好友
阅读权限25
听众
最后登录1970-1-1
|
希望有大佬能分析代码的相关逻辑,
写一下注释,翻译一下就行,我可以自己写提取代码,感谢
输入假码获取相关关键信息
通过搜索关键字符串,定位到如下代码
再次点击播放出现如下信息
我们用相关加密软件加密其他视频,然后分析看看,是否为秘钥
再次定位到弹出错误的地方,然后出现如下信息
我们分析一下加密软件的播放算法
经过定位点击按钮的事件,我们在od中找到了加密call
加密软件默认加密秘钥为123456
可以看到在堆栈中有相关秘钥的信息,且与我们之前分析的加密好的文件中那串字符串一模一样,
由此推断,这串字符串就是加密后的秘钥
我们试试修改那串秘钥字符串为自己的秘钥字符串,然后生成播放密码进行测试
然后点击播放,可以看到,已经可以绕过原有的播放密码进行播放了
然后这样虽然能正常播放,但是每次播放都要修改秘钥,而且文件还特别多,很麻烦,想试试提取
我们知道,他要播放一个视频,他必须读取原有播放文件,然后进行解密,然后才能正常播放,
所以我们从ReadFile函数入手
下面的这次读取应该就是读取加密文件了,
我们再运行一次,然后跟踪读取出来的数据
我们打开16进制编辑工具,然后进行分析,可以看到,确实是读取了加密的文件数据
我们跟踪一下调用ReadFile返回后的地方
接下来我们用IDA分析,比较方便一点,用ida前,先计算一下偏移,因为调用ReadFile函数的是一个dll,
在静态分析dll,加载的地址都是10001000
计算出偏移后,我们打开ida,定位那个调用ReadFile函数进行读取加密文件的地方,
然后,我就卡在这了,因为我也没有相关做加密解密相关的经验,这代码一看,挺蒙的,
而且还没有注释,提示什么的都没有,所以只好求助一下大家
下面这个是这个函数的交叉引用,推断是读取数据后,存入堆内存,然后交叉引用进行解密操作
下面就是贴代码,
代码1:调用ReadFile的函数:
[C] 纯文本查看 复制代码 unsigned int __cdecl _read_nolock(int FileHandle, LPVOID lpBuffer, DWORD nNumberOfBytesToRead)
{
DWORD v3; // edx
unsigned int result; // eax
int *v5; // edi
int v6; // eax
int v7; // esi
char v8; // cl
CHAR *v9; // ebx
int v10; // eax
int v11; // ecx
int v12; // edx
int v13; // ecx
CHAR *v14; // eax
CHAR v15; // cl
bool v16; // zf
int v17; // ecx
CHAR v18; // cl
int v19; // ecx
CHAR v20; // cl
int v21; // ecx
int v22; // eax
char *v23; // eax
CHAR *v24; // ebx
CHAR v25; // al
_BYTE *v26; // eax
_BYTE *v27; // ebx
int v28; // ecx
int v29; // eax
char v30; // dl
_BYTE *v31; // ebx
int v32; // ebx
unsigned int v33; // eax
int v34; // edx
BOOL v35; // ecx
CHAR *v36; // ebx
int v37; // ecx
_BYTE *v38; // esi
__int16 v39; // [esp-Ch] [ebp-2Ch]
DWORD v40; // [esp+4h] [ebp-1Ch]
DWORD NumberOfBytesRead; // [esp+8h] [ebp-18h] BYREF
unsigned int v42; // [esp+Ch] [ebp-14h]
LPCCH lpMultiByteStr; // [esp+10h] [ebp-10h]
unsigned int v44; // [esp+14h] [ebp-Ch]
__int16 v45; // [esp+18h] [ebp-8h] BYREF
char v46; // [esp+1Eh] [ebp-2h]
char Buffer; // [esp+1Fh] [ebp-1h] BYREF
LPCCH nNumberOfBytesToReada; // [esp+30h] [ebp+10h]
LPCCH nNumberOfBytesToReadb; // [esp+30h] [ebp+10h]
v3 = nNumberOfBytesToRead;
v42 = -2;
v40 = nNumberOfBytesToRead;
if ( FileHandle == -2 )
{
*__doserrno() = 0;
*_errno() = 9;
return -1;
}
if ( FileHandle < 0 || FileHandle >= uNumber )
{
*__doserrno() = 0;
*_errno() = 9;
_invalid_parameter_noinfo();
return -1;
}
v5 = &dword_10DEADC0[FileHandle >> 5];
v6 = *v5;
v7 = (FileHandle & 0x1F) << 6;
v8 = *(_BYTE *)(*v5 + v7 + 4);
if ( (v8 & 1) == 0 )
{
*__doserrno() = 0;
*_errno() = 9;
LABEL_19:
_invalid_parameter_noinfo();
return -1;
}
if ( nNumberOfBytesToRead > 0x7FFFFFFF )
goto LABEL_18;
v44 = 0;
if ( !nNumberOfBytesToRead || (v8 & 2) != 0 )
return 0;
if ( !lpBuffer )
goto LABEL_18;
v46 = (char)(2 * *(_BYTE *)(v6 + v7 + 36)) >> 1;
if ( v46 != 1 )
{
if ( v46 != 2 )
{
LABEL_16:
v9 = (CHAR *)lpBuffer;
lpMultiByteStr = (LPCCH)lpBuffer;
goto LABEL_26;
}
if ( (nNumberOfBytesToRead & 1) == 0 )
{
nNumberOfBytesToRead &= 0xFFFFFFFE;
goto LABEL_16;
}
LABEL_18:
*__doserrno() = 0;
*_errno() = 22;
goto LABEL_19;
}
if ( (nNumberOfBytesToRead & 1) != 0 )
goto LABEL_18;
nNumberOfBytesToRead = 4;
if ( v3 >> 1 >= 4 )
nNumberOfBytesToRead = v3 >> 1;
v9 = (CHAR *)_malloc_crt(nNumberOfBytesToRead);
lpMultiByteStr = v9;
if ( !v9 )
{
*_errno() = 12;
*__doserrno() = 8;
return -1;
}
v10 = _lseeki64_nolock(FileHandle, 0, 0, 1u);
v11 = *v5;
*(_DWORD *)(v7 + v11 + 40) = v10;
*(_DWORD *)(v7 + v11 + 44) = v12;
LABEL_26:
v13 = v7 + *v5;
v14 = v9;
if ( (*(_BYTE *)(v13 + 4) & 0x48) != 0 )
{
v15 = *(_BYTE *)(v13 + 5);
if ( v15 != 10 )
{
if ( nNumberOfBytesToRead )
{
--nNumberOfBytesToRead;
v16 = v46 == 0;
*v9 = v15;
v17 = *v5;
v14 = v9 + 1;
v44 = 1;
*(_BYTE *)(v7 + v17 + 5) = 10;
if ( !v16 )
{
v18 = *(_BYTE *)(v7 + *v5 + 37);
if ( v18 != 10 )
{
if ( nNumberOfBytesToRead )
{
*v14 = v18;
v19 = *v5;
v14 = v9 + 2;
--nNumberOfBytesToRead;
v16 = v46 == 1;
v44 = 2;
*(_BYTE *)(v7 + v19 + 37) = 10;
if ( v16 )
{
v20 = *(_BYTE *)(v7 + *v5 + 38);
if ( v20 != 10 )
{
if ( nNumberOfBytesToRead )
{
*v14 = v20;
v21 = *v5;
v14 = v9 + 3;
--nNumberOfBytesToRead;
v44 = 3;
*(_BYTE *)(v7 + v21 + 38) = 10;
}
}
}
}
}
}
}
}
}
if ( !ReadFile(*(HANDLE *)(v7 + *v5), v14, nNumberOfBytesToRead, &NumberOfBytesRead, 0)
|| (NumberOfBytesRead & 0x80000000) != 0
|| NumberOfBytesRead > nNumberOfBytesToRead )
{
v33 = GetLastError();
if ( v33 == 5 )
{
*_errno() = 9;
*__doserrno() = 5;
goto LABEL_93;
}
if ( v33 == 109 )
{
v42 = 0;
goto $error_return$29001;
}
goto LABEL_92;
}
v22 = *v5;
v44 += NumberOfBytesRead;
v23 = (char *)(v7 + v22 + 4);
if ( *v23 < 0 )
{
if ( v46 != 2 )
{
if ( NumberOfBytesRead && *v9 == 10 )
*v23 |= 4u;
else
*v23 &= 0xFBu;
v24 = (CHAR *)lpMultiByteStr;
nNumberOfBytesToReada = lpMultiByteStr;
v44 += (unsigned int)lpMultiByteStr;
if ( (unsigned int)lpMultiByteStr < v44 )
{
do
{
v25 = *nNumberOfBytesToReada;
if ( *nNumberOfBytesToReada == 26 )
{
v26 = (_BYTE *)(v7 + *v5 + 4);
if ( (*v26 & 0x40) != 0 )
*v24++ = *nNumberOfBytesToReada;
else
*v26 |= 2u;
break;
}
if ( v25 == 13 )
{
if ( (unsigned int)nNumberOfBytesToReada < v44 - 1 )
{
if ( nNumberOfBytesToReada[1] == 10 )
{
nNumberOfBytesToReada += 2;
goto LABEL_52;
}
++nNumberOfBytesToReada;
LABEL_63:
*v24 = 13;
LABEL_64:
++v24;
continue;
}
++nNumberOfBytesToReada;
if ( !ReadFile(*(HANDLE *)(v7 + *v5), &Buffer, 1u, &NumberOfBytesRead, 0) && GetLastError()
|| !NumberOfBytesRead )
{
goto LABEL_63;
}
if ( (*(_BYTE *)(v7 + *v5 + 4) & 0x48) != 0 )
{
if ( Buffer != 10 )
{
*v24 = 13;
*(_BYTE *)(v7 + *v5 + 5) = Buffer;
goto LABEL_64;
}
LABEL_52:
*v24 = 10;
goto LABEL_64;
}
if ( v24 == lpMultiByteStr && Buffer == 10 )
goto LABEL_52;
_lseeki64_nolock(FileHandle, -1, -1, 1u);
if ( Buffer != 10 )
goto LABEL_63;
}
else
{
*v24++ = v25;
++nNumberOfBytesToReada;
}
}
while ( (unsigned int)nNumberOfBytesToReada < v44 );
}
v44 = v24 - lpMultiByteStr;
if ( v46 != 1 || v24 == lpMultiByteStr )
goto $error_return$29001;
v27 = v24 - 1;
LOBYTE(v28) = *v27;
if ( (char)*v27 < 0 )
{
v29 = 1;
v28 = (unsigned __int8)v28;
while ( !byte_10921C60[v28] && v29 <= 4 && v27 >= lpMultiByteStr )
{
v28 = (unsigned __int8)*--v27;
++v29;
}
v30 = *v27;
if ( !byte_10921C60[(unsigned __int8)*v27] )
{
*_errno() = 42;
LABEL_93:
v42 = -1;
goto $error_return$29001;
}
if ( byte_10921C60[(unsigned __int8)*v27] + 1 == v29 )
{
v27 += v29;
}
else if ( (*(_BYTE *)(*v5 + v7 + 4) & 0x48) != 0 )
{
v31 = v27 + 1;
*(_BYTE *)(*v5 + v7 + 5) = v30;
if ( v29 >= 2 )
*(_BYTE *)(v7 + *v5 + 37) = *v31++;
if ( v29 == 3 )
*(_BYTE *)(v7 + *v5 + 38) = *v31++;
v27 = &v31[-v29];
}
else
{
_lseeki64_nolock(FileHandle, -v29, -v29 >> 31, 1u);
}
}
else
{
++v27;
}
v32 = v27 - lpMultiByteStr;
v44 = MultiByteToWideChar(0xFDE9u, 0, lpMultiByteStr, v32, (LPWSTR)lpBuffer, v40 >> 1);
if ( v44 )
{
v34 = *v5;
v35 = v44 != v32;
v44 *= 2;
*(_DWORD *)(v7 + v34 + 48) = v35;
goto $error_return$29001;
}
v33 = GetLastError();
LABEL_92:
_dosmaperr(v33);
goto LABEL_93;
}
if ( NumberOfBytesRead && *(_WORD *)v9 == 10 )
*v23 |= 4u;
else
*v23 &= 0xFBu;
v36 = (CHAR *)lpMultiByteStr;
nNumberOfBytesToReadb = lpMultiByteStr;
v44 += (unsigned int)lpMultiByteStr;
if ( (unsigned int)lpMultiByteStr >= v44 )
{
LABEL_129:
v44 = v36 - lpMultiByteStr;
goto $error_return$29001;
}
while ( 1 )
{
v37 = *(unsigned __int16 *)nNumberOfBytesToReadb;
if ( v37 == 26 )
{
v38 = (_BYTE *)(v7 + *v5 + 4);
if ( (*v38 & 0x40) != 0 )
{
*(_WORD *)v36 = *(_WORD *)nNumberOfBytesToReadb;
v36 += 2;
}
else
{
*v38 |= 2u;
}
goto LABEL_129;
}
if ( v37 == 13 )
{
if ( (unsigned int)nNumberOfBytesToReadb < v44 - 2 )
{
if ( *((_WORD *)nNumberOfBytesToReadb + 1) == 10 )
{
nNumberOfBytesToReadb += 4;
goto LABEL_110;
}
nNumberOfBytesToReadb += 2;
LABEL_121:
v39 = 13;
LABEL_122:
*(_WORD *)v36 = v39;
goto LABEL_123;
}
nNumberOfBytesToReadb += 2;
if ( !ReadFile(*(HANDLE *)(v7 + *v5), &v45, 2u, &NumberOfBytesRead, 0) && GetLastError() || !NumberOfBytesRead )
goto LABEL_121;
if ( (*(_BYTE *)(v7 + *v5 + 4) & 0x48) != 0 )
{
if ( v45 != 10 )
{
*(_WORD *)v36 = 13;
*(_BYTE *)(v7 + *v5 + 5) = v45;
*(_BYTE *)(v7 + *v5 + 37) = HIBYTE(v45);
*(_BYTE *)(v7 + *v5 + 38) = 10;
LABEL_123:
v36 += 2;
goto LABEL_124;
}
LABEL_110:
v39 = 10;
goto LABEL_122;
}
if ( v36 == lpMultiByteStr && v45 == 10 )
goto LABEL_110;
_lseeki64_nolock(FileHandle, -2, -1, 1u);
if ( v45 != 10 )
goto LABEL_121;
}
else
{
*(_WORD *)v36 = v37;
v36 += 2;
nNumberOfBytesToReadb += 2;
}
LABEL_124:
if ( (unsigned int)nNumberOfBytesToReadb >= v44 )
goto LABEL_129;
}
}
$error_return$29001:
if ( lpMultiByteStr != lpBuffer )
free((void *)lpMultiByteStr);
result = v42;
if ( v42 == -2 )
result = v44;
return result;
}
下面是交叉引用相关函数:
[C] 纯文本查看 复制代码 int __usercall _tsopen_nolock@<eax>(int *a1@<eax>, int a2, LPCWSTR lpFileName, int a4, int a5, int a6)
{
unsigned int v7; // eax
int v9; // eax
_BYTE *v10; // eax
unsigned int v11; // eax
DWORD v12; // eax
_BYTE *v13; // eax
unsigned int v14; // esi
char v15; // cl
_BYTE *v16; // eax
int v17; // edi
int v18; // eax
DWORD v19; // eax
DWORD v20; // eax
int v21; // edi
__int64 v22; // rax
int v23; // eax
int v24; // edx
unsigned int v25; // eax
__int64 v26; // rax
int v27; // eax
int v28; // edx
int v29; // eax
int v30; // ebx
int v31; // eax
_BYTE *v32; // eax
_BYTE *v33; // eax
bool v34; // zf
_BYTE *v35; // eax
HANDLE v36; // eax
unsigned int v37; // eax
_BYTE *v38; // eax
DWORD v39; // [esp-Ch] [ebp-48h]
int v40; // [esp-8h] [ebp-44h]
struct _SECURITY_ATTRIBUTES SecurityAttributes; // [esp+8h] [ebp-34h] BYREF
int Buffer; // [esp+14h] [ebp-28h] BYREF
int v43; // [esp+18h] [ebp-24h] BYREF
HANDLE hFile; // [esp+1Ch] [ebp-20h]
int Buf; // [esp+20h] [ebp-1Ch] BYREF
DWORD dwCreationDisposition; // [esp+24h] [ebp-18h]
DWORD dwShareMode; // [esp+28h] [ebp-14h]
DWORD dwFlagsAndAttributes; // [esp+2Ch] [ebp-10h]
DWORD dwDesiredAccess; // [esp+30h] [ebp-Ch]
int v50; // [esp+34h] [ebp-8h]
char v51; // [esp+39h] [ebp-3h]
char v52; // [esp+3Ah] [ebp-2h]
char v53; // [esp+3Bh] [ebp-1h]
v43 = 0;
v52 = 0;
v50 = 0;
SecurityAttributes.nLength = 12;
SecurityAttributes.lpSecurityDescriptor = 0;
if ( (a4 & 0x80u) == 0 )
{
SecurityAttributes.bInheritHandle = 1;
v53 = 0;
}
else
{
SecurityAttributes.bInheritHandle = 0;
v53 = 16;
}
if ( sub_106CE235(&v43) )
_invoke_watson(0, 0, 0, 0, 0);
if ( (a4 & 0x8000) == 0 && ((a4 & 0x74000) != 0 || v43 != 0x8000) )
v53 |= 0x80u;
if ( (a4 & 3) != 0 )
{
if ( (a4 & 3) != 1 )
{
if ( (a4 & 3) != 2 )
goto LABEL_40;
goto LABEL_13;
}
if ( (a4 & 8) != 0 && (a4 & 0x70000) != 0 )
{
LABEL_13:
dwDesiredAccess = -1073741824;
goto LABEL_18;
}
dwDesiredAccess = 0x40000000;
}
else
{
dwDesiredAccess = 0x80000000;
}
LABEL_18:
switch ( a5 )
{
case 16:
dwShareMode = 0;
break;
case 32:
dwShareMode = 1;
break;
case 48:
dwShareMode = 2;
break;
case 64:
dwShareMode = 3;
break;
case 128:
dwShareMode = dwDesiredAccess == 0x80000000;
break;
default:
goto LABEL_40;
}
v7 = a4 & 0x700;
if ( v7 > 0x400 )
{
if ( v7 != 1280 )
{
if ( v7 == 1536 )
goto LABEL_41;
if ( v7 != 1792 )
goto LABEL_40;
}
dwCreationDisposition = 1;
goto LABEL_43;
}
if ( (a4 & 0x700) == 1024 || (a4 & 0x700) == 0 )
{
dwCreationDisposition = 3;
goto LABEL_43;
}
if ( v7 == 256 )
{
dwCreationDisposition = 4;
goto LABEL_43;
}
if ( v7 == 512 )
{
LABEL_41:
dwCreationDisposition = 5;
goto LABEL_43;
}
if ( v7 != 768 )
{
LABEL_40:
*__doserrno() = 0;
*a1 = -1;
*_errno() = 22;
_invalid_parameter_noinfo();
return 22;
}
dwCreationDisposition = 2;
LABEL_43:
dwFlagsAndAttributes = 128;
if ( (a4 & 0x100) != 0 && (a6 & ~(_BYTE)dword_10D4CDFC & 0x80u) == 0 )
dwFlagsAndAttributes = 1;
if ( (a4 & 0x40) != 0 )
{
dwFlagsAndAttributes |= 0x4000000u;
dwDesiredAccess |= 0x10000u;
dwShareMode |= 4u;
}
if ( (a4 & 0x1000) != 0 )
dwFlagsAndAttributes |= 0x100u;
if ( (a4 & 0x20) != 0 )
{
dwFlagsAndAttributes |= 0x8000000u;
}
else if ( (a4 & 0x10) != 0 )
{
dwFlagsAndAttributes |= (unsigned int)&_ImageBase;
}
v9 = _alloc_osfhnd();
*a1 = v9;
if ( v9 == -1 )
{
*__doserrno() = 0;
*a1 = -1;
*_errno() = 24;
return *_errno();
}
v39 = dwFlagsAndAttributes;
*(_DWORD *)a2 = 1;
hFile = CreateFileW(lpFileName, dwDesiredAccess, dwShareMode, &SecurityAttributes, dwCreationDisposition, v39, 0);
if ( hFile != (HANDLE)-1
|| (dwDesiredAccess & 0xC0000000) == -1073741824
&& (a4 & 1) != 0
&& (dwDesiredAccess &= 0x7FFFFFFFu,
hFile = CreateFileW(
lpFileName,
dwDesiredAccess,
dwShareMode,
&SecurityAttributes,
dwCreationDisposition,
dwFlagsAndAttributes,
0),
hFile != (HANDLE)-1) )
{
v12 = GetFileType(hFile);
switch ( v12 )
{
case 0u:
v13 = (_BYTE *)(dword_10DEADC0[*a1 >> 5] + ((*a1 & 0x1F) << 6) + 4);
*v13 &= 0xFEu;
v14 = GetLastError();
_dosmaperr(v14);
CloseHandle(hFile);
if ( !v14 )
*_errno() = 13;
return *_errno();
case 2u:
v53 |= 0x40u;
break;
case 3u:
v53 |= 8u;
break;
}
_set_osfhnd(*a1, hFile);
v15 = v53 | 1;
*(_BYTE *)(dword_10DEADC0[*a1 >> 5] + ((*a1 & 0x1F) << 6) + 4) = v53 | 1;
v16 = (_BYTE *)(dword_10DEADC0[*a1 >> 5] + ((*a1 & 0x1F) << 6) + 36);
*v16 &= 0x80u;
v51 = v15 & 0x48;
v53 = v15;
if ( (v15 & 0x48) == 0 )
{
if ( v15 >= 0 )
goto LABEL_131;
if ( (a4 & 2) != 0 )
{
v17 = _lseek_nolock(*a1, -1, 2u);
if ( v17 == -1 )
{
if ( *__doserrno() != 131 )
{
LABEL_74:
_close_nolock(*a1);
return *_errno();
}
}
else
{
Buffer = 0;
if ( !_read_nolock(*a1, &Buffer, 1u) && (_WORD)Buffer == 26 && _chsize_nolock(*a1, v17, v17 >> 31) == -1
|| _lseek_nolock(*a1, 0, 0) == -1 )
{
goto LABEL_74;
}
}
}
}
if ( v53 >= 0 )
{
LABEL_131:
v32 = (_BYTE *)(dword_10DEADC0[*a1 >> 5] + ((*a1 & 0x1F) << 6) + 36);
*v32 ^= (v52 ^ *v32) & 0x7F;
v33 = (_BYTE *)(dword_10DEADC0[*a1 >> 5] + ((*a1 & 0x1F) << 6) + 36);
v34 = v51 == 0;
*v33 = *v33 & 0x7F | (BYTE2(a4) << 7);
if ( v34 && (a4 & 8) != 0 )
{
v35 = (_BYTE *)(dword_10DEADC0[*a1 >> 5] + ((*a1 & 0x1F) << 6) + 4);
*v35 |= 0x20u;
}
if ( (dwDesiredAccess & 0xC0000000) != -1073741824 || (a4 & 1) == 0 )
return v50;
CloseHandle(hFile);
v36 = CreateFileW(
lpFileName,
dwDesiredAccess & 0x7FFFFFFF,
dwShareMode,
&SecurityAttributes,
3u,
dwFlagsAndAttributes,
0);
if ( v36 != (HANDLE)-1 )
{
*(_DWORD *)(((*a1 & 0x1F) << 6) + dword_10DEADC0[*a1 >> 5]) = v36;
return v50;
}
v37 = GetLastError();
_dosmaperr(v37);
v38 = (_BYTE *)(dword_10DEADC0[*a1 >> 5] + ((*a1 & 0x1F) << 6) + 4);
*v38 &= 0xFEu;
_free_osfhnd(*a1);
return *_errno();
}
if ( (a4 & 0x74000) == 0 )
{
if ( (v43 & 0x74000) != 0 )
a4 |= v43 & 0x74000;
else
a4 |= 0x4000u;
}
v18 = a4 & 0x74000;
if ( (a4 & 0x74000) == 0x4000 )
{
v52 = 0;
goto LABEL_95;
}
if ( v18 == 0x10000 || v18 == 81920 )
{
if ( (a4 & 0x301) != 769 )
goto LABEL_95;
}
else if ( v18 != 0x20000 && v18 != 147456 )
{
if ( v18 == 0x40000 || v18 == 278528 )
v52 = 1;
LABEL_95:
if ( (a4 & 0x70000) == 0 )
goto LABEL_131;
Buf = 0;
if ( (v53 & 0x40) != 0 )
goto LABEL_131;
v19 = dwDesiredAccess & 0xC0000000;
if ( (dwDesiredAccess & 0xC0000000) == 0x40000000 )
{
v20 = dwCreationDisposition;
if ( !dwCreationDisposition )
goto LABEL_131;
if ( dwCreationDisposition <= 2 )
goto LABEL_104;
if ( dwCreationDisposition > 4 )
goto LABEL_103;
LODWORD(v26) = _lseeki64_nolock(*a1, 0, 0, 2u);
if ( v26 )
{
v27 = _lseeki64_nolock(*a1, 0, 0, 0);
v29 = v28 & v27;
goto LABEL_119;
}
}
else
{
if ( v19 == 0x80000000 )
goto LABEL_109;
if ( v19 != -1073741824 )
goto LABEL_131;
v20 = dwCreationDisposition;
if ( !dwCreationDisposition )
goto LABEL_131;
if ( dwCreationDisposition > 2 )
{
if ( dwCreationDisposition > 4 )
{
LABEL_103:
if ( v20 != 5 )
goto LABEL_131;
goto LABEL_104;
}
LODWORD(v22) = _lseeki64_nolock(*a1, 0, 0, 2u);
if ( v22 )
{
v23 = _lseeki64_nolock(*a1, 0, 0, 0);
if ( (v24 & v23) == -1 )
goto LABEL_74;
LABEL_109:
v25 = _read_nolock(*a1, &Buf, 3u);
if ( v25 == -1 )
goto LABEL_74;
if ( v25 != 2 )
{
if ( v25 != 3 )
{
LABEL_126:
v29 = _lseek_nolock(*a1, 0, 0);
LABEL_119:
if ( v29 == -1 )
goto LABEL_74;
goto LABEL_131;
}
if ( Buf == 12565487 )
{
v52 = 1;
goto LABEL_131;
}
}
if ( (unsigned __int16)Buf == 65534 )
{
_close_nolock(*a1);
*_errno() = 22;
return 22;
}
if ( (unsigned __int16)Buf == 65279 )
{
if ( _lseek_nolock(*a1, 2, 0) == -1 )
goto LABEL_74;
v52 = 2;
goto LABEL_131;
}
goto LABEL_126;
}
}
}
LABEL_104:
v21 = 0;
if ( v52 == 1 )
{
Buf = 12565487;
v40 = 3;
LABEL_128:
v30 = v40;
while ( 1 )
{
v31 = _write(*a1, (char *)&Buf + v21, v30 - v21);
if ( v31 == -1 )
goto LABEL_74;
v21 += v31;
if ( v30 <= v21 )
goto LABEL_131;
}
}
if ( v52 == 2 )
{
Buf = 65279;
v40 = 2;
goto LABEL_128;
}
goto LABEL_131;
}
v52 = 2;
goto LABEL_95;
}
v10 = (_BYTE *)(dword_10DEADC0[*a1 >> 5] + ((*a1 & 0x1F) << 6) + 4);
*v10 &= 0xFEu;
v11 = GetLastError();
_dosmaperr(v11);
return *_errno();
}
下面这个应该不是:
不过也是交叉引用了那个ReadFile的函数
[C] 纯文本查看 复制代码 int __cdecl _read(int FileHandle, void *DstBuf, unsigned int MaxCharCount)
{
int *v4; // edi
int v5; // esi
int v6; // [esp+14h] [ebp-1Ch]
if ( FileHandle == -2 )
{
*__doserrno() = 0;
*_errno() = 9;
return -1;
}
if ( FileHandle < 0
|| FileHandle >= uNumber
|| (v4 = &dword_10DEADC0[FileHandle >> 5], v5 = (FileHandle & 0x1F) << 6, (*(_BYTE *)(*v4 + v5 + 4) & 1) == 0) )
{
*__doserrno() = 0;
*_errno() = 9;
LABEL_7:
_invalid_parameter_noinfo();
return -1;
}
if ( MaxCharCount > 0x7FFFFFFF )
{
*__doserrno() = 0;
*_errno() = 22;
goto LABEL_7;
}
__lock_fhandle(FileHandle);
if ( (*(_BYTE *)(*v4 + v5 + 4) & 1) != 0 )
{
v6 = _read_nolock(FileHandle, DstBuf, MaxCharCount);
}
else
{
*_errno() = 9;
*__doserrno() = 0;
v6 = -1;
}
_unlock_fhandle(FileHandle);
return v6;
} |
免费评分
-
查看全部评分
|
[复制链接]
发表于 2021-7-24 22:56
收藏
淘帖
有用
分享到朋友圈
