汇编到伪代码的理解
Assembly to pseudocode understanding
我正在尝试反转可执行文件(用于学习 RE),但是我卡在了一段伪代码上,其中有些东西我没有 understand.Kindly 帮助我理解它,以便我可以改进。现在我知道有一个数组,它的编号为 32 到 2014 条目,从 2014 到 4095 条目有 fget.After 返回的字符代码,有一小段代码我无法理解,该块标有 **。
代码:
int sub_12A11A0()
{
__int16 v1; // [sp+4h] [bp-24h]@13
int v2; // [sp+8h] [bp-20h]@11
int v3; // [sp+Ch] [bp-1Ch]@8
signed int v4; // [sp+10h] [bp-18h]@13
signed int l; // [sp+14h] [bp-14h]@16
int v6; // [sp+18h] [bp-10h]@6
int v7; // [sp+18h] [bp-10h]@13
int v8; // [sp+18h] [bp-10h]@32
signed int v9; // [sp+1Ch] [bp-Ch]@8
signed int v10; // [sp+20h] [bp-8h]@8
signed int i; // [sp+24h] [bp-4h]@1
signed int j; // [sp+24h] [bp-4h]@4
int k; // [sp+24h] [bp-4h]@13
signed int m; // [sp+24h] [bp-4h]@27
for ( i = 0; i < 2015; ++i )
byte_12A3400[i] = 32;
for ( j = 2015; j < 4096; ++j )
{
v6 = fgetc(dword_12A33EC);
if ( v6 == -1 )
break;
byte_12A3400[j] = v6;
++dword_12A3088;
}
v9 = j;
v10 = 2015;
v3 = 0;
while ( v10 < v9 )
{
if ( v9 - v10 < 33 )
v2 = v9 - v10;
else
v2 = 33;
v1 = 0;
v4 = 1;
****v7 = (unsigned __int8)byte_12A3400[v10];
for ( k = v10 - 1; k >= v3; --k )
{
if ( (unsigned __int8)byte_12A3400[k] == v7 )
{
for ( l = 1; l < v2 && (unsigned __int8)*(&byte_12A3400[l] + k) == (unsigned __int8)*(&byte_12A3400[l] + v10); ++l )
;
if ( l > v4 )
{
v1 = k;
v4 = l;
}
}
}****
if ( v4 > 1 )
sub_12A1120(v1 & 0x7FF, v4 - 2);
else
sub_12A10D0(v7);
v10 += v4;
v3 += v4;
if ( v10 >= 4063 )
{
for ( m = 0; m < 2048; ++m )
byte_12A3400[m] = byte_12A3C00[m];
v9 -= 2048;
v10 -= 2048;
v3 -= 2048;
while ( v9 < 4096 )
{
v8 = fgetc(dword_12A33EC);
if ( v8 == -1 )
break;
byte_12A3400[v9++] = v8;
++dword_12A3088;
}
}
}
return sub_12A1090();
}
看来重要的是理解
*(&byte_12A3400[l] + k)
这相当于
byte_12A3400[l + k]
我正在尝试反转可执行文件(用于学习 RE),但是我卡在了一段伪代码上,其中有些东西我没有 understand.Kindly 帮助我理解它,以便我可以改进。现在我知道有一个数组,它的编号为 32 到 2014 条目,从 2014 到 4095 条目有 fget.After 返回的字符代码,有一小段代码我无法理解,该块标有 **。
代码:
int sub_12A11A0()
{
__int16 v1; // [sp+4h] [bp-24h]@13
int v2; // [sp+8h] [bp-20h]@11
int v3; // [sp+Ch] [bp-1Ch]@8
signed int v4; // [sp+10h] [bp-18h]@13
signed int l; // [sp+14h] [bp-14h]@16
int v6; // [sp+18h] [bp-10h]@6
int v7; // [sp+18h] [bp-10h]@13
int v8; // [sp+18h] [bp-10h]@32
signed int v9; // [sp+1Ch] [bp-Ch]@8
signed int v10; // [sp+20h] [bp-8h]@8
signed int i; // [sp+24h] [bp-4h]@1
signed int j; // [sp+24h] [bp-4h]@4
int k; // [sp+24h] [bp-4h]@13
signed int m; // [sp+24h] [bp-4h]@27
for ( i = 0; i < 2015; ++i )
byte_12A3400[i] = 32;
for ( j = 2015; j < 4096; ++j )
{
v6 = fgetc(dword_12A33EC);
if ( v6 == -1 )
break;
byte_12A3400[j] = v6;
++dword_12A3088;
}
v9 = j;
v10 = 2015;
v3 = 0;
while ( v10 < v9 )
{
if ( v9 - v10 < 33 )
v2 = v9 - v10;
else
v2 = 33;
v1 = 0;
v4 = 1;
****v7 = (unsigned __int8)byte_12A3400[v10];
for ( k = v10 - 1; k >= v3; --k )
{
if ( (unsigned __int8)byte_12A3400[k] == v7 )
{
for ( l = 1; l < v2 && (unsigned __int8)*(&byte_12A3400[l] + k) == (unsigned __int8)*(&byte_12A3400[l] + v10); ++l )
;
if ( l > v4 )
{
v1 = k;
v4 = l;
}
}
}****
if ( v4 > 1 )
sub_12A1120(v1 & 0x7FF, v4 - 2);
else
sub_12A10D0(v7);
v10 += v4;
v3 += v4;
if ( v10 >= 4063 )
{
for ( m = 0; m < 2048; ++m )
byte_12A3400[m] = byte_12A3C00[m];
v9 -= 2048;
v10 -= 2048;
v3 -= 2048;
while ( v9 < 4096 )
{
v8 = fgetc(dword_12A33EC);
if ( v8 == -1 )
break;
byte_12A3400[v9++] = v8;
++dword_12A3088;
}
}
}
return sub_12A1090();
}
看来重要的是理解
*(&byte_12A3400[l] + k)
这相当于
byte_12A3400[l + k]