📄 main.c
字号:
{
if((getMap(r)&0x0F)==0x00) break;
r++;
}
s=r;
}
if(s<e) e=e;
else
{
while(r<rmax)
{
if(getMap(r)&0x0F) break;
r++;
}
e=r;
}
//{fprintf(stderr,"\n 11 ");}
/*------------*/pushTrace(2110);
n=tryMoreAddress(s, e, &pos);
/*------------*/popTrace();
//{fprintf(stderr,"\n 12 ");}
//
// this is for some special considerations like instruction which ends
// with address that follows address block case.
//
if (s==pos) ss=s; else ss=pos+4;
if (n==0) {r=e; continue;}
//
// this case deals with CCCC"address" case
//
if (n==1)
{
i=pos;
if ((e-s)<8
&& getByteFile(s)==0xCC
&& isGoodAddress(getIntFile(i))
&& referCount(i)>0)
{
/*-------------*/pushTrace(2120);
setMap(i ,0x0E); setMap(i+1,0x0E);
setMap(i+2,0x0E); setMap(i+3,0x0E);
/*-------------*/popTrace();
/*-------------*/pushTrace(2130);
MyBtreeInsertDual(167, getIntFile(i), i);
/*-------------*/popTrace();
for (i=s;i<e;i++)
if (getByteFile(i)==0xCC && getMap(i)==0x00)
{
/*-------*/pushTrace(2140);
setMap(i,0x0C);
/*-------*/popTrace();
}
else break;
}
}
//
// not significant to set address blocks
//
if (n<=3)
{
// report some suspicious case here...
r=pos+4*n;
//fprintf(stderr,"\n%08X=%08X+4*%04X",(int)r,(int)pos,n);//getch();
continue;
}
r=pos+4*n;
//fprintf(stderr,"\n...%08X=%08X+4*%04X",(int)r,(int)pos,n);//getch();
//
// well ss is either pos or pos+4 depending on whether s==pos or not
//
for(i=ss;i<pos+n*4;i+=4)
{
if(isGoodAddress(getIntFile(i)))
{
/*-----------*/pushTrace(2150);
setMap(i ,0x0E); setMap(i+1,0x0E);
setMap(i+2,0x0E); setMap(i+3,0x0E);
/*-----------*/popTrace();
/*-----------*/pushTrace(2160);
MyBtreeInsertDual(167, getIntFile(i), i);
/*-----------*/popTrace();
}
}
}
}
//fprintf(stderr,".2.");
fprintf(stderr,".");
showDotsNum++; if (showDotsNum%COLSIZE==0) fprintf(stderr,"\n");
for(k=0;k<num;k++)
{
r=rstartTab[k]; rmax=rmaxTab[k];
markStrings(r,rmax);
while(r<rmax)
{
while(r<rmax)
{
if((getMap(r)&0x0F)==0x00) break; r++;
}
s=r;
while(r<rmax)
{
if(getMap(r)&0x0F) break; r++;
}
e=r;
for(i=s;i<e;i++)
{
// i don't want to revive nop 0x90
showDots();
while(i<e&&!isItStartAnyWay(i))i++;
/*
if(s<=debugAdd&&debugAdd<e)
{
fprintf(stderr,
"\n...*** reset=%08X map=%02X %02X fatalError=%3d op=%02X m=%02X col=%d",
i,getMap(i),getMap(i+1),fatalError,i_opcode,i_mod,i_col_save);
}*/
if (fatalError==0) break;
}
if (i<e)
{
nextMode=3;
resetDisassembler(i);
/*-----------*/pushTrace(2210);
Disassembler1();
/*-----------*/popTrace();
if (fatalError)
{
//fprintf(stderr, "\n! fatalError = %3d getMap=%02X cur_position=%08X ",
//fatalError, getMap(cur_position), cur_position);
//fprintf(stdout, "\n! fatalError = %3d getMap=%02X cur_position=%08X ",
//fatalError, getMap(cur_position), cur_position);
my_h.m=nextMode;
my_h.f=2220;
my_h.r=lastReset;
my_h.c=cur_position;
/*----------*/pushTrace(2220);
eraseUncertain(cur_position, &my_h);
/*----------*/popTrace();
}
else
{
/*----------*/pushTrace(2230);
checkWellDone(i, cur_position);
/*----------*/popTrace();
}
r=cur_position+1; // could be very dangerous ...
}
}
}
fprintf(stderr,".");
showDotsNum++; if (showDotsNum%COLSIZE==0) fprintf(stderr,"\n");
for(k=0;k<num;k++)
{
r=rstartTab[k]; rmax=rmaxTab[k];
/*---------*/pushTrace(2240);
PostProcessing2(r, rmax);
/*---------*/popTrace();
/*---------*/pushTrace(2250);
markAddress1(r, rmax);
/*---------*/popTrace();
}
fprintf(stderr,".");
showDotsNum++; if (showDotsNum%COLSIZE==0) fprintf(stderr,"\n");
for(k=0;k<HintCnt;k++)
{
y=Hints[k];
i=y.class; r=y.c_pos; rmax=y.c_ref;
switch(i)
{
case 1: changeToAddress(r,rmax); break;
case 2: changeToBytes(r,rmax); break;
case 3: changeToCode(r, rmax); break;
case 4: changeToDword(r,rmax); break;
case 5: changeToFloat(r,rmax); break;
case 6: changeToDouble(r,rmax); break;
case 7: changeToQuad(r,rmax); break;
case 8: changeTo80Real(r,rmax); break;
case 9: changeToWord(r,rmax); break;
case 10: changeToNullString(r); break;
case 11: changeToPascalString(r); break;
case 12: break;
default: fprintf(stderr,"\nSOMETHING IS WRONG"); Myfinish();
}
}
}
// ***************************************
// some reporting functions
// ***************************************
void printTrace()
{
int i;
fprintf(stderr,"\n..Traces are...\n");
for (i=0;i<debugx;i++) fprintf(stderr,"%3d:%4d, ",i,debugTab[i]);
//getch();
debugx=0;
}
void peekTrace()
{
int i;
fprintf(stderr,"\n..Traces are...\n");
for (i=0;i<debugx;i++) fprintf(stderr,"%3d:%4d, ",i,debugTab[i]);
}
int totZero=0;
void MapSummary()
{
DWORD s, e, r, rmax;
int n;
r=imagebaseRVA;
rmax=imageBase+getRVA(CodeOffset+CodeSize-1)+1;
n=0;
printf("\n+++++++++++++++++++ Somewhat Suspicious Blocks +++++++++++++++++++ \n");
while(r<rmax)
{
while(r<rmax && getMap(r)>0) r++;
s=r;
while(r<rmax && getMap(r)==0) r++;
e=r;
printf("\nzero blocks::%08X-%08X", (int)s, (int)e);
n+=e-s;
}
//printf("\nTotal zero blocks=%08X\n",n);
//fprintf(stderr,"\nTotal zero blocks=%08X",n);
totZero=n;
}
void ReportMap()
{
DWORD r, rmax;
int n;
r=imagebaseRVA;
rmax=imageBase+getRVA(CodeOffset+CodeSize-1)+1;
n=0;
while(r<rmax)
{
if(n%24==0)printf("\n%08X:",(int)r);
printf(" %02X",getMap(r));
r++; n++;
}
printf("\n");
}
extern int addLabelsHistogram[];
void reportHistory()
{
history h;
int i;
printf("\nListings of History");
for (i=0;i<256;i++)
{
if (i%6==0) printf("\n");
printf("%02X:%4d-%4d ",i,resetHistogram[i],addLabelsHistogram[i]);
}
printf("\nErrors occured..");
for (i=0;i<hCnt;i++)
{
h=History[i];
printf("\ni=%4d m=%3d f=%4d l=%3d r=%08X c=%08X :: s=%08X e=%08X",
i+1, h.m, h.f, h.l, (int)(h.r), (int)(h.c), (int)(h.s), (int)(h.e));
}
}
void readHint()
{
FILE *fp;
char line[80];
int i;
int a, b;
BYTE c;
_key_ k;
//fprintf(stderr,"\nreadHint()");
fp=fopen(mname, "r");
while(1)
{
for(i=0;i<80;i++)line[i]=0;
fscanf(fp,"%s",line);
c=line[0];
if (c=='x') break;
switch(c)
{
case 'a': k.class= 1; sscanf(line,"%*2c%08X", &a);
k.c_pos=a; k.c_ref=0; break;
case 'A': k.class= 1; sscanf(line,"%*2c%08X%*c%08X", &a, &b);
k.c_pos=a; k.c_ref=b; break;
case 'b': k.class= 2; sscanf(line,"%*2c%08X", &a);
k.c_pos=a; k.c_ref=0; break;
case 'B': k.class= 2; sscanf(line,"%*2c%08X%*c%08X", &a, &b);
k.c_pos=a; k.c_ref=b; break;
case 'c': k.class= 3; sscanf(line,"%*2c%08X", &a);
k.c_pos=a; k.c_ref=0; break;
case 'C': k.class= 3; sscanf(line,"%*2c%08X%*c%08X", &a, &b);
k.c_pos=a; k.c_ref=b; break;
case 'd': k.class= 4; sscanf(line,"%*2c%08X", &a);
k.c_pos=a; k.c_ref=0; break;
case 'D': k.class= 4; sscanf(line,"%*2c%08X%*c%08X", &a, &b);
k.c_pos=a; k.c_ref=b; break;
case 'f': k.class= 5; sscanf(line,"%*2c%08X", &a);
k.c_pos=a; k.c_ref=0; break;
case 'F': k.class= 5; sscanf(line,"%*2c%08X%*c%08X", &a, &b);
k.c_pos=a; k.c_ref=b; break;
case 'g': k.class= 6; sscanf(line,"%*2c%08X", &a);
k.c_pos=a; k.c_ref=0; break;
case 'G': k.class= 6; sscanf(line,"%*2c%08X%*c%08X", &a, &b);
k.c_pos=a; k.c_ref=b; break;
case 'q': k.class= 7; sscanf(line,"%*2c%08X", &a);
k.c_pos=a; k.c_ref=0; break;
case 'Q': k.class= 7; sscanf(line,"%*2c%08X%*c%08X", &a, &b);
k.c_pos=a; k.c_ref=b; break;
case 'r': case 'R':
moreprint=1; break;
case 't': k.class= 8; sscanf(line,"%*2c%08X", &a);
k.c_pos=a; k.c_ref=0; break;
case 'T': k.class= 8; sscanf(line,"%*2c%08X%*c%08X", &a, &b);
k.c_pos=a; k.c_ref=b; break;
case 'w': k.class= 9; sscanf(line,"%*2c%08X", &a);
k.c_pos=a; k.c_ref=0; break;
case 'W': k.class= 9; sscanf(line,"%*2c%08X%*c%08X", &a, &b);
k.c_pos=a; k.c_ref=b; break;
case 'n': k.class=10; sscanf(line,"%*2c%08X", &a);
k.c_pos=a; k.c_ref=0; break;
case 'N': k.class=10; sscanf(line,"%*2c%08X%*c%08X", &a, &b);
k.c_pos=a; k.c_ref=b; break;
case 'p': k.class=11; sscanf(line,"%*2c%08X", &a);
k.c_pos=a; k.c_ref=0; break;
case 'P': k.class=11; sscanf(line,"%*2c%08X%*c%08X", &a, &b);
k.c_pos=a; k.c_ref=b; break;
case 'u': k.class=12; sscanf(line,"%*2c%08X%*c%08X", &a, &b);
debugAdd=a; debugAdd1=b; break;
default: k.class= 0; break;
}
if (k.class==0) break;
Hints[HintCnt++]=k;
}
fclose(fp);
}
int stringCheck(int c, DWORD ref, DWORD pos)
{
int n;
DWORD rmax;
PBYTE q, qq;
rmax=imageBase+getRVA(CodeOffset+CodeSize-1)+1;
if(pos<imagebaseRVA) return 1;
if(pos>rmax) return 1;
q=toFile(ref);
switch(c)
{
case 512: case 513: case 520: case 1024:
n=q?strlen(q):0;
qq=q;
if(n>0) while(qq<q+n&&isprint(*qq))qq++;
if(n>0) while(qq<q+n&&isspace(*qq))qq++;
if ((n>0&&qq==q+n)||(getMap1(ref)&0x05)==0x05)
{
if (getMap(pos)==0) break;
/*----------*/pushTrace(2300);
if (getMap(pos)&0x05) orMap(pos, 0x10);
/*----------*/popTrace();
}
default:
}
return 1;
}
void labelBody1(int class, DWORD ref, DWORD pos)
{
int c;
DWORD r, rr;
BYTE b, bb;
c = class;
r = ref;
rr= pos;
//if (r==0x0100139C) fprintf(stderr,"\nTADA...TADA...c=%3d rr=%08X mr=%02X mrr=%02X",
// c,rr,getMap(r),getMap(rr));
if (CodeOffset+CodeSize<=getOffset(r))
{stringCheck(c, r, rr); return;}
b=getMap(r);
if (b==0) return;
if ((b&0x05)!=0x05 && (b&0x08)==0) return;
bb=getMap(rr);
if ((b==0x0F)&&(bb==0x0F)) return;
switch(c)
{
case 1: case 2:
if (bb==0) break;
if (b==0x0F) break;
if ((b&0x20)&&(bb&0x05)==0x05) break;
/*-----------*/pushTrace(2310);
if (bb&0x05) orMap(r, 0x20);
/*-----------*/popTrace();
break;
case 3: case 4:
if (bb==0) break;
if (b==0x0F) break;
if (b==0x0F) break;
if ((b&0x20)&&(bb&0x05)==0x05) break;
/*-----------*/pushTrace(2320);
if (bb&0x05) orMap(r, 0x20);
/*-----------*/popTrace();
break;
case 5: case 7: case 9:
if (bb==0) break;
if (b==0x0F) break;
if ((b&0x20)&&(bb&0x05)==0x05) break;
/*-----------*/pushTrace(2330);
if (bb&0x05) orMap(r, 0x20);
/*-----------*/popTra⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -