标签:word inf news lob efault click nsis ida 事件
以下为ida pro 反编译的按钮事件伪代码
留存下来,以作研究
void __fastcall TMainForm_btnCreateNewSwitehClick(int a1)
{
int v1; // ebx
char v2; // ST08_1
Dialogs **v3; // eax
int v4; // edx
int v5; // edi
int v6; // edx
int v7; // ecx
int v8; // eax
int v9; // edx
int v10; // eax
int v11; // edi
char *i; // esi
char s; // [esp+Ch] [ebp-A0h]
char src; // [esp+4Ch] [ebp-60h]
char v15; // [esp+4Dh] [ebp-5Fh]
char v16; // [esp+4Eh] [ebp-5Eh]
char v17; // [esp+4Fh] [ebp-5Dh]
char v18; // [esp+50h] [ebp-5Ch]
char v19; // [esp+51h] [ebp-5Bh]
char v20; // [esp+52h] [ebp-5Ah]
char v21; // [esp+53h] [ebp-59h]
char v22; // [esp+54h] [ebp-58h]
char v23; // [esp+55h] [ebp-57h]
char v24; // [esp+56h] [ebp-56h]
char v25; // [esp+57h] [ebp-55h]
char v26; // [esp+58h] [ebp-54h]
char v27; // [esp+59h] [ebp-53h]
char v28; // [esp+5Ah] [ebp-52h]
int v29; // [esp+5Ch] [ebp-50h]
char v30; // [esp+61h] [ebp-4Bh]
char v31; // [esp+62h] [ebp-4Ah]
char v32; // [esp+63h] [ebp-49h]
char v33; // [esp+64h] [ebp-48h]
char v34; // [esp+65h] [ebp-47h]
char v35; // [esp+66h] [ebp-46h]
char v36; // [esp+67h] [ebp-45h]
__int16 v37; // [esp+78h] [ebp-34h]
int v38; // [esp+84h] [ebp-28h]
int v39; // [esp+8Ch] [ebp-20h]
int v40; // [esp+90h] [ebp-1Ch]
int v41; // [esp+94h] [ebp-18h]
int v42; // [esp+98h] [ebp-14h]
char v43; // [esp+9Ch] [ebp-10h]
char v44; // [esp+A0h] [ebp-Ch]
int v45; // [esp+A4h] [ebp-8h]
int v46; // [esp+A8h] [ebp-4h]
v1 = a1;
__InitExceptBlockLDTC();
v37 = 8;
v45 = 0;
++v38;
TControl::GetText(*(TControl **)(v1 + 784));
sub_461734(&v44);
++v38;
v2 = System::AnsiString::operator==(&v45, &v44);
--v38;
sub_4617A8(&v44, 2);
--v38;
sub_4617A8(&v45, 2);
if ( v2 )
{
v37 = 20;
v3 = (Dialogs **)sub_461734(&v43);
++v38;
Dialogs::ShowMessage(*v3, v4);
--v38;
sub_4617A8(&v43, 2);
}
else
{
//---开始
src = 1; //0x01
//---ID
v15 = 48; //0x30
v16 = 48; //0x30
//---命令
v17 = 87; //0x57
v18 = 82; //0x52
//---类型
v19 = 48; //0x30
//---out
v20 = 48; //0x30
v21 = 48; //0x30
v22 = 48; //0x30
//---in
v23 = 48; //0x30
v24 = 48; //0x30
v25 = 48; //0x30
//---CHK
v26 = 48; //0x30
v27 = 48; //0x30
//---结束
v28 = 4; //0x04
switch ( (*(int (**)(void))(**(_DWORD **)(v1 + 784) + 200))() )
{
case 1:
v19 = 86; //0x56
break;
case 2:
v19 = 72; //0x48
break;
case 3:
v19 = 83; //0x53
break;
case 4:
v19 = 77; //0x4d
break;
case 5:
v19 = 65; //0x41
break;
case 6:
v19 = 68; //0x44
break;
case 7:
v19 = 71; //0x47
break;
case 8:
v19 = 89; //0x59
break;
case 9:
v19 = 66; //0x42
break;
case 10:
v19 = 67; //0x43
break;
case 11:
v19 = 69; //0x45
break;
case 12:
v19 = 70; //0x46
break;
case 13:
v19 = 75; //0x4b
break;
default:
v19 = 86; //0x56
break;
}
v37 = 44;
v42 = 0;
++v38;
TControl::GetText(*(TControl **)(v1 + 756));
v5 = sub_4128D4(v42, 1);
--v38;
sub_4617A8(&v42, 2);
v37 = 32;
LOBYTE(v6) = 1;
v15 = sub_402370(v5, v6);
v16 = sub_402370(v5, 0);
v37 = 56;
v41 = 0;
++v38;
TControl::GetText(*(TControl **)(v1 + 772));
sub_4128D4(v41, 1);
sub_401C90(3);
--v38;
sub_4617A8(&v41, 2);
v20 = v34;
v21 = v35;
v22 = v36;
v37 = 68;
v40 = 0;
++v38;
TControl::GetText(*(TControl **)(v1 + 768));
sub_4128D4(v40, 1);
sub_401C90(3);
--v38;
sub_4617A8(&v40, 2);
v23 = v31;
LOWORD(v7) = 15;
v24 = v32;
v25 = v33;
v8 = sub_401D08(v1, &src, v7);
v30 = v8;
LOBYTE(v9) = 1;
v37 = 32;
v10 = sub_402370(v8, v9);
v26 = v10;
LOBYTE(v10) = v30;
v27 = sub_402370(v10, 0);
memset(&s, 0, 0x40u);
memcpy(&s, &src, 0xFu);
v29 = strlen(&s);
v37 = 80;
sub_461734(&v46);
++v38;
v37 = 32;
v11 = 0;
for ( i = &s; v11 < v29; ++i )
{
v37 = 92;
v39 = 0;
++v38;
Sysutils::IntToHex(*i, 2);
System::AnsiString::operator+=(&v46, &v39);
--v38;
sub_4617A8(&v39, 2);
++v11;
}
(*(void (__fastcall **)(_DWORD, int))(**(_DWORD **)(*(_DWORD *)(v1 + 780) + 544) + 56))(
*(_DWORD *)(*(_DWORD *)(v1 + 780) + 544),
v46);
--v38;
sub_4617A8(&v46, 2);
}
}
另两个比较重要的
unsigned __int8 __fastcall sub_402370(unsigned __int8 a1, char a2)
{
int v2; // kr00_4
unsigned __int8 result; // al
unsigned __int8 v4; // dl
if ( a2 == 1 )
{
v2 = a1;
result = a1 / 16 + 48;
if ( result > 0x39u )
result = v2 / 16 + 55;
}
else
{
v4 = (unsigned __int16)(a1 % 16) + 48;
result = v4;
if ( v4 > 0x39u )
result = v4 + 7;
}
return result;
}
int __fastcall sub_401D08(int a1, int a2, __int16 a3)
{
int v3; // ebx
int v4; // edx
signed __int16 v5; // si
_BYTE *v6; // eax
v3 = a2;
v4 = 0;
v5 = 1;
v6 = (_BYTE *)(v3 + 1);
while ( v5 < a3 - 3 )
{
LOBYTE(v4) = *v6 ^ v4;
++v5;
++v6;
}
return v4;
}
标签:word inf news lob efault click nsis ida 事件
原文地址:https://www.cnblogs.com/jeroen/p/12199145.html