dll,拖进ida
进函数里看看,
大致都是这样,但有些不同,进这个funcm看看
这几千个变量看的我有点懵,但后来发现其实一点用都没有
再看看其他函数
在这里将1从A8传导到了AC,把这些函数都提出来
//----- (10009340) -------------------------------------------------------- const char *sub_10009340() { _cfltcvt_init(); return " "; } //----- (100093B0) -------------------------------------------------------- const char *sub_100093B0() { return "'"; } //----- (100093C0) -------------------------------------------------------- const char *sub_100093C0() { _cfltcvt_init(); return "("; } //----- (100093D0) -------------------------------------------------------- const char *sub_100093D0() { _cfltcvt_init(); return ")"; } //----- (100093E0) -------------------------------------------------------- const char *sub_100093E0() { _cfltcvt_init(); return "*"; } //----- (100093F0) -------------------------------------------------------- const char *sub_100093F0() { _cfltcvt_init(); return "+"; } //----- (10009400) -------------------------------------------------------- const char *sub_10009400() { _cfltcvt_init(); return ","; } //----- (10009410) -------------------------------------------------------- const char *sub_10009410() { _cfltcvt_init(); return "-"; } //----- (10009420) -------------------------------------------------------- const char *sub_10009420() { _cfltcvt_init(); return "."; } //----- (10009430) -------------------------------------------------------- const char *sub_10009430() { _cfltcvt_init(); return "/"; } //----- (10009440) -------------------------------------------------------- const char *sub_10009440() { if ( dword_10019460 <= 0 ) { if ( dword_100194A4 <= 0 ) { _cfltcvt_init(); } else { dword_100194A4 = 0; dword_100194A8 = 1; } } else { dword_10019460 = 0; dword_10019464 = 1; } return "0"; } // 10019460: using guessed type int dword_10019460; // 10019464: using guessed type int dword_10019464; // 100194A4: using guessed type int dword_100194A4; // 100194A8: using guessed type int dword_100194A8; //----- (10009490) -------------------------------------------------------- const char *sub_10009490() { _cfltcvt_init(); return "1"; } //----- (100094A0) -------------------------------------------------------- const char *sub_100094A0() { _cfltcvt_init(); return "2"; } //----- (100094B0) -------------------------------------------------------- const char *sub_100094B0() { _cfltcvt_init(); return "3"; } //----- (100094C0) -------------------------------------------------------- const char *sub_100094C0() { _cfltcvt_init(); return "4"; } //----- (100094D0) -------------------------------------------------------- const char *sub_100094D0() { if ( dword_10019498 <= 0 ) { if ( dword_100194B0 <= 0 ) { _cfltcvt_init(); } else { dword_100194B0 = 0; dword_100194B4 = 1; } } else { dword_10019498 = 0; dword_1001949C = 1; } return "5"; } // 10019498: using guessed type int dword_10019498; // 1001949C: using guessed type int dword_1001949C; // 100194B0: using guessed type int dword_100194B0; // 100194B4: using guessed type int dword_100194B4; //----- (10009520) -------------------------------------------------------- const char *sub_10009520() { _cfltcvt_init(); return "6"; } //----- (10009530) -------------------------------------------------------- const char *sub_10009530() { _cfltcvt_init(); return "7"; } //----- (10009540) -------------------------------------------------------- const char *sub_10009540() { _cfltcvt_init(); return "8"; } //----- (10009550) -------------------------------------------------------- const char *sub_10009550() { _cfltcvt_init(); return "9"; } //----- (10009560) -------------------------------------------------------- const char *sub_10009560() { _cfltcvt_init(); return ":"; } //----- (10009570) -------------------------------------------------------- const char *sub_10009570() { _cfltcvt_init(); return ";"; } //----- (10009580) -------------------------------------------------------- const char *sub_10009580() { _cfltcvt_init(); return "<"; } //----- (10009590) -------------------------------------------------------- const char *sub_10009590() { _cfltcvt_init(); return "="; } //----- (100095A0) -------------------------------------------------------- const char *sub_100095A0() { _cfltcvt_init(); return ">"; } //----- (100095B0) -------------------------------------------------------- const char *sub_100095B0() { _cfltcvt_init(); return "?"; } //----- (100097D0) -------------------------------------------------------- const char *sub_100097D0() { if ( dword_100194B4 <= 0 ) { if ( dword_100194C4 <= 0 ) { if ( dword_100194D4 <= 0 ) { _cfltcvt_init(); } else { dword_100194D4 = 0; dword_100194D8 = 1; } } else { dword_100194C4 = 0; dword_100194C8 = 1; } } else { dword_100194B4 = 0; dword_100194B8 = 1; } return "a"; } // 100194B4: using guessed type int dword_100194B4; // 100194B8: using guessed type int dword_100194B8; // 100194C4: using guessed type int dword_100194C4; // 100194C8: using guessed type int dword_100194C8; // 100194D4: using guessed type int dword_100194D4; // 100194D8: using guessed type int dword_100194D8; //----- (10009840) -------------------------------------------------------- const char *sub_10009840() { _cfltcvt_init(); return "b"; } //----- (10009850) -------------------------------------------------------- const char *sub_10009850() { if ( dword_100194F4 <= 0 ) { _cfltcvt_init(); } else { dword_100194F4 = 0; dword_100194F8 = 1; } return "c"; } // 100194F4: using guessed type int dword_100194F4; // 100194F8: using guessed type int dword_100194F8; //----- (10009880) -------------------------------------------------------- const char *sub_10009880() { if ( dword_10019478 <= 0 ) { if ( dword_1001948C <= 0 ) { if ( dword_100194D0 <= 0 ) { if ( dword_100194E8 <= 0 ) { _cfltcvt_init(); } else { dword_100194E8 = 0; dword_100194EC = 1; } } else { dword_100194D0 = 0; dword_100194D4 = 1; } } else { dword_1001948C = 0; dword_10019490 = 1; } } else { dword_10019478 = 0; dword_1001947C = 1; } return "d"; } // 10019478: using guessed type int dword_10019478; // 1001947C: using guessed type int dword_1001947C; // 1001948C: using guessed type int dword_1001948C; // 10019490: using guessed type int dword_10019490; // 100194D0: using guessed type int dword_100194D0; // 100194D4: using guessed type int dword_100194D4; // 100194E8: using guessed type int dword_100194E8; // 100194EC: using guessed type int dword_100194EC; //----- (10009910) -------------------------------------------------------- const char *sub_10009910() { if ( dword_100194AC <= 0 ) { if ( dword_100194CC <= 0 ) { _cfltcvt_init(); } else { dword_100194CC = 0; dword_100194D0 = 1; } } else { dword_100194AC = 0; dword_100194B0 = 1; } return "e"; } // 100194AC: using guessed type int dword_100194AC; // 100194B0: using guessed type int dword_100194B0; // 100194CC: using guessed type int dword_100194CC; // 100194D0: using guessed type int dword_100194D0; //----- (10009960) -------------------------------------------------------- const char *sub_10009960() { if ( dword_100194BC <= 0 ) { _cfltcvt_init(); } else { dword_100194BC = 0; dword_100194C0 = 1; } return "f"; } // 100194BC: using guessed type int dword_100194BC; // 100194C0: using guessed type int dword_100194C0; //----- (10009990) -------------------------------------------------------- const char *sub_10009990() { if ( dword_10019464 <= 0 ) { if ( dword_10019468 <= 0 ) { if ( dword_10019474 <= 0 ) { _cfltcvt_init(); } else { dword_10019474 = 0; dword_10019478 = 1; } } else { dword_10019468 = 0; dword_1001946C = 1; } } else { dword_10019464 = 0; dword_10019468 = 1; } return "g"; } // 10019464: using guessed type int dword_10019464; // 10019468: using guessed type int dword_10019468; // 1001946C: using guessed type int dword_1001946C; // 10019474: using guessed type int dword_10019474; // 10019478: using guessed type int dword_10019478; //----- (10009A00) -------------------------------------------------------- const char *sub_10009A00() { if ( dword_100194DC <= 0 ) { _cfltcvt_init(); } else { dword_100194DC = 0; dword_100194E0 = 1; } return "h"; } // 100194DC: using guessed type int dword_100194DC; // 100194E0: using guessed type int dword_100194E0; //----- (10009A30) -------------------------------------------------------- const char *sub_10009A30() { if ( dword_1001946C <= 0 ) { _cfltcvt_init(); } else { dword_1001946C = 0; dword_10019470 = 1; } return "i"; } // 1001946C: using guessed type int dword_1001946C; // 10019470: using guessed type int dword_10019470; //----- (10009A60) -------------------------------------------------------- const char *sub_10009A60() { _cfltcvt_init(); return "j"; } //----- (10009A70) -------------------------------------------------------- const char *sub_10009A70() { if ( dword_100194A8 <= 0 ) { _cfltcvt_init(); } else { dword_100194A8 = 0; dword_100194AC = 1; } return "k"; } // 100194A8: using guessed type int dword_100194A8; // 100194AC: using guessed type int dword_100194AC; //----- (10009AA0) -------------------------------------------------------- const char *sub_10009AA0() { if ( dword_10017000 <= 0 ) { if ( dword_100194C0 <= 0 ) { _cfltcvt_init(); } else { dword_100194C0 = 0; dword_100194C4 = 1; } } else { dword_10017000 = 0; dword_10019460 = 1; } return "l"; } // 10017000: using guessed type int dword_10017000; // 10019460: using guessed type int dword_10019460; // 100194C0: using guessed type int dword_100194C0; // 100194C4: using guessed type int dword_100194C4; //----- (10009AF0) -------------------------------------------------------- const char *sub_10009AF0() { if ( dword_100194FC > 0 ) { _cfltcvt_init(); sub_10001240(); } return "m"; } // 100194FC: using guessed type int dword_100194FC; //----- (10009B10) -------------------------------------------------------- const char *sub_10009B10() { if ( dword_10019470 <= 0 ) { if ( dword_100194E4 <= 0 ) { _cfltcvt_init(); } else { dword_100194E4 = 0; dword_100194E8 = 1; } } else { dword_10019470 = 0; dword_10019474 = 1; } return "n"; } // 10019470: using guessed type int dword_10019470; // 10019474: using guessed type int dword_10019474; // 100194E4: using guessed type int dword_100194E4; // 100194E8: using guessed type int dword_100194E8; //----- (10009B60) -------------------------------------------------------- const char *sub_10009B60() { if ( dword_1001947C <= 0 ) { if ( dword_10019490 <= 0 ) { if ( dword_100194E0 <= 0 ) { if ( dword_100194EC <= 0 ) { if ( dword_100194F8 <= 0 ) { _cfltcvt_init(); } else { dword_100194F8 = 0; dword_100194FC = 1; } } else { dword_100194EC = 0; dword_100194F0 = 1; } } else { dword_100194E0 = 0; dword_100194E4 = 1; } } else { dword_10019490 = 0; dword_10019494 = 1; } } else { dword_1001947C = 0; dword_10019480 = 1; } return "o"; } // 1001947C: using guessed type int dword_1001947C; // 10019480: using guessed type int dword_10019480; // 10019490: using guessed type int dword_10019490; // 10019494: using guessed type int dword_10019494; // 100194E0: using guessed type int dword_100194E0; // 100194E4: using guessed type int dword_100194E4; // 100194EC: using guessed type int dword_100194EC; // 100194F0: using guessed type int dword_100194F0; // 100194F8: using guessed type int dword_100194F8; // 100194FC: using guessed type int dword_100194FC; //----- (10009C10) -------------------------------------------------------- const char *sub_10009C10() { _cfltcvt_init(); return "p"; } //----- (10009C20) -------------------------------------------------------- const char *sub_10009C20() { _cfltcvt_init(); return "q"; } //----- (10009C30) -------------------------------------------------------- const char *sub_10009C30() { if ( dword_10019488 <= 0 ) { if ( dword_100194A0 <= 0 ) { if ( dword_100194C8 <= 0 ) { _cfltcvt_init(); } else { dword_100194C8 = 0; dword_100194CC = 1; } } else { dword_100194A0 = 0; dword_100194A4 = 1; } } else { dword_10019488 = 0; dword_1001948C = 1; } return "r"; } // 10019488: using guessed type int dword_10019488; // 1001948C: using guessed type int dword_1001948C; // 100194A0: using guessed type int dword_100194A0; // 100194A4: using guessed type int dword_100194A4; // 100194C8: using guessed type int dword_100194C8; // 100194CC: using guessed type int dword_100194CC; //----- (10009CA0) -------------------------------------------------------- const char *sub_10009CA0() { if ( dword_100194D8 <= 0 ) { _cfltcvt_init(); } else { dword_100194D8 = 0; dword_100194DC = 1; } return "s"; } // 100194D8: using guessed type int dword_100194D8; // 100194DC: using guessed type int dword_100194DC; //----- (10009CD0) -------------------------------------------------------- const char *sub_10009CD0() { if ( dword_10019480 <= 0 ) { if ( dword_10019494 <= 0 ) { if ( dword_1001949C <= 0 ) { if ( dword_100194B8 <= 0 ) { if ( dword_100194F0 <= 0 ) { _cfltcvt_init(); } else { dword_100194F0 = 0; dword_100194F4 = 1; } } else { dword_100194B8 = 0; dword_100194BC = 1; } } else { dword_1001949C = 0; dword_100194A0 = 1; } } else { dword_10019494 = 0; dword_10019498 = 1; } } else { dword_10019480 = 0; dword_10019484 = 1; } return "t"; } // 10019480: using guessed type int dword_10019480; // 10019484: using guessed type int dword_10019484; // 10019494: using guessed type int dword_10019494; // 10019498: using guessed type int dword_10019498; // 1001949C: using guessed type int dword_1001949C; // 100194A0: using guessed type int dword_100194A0; // 100194B8: using guessed type int dword_100194B8; // 100194BC: using guessed type int dword_100194BC; // 100194F0: using guessed type int dword_100194F0; // 100194F4: using guessed type int dword_100194F4; //----- (10009D80) -------------------------------------------------------- const char *sub_10009D80() { if ( dword_10019484 <= 0 ) { _cfltcvt_init(); } else { dword_10019484 = 0; dword_10019488 = 1; } return "u"; } // 10019484: using guessed type int dword_10019484; // 10019488: using guessed type int dword_10019488; //----- (10009DB0) -------------------------------------------------------- const char *sub_10009DB0() { _cfltcvt_init(); return "v"; } //----- (10009DC0) -------------------------------------------------------- const char *sub_10009DC0() { _cfltcvt_init(); return "w"; } //----- (10009DD0) -------------------------------------------------------- const char *sub_10009DD0() { _cfltcvt_init(); return "x"; } //----- (10009DE0) -------------------------------------------------------- const char *sub_10009DE0() { _cfltcvt_init(); return "y"; } //----- (10009E30) -------------------------------------------------------- const char *sub_10009E30() { return "[SHIFT]"; } //----- (10009E40) -------------------------------------------------------- const char *sub_10009E40() { return "."; } //----- (10009E50) -------------------------------------------------------- const char *sub_10009E50() { return "[RETURN]"; } //----- (10009E60) -------------------------------------------------------- const char *sub_10009E60() { return "[BACKSPACE]"; } //----- (10009E70) -------------------------------------------------------- const char *sub_10009E70() { return "[TAB]"; } //----- (10009E80) -------------------------------------------------------- const char *sub_10009E80() { return "[CTRL]"; } //----- (10009E90) -------------------------------------------------------- const char *sub_10009E90() { return "[DELETE]"; } //----- (10009EA0) -------------------------------------------------------- const char *sub_10009EA0() { return "[CAPS LOCK]"; }
有一点点迷宫的感觉,要走正确的路线,拿一段举个例子
const char *sub_100094D0()
{
if ( dword_10019498 <= 0 )
{
if ( dword_100194B0 <= 0 )
{
_cfltcvt_init();
}
else
{
dword_100194B0 = 0;
dword_100194B4 = 1;
}
}
else
{
dword_10019498 = 0;
dword_1001949C = 1;
}
return "5";
}
有两个if说明“5“出现了两次,一次是走到94B0处时,一次是走到9498处时,由此规则可以得到
l0ggingdoturdot5tr0ke5atflaredashondotcom
所以那个funcm有什么用?
用ollyice打开dll,loaddll,运行后发现读取了键盘输入后写进了一个文件,把之前得到的字符串写入,得到
