Created
July 19, 2024 10:55
-
-
Save bopin2020/057e56c68285634c02c659623c2dc717 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
FILE *__cdecl popen(const char *Command, const char *Mode) | |
{ | |
FILE *v3; // r12 | |
char v5; // al | |
char v6; // al | |
int v7; // r8d | |
unsigned int v8; // ebx | |
int *p_FileHandle; // rdi | |
HANDLE CurrentProcess; // rax | |
__int64 v11; // r15 | |
errno_t v12; // edi | |
char *v13; // r15 | |
HANDLE v14; // rax | |
HANDLE v15; // rdx | |
unsigned __int64 v16; // rax | |
unsigned __int64 v17; // rcx | |
rsize_t v18; // rbx | |
char *v19; // rax | |
char *v20; // rdi | |
int v21; // r13d | |
int v22; // esi | |
unsigned __int8 *v23; // rbx | |
unsigned __int8 *v24; // rcx | |
errno_t v25; // r14d | |
char *v26; // rcx | |
unsigned __int64 v27; // rax | |
unsigned __int8 *v28; // r14 | |
bool v29; // zf | |
unsigned __int64 v30; // rax | |
unsigned __int64 v31; // rcx | |
FILE **v32; // rcx | |
int v33; // [rsp+50h] [rbp-118h] BYREF | |
int v34; // [rsp+54h] [rbp-114h] BYREF | |
char *Buffer; // [rsp+58h] [rbp-110h] BYREF | |
char *v36; // [rsp+60h] [rbp-108h] BYREF | |
HANDLE TargetHandle; // [rsp+68h] [rbp-100h] BYREF | |
__int64 v38; // [rsp+70h] [rbp-F8h] | |
FILE **v39; // [rsp+78h] [rbp-F0h] | |
int *v40; // [rsp+80h] [rbp-E8h] | |
int *v41; // [rsp+88h] [rbp-E0h] | |
int *p_PtHandles; // [rsp+90h] [rbp-D8h] | |
char *v43; // [rsp+98h] [rbp-D0h] | |
FILE *v44; // [rsp+A0h] [rbp-C8h] | |
struct _PROCESS_INFORMATION ProcessInformation; // [rsp+A8h] [rbp-C0h] BYREF | |
struct _STARTUPINFOA StartupInfo; // [rsp+C0h] [rbp-A8h] BYREF | |
char Modea; // [rsp+170h] [rbp+8h] BYREF | |
char v48; // [rsp+171h] [rbp+9h] | |
char v49; // [rsp+172h] [rbp+Ah] | |
int v50; // [rsp+180h] [rbp+18h] | |
int PtHandles; // [rsp+188h] [rbp+20h] BYREF | |
int FileHandle; // [rsp+18Ch] [rbp+24h] BYREF | |
TargetHandle = 0i64; | |
v3 = 0i64; | |
Buffer = 0i64; | |
v49 = 0; | |
v50 = 0; | |
if ( !Command || !Mode ) | |
goto LABEL_2; | |
while ( 1 ) | |
{ | |
v5 = *Mode; | |
if ( *Mode != 0x20 ) | |
break; | |
++Mode; | |
} | |
if ( v5 != 0x77 && v5 != 0x72 ) | |
goto LABEL_2; | |
Modea = *Mode; | |
do | |
v6 = *++Mode; | |
while ( *Mode == 0x20 ); | |
if ( v6 && v6 != 0x74 && v6 != 0x62 ) | |
{ | |
LABEL_2: | |
*errno() = 0x16; | |
invalid_parameter(0i64, 0i64, 0i64, 0, 0i64); | |
} | |
v48 = *Mode; | |
if ( v6 == 0x74 ) | |
{ | |
v7 = 0x4000; | |
} | |
else | |
{ | |
v7 = 0; | |
if ( v6 == 0x62 ) | |
v7 = 0x8000; | |
} | |
if ( pipe(&PtHandles, 0x400u, v7 | 0x80) == 0xFFFFFFFF ) | |
return v3; | |
if ( Modea == 0x77 ) | |
{ | |
v8 = 0; | |
p_FileHandle = &FileHandle; | |
v40 = &v34; | |
p_PtHandles = &FileHandle; | |
v41 = &v34; | |
} | |
else | |
{ | |
v8 = 1; | |
p_FileHandle = &PtHandles; | |
v40 = &v33; | |
p_PtHandles = &PtHandles; | |
v41 = &v33; | |
} | |
if ( !(unsigned int)mtinitlocknum(9i64) ) | |
{ | |
close(PtHandles); | |
close(FileHandle); | |
return 0i64; | |
} | |
lock(9i64); | |
v34 = 1; | |
v33 = 1; | |
CurrentProcess = GetCurrentProcess(); | |
v11 = v8; | |
v38 = v8; | |
if ( !DuplicateHandle( | |
CurrentProcess, | |
*(HANDLE *)(_pioinfo[(__int64)*(&PtHandles + v8) >> 5] + 0x38i64 * (*(&PtHandles + v8) & 0x1F)), | |
CurrentProcess, | |
&TargetHandle, | |
0, | |
1, | |
2u) ) | |
goto LABEL_83; | |
close(*(&PtHandles + v8)); | |
*(&v33 + v8) = 0; | |
v3 = fdopen(*p_FileHandle, &Modea); | |
v44 = v3; | |
if ( !v3 ) | |
goto LABEL_83; | |
v39 = (FILE **)idtab(0i64); | |
if ( !v39 ) | |
{ | |
LABEL_82: | |
fclose(v3); | |
*v40 = 0; | |
v3 = 0i64; | |
v44 = 0i64; | |
LABEL_83: | |
if ( *(&v33 + v11) ) | |
close(*(&PtHandles + v11)); | |
if ( *v41 ) | |
close(*p_PtHandles); | |
goto LABEL_87; | |
} | |
v12 = dupenv_s(&Buffer, 0i64, "COMSPEC"); // retrieve cmd.exe path | |
if ( v12 == 0x16 ) | |
invoke_watson(0i64, 0i64, 0i64, 0, 0i64); | |
if ( v12 || (v13 = Buffer) == 0i64 ) | |
v13 = "cmd.exe"; | |
memset(&StartupInfo, 0, sizeof(StartupInfo)); | |
StartupInfo.cb = 0x68; | |
StartupInfo.dwFlags = 0x100; | |
v14 = TargetHandle; | |
v15 = TargetHandle; | |
if ( v8 ) | |
v15 = *(HANDLE *)_pioinfo[0]; | |
StartupInfo.hStdInput = v15; | |
if ( v8 != 1 ) | |
v14 = *(HANDLE *)(_pioinfo[0] + 0x38); | |
StartupInfo.hStdOutput = v14; | |
StartupInfo.hStdError = *(HANDLE *)(_pioinfo[0] + 0x70); | |
v16 = 0xFFFFFFFFFFFFFFFFui64; | |
v17 = 0xFFFFFFFFFFFFFFFFui64; | |
do | |
++v17; | |
while ( v13[v17] ); | |
do | |
++v16; | |
while ( Command[v16] ); | |
v18 = v17 + v16 + 5; | |
v19 = (char *)calloc_crt(v18, 1i64); | |
v20 = v19; | |
if ( !v19 ) | |
{ | |
LABEL_81: | |
v11 = v38; | |
goto LABEL_82; | |
} | |
if ( strcpy_s(v19, v18, v13) ) | |
invoke_watson(0i64, 0i64, 0i64, 0, 0i64); | |
if ( strcat_s(v20, v18, " /c ") ) | |
invoke_watson(0i64, 0i64, 0i64, 0, 0i64); | |
if ( strcat_s(v20, v18, Command) ) | |
invoke_watson(0i64, 0i64, 0i64, 0, 0i64); | |
memset(&ProcessInformation, 0, sizeof(ProcessInformation)); | |
v21 = *errno(); | |
if ( !access_s(v13, 0) ) | |
{ | |
v22 = CreateProcessA(v13, v20, 0i64, 0i64, 1, 0, 0i64, 0i64, &StartupInfo, &ProcessInformation); | |
goto LABEL_76; | |
} | |
v36 = 0i64; | |
v23 = (unsigned __int8 *)calloc_crt(0x104i64, 1i64); | |
if ( !v23 ) | |
{ | |
v24 = 0i64; | |
LABEL_49: | |
free(v24); | |
free(v20); | |
free(Buffer); | |
*errno() = v21; | |
goto LABEL_81; | |
} | |
v25 = dupenv_s(&v36, 0i64, "PATH"); | |
if ( v25 == 0x16 ) | |
invoke_watson(0i64, 0i64, 0i64, 0, 0i64); | |
v26 = v36; | |
if ( v25 ) | |
{ | |
free(v36); | |
v24 = v23; | |
goto LABEL_49; | |
} | |
while ( 1 ) | |
{ | |
v43 = (char *)getpath(v26, v23, 0x103i64); | |
if ( !v43 || !*v23 ) | |
break; | |
v27 = 0xFFFFFFFFFFFFFFFFui64; | |
do | |
++v27; | |
while ( v23[v27] ); | |
v28 = &v23[v27 + 0xFFFFFFFF]; | |
if ( *v28 == 0x5C ) | |
v29 = v28 == mbsrchr(v23, 0x5Cu); | |
else | |
v29 = *v28 == 0x2F; | |
if ( !v29 && strcat_s((char *)v23, 0x104ui64, "\\") ) | |
invoke_watson(0i64, 0i64, 0i64, 0, 0i64); | |
v30 = 0xFFFFFFFFFFFFFFFFui64; | |
do | |
++v30; | |
while ( v13[v30] ); | |
v31 = 0xFFFFFFFFFFFFFFFFui64; | |
do | |
++v31; | |
while ( v23[v31] ); | |
if ( v31 + v30 >= 0x104 ) | |
break; | |
if ( strcat_s((char *)v23, 0x104ui64, v13) ) | |
invoke_watson(0i64, 0i64, 0i64, 0, 0i64); | |
if ( !access_s((const char *)v23, 0) ) | |
{ | |
v22 = CreateProcessA((LPCSTR)v23, v20, 0i64, 0i64, 1, 0, 0i64, 0i64, &StartupInfo, &ProcessInformation); | |
goto LABEL_75; | |
} | |
v26 = v43; | |
} | |
v22 = v50; | |
LABEL_75: | |
free(v36); | |
free(v23); | |
LABEL_76: | |
free(v20); | |
free(Buffer); | |
CloseHandle(TargetHandle); | |
if ( v22 ) | |
CloseHandle(ProcessInformation.hThread); | |
*errno() = v21; | |
v32 = v39; | |
if ( !v22 ) | |
{ | |
*v39 = 0i64; | |
goto LABEL_81; | |
} | |
v39[1] = (FILE *)ProcessInformation.hProcess; | |
*v32 = v3; | |
LABEL_87: | |
unlock(9i64); | |
return v3; | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment