-
Notifications
You must be signed in to change notification settings - Fork 144
/
sample1-virt-dispatcher-interpolation.py
166 lines (162 loc) · 7.07 KB
/
sample1-virt-dispatcher-interpolation.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
#!/usr/bin/env python2
## -*- coding: utf-8 -*-
import sys
def sx(bits, value):
sign_bit = 1 << (bits - 1)
return (value & (sign_bit - 1)) - (value & sign_bit)
SymVar_0 = int(sys.argv[1])
ref_264 = SymVar_0
ref_279 = ref_264 # MOV operation
ref_13197 = ref_279 # MOV operation
ref_14188 = ref_13197 # MOV operation
ref_14196 = ((ref_14188 << (0x39 & 0x3F)) & 0xFFFFFFFFFFFFFFFF) # SHL operation
ref_14203 = ref_14196 # MOV operation
ref_18200 = ref_279 # MOV operation
ref_19446 = ref_18200 # MOV operation
ref_19454 = (ref_19446 >> (0x7 & 0x3F)) # SHR operation
ref_19461 = ref_19454 # MOV operation
ref_20080 = ref_19461 # MOV operation
ref_20092 = ref_14203 # MOV operation
ref_20094 = (ref_20092 | ref_20080) # OR operation
ref_20688 = ref_20094 # MOV operation
ref_29637 = ref_20688 # MOV operation
ref_30887 = ref_29637 # MOV operation
ref_30889 = ((ref_30887 + 0x2D4AF89B) & 0xFFFFFFFFFFFFFFFF) # ADD operation
ref_31526 = ref_30889 # MOV operation
ref_31528 = (ref_31526 & 0x1D5ABF66) # AND operation
ref_35530 = ref_279 # MOV operation
ref_36521 = ref_35530 # MOV operation
ref_36529 = ((ref_36521 << (0x35 & 0x3F)) & 0xFFFFFFFFFFFFFFFF) # SHL operation
ref_36536 = ref_36529 # MOV operation
ref_40533 = ref_279 # MOV operation
ref_41779 = ref_40533 # MOV operation
ref_41787 = (ref_41779 >> (0xB & 0x3F)) # SHR operation
ref_41794 = ref_41787 # MOV operation
ref_42413 = ref_41794 # MOV operation
ref_42425 = ref_36536 # MOV operation
ref_42427 = (ref_42425 | ref_42413) # OR operation
ref_42796 = ref_42427 # MOV operation
ref_42808 = ref_31528 # MOV operation
ref_42810 = ((ref_42796 - ref_42808) & 0xFFFFFFFFFFFFFFFF) # SUB operation
ref_42818 = ref_42810 # MOV operation
ref_43407 = ref_42818 # MOV operation
ref_52016 = ref_279 # MOV operation
ref_52360 = ref_52016 # MOV operation
ref_52374 = ((ref_52360 - 0xE8D4346) & 0xFFFFFFFFFFFFFFFF) # SUB operation
ref_52382 = ref_52374 # MOV operation
ref_52971 = ref_52382 # MOV operation
ref_61920 = ref_20688 # MOV operation
ref_62519 = ref_61920 # MOV operation
ref_62533 = ((0x20453EE3 + ref_62519) & 0xFFFFFFFFFFFFFFFF) # ADD operation
ref_66536 = ref_279 # MOV operation
ref_66880 = ref_66536 # MOV operation
ref_66892 = ref_62533 # MOV operation
ref_66894 = ((ref_66880 - ref_66892) & 0xFFFFFFFFFFFFFFFF) # SUB operation
ref_66902 = ref_66894 # MOV operation
ref_67491 = ref_66902 # MOV operation
ref_81147 = ref_20688 # MOV operation
ref_87098 = ref_52971 # MOV operation
ref_87697 = ref_87098 # MOV operation
ref_87709 = ref_81147 # MOV operation
ref_87711 = (ref_87709 | ref_87697) # OR operation
ref_88982 = ref_87711 # MOV operation
ref_88988 = (0x3F & ref_88982) # AND operation
ref_90004 = ref_88988 # MOV operation
ref_90012 = ((ref_90004 << (0x4 & 0x3F)) & 0xFFFFFFFFFFFFFFFF) # SHL operation
ref_90019 = ref_90012 # MOV operation
ref_94712 = ref_20688 # MOV operation
ref_95311 = ref_94712 # MOV operation
ref_95323 = ref_90019 # MOV operation
ref_95325 = (ref_95323 | ref_95311) # OR operation
ref_95919 = ref_95325 # MOV operation
ref_105863 = ref_43407 # MOV operation
ref_111175 = ref_95919 # MOV operation
ref_112421 = ref_111175 # MOV operation
ref_112429 = (ref_112421 >> (0x1 & 0x3F)) # SHR operation
ref_112436 = ref_112429 # MOV operation
ref_113702 = ref_112436 # MOV operation
ref_113708 = (0xF & ref_113702) # AND operation
ref_114332 = ref_113708 # MOV operation
ref_114346 = (0x1 | ref_114332) # OR operation
ref_115366 = ref_114346 # MOV operation
ref_115368 = ((0x40 - ref_115366) & 0xFFFFFFFFFFFFFFFF) # SUB operation
ref_115376 = ref_115368 # MOV operation
ref_115748 = ref_105863 # MOV operation
ref_115752 = ref_115376 # MOV operation
ref_115754 = (ref_115752 & 0xFFFFFFFF) # MOV operation
ref_115756 = ((ref_115748 << ((ref_115754 & 0xFF) & 0x3F)) & 0xFFFFFFFFFFFFFFFF) # SHL operation
ref_115763 = ref_115756 # MOV operation
ref_120100 = ref_43407 # MOV operation
ref_125412 = ref_95919 # MOV operation
ref_126658 = ref_125412 # MOV operation
ref_126666 = (ref_126658 >> (0x1 & 0x3F)) # SHR operation
ref_126673 = ref_126666 # MOV operation
ref_127939 = ref_126673 # MOV operation
ref_127945 = (0xF & ref_127939) # AND operation
ref_128569 = ref_127945 # MOV operation
ref_128583 = (0x1 | ref_128569) # OR operation
ref_129215 = ref_120100 # MOV operation
ref_129219 = ref_128583 # MOV operation
ref_129221 = (ref_129219 & 0xFFFFFFFF) # MOV operation
ref_129223 = (ref_129215 >> ((ref_129221 & 0xFF) & 0x3F)) # SHR operation
ref_129230 = ref_129223 # MOV operation
ref_129849 = ref_129230 # MOV operation
ref_129861 = ref_115763 # MOV operation
ref_129863 = (ref_129861 | ref_129849) # OR operation
ref_130457 = ref_129863 # MOV operation
ref_138767 = ref_67491 # MOV operation
ref_144718 = ref_130457 # MOV operation
ref_145062 = ref_144718 # MOV operation
ref_145074 = ref_138767 # MOV operation
ref_145076 = ((ref_145062 - ref_145074) & 0xFFFFFFFFFFFFFFFF) # SUB operation
ref_145084 = ref_145076 # MOV operation
ref_145673 = ref_145084 # MOV operation
ref_160617 = ref_95919 # MOV operation
ref_165573 = ref_43407 # MOV operation
ref_166819 = ref_165573 # MOV operation
ref_166825 = (0xF & ref_166819) # AND operation
ref_167449 = ref_166825 # MOV operation
ref_167463 = (0x1 | ref_167449) # OR operation
ref_168483 = ref_167463 # MOV operation
ref_168485 = ((0x40 - ref_168483) & 0xFFFFFFFFFFFFFFFF) # SUB operation
ref_168493 = ref_168485 # MOV operation
ref_168865 = ref_160617 # MOV operation
ref_168869 = ref_168493 # MOV operation
ref_168871 = (ref_168869 & 0xFFFFFFFF) # MOV operation
ref_168873 = ((ref_168865 << ((ref_168871 & 0xFF) & 0x3F)) & 0xFFFFFFFFFFFFFFFF) # SHL operation
ref_168880 = ref_168873 # MOV operation
ref_173217 = ref_95919 # MOV operation
ref_178173 = ref_43407 # MOV operation
ref_179419 = ref_178173 # MOV operation
ref_179425 = (0xF & ref_179419) # AND operation
ref_180049 = ref_179425 # MOV operation
ref_180063 = (0x1 | ref_180049) # OR operation
ref_180695 = ref_173217 # MOV operation
ref_180699 = ref_180063 # MOV operation
ref_180701 = (ref_180699 & 0xFFFFFFFF) # MOV operation
ref_180703 = (ref_180695 >> ((ref_180701 & 0xFF) & 0x3F)) # SHR operation
ref_180710 = ref_180703 # MOV operation
ref_181329 = ref_180710 # MOV operation
ref_181341 = ref_168880 # MOV operation
ref_181343 = (ref_181341 | ref_181329) # OR operation
ref_186324 = ref_67491 # MOV operation
ref_190641 = ref_145673 # MOV operation
ref_191240 = ref_190641 # MOV operation
ref_191252 = ref_186324 # MOV operation
ref_191254 = (ref_191252 | ref_191240) # OR operation
ref_192525 = ref_191254 # MOV operation
ref_192533 = (ref_192525 >> (0x1 & 0x3F)) # SHR operation
ref_192540 = ref_192533 # MOV operation
ref_193806 = ref_192540 # MOV operation
ref_193812 = (0x7 & ref_193806) # AND operation
ref_194436 = ref_193812 # MOV operation
ref_194450 = (0x1 | ref_194436) # OR operation
ref_194827 = ref_181343 # MOV operation
ref_194831 = ref_194450 # MOV operation
ref_194833 = (ref_194831 & 0xFFFFFFFF) # MOV operation
ref_194835 = ((ref_194827 << ((ref_194833 & 0xFF) & 0x3F)) & 0xFFFFFFFFFFFFFFFF) # SHL operation
ref_194842 = ref_194835 # MOV operation
ref_195431 = ref_194842 # MOV operation
ref_196178 = ref_195431 # MOV operation
ref_196180 = ref_196178 # MOV operation
print ref_196180 & 0xffffffffffffffff