IDA Pro 代码如何理解

yinhao1979

void *v214; // [esp+30h] [ebp-8ECh] BYREF
// 这个 v214 new 的 void* 是什么类型数据？
v214 = operator new(0x520u);  

if ( v214 )
      //  unk_43C908 这种 unk 开头的变量要怎么看数据？
      v10 = (size_t *)((int (__stdcall *)(int, int, void *, void *))sub_426E40)((int)v8, Length,&unk_43C908,&unk_43CA10);
else
      v10 = 0;

_DWORD *__thiscall sub_426E40(_DWORD *this, int a2, int a3, void *Src, void *a5)
{
  // 这边对 this 地址偏移是什么意思，应该如何理解？
  sub_427160(this + 11, Src, 0x104u);
  sub_427160(this + 76, a5, 0x2C4u);
  *this = 1;
}

void *__cdecl sub_427160(void *a1, void *Src, size_t Size)
{
  void *result; // eax

  result = (void *)Size;
  if ( Size )
    // 这边 a1 是上面方法传过来的 this + 11 和 this + 76 这边数据是复制到哪边去了？
    return memcpy(a1, Src, Size);
  return result;
}

爱飞的猫

    auto decrypted_data = BrainSeeDecrypt(g_encrypted_data, sizeof(g_encrypted_data));

此处的 sizeof(g_encrypted_data) 应为 len。

我的 demo 的定义是 unsigned char g_encrypted_data[6628]，因此计算 sizeof(g_encrypted_data) 得到的是 6628；你这里的类型是指针，得到的是 4。

此外你可以直接用 vector 来避免手动管理内存：

    std::vector<uint8_t> buffer_vec();
    ifstream fl("GUJUNYI_20200718.ban", ios::in | ios::binary); 
    fl.seekg( 0, ios::end );
    buffer_vec.resize(fl.tellg()); // 更改容器大小
    fl.seekg(0, ios::beg);  
    fl.read(reinterpret_cast<char*>(buffer_vec.data()), len);
    fl.close();

    std::cout << " GUJUNYI_20200718.ban read len: " << buffer_vec.size() << std::endl;

    auto decrypted_data = BrainSeeDecrypt(buffer_vec.data(), buffer_vec.size());
    std::ofstream ofs(L"dump.bin", std::ios::binary);
    ofs.write(reinterpret_cast<char*>(decrypted_data.data()), decrypted_data.size());
    ofs.close();

    std::cout << "写出了 " << decrypted_data.size() << " 字节到 'dump.bin'" << std::endl;

yinhao1979

爱飞的猫 发表于 2022-10-19 00:29
最好是把文件发出来一起看

unk* 的数据类型和大小都是未知，只有在运行的时候分析或根据操作这部分内存 ...

完整代码上传了，有点长，主要就是加注释那段不是太理解，主要是对指针偏移，初始化，赋值换来换去不太理解

[C++] 纯文本查看 复制代码

int __thiscall sub_41AEF0(CDocument *this, char *a2)
{
  int v3; // eax
  const char *v4; // eax
  char *v5; // ecx
  signed int Length; // edi
  void *v8; // ebx
  int v9; // eax
  size_t *v10; // edi
  HFONT Font; // eax
  bool v12; // zf
  signed int i; // eax
  int v14; // edi
  int v15; // ebx
  int v16; // edx
  char *(__cdecl *v17)(const char *, const char *); // edi
  char *v18; // eax
  char *v19; // eax
  char *v20; // eax
  char *v21; // eax
  int v22; // eax
  char *v23; // edi
  int v24; // eax
  const char *v25; // edi
  char *v26; // eax
  char *v27; // ebx
  int v28; // eax
  int v29; // eax
  int v30; // eax
  int v31; // eax
  int v32; // eax
  int v33; // eax
  int v34; // eax
  int v35; // eax
  int v36; // eax
  int v37; // eax
  int v38; // eax
  int v39; // eax
  int v40; // eax
  int v41; // eax
  int v42; // eax
  int v43; // eax
  int v44; // eax
  int v45; // eax
  int v46; // eax
  int v47; // eax
  int v48; // eax
  int v49; // eax
  int v50; // eax
  int v51; // eax
  int v52; // eax
  int v53; // eax
  int v54; // eax
  int *v55; // ebx
  int v56; // eax
  const char *v57; // eax
  int *v58; // edi
  int v59; // eax
  int v60; // eax
  int v61; // eax
  int v62; // eax
  int *v63; // edi
  int v64; // eax
  int v65; // eax
  int v66; // eax
  int v67; // eax
  int v68; // eax
  int v69; // eax
  int v70; // eax
  int v71; // eax
  int v72; // eax
  int v73; // eax
  const char *v74; // eax
  int v75; // eax
  int v76; // eax
  int v77; // eax
  int v78; // eax
  int v79; // eax
  int v80; // eax
  int v81; // eax
  int v82; // eax
  int v83; // eax
  int v84; // eax
  int v85; // eax
  int v86; // eax
  int StringA; // eax
  const char *v88; // eax
  int v89; // eax
  const char *v90; // eax
  int *v91; // edi
  int v92; // eax
  int v93; // eax
  int v94; // eax
  int v95; // eax
  int v96; // eax
  int v97; // eax
  int v98; // eax
  int v99; // eax
  int v100; // eax
  int v101; // eax
  int v102; // eax
  int v103; // eax
  int v104; // eax
  int v105; // eax
  int v106; // eax
  int v107; // eax
  int v108; // eax
  const char *v109; // eax
  int *v110; // edi
  int v111; // eax
  int v112; // eax
  int v113; // eax
  int v114; // eax
  int v115; // eax
  int v116; // eax
  int v117; // eax
  int v118; // eax
  int v119; // eax
  int v120; // eax
  int v121; // eax
  int v122; // eax
  int *v123; // ecx
  int v124; // eax
  int v125; // eax
  int v126; // eax
  int v127; // eax
  int v128; // eax
  const char *v129; // eax
  int v130; // eax
  int v131; // eax
  int v132; // eax
  int v133; // eax
  int v134; // eax
  const char *v135; // eax
  int v136; // eax
  int v137; // eax
  int v138; // eax
  int v139; // eax
  int v140; // eax
  int v141; // eax
  int v142; // eax
  int v143; // eax
  int v144; // eax
  int v145; // eax
  int v146; // eax
  const char *v147; // eax
  int v148; // eax
  int v149; // eax
  int v150; // eax
  int v151; // eax
  int v152; // eax
  int v153; // eax
  int v154; // eax
  int *v155; // edi
  int v156; // eax
  const char *v157; // eax
  int v158; // eax
  int v159; // eax
  int v160; // eax
  int v161; // eax
  int v162; // eax
  int v163; // eax
  int v164; // eax
  int *v165; // edi
  int v166; // eax
  int v167; // eax
  int v168; // eax
  int v169; // eax
  int v170; // eax
  int v171; // eax
  int v172; // eax
  char *v173; // eax
  char *v174; // eax
  int v175; // eax
  int v176; // eax
  int v177; // eax
  int v178; // eax
  char *v179; // eax
  char *v180; // eax
  char *v181; // eax
  char *v182; // eax
  char *v183; // eax
  int v184; // eax
  int v185; // eax
  int v186; // eax
  int v187; // edi
  int v188; // eax
  int v189; // edx
  int v190; // [esp-D8h] [ebp-9F4h]
  unsigned int v191; // [esp-84h] [ebp-9A0h]
  unsigned int v192; // [esp-84h] [ebp-9A0h]
  unsigned int v193; // [esp-84h] [ebp-9A0h]
  char *v194; // [esp-80h] [ebp-99Ch]
  char *v195; // [esp-80h] [ebp-99Ch]
  char *v196; // [esp-80h] [ebp-99Ch]
  char *v197; // [esp-80h] [ebp-99Ch]
  char *v198; // [esp-80h] [ebp-99Ch]
  char *v199; // [esp-80h] [ebp-99Ch]
  char *v200; // [esp-80h] [ebp-99Ch]
  unsigned int v201; // [esp-7Ch] [ebp-998h]
  unsigned int v202; // [esp-74h] [ebp-990h]
  unsigned int v203; // [esp-74h] [ebp-990h]
  unsigned int v204; // [esp-70h] [ebp-98Ch]
  unsigned int v205; // [esp-70h] [ebp-98Ch]
  char *v206; // [esp-70h] [ebp-98Ch]
  int v207; // [esp-6Ch] [ebp-988h]
  int v208; // [esp-10h] [ebp-92Ch]
  unsigned int v209; // [esp-10h] [ebp-92Ch]
  int v210; // [esp+0h] [ebp-91Ch] BYREF
  char v211[4]; // [esp+14h] [ebp-908h] BYREF
  char v212[20]; // [esp+18h] [ebp-904h] BYREF
  char *Context; // [esp+2Ch] [ebp-8F0h] BYREF
  void *v214; // [esp+30h] [ebp-8ECh] BYREF
  CDocument *v215; // [esp+34h] [ebp-8E8h] BYREF
  char v216[4]; // [esp+38h] [ebp-8E4h] BYREF
  char v217[4]; // [esp+3Ch] [ebp-8E0h] BYREF
  int v218[4]; // [esp+40h] [ebp-8DCh] BYREF
  int v219[4]; // [esp+50h] [ebp-8CCh] BYREF
  void **v220; // [esp+60h] [ebp-8BCh]
  int v221; // [esp+94h] [ebp-888h]
  int v222; // [esp+98h] [ebp-884h]
  void (__cdecl *v223)(void *); // [esp+A0h] [ebp-87Ch]
  int v224[18]; // [esp+A8h] [ebp-874h] BYREF
  char v225[4]; // [esp+F0h] [ebp-82Ch] BYREF
  int v226; // [esp+F4h] [ebp-828h] BYREF
  char v227; // [esp+FBh] [ebp-821h] BYREF
  char *v228; // [esp+FCh] [ebp-820h] BYREF
  char v229[4]; // [esp+100h] [ebp-81Ch] BYREF
  int j; // [esp+104h] [ebp-818h] BYREF
  char v231[1024]; // [esp+108h] [ebp-814h] BYREF
  char Str[1024]; // [esp+508h] [ebp-414h] BYREF
  int *v233; // [esp+90Ch] [ebp-10h]
  int v234; // [esp+918h] [ebp-4h]

  v233 = &v210;
  v215 = this;
  v228 = a2;
  v226 = 0;
  ATL::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>::operator=((char *)this + 240, a2);
  if ( !CDocument::OnOpenDocument(this, a2) )
    return 0;
  *((_DWORD *)this + 1594) = 0;
  CFile::CFile((CFile *)v212);
  v234 = 1;
  if ( !CFile::Open((CFile *)v212, a2, 0, 0) )
  {
    v208 = ATL::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>(
             v217,
             a2);
    LOBYTE(v234) = 2;
    v3 = sub_4022A0(&v226, v208, " open failed");
    LOBYTE(v234) = 3;
    v4 = (const char *)ATL::CSimpleStringT<char,1>::operator char const *(v3, 0);
    AfxMessageBox(v4, v209, 0);
    ATL::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>::~CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>(&v226);
    v5 = v217;
LABEL_4:
    ATL::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>::~CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>(v5);
    v234 = -1;
    CFile::~CFile((CFile *)v212);
    return 0;
  }
  v234 = 0;
  Length = CFile::GetLength((CFile *)v212);
  v8 = operator new[](Length);
  CFile::Read((CFile *)v212, v8, Length);
  CFile::Close((CFile *)v212);
  ATL::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>(
    v225,
    v228);
  LOBYTE(v234) = 5;
  v228 = (char *)(-1 - ATL::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>::ReverseFind(v225, 46));
  v9 = ATL::CSimpleStringT<char,1>::GetLength(v225);
  ATL::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>::Right(v225, v216, &v228[v9]);
  LOBYTE(v234) = 6;
  if ( ATL::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>::Compare(v216, &unk_433DA4) )
  {
    // 这种操作是指针赋值给 v12 并且设置初始值为0的意思吗？
    v12 = *((_DWORD *)this + 55) == 0;
    // 这种赋值的意思是将 地址对应的值设置为长度吗？
    *((_DWORD *)this + 56) = Length;
    if ( v12 )
      // 上面如果是已经对 v12 赋值为 *((_DWORD *)this + 55) 这个地址，这边这个操作还是对同一个地址再做一次初始化吗？
      *((_DWORD *)this + 55) = operator new[](Length);
    // 这边这个操作是不是可以理解为将 v8 数据复制到 *((_DWORD *)this + 55) 这个地址？是不是就是对应到 v12 指向地址？
    for ( i = 0; i < Length; ++i )
      *(_BYTE *)(i + *((_DWORD *)this + 55)) = *((_BYTE *)v8 + i);
  }
  else
  {
    // 这个v214初始化就看不懂了，不理解和下面v10有什么关系
    v214 = operator new(0x520u);
    LOBYTE(v234) = 7;
    if ( v214 )
      v10 = (size_t *)((int (__stdcall *)(int, int, void *, void *))sub_426E40)(
                        (int)v8,
                        Length,
                        &unk_43C908,
                        &unk_43CA10);
    else
      v10 = 0;
    LOBYTE(v234) = 6;
    // 下面几个步骤都用到 v10 , 但是动态调试时 v10 数据也没变化
    if ( !sub_426EE0(v10) )
    {
      AfxMessageBox("Resolving failed for file Decryption", 0, 0);
LABEL_12:
      ATL::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>::~CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>(v216);
      v5 = v225;
      goto LABEL_4;
    }
    if ( !sub_4269D0(v10) )
    {
      AfxMessageBox("Signature checking failed", 0, 0);
      goto LABEL_12;
    }
    if ( !sub_427020((int)v10, 1) )
    {
      AfxMessageBox("Descryption failed for file format", 0, 0);
      goto LABEL_12;
    }
    Font = CMFCCaptionBar::OnGetFont((CMFCCaptionBar *)v10);
    v12 = *((_DWORD *)this + 55) == 0;
    *((_DWORD *)this + 56) = Font;
    if ( v12 )
      *((_DWORD *)this + 55) = operator new[]((unsigned int)Font);
    ((void (__stdcall *)(void *, int, size_t))sub_4269A0)(*((void **)this + 55), 0, 0);
    if ( v10 )
    {
      sub_4268F0((int)v10);
      operator delete(v10);
    }
  }
  operator delete(v8);
  v14 = *((_DWORD *)this + 56);
  // 这一步动态调试可以打印出来 this 地址为 0x4840000 和方法入参 CDocument *this一样 ，但是这边 *((_DWORD *)this + 55) 后 v15 0xBCF6578 
  // 0xBCF6578 和 0x4840000 + 55 对应不起来，不知道要如何理解了？
  v15 = *((_DWORD *)this + 55);
  v218[0] = (int)&unk_434118;
  std::ios::ios(v224);
  LOBYTE(v234) = 8;
  v226 = 1;
  std::istream::istream(v218, v219, 0, 0);
  v16 = *(_DWORD *)(v218[0] + 4);
  v234 = 9;
  *(int *)((char *)v218 + v16) = (int)&std::istrstream::`vftable';
  v214 = v219;
  std::streambuf::streambuf(v219);
  LOBYTE(v234) = 10;
  v219[0] = (int)&std::strstreambuf::`vftable';
  sub_416050(v14, v14 >> 31, v15, 0, 2);
  v17 = strstr;
  LOBYTE(v234) = 11;
  do
  {
    std::istream::getline(v218, Str, 1024, 0);
    if ( strstr(Str, "#") )
      *strstr(Str, "#") = 0;
  }
  while ( !Str[0] );
  v18 = strstr(Str, ",");
  if ( v18 )
  {
    v19 = strtok_s(v18 + 1, ".", &Context);
    *((_DWORD *)this + 54) = 1000000 * atol(v19);
    v20 = strtok_s(0, ".", &Context);
    *((_DWORD *)this + 54) += 1000 * atol(v20);
    v21 = strtok_s(0, "\n", &Context);
    v17 = strstr;
    *((_DWORD *)this + 54) += atol(v21);
  }
  else
  {
    *((_DWORD *)this + 54) = 0;
  }
  v22 = sub_4197C0(v218, v231);
  sub_4197C0(v22, Str);
  v23 = v17(Str, "-");
  if ( v23 )
  {
    *v23 = 0;
    v25 = v23 + 1;
    *((_DWORD *)this + 66) = atoi(Str);
    v26 = strstr(v25, "-");
    v27 = v26;
    if ( v26 )
    {
      *v26 = 0;
      *((_DWORD *)this + 67) = atoi(v25);
      v24 = atoi(v27 + 1);
    }
    else
    {
      *((_DWORD *)this + 67) = 0;
      v24 = atoi(v25);
    }
  }
  else
  {
    *((_DWORD *)this + 66) = 0;
    *((_DWORD *)this + 67) = 0;
    v24 = atoi(Str);
  }
  *((_DWORD *)this + 68) = v24;
  std::istream::getline(v218, Str, 1024, 0);
  v28 = sub_4197C0(v218, v231);
  sub_4197C0(v28, Str);
  ATL::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>::operator=((char *)this + 260, Str);
  std::istream::getline(v218, Str, 1024, 0);
  v29 = sub_4197C0(v218, v231);
  v30 = std::istream::operator>>(v29, (char *)this + 276);
  v31 = sub_419980(v30, &v227);
  v32 = std::istream::operator>>(v31, (char *)this + 280);
  v33 = sub_419980(v32, &v227);
  std::istream::operator>>(v33, (char *)this + 284);
  std::istream::getline(v218, Str, 1024, 0);
  v34 = sub_4197C0(v218, v231);
  std::istream::operator>>(v34, (char *)this + 288);
  std::istream::getline(v218, Str, 1024, 0);
  v35 = sub_4197C0(v218, v231);
  sub_4197C0(v35, Str);
  if ( !strcmp(Str, "Male") )
    v36 = 1;
  else
    v36 = (strcmp(Str, "Female") != 0) - 1;
  *((_DWORD *)this + 73) = v36;
  std::istream::getline(v218, Str, 1024, 0);
  v37 = sub_4197C0(v218, v231);
  std::istream::operator>>(v37, (char *)this + 296);
  std::istream::getline(v218, Str, 1024, 0);
  v38 = sub_4197C0(v218, v231);
  std::istream::operator>>(v38, (char *)this + 304);
  std::istream::getline(v218, Str, 1024, 0);
  v39 = sub_4197C0(v218, v231);
  std::istream::operator>>(v39, (char *)this + 320);
  std::istream::getline(v218, Str, 1024, 0);
  v40 = sub_4197C0(v218, v231);
  std::istream::operator>>(v40, (char *)this + 312);
  std::istream::getline(v218, Str, 1024, 0);
  v41 = sub_4197C0(v218, v231);
  sub_4197C0(v41, Str);
  if ( !strcmp(Str, "A") )
  {
    v42 = 1101;
  }
  else if ( !strcmp(Str, "AB") )
  {
    v42 = 1102;
  }
  else if ( !strcmp(Str, "B") )
  {
    v42 = 1103;
  }
  else
  {
    v42 = 4 * (strcmp(Str, "O") == 0) + 1100;
  }
  *((_DWORD *)this + 82) = v42;
  std::istream::getline(v218, Str, 1024, 0);
  v43 = sub_4197C0(v218, v231);
  std::istream::operator>>(v43, (char *)this + 332);
  std::istream::getline(v218, Str, 1024, 0);
  v44 = sub_4197C0(v218, v231);
  sub_4197C0(v44, Str);
  if ( !strcmp(Str, "Normal") )
  {
    v45 = 1106;
  }
  else if ( !strcmp(Str, "High") )
  {
    v45 = 1105;
  }
  else
  {
    v45 = 1107 - (strcmp(Str, "Low") != 0);
  }
  *((_DWORD *)this + 84) = v45;
  std::istream::getline(v218, Str, 1024, 0);
  v46 = sub_4197C0(v218, v231);
  sub_4197C0(v46, Str);
  if ( !strcmp(Str, "Normal") )
  {
    v47 = 1106;
  }
  else if ( !strcmp(Str, "High") )
  {
    v47 = 1105;
  }
  else
  {
    v47 = 1107 - (strcmp(Str, "Low") != 0);
  }
  *((_DWORD *)this + 85) = v47;
  std::istream::getline(v218, Str, 1024, 0);
  sub_4197C0(v218, v231);
  std::istream::getline(v218, Str, 1024, 0);
  ATL::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>::operator=((char *)this + 344, Str);
  ATL::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>::TrimLeft((char *)this + 344, "\t ");
  ATL::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>::TrimRight((char *)this + 344, "\r\n");
  sub_4197C0(v218, v231);
  std::istream::getline(v218, Str, 1024, 0);
  ATL::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>::operator=((char *)this + 348, Str);
  ATL::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>::TrimLeft((char *)this + 348, "\t ");
  ATL::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>::TrimRight((char *)this + 348, "\r\n");
  std::istream::getline(v218, Str, 1024, 0);
  std::istream::getline(v218, Str, 1024, 0);
  v48 = sub_4197C0(v218, v231);
  std::istream::operator>>(v48, (char *)this + 360);
  std::istream::getline(v218, Str, 1024, 0);
  sub_4197C0(v218, v231);
  std::istream::getline(v218, Str, 1024, 0);
  ATL::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>::operator=((char *)this + 352, Str);
  ATL::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>::TrimLeft((char *)this + 352, "\t ");
  ATL::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>::TrimRight((char *)this + 352, "\r\n");
  sub_4197C0(v218, v231);
  std::istream::getline(v218, Str, 1024, 0);
  ATL::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>::operator=((char *)this + 356, Str);
  ATL::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>::TrimLeft((char *)this + 356, "\t ");
  ATL::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>::TrimRight((char *)this + 356, "\r\n");
  sub_4197C0(v218, v231);
  std::istream::getline(v218, Str, 1024, 0);
  ATL::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>::operator=((char *)this + 364, Str);
  ATL::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>::TrimLeft((char *)this + 364, "\t ");
  ATL::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>::TrimRight((char *)this + 364, "\r\n");
  sub_4197C0(v218, v231);
  std::istream::getline(v218, Str, 1024, 0);
  ATL::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>::operator=((char *)this + 368, Str);
  ATL::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>::TrimLeft((char *)this + 368, "\t ");
  ATL::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>::TrimRight((char *)this + 368, "\r\n");
  v49 = sub_4197C0(v218, v231);
  std::istream::operator>>(v49, (char *)this + 384);
  std::istream::getline(v218, Str, 1024, 0);
  v50 = sub_4197C0(v218, v231);
  v51 = std::istream::operator>>(v50, (char *)this + 372);
  v52 = sub_419980(v51, &v227);
  v53 = std::istream::operator>>(v52, (char *)this + 376);
  v54 = sub_419980(v53, &v227);
  std::istream::operator>>(v54, (char *)this + 380);
  std::istream::getline(v218, Str, 1024, 0);
  AfxGetModuleState();
  ATL::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>(v229);
  LOBYTE(v234) = 12;
  if ( !ATL::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>::LoadStringA(v229, 11066) )
    AfxMessageBox("Not found on StringTable", 0, 0);
  *((double *)this + 242) = 0.0;
  *((double *)this + 244) = 0.0;
  v55 = (int *)((char *)this + 392);
  *((double *)this + 243) = 0.0;
  *((_DWORD *)this + 98) = -1;
  sub_4197C0(v218, v231);
  if ( !strstr(v231, asc_434400) )
  {
    v56 = sub_4022A0(&v228, v229, "CODE-1");
    LOBYTE(v234) = 13;
    v57 = (const char *)ATL::CSimpleStringT<char,1>::operator char const *(v56, 0);
    AfxMessageBox(v57, v204, 0);
    LOBYTE(v234) = 12;
    ATL::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>::~CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>(&v228);
  }
  std::istream::getline(v218, Str, 1024, 0);
  v58 = (int *)((char *)this + 388);
  std::istream::operator>>(v218, (char *)this + 388);
  v59 = 0;
  j = 0;
  if ( *((int *)this + 97) > 0 )
  {
    do
    {
      std::istream::operator>>(v218, (char *)this + 8 * v59 + 400);
      v59 = j + 1;
      j = v59;
    }
    while ( v59 < *v58 );
  }
  std::istream::getline(v218, Str, 1024, 0);
  std::istream::operator>>(v218, (char *)this + 388);
  v60 = 0;
  for ( j = 0; v60 < *v58; j = v60 )
  {
    std::istream::operator>>(v218, (char *)this + 8 * v60 + 640);
    v60 = j + 1;
  }
  if ( !strcmp(v231, asc_4343EC) )
  {
    std::istream::getline(v218, Str, 1024, 0);
    std::istream::operator>>(v218, (char *)this + 392);
    v61 = 0;
    for ( j = 0; v61 < *v55; j = v61 )
    {
      std::istream::operator>>(v218, (char *)this + 8 * v61 + 880);
      v61 = j + 1;
    }
    std::istream::getline(v218, Str, 1024, 0);
    std::istream::operator>>(v218, (char *)this + 392);
    v62 = 0;
    for ( j = 0; v62 < *v55; j = v62 )
    {
      std::istream::operator>>(v218, (char *)this + 8 * v62 + 1360);
      v62 = j + 1;
    }
  }
  std::istream::getline(v218, Str, 1024, 0);
  sub_4197C0(v218, v231);
  std::istream::getline(v218, Str, 1024, 0);
  v63 = (int *)((char *)this + 396);
  std::istream::operator>>(v218, (char *)this + 396);
  v64 = 0;
  j = 0;
  if ( *((int *)this + 99) > 0 )
  {
    do
    {
      std::istream::operator>>(v218, (char *)this + 8 * v64 + 1840);
      v64 = j + 1;
      j = v64;
    }
    while ( v64 < *v63 );
  }
  std::istream::getline(v218, Str, 1024, 0);
  std::istream::operator>>(v218, (char *)this + 396);
  v65 = 0;
  for ( j = 0; v65 < *v63; j = v65 )
  {
    std::istream::operator>>(v218, (char *)this + 8 * v65 + 1888);
    v65 = j + 1;
  }
  std::istream::getline(v218, Str, 1024, 0);
  sub_4197C0(v218, v231);
  if ( *v55 > 0 )
    std::istream::operator>>(v218, (char *)this + 1936);
  v66 = std::istream::operator>>(v218, (char *)this + 1944);
  std::istream::operator>>(v66, (char *)this + 1952);
  std::istream::getline(v218, Str, 1024, 0);
  v67 = sub_4197C0(v218, v231);
  v68 = std::istream::operator>>(v67, (char *)this + 1960);
  std::istream::operator>>(v68, (char *)this + 1968);
  std::istream::getline(v218, Str, 1024, 0);
  v69 = sub_4197C0(v218, v231);
  v70 = std::istream::operator>>(v69, (char *)this + 1976);
  std::istream::operator>>(v70, (char *)this + 1984);
  std::istream::getline(v218, Str, 1024, 0);
  v71 = sub_4197C0(v218, v231);
  v72 = std::istream::operator>>(v71, (char *)this + 1992);
  std::istream::operator>>(v72, (char *)this + 2000);
  std::istream::getline(v218, Str, 1024, 0);
  sub_4197C0(v218, v231);
  if ( strcmp(v231, asc_4343E0) )
  {
    v73 = sub_4022A0(&v228, v229, "CODE-2");
    LOBYTE(v234) = 14;
    v74 = (const char *)ATL::CSimpleStringT<char,1>::operator char const *(v73, 0);
    AfxMessageBox(v74, v205, 0);
    LOBYTE(v234) = 12;
    ATL::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>::~CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>(&v228);
  }
  std::istream::getline(v218, Str, 1024, 0);
  v75 = sub_4197C0(v218, v231);
  std::istream::operator>>(v75, (char *)this + 2008);
  std::istream::getline(v218, Str, 1024, 0);
  v76 = sub_4197C0(v218, v231);
  std::istream::operator>>(v76, (char *)this + 2016);
  std::istream::getline(v218, Str, 1024, 0);
  v77 = sub_4197C0(v218, v231);
  std::istream::operator>>(v77, (char *)this + 2024);
  std::istream::getline(v218, Str, 1024, 0);
  v78 = sub_4197C0(v218, v231);
  std::istream::operator>>(v78, (char *)this + 2032);
  std::istream::getline(v218, Str, 1024, 0);
  v79 = sub_4197C0(v218, v231);
  std::istream::operator>>(v79, (char *)this + 2040);
  std::istream::getline(v218, Str, 1024, 0);
  v80 = sub_4197C0(v218, v231);
  std::istream::operator>>(v80, (char *)this + 2048);
  std::istream::getline(v218, Str, 1024, 0);
  v81 = sub_4197C0(v218, v231);
  std::istream::operator>>(v81, (char *)this + 2056);
  std::istream::getline(v218, Str, 1024, 0);
  v82 = sub_4197C0(v218, v231);
  std::istream::operator>>(v82, (char *)this + 2064);
  std::istream::getline(v218, Str, 1024, 0);
  v83 = sub_4197C0(v218, v231);
  std::istream::operator>>(v83, (char *)this + 2072);
  std::istream::getline(v218, Str, 1024, 0);
  v84 = sub_4197C0(v218, v231);
  std::istream::operator>>(v84, (char *)this + 2080);
  std::istream::getline(v218, Str, 1024, 0);
  v85 = sub_4197C0(v218, v231);
  std::istream::operator>>(v85, (char *)this + 2088);
  std::istream::getline(v218, Str, 1024, 0);
  v86 = sub_4197C0(v218, v231);
  sub_4197C0(v86, (char *)this + 2096);
  std::istream::getline(v218, Str, 1024, 0);
  if ( !strcmp((const char *)this + 2096, byte_4343D0) )
  {
    StringA = ATL::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>::LoadStringA(v229, 11034);
  }
  else if ( !strcmp((const char *)this + 2096, byte_4343C8) )
  {
    StringA = ATL::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>::LoadStringA(v229, 11035);
  }
  else
  {
    if ( strcmp((const char *)this + 2096, byte_4343C0) )
      goto LABEL_86;
    StringA = ATL::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>::LoadStringA(v229, 11036);
  }
  if ( !StringA )
    AfxMessageBox("Not found on StringTable", 0, 0);
LABEL_86:
  v88 = (const char *)ATL::CSimpleStringT<char,1>::operator char const *(v229, v207);
  strcpy_s((char *)this + 2096, 0x1Eu, v88);
  *((double *)this + 417) = -1.0e10;
  *((double *)this + 387) = -1.0e10;
  *((double *)this + 357) = -1.0e10;
  *((double *)this + 327) = -1.0e10;
  *((double *)this + 297) = -1.0e10;
  *((double *)this + 267) = -1.0e10;
  sub_4197C0(v218, v231);
  if ( !strstr(v231, asc_4343B4) )
  {
    v89 = sub_4022A0(&v228, v229, "CODE-3");
    LOBYTE(v234) = 15;
    v90 = (const char *)ATL::CSimpleStringT<char,1>::operator char const *(v89, 0);
    AfxMessageBox(v90, v202, 0);
    LOBYTE(v234) = 12;
    ATL::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>::~CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>(&v228);
  }
  std::istream::getline(v218, Str, 1024, 0);
  v91 = (int *)((char *)this + 2128);
  std::istream::operator>>(v218, (char *)this + 2128);
  v92 = 0;
  j = 0;
  if ( *((int *)this + 532) > 0 )
  {
    do
    {
      std::istream::operator>>(v218, (char *)this + 8 * v92 + 2136);
      v92 = j + 1;
      j = v92;
    }
    while ( v92 < *v91 );
  }
  std::istream::getline(v218, Str, 1024, 0);
  std::istream::operator>>(v218, (char *)this + 2128);
  v93 = 0;
  for ( j = 0; v93 < *v91; j = v93 )
  {
    std::istream::operator>>(v218, (char *)this + 8 * v93 + 2376);
    v93 = j + 1;
  }
  if ( !strcmp(v231, asc_4343A0) )
  {
    std::istream::getline(v218, Str, 1024, 0);
    std::istream::operator>>(v218, (char *)this + 2128);
    v94 = 0;
    for ( j = 0; v94 < *v91; j = v94 )
    {
      std::istream::operator>>(v218, (char *)this + 8 * v94 + 2616);
      v94 = j + 1;
    }
    std::istream::getline(v218, Str, 1024, 0);
    std::istream::operator>>(v218, (char *)this + 2128);
    v95 = 0;
    for ( j = 0; v95 < *v91; j = v95 )
    {
      std::istream::operator>>(v218, (char *)this + 8 * v95 + 2856);
      v95 = j + 1;
    }
    std::istream::getline(v218, Str, 1024, 0);
    std::istream::operator>>(v218, (char *)this + 2128);
    v96 = 0;
    for ( j = 0; v96 < *v91; j = v96 )
    {
      std::istream::operator>>(v218, (char *)this + 8 * v96 + 3096);
      v96 = j + 1;
    }
    std::istream::getline(v218, Str, 1024, 0);
    std::istream::operator>>(v218, (char *)this + 2128);
    v97 = 0;
    for ( j = 0; v97 < *v91; j = v97 )
    {
      std::istream::operator>>(v218, (char *)this + 8 * v97 + 3336);
      v97 = j + 1;
    }
  }
  std::istream::getline(v218, Str, 1024, 0);
  v98 = sub_4197C0(v218, v231);
  v99 = std::istream::operator>>(v98, (char *)this + 3576);
  std::istream::operator>>(v99, (char *)this + 3584);
  std::istream::getline(v218, Str, 1024, 0);
  v100 = sub_4197C0(v218, v231);
  v101 = std::istream::operator>>(v100, (char *)this + 3592);
  std::istream::operator>>(v101, (char *)this + 3600);
  std::istream::getline(v218, Str, 1024, 0);
  v102 = sub_4197C0(v218, v231);
  v103 = std::istream::operator>>(v102, (char *)this + 3608);
  std::istream::operator>>(v103, (char *)this + 3616);
  std::istream::getline(v218, Str, 1024, 0);
  v104 = sub_4197C0(v218, v231);
  v105 = std::istream::operator>>(v104, (char *)this + 3624);
  std::istream::operator>>(v105, (char *)this + 3632);
  std::istream::getline(v218, Str, 1024, 0);
  v106 = sub_4197C0(v218, v231);
  v107 = std::istream::operator>>(v106, (char *)this + 3640);
  std::istream::operator>>(v107, (char *)this + 3648);
  std::istream::getline(v218, Str, 1024, 0);
  *((double *)this + 647) = 0.0;
  *((double *)this + 646) = 0.0;
  *((double *)this + 608) = -1.0e10;
  *((double *)this + 578) = -1.0e10;
  *((double *)this + 548) = -1.0e10;
  *((double *)this + 518) = -1.0e10;
  *((double *)this + 488) = -1.0e10;
  *((double *)this + 458) = -1.0e10;
  sub_4197C0(v218, v231);
  if ( !strstr(v231, asc_434394) )
  {
    v108 = sub_4022A0(&v228, v229, "CODE-4");
    LOBYTE(v234) = 16;
    v109 = (const char *)ATL::CSimpleStringT<char,1>::operator char const *(v108, 0);
    AfxMessageBox(v109, v203, 0);
    LOBYTE(v234) = 12;
    ATL::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>::~CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>(&v228);
  }
  std::istream::getline(v218, Str, 1024, 0);
  v110 = (int *)((char *)this + 3656);
  std::istream::operator>>(v218, (char *)this + 3656);
  v111 = 0;
  j = 0;
  if ( *((int *)this + 914) > 0 )
  {
    do
    {
      std::istream::operator>>(v218, (char *)this + 8 * v111 + 3664);
      v111 = j + 1;
      j = v111;
    }
    while ( v111 < *v110 );
  }
  std::istream::getline(v218, Str, 1024, 0);
  std::istream::operator>>(v218, (char *)this + 3656);
  v112 = 0;
  for ( j = 0; v112 < *v110; j = v112 )
  {
    std::istream::operator>>(v218, (char *)this + 8 * v112 + 3904);
    v112 = j + 1;
  }
  if ( !strcmp(v231, asc_434380) )
  {
    std::istream::getline(v218, Str, 1024, 0);
    std::istream::operator>>(v218, (char *)this + 3656);
    v113 = 0;
    for ( j = 0; v113 < *v110; j = v113 )
    {
      std::istream::operator>>(v218, (char *)this + 8 * v113 + 4144);
      v113 = j + 1;
    }
    std::istream::getline(v218, Str, 1024, 0);
    std::istream::operator>>(v218, (char *)this + 3656);
    v114 = 0;
    for ( j = 0; v114 < *v110; j = v114 )
    {
      std::istream::operator>>(v218, (char *)this + 8 * v114 + 4384);
      v114 = j + 1;
    }
    std::istream::getline(v218, Str, 1024, 0);
    std::istream::operator>>(v218, (char *)this + 3656);
    v115 = 0;
    for ( j = 0; v115 < *v110; j = v115 )
    {
      std::istream::operator>>(v218, (char *)this + 8 * v115 + 4624);
      v115 = j + 1;
    }
    std::istream::getline(v218, Str, 1024, 0);
    std::istream::operator>>(v218, (char *)this + 3656);
    v116 = 0;
    for ( j = 0; v116 < *v110; j = v116 )
    {
      std::istream::operator>>(v218, (char *)this + 8 * v116 + 4864);
      v116 = j + 1;
    }
  }
  std::istream::getline(v218, Str, 1024, 0);
  v117 = sub_4197C0(v218, v231);
  v118 = std::istream::operator>>(v117, (char *)this + 5104);
  std::istream::operator>>(v118, (char *)this + 5112);
  std::istream::getline(v218, Str, 1024, 0);
  v119 = sub_4197C0(v218, v231);
  v120 = std::istream::operator>>(v119, (char *)this + 5120);
  std::istream::operator>>(v120, (char *)this + 5128);
  std::istream::getline(v218, Str, 1024, 0);
  v121 = sub_4197C0(v218, v231);
  std::istream::operator>>(v121, (char *)this + 5136);
  std::istream::getline(v218, Str, 1024, 0);
  v122 = sub_4197C0(v218, v231);
  std::istream::operator>>(v122, (char *)this + 5144);
  std::istream::getline(v218, Str, 1024, 0);
  sub_4197C0(v218, v231);
  v123 = v218;
  if ( *((double *)this + 518) <= -1.0e10 )
  {
    v206 = (char *)this + 5168;
  }
  else
  {
    std::istream::operator>>(v218, (char *)this + 5152);
    std::istream::getline(v218, Str, 1024, 0);
    v124 = sub_4197C0(v218, v231);
    std::istream::operator>>(v124, (char *)this + 5160);
    std::istream::getline(v218, Str, 1024, 0);
    v125 = sub_4197C0(v218, v231);
    v206 = (char *)this + 5176;
    v123 = (int *)std::istream::operator>>(v125, (char *)this + 5168);
  }
  std::istream::operator>>(v123, v206);
  std::istream::getline(v218, Str, 1024, 0);
  v126 = sub_4197C0(v218, v231);
  sub_4197C0(v126, Str);
  if ( !strcmp(Str, byte_434378) )
  {
    v127 = ATL::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>::LoadStringA(v229, 11070);
  }
  else
  {
    if ( strcmp(Str, byte_434370) )
      goto LABEL_125;
    v127 = ATL::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>::LoadStringA(v229, 11071);
  }
  if ( !v127 )
    AfxMessageBox("Not found on StringTable", 0, 0);
LABEL_125:
  ATL::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>::operator=((char *)this + 5184, v229);
  std::istream::getline(v218, Str, 1024, 0);
  sub_4197C0(v218, v231);
  if ( strcmp(v231, asc_434364) )
  {
    v128 = sub_4022A0(&v228, v229, "CODE-5");
    LOBYTE(v234) = 17;
    v129 = (const char *)ATL::CSimpleStringT<char,1>::operator char const *(v128, 0);
    AfxMessageBox(v129, v201, 0);
    LOBYTE(v234) = 12;
    ATL::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>::~CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>(&v228);
  }
  std::istream::getline(v218, Str, 1024, 0);
  std::istream::operator>>(v218, (char *)this + 5188);
  v130 = 0;
  for ( j = 0; v130 < *((_DWORD *)this + 1297); j = v130 )
  {
    std::istream::operator>>(v218, (char *)this + 8 * v130 + 5192);
    v130 = j + 1;
  }
  std::istream::getline(v218, Str, 1024, 0);
  v131 = sub_4197C0(v218, v231);
  sub_4197C0(v131, Str);
  if ( !strcmp(Str, byte_434354) )
  {
    v132 = ATL::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>::LoadStringA(v229, 11072);
    goto LABEL_133;
  }
  if ( !strcmp(Str, byte_43434C) )
  {
    v132 = ATL::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>::LoadStringA(v229, 11073);
LABEL_133:
    if ( !v132 )
      AfxMessageBox("Not found on StringTable", 0, 0);
  }
  ATL::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>::operator=((char *)this + 5440, v229);
  std::istream::getline(v218, Str, 1024, 0);
  v133 = sub_4197C0(v218, v231);
  std::istream::operator>>(v133, (char *)this + 5432);
  std::istream::getline(v218, Str, 1024, 0);
  sub_4197C0(v218, v231);
  if ( strcmp(v231, asc_43433C) )
  {
    v134 = sub_4022A0(&v228, v229, "CODE-6");
    LOBYTE(v234) = 18;
    v135 = (const char *)ATL::CSimpleStringT<char,1>::operator char const *(v134, 0);
    AfxMessageBox(v135, v191, 0);
    LOBYTE(v234) = 12;
    ATL::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>::~CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>(&v228);
  }
  std::istream::getline(v218, Str, 1024, 0);
  sub_4197C0(v218, v231);
  v136 = 0;
  j = 0;
  do
  {
    v194 = (char *)this + 8 * v136 + 5480;
    v137 = std::istream::operator>>(v218, (char *)this + 8 * v136 + 5448);
    std::istream::operator>>(v137, v194);
    std::istream::getline(v218, Str, 1024, 0);
    v136 = j + 1;
    j = v136;
  }
  while ( v136 < 4 );
  sub_4197C0(v218, v231);
  v138 = 0;
  j = 0;
  do
  {
    v195 = (char *)this + 8 * v138 + 5544;
    v139 = std::istream::operator>>(v218, (char *)this + 8 * v138 + 5512);
    std::istream::operator>>(v139, v195);
    std::istream::getline(v218, Str, 1024, 0);
    v138 = j + 1;
    j = v138;
  }
  while ( v138 < 4 );
  v140 = sub_4197C0(v218, v231);
  v141 = std::istream::operator>>(v140, (char *)this + 5576);
  std::istream::operator>>(v141, (char *)this + 5584);
  std::istream::getline(v218, Str, 1024, 0);
  v142 = sub_4197C0(v218, v231);
  v143 = std::istream::operator>>(v142, (char *)this + 5592);
  std::istream::operator>>(v143, (char *)this + 5600);
  std::istream::getline(v218, Str, 1024, 0);
  v144 = sub_4197C0(v218, v231);
  v145 = std::istream::operator>>(v144, (char *)this + 5608);
  std::istream::operator>>(v145, (char *)this + 5616);
  std::istream::getline(v218, Str, 1024, 0);
  sub_4197C0(v218, v231);
  if ( strcmp(v231, asc_434324) )
  {
    v146 = sub_4022A0(&v228, v229, "CODE-7");
    LOBYTE(v234) = 19;
    v147 = (const char *)ATL::CSimpleStringT<char,1>::operator char const *(v146, 0);
    AfxMessageBox(v147, v192, 0);
    LOBYTE(v234) = 12;
    ATL::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>::~CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>(&v228);
  }
  std::istream::getline(v218, Str, 1024, 0);
  sub_4197C0(v218, v231);
  v148 = 0;
  j = 0;
  do
  {
    v196 = (char *)this + 8 * v148 + 5672;
    v149 = std::istream::operator>>(v218, (char *)this + 8 * v148 + 5624);
    std::istream::operator>>(v149, v196);
    std::istream::getline(v218, Str, 1024, 0);
    v148 = j + 1;
    j = v148;
  }
  while ( v148 < 6 );
  sub_4197C0(v218, v231);
  v150 = 0;
  j = 0;
  do
  {
    v197 = (char *)this + 8 * v150 + 5768;
    v151 = std::istream::operator>>(v218, (char *)this + 8 * v150 + 5720);
    std::istream::operator>>(v151, v197);
    std::istream::getline(v218, Str, 1024, 0);
    v150 = j + 1;
    j = v150;
  }
  while ( v150 < 6 );
  v152 = sub_4197C0(v218, v231);
  std::istream::operator>>(v152, (char *)this + 5816);
  std::istream::getline(v218, Str, 1024, 0);
  v153 = sub_4197C0(v218, v231);
  std::istream::operator>>(v153, (char *)this + 5824);
  std::istream::getline(v218, Str, 1024, 0);
  v154 = sub_4197C0(v218, v231);
  std::istream::operator>>(v154, (char *)this + 5832);
  std::istream::getline(v218, Str, 1024, 0);
  *((double *)this + 769) = -1.0e10;
  *((double *)this + 763) = -1.0e10;
  *((double *)this + 757) = -1.0e10;
  *((double *)this + 751) = -1.0e10;
  v155 = (int *)((char *)this + 5904);
  *((double *)this + 745) = -1.0e10;
  *((double *)this + 739) = -1.0e10;
  *((_DWORD *)this + 1476) = 0;
  sub_4197C0(v218, v231);
  if ( !strstr(v231, asc_434310) )
  {
    v156 = sub_4022A0(&v228, v229, "CODE-8");
    LOBYTE(v234) = 20;
    v157 = (const char *)ATL::CSimpleStringT<char,1>::operator char const *(v156, 0);
    AfxMessageBox(v157, v193, 0);
    LOBYTE(v234) = 12;
    ATL::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>::~CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>(&v228);
  }
  std::istream::getline(v218, Str, 1024, 0);
  v158 = sub_4197C0(v218, Str);
  std::istream::operator>>(v158, (char *)this + 5840);
  if ( !strcmp(v231, asc_4342F8) )
  {
    std::istream::getline(v218, Str, 1024, 0);
    std::istream::operator>>(v218, (char *)this + 5904);
    v159 = 0;
    for ( j = 0; v159 < *v155; j = v159 )
    {
      std::istream::operator>>(v218, (char *)this + 8 * v159 + 5912);
      v159 = j + 1;
    }
    std::istream::operator>>(v218, (char *)this + 5904);
    v160 = 0;
    for ( j = 0; v160 < *v155; j = v160 )
    {
      std::istream::operator>>(v218, (char *)this + 8 * v160 + 5960);
      v160 = j + 1;
    }
    std::istream::operator>>(v218, (char *)this + 5904);
    v161 = 0;
    for ( j = 0; v161 < *v155; j = v161 )
    {
      std::istream::operator>>(v218, (char *)this + 8 * v161 + 6008);
      v161 = j + 1;
    }
    std::istream::operator>>(v218, (char *)this + 5904);
    v162 = 0;
    for ( j = 0; v162 < *v155; j = v162 )
    {
      std::istream::operator>>(v218, (char *)this + 8 * v162 + 6056);
      v162 = j + 1;
    }
    std::istream::operator>>(v218, (char *)this + 5904);
    v163 = 0;
    for ( j = 0; v163 < *v155; j = v163 )
    {
      std::istream::operator>>(v218, (char *)this + 8 * v163 + 6104);
      v163 = j + 1;
    }
    std::istream::operator>>(v218, (char *)this + 5904);
    v164 = 0;
    for ( j = 0; v164 < *v155; j = v164 )
    {
      std::istream::operator>>(v218, (char *)this + 8 * v164 + 6152);
      v164 = j + 1;
    }
    std::istream::getline(v218, Str, 1024, 0);
    v165 = (int *)((char *)this + 6200);
    std::istream::operator>>(v218, (char *)this + 6200);
    v166 = 0;
    j = 0;
    if ( *((int *)this + 1550) > 0 )
    {
      do
      {
        v198 = (char *)this + 8 * v166 + 6232;
        v167 = std::istream::operator>>(v218, (char *)this + 8 * v166 + 6208);
        std::istream::operator>>(v167, v198);
        v166 = j + 1;
        j = v166;
      }
      while ( v166 < *v165 );
    }
    std::istream::getline(v218, Str, 1024, 0);
    std::istream::operator>>(v218, (char *)this + 6200);
    v168 = 0;
    for ( j = 0; v168 < *v165; j = v168 )
    {
      v199 = (char *)this + 8 * v168 + 6280;
      v169 = std::istream::operator>>(v218, (char *)this + 8 * v168 + 6256);
      std::istream::operator>>(v169, v199);
      v168 = j + 1;
    }
    std::istream::getline(v218, Str, 1024, 0);
    std::istream::operator>>(v218, (char *)this + 6200);
    v170 = 0;
    for ( j = 0; v170 < *v165; j = v170 )
    {
      v200 = (char *)this + 8 * v170 + 6328;
      v171 = std::istream::operator>>(v218, (char *)this + 8 * v170 + 6304);
      std::istream::operator>>(v171, v200);
      v170 = j + 1;
    }
    std::istream::getline(v218, Str, 1024, 0);
  }
  std::istream::getline(v218, Str, 1024, 0);
  sub_4197C0(v218, v231);
  if ( !strcmp(v231, asc_4342E4) )
  {
    std::istream::getline(v218, Str, 1024, 0);
    v172 = sub_4197C0(v218, v231);
    sub_4197C0(v172, Str);
    v12 = strstr(Str, "NULL") == 0;
    v173 = (char *)&unk_432AC5;
    if ( v12 )
      v173 = Str;
    ATL::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>::operator=((char *)this + 5848, v173);
    std::istream::getline(v218, Str, 1024, 0);
    v12 = strstr(Str, "NULL") == 0;
    v174 = (char *)&unk_432AC5;
    if ( v12 )
      v174 = Str;
    ATL::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>::operator=((char *)this + 5852, v174);
    ATL::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>::TrimLeft((char *)this + 5852, "\t ");
    ATL::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>::TrimRight((char *)this + 5852, "\t ");
    v175 = sub_4197C0(v218, v231);
    v176 = std::istream::operator>>(v175, (char *)this + 5856);
    sub_4197C0(v176, Str);
    ATL::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>::operator=((char *)this + 5860, Str);
    v177 = std::istream::operator>>(v218, (char *)this + 5864);
    sub_4197C0(v177, Str);
    ATL::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>::operator=((char *)this + 5868, Str);
    v178 = std::istream::operator>>(v218, (char *)this + 5872);
    sub_4197C0(v178, Str);
    ATL::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>::operator=((char *)this + 5876, Str);
    std::istream::getline(v218, Str, 1024, 0);
    sub_4197C0(v218, v231);
    std::istream::getline(v218, Str, 1024, 0);
    v12 = strstr(Str, "NULL") == 0;
    v179 = (char *)&unk_432AC5;
    if ( v12 )
      v179 = Str;
    ATL::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>::operator=((char *)this + 5880, v179);
    ATL::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>::TrimLeft((char *)this + 5880, "\t ");
    ATL::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>::TrimRight((char *)this + 5880, "\t ");
    sub_4197C0(v218, v231);
    std::istream::getline(v218, Str, 1024, 0);
    v12 = strstr(Str, "NULL") == 0;
    v180 = (char *)&unk_432AC5;
    if ( v12 )
      v180 = Str;
    ATL::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>::operator=((char *)this + 5884, v180);
    ATL::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>::TrimLeft((char *)this + 5884, "\t ");
    ATL::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>::TrimRight((char *)this + 5884, "\t ");
    sub_4197C0(v218, v231);
    std::istream::getline(v218, Str, 1024, 0);
    v12 = strstr(Str, "NULL") == 0;
    v181 = (char *)&unk_432AC5;
    if ( v12 )
      v181 = Str;
    ATL::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>::operator=((char *)this + 5888, v181);
    ATL::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>::TrimLeft((char *)this + 5888, "\t ");
    ATL::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>::TrimRight((char *)this + 5888, "\t ");
    sub_4197C0(v218, v231);
    std::istream::getline(v218, Str, 1024, 0);
    v12 = strstr(Str, "NULL") == 0;
    v182 = (char *)&unk_432AC5;
    if ( v12 )
      v182 = Str;
    ATL::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>::operator=((char *)this + 5892, v182);
    ATL::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>::TrimLeft((char *)this + 5892, "\t ");
    ATL::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>::TrimRight((char *)this + 5892, "\t ");
    sub_4197C0(v218, v231);
    std::istream::getline(v218, Str, 1024, 0);
    v12 = strstr(Str, "NULL") == 0;
    v183 = (char *)&unk_432AC5;
    if ( v12 )
      v183 = Str;
    ATL::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>::operator=((char *)this + 5896, v183);
    ATL::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>::TrimLeft((char *)this + 5896, "\t ");
    ATL::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>::TrimRight((char *)this + 5896, "\t ");
    v184 = sub_4197C0(v218, v231);
    std::istream::operator>>(v184, &j);
    std::istream::read(v218, Str, 1, 0);
    std::istream::read(v218, Str, j, j >> 31);
    Str[j] = 0;
    ATL::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>::operator=((char *)this + 5900, Str);
  }
  else
  {
    ATL::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>::operator=((char *)this + 5848, &unk_432AC5);
    ATL::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>::operator=((char *)this + 5852, &unk_432AC5);
    ATL::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>(&v226);
    LOBYTE(v234) = 21;
    if ( !ATL::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>::LoadStringA(&v226, 11004) )
      AfxMessageBox("Not found on StringTable", 0, 0);
    ATL::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>(v217);
    LOBYTE(v234) = 22;
    if ( !ATL::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>::LoadStringA(v217, 11006) )
      AfxMessageBox("Not found on StringTable", 0, 0);
    ATL::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>(&v215);
    LOBYTE(v234) = 23;
    if ( !ATL::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>::LoadStringA(&v215, 11005) )
      AfxMessageBox("Not found on StringTable", 0, 0);
    *((_DWORD *)this + 1464) = 0;
    ATL::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>::operator=((char *)this + 5860, &v226);
    *((_DWORD *)this + 1466) = 0;
    ATL::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>::operator=((char *)this + 5868, v217);
    *((_DWORD *)this + 1468) = 0;
    ATL::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>::operator=((char *)this + 5876, &v215);
    ATL::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>::operator=((char *)this + 5880, &unk_432AC5);
    ATL::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>::operator=((char *)this + 5884, &unk_432AC5);
    ATL::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>::operator=((char *)this + 5888, &unk_432AC5);
    ATL::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>::operator=((char *)this + 5892, &unk_432AC5);
    ATL::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>::operator=((char *)this + 5896, &unk_432AC5);
    ATL::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>::operator=((char *)this + 5900, &unk_432AC5);
    ATL::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>::~CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>(&v215);
    ATL::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>::~CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>(v217);
    LOBYTE(v234) = 12;
    ATL::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>::~CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>(&v226);
  }
  v185 = sub_417B90(&v214, &unk_433864, (char *)this + 240);
  LOBYTE(v234) = 24;
  v186 = sub_4022A0(v211, v185, &unk_433860);
  v187 = *(_DWORD *)this;
  LOBYTE(v234) = 25;
  v188 = ATL::CSimpleStringT<char,1>::operator char const *(v186, v190);
  (*(void (__thiscall **)(CDocument *, int))(v187 + 92))(this, v188);
  ATL::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>::~CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>(v211);
  ATL::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>::~CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>(&v214);
  ATL::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>::~CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>(v229);
  v189 = *(_DWORD *)(v218[0] + 4);
  v228 = (char *)v224;
  *(int *)((char *)v218 + v189) = (int)&std::istrstream::`vftable';
  v226 = (int)v219;
  v219[0] = (int)&std::strstreambuf::`vftable';
  LOBYTE(v234) = 27;
  if ( (v222 & 9) == 1 )
  {
    if ( v223 )
      v223(*v220);
    else
      operator delete[](*v220);
  }
  v222 &= 0xFFFFFFF6;
  v221 = 0;
  LOBYTE(v234) = 26;
  std::streambuf::~streambuf<char,std::char_traits<char>>(v219);
  *(int *)((char *)v218 + *(_DWORD *)(v218[0] + 4)) = (int)std::istream::`vftable';
  LOBYTE(v234) = 6;
  v224[0] = (int)std::ios_base::`vftable';
  std::ios_base::_Ios_base_dtor((struct std::ios_base *)v224);
  ATL::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>::~CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>(v216);
  ATL::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>::~CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>(v225);
  v234 = -1;
  CFile::~CFile((CFile *)v212);
  return 1;
}

爱飞的猫

void* 表示未知类型的指针。你可以改成 char* 凑合着用。
unk 开头直接双击查看，如果看不到内容表示这个地址不在 exe 内，可能是动态分配。用调试器附加或 cheat engine 之类的内存查看工具看这个地址的内存。
this 地址偏移你把它当普通的偏移看就行。this 是一个结构体指针（vtable）。
sub_427160 是 memcpy 的包装，前两个参数是指针。

  sub_427160(this + 11, Src, 0x104u); 从 src 复制 0x104 字节到 this + 11 处
  sub_427160(this + 76, a5, 0x2C4u); 从 a5 复制 0x2c4 字节到 this + 76 处

看起来像是有覆盖。

this 这个变量看起来更像是一个 char* 指针变量，而不是一个类的实例。

yinhao1979

爱飞的猫 发表于 2022-10-18 18:00
void* 表示未知类型的指针。你可以改成 char* 凑合着用。
unk 开头直接双击查看，如果看不到内容表示这个 ...

谢谢爱飞的猫 用调试器附加或 cheat engine 之类的内存查看工具看这个地址的内存方法还没用过，我用动态调试断点后通过下面的脚本可以得到这个地址的byte数据，但是长度我是自己随意输入的，
有没有什么办法知道unk 数据的长度的数据类型？或转为字符串

[Python] 纯文本查看 复制代码

def getEncodeStr6(addr, len, fmt):
    print("addr = > %06X %d" % (addr, addr))
    out = ""
    outstr = ""
    pos = 0
    posSplit = 0
    while(True):
        ch = idaapi.get_byte(addr)
        if pos < len:
            #out += chr(ch)
            out += (fmt % ch)
            #out += ("%d " % ch)
            #print("%02x" % ch)
            outstr += chr(ch)
        else:
            break
        addr += 1
        pos += 1
        posSplit = pos%195
        if posSplit == 0:
           outstr += " " 
        
    print("pos = > %d %d" % (pos, posSplit))
    print("outstr = > %s" % outstr)
    return out

sub_426E40 是一个 thiscall 方法中参数 _DWORD *this 调用时没传入，应该是编译器自动加上，我看有些文章说是指向函数，这个this在方法内使用 this + 11, this + 76 去做内存复制，
后续数据我应该如何获取？不知道如何和后续程序的指针对应上，这边有点不太理解，这个操作最后对应在操作哪个变量，是不是 memcpy 后的数据都在 v10 这个指针里面？
这样理解对吗？完整方法如下：

[C++] 纯文本查看 复制代码

_DWORD *__thiscall sub_426E40(_DWORD *this, int a2, int a3, void *Src, void *a5)
{
  sub_427160(this + 11, Src, 0x104u);
  sub_427160(this + 76, a5, 0x2C4u);
  *this = 1;
  sub_4269E0(this);
 // 这种 this[254] 和 this+245 是不是一样都是地址偏移意思？
  this[254] = 0;   
  this[257] = 0;
  this[255] = 0;
  this[258] = 0;
  *((_BYTE *)this + 1036) = 0;
  this[291] = 0;
  this[292] = 0;
  *((_BYTE *)this + 1172) = 0;
  *((_BYTE *)this + 1180) = 0;
  this[327] = 0;
  this[253] = a2;
  this[256] = a3;
  return this;
}

爱飞的猫

最好是把文件发出来一起看

unk* 的数据类型和大小都是未知，只有在运行的时候分析或根据操作这部分内存的代码进行分析总结。IDA 的自动分析也不是一定靠谱的，因为有时候编译器优化会干扰分析。

如果数据已知是字符串，你可以一直读下去直到遇到 00 字节的时候停止。（Unicode 字符串则是等到遇到 00 00 字节时停止）。


// 这种 this[254] 和 this+245 是不是一样都是地址偏移意思？
  this[254] = 0;
是也不是，this 的类型是 dword*，因此地址偏移是 this 指向的地址 + 254 × 4 （dword 是四字节）。


  sub_427160(this + 11, Src, 0x104u);
  sub_427160(this + 76, a5, 0x2C4u);

知道 this 是 dword* 后，（76-11）×4=260 字节，刚好是 0x104 的大小，第一个call参数的复制的字节数。

爱飞的猫

建议发原文件和调试步骤，单纯看伪代码能看出来的东西不多。

另外你可以试试 HexRaysCodeXplorer 插件，将 this + xxx 变成更容易阅读的结构体。

  if ( ATL::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>::Compare(v216, &unk_433DA4) )
  {
    // 这种操作是指针赋值给 v12 并且设置初始值为0的意思吗？
    // A: 检测 this[55] 是不是 0，是一个 Boolean 类型。
    v12 = *((_DWORD *)this + 55) == 0;

    // 这种赋值的意思是将 地址对应的值设置为长度吗？
    // A: this[56] = Length; => v212 这个文件的长度
    *((_DWORD *)this + 56) = Length;

    if ( v12 )
      // 上面如果是已经对 v12 赋值为 *((_DWORD *)this + 55) 这个地址，这边这个操作还是对同一个地址再做一次初始化吗？
      // A: 这个才是初始化。你可以理解为这样：
      //    if (!this->buffer) this->buffer = new char[Length];
      //    其中 !this->buffer 就是 v12
      *((_DWORD *)this + 55) = operator new[](Length);

    // 这边这个操作是不是可以理解为将 v8 数据复制到 *((_DWORD *)this + 55) 这个地址？是不是就是对应到 v12 指向地址？
    // A: this[55][i] = b8[i]
    //    将文件内容拷贝到内存。
    for ( i = 0; i < Length; ++i )
      *(_BYTE *)(i + *((_DWORD *)this + 55)) = *((_BYTE *)v8 + i);
  }
  else
  {
    // 这个v214初始化就看不懂了，不理解和下面v10有什么关系
    // A: v10 应该是一个类的实例，sub_426E40 应该是这个类的 constructor 构造函数。
    //    返回值和 v214 可以当作同一个东西。
    v214 = operator new(0x520u);
    LOBYTE(v234) = 7;
    if ( v214 )
      v10 = (size_t *)((int (__stdcall *)(int, int, void *, void *))sub_426E40)(
                        (int)v8,
                        Length,
                        &unk_43C908,
                        &unk_43CA10);
    else
      v10 = 0;
    LOBYTE(v234) = 6;
    // 下面几个步骤都用到 v10 , 但是动态调试时 v10 数据也没变化
    // A: v10 是个结构体，有 0x520 (1312) 字节，结构体内又有指针（例如偏移 55*4 处是读入文件的内存地址）
    if ( !sub_426EE0(v10) )
    {
      AfxMessageBox("Resolving failed for file Decryption", 0, 0);
LABEL_12:
      ATL::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>::~CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char>>>(v216);
      v5 = v225;
      goto LABEL_4;
    }
    if ( !sub_4269D0(v10) )
    {
      AfxMessageBox("Signature checking failed", 0, 0);
      goto LABEL_12;
    }
    if ( !sub_427020((int)v10, 1) )
    {
      AfxMessageBox("Descryption failed for file format", 0, 0);
      goto LABEL_12;
    }
    Font = CMFCCaptionBar::OnGetFont((CMFCCaptionBar *)v10);
    v12 = *((_DWORD *)this + 55) == 0;
    *((_DWORD *)this + 56) = Font;
    if ( v12 )
      *((_DWORD *)this + 55) = operator new[]((unsigned int)Font);
    ((void (__stdcall *)(void *, int, size_t))sub_4269A0)(*((void **)this + 55), 0, 0);
    if ( v10 )
    {
      sub_4268F0((int)v10);
      operator delete(v10);
    }
  }
  operator delete(v8);
  v14 = *((_DWORD *)this + 56);
  // 这一步动态调试可以打印出来 this 地址为 0x4840000 和方法入参 CDocument *this一样 ，但是这边 *((_DWORD *)this + 55) 后 v15 0xBCF6578 
  // 0xBCF6578 和 0x4840000 + 55 对应不起来，不知道要如何理解了？
  // A: 查看内存 [ecx]+0x37*4 的值（假设 ecx = this 的值）。 
  //    "*((_DWORD *) ...)" 最前面的星号 "*" 表示读取这个地址指向的内容。
  //    v15 应该是解密后的文件头（DWORD = 四字节）。
  v15 = *((_DWORD *)this + 55);

yinhao1979

非常感谢， HexRaysCodeXplorer 插件下载后如何使用？有链接文档吗？直接把压缩包下载解压文件复制到 IDA Pro程序 plugins目录下面重启就可以使用了吗？

另外你说把文件和调试步骤发出来，文件是 指 exe 文件目录吗？调试步骤是指 IDA Pro 7.6 里面每一步的参数及输入输出吗？

yinhao1979

爱飞的猫 发表于 2022-10-20 01:44
[md]建议发原文件和调试步骤，单纯看伪代码能看出来的东西不多。

另外你可以试试 [HexRaysCodeXplorer][ ...

我想判断 sub 方法是哪种系统或库方法，有没办法 ？

爱飞的猫

文件指的是 exe/dll 可执行文件
调试步骤是触发你在看的这个函数的方法，例如“主界面选择注册，输入 123 后点击确定后触发”

我想判断 sub 方法是哪种系统或库方法，有没办法 ？
如果是粉红色，一般是系统的方法。识别为 sub_ 一般都是静态链接的，只能手动分析。

yinhao1979

爱飞的猫 发表于 2022-10-27 05:11
文件指的是 exe/dll 可执行文件
调试步骤是触发你在看的这个函数的方法，例如“主界面选择注册，输入 123  ...

具体调试文件及调试步骤可以点击下载，https://www.lrmsoft.cn/debug.zip  调试过程及分析的代码段我也写 step.txt 文件中，主要一些 sub_ 开头方法不知道要如何分析