forked from JonathanSalwan/Tigress_protection
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathsample1-virt-dispatcher-ifnest.py
166 lines (162 loc) · 6.86 KB
/
sample1-virt-dispatcher-ifnest.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
#!/usr/bin/env python2
## -*- coding: utf-8 -*-
import sys
def sx(bits, value):
sign_bit = 1 << (bits - 1)
return (value & (sign_bit - 1)) - (value & sign_bit)
SymVar_0 = int(sys.argv[1])
ref_264 = SymVar_0
ref_279 = ref_264 # MOV operation
ref_7365 = ref_279 # MOV operation
ref_7683 = ref_7365 # MOV operation
ref_7691 = ((ref_7683 << (0x39 & 0x3F)) & 0xFFFFFFFFFFFFFFFF) # SHL operation
ref_7698 = ref_7691 # MOV operation
ref_9039 = ref_279 # MOV operation
ref_9285 = ref_9039 # MOV operation
ref_9293 = (ref_9285 >> (0x7 & 0x3F)) # SHR operation
ref_9300 = ref_9293 # MOV operation
ref_9509 = ref_9300 # MOV operation
ref_9521 = ref_7698 # MOV operation
ref_9523 = (ref_9521 | ref_9509) # OR operation
ref_9700 = ref_9523 # MOV operation
ref_12860 = ref_9700 # MOV operation
ref_13101 = ref_12860 # MOV operation
ref_13103 = ((ref_13101 + 0x2D4AF89B) & 0xFFFFFFFFFFFFFFFF) # ADD operation
ref_13267 = ref_13103 # MOV operation
ref_13269 = (ref_13267 & 0x1D5ABF66) # AND operation
ref_14615 = ref_279 # MOV operation
ref_14933 = ref_14615 # MOV operation
ref_14941 = ((ref_14933 << (0x35 & 0x3F)) & 0xFFFFFFFFFFFFFFFF) # SHL operation
ref_14948 = ref_14941 # MOV operation
ref_16289 = ref_279 # MOV operation
ref_16535 = ref_16289 # MOV operation
ref_16543 = (ref_16535 >> (0xB & 0x3F)) # SHR operation
ref_16550 = ref_16543 # MOV operation
ref_16759 = ref_16550 # MOV operation
ref_16771 = ref_14948 # MOV operation
ref_16773 = (ref_16771 | ref_16759) # OR operation
ref_16933 = ref_16773 # MOV operation
ref_16945 = ref_13269 # MOV operation
ref_16947 = ((ref_16933 - ref_16945) & 0xFFFFFFFFFFFFFFFF) # SUB operation
ref_16955 = ref_16947 # MOV operation
ref_17127 = ref_16955 # MOV operation
ref_19995 = ref_279 # MOV operation
ref_20130 = ref_19995 # MOV operation
ref_20144 = ((ref_20130 - 0xE8D4346) & 0xFFFFFFFFFFFFFFFF) # SUB operation
ref_20152 = ref_20144 # MOV operation
ref_20324 = ref_20152 # MOV operation
ref_23484 = ref_9700 # MOV operation
ref_23565 = ref_23484 # MOV operation
ref_23579 = ((0x20453EE3 + ref_23565) & 0xFFFFFFFFFFFFFFFF) # ADD operation
ref_24926 = ref_279 # MOV operation
ref_25061 = ref_24926 # MOV operation
ref_25073 = ref_23579 # MOV operation
ref_25075 = ((ref_25061 - ref_25073) & 0xFFFFFFFFFFFFFFFF) # SUB operation
ref_25083 = ref_25075 # MOV operation
ref_25255 = ref_25083 # MOV operation
ref_30599 = ref_9700 # MOV operation
ref_32790 = ref_20324 # MOV operation
ref_32979 = ref_32790 # MOV operation
ref_32991 = ref_30599 # MOV operation
ref_32993 = (ref_32991 | ref_32979) # OR operation
ref_33300 = ref_32993 # MOV operation
ref_33306 = (0x3F & ref_33300) # AND operation
ref_33649 = ref_33306 # MOV operation
ref_33657 = ((ref_33649 << (0x4 & 0x3F)) & 0xFFFFFFFFFFFFFFFF) # SHL operation
ref_33664 = ref_33657 # MOV operation
ref_35606 = ref_9700 # MOV operation
ref_35795 = ref_35606 # MOV operation
ref_35807 = ref_33664 # MOV operation
ref_35809 = (ref_35807 | ref_35795) # OR operation
ref_35986 = ref_35809 # MOV operation
ref_39576 = ref_17127 # MOV operation
ref_41646 = ref_35986 # MOV operation
ref_41892 = ref_41646 # MOV operation
ref_41900 = (ref_41892 >> (0x1 & 0x3F)) # SHR operation
ref_41907 = ref_41900 # MOV operation
ref_42209 = ref_41907 # MOV operation
ref_42215 = (0xF & ref_42209) # AND operation
ref_42429 = ref_42215 # MOV operation
ref_42443 = (0x1 | ref_42429) # OR operation
ref_42763 = ref_42443 # MOV operation
ref_42765 = ((0x40 - ref_42763) & 0xFFFFFFFFFFFFFFFF) # SUB operation
ref_42773 = ref_42765 # MOV operation
ref_42963 = ref_39576 # MOV operation
ref_42967 = ref_42773 # MOV operation
ref_42969 = (ref_42967 & 0xFFFFFFFF) # MOV operation
ref_42971 = ((ref_42963 << ((ref_42969 & 0xFF) & 0x3F)) & 0xFFFFFFFFFFFFFFFF) # SHL operation
ref_42978 = ref_42971 # MOV operation
ref_44611 = ref_17127 # MOV operation
ref_46681 = ref_35986 # MOV operation
ref_46927 = ref_46681 # MOV operation
ref_46935 = (ref_46927 >> (0x1 & 0x3F)) # SHR operation
ref_46942 = ref_46935 # MOV operation
ref_47244 = ref_46942 # MOV operation
ref_47250 = (0xF & ref_47244) # AND operation
ref_47464 = ref_47250 # MOV operation
ref_47478 = (0x1 | ref_47464) # OR operation
ref_47601 = ref_44611 # MOV operation
ref_47605 = ref_47478 # MOV operation
ref_47607 = (ref_47605 & 0xFFFFFFFF) # MOV operation
ref_47609 = (ref_47601 >> ((ref_47607 & 0xFF) & 0x3F)) # SHR operation
ref_47616 = ref_47609 # MOV operation
ref_47825 = ref_47616 # MOV operation
ref_47837 = ref_42978 # MOV operation
ref_47839 = (ref_47837 | ref_47825) # OR operation
ref_48016 = ref_47839 # MOV operation
ref_51028 = ref_25255 # MOV operation
ref_53219 = ref_48016 # MOV operation
ref_53354 = ref_53219 # MOV operation
ref_53366 = ref_51028 # MOV operation
ref_53368 = ((ref_53354 - ref_53366) & 0xFFFFFFFFFFFFFFFF) # SUB operation
ref_53376 = ref_53368 # MOV operation
ref_53548 = ref_53376 # MOV operation
ref_59010 = ref_35986 # MOV operation
ref_60771 = ref_17127 # MOV operation
ref_61053 = ref_60771 # MOV operation
ref_61059 = (0xF & ref_61053) # AND operation
ref_61273 = ref_61059 # MOV operation
ref_61287 = (0x1 | ref_61273) # OR operation
ref_61607 = ref_61287 # MOV operation
ref_61609 = ((0x40 - ref_61607) & 0xFFFFFFFFFFFFFFFF) # SUB operation
ref_61617 = ref_61609 # MOV operation
ref_61807 = ref_59010 # MOV operation
ref_61811 = ref_61617 # MOV operation
ref_61813 = (ref_61811 & 0xFFFFFFFF) # MOV operation
ref_61815 = ((ref_61807 << ((ref_61813 & 0xFF) & 0x3F)) & 0xFFFFFFFFFFFFFFFF) # SHL operation
ref_61822 = ref_61815 # MOV operation
ref_63455 = ref_35986 # MOV operation
ref_65216 = ref_17127 # MOV operation
ref_65498 = ref_65216 # MOV operation
ref_65504 = (0xF & ref_65498) # AND operation
ref_65718 = ref_65504 # MOV operation
ref_65732 = (0x1 | ref_65718) # OR operation
ref_65855 = ref_63455 # MOV operation
ref_65859 = ref_65732 # MOV operation
ref_65861 = (ref_65859 & 0xFFFFFFFF) # MOV operation
ref_65863 = (ref_65855 >> ((ref_65861 & 0xFF) & 0x3F)) # SHR operation
ref_65870 = ref_65863 # MOV operation
ref_66079 = ref_65870 # MOV operation
ref_66091 = ref_61822 # MOV operation
ref_66093 = (ref_66091 | ref_66079) # OR operation
ref_67879 = ref_25255 # MOV operation
ref_69492 = ref_53548 # MOV operation
ref_69681 = ref_69492 # MOV operation
ref_69693 = ref_67879 # MOV operation
ref_69695 = (ref_69693 | ref_69681) # OR operation
ref_69966 = ref_69695 # MOV operation
ref_69974 = (ref_69966 >> (0x1 & 0x3F)) # SHR operation
ref_69981 = ref_69974 # MOV operation
ref_70283 = ref_69981 # MOV operation
ref_70289 = (0x7 & ref_70283) # AND operation
ref_70503 = ref_70289 # MOV operation
ref_70517 = (0x1 | ref_70503) # OR operation
ref_70712 = ref_66093 # MOV operation
ref_70716 = ref_70517 # MOV operation
ref_70718 = (ref_70716 & 0xFFFFFFFF) # MOV operation
ref_70720 = ((ref_70712 << ((ref_70718 & 0xFF) & 0x3F)) & 0xFFFFFFFFFFFFFFFF) # SHL operation
ref_70727 = ref_70720 # MOV operation
ref_70899 = ref_70727 # MOV operation
ref_71399 = ref_70899 # MOV operation
ref_71401 = ref_71399 # MOV operation
print ref_71401 & 0xffffffffffffffff