📄 main.c
字号:
|| (b==0x09 && ((d=getByteFile(i+1))==0x09 || d==0x00))
)
)
{
if(c>5||!touchAnyAddress(i-1)||looksLikeMenus(i-1))
showNullString(r);
while (getMap1(i)==0x04) i++;
if(getByteFile(i)==0x00) i++; r=i; l=r;
}
else r++;
}
}
}
void checkOneInstructionFiller(DWORD r)
{
/*--------------*/pushTrace(1900);
if (getMap(r)==0 && getMap(r+1)==0 && getMap(r+2)!=0 &&
getByteFile(r)==0x8B && getByteFile(r+1)==0xC0)
{setMap(r,0x05); setMap(r+1,0x04);}
/*--------------*/popTrace();
return;
}
void changeToAddress(DWORD s, DWORD e)
{
}
void changeToBytes(DWORD s, DWORD e)
{
}
void changeToCode(DWORD s, DWORD e)
{
DWORD i;
BYTE b;
//fprintf(stderr,"\nGEE YOU GOT ME s=%08X e=%08X",s,e);getch();
for (i=s;i<e;i++) {b=getMap(i);exMap(i,(b&0x0F));}
nextMode=3;
zeroCheckMode=1;
//printMode=0;
resetDisassembler(s);
Disassembler1();
}
void changeToDword(DWORD s, DWORD e)
{
}
void changeToFloat(DWORD s, DWORD e)
{
}
void changeToDouble(DWORD s, DWORD e)
{
}
void changeToQuad(DWORD s, DWORD e)
{
}
void changeTo80Real(DWORD s, DWORD e)
{
DWORD i;
//fprintf(stderr,"\nchangeTo80Real %08X %08X",s,e),getch();
if (e==0)
{
if(getMap(s)&0x20); else setMap(s,0x1F);
for(i=s+1;i<s+10;i++)setMap(i,0x0F);
}
else if(e>s && (e-s)%10==0)
{
for(i=s;i<e;i++)
{
orMap(i,0x0F);
if((i-s)%10==0)
{
if(getMap(i)&0x20); else orMap(i,0x10);
}
}
}
}
void changeToWord(DWORD s, DWORD e)
{
}
void changeToNullString(DWORD r)
{
}
void changeToPascalString(DWORD r)
{
}
void PostProcessing2(DWORD s, DWORD e)
{
DWORD i, r;
int n, nn, nz;
DWORD rs, re, ri, rr, rt, rmax;
DWORD ts, te;
int cBox[256];
BYTE b;
fprintf(stderr,"*");
showDotsNum++; if (showDotsNum%COLSIZE==0) fprintf(stderr,"\n");
r = s;
rmax = e;
r=rmax-1;
while(getByteFile(r)==0&&(getMap(r)&0x80)==0)r--;
r++;
while(r<rmax)
{
/*---------*/pushTrace(1910);
setMap(r, 0x0F); r++;
/*---------*/popTrace();
}
// I got something which is not processed yet.
// I'll set everything to byte data whew...
r=s;
while(r<rmax)
{
if ((getMap(r)&0x0C)==0)
{
//checkOneInstructionFiller(r);
/*---------*/pushTrace(1920);
setMap(r, 0x0F);
/*---------*/popTrace();
}
r++;
}
// now i am doing something should be done.
// i am trying to find code blocks which lies between
// some address blocks or byte blocks which is imcomplete
// namely, which does not have return or jmp statement.
// so it should looks like
// {START|address|byte}code{address|byte|END}
// if this code block ends with C3 or C2 something or
// one of jmp statment it is OK
// otherwise there is some problem.
r=s;
ri=r;
fprintf(stderr,".");
showDotsNum++; if (showDotsNum%COLSIZE==0) fprintf(stderr,"\n");
//fprintf(stderr, " p1");
while(r<rmax)
{
while((b=getMap(r))&0x08)
{
if (b==0x2F)
{
/*----------*/pushTrace(1930);
setMap(r, 0x0F); rr=r;
/*----------*/popTrace();
}
r++;
}
rs=r;n=0;rt=0;
for(i=0;i<256;i++)cBox[i]=0;
while((r<rmax)&&(((b=getMap(r))&0x08)==0x00))
{
if ((getMap(r)&0x05)==0x05)
{
cBox[getByteFile(r)]+=1;
n++;ri=r;
if (touchAnyAddress(ri))
{
//if(rs<=debugAdd&&debugAdd<=rs+0x200)
// fprintf(stderr,"\ntouchAnyAddress=%08X",ri);
rt++;
}
//{
//
//}
}
r++;
}
re=r;nn=0;nz=0;
for(i=0x41;i<0x5B;i++)nn+=cBox[i];
for(i=0x61;i<0x7B;i++)nn+=cBox[i];
nn+=cBox[0x00]+cBox[0x90];
nz+=cBox[0x00]+cBox[0x01]+cBox[0x02]+cBox[0x03];
nz+=rt; // I don't know whether this is OK or Not
/*
if (rs<=debugAdd&&debugAdd<=re)
{
fprintf(stderr,"\n*********YO YO***********");
fprintf(stderr,"\nn=%3d nn=%3d nz=%3d rs=%08X re=%08X rt=%3d getMap()=%02X",
n,nn,nz,rs,re,rt,getMap(debugAdd));
getch();
}*/
if((nn*3>n*2)||(nz*2>n)||(n==1&&isNotGoodJump(rs))||
(n<16
&&(cBox[0xC2]+cBox[0xC3]==0)
&&(getByteFile(ri)!=0xE9)
&&(getByteFile(ri)!=0xE8)
&&(getByteFile(ri)!=0xFF)))
{
// try to save partial results
r=rs;
while(r<re)
{
for(i=r;i<re;i++) if ((getMap(i)&0x80)==0x80) break;
if(i<re)te=i+1;else te=i;
for(i=r;i<te;i++) if ((getMap(i)&0x60)&&(isThisGoodRef(i,r,re))) break;
ts=i;
/*--------------*/pushTrace(1940);
for(i=r;i<ts;i++) setMap(i,0x0F);
/*--------------*/popTrace();
if(r<te) r=te;
else r++;
}
}
r=re;
}
// now for some final touch,,
// namely clear some garbage code which clings to byte data
//fprintf(stderr, " p2");
fprintf(stderr,".");
showDotsNum++; if (showDotsNum%COLSIZE==0) fprintf(stderr,"\n");
r=s;
while(r<rmax)
{
//fprintf(stderr, " r==%08X",r);
while((r<rmax)&&((getMap(r)&0x0F)==0x0F)){r++;}
while((r<rmax)&&((getMap(r)&0x0F)!=0x0F)){r++;}
if (getMap(r-1)==0x0C && getMap(r-2)==0x0F)
{
/*--------------*/pushTrace(1950);
setMap(r-1,0x0F);
/*--------------*/popTrace();
continue;
}
if((getMap(r-1)&0x80)==0)
{
re=r;r--;
while(r>s && ((b=getMap(r))&0x80)==0x00 && !(b&0x40)){r--;}
if(((b=getMap(r))&0x40)||(b&0x0C)==0x0C){r=re;continue;}
r++;
while(r<re)
{
if((getMap(r)&0x08)==0x08) { r=re; break; } // 0x0C -> 0x08 .. check it..
/*------------*/pushTrace(1960);
setMap(r, 0x0F); r++;
/*------------*/popTrace();
}
}
}
// now for some real final touch,, nov.10,1997 -sangcho-
// namely clear some garbage code which clings hard to byte data
//fprintf(stderr, " p3");
fprintf(stderr,".");
showDotsNum++; if (showDotsNum%COLSIZE==0) fprintf(stderr,"\n");
r=s;
while(r<rmax)
{
while((r<rmax)&&((getMap(r)&0x08)==0x08)){r++;}
while((r<rmax)&&((getMap(r)&0x08)!=0x08)){r++;}
//if((getMap(r-1)&0x80))
{
re=r;
r--;
//if((getMap(r-1)&0x88)==0)
if((getMap(r)&0x88)==0)
{
r--;
while(((b=getMap(r))&0x88)==0&&!(b&0x40)){r--;}
if(getMap(r)&0x40){r=re;continue;}
r++;
rs=r;n=0;
for(i=0;i<256;i++)cBox[i]=0;
while((r<re)&&((getMap(r)&0x08)==0x00))
{
if ((getMap(r)&0x05)==0x05){cBox[getByteFile(r)]+=1;n++;ri=r;}
r++;
}
nz=0;
for(i=0;i<0x33;i++)nz+=cBox[i];
nz-=cBox[0xC3]*n+cBox[0xE9]+cBox[0xFF];
//nz=cBox[0x00]+cBox[0x01]+cBox[0x02]+cBox[0x03];
if((nz*2>n)||(n==1&&isNotGoodJump(rs)))
{
r=rs;
while(r<re)
{
if(getMap(r)&0x40){r=re;break;}
/*------------*/pushTrace(1970);
setMap(r, 0x0F); r++;
/*------------*/popTrace();
}
}
}
r=re;
}
}
// now for some real final touch,, nov.12,1997 -sangcho-
// namely clear some garbage code which clings hard to byte data
// this time we need to
// find the code block which clings after byte data and which is dead.
// so no outside reference is made, then you need to check out
// carefully what is code and what is byte,
// so this is what i do:
// if each instruction is in ascii character range including
// 00 and 20 and 2A you treat them as byte data.
// but if you find 55 then you are almost done!
// and check if next byte is something 8B or not.
// if it is then you are really done.
// and convert everything between start to just before 55 to
// byte data!
//fprintf(stderr, " p4");
fprintf(stderr,".");
showDotsNum++; if (showDotsNum%COLSIZE==0) fprintf(stderr,"\n");
r=s;
while(r<rmax)
{
while((r<rmax)&&((getMap(r)&0x08)!=0x08)){r++;}
while((r<rmax)&&((getMap(r)&0x08)==0x08)){r++;}
if(getMap(r)&0x40) continue;
if(!(getMap(r)&0x02))continue;
rs=r;
while((r<rmax)&&!((b=getMap(r))&0x02)&&!(b&0x80)){r++;}
if(!(getMap(r)&0x02))continue;
re=r;
r=rs;
while((r<rmax)&&(getByteFile(r)<0x80)){r++;}
if((getByteFile(r)==0x8B)
&&(getByteFile(r-1)==0x55)){rr=r-1;}
else {r=re;continue;}
r=rs;nn=0;
while(r<rr)
{
if((getMap(r)&0x20)&&referCount(r)>0)nn++;
r++;
}
if(nn){r=re;continue;}
r=rs;
/*--------------*/pushTrace(1980);
while(r<rr){ setMap(r, 0x0F); r++; }
/*--------------*/popTrace();
r=re;
}
//fprintf(stderr,"1$");
}
int checkWellDone(DWORD s, DWORD e)
{
DWORD i;
BYTE b;
//return PostProcessing2(s, e);
for (i=s;i<e;i++)
{
if((getMap(i)&0x05)==0x05 && touchAnyAddress(i) && isAddressBlock(i)) break;
}
if(i<e)
{
//fprintf(stdout, "\n**!! fatalError = %3d getMap=%02X cur_position=%08X i=%08X",
// fatalError, getMap(cur_position), cur_position,i);
my_h.m=nextMode;
my_h.f=2000;
my_h.r=lastReset;
my_h.c=cur_position;
/*-----------*/pushTrace(2000);
eraseUncertain(i, &my_h);
/*-----------*/popTrace();
return 0;
}
if (((b=getMap(cur_position))&0x05)!=0x05&&!(b&0x08))
{
//fprintf(stderr, "\n!! fatalError = %3d getMap=%02X cur_position=%08X ",
// fatalError, getMap(cur_position), cur_position);
//fprintf(stdout, "\n!! fatalError = %3d getMap=%02X cur_position=%08X ",
// fatalError, getMap(cur_position), cur_position);
my_h.m=nextMode;
my_h.f=2010;
my_h.r=lastReset;
my_h.c=cur_position;
/*-----------*/pushTrace(2010);
eraseUncertain(cur_position, &my_h);
/*-----------*/popTrace();
}
return 1;
}
void PostProcessing1()
{
//static BYTE bb=0xFF;
DWORD r, s, e, rmax;
DWORD rmaxTab[16], rstartTab[16];
DWORD i, ss, pos;
int k, n, num;
//BYTE b, d;
_key_ y;
//ReportMap();
//printMode=1;
num=getNumExeSec();
if (num>16) {num=16; fprintf(stderr,"\n...please increase the size...");}
for (i=0;i<num;i++)
{
rstartTab[i] = imageBase+shdr[i].VirtualAddress;
rmaxTab[i] = rstartTab[i]+shdr[i].SizeOfRawData;
}
//fprintf(stderr,".1.");
fprintf(stderr,".");
showDotsNum++; if (showDotsNum%COLSIZE==0) fprintf(stderr,"\n");
for(k=0;k<num;k++)
{
r=rstartTab[k]; rmax=rmaxTab[k];
s=0; e=0;
//{fprintf(stderr," continue1 ");}
while(r<rmax)
{
//{fprintf(stderr,"\n continue2 ");}
if (s<r && r<e) s=r;
else
{
while(r<rmax)
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -