Binary Analysis
something to discuss Dec 03 2005 12:20PM
agoanywhere hotmail com
let's break the cold and cheerless here ;)

i tried to reverse some disasm code to c code yestoday .
is there something more affirmable to make the c code conform better with the original code ? especially in the mathematic-computing-codes

the following link is the executable file , an old but nice game . thanks to the author
http://bbs.sjtu.edu.cn/file/IQ/1116047954300850.exe

:00405657 >/$ 55 PUSH EBP
:00405658 |. 8BEC MOV EBP,ESP
:0040565A |. 83C4 E4 ADD ESP,-1C
:0040565D |. 53 PUSH EBX
:0040565E |. 56 PUSH ESI
:0040565F |. 57 PUSH EDI
int provjeri_registraciju(char* reg_ime ,char* reg_broj)
{
int p_reg_broj[7];
:00405660 |. 8B5D 0C MOV EBX,DWORD PTR SS:[EBP+C]
:00405663 |. 8B4D 08 MOV ECX,DWORD PTR SS:[EBP+8]
:00405666 |. 33C0 XOR EAX,EAX
for(int i=0;i<7;i++){
:00405668 |> 0FBE1403 /MOVSX EDX,BYTE PTR DS:[EBX+EAX]
:0040566C |. 83C2 D0 |ADD EDX,-30
:0040566F |. 895485 E4 |MOV DWORD PTR SS:[EBP+EAX*4-1C],EDX
p_reg_broj[i]=reg_broj[i]-0x30;
:00405673 |. 837C85 E4 00 |CMP DWORD PTR SS:[EBP+EAX*4-1C],0
:00405678 |. 7C 07 |JL SHORT mine.00405681
:0040567A |. 837C85 E4 09 |CMP DWORD PTR SS:[EBP+EAX*4-1C],9
:0040567F |. 7E 23 |JLE SHORT mine.004056A4
if(p_reg_broj[i]<0||p_reg_broj[i]>9){
:00405681 |> 68 2DC44100 |PUSH mine.0041C42D
:00405686 |. 51 |PUSH ECX
:00405687 |. E8 F4F00000 |CALL mine.strcpy
:0040568C |. 83C4 08 |ADD ESP,8
strcpy(reg_ime,"-------");
:0040568F |. 68 35C44100 |PUSH mine.0041C435
:00405694 |. 53 |PUSH EBX
:00405695 |. E8 E6F00000 |CALL mine.strcpy
:0040569A |. 83C4 08 |ADD ESP,8
strcpy(reg_broj,"-------");
:0040569D |. 33C0 |XOR EAX,EAX
:0040569F |. E9 A5000000 |JMP mine.00405749
return 0;
}
:004056A4 |> 40 |INC EAX
:004056A5 |. 83F8 07 |CMP EAX,7
:004056A8 |.^7C BE \JL SHORT mine.00405668
}
int var1;
:004056AA |. 6945 F4 E80300>IMUL EAX,DWORD PTR SS:[EBP-C],3E8
:004056B1 |. 6B55 EC 64 IMUL EDX,DWORD PTR SS:[EBP-14],64
:004056B5 |. 03C2 ADD EAX,EDX
:004056B7 |. 8B55 FC MOV EDX,DWORD PTR SS:[EBP-4]
:004056BA |. 03D2 ADD EDX,EDX
:004056BC |. 8D1492 LEA EDX,DWORD PTR DS:[EDX+EDX*4]
:004056BF |. 03C2 ADD EAX,EDX
:004056C1 |. 0345 E4 ADD EAX,DWORD PTR SS:[EBP-1C]
:004056C4 |. 6BF0 0D IMUL ESI,EAX,0D
:004056C7 |. 8BC6 MOV EAX,ESI
:004056C9 |. BE C5000000 MOV ESI,0C5
:004056CE |. 99 CDQ
:004056CF |. F7FE IDIV ESI
:004056D1 |. 8BF2 MOV ESI,EDX
var1=(p_reg_broj[4]*1000+p_reg_broj[2]*100+p_reg_broj[6]*10+p_reg_broj[0
])*13
%197;
:004056D3 |. 33FF XOR EDI,EDI
:004056D5 |. 33C0 XOR EAX,EAX
int id_c = 0;
for(int i=0;i<50;i++){
:004056D7 |> 803C01 00 /CMP BYTE PTR DS:[ECX+EAX],0
if(!reg_ime[i]){
:004056DB |. 74 0C |JE SHORT mine.004056E9
break;
}
else{
:004056DD |. 0FBE1401 |MOVSX EDX,BYTE PTR DS:[ECX+EAX]
:004056E1 |. 03FA |ADD EDI,EDX
id_c += reg_ime[i];
}
:004056E3 |. 40 |INC EAX
:004056E4 |. 83F8 50 |CMP EAX,50
:004056E7 |.^7C EE \JL SHORT mine.004056D7
}
int var2,var3,var4;
:004056E9 |> 8BC6 MOV EAX,ESI
:004056EB |. 51 PUSH ECX
:004056EC |. B9 0A000000 MOV ECX,0A
:004056F1 |. 99 CDQ
:004056F2 |. F7F9 IDIV ECX
:004056F4 |. 59 POP ECX
:004056F5 |. 03C7 ADD EAX,EDI
:004056F7 |. BF 64000000 MOV EDI,64
:004056FC |. 99 CDQ
:004056FD |. F7FF IDIV EDI
:004056FF |. 8BFA MOV EDI,EDX
var2=(var1/10+id_c)%100;
:00405701 |. 8BC6 MOV EAX,ESI
:00405703 |. BE 0A000000 MOV ESI,0A
:00405708 |. 99 CDQ
:00405709 |. F7FE IDIV ESI
:0040570B |. 8BC7 MOV EAX,EDI
:0040570D |. 03C0 ADD EAX,EAX
:0040570F |. 8D0480 LEA EAX,DWORD PTR DS:[EAX+EAX*4]
:00405712 |. 03D0 ADD EDX,EAX
var3=var1%10+var2*10;
:00405714 |. 8BF2 MOV ESI,EDX
:00405716 |. 6B45 F0 64 IMUL EAX,DWORD PTR SS:[EBP-10],64
:0040571A |. 8B55 E8 MOV EDX,DWORD PTR SS:[EBP-18]
:0040571D |. 03D2 ADD EDX,EDX
:0040571F |. 8D1492 LEA EDX,DWORD PTR DS:[EDX+EDX*4]
:00405722 |. 03C2 ADD EAX,EDX
:00405724 |. 0345 F8 ADD EAX,DWORD PTR SS:[EBP-8]
var4=p_reg_broj[3]*100+p_reg_broj[1]*10+p_reg_broj[5];
:00405727 |. 3BC6 CMP EAX,ESI
:00405729 |. 74 1E JE SHORT mine.00405749
if(var3!=var4){
:0040572B |. 68 3DC44100 PUSH mine.0041C43D
:00405730 |. 51 PUSH ECX
:00405731 |. E8 4AF00000 CALL mine.strcpy
:00405736 |. 83C4 08 ADD ESP,8
strcpy(reg_ime,"-------");
:00405739 |. 68 45C44100 PUSH mine.0041C445
:0040573E |. 53 PUSH EBX
:0040573F |. E8 3CF00000 CALL mine.strcpy
:00405744 |. 83C4 08 ADD ESP,8
strcpy(reg_broj,"-------");
:00405747 |. 33C0 XOR EAX,EAX
return 0;
}
:00405749 |> 5F POP EDI
:0040574A |. 5E POP ESI
:0040574B |. 5B POP EBX
:0040574C |. 8BE5 MOV ESP,EBP
:0040574E |. 5D POP EBP
:0040574F \. C3 RETN
return var4;
}

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus