
char value2 = (rbx + nibble2) & 0xFF;
char value3 = (rbx + nibble3) & 0xFF;
char value4 = (rbx + nibble4) & 0xFF;
var_740 = value1;
var_4E0 = value3;
var_4E0 = value4;
var_4E0 = value2;
}
}
会飞的丑小鸭 发表于 2024-6-24 11:36
void function_name() {
char *stream = (char *)rax;
char *var_740 = (char *)r8;
感谢大佬出手 会飞的丑小鸭 发表于 2024-6-24 11:36
void function_name() {
char *stream = (char *)rax;
char *var_740 = (char *)r8;
这是用IDA生成的? arfersiorfik 发表于 2024-7-6 16:12
这是用IDA生成的?
应该不是,IDA生成的,IDA生成的可不是这样的
页:
[1]