-1

I'm trying to understand this code from assembly,

int32_t phase_5(char * str) {
    int32_t v1 = 0;
    if (strlen(str) != 4) {
        // 0x8049153
        alert_henchmen(5);
        v1 = 0;
        // branch -> 0x80491a6
    }
    while (true) {
        int32_t * v2 = (int32_t *)(4 * v1 + (int32_t)&g2); // 0x8049192_0
        char * v3 = (char *)(v1 + (int32_t)str);
        int32_t v4 = 0;
        int32_t v5 = 0; // 0x01516
        // branch -> 0x8049175
        int32_t v6; // bp+014
        while (true) {
            char v7 = *(char *)(v4 + (int32_t)"4l6aiqhor20x"); // 0x8049188
            v6 = v5;
            if ((int32_t)*v3 == (int32_t)v7) {
                // 0x804918f
                v6 = *v2 == v4 ? 1 : v5;
                // branch -> 0x80491a2
            }
            int32_t v8 = v4 + 1; // 0x80491a2
            if (v8 >= 12) {
                // break -> 0x80491ac
                break;
            }
            v4 = v8;
            v5 = v6;
            // continue -> 0x8049175
        }
        // 0x80491ac
        if (v6 % 256 != 1) {
            // 0x80491b7
            alert_henchmen(5);
            // branch -> 0x80491c3
        }
        int32_t v9 = v1 + 1; // 0x80491c3
        if (v9 >= 4) {
            // break -> 0x80491cd
            break;
        }
        v1 = v9;
        // continue -> 0x80491a6
    }
    // 0x80491cd
    return confirm_phase(5, str);
}

and I'm just not sure what this line does:

int32_t * v2 = (int32_t *)(4 * v1 + (int32_t)&g2)

and also this line:

char v7 = *(char *)(v4 + (int32_t)"4l6aiqhor20x")

and what does int32_t mean?

John Kugelman
  • 349,597
  • 67
  • 533
  • 578
Nan Xue
  • 35
  • 1
  • 3

2 Answers2

0

I'm not exactly sure what your question is, but I will try to help in answer, by explaining that when a programmer writes something, there is a purpose to each line that he or she knows about - for example, if they want to write a message, they may call the variable "myMessage". This information is not included in the final result, though. So, a decompiler won't know to call it "myMessage", and will just assign a memory address (denoted by a & reference), or a random variable name (denoted by v's above). With some detailed examination, you can figure out what that part of the code does specifically, but without hints like "myMessage", you may have to process and map out the entire program before really understanding it.

So for the code line: int32_t * v2 = (int32_t *)(4 * v1 + (int32_t)&g2)

You can only say that it takes 4, multiplies it by v1, and adds it to the address of variable g2. The result is a 32-bit address that is stored in v2. Because there's no reference here that says what g2 even is, then you may start to see the rationale in my answer. Since it's 32 bits (4 bytes), this could explain the multiplication by 4, and maybe v1 is a counter.

Dan Chase
  • 993
  • 7
  • 18
0

int32_t is one of the types defined in <stdint.h>; it is a 32-bit wide signed integer type with 2's complement representation and no padding bits.

The decompiler seems to take the shortest possible path, without actually understanding how to write idiomatic C code. The code itself might not even be valid C as I believe it might not conform to strict aliasing requirements of C.

Here, for example:

int32_t * v2 = (int32_t *)(4 * v1 + (int32_t)&g2); // 0x8049192_0

The value of the address of g2 is converted to an int32_t; then the value 4 * v1 is added to it; and the resulting integer is cast to a pointer to int32_t. This is a contrived way of writing

int32_t *v2 = ((int32_t *)&g2) + v1;

Or; if g2 is already declared as an array of int32_t, it is sufficient to write

int32_t *v2 = g2 + v1;

All in all, the code casts the address of g2 into a pointer to int32_t, and then assigns the pointer to v1th (0-based) int32_t in the array of consecutive int32_ts, first of which is the one at that pointer, into v2.

Again, 

char v7 = *(char *)(v4 + (int32_t)"4l6aiqhor20x")

Is the straightforward - but non-portable code (it doesn't work in 64-bit processors!) for the code

char v7 = "4l6aiqhor20x"[v4];

i.e. the value of v4th character from the string "4l6aiqhor20x" is assigned to v7.

Antti Haapala -- Слава Україні
  • 129,958
  • 22
  • 279
  • 321