This is the code generated by IDA Pro. What is it doing? I am having difficult trying to understand what it's trying to do. The variables are weirdly named as they have been generated by the decompiler.
int __cdecl main(int argc, const char **argv, const char **envp)
{
int result; // eax@2
int v4; // [sp+0h] [bp-38h]@0
char v5; // [sp+4h] [bp-34h]@1
char v6; // [sp+5h] [bp-33h]@1
char v7; // [sp+6h] [bp-32h]@1
char v8; // [sp+7h] [bp-31h]@1
char v9; // [sp+8h] [bp-30h]@1
int i; // [sp+Ch] [bp-2Ch]@5
HMODULE hModule; // [sp+10h] [bp-28h]@17
const char v12; // [sp+14h] [bp-24h]@12
char v13; // [sp+18h] [bp-20h]@12
FARPROC v14; // [sp+1Ch] [bp-1Ch]@19
char v15; // [sp+20h] [bp-18h]@12
char v16; // [sp+24h] [bp-14h]@12
char v17; // [sp+28h] [bp-10h]@1
char v18; // [sp+29h] [bp-Fh]@1
char v19; // [sp+2Ah] [bp-Eh]@1
char v20; // [sp+2Bh] [bp-Dh]@1
char v21; // [sp+2Ch] [bp-Ch]@1
char v22; // [sp+2Dh] [bp-Bh]@1
char v23; // [sp+2Eh] [bp-Ah]@1
char v24; // [sp+2Fh] [bp-9h]@1
char v25; // [sp+30h] [bp-8h]@1
char v26; // [sp+31h] [bp-7h]@1
char v27; // [sp+32h] [bp-6h]@1
char v28; // [sp+33h] [bp-5h]@1
char v29; // [sp+34h] [bp-4h]@1
v17 = 101;
v18 = 118;
v19 = 105;
v20 = 108;
v21 = 46;
v22 = 109;
v23 = 116;
v24 = 120;
v25 = 46;
v26 = 99;
v27 = 111;
v28 = 109;
v29 = 0;
v5 = 56;
v6 = 48;
v7 = 56;
v8 = 48;
v9 = 0;
if ( argc == 3 )
{
if ( strlen(argv[1]) == 5 )
{
for ( i = 0; i < 5; ++i )
--*(&byte_407030 + i);
if ( !strncmp(&byte_407030, argv[1], 5u) )
{
v24 = byte_407030;
if ( strlen(argv[2]) == 4 )
{
v16 = *argv[2] + 20;
v15 = argv[2][1] - 10;
v13 = argv[2][2] + 20;
v12 = argv[2][3];
if ( v16 == 85 && v15 == 89 && v13 == 121 && v12 == 33 )
{
sub_401000();
hModule = LoadLibraryA(LibFileName);
if ( hModule == (HMODULE)-1 )
{
result = -1;
}
else
{
v14 = GetProcAddress(hModule, lpProcName);
if ( v14 )
{
((void (__cdecl *)(char *, char *))v14)(&v17, &v5);
result = 0;
}
else
{
result = -1;
}
}
}
else
{
sub_40122B((int)aFail, v4);
result = 0;
}
}
else
{
result = 0;
}
}
else
{
sub_40122B((int)aFail, v4);
result = 0;
}
}
else
{
result = 0;
}
}
else
{
result = 0;
}
return result;
}
I'll share what i have understood till now..
1) It expects
3
arguments, and the first one has to be of length5
.2) After the comparison
if ( !strncmp(&byte_407030, argv[1], 5u) )
which is pretty difficult to understand, They check for the length of the second argument hereif ( strlen(argv[2]) == 4 )
3) After that they check if the second argument is
Ace!
or not.
v16 = *argv[2] + 20;
v15 = argv[2][1] - 10;
v13 = argv[2][2] + 20;
v12 = argv[2][3];
if ( v16 == 85 && v15 == 89 && v13 == 121 && v12 == 33 )
4) Then it loads module accordingly, shown in all the
if else
conditions.