-
Notifications
You must be signed in to change notification settings - Fork 144
/
sample1-virt-dispatcher-indirect.py
166 lines (162 loc) · 6.88 KB
/
sample1-virt-dispatcher-indirect.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
#!/usr/bin/env python2
## -*- coding: utf-8 -*-
import sys
def sx(bits, value):
sign_bit = 1 << (bits - 1)
return (value & (sign_bit - 1)) - (value & sign_bit)
SymVar_0 = int(sys.argv[1])
ref_264 = SymVar_0
ref_279 = ref_264 # MOV operation
ref_9249 = ref_279 # MOV operation
ref_9397 = ref_9249 # MOV operation
ref_9405 = ((ref_9397 << (0x39 & 0x3F)) & 0xFFFFFFFFFFFFFFFF) # SHL operation
ref_9412 = ref_9405 # MOV operation
ref_10037 = ref_279 # MOV operation
ref_10185 = ref_10037 # MOV operation
ref_10193 = (ref_10185 >> (0x7 & 0x3F)) # SHR operation
ref_10200 = ref_10193 # MOV operation
ref_10270 = ref_10200 # MOV operation
ref_10282 = ref_9412 # MOV operation
ref_10284 = (ref_10282 | ref_10270) # OR operation
ref_10367 = ref_10284 # MOV operation
ref_11807 = ref_10367 # MOV operation
ref_11959 = ref_11807 # MOV operation
ref_11961 = ((ref_11959 + 0x2D4AF89B) & 0xFFFFFFFFFFFFFFFF) # ADD operation
ref_12049 = ref_11961 # MOV operation
ref_12051 = (ref_12049 & 0x1D5ABF66) # AND operation
ref_12681 = ref_279 # MOV operation
ref_12829 = ref_12681 # MOV operation
ref_12837 = ((ref_12829 << (0x35 & 0x3F)) & 0xFFFFFFFFFFFFFFFF) # SHL operation
ref_12844 = ref_12837 # MOV operation
ref_13469 = ref_279 # MOV operation
ref_13617 = ref_13469 # MOV operation
ref_13625 = (ref_13617 >> (0xB & 0x3F)) # SHR operation
ref_13632 = ref_13625 # MOV operation
ref_13702 = ref_13632 # MOV operation
ref_13714 = ref_12844 # MOV operation
ref_13716 = (ref_13714 | ref_13702) # OR operation
ref_13791 = ref_13716 # MOV operation
ref_13803 = ref_12051 # MOV operation
ref_13805 = ((ref_13791 - ref_13803) & 0xFFFFFFFFFFFFFFFF) # SUB operation
ref_13813 = ref_13805 # MOV operation
ref_13891 = ref_13813 # MOV operation
ref_15246 = ref_279 # MOV operation
ref_15296 = ref_15246 # MOV operation
ref_15310 = ((ref_15296 - 0xE8D4346) & 0xFFFFFFFFFFFFFFFF) # SUB operation
ref_15318 = ref_15310 # MOV operation
ref_15396 = ref_15318 # MOV operation
ref_16836 = ref_10367 # MOV operation
ref_16886 = ref_16836 # MOV operation
ref_16900 = ((0x20453EE3 + ref_16886) & 0xFFFFFFFFFFFFFFFF) # ADD operation
ref_17531 = ref_279 # MOV operation
ref_17581 = ref_17531 # MOV operation
ref_17593 = ref_16900 # MOV operation
ref_17595 = ((ref_17581 - ref_17593) & 0xFFFFFFFFFFFFFFFF) # SUB operation
ref_17603 = ref_17595 # MOV operation
ref_17681 = ref_17603 # MOV operation
ref_19906 = ref_10367 # MOV operation
ref_20838 = ref_15396 # MOV operation
ref_20888 = ref_20838 # MOV operation
ref_20900 = ref_19906 # MOV operation
ref_20902 = (ref_20900 | ref_20888) # OR operation
ref_21075 = ref_20902 # MOV operation
ref_21081 = (0x3F & ref_21075) # AND operation
ref_21254 = ref_21081 # MOV operation
ref_21262 = ((ref_21254 << (0x4 & 0x3F)) & 0xFFFFFFFFFFFFFFFF) # SHL operation
ref_21269 = ref_21262 # MOV operation
ref_22041 = ref_10367 # MOV operation
ref_22091 = ref_22041 # MOV operation
ref_22103 = ref_21269 # MOV operation
ref_22105 = (ref_22103 | ref_22091) # OR operation
ref_22188 = ref_22105 # MOV operation
ref_23780 = ref_13891 # MOV operation
ref_24622 = ref_22188 # MOV operation
ref_24770 = ref_24622 # MOV operation
ref_24778 = (ref_24770 >> (0x1 & 0x3F)) # SHR operation
ref_24785 = ref_24778 # MOV operation
ref_24953 = ref_24785 # MOV operation
ref_24959 = (0xF & ref_24953) # AND operation
ref_25034 = ref_24959 # MOV operation
ref_25048 = (0x1 | ref_25034) # OR operation
ref_25225 = ref_25048 # MOV operation
ref_25227 = ((0x40 - ref_25225) & 0xFFFFFFFFFFFFFFFF) # SUB operation
ref_25235 = ref_25227 # MOV operation
ref_25313 = ref_23780 # MOV operation
ref_25317 = ref_25235 # MOV operation
ref_25319 = (ref_25317 & 0xFFFFFFFF) # MOV operation
ref_25321 = ((ref_25313 << ((ref_25319 & 0xFF) & 0x3F)) & 0xFFFFFFFFFFFFFFFF) # SHL operation
ref_25328 = ref_25321 # MOV operation
ref_26038 = ref_13891 # MOV operation
ref_26880 = ref_22188 # MOV operation
ref_27028 = ref_26880 # MOV operation
ref_27036 = (ref_27028 >> (0x1 & 0x3F)) # SHR operation
ref_27043 = ref_27036 # MOV operation
ref_27211 = ref_27043 # MOV operation
ref_27217 = (0xF & ref_27211) # AND operation
ref_27292 = ref_27217 # MOV operation
ref_27306 = (0x1 | ref_27292) # OR operation
ref_27389 = ref_26038 # MOV operation
ref_27393 = ref_27306 # MOV operation
ref_27395 = (ref_27393 & 0xFFFFFFFF) # MOV operation
ref_27397 = (ref_27389 >> ((ref_27395 & 0xFF) & 0x3F)) # SHR operation
ref_27404 = ref_27397 # MOV operation
ref_27474 = ref_27404 # MOV operation
ref_27486 = ref_25328 # MOV operation
ref_27488 = (ref_27486 | ref_27474) # OR operation
ref_27571 = ref_27488 # MOV operation
ref_28921 = ref_17681 # MOV operation
ref_29853 = ref_27571 # MOV operation
ref_29903 = ref_29853 # MOV operation
ref_29915 = ref_28921 # MOV operation
ref_29917 = ((ref_29903 - ref_29915) & 0xFFFFFFFFFFFFFFFF) # SUB operation
ref_29925 = ref_29917 # MOV operation
ref_30003 = ref_29925 # MOV operation
ref_32379 = ref_22188 # MOV operation
ref_33159 = ref_13891 # MOV operation
ref_33307 = ref_33159 # MOV operation
ref_33313 = (0xF & ref_33307) # AND operation
ref_33388 = ref_33313 # MOV operation
ref_33402 = (0x1 | ref_33388) # OR operation
ref_33579 = ref_33402 # MOV operation
ref_33581 = ((0x40 - ref_33579) & 0xFFFFFFFFFFFFFFFF) # SUB operation
ref_33589 = ref_33581 # MOV operation
ref_33667 = ref_32379 # MOV operation
ref_33671 = ref_33589 # MOV operation
ref_33673 = (ref_33671 & 0xFFFFFFFF) # MOV operation
ref_33675 = ((ref_33667 << ((ref_33673 & 0xFF) & 0x3F)) & 0xFFFFFFFFFFFFFFFF) # SHL operation
ref_33682 = ref_33675 # MOV operation
ref_34392 = ref_22188 # MOV operation
ref_35172 = ref_13891 # MOV operation
ref_35320 = ref_35172 # MOV operation
ref_35326 = (0xF & ref_35320) # AND operation
ref_35401 = ref_35326 # MOV operation
ref_35415 = (0x1 | ref_35401) # OR operation
ref_35498 = ref_34392 # MOV operation
ref_35502 = ref_35415 # MOV operation
ref_35504 = (ref_35502 & 0xFFFFFFFF) # MOV operation
ref_35506 = (ref_35498 >> ((ref_35504 & 0xFF) & 0x3F)) # SHR operation
ref_35513 = ref_35506 # MOV operation
ref_35583 = ref_35513 # MOV operation
ref_35595 = ref_33682 # MOV operation
ref_35597 = (ref_35595 | ref_35583) # OR operation
ref_36402 = ref_17681 # MOV operation
ref_37092 = ref_30003 # MOV operation
ref_37142 = ref_37092 # MOV operation
ref_37154 = ref_36402 # MOV operation
ref_37156 = (ref_37154 | ref_37142) # OR operation
ref_37329 = ref_37156 # MOV operation
ref_37337 = (ref_37329 >> (0x1 & 0x3F)) # SHR operation
ref_37344 = ref_37337 # MOV operation
ref_37512 = ref_37344 # MOV operation
ref_37518 = (0x7 & ref_37512) # AND operation
ref_37593 = ref_37518 # MOV operation
ref_37607 = (0x1 | ref_37593) # OR operation
ref_37690 = ref_35597 # MOV operation
ref_37694 = ref_37607 # MOV operation
ref_37696 = (ref_37694 & 0xFFFFFFFF) # MOV operation
ref_37698 = ((ref_37690 << ((ref_37696 & 0xFF) & 0x3F)) & 0xFFFFFFFFFFFFFFFF) # SHL operation
ref_37705 = ref_37698 # MOV operation
ref_37783 = ref_37705 # MOV operation
ref_37942 = ref_37783 # MOV operation
ref_37944 = ref_37942 # MOV operation
print ref_37944 & 0xffffffffffffffff