📄 main.c
字号:
//if (ref==debugAdd){fprintf(stderr,"\nisItstartAnyWay=%08X 2",ref);getch();}
pushEnvironment();
nextMode=0;
zeroCheckMode=1;
//printMode=0;
resetDisassembler(ref);
/*-----------*/pushTrace(1600);
for(i=0;i<48;i++)
{
addressfix();
c = getMap(cur_position);
b = getByteFile(cur_position);
if (b==0x00)
{
for(r=ref;r<cur_position;r++) if((getMap1(r)&0x04)==0x00) break;
if (r>=cur_position-1) {fatalError=-9; break;}
}
if ((c&0x08)==0x08) break;
else if ((c&0x05)==0x05) break;
addressprint1(0);
tok = instruction(0);
if (tok==0) {fatalError=-11; break;}
bodyprint(0);
for(j=1;j<i_col_save;j++)
{
d=getMap(cur_position+j);
if (d&0x49) { fatalError=-99; break; }
}
if (b==0xEB)
{
r=getByteFile(cur_position+1);
if(r>127) r-=256;
r+=cur_position+2;
if ((getMap(r)&0x05)==0x05)
{
for(t=r;t<r+256;t++)
{
if(getMap(t)&0x80 || (getMap(t)&0x04)==0x00) break;
}
if((getMap(t)&0x04)&&(t<r+256)) break;
}
}
if (zeroCheckMode)
{
checkZeros1();
}
if (fatalError) break;
if (needJump) break;
}
/*-----------*/popTrace();
if (fatalError==0)
{
popEnvironment();
//if (ref==debugAdd)
//{fprintf(stderr,"\nisItstartAnyWay=%08X OK ",ref);getch();}
return ref;
}
//if (ref==debugAdd)
//{fprintf(stderr,"\nisItstartAnyWay=%08X NOTOK %d",ref,fatalError);
// getch();}
fatalError=0;
popEnvironment();
return 0;
}
void trySomeAddress(DWORD ref)
{
DWORD i, r, rr, rmax;
r=ref;
rmax=imageBase+getRVA(CodeOffset+CodeSize-1)+1;
while((getMap(r)&0x0E)==0x0E){r++;}
fprintf(stderr,".");
showDotsNum++; if (showDotsNum%COLSIZE==0) fprintf(stderr,"\n");
// I don't know why I am doing this way but somehow it makes sense.
for (i=r;i<rmax;i+=4)
{
rr=getIntFile(i);
if (AddressCheck(rr) > 0)
{
if ((getMap(i+0)==0x00)
&&(getMap(i+1)==0x00)
&&(getMap(i+2)==0x00)
&&(getMap(i+3)==0x00))
{
/*---------*/pushTrace(1700);
EnterLabel(166, rr,i);
/*---------*/popTrace();
}
}
else break;
}
}
void tryAnyAddress()
{
//static int col=0;
DWORD r, rmax;
DWORD rmaxTab[32], rstartTab[32];
int i, j, k, n, num, c;
DWORD s, e, ss;
BYTE b, d;
fprintf(stderr,".");
showDotsNum++; if (showDotsNum%COLSIZE==0) fprintf(stderr,"\n");
num=nSections;
if (num>32) {num=32; fprintf(stderr,"\n...please increase the size...");}
j=0;
for (i=0;i<num;i++)
{
c=(int)shdr[i].Characteristics;
if ((c&0x60000020)==0x60000020 || c==0xC0000040)
{
rstartTab[j] = imageBase+shdr[i].VirtualAddress;
rmaxTab[j] = imageBase+shdr[i].VirtualAddress+shdr[i].SizeOfRawData;
j++;
}
}
num=j;
/*
for (i=0;i<num;i++)
{
fprintf(stderr,"\nrstartTab[i]=%08X,rmaxTab[i]=%08X",rstartTab[i],rmaxTab[i]);
}*/
fprintf(stderr,".");
showDotsNum++; if (showDotsNum%COLSIZE==0) fprintf(stderr,"\n");
for(k=0;k<num;k++)
{
r=rstartTab[k]; rmax=rmaxTab[k];
while(r<rmax)
{
if (AddressCheck(getIntFile(r)) > 0)
{
if (AddressCheck(getIntFile(r+1)) > 0
||AddressCheck(getIntFile(r+2)) > 0
||AddressCheck(getIntFile(r+3)) > 0)
{
r++;
}
else
{
//fprintf(stderr,"\nsetAnyAddress=%08X %08X",r,getIntFile(r));
//getch();
setAnyAddress(r); r+=4;
}
}
else
{
r++;
}
}
}
fprintf(stderr,".");
showDotsNum++; if (showDotsNum%COLSIZE==0) fprintf(stderr,"\n");
for(k=0;k<num;k++)
{
r=rstartTab[k]; rmax=rmaxTab[k];
while(r<rmax)
{
b=getByteFile(r);d=getByteFile(r+4);
if ((b==0xE8)&&(isGoodAddress(s=r+5+getIntFile(r+1))))
{
/*--------------*/pushTrace(1710);
if (!isItAnyAddress(s) && isItFirstTime(s) && isItStartAnyWay(s))
{
addLabels(s, 64);
addRef(1710,s,r);
r+=5;
}
else r++;
/*--------------*/popTrace();
}
else r++;
}
r=rstartTab[k]; rmax=rmaxTab[k];
while(r<rmax)
{
n=trySomeMoreAddress(r,rmax,&ss);
if (n==0) r=rmax;
else
{
for(s=ss;s<ss+4*n;s+=4)
{
e=getIntFile(s);
/*--------------*/pushTrace(1720);
if (isGoodAddress(e)&&!isItAnyAddress(e)
&&isItFirstTime(e)&&isItStartAnyWay(e))
{ addLabels(e, 16); addRef(1720,e,s);}
//if(e==0x0045605C)fprintf(stderr,"\nGOTaddLabels2 from%08X",s),getch();
/*--------------*/popTrace();
}
r=ss+4*n;
}
}
}
}
int tryMoreAddress(DWORD s, DWORD e, PDWORD start)
{
DWORD i, r;
//fprintf(stderr,"\ntryMoreAddress s=%08X e=%08X ", (int)s, (int)e);
for (i=s;i<e;i++) if (isItAnyAddress(i)) break;
if (i==e) {*start=0; return 0;}
r=i;
for (i=r+4;getOffset(i)<CodeOffset+CodeSize;i+=4) if (!isItAnyAddress(i)) break;
*start=r;
return (i-r)/4;
}
int trySomeMoreAddress(DWORD s, DWORD e, PDWORD start)
{
DWORD i, r, rmax;
r=s;
rmax=e+CodeSize;
while(1)
{
for (;r<e;r++) if (isItAnyAddress(r)) break;
if (r==e) {*start=0; return 0;}
for (i=r+4;i<rmax;i+=4) if (!isItAnyAddress(i)) break;
*start=r;
if (i-r >12) return (i-r)/4;
r++;
}
}
int looksLikeMenus(DWORD ref)
{
DWORD i, n;
for (i=ref;i<ref+12;i++) if (getIntFile(i)==-1) break;
if (i==ref+12) return 0;
i=ref; while(isprint(getByteFile(i))) i--; n=i;
for (i=n;i>n-12;i--) if (getIntFile(i)==-1) break;
if (i==n-12) return 0;
return 1;
}
void showPascalString(DWORD ref)
{
DWORD i;
int n;
n = getByteFile(ref);
orMap1(ref,0x07);
//fprintf(stderr,"\n:%08X..pascalString..",ref);
printf("\n:%08X..pascalString..",(int)ref);
//for (i=ref+1;i<ref+n+1;i++) fprintf(stderr,"%c",getByteFile(i));
for (i=ref+1;i<ref+n+1;i++) {orMap1(i,0x06); printf("%c",getByteFile(i));}
}
void showNullString(DWORD ref)
{
DWORD i;
int n;
//fprintf(stderr,"\n:%08X....NullString..",ref);
printf("\n:%08X....NullString..",(int)ref);
for (i=ref;i<ref+256;i++) if (!isprint(getByteFile(i))) break;
n=i-ref;
orMap1(ref,0x05);
//fprintf(stderr,"%c",getByteFile(ref));
//for (i=ref+1;i<ref+n;i++) fprintf(stderr, "%c",getByteFile(i));
printf("%c",getByteFile(ref));
for (i=ref+1;i<ref+n;i++) {orMap1(i,0x04); printf("%c",getByteFile(i));}
if (getByteFile(i)==0x00) {orMap1(i,0x04);} else
if (getByteFile(i)==0x0D && getByteFile(i+1)==0x0A)
{ orMap1(i,0x04);orMap1(i+1,0x04); printf(" <cr><lf>");} else
if (getByteFile(i)==0x0A)
{
orMap1(i,0x04); printf(" <lf>");
if (getByteFile(i+1)==0x0A) {orMap1(i+1,0x04); printf(" <lf>");} else
if (getByteFile(i+1)==0x00) {orMap1(i+1,0x04);}
} else
if (getByteFile(i)==0x09)
{
orMap1(i,0x04); printf(" <t>");
if (getByteFile(i+1)==0x09) {orMap1(i+1,0x04); printf(" <t>");} else
if (getByteFile(i+1)==0x00) {orMap1(i+1,0x04);}
}
if (getByteFile(i)==0x00) {orMap1(i,0x04);}
}
void markStrings(DWORD s, DWORD e)
{
DWORD i;
BYTE b, d;
/*-------------*/pushTrace(1800);
i=s;
while(i<e)
{
while(i<e)
{b=getMap1(i); d=getMap(i); if((b&0x05)==0x05 && (d==0x00 || (d&0x08)))break; i++;}
if ((b&0x07)==0x07)
{
setMap(i++,0x0B);
while(i<e+256)
{
b=getMap1(i);
if ((b&0x07)==0x06) setMap(i++,0x0A);
else break;
}
}
else if ((b&0x07)==0x05)
{
setMap(i++,0x09);
while(i<e+256)
{
b=getMap1(i);
if ((b&0x07)==0x04) setMap(i++,0x08);
else break;
}
}
else i++;
if ((b&0x05)!=0x05) i++;
}
/*-------------*/popTrace();
}
int maybePartof(DWORD r)
{
int i, m, o;
o=opcodeTable[getByteFile(r-1)];
if (o==4||o==44) return 1;
i=opcodeTable[getByteFile(r-2)];
m=modTable[o];
if (5<i&&i<12&&(m==3||m==6)) return 1;
if (i==11 && (m==1||m==8)) return 1;
if (i==13 && rmTable[o]==5 && (m==3||m==6)) return 1;
return 0;
}
void markAddress(DWORD s, DWORD e)
{
DWORD i;
int n;
BYTE b, d;
/*-------------*/pushTrace(1850);
i=s;
while (i<e)
{
b=getMap1(i); d=getMap(i); n=getIntFile(i);
if (d==0x00 && getMap(i+1)==0x00 && getMap(i+2)==0x00 && getMap(i+3)==0x00
&& (b&0x34)==0x30 && !maybePartof(i))
{
setMap(i,0x0E); setMap(i+1,0x0E); setMap(i+2,0x0E), setMap(i+3,0x0E);
if (isGoodAddress(n) && (getMap(n)&0x25)==0x25 && referCount(n)==0)
EnterLabel(167,n,i);
i+=3;
}
else if (d==0x00 && n==-1)
{setMap(i,0x0E); setMap(i+1,0x0E); setMap(i+2,0x0E), setMap(i+3,0x0E); i+=3;}
i++;
}
/*-------------*/popTrace();
}
void markAddress1(DWORD s, DWORD e)
{
DWORD i;
int n;
BYTE b, d;
/*-------------*/pushTrace(1850);
i=s;
while (i<e)
{
b=getMap1(i); d=getMap(i); n=getIntFile(i);
if ((b&0x3C)==0x30 &&
d==0x0F && getMap(i+1)==0x0F && getMap(i+2)==0x0F && getMap(i+3)==0x0F)
{setMap(i,0x0E); setMap(i+1,0x0E); setMap(i+2,0x0E), setMap(i+3,0x0E); i+=3;}
else if (d==0x0F && n==-1)
{setMap(i,0x0E); setMap(i+1,0x0E); setMap(i+2,0x0E), setMap(i+3,0x0E); i+=3;}
i++;
}
/*-------------*/popTrace();
}
void tryPascalStrings()
{
//static int col=0;
DWORD r, rmax;
int num;
DWORD rmaxTab[32], rstartTab[32];
DWORD i;
int j, k, n, c, a, l;
BYTE b, d;
num=nSections;
if (num>32) {num=32; fprintf(stderr,"\n...please increase the size...");}
j=0;
for (i=0;i<num;i++)
{
c=(int)shdr[i].Characteristics;
if ((c&0x60000020)==0x60000020)
{
rstartTab[j] = imageBase+shdr[i].VirtualAddress;
rmaxTab[j] = rstartTab[j]+shdr[i].SizeOfRawData;
j++;
}
}
num=j;
fprintf(stderr,".");
showDotsNum++; if (showDotsNum%COLSIZE==0) fprintf(stderr,"\n");
printf("\n\n+++++++++++++++++++ Possible Strings Inside Code Block +++++++++++++++++++ \n");
for(k=0;k<num;k++)
{
r=rstartTab[k]; rmax=rmaxTab[k];
l=0;
while(r<rmax)
{
while(!isprint(b=getByteFile(r))) r++;
if (getMap1(r-1)) n=0;
else n=getByteFile(r-1);
i=r; a=0; c=0;
while(isprint(b=getByteFile(i)))
{if(isalnum(b)||b==0x20||b=='\\')a++;c++;i++;}
if ((n>4 || (n>2 && r<l+8)) && n<31 && n<=c && ((n<=a) || (n>8)))
{showPascalString(r-1); r=r+n; l=r;}
else if (c>4
&& ( b==0x00
|| (b==0x0A && ((d=getByteFile(i+1))==0x0A || isprint(d) || d==0x00))
|| (b==0x0D && ((d=getByteFile(i+1))==0x0A))
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -