Cython程序分析_5

字数统计: 2.3k字   |   阅读时长≈ 12分

主要是在分析if-else判断。

Cython程序分析_5

代码1

1
2
3
4
5
6
7
def test_del():
    var_int = 1
    del var_int
    var_tup = (1, 2, 3)
    del var_tup
    var_str = "114514"
    del var_str

C文件

1
2
3
4
5
6
7
8
9
10
11
12
13
+1: def test_del():
+2:     var_int = 1
+3:     del var_int
  __Pyx_DECREF(__pyx_v_var_int);
  __pyx_v_var_int = NULL;
+4:     var_tup = (1, 2, 3)
+5:     del var_tup
  __Pyx_DECREF(__pyx_v_var_tup);
  __pyx_v_var_tup = NULL;
+6:     var_str = "114514"
+7:     del var_str
  __Pyx_DECREF(__pyx_v_var_str);
  __pyx_v_var_str = NULL;

可见del仅仅就是将指针置空。

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
// write access to const memory has been detected, the output may be wrong!
__int64 sub_180005100()
{
  __int64 v0; // rcx
  __int64 v1; // rax
  __int64 v2; // rcx
  __int64 v3; // rax
  __int64 v4; // rcx

  v0 = int1;
  v1 = *(_QWORD *)int1;
  *(_QWORD *)int1 = *(_QWORD *)int1;
  if ( !v1 )
    (*(void (**)(void))(*(_QWORD *)(v0 + 8) + 48i64))();
  v2 = tup_1_2_3;
  v3 = *(_QWORD *)tup_1_2_3;
  *(_QWORD *)tup_1_2_3 = *(_QWORD *)tup_1_2_3;
  if ( !v3 )
    (*(void (**)(void))(*(_QWORD *)(v2 + 8) + 48i64))();
  ++*(_QWORD *)qword_180009560;
  v4 = qword_180009560;
  if ( (*(_QWORD *)qword_180009560)-- == 1i64 )
    (*(void (**)(void))(*(_QWORD *)(v4 + 8) + 48i64))();
  return Py_NoneStruct++;
}

显然del指令完全被优化掉了。

代码2

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
# 外部逻辑
var1 = 100
var2 = "Str"

# 字符串相等比较
# if双层
if var2 == "Str":
    # int类型比较
    if var1 <= 50:
        print ("50")
    elif var1 < 95:
        print("lt 95")
    elif var1 == 100:
        print("100")
    elif var1 != 101:
        print("not 101")
    elif var1 > 135:
        print("gt 135")
    elif var1 >= 150:
        print("ge 150")
    else:
        print("out")

    var3 = "abc"
    # in关键字
    if var3 in "abc":
        pass

# 函数内逻辑
def test_if():
    var1 = 100
    var2 = "Str"

    # 字符串相等比较
    # if双层
    if var2 == "Str":
        # int类型比较
        if var1 <= 50:
            print ("50")
        elif var1 < 95:
            print("lt 95")
        elif var1 == 100:
            print("100")
        elif var1 != 101:
            print("not 101")
        elif var1 > 135:
            print("gt 135")
        elif var1 >= 150:
            print("ge 150")
    else:
        print("out")

    var3 = "abc"
    # in关键字
    if var3 in "abc":
        pass

C文件

编译后发现,在exec函数和一般函数是不一样的

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
 01: # 外部逻辑
+02: var1 = 100
+03: var2 = "Str"
 04: 
 05: # 字符串相等比较
 06: # if双层
+07: if var2 == "Str":
  __Pyx_GetModuleGlobalName(__pyx_t_1, __pyx_n_s_var2);
  __pyx_t_2 = (__Pyx_PyUnicode_Equals(__pyx_t_1, __pyx_n_u_Str, Py_EQ));
  if (__pyx_t_2) {
/* … */
  }
 08:     # int类型比较
+09:     if var1 <= 50:
    __Pyx_GetModuleGlobalName(__pyx_t_1, __pyx_n_s_var1);
    __pyx_t_3 = PyObject_RichCompare(__pyx_t_1, __pyx_int_50, Py_LE);
    __pyx_t_2 = __Pyx_PyObject_IsTrue(__pyx_t_3);
    if (__pyx_t_2) {
/* … */
      goto __pyx_L3;
    }
+10:         print ("50")
    
+11:     elif var1 < 95:
    __Pyx_GetModuleGlobalName(__pyx_t_3, __pyx_n_s_var1);
    __pyx_t_1 = PyObject_RichCompare(__pyx_t_3, __pyx_int_95, Py_LT);
    __pyx_t_2 = __Pyx_PyObject_IsTrue(__pyx_t_1);
    if (__pyx_t_2) {
/* … */
      goto __pyx_L3;
    }
+12:         print("lt 95")
    
+13:     elif var1 == 100:
    __Pyx_GetModuleGlobalName(__pyx_t_1, __pyx_n_s_var1);
    __pyx_t_3 = __Pyx_PyInt_EqObjC(__pyx_t_1, __pyx_int_100, 0x64, 0);
    __pyx_t_2 = __Pyx_PyObject_IsTrue(__pyx_t_3);
    if (__pyx_t_2) {
/* … */
      goto __pyx_L3;
    }
+14:         print("100")
+15:     elif var1 != 101:
    __Pyx_GetModuleGlobalName(__pyx_t_3, __pyx_n_s_var1);
    __pyx_t_1 = __Pyx_PyInt_NeObjC(__pyx_t_3, __pyx_int_101, 0x65, 0);
    __pyx_t_2 = __Pyx_PyObject_IsTrue(__pyx_t_1);
    if (__pyx_t_2) {
/* … */
      goto __pyx_L3;
    }
+16:         print("not 101")
    
+17:     elif var1 > 135:
    __Pyx_GetModuleGlobalName(__pyx_t_1, __pyx_n_s_var1); 
    __pyx_t_3 = PyObject_RichCompare(__pyx_t_1, __pyx_int_135, Py_GT);
    __pyx_t_2 = __Pyx_PyObject_IsTrue(__pyx_t_3);
    if (__pyx_t_2) {
/* … */
      goto __pyx_L3;
    }
+18:         print("gt 135")
    
+19:     elif var1 >= 150:
    __Pyx_GetModuleGlobalName(__pyx_t_3, __pyx_n_s_var1);
    __pyx_t_1 = PyObject_RichCompare(__pyx_t_3, __pyx_int_150, Py_GE);
    __pyx_t_2 = __Pyx_PyObject_IsTrue(__pyx_t_1);
    if (__pyx_t_2) {
/* … */
      goto __pyx_L3;
    }
+20:         print("ge 150")
    
 21:     else:
+22:         print("out")
 23: 
+24:     var3 = "abc"
 25:     # in关键字
+26:     if var3 in "abc":
    __Pyx_GetModuleGlobalName(__pyx_t_1, __pyx_n_s_var3);
    __pyx_t_2 = (__Pyx_PyUnicode_ContainsTF(__pyx_t_1, __pyx_n_u_abc, Py_EQ));
    __pyx_t_4 = (__pyx_t_2 != 0);
    if (__pyx_t_4) {
    }
 27:         pass
 28: 
 29: # 函数内逻辑
+30: def test_if():
+31:     var1 = 100
+32:     var2 = "Str"
 33: 
 34:     # 字符串相等比较
 35:     # if双层
+36:     if var2 == "Str":
  __pyx_t_1 = (__Pyx_PyUnicode_Equals(__pyx_v_var2, __pyx_n_u_Str, Py_EQ)); if (unlikely(__pyx_t_1 < 0)) __PYX_ERR(0, 36, __pyx_L1_error)
  __pyx_t_2 = (__pyx_t_1 != 0);
  if (__pyx_t_2) {
/* … */
    goto __pyx_L3;
  }
 37:         # int类型比较
+38:         if var1 <= 50:
    __pyx_t_2 = ((__pyx_v_var1 <= 50) != 0);
    if (__pyx_t_2) {
/* … */
      goto __pyx_L4;
    }
+39:             print ("50")
+40:         elif var1 < 95:
    __pyx_t_2 = ((__pyx_v_var1 < 95) != 0);
    if (__pyx_t_2) {
/* … */
      goto __pyx_L4;
    }
+41:             print("lt 95")
+42:         elif var1 == 100:
    __pyx_t_2 = ((__pyx_v_var1 == 0x64) != 0);
    if (__pyx_t_2) {
/* … */
      goto __pyx_L4;
    }
+43:             print("100")
+44:         elif var1 != 101:
    __pyx_t_2 = ((__pyx_v_var1 != 0x65) != 0);
    if (__pyx_t_2) {
/* … */
      goto __pyx_L4;
    }
+45:             print("not 101")
+46:         elif var1 > 135:
    __pyx_t_2 = ((__pyx_v_var1 > 0x87) != 0);
    if (__pyx_t_2) {
/* … */
      goto __pyx_L4;
    }
+47:             print("gt 135")
+48:         elif var1 >= 150:
    __pyx_t_2 = ((__pyx_v_var1 >= 0x96) != 0);
    if (__pyx_t_2) {
/* … */
    }
    __pyx_L4:;
+49:             print("ge 150")
 50:     else:
+51:         print("out")
 52: 
+53:     var3 = "abc"
    
 54:     # in关键字
+55:     if var3 in "abc":
  __pyx_t_2 = (__Pyx_PyUnicode_ContainsTF(__pyx_v_var3, __pyx_n_u_abc, Py_EQ));
  if (__pyx_t_1) {
  }
 56:         pass

首先把一些函数贴上来。

函数的名称应该不准确,因为这次没有对着C文件嗯看,而是直接根据逻辑大致猜测的。但是意思应该是能理解的。

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
__int64 __fastcall PyObject_IsTrue_0(__int64 a1)
{
  __int64 result; // rax

  result = a1 == Py_TrueStruct;
  if ( !((unsigned int)result | (a1 == Py_FalseStruct || a1 == Py_NoneStruct)) )
    result = PyObject_IsTrue();
  return result;
}

__int64 __fastcall PyUnicode_ContainsTF(__int64 a1)
{
  __int64 result; // rax

  result = PyUnicode_Contains(strp_abc, a1);
  if ( (int)result >= 0 )
    result = (_DWORD)result == 1;
  return result;
}

exec函数中

1
2
3
4
5
6
7
8
9
10
11
12
if ( (int)PyDict_SetItem(dict_t, var1, int100) < 0 )
{
  err_line = 2;
  err_code = 1996;
  goto ERROR;
}
if ( (int)PyDict_SetItem(dict_t, strp_var2, strp_Str) < 0 )
{
  err_line = 3;
  err_code = 2005;
  goto ERROR;
}

这两个是

1
2
3
# ...
var1 = 100
var2 = "Str"

根据错误抛出可以得知分别是第二行和第三行代码,且可以发现在exec函数中的变量都是从一个字典里面取出来的。

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
          v32 = strp_var2;
          tmp = (_QWORD *)PyDict_GetItem_KnownHash(dict_t, strp_var2, *(_QWORD *)(strp_var2 + 24));
          v36 = *(_QWORD *)(dict_t + 24);       // var2
          qword_180009758 = v36;
          var2 = (__int64)tmp;
          if ( tmp )
          {
            ++*tmp;
            goto LABEL_95;
          }
          if ( PyErr_Occurred(v36, v33, v34, v35, 3, v96, v97, v98, v99, v100, v101) )
          {
LABEL_273:
            err_line = 7;
            err_code = 2014;
            goto ERROR;
          }
          v31 = v32;
        }
        tmp = (_QWORD *)GetBuiltinName(v31);
LABEL_94:
        if ( tmp )
        {
LABEL_95:
          v37 = PyUnicode_Equals(tmp);	// 比较相等
          if ( v37 < 0 )
          {
            err_line = 7;
            err_code = 2016;
            goto LABEL_269;
          }
          v14 = (*tmp)-- == 1i64;
          if ( v14 )
            (*(void (__fastcall **)(_QWORD *))(tmp[1] + 48i64))(tmp);
          if ( !v37 )	// 不等,就跳转
            goto LABEL_248;

这是if var2 == "Str"。先PyDict_GetItem_KnownHash得到var2,然后PyUnicode_Equals来判断是否和"Str"相等。这个函数已经内联了"Str",所以看上去只传了一个参数。

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
__int64 __fastcall PyUnicode_Equals(__int64 a1)
{
  __int64 v1; // rbx
  unsigned int v3; // esi
  BOOL v4; // edx
  BOOL v5; // ecx
  __int64 v6; // r10
  __int64 v7; // rax
  __int64 v8; // rcx
  unsigned int v9; // ecx
  unsigned int v10; // er8
  unsigned int v11; // er9
  __int64 v12; // rdx
  bool v13; // zf
  __int64 v14; // rcx
  unsigned __int8 *v15; // rcx
  unsigned __int8 *v16; // rdx
  int v17; // eax
  int v18; // er8
  __int64 v20; // rax
  _QWORD *v21; // rbx
  unsigned int v22; // eax
  unsigned int v23; // edi

  v1 = strp_Str;	// 内联到了这里
  if ( a1 == strp_Str )
    return 1i64;
  v3 = 0;
  v4 = *(_QWORD *)(a1 + 8) == PyUnicode_Type;
  v5 = *(_QWORD *)(strp_Str + 8) == PyUnicode_Type;
  if ( v5 && v4 )
  {
    if ( *(char *)(a1 + 32) >= 0 && (int)PyUnicode_Ready(a1) < 0
      || *(char *)(v1 + 32) >= 0 && (int)PyUnicode_Ready(v1) < 0 )
    {
      return 0xFFFFFFFFi64;
    }
    v6 = *(_QWORD *)(a1 + 16);
    if ( v6 != *(_QWORD *)(v1 + 16) )
      return 0i64;
    v7 = *(_QWORD *)(a1 + 24);
    v8 = *(_QWORD *)(v1 + 24);
    if ( v7 != v8 && v7 != -1 && v8 != -1 )
      return 0i64;
/* ... */
}

然后判断

1
2
if ( !v37 )
  goto LABEL_248;

LABEL_248就是条件为假的位置。

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
LABEL_248:
                            v88 = (_QWORD *)qword_1800097D8;
                            v89 = (_QWORD *)dict_t;
                            v90 = (_QWORD *)qword_180009698;
                            v91 = (_QWORD *)qword_180009688;
                            v92 = PyObject_GC_New(qword_1800097C0);
                            tmp = (_QWORD *)v92;
                            if ( !v92 )
                            {
                              err_line = 30;
                              err_code = 2292;
                              goto ERROR;
                            }
                            *(_DWORD *)(v92 + 136) = 0;
                            *(_QWORD *)(v92 + 40) = 0i64;
                            *(_QWORD *)(v92 + 16) = &off_180008720;
                            *(_QWORD *)(v92 + 24) = v92;
                            *(_QWORD *)(v92 + 96) = 0i64;
                            if ( v90 )
                              ++*v90;
                            *(_QWORD *)(v92 + 32) = v90;
                            *(_QWORD *)(v92 + 48) = 0i64;
                            *(_QWORD *)(v92 + 56) = 0i64;
                            ++*v91;
                            *(_QWORD *)(v92 + 64) = v91;
                            *(_QWORD *)(v92 + 72) = 0i64;
                            *(_QWORD *)(v92 + 104) = 0i64;
                            *(_QWORD *)(v92 + 80) = v89;
                            ++*v89;
                            if ( v88 )
                              ++*v88;
                            *(_QWORD *)(v92 + 88) = v88;
                            *(_DWORD *)(v92 + 120) = 0;
                            *(_QWORD *)(v92 + 128) = 0i64;
                            *(_QWORD *)(v92 + 112) = 0i64;
                            *(_QWORD *)(v92 + 144) = 0i64;
                            *(_QWORD *)(v92 + 152) = 0i64;
                            *(_QWORD *)(v92 + 160) = 0i64;
                            *(_QWORD *)(v92 + 168) = 0i64;
                            PyObject_GC_Track(v92);
                            if ( (int)PyDict_SetItem(dict_t, qword_180009688, tmp) >= 0 )
                            {

因为条件为假之后就到了函数声明的位置,所以就是这个模样。

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
            tmp = (_QWORD *)PyDict_GetItem_KnownHash(dict_t, var1, *(_QWORD *)(var1 + 24));
            v43 = *(_QWORD *)(dict_t + 24);
            qword_1800097B0 = v43;
            qword_180009730 = (__int64)tmp;
            if ( tmp )
            {
              ++*tmp;
              goto LABEL_110;
            }
            if ( PyErr_Occurred(v43, v40, v41, v42, v95, v96, v97, v98, v99, v100, v101) )
            {
LABEL_256:
              err_line = 9;
              err_code = 2027;
              goto ERROR;
            }
            v38 = v39;
          }
          tmp = (_QWORD *)GetBuiltinName(v38);
LABEL_109:
          if ( tmp )
          {
LABEL_110:
            v44 = (_QWORD *)PyObject_RichCompare(tmp, int50, 1i64);	//
            if ( !v44 )
            {
              err_line = 9;
              err_code = 2029;
              goto LABEL_269;
            }
            v14 = (*tmp)-- == 1i64;
            if ( v14 )
              (*(void (__fastcall **)(_QWORD *))(tmp[1] + 48i64))(tmp);
            judge = PyObject_IsTrue_0(v44);	//
            if ( judge < 0 )
            {
              err_line = 9;
              err_code = 2031;
              goto LABEL_217;
            }

这是第九行的if var2 == "Str":,主要是PyObject_RichCompare函数和PyObject_IsTrue来进行判断。不过第三个参数是个枚举数,是Py_LE

1
2
3
4
5
6
7
8
// object.h
/* Rich comparison opcodes */
#define Py_LT 0
#define Py_LE 1
#define Py_EQ 2
#define Py_NE 3
#define Py_GT 4
#define Py_GE 5
1
2
3
4
5
6
7
8
9
10
11
12
if ( judge )
{
  v46 = (int *)Print(v6, tup_50);
  v6 = v46;
  if ( !v46 )
  {
    err_line = 10;
    err_code = 2042;
    goto ERROR;
  }
  goto LABEL_230;
}

然后第十行,如果是真,则打印”50”。

后面的总体都差不多,不过是枚举的差异。

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
if ( v81 )
{
  v46 = (int *)Print(v6, qword_180009728);
  v6 = v46;
  if ( !v46 )
  {
    err_line = 20;
    err_code = 2224;
    goto ERROR;
  }
}
else
{
  v46 = (int *)Print(v6, out);
  v6 = v46;
  if ( !v46 )
  {
    err_line = 22;
    err_code = 2246;
    goto ERROR;
  }
}

跳到最后一个,else打印"out"

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
LABEL_230:
                        v14 = (*(_QWORD *)v46)-- == 1i64;
                        if ( v14 )
                          (*(void (__fastcall **)(int *))(*((_QWORD *)v46 + 1) + 48i64))(v6);
                        if ( (int)PyDict_SetItem(dict_t, strp_var3, strp_abc) < 0 )
                        {
                          err_line = 24;
                          err_code = 2259;
                          goto ERROR;
                        }
                        v6 = *(int **)(dict_t + 24);
                        if ( (int *)qword_180009860 == v6 )
                        {
                          if ( qword_180009790 )
                          {
                            ++*(_QWORD *)qword_180009790;
                            tmp = (_QWORD *)qword_180009790;
                            goto LABEL_243;
                          }
                          v82 = strp_var3;
                        }
                        else
                        {
                          v83 = strp_var3;
                          tmp = (_QWORD *)PyDict_GetItem_KnownHash(dict_t, strp_var3, *(_QWORD *)(strp_var3 + 24));
                          v87 = *(_QWORD *)(dict_t + 24);
                          qword_180009860 = v87;
                          qword_180009790 = (__int64)tmp;
                          if ( tmp )
                          {
                            ++*tmp;
LABEL_244:
                            if ( (int)PyUnicode_ContainsTF((__int64)tmp) < 0 )
                            {
                              err_line = 26;
                              err_code = 2270;
                              goto LABEL_269;
                            }
                            v14 = (*tmp)-- == 1i64;
                            if ( v14 )
                              (*(void (__fastcall **)(_QWORD *))(tmp[1] + 48i64))(tmp);

这个便是

1
2
3
4
var3 = "abc"
# in关键字
if var3 in "abc":
    pass

首先PyDict_SetItem设置变量,然后PyDict_GetItem_KnownHash取出来,然后PyUnicode_ContainsTF判断(也是内联过”abc”的)。不过由于if内是个pass,所以条件成立后也没什么动作。

函数内

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
// write access to const memory has been detected, the output may be wrong!
__int64 test_if()
{
  __int64 v0; // rdi
  _QWORD *v1; // rbx
  _QWORD *v2; // rsi
  int v3; // eax
  __int64 v4; // rcx
  __int64 err_code; // rdx
  __int64 line; // r8
  _QWORD *v7; // rax
  _QWORD *v8; // rcx
  bool v9; // zf

  v0 = 0i64;
  v1 = 0i64;
  ++*(_QWORD *)strp_Str;
  v2 = (_QWORD *)strp_Str;
  v3 = PyUnicode_Equals(strp_Str);              // if "Str" == "Str"
  if ( v3 >= 0 )
  {
    if ( v3 )
    {
      v7 = (_QWORD *)Print(v4, strp_100_0);     // print("100")
      v8 = v7;
      if ( !v7 )
      {
        err_code = 1361i64;
        line = 43i64;
        goto LABEL_12;
      }
    }
    else
    {
      v7 = (_QWORD *)Print(v4, out);            // print("out")
      v8 = v7;
      if ( !v7 )
      {
        err_code = 1486i64;
        line = 51i64;
        goto LABEL_12;
      }
    }
    v9 = (*v7)-- == 1i64;
    if ( v9 )
      (*(void (__fastcall **)(_QWORD *))(v7[1] + 48i64))(v8);
    ++*(_QWORD *)strp_abc;
    v1 = (_QWORD *)strp_abc;
    if ( (int)PyUnicode_Contains(strp_abc, strp_abc) >= 0 )
    {
      v0 = Py_NoneStruct++;
      goto LABEL_14;
    }
    err_code = 1508i64;
    line = 55i64;
  }
  else
  {
    err_code = 1278i64;
    line = 36i64;
  }
LABEL_12:
  sub_180001F10(aTest52TestIf, err_code, line, aTest52Py);
LABEL_14:
  if ( v2 )
  {
    v9 = (*v2)-- == 1i64;
    if ( v9 )
      (*(void (__fastcall **)(_QWORD *))(v2[1] + 48i64))(v2);
  }
  if ( !v1 )
    return v0;
  v9 = (*v1)-- == 1i64;
  if ( v9 )
    (*(void (__fastcall **)(_QWORD *))(v1[1] + 48i64))(v1);
  return v0;
}

由于函数内的判断在编译成C文件的时候已经优化成了C的判断形式,所以再加上优化策略,常量传递和死代码消除,其中的一些判断语句完全消失了。不过逻辑还是很清晰。

tag:

    缺失模块。
    1、请确保node版本大于6.2
    2、在博客根目录(注意不是yilia-plus根目录)执行以下命令:
    npm i hexo-generator-json-content --save

    3、在根目录_config.yml里添加配置: 

      jsonContent:
    meta: false
    pages: false
    posts:
      title: true
      date: true
      path: true
      text: false
      raw: false
      content: false
      slug: false
      updated: false
      comments: false
      link: false
      permalink: false
      excerpt: false
      categories: false
      tags: true

A junior undergraduate
studying in the college of cyber science and engineering
in Sichuan University
in Sichuan , China.
Pronouns:He/him.
A core member of 0x401 CTF team
majorly focus on Reverse Engineering chanllenges.