-
Notifications
You must be signed in to change notification settings - Fork 144
/
sample1-virt-duplicate-opcodes-2.py
151 lines (147 loc) · 6.24 KB
/
sample1-virt-duplicate-opcodes-2.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
#!/usr/bin/env python2
## -*- coding: utf-8 -*-
import sys
def sx(bits, value):
sign_bit = 1 << (bits - 1)
return (value & (sign_bit - 1)) - (value & sign_bit)
SymVar_0 = int(sys.argv[1])
ref_264 = SymVar_0
ref_279 = ref_264 # MOV operation
ref_5449 = ref_279 # MOV operation
ref_5509 = ref_5449 # MOV operation
ref_5523 = ((ref_5509 << (0x39 & 0x3F)) & 0xFFFFFFFFFFFFFFFF) # SHL operation
ref_6333 = ref_279 # MOV operation
ref_6393 = ref_6333 # MOV operation
ref_6407 = (ref_6393 >> (0x7 & 0x3F)) # SHR operation
ref_6492 = ref_6407 # MOV operation
ref_6504 = ref_5523 # MOV operation
ref_6506 = (ref_6504 | ref_6492) # OR operation
ref_7309 = ref_6506 # MOV operation
ref_8199 = ref_7309 # MOV operation
ref_8371 = ref_8199 # MOV operation
ref_8373 = ((ref_8371 + 0x2D4AF89B) & 0xFFFFFFFFFFFFFFFF) # ADD operation
ref_8471 = ref_8373 # MOV operation
ref_8473 = (ref_8471 & 0x1D5ABF66) # AND operation
ref_9183 = ref_279 # MOV operation
ref_9351 = ref_9183 # MOV operation
ref_9359 = (ref_9351 >> (0xB & 0x3F)) # SHR operation
ref_9366 = ref_9359 # MOV operation
ref_10171 = ref_279 # MOV operation
ref_10231 = ref_10171 # MOV operation
ref_10245 = ((ref_10231 << (0x35 & 0x3F)) & 0xFFFFFFFFFFFFFFFF) # SHL operation
ref_10338 = ref_9366 # MOV operation
ref_10342 = ref_10245 # MOV operation
ref_10344 = (ref_10342 | ref_10338) # OR operation
ref_10429 = ref_10344 # MOV operation
ref_10441 = ref_8473 # MOV operation
ref_10443 = ((ref_10429 - ref_10441) & 0xFFFFFFFFFFFFFFFF) # SUB operation
ref_10451 = ref_10443 # MOV operation
ref_11249 = ref_10451 # MOV operation
ref_12764 = ref_279 # MOV operation
ref_12824 = ref_12764 # MOV operation
ref_12838 = ((ref_12824 - 0xE8D4346) & 0xFFFFFFFFFFFFFFFF) # SUB operation
ref_12846 = ref_12838 # MOV operation
ref_12934 = ref_12846 # MOV operation
ref_14349 = ref_279 # MOV operation
ref_15119 = ref_7309 # MOV operation
ref_15287 = ref_15119 # MOV operation
ref_15293 = ((0x20453EE3 + ref_15287) & 0xFFFFFFFFFFFFFFFF) # ADD operation
ref_15387 = ref_14349 # MOV operation
ref_15391 = ref_15293 # MOV operation
ref_15393 = ((ref_15387 - ref_15391) & 0xFFFFFFFFFFFFFFFF) # SUB operation
ref_15401 = ref_15393 # MOV operation
ref_15489 = ref_15401 # MOV operation
ref_17974 = ref_7309 # MOV operation
ref_18916 = ref_7309 # MOV operation
ref_19958 = ref_12934 # MOV operation
ref_20018 = ref_19958 # MOV operation
ref_20030 = ref_18916 # MOV operation
ref_20032 = (ref_20030 | ref_20018) # OR operation
ref_20225 = ref_20032 # MOV operation
ref_20231 = (0x3F & ref_20225) # AND operation
ref_20316 = ref_20231 # MOV operation
ref_20330 = ((ref_20316 << (0x4 & 0x3F)) & 0xFFFFFFFFFFFFFFFF) # SHL operation
ref_20423 = ref_17974 # MOV operation
ref_20427 = ref_20330 # MOV operation
ref_20429 = (ref_20427 | ref_20423) # OR operation
ref_20522 = ref_20429 # MOV operation
ref_22466 = ref_20522 # MOV operation
ref_22526 = ref_22466 # MOV operation
ref_22540 = (ref_22526 >> (0x1 & 0x3F)) # SHR operation
ref_22733 = ref_22540 # MOV operation
ref_22739 = (0xF & ref_22733) # AND operation
ref_22932 = ref_22739 # MOV operation
ref_22938 = (0x1 | ref_22932) # OR operation
ref_23135 = ref_22938 # MOV operation
ref_23137 = ((0x40 - ref_23135) & 0xFFFFFFFFFFFFFFFF) # SUB operation
ref_23145 = ref_23137 # MOV operation
ref_23935 = ref_11249 # MOV operation
ref_23995 = ref_23935 # MOV operation
ref_24007 = ref_23145 # MOV operation
ref_24009 = ((ref_23995 << ((ref_24007 & 0xFF) & 0x3F)) & 0xFFFFFFFFFFFFFFFF) # SHL operation
ref_24804 = ref_11249 # MOV operation
ref_25746 = ref_20522 # MOV operation
ref_25806 = ref_25746 # MOV operation
ref_25820 = (ref_25806 >> (0x1 & 0x3F)) # SHR operation
ref_26013 = ref_25820 # MOV operation
ref_26019 = (0xF & ref_26013) # AND operation
ref_26212 = ref_26019 # MOV operation
ref_26218 = (0x1 | ref_26212) # OR operation
ref_26311 = ref_24804 # MOV operation
ref_26315 = ref_26218 # MOV operation
ref_26317 = (ref_26315 & 0xFFFFFFFF) # MOV operation
ref_26319 = (ref_26311 >> ((ref_26317 & 0xFF) & 0x3F)) # SHR operation
ref_26326 = ref_26319 # MOV operation
ref_26406 = ref_26326 # MOV operation
ref_26418 = ref_24009 # MOV operation
ref_26420 = (ref_26418 | ref_26406) # OR operation
ref_26513 = ref_26420 # MOV operation
ref_28013 = ref_15489 # MOV operation
ref_29055 = ref_26513 # MOV operation
ref_29115 = ref_29055 # MOV operation
ref_29127 = ref_28013 # MOV operation
ref_29129 = ((ref_29115 - ref_29127) & 0xFFFFFFFFFFFFFFFF) # SUB operation
ref_29137 = ref_29129 # MOV operation
ref_29225 = ref_29137 # MOV operation
ref_32091 = ref_29225 # MOV operation
ref_32861 = ref_15489 # MOV operation
ref_32929 = ref_32091 # MOV operation
ref_32933 = ref_32861 # MOV operation
ref_32935 = (ref_32933 | ref_32929) # OR operation
ref_33020 = ref_32935 # MOV operation
ref_33034 = (ref_33020 >> (0x1 & 0x3F)) # SHR operation
ref_33119 = ref_33034 # MOV operation
ref_33133 = (0x7 & ref_33119) # AND operation
ref_33326 = ref_33133 # MOV operation
ref_33332 = (0x1 | ref_33326) # OR operation
ref_34127 = ref_11249 # MOV operation
ref_34295 = ref_34127 # MOV operation
ref_34301 = (0xF & ref_34295) # AND operation
ref_34494 = ref_34301 # MOV operation
ref_34500 = (0x1 | ref_34494) # OR operation
ref_35295 = ref_20522 # MOV operation
ref_35355 = ref_35295 # MOV operation
ref_35367 = ref_34500 # MOV operation
ref_35369 = (ref_35355 >> ((ref_35367 & 0xFF) & 0x3F)) # SHR operation
ref_36264 = ref_11249 # MOV operation
ref_36324 = ref_36264 # MOV operation
ref_36338 = (0xF & ref_36324) # AND operation
ref_36531 = ref_36338 # MOV operation
ref_36537 = (0x1 | ref_36531) # OR operation
ref_36734 = ref_36537 # MOV operation
ref_36736 = ((0x40 - ref_36734) & 0xFFFFFFFFFFFFFFFF) # SUB operation
ref_36744 = ref_36736 # MOV operation
ref_37534 = ref_20522 # MOV operation
ref_37594 = ref_37534 # MOV operation
ref_37606 = ref_36744 # MOV operation
ref_37608 = ((ref_37594 << ((ref_37606 & 0xFF) & 0x3F)) & 0xFFFFFFFFFFFFFFFF) # SHL operation
ref_37701 = ref_35369 # MOV operation
ref_37705 = ref_37608 # MOV operation
ref_37707 = (ref_37705 | ref_37701) # OR operation
ref_37792 = ref_37707 # MOV operation
ref_37804 = ref_33332 # MOV operation
ref_37806 = ((ref_37792 << ((ref_37804 & 0xFF) & 0x3F)) & 0xFFFFFFFFFFFFFFFF) # SHL operation
ref_37899 = ref_37806 # MOV operation
ref_38078 = ref_37899 # MOV operation
ref_38080 = ref_38078 # MOV operation
print ref_38080 & 0xffffffffffffffff