[klee-dev] Sorry to disturb you again,i encounter another question in learning the third klee tutorial
曾杰
zyj183247166 at qq.com
Mon May 8 14:41:11 BST 2017
Hi, all ,i am so sorry to disturb you again. But i am so confused.
When learning the klee tutorial
Keygenning with KLEE and Hex-Rays
(the website:https://gitlab.com/Manouchehri/Matryoshka-Stage-2/blob/master/stage2.md)
,I decompile the main function in stage2.bin using IDA Pro 6.6 with the result as below:
int __fastcall sub_4006F2(int a1, __int64 a2)
{
int result; // eax at 2
__int64 v3; // rbx at 10
signed int v4; // [sp+1Ch] [bp-14h]@4
if ( a1 == 2 )
{
if ( 42 * (strlen(*(a2 + 8)) + 1) != 504 )
goto LABEL_31;
v4 = 1;
if ( **(a2 + 8) != 80 )
v4 = 0;
if ( 2 * *(*(a2 + 8) + 3LL) != 200 )
v4 = 0;
if ( **(a2 + 8) + 16 != *(*(a2 + 8) + 6LL) - 16 )
v4 = 0;
v3 = *(*(a2 + 8) + 5LL);
if ( v3 != 9 * strlen(*(a2 + 8)) - 4 )
v4 = 0;
if ( *(*(a2 + 8) + 1LL) != *(*(a2 + 8) + 7LL) )
v4 = 0;
if ( *(*(a2 + 8) + 1LL) != *(*(a2 + 8) + 10LL) )
v4 = 0;
if ( *(*(a2 + 8) + 1LL) - 17 != **(a2 + 8) )
v4 = 0;
if ( *(*(a2 + 8) + 3LL) != *(*(a2 + 8) + 9LL) )
v4 = 0;
if ( *(*(a2 + 8) + 4LL) != 105 )
v4 = 0;
if ( *(*(a2 + 8) + 2LL) - *(*(a2 + 8) + 1LL) != 13 )
v4 = 0;
if ( *(*(a2 + 8) + 8LL) - *(*(a2 + 8) + 7LL) != 13 )
v4 = 0;
if ( v4 )
result = sub_40064D(*(a2 + 8));
else
LABEL_31:
result = fprintf(stdout, "Try again...\n", a2);
}
else
{
result = fprintf(stdout, "Usage: %s <pass>\n", *a2, a2);
}
return result;
}
In the above program, it is *(a2+8) and not *(a2[1])。
If considering the behaviors of stage2.bin, it accepts the password as a parameter, so the password will be passed as the second parameter to the main function. Thus, the right form is *(a2[1]), which operate on the password.
But why my decompiling result is *(a2+8)? i am very confused.
Hope for your Help! Thanks a lot!
-------------- next part --------------
HTML attachment scrubbed and removed
More information about the klee-dev
mailing list