SmardDec v0.0.3 Plugin for IDA Pro

smartdec

The main goal of the project is to implement a retargetable and highly modular native code to C/C++ decompiler using the latest research results in the field of decompilation.

On this website you can download a beta version of the decompiler or just check out some examples of its application. If you are interested in using SmartDec, please contact us.

原汇编代码:

554748:	push	ebp
554749:	mov	ebp, esp
55474b:	add	esp, 0xfffffff8
55474e:	push	ebx
55474f:	push	esi
554750:	push	edi
554751:	xor	ebx, ebx
554753:	mov	[ebp + 0xf8]:32, ebx
554756:	mov	[ebp + 0xfc]:32, ecx
554759:	mov	edi, edx
55475b:	mov	ebx, eax
55475d:	mov	esi, [ebp + 0x8]:32
554760:	xor	eax, eax
554762:	push	ebp
554763:	push	0x5548f6
554768:	push	[eax]:32
55476b:	mov	[eax]:32, esp
55476e:	cmp	esi, [ebp + 0xfc]:32
554771:	jl	0x55477b
554773:	cmp	esi, [ebx + 0x2a0]:32
554779:	jge	0x55479c
55477b:	lea	edx, [ebp + 0xf8]:0
55477e:	mov	eax, [0x7d9a60]:32
554783:	call	0x40d6c4
554788:	mov	ecx, [ebp + 0xf8]:32
55478b:	mov	dl, 0x1
55478d:	mov	eax, [0x48dc40]:32
554792:	call	0x428b3c
554797:	call	0x408cb0
55479c:	cmp	edi, [ebp + 0xfc]:32
55479f:	jge	0x5547a4
5547a1:	mov	edi, [ebp + 0xfc]:32
5547a4:	cmp	esi, edi
5547a6:	jge	0x5547aa
5547a8:	mov	edi, esi
5547aa:	mov	eax, [ebx + 0x298]:32
5547b0:	cmp	eax, [ebp + 0xfc]:32
5547b3:	jnz	0x5547bd
5547b5:	cmp	esi, [ebx + 0x29c]:32
5547bb:	jz	0x5547f9
5547bd:	mov	eax, [ebp + 0xfc]:32
5547c0:	mov	[ebx + 0x298]:32, eax
5547c6:	mov	[ebx + 0x29c]:32, esi
5547cc:	mov	eax, ebx
5547ce:	call	0x53bd64
5547d3:	test	al, al
5547d5:	jz	0x5547f9
5547d7:	cmp	edi, [ebx + 0x294]:32
5547dd:	setz	al
5547e0:	neg	al
5547e2:	sbb	eax, eax
5547e4:	push	eax
5547e5:	push	esi
5547e6:	mov	eax, [ebp + 0xfc]:32
5547e9:	push	eax
5547ea:	push	0x2
5547ec:	mov	eax, ebx
5547ee:	call	0x53b98c
5547f3:	push	eax
5547f4:	call	0x412cdc
5547f9:	cmp	edi, [ebx + 0x294]:32
5547ff:	jz	0x5548e0
554805:	mov	[ebx + 0x294]:32, edi
55480b:	mov	eax, ebx
55480d:	call	0x53bd64
554812:	test	al, al
554814:	jz	0x5548c9
55481a:	call	0x5b0b48
55481f:	mov	edx, [eax]:32
554821:	call	[edx + 0x118]:32
554827:	test	al, 0x1
554829:	jz	0x554886
55482b:	mov	eax, ebx
55482d:	call	0x5546ec
554832:	test	al, al
554834:	jz	0x554850
554836:	push	0x0
554838:	mov	eax, [ebx + 0x294]:32
55483e:	push	eax
55483f:	push	0x2
554841:	mov	eax, ebx
554843:	call	0x53b98c
554848:	push	eax
554849:	call	0x412cd4
55484e:	jmp	0x55486e
554850:	push	0x0
554852:	mov	eax, [ebx + 0x29c]:32
554858:	sub	eax, [ebx + 0x294]:32
55485e:	push	eax
55485f:	push	0x2
554861:	mov	eax, ebx
554863:	call	0x53b98c
554868:	push	eax
554869:	call	0x412cd4
55486e:	push	0x101
554873:	push	0x0
554875:	push	0x0
554877:	mov	eax, ebx
554879:	call	0x53b98c
55487e:	push	eax
55487f:	call	0x412bcc
554884:	jmp	0x5548c9
554886:	mov	eax, ebx
554888:	call	0x5546ec
55488d:	test	al, al
55488f:	jz	0x5548ab
554891:	push	0xff
554893:	mov	eax, [ebx + 0x294]:32
554899:	push	eax
55489a:	push	0x2
55489c:	mov	eax, ebx
55489e:	call	0x53b98c
5548a3:	push	eax
5548a4:	call	0x412cd4
5548a9:	jmp	0x5548c9
5548ab:	push	0xff
5548ad:	mov	eax, [ebx + 0x29c]:32
5548b3:	sub	eax, [ebx + 0x294]:32
5548b9:	push	eax
5548ba:	push	0x2
5548bc:	mov	eax, ebx
5548be:	call	0x53b98c
5548c3:	push	eax
5548c4:	call	0x412cd4
5548c9:	mov	dl, 0x1
5548cb:	mov	eax, ebx
5548cd:	mov	ecx, [eax]:32
5548cf:	call	[ecx + 0x80]:32
5548d5:	mov	eax, ebx
5548d7:	mov	si, 0xffad
5548db:	call	0x407bc8
5548e0:	xor	eax, eax
5548e2:	pop	edx
5548e3:	pop	ecx
5548e4:	pop	ecx
5548e5:	mov	[eax]:32, edx
5548e8:	push	0x5548fd
5548ed:	lea	eax, [ebp + 0xf8]:0
5548f0:	call	0x4095e4
5548f5:	ret
5548f6:	jmp	0x408b0c
5548fb:	jmp	0x5548ed
5548fd:	pop	edi
5548fe:	pop	esi
5548ff:	pop	ebx
554900:	pop	ecx
554901:	pop	ecx
554902:	pop	ebp
554903:	ret	0x4

Hexrays F5:

int __fastcall sub_554748(int a1, int a2, int a3, int nMaxPos)
{
  int v4; // edi@1
  int v5; // ebx@1
  int v6; // edx@3
  int v7; // eax@3
  BOOL v8; // ST10_4@11
  int v9; // ST08_4@11
  HWND v10; // eax@11
  int v11; // edx@13
  int v12; // eax@14
  int v13; // ST0C_4@16
  HWND v14; // eax@16
  int v15; // ST0C_4@17
  HWND v16; // eax@17
  HWND v17; // eax@18
  int v18; // ST0C_4@20
  HWND v19; // eax@20
  int v20; // ST0C_4@21
  HWND v21; // eax@21
  unsigned int v23; // [sp-Ch] [bp-20h]@1
  _UNKNOWN *v24; // [sp-8h] [bp-1Ch]@1
  int *v25; // [sp-4h] [bp-18h]@1
  int v26; // [sp+Ch] [bp-8h]@1
  int nMinPos; // [sp+10h] [bp-4h]@1
  int v28; // [sp+14h] [bp+0h]@1
 
  v26 = 0;
  nMinPos = a3;
  v4 = a2;
  v5 = a1;
  v25 = &v28;
  v24 = &loc_5548F6;
  v23 = __readfsdword(0);
  __writefsdword(0, (unsigned int)&v23);
  if ( nMaxPos < a3 || nMaxPos < *(_DWORD *)(a1 + 672) )
  {
    sub_40D6C4(off_7D9A60[0], &v26);
    LOBYTE(v6) = 1;
    v7 = unknown_libname_167(off_48DC40, v6, v26);
    sub_408CB0(v7);
  }
  if ( v4 < nMinPos )
    v4 = nMinPos;
  if ( nMaxPos < v4 )
    v4 = nMaxPos;
  if ( *(_DWORD *)(v5 + 664) != nMinPos || nMaxPos != *(_DWORD *)(v5 + 668) )
  {
    *(_DWORD *)(v5 + 664) = nMinPos;
    *(_DWORD *)(v5 + 668) = nMaxPos;
    if ( (unsigned __int8)sub_53BD64(v5) )
    {
      v8 = -(v4 == *(_DWORD *)(v5 + 660));
      v9 = nMinPos;
      v10 = (HWND)sub_53B98C(v5);
      SetScrollRange(v10, 2, v9, nMaxPos, v8);
    }
  }
  if ( v4 != *(_DWORD *)(v5 + 660) )
  {
    *(_DWORD *)(v5 + 660) = v4;
    if ( (unsigned __int8)sub_53BD64(v5) )
    {
      v12 = sub_5B0B48(v23, v24, v25);
      if ( (*(int (**)(void))(*(_DWORD *)v12 + 280))() & 1 )
      {
        if ( (unsigned __int8)sub_5546EC(v5) )
        {
          v13 = *(_DWORD *)(v5 + 660);
          v14 = (HWND)sub_53B98C(v5);
          SetScrollPos(v14, 2, v13, 0);
        }
        else
        {
          v15 = *(_DWORD *)(v5 + 668) - *(_DWORD *)(v5 + 660);
          v16 = (HWND)sub_53B98C(v5);
          SetScrollPos(v16, 2, v15, 0);
        }
        v17 = (HWND)sub_53B98C(v5);
        RedrawWindow(v17, 0, 0, 0x101u);
      }
      else
      {
        if ( (unsigned __int8)sub_5546EC(v5) )
        {
          v18 = *(_DWORD *)(v5 + 660);
          v19 = (HWND)sub_53B98C(v5);
          SetScrollPos(v19, 2, v18, -1);
        }
        else
        {
          v20 = *(_DWORD *)(v5 + 668) - *(_DWORD *)(v5 + 660);
          v21 = (HWND)sub_53B98C(v5);
          SetScrollPos(v21, 2, v20, -1);
        }
      }
    }
    LOBYTE(v11) = 1;
    (*(void (__fastcall **)(int, int))(*(_DWORD *)v5 + 128))(v5, v11);
    sub_407BC8(v5);
  }
  __writefsdword(0, v23);
  v25 = (int *)&loc_5548FD;
  return sub_4095E4(&v26);
}

SmartDec F4:

 
struct s1 {
    signed char[128] pad128;
    int32_t f128;
};
 
struct s0 {
    struct s1* f0;
    signed char[656] pad660;
    int32_t f660;
    int32_t f664;
    int32_t f668;
    int32_t f672;
};
 
void** g0;
 
void sub_40D6C4();
 
void unknown_libname_167();
 
void sub_408CB0();
 
signed char sub_53BD64();
 
int32_t sub_53B98C();
 
void SetScrollRange(int32_t a1, signed char a2);
 
struct s2 {
    signed char[280] pad280;
    int32_t f280;
};
 
struct s2** sub_5B0B48();
 
signed char sub_5546EC();
 
void SetScrollPos(int32_t a1, signed char a2);
 
void RedrawWindow(int32_t a1, int16_t a2);
 
void sub_407BC8();
 
void sub_4095E4();
 
void sub_554748(int32_t a1) {
    int32_t v2;
    int32_t ecx3;
    int32_t edi4;
    int32_t edx5;
    struct s0* ebx6;
    struct s0* eax7;
    int32_t esi8;
    signed char al9;
    int32_t eax10;
    signed char al11;
    struct s2** eax12;
    unsigned char al13;
    signed char al14;
    int32_t eax15;
    int32_t eax16;
    signed char al17;
    int32_t eax18;
    int32_t eax19;
    int32_t eax20;
    void** v21;
 
    v2 = ecx3;
    edi4 = edx5;
    ebx6 = eax7;
    esi8 = a1;
    g0 = (void**)((int32_t)"intrinsic"() - 4 + -8 - 4 - 4 - 4 - 4 - 4 - 4);
    if (esi8 < v2 || ebx6->f672 > esi8) {
        sub_40D6C4();
        unknown_libname_167();
        sub_408CB0();
    }
    if (v2 > edi4) {
        edi4 = v2;
    }
    if (edi4 > esi8) {
        edi4 = esi8;
    }
    if ((ebx6->f664 != v2 || esi8 != ebx6->f668) && (ebx6->f664 = v2, ebx6->f668 = esi8, al9 = sub_53BD64(), al9 != 0)) {
        eax10 = sub_53B98C();
        SetScrollRange(eax10, 2);
    }
    if (edi4 != ebx6->f660) {
        ebx6->f660 = edi4;
        al11 = sub_53BD64();
        if (al11 != 0) {
            eax12 = sub_5B0B48();
            al13 = (unsigned char)(*eax12)->f280();
            if ((al13 & 1) == 0) {
                al14 = sub_5546EC();
                if (al14 == 0) {
                    eax15 = sub_53B98C();
                    SetScrollPos(eax15, 2);
                } else {
                    eax16 = sub_53B98C();
                    SetScrollPos(eax16, 2);
                }
            } else {
                al17 = sub_5546EC();
                if (al17 == 0) {
                    eax18 = sub_53B98C();
                    SetScrollPos(eax18, 2);
                } else {
                    eax19 = sub_53B98C();
                    SetScrollPos(eax19, 2);
                }
                eax20 = sub_53B98C();
                RedrawWindow(eax20, 0);
            }
        }
        ebx6->f0->f128();
        sub_407BC8();
    }
    g0 = v21;
    sub_4095E4();
    return;
}
 
void func_5548f6() {
}
 
void func_5548fb() {
    goto 0x5548ed;
}
 
void func_5548fd(int32_t a1, int32_t a2, int32_t a3, int32_t a4, int32_t a5, int32_t a6) {
    return;
}

原创文章,转载请注明: 转载自 obaby@mars

本文标题: 《SmardDec v0.0.3 Plugin for IDA Pro》

本文链接地址: http://h4ck.org.cn/2014/08/smarddec-v0-0-3-plugin-for-ida-pro/

You may also like

发表评论

电子邮件地址不会被公开。 必填项已用*标注