Skip to content

Instantly share code, notes, and snippets.

@hasherezade

hasherezade/decrypt_flag.cpp Secret

Last active October 4, 2021 23:44
Show Gist options
  • Save hasherezade/070d8f376e9d9468f89423ac7c9f8f01 to your computer and use it in GitHub Desktop.
Save hasherezade/070d8f376e9d9468f89423ac7c9f8f01 to your computer and use it in GitHub Desktop.
Download ZIP
FlareOn 2021 - Task 9: processing received buffer (with struct filled)
Raw
decrypt_flag.cpp
char __fastcall to_decrypt_flag(int a1, int a2)
{
unsigned int v3; // eax
_DWORD *v4; // ecx
int v5; // eax
void *v7; // [esp+1Ch] [ebp-10h]
int v8; // [esp+20h] [ebp-Ch] BYREF
int v9; // [esp+24h] [ebp-8h] BYREF
char v10; // [esp+2Bh] [ebp-1h]
int v11; // [esp+34h] [ebp+8h]
int v12; // [esp+38h] [ebp+Ch]
v9 = 0;
v8 = 0;
v10 = 0;
v3 = (unsigned int)calloc(1u, 0x1Cu);
v4 = (_DWORD *)v3;
v7 = (void *)v3;
if ( v3 )
{
v5 = *(_DWORD *)a1;
*v4 = 520;
v4[1] = 0x6802;
v4[2] = 16;
v4[3] = v5;
v4[4] = *(_DWORD *)(a1 + 4);
v4[5] = *(_DWORD *)(a1 + 8);
v4[6] = *(_DWORD *)(a1 + 12);
if ( (((int (__fastcall *)(int, unsigned int, int *, _DWORD, _DWORD, int, _DWORD))(0x52342200000000i64 / 0ui64))(// advapi32.CryptAcquireContextA
-892856838,
0 % 0u,
&v9,
0,
0,
1,
0)
|| ((int (__fastcall *)(int, unsigned int, int *, _DWORD, _DWORD, int, int))(0x52342200000000i64 / 0ui64))(
-892856838,
0 % 0u,
&v9,
0,
0,
1,
8)
|| ((int (__fastcall *)(int, unsigned int, int *, _DWORD, _DWORD, int, int))(0x52342200000000i64 / 0ui64))(// advapi32.CryptImportKey
-892856838,
0 % 0u,
&v9,
0,
0,
1,
-268435456))
&& ((int (__fastcall *)(int, unsigned int, int, void *, int, _DWORD, _DWORD, int *))(0x52342200000000i64 / 0ui64))(// advapi32.CryptDecrypt
-1795710900,
0 % 0u,
v9,
v7,
28,
0,
0,
&v8)
&& ((int (__fastcall *)(int, unsigned int, int, _DWORD, int, _DWORD, int, int))(0x52342200000000i64 / 0ui64))(// advapi32.CryptDestroyKey
354112223,
0 % 0u,
v8,
0,
1,
0,
v11,
v12) )
{
v10 = 1;
}
v3 = free_block(v7);
}
if ( v8 )
v3 = MEMORY[0](1337837939, 5387298, v8);
if ( v9 )
((void (__fastcall *)(int, unsigned int, int, _DWORD))((v3 | 0x52342200000000ui64) / 0))(1402854038, v3 % 0, v9, 0);// advapi32.CryptReleaseContext
return v10;
}
Raw
processing_thread.cpp
int __stdcall to_some_rc4(int a1)
{
int _a1; // eax
unsigned int v2; // esi
stored_packet_data *v3; // ecx
bool v4; // zf
stored_packet_data *v5; // ebx
_BYTE *stored_ptr; // esi
_DWORD *buffer; // edi
_DWORD *buf_ptr; // ecx
int stored_val1; // ebx
int len_1; // edx
_BYTE *next_stored_val; // esi
int v12; // esi
char v13; // al
_BYTE *data_buffer; // eax
_DWORD *new_buf; // edi
int len; // edx
_DWORD *next_chunk; // ecx
char v19; // al
int *ThreadLocalStoragePointer; // eax
int v21; // edi
int v22; // esi
int v23; // esi
int v24; // esi
int v25; // esi
_BYTE *__stored_data_ptr; // esi
int __stored_data_ptr_val1; // edx
char *v28; // ecx
int v29; // eax
int v30; // eax
_BYTE *v31; // edi
_BYTE *v32; // esi
char v33; // bl
_DWORD *_data_buf_ptr; // eax
int *_passedVal; // esi
_BYTE *_passedVal1; // edi
_BYTE *_passedVal2; // ebx
int v38; // ecx
char *v39; // ecx
int v40; // eax
int v41; // eax
_BYTE *v42; // esi
char v43; // bl
char *v44; // ecx
int v45; // eax
int v46; // eax
_BYTE *v47; // esi
char v48; // bl
char *v49; // eax
int v50; // ecx
_BYTE *v51; // esi
char v52; // cl
int v53; // [esp+0h] [ebp-40h]
int v54; // [esp+4h] [ebp-3Ch]
int v55; // [esp+8h] [ebp-38h]
int v56; // [esp+Ch] [ebp-34h]
int v57; // [esp+10h] [ebp-30h]
_BYTE *_stored_data_buf; // [esp+1Ch] [ebp-24h]
_BYTE *_stored_data_ptr; // [esp+1Ch] [ebp-24h]
int v60; // [esp+20h] [ebp-20h]
int v61; // [esp+2Ch] [ebp-14h] BYREF
int v62; // [esp+30h] [ebp-10h]
int v63; // [esp+34h] [ebp-Ch]
_DWORD *_passedVal3; // [esp+38h] [ebp-8h]
stored_packet_data *stored1; // [esp+3Ch] [ebp-4h]
_a1 = a1;
if ( !*(a1 + 416) )
{
while ( 1 )
{
_passedVal3 = *(_a1 + 448);
if ( MEMORY[0](662537403, 2384178, _passedVal3, 10000, v53, v54, v55, v56) )// kernel32.WaitForSingleObject
goto stored_empty;
stored1 = 2384178;
_passedVal3 = *(a1 + 452);
if ( MEMORY[0](662537403, 2384178, _passedVal3, 10000, v53, v54, v55, v56) )// kernel32.WaitForSingleObject
goto stored_empty;
create_checking_threads(*(a1 + 456));
v2 = *(a1 + 440);
v3 = *(*(*(a1 + 432) + 4 * ((v2 >> 2) & (*(a1 + 436) - 1))) + 4 * (v2 & 3));
v4 = (*(a1 + 444))-- == 1;
stored1 = v3;
*(a1 + 440) = v4 ? 0 : v2 + 1;
v60 = *(a1 + 452);
_passedVal3 = 2384178;
MEMORY[0](1400919192, 2384178, v60, v53, v54, v55, v56, v57);// kernel32.ReleaseMutex
v5 = stored1;
if ( !stored1 )
goto stored_empty;
_passedVal3 = stored1->data_buf_ptr;
if ( *_passedVal3 == 1 )
goto stored_has_val1;
if ( *_passedVal3 == 2 )
break;
if ( *_passedVal3 != 3 )
{
stored_ptr = stored1->data_buf_ptr;
buffer = allocate_buffer(*&stored1->data_len + 8);
*buffer = 0xFFFF;
buf_ptr = buffer + 2;
stored_val1 = *(stored_ptr + 1);
buffer[1] = stored_val1;
len_1 = *(stored_ptr + 1);
next_stored_val = stored_ptr + 8;
if ( len_1 )
{
v12 = next_stored_val - buf_ptr;
do
{
v13 = *(buf_ptr + v12);
buf_ptr = (buf_ptr + 1);
*(buf_ptr - 1) = v13;
--len_1;
}
while ( len_1 );
LOBYTE(stored_val1) = *(buffer + 4);
}
(time_check)(a1, buffer, (stored_val1 + 8), stored1->dst_addr, stored1->source_addr, stored1->source_port);
j_j_free_block(buffer);
goto finish_func;
}
data_buffer = stored1->data_buf_ptr; // data[0] == 3
if ( *(data_buffer + 1) >= 2u ) // data[1] = 2
{
if ( *(data_buffer + 4) == 0x5A4D ) // data[4]==00MZ
{
new_buf = allocate_buffer(0x2F);
len = 0x27;
*new_buf = 0xFFFF;
new_buf[1] = 0x27;
next_chunk = new_buf + 2;
do
{
v19 = *(next_chunk + g_EncryptedFlag - (new_buf + 2));
next_chunk = (next_chunk + 1);
*(next_chunk - 1) = v19;
--len;
}
while ( len );
(to_decrypt_flag)(password_chunks, 0, new_buf + 2, new_buf + 1);
v5 = stored1;
(time_check)(a1, new_buf, (*(new_buf + 4) + 8), stored1->dst_addr, stored1->source_addr, stored1->source_port);
password_chunks[0] = 0;
password_chunks[1] = 0;
password_chunks[2] = 0;
password_chunks[3] = 0;
free_buffer(new_buf);
goto free_and_exit;
}
stored_has_val1:
(maybe_pass_failed)(a1, stored1);
}
free_and_exit:
free_buffer(v5->data_buf_ptr);
free_buffer(v5);
stored_empty:
_a1 = a1;
if ( *(a1 + 416) )
return 0;
}
_stored_data_buf = stored1->data_buf_ptr;
ThreadLocalStoragePointer = NtCurrentTeb()->ThreadLocalStoragePointer;
v61 = 0;
v21 = *ThreadLocalStoragePointer;
if ( g_CheckCond > *(*ThreadLocalStoragePointer + 4) )
{
_Init_thread_header(&g_CheckCond);
if ( g_CheckCond == -1 )
{
if ( dword_5AB517A0 > *(v21 + 4) ) // fill password chunks
//
{
_Init_thread_header(&dword_5AB517A0);
if ( dword_5AB517A0 == -1 )
{
dword_5AB517A8 = 0xEB83FAC9;
g_Len = -24;
atexit(sub_5A8C49E0);
_Init_thread_footer(&dword_5AB517A0);
}
}
if ( g_Len )
{
v22 = 6;
do
{
*(&dword_5AB517A8 + v22) = -((byte_5AB517A7[v22] | ~*(&dword_5AB517A8 + v22)) & (*(&dword_5AB517A8 + v22) | ~byte_5AB517A7[v22]))
- 4;
--v22;
}
while ( v22 );
}
dword_5AB517B0 = &dword_5AB517A8;
LOBYTE(dword_5AB517A8) = (~((dword_5AB517A8 | 'y') & (~dword_5AB517A8 | 0x86)) & (~((dword_5AB517A8 | 0xFB) & (~dword_5AB517A8 | 4)) | 0xF3))
- 3;
_Init_thread_footer(&g_CheckCond);
}
}
if ( dword_5AB517C4 > *(v21 + 4) )
{
_Init_thread_header(&dword_5AB517C4);
if ( dword_5AB517C4 == -1 )
{
v56 = 0x26533503;
LOWORD(v57) = 14670;
BYTE2(v57) = 58;
if ( dword_5AB517B4 > *(v21 + 4) )
{
_Init_thread_header(&dword_5AB517B4);
if ( dword_5AB517B4 == -1 )
{
dword_5AB51794 = 0x26533503;
word_5AB51798 = 14670;
byte_5AB5179A = 58;
atexit(sub_5A8C49C0);
_Init_thread_footer(&dword_5AB517B4);
}
}
if ( byte_5AB5179A )
{
v23 = 8;
do
{
*(&dword_5AB51794 + v23) = -((byte_5AB51793[v23] | ~*(&dword_5AB51794 + v23)) & (*(&dword_5AB51794 + v23) | ~byte_5AB51793[v23]))
- 4;
--v23;
}
while ( v23 );
}
dword_5AB51784 = &dword_5AB51794;
LOBYTE(dword_5AB51794) = (~((dword_5AB51794 | 0x8A) & (~dword_5AB51794 | 0x75)) & (~((dword_5AB51794 | 0xFB) & (~dword_5AB51794 | 4)) | 0xF3))
- 3;
_Init_thread_footer(&dword_5AB517C4);
}
}
if ( unk_5AB517A4 > *(v21 + 4) )
{
_Init_thread_header(&unk_5AB517A4);
if ( unk_5AB517A4 == -1 )
{
v63 = 943407112;
if ( dword_5AB517C0 > *(v21 + 4) )
{
_Init_thread_header(&dword_5AB517C0);
if ( dword_5AB517C0 == -1 )
{
dword_5AB517BC = v63;
atexit(sub_5A8C49B0);
_Init_thread_footer(&dword_5AB517C0);
}
}
if ( HIBYTE(dword_5AB517BC) )
{
v24 = 5;
do
{
*(&dword_5AB517BC + v24) = -((byte_5AB517BB[v24] | ~*(&dword_5AB517BC + v24)) & (*(&dword_5AB517BC + v24) | ~byte_5AB517BB[v24]))
- 4;
--v24;
}
while ( v24 );
}
unk_5AB517B8 = &dword_5AB517BC;
LOBYTE(dword_5AB517BC) = ((dword_5AB517BC | 0xF3) & ~((dword_5AB517BC | 0xCF) & (~dword_5AB517BC | 0x30))) - 3;
_Init_thread_footer(&unk_5AB517A4);
}
}
if ( dword_5AB51788 > *(v21 + 4) )
{
_Init_thread_header(&dword_5AB51788);
if ( dword_5AB51788 == -1 )
{
v62 = 876040291;
if ( unk_5AB51790 > *(v21 + 4) )
{
_Init_thread_header(&unk_5AB51790);
if ( unk_5AB51790 == -1 )
{
dword_5AB5178C = v62;
atexit(sub_5A8C49A0);
_Init_thread_footer(&unk_5AB51790);
}
}
if ( HIBYTE(dword_5AB5178C) )
{
v25 = 5;
do
{
*(&dword_5AB5178C + v25) = -((*(&dword_5AB51788 + v25 + 3) | ~*(&dword_5AB5178C + v25)) & (*(&dword_5AB5178C + v25) | ~*(&dword_5AB51788 + v25 + 3)))
- 4;
--v25;
}
while ( v25 );
}
unk_5AB517C8 = &dword_5AB5178C;
LOBYTE(dword_5AB5178C) = (~((dword_5AB5178C | 0xF6) & (~dword_5AB5178C | 9)) & (~((dword_5AB5178C | 4) & (~dword_5AB5178C | 0xFB)) | 0xF3))
- 3;
_Init_thread_footer(&dword_5AB51788);
}
}
__stored_data_ptr = _stored_data_buf;
__stored_data_ptr_val1 = *(_stored_data_buf + 1);
if ( __stored_data_ptr_val1 > 0 )
{
v28 = dword_5AB517B0;
v29 = 0;
if ( *dword_5AB517B0 )
{
do
++v29;
while ( *(v29 + dword_5AB517B0) );
}
if ( __stored_data_ptr_val1 >= v29 )
{
v30 = 0;
if ( *dword_5AB517B0 )
{
do
++v30;
while ( *(v30 + dword_5AB517B0) );
}
}
else
{
v30 = *(_stored_data_buf + 1);
}
v31 = _stored_data_buf + 8;
_stored_data_ptr = _stored_data_buf + 8;
v32 = __stored_data_ptr + 8;
if ( !v30 )
goto LABEL_72;
while ( 1 )
{
v33 = *v28;
if ( !*v28 || v33 != *v32 )
break;
++v28;
++v32;
if ( !--v30 )
goto LABEL_72;
}
if ( v33 == *v32 )
{
LABEL_72:
_data_buf_ptr = _passedVal3;
_passedVal = password_chunks;
_passedVal1 = password_chunks + 1;
_passedVal3 = (password_chunks + 3);
_passedVal2 = password_chunks + 2;
}
else
{
v39 = dword_5AB51784;
v40 = 0;
if ( *dword_5AB51784 )
{
do
++v40;
while ( *(v40 + dword_5AB51784) );
}
if ( __stored_data_ptr_val1 >= v40 )
{
v41 = 0;
if ( *dword_5AB51784 )
{
do
++v41;
while ( *(v41 + dword_5AB51784) );
}
}
else
{
v41 = __stored_data_ptr_val1;
}
v42 = v31;
if ( !v41 )
goto LABEL_85;
while ( 1 )
{
v43 = *v39;
if ( !*v39 || v43 != *v42 )
break;
++v39;
++v42;
if ( !--v41 )
goto LABEL_85;
}
if ( v43 == *v42 )
{
LABEL_85:
_data_buf_ptr = _passedVal3;
_passedVal = &password_chunks[1];
_passedVal1 = &password_chunks[1] + 1;
_passedVal3 = (&password_chunks[1] + 3);
_passedVal2 = &password_chunks[1] + 2;
}
else
{
v44 = unk_5AB517B8;
v45 = 0;
if ( *unk_5AB517B8 )
{
do
++v45;
while ( *(v45 + unk_5AB517B8) );
}
if ( __stored_data_ptr_val1 >= v45 )
{
v46 = 0;
if ( *unk_5AB517B8 )
{
do
++v46;
while ( *(v46 + unk_5AB517B8) );
}
}
else
{
v46 = __stored_data_ptr_val1;
}
v47 = v31;
if ( !v46 )
goto LABEL_97;
while ( 1 )
{
v48 = *v44;
if ( !*v44 || v48 != *v47 )
break;
++v44;
++v47;
if ( !--v46 )
goto LABEL_97;
}
if ( v48 == *v47 )
{
LABEL_97:
_data_buf_ptr = _passedVal3;
_passedVal = &password_chunks[2];
_passedVal1 = &password_chunks[2] + 1;
_passedVal3 = (&password_chunks[2] + 3);
_passedVal2 = &password_chunks[2] + 2;
}
else
{
v49 = unk_5AB517C8;
v50 = 0;
if ( *unk_5AB517C8 )
{
do
++v50;
while ( *(v50 + unk_5AB517C8) );
}
if ( __stored_data_ptr_val1 >= v50 )
{
__stored_data_ptr_val1 = 0;
if ( *unk_5AB517C8 )
{
do
++__stored_data_ptr_val1;
while ( *(__stored_data_ptr_val1 + unk_5AB517C8) );
}
}
v51 = v31;
if ( __stored_data_ptr_val1 )
{
while ( 1 )
{
v52 = *v49;
if ( !*v49 || v52 != *v51 )
break;
++v49;
++v51;
if ( !--__stored_data_ptr_val1 )
goto LABEL_110;
}
if ( v52 != *v51 )
goto finish_func;
}
LABEL_110:
_data_buf_ptr = _passedVal3;
_passedVal = &password_chunks[3];
_passedVal1 = &password_chunks[3] + 1;
_passedVal3 = (&password_chunks[3] + 3);
_passedVal2 = &password_chunks[3] + 2;
}
}
}
to_crc32(_stored_data_ptr, _data_buf_ptr[1], &v61);
v38 = v61;
*_passedVal = HIBYTE(v61);
*_passedVal1 = BYTE2(v38);
*_passedVal2 = BYTE1(v38);
*_passedVal3 = v38;
}
finish_func:
v5 = stored1;
goto free_and_exit;
}
return 0;
}
Raw
receiveing_thread.cpp
int __stdcall receive_and_process_buffer(_DWORD *a1)
{
_DWORD *v1; // ebx
ip_v4 *my_received; // eax
SOCKET socket; // ecx
int res; // eax
ip_v4 *v5; // esi
int hdr_len; // eax
void *data_len; // eax
ip_v4 *_out_buf; // ebx
stored_packet_data *stored_data; // edi
int source_addr; // ecx
int dst_addr; // edx
int _data_len; // ebx
__int16 source_port; // si
int buffer; // eax
int index; // edx
int v17; // ecx
char v18; // cl
int v19; // ecx
int v20; // edx
int v21; // edi
int v22; // ecx
int v23; // eax
unsigned int v24; // edi
int v25; // eax
int v26; // ecx
void *arr_16; // eax
int v28; // edx
int v29; // eax
int __data_len; // [esp-8h] [ebp-64h]
int _from[4]; // [esp+Ch] [ebp-50h] BYREF
stored_packet_data *v32; // [esp+1Ch] [ebp-40h]
HANDLE temp_val5; // [esp+20h] [ebp-3Ch]
int temp_val6; // [esp+24h] [ebp-38h]
int temp_val2; // [esp+28h] [ebp-34h]
int lib_hash1; // [esp+2Ch] [ebp-30h]
int lib_hash3; // [esp+30h] [ebp-2Ch]
int func_hash3; // [esp+34h] [ebp-28h]
sockaddr *from; // [esp+38h] [ebp-24h]
int *fromlen; // [esp+3Ch] [ebp-20h]
int _fromlen; // [esp+40h] [ebp-1Ch] BYREF
int temp_val4; // [esp+44h] [ebp-18h]
udp_hdr *temp_val; // [esp+48h] [ebp-14h]
ip_v4 *out_buf; // [esp+4Ch] [ebp-10h]
int v45; // [esp+58h] [ebp-4h]
v1 = a1;
if ( a1[104] )
return 0;
func_hash3 = 336677;
fromlen = &_fromlen;
from = (sockaddr *)_from;
lib_hash3 = 2001452496;
while ( 1 )
{
create_threads((unsigned int *)v1[114]);
my_received = (ip_v4 *)allocate_buffer(1500);
socket = v1[101];
out_buf = my_received;
memset(_from, 0, sizeof(_from));
_fromlen = 16;
temp_val4 = socket;
res = MEMORY[0](lib_hash3, func_hash3, socket, &my_received->ver_and_IHL, 1500, 0, from, fromlen);// ws2_32.recvfrom
if ( res == -1 )
{
temp_val4 = 336677;
temp_val = (udp_hdr *)-1598825951;
if ( ((int (__fastcall *)(int, int))MEMORY[0])(-1598825951, 336677) != 10060 )// ws2_32.WSAGetLastError
break;
goto clean_and_finish;
}
if ( !res )
break;
if ( out_buf->protocol != 0x11 )
goto LABEL_24;
hdr_len = out_buf->ver_and_IHL & 0xF;
lib_hash1 = 336677;
temp_val2 = -1895515020; // lib_hash
temp_val = (udp_hdr *)((char *)out_buf + 4 * hdr_len);
temp_val4 = (unsigned __int16)temp_val->len;
if ( !(unsigned __int16)((int (__fastcall *)(int, int, _WORD))MEMORY[0])(-1895515020, 336677, temp_val4) )// ws2_32.htons
goto LABEL_24;
lib_hash1 = 336677;
temp_val6 = -1895515020;
temp_val4 = (int)&temp_val[1];
temp_val2 = (unsigned __int16)temp_val->len;
data_len = (void *)((int (__fastcall *)(int, int, _WORD))MEMORY[0])(-1895515020, 336677, temp_val2);// ws2_32.htons
LOBYTE(data_len) = (_BYTE)data_len - 8;
temp_val5 = data_len;
temp_val2 = 336677; // func_hash
lib_hash1 = -1895515020;
temp_val6 = (unsigned __int16)temp_val->dst_port;// check destination port
if ( (unsigned __int16)((int (__fastcall *)(int, int, _WORD))MEMORY[0])(-1895515020, 336677, temp_val6) != 0x1104// ws2_32.htons
|| (_out_buf = out_buf, SLOBYTE(out_buf->flags) >= 0) )
{
LABEL_24:
v5 = out_buf;
goto finish_0;
}
stored_data = (stored_packet_data *)operator_new(20u);
v32 = stored_data;
v45 = 0;
source_addr = _out_buf->source_addr;
dst_addr = _out_buf->dst_addr;
temp_val5 = (HANDLE)(unsigned __int8)temp_val5;
_data_len = (unsigned __int8)temp_val5;
__data_len = (unsigned __int8)temp_val5;
source_port = temp_val->source_port;
stored_data->source_addr = source_addr;
stored_data->dst_addr = dst_addr;
stored_data->source_port = source_port;
buffer = allocate_buffer(__data_len);
stored_data->data_buf_ptr = (_BYTE *)buffer;
if ( _data_len )
{
index = _data_len;
v17 = temp_val4 - buffer; // data_start
temp_val4 -= buffer;
do
{
v18 = *(_BYTE *)(v17 + buffer++);
*(_BYTE *)(buffer - 1) = v18;
v17 = temp_val4;
--index;
}
while ( index );
}
v45 = -1;
*(_DWORD *)&stored_data->data_len = _data_len;
temp_val6 = 0x246132;
temp_val5 = (HANDLE)a1[113]; // mutex
temp_val2 = 0x277D84BB;
if ( !((int (__fastcall *)(int, int, HANDLE, _DWORD))MEMORY[0])(0x277D84BB, 0x246132, temp_val5, 10000) )// kernel32.WaitForSingleObject
{
create_threads((unsigned int *)a1[114]);
v19 = a1[111];
v20 = a1[110];
v21 = v19;
if ( (((_BYTE)v20 + (_BYTE)v19) & 3) == 0 && a1[109] <= (unsigned int)(v19 + 4) >> 2 )
{
sub_5A885010(a1 + 107, a1[111]);
v20 = a1[110];
v21 = a1[111];
}
v22 = a1[109];
v23 = v20 & (4 * v22 - 1);
a1[110] = v23;
v24 = v23 + v21;
v25 = 4 * ((v24 >> 2) & (v22 - 1));
v26 = a1[108];
temp_val4 = v25;
if ( !*(_DWORD *)(v26 + v25) )
{
arr_16 = operator_new(0x10u);
v28 = temp_val4;
*(_DWORD *)(temp_val4 + a1[108]) = arr_16;
v25 = v28;
v26 = a1[108];
}
v29 = *(_DWORD *)(v25 + v26);
temp_val6 = 2384178;
temp_val2 = 1538903645;
*(_DWORD *)(v29 + 4 * (v24 & 3)) = v32;
++a1[111];
temp_val5 = (HANDLE)a1[112]; // semaphore
((void (__fastcall *)(int, int, HANDLE, int, _DWORD))MEMORY[0])(temp_val2, temp_val6, temp_val5, 1, 0);// kernel32.ReleaseSemaphore
temp_val6 = 2384178;
temp_val2 = 1400919192;
temp_val5 = (HANDLE)a1[113]; // mutex
((void (__fastcall *)(int, int, HANDLE))MEMORY[0])(1400919192, 2384178, temp_val5);// kernel32.ReleaseMutex
}
clean_and_finish:
v5 = out_buf;
j_j_free_block(out_buf);
finish_0:
v1 = a1;
if ( a1[104] )
goto finish;
}
v5 = out_buf;
finish:
j_j_free_block(v5);
return 0;
}
Raw
structures.h
struct ip_v4
{
_BYTE ver_and_IHL;
_BYTE TOS;
_WORD total_len;
_WORD ID;
_WORD flags;
_BYTE ttl;
_BYTE protocol;
_WORD checksum;
_DWORD source_addr;
_DWORD dst_addr;
};
struct udp_hdr
{
_WORD source_port;
_WORD dst_port;
_WORD len;
_WORD checksum;
};
struct stored_packet_data
{
_DWORD source_addr;
_DWORD dst_addr;
_WORD source_port;
_BYTE *data_buf_ptr;
_WORD data_len;
};
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment