文件:https://www.sendspace.com/file/3yowjg
密码:1
void __fastcall sub_A513C0(char *Src, HWND hWnd)
{
int input_flag; // esi
HWND v3; // edi
unsigned int pos; // ebx
int num_char; // edx
char *tmp_input_flag; // edi
char chr; // cl
int v8; // ecx
unsigned int v9; // esi
int encoded_flag; // eax
HWND v11; // [esp+Ch] [ebp-1D8h]
unsigned int v12; // [esp+10h] [ebp-1D4h]
unsigned int tmp_pos; // [esp+14h] [ebp-1D0h]
char v14[252]; // [esp+1Ch] [ebp-1C8h]
char Dst; // [esp+118h] [ebp-CCh]
char v16; // [esp+12Dh] [ebp-B7h]
CHAR Text[16]; // [esp+17Ch] [ebp-68h]
__int64 v18; // [esp+18Ch] [ebp-58h]
int v19; // [esp+194h] [ebp-50h]
char v20; // [esp+198h] [ebp-4Ch]
input_flag = Src;
v3 = hWnd;
v11 = hWnd;
strcpy_s(&Dst, 100u, Src);
pos = 0;
v12 = 0;
if ( strlen(input_flag) )
{
do
{
if ( pos )
num_char = *(input_flag + pos) - *(input_flag + pos - 1);
else
num_char = *input_flag - 65; // convert to alphabet 0->26
if ( num_char < 0 )
num_char = -num_char;
tmp_pos = 0;
if ( strlen(input_flag) ) // lower to upper
//
{
tmp_input_flag = input_flag;
do
{
chr = *tmp_input_flag;
if ( num_char + *tmp_input_flag > 90 )
chr -= 26;
++tmp_pos;
v14[tmp_input_flag++ - input_flag] = num_char + chr;
}
while ( tmp_pos < strlen(input_flag) );
pos = v12;
}
v8 = input_flag + 1;
v9 = strlen(input_flag);
if ( v9 >= 0xFA )
{
__report_rangecheckfailure(v8, num_char);
__debugbreak();
JUMPOUT(__security_check_cookie);
}
v14[v9] = 0;
++pos;
input_flag = v14;
v12 = pos;
}
while ( pos < strlen(v14) );
v3 = v11;
}
encoded_flag = strcmp(input_flag, "NMOVUMUUHUGCMOTOGCNUEY");
if ( encoded_flag )
encoded_flag = -(encoded_flag < 0) | 1;
if ( !encoded_flag && v16 == 69 )
{
v19 = 2112115;
_mm_storeu_si128(Text, _mm_loadu_si128(&xmmword_A521C0));
v18 = qword_A521D0;
memset(&v20, 0, 0x48u);
strcat_s(Text, 0x64u, &Dst);
if ( MessageBoxA(v3, Text, "Good work!", 0) == 1 )
PostQuitMessage(0);
}
}
我相信这段代码只是获取
input_flag
并使用带有凯斯密码的input_flag
首字母。#1 楼
tmp_input_flag只是一个以input_flag开头的整个字符串的当前char的指针。 tmp_input_flag = input_flag; // set to first chars location
do
{
chr = *tmp_input_flag; // hold the actual value at pointers location, e.g. 'A'
if ( num_char + *tmp_input_flag > 90 ) //check to see if outside Upper-Case letters and remedy
chr -= 26;
++tmp_pos;
v14[tmp_input_flag++ - input_flag] = num_char + chr; //in first round determine shift modifier to use in rest, except when < 65
}
一些示例情况: />
请注意,如果使用的ASCII值小于65 /'A'(第38行),则结果不受相同移位值的影响。
a -> A (32)
l -> L (32)
o -> O (32)
alo->ALO
A -> O (14)
L -> Z (14)
O -> C (12)
ALO->OZC
1 -> D (19)
2 -> E (19)
3 -> F (19)
4 -> G (19)
1234->DEFG
{ -> R (41)
} -> T (41)
| -> S (41)
~ -> U (41)
{}|~->RTSU
评论
请不要发布代码的屏幕截图。将代码作为文本包含在问题正文中。用代码编辑。