我正在尝试反转一个可执行文件(用于学习RE),但是我被困在一块伪代码上,其中有一些我不理解的东西。请帮助我理解它以便我可以改进。现在我明白有一个数组有32号到2014年的入口,从2014年到4095号入口有fget返回的字符代码。之后有一小段代码,我无法理解,块标有**。
代码:
int sub_12A11A0()
{
__int16 v1; // [sp+4h] [bp-24h]@13
int v2; // [sp+8h] [bp-20h]@11
int v3; // [sp+Ch] [bp-1Ch]@8
signed int v4; // [sp+10h] [bp-18h]@13
signed int l; // [sp+14h] [bp-14h]@16
int v6; // [sp+18h] [bp-10h]@6
int v7; // [sp+18h] [bp-10h]@13
int v8; // [sp+18h] [bp-10h]@32
signed int v9; // [sp+1Ch] [bp-Ch]@8
signed int v10; // [sp+20h] [bp-8h]@8
signed int i; // [sp+24h] [bp-4h]@1
signed int j; // [sp+24h] [bp-4h]@4
int k; // [sp+24h] [bp-4h]@13
signed int m; // [sp+24h] [bp-4h]@27
for ( i = 0; i < 2015; ++i )
byte_12A3400[i] = 32;
for ( j = 2015; j < 4096; ++j )
{
v6 = fgetc(dword_12A33EC);
if ( v6 == -1 )
break;
byte_12A3400[j] = v6;
++dword_12A3088;
}
v9 = j;
v10 = 2015;
v3 = 0;
while ( v10 < v9 )
{
if ( v9 - v10 < 33 )
v2 = v9 - v10;
else
v2 = 33;
v1 = 0;
v4 = 1;
****v7 = (unsigned __int8)byte_12A3400[v10];
for ( k = v10 - 1; k >= v3; --k )
{
if ( (unsigned __int8)byte_12A3400[k] == v7 )
{
for ( l = 1; l < v2 && (unsigned __int8)*(&byte_12A3400[l] + k) == (unsigned __int8)*(&byte_12A3400[l] + v10); ++l )
;
if ( l > v4 )
{
v1 = k;
v4 = l;
}
}
}****
if ( v4 > 1 )
sub_12A1120(v1 & 0x7FF, v4 - 2);
else
sub_12A10D0(v7);
v10 += v4;
v3 += v4;
if ( v10 >= 4063 )
{
for ( m = 0; m < 2048; ++m )
byte_12A3400[m] = byte_12A3C00[m];
v9 -= 2048;
v10 -= 2048;
v3 -= 2048;
while ( v9 < 4096 )
{
v8 = fgetc(dword_12A33EC);
if ( v8 == -1 )
break;
byte_12A3400[v9++] = v8;
++dword_12A3088;
}
}
}
return sub_12A1090();
}
答案 0 :(得分:1)
似乎重要的是理解
*(&byte_12A3400[l] + k)
这相当于
byte_12A3400[l + k]