https://drive.google.com/file/d/1QRIk3zBGGXH54nSZorX3jnuNmURCHw6K/view?pli=1
Para iniciar el programa tenés que darle un número negativo como entrada.
IDA
#include <windows.h>
#include <defs.h>
#include <stdarg.h>
//-------------------------------------------------------------------------
// Function declarations
int sub_401020(FILE *Stream, wchar_t *Format, ...);
int vfwprintf(wchar_t *Format, ...);
int printf(char *Format, ...);
int scanf(char *Format, ...);
DWORD __stdcall StartAddress(FILE *const lpThreadParameter, const wchar_t *const Format, va_list ArgList);
int __cdecl main(int argc, const char **argv, const char **envp);
int __cdecl vfwprintf(FILE *const Stream, const wchar_t *const Format, va_list ArgList);
int sub_40142F();
int sub_401437();
int __cdecl UserMathErrorFunction();
int sub_4019E2();
void sub_4019EC();
char sub_4019F8();
// int __scrt_initialize_default_local_stdio_options(void); weak
BOOL sub_401A3C();
void *sub_401A48();
void *sub_401A4E();
LPTOP_LEVEL_EXCEPTION_FILTER sub_401BB6();
// LONG __stdcall __scrt_unhandled_exception_filter(struct _EXCEPTION_POINTERS *ExceptionInfo); idb
void sub_401C18();
void sub_401C20();
void __cdecl sub_401C4C(); // idb
// int __cdecl set_new_mode(int NewMode);
//-------------------------------------------------------------------------
// Data declarations
// extern BOOL (__stdcall *TlsSetValue)(DWORD dwTlsIndex, LPVOID lpTlsValue);
// extern DWORD (__stdcall *WaitForSingleObject)(HANDLE hHandle, DWORD dwMilliseconds);
// extern DWORD (__stdcall *GetCurrentThreadId)();
// extern void (__stdcall *Sleep)(DWORD dwMilliseconds);
// extern DWORD (__stdcall *GetLastError)();
// extern DWORD (__stdcall *TlsAlloc)();
// extern HANDLE (__stdcall *CreateThread)(LPSECURITY_ATTRIBUTES lpThreadAttributes, SIZE_T dwStackSize, LPTHREAD_START_ROUTINE lpStartAddress, LPVOID lpParameter, DWORD dwCreationFlags, LPDWORD lpThreadId);
// extern HLOCAL (__stdcall *LocalFree)(HLOCAL hMem);
// extern void (__stdcall __noreturn *ExitProcess)(UINT uExitCode);
// extern LPVOID (__stdcall *TlsGetValue)(DWORD dwTlsIndex);
// extern BOOL (__stdcall *TlsFree)(DWORD dwTlsIndex);
// extern void (__stdcall *InitializeSListHead)(PSLIST_HEADER ListHead);
// extern LPTOP_LEVEL_EXCEPTION_FILTER (__stdcall *SetUnhandledExceptionFilter)(LPTOP_LEVEL_EXCEPTION_FILTER lpTopLevelExceptionFilter);
// extern void (__cdecl __noreturn *exit)(int Code);
// extern FILE *(__cdecl *_acrt_iob_func)(unsigned int Ix);
int dword_40500C = 1; // weak
union _SLIST_HEADER ListHead; // idb
int dword_405360; // weak
DWORD dwTlsIndex; // idb
int dword_405374; // weak
LPVOID lpTlsValue; // idb
int dword_40537C; // weak
int ingresado_numero; // weak
_UNKNOWN unk_405384; // weak
_UNKNOWN unk_405398; // weak
_UNKNOWN unk_40539C; // weak
//----- (00401000) --------------------------------------------------------
void *sub_401000()
{
return &unk_405390;
}
//----- (00401010) --------------------------------------------------------
void *sub_401010()
{
return &unk_405388;
}
//----- (00401020) --------------------------------------------------------
int sub_401020(FILE *Stream, wchar_t *Format, ...)
{
unsigned __int64 *v2; // eax
va_list va; // [esp+10h] [ebp+10h] BYREF
va_start(va, Format);
v2 = sub_401000();
return _stdio_common_vfwprintf_s(*v2, Stream, Format, 0, va);
}
//----- (00401050) --------------------------------------------------------
int sub_401050(wchar_t *Format, ...)
{
unsigned __int64 *v1; // eax
FILE *v3; // [esp-10h] [ebp-14h]
va_list va; // [esp+10h] [ebp+Ch] BYREF
va_start(va, Format);
v3 = _acrt_iob_func(1u);
v1 = sub_401000();
return _stdio_common_vfwprintf(*v1, v3, Format, 0, va);
}
// 401000: using guessed type int sub_401000(void);
//----- (00401080) --------------------------------------------------------
int printf(char *Format, ...)
{
unsigned __int64 *v1; // eax
FILE *v3; // [esp-10h] [ebp-14h]
va_list va; // [esp+10h] [ebp+Ch] BYREF
va_start(va, Format);
v3 = _acrt_iob_func(1u);
v1 = sub_401000();
return _stdio_common_vfprintf(*v1, v3, Format, 0, va);
}
//----- (004010B0) --------------------------------------------------------
int scanf(char *Format, ...)
{
_DWORD *v1; // eax
unsigned __int64 v3; // [esp-18h] [ebp-1Ch]
FILE *v4; // [esp-10h] [ebp-14h]
va_list va; // [esp+10h] [ebp+Ch] BYREF
va_start(va, Format);
v4 = _acrt_iob_func(0);
v1 = sub_401010();
HIDWORD(v3) = v1[1];
LODWORD(v3) = *v1 | 1;
return _stdio_common_vfscanf(v3, v4, Format, 0, va);
}
//----- (004010F0) --------------------------------------------------------
DWORD __stdcall StartAddress(FILE *const lpThreadParameter, const wchar_t *const Format, va_list ArgList)
{
DWORD CurrentThreadId; // eax
LPVOID v4; // eax
void *Value; // eax
DWORD v6; // eax
void *v7; // eax
void *v9; // [esp-4h] [ebp-4h]
lpTlsValue = &dword_405374;
dword_405374 = ingresado_numero ^ (dword_405374 + 5);
dword_40537C = &unk_405384;
CurrentThreadId = GetCurrentThreadId();
vfwprintf(L"Creation: Current thread Id is % d : Its data pointer, lpvData = % lx\n", CurrentThreadId, &dword_405374);
if ( !TlsSetValue(dwTlsIndex, lpTlsValue) )
vfwprintf(lpThreadParameter, Format, ArgList);
v4 = dword_40537C;
if ( dword_405374 > 48 )
v4 = lpTlsValue;
dword_40537C = v4;
Value = TlsGetValue(dwTlsIndex);
lpTlsValue = Value;
if ( !Value )
{
if ( GetLastError() )
vfwprintf(lpThreadParameter, Format, ArgList);
Value = lpTlsValue;
}
v9 = Value;
v6 = GetCurrentThreadId();
vfwprintf(L"common: Current thread Id is % d : Its data pointer, lpvData = % lx\n", v6, v9);
Sleep(0x1388u);
v7 = TlsGetValue(dwTlsIndex);
lpTlsValue = v7;
if ( v7 )
LocalFree(v7);
else
vfwprintf(L"lpvData already freed!\n");
return 0;
}
// 405374: using guessed type int dword_405374;
// 40537C: using guessed type int dword_40537C;
// 405380: using guessed type int ingresado_numero;
//----- (004011F0) --------------------------------------------------------
int __cdecl main(int argc, const char **argv, const char **envp)
{
int i; // esi
HANDLE v4; // eax
int j; // esi
DWORD v6; // eax
wchar_t *v7; // ecx
FILE *v9; // [esp-8h] [ebp-4Ch]
const wchar_t *v10; // [esp-4h] [ebp-48h]
HANDLE hHandle[15]; // [esp+0h] [ebp-44h]
DWORD ThreadId; // [esp+3Ch] [ebp-8h] BYREF
printf("ENTER A NUMBER \n");
scanf("%d", &ingresado_numero);
dword_405374 += ingresado_numero;
printf("ENTER ANOTHER NUMBER \n");
scanf("%d", &ingresado_numero);
if ( ingresado_numero < 5 )
exit(1);
dwTlsIndex = TlsAlloc();
if ( dwTlsIndex == -1 )
vfwprintf(hHandle[0], hHandle[1], hHandle[2]);
vfwprintf(L"TlsAlloc() is OK!\n");
for ( i = 0; i < 15; ++i )
{
v4 = CreateThread(0, 0, StartAddress, 0, 0, &ThreadId);
hHandle[i] = v4;
if ( !v4 )
vfwprintf(v9, v10, hHandle[0]);
vfwprintf(L"CreateThread() # % u is OK.Thread ID is % u\n", i, ThreadId);
}
for ( j = 0; j < 15; ++j )
{
v6 = WaitForSingleObject(hHandle[j], 0xFFFFFFFF);
vfwprintf(L"The WaitForSingleObject() return value is 0X % .8x\n", v6);
}
if ( TlsFree(dwTlsIndex) )
vfwprintf(L"The TLS index, dwTlsIndex was released!\n");
v7 = L"\nTotal genious!\n";
if ( dword_405374 != *dword_40537C + 67 )
v7 = L"\nNopo :-( \n";
vfwprintf(v7);
return 0;
}
// 401336: variable 'v9' is possibly undefined
// 401336: variable 'v10' is possibly undefined
// 403494: using guessed type wchar_t aTotalGenious[17];
// 405374: using guessed type int dword_405374;
// 40537C: using guessed type int dword_40537C;
// 405380: using guessed type int ingresado_numero;
//----- (00401350) --------------------------------------------------------
int __cdecl __noreturn vfwprintf(FILE *const Stream, const wchar_t *const Format, va_list ArgList)
{
int v3; // ecx
FILE *v4; // eax
int v5; // [esp-4h] [ebp-4h]
v5 = v3;
v4 = _acrt_iob_func(2u);
sub_401020(v4, L" % s\n", v5);
ExitProcess(0);
}
// 401350: variable 'v3' is possibly undefined
//----- (0040142F) --------------------------------------------------------
int sub_40142F()
{
__scrt_initialize_default_local_stdio_options();
return 0;
}
// 401A1F: using guessed type int __scrt_initialize_default_local_stdio_options(void);
//----- (00401437) --------------------------------------------------------
int sub_401437()
{
int v0; // eax
sub_401BB6();
v0 = UserMathErrorFunction();
return set_new_mode(v0);
}
//----- (004019DF) --------------------------------------------------------
int __cdecl UserMathErrorFunction()
{
return 0;
}
//----- (004019E2) --------------------------------------------------------
int sub_4019E2()
{
return 1;
}
//----- (004019EC) --------------------------------------------------------
void sub_4019EC()
{
InitializeSListHead(&ListHead);
}
//----- (004019F8) --------------------------------------------------------
char sub_4019F8()
{
return 1;
}
//----- (00401A3C) --------------------------------------------------------
BOOL sub_401A3C()
{
return dword_40500C == 0;
}
// 40500C: using guessed type int dword_40500C;
//----- (00401A48) --------------------------------------------------------
void *sub_401A48()
{
return &unk_40539C;
}
//----- (00401A4E) --------------------------------------------------------
void *sub_401A4E()
{
return &unk_405398;
}
//----- (00401BB6) --------------------------------------------------------
LPTOP_LEVEL_EXCEPTION_FILTER sub_401BB6()
{
return SetUnhandledExceptionFilter(__scrt_unhandled_exception_filter);
}
//----- (00401C18) --------------------------------------------------------
void sub_401C18()
{
dword_405360 = 0;
}
// 405360: using guessed type int dword_405360;
//----- (00401C20) --------------------------------------------------------
void sub_401C20()
{
;
}
// 401C20: could not find valid save-restore pair for edi
//----- (00401C4C) --------------------------------------------------------
void __cdecl sub_401C4C()
{
;
}
// 401C4C: could not find valid save-restore pair for edi
// nfuncs=81 queued=22 decompiled=22 lumina nreq=0 worse=0 better=0
// ALL OK, 22 function(s) have been successfully decompiled
hay un if que ida no me muestra.
if (0xe < iVar6) {
void FUN_004011f0(void)
{
code *pcVar1;
HANDLE pvVar2;
DWORD DVar3;
BOOL BVar4;
wchar_t *pwVar5;
int iVar6;
undefined1 unaff_DI;
undefined uVar7;
undefined in_stack_ffffffb8;
DWORD local_c;
uint local_8;
local_8 = DAT_00405004 ^ (uint)&stack0xfffffffc;
printf("ENTER A NUMBER \n",in_stack_ffffffb8);
uVar7 = 0xe4;
scanf("%d",(int *)&numero_ingresado);
DAT_00405374 = DAT_00405374 + numero_ingresado;
printf("ENTER ANOTHER NUMBER \n",uVar7);
scanf("%d",(int *)&numero_ingresado);
if (numero_ingresado < 5) {
/* WARNING: Subroutine does not return */
exit(1);
}
DAT_00405370 = TlsAlloc();
if (DAT_00405370 != 0xffffffff) {
printf(L"TlsAlloc() is OK!\n",unaff_DI);
iVar6 = 0;
while( true ) {
pvVar2 = CreateThread((LPSECURITY_ATTRIBUTES)0x0,0,(LPTHREAD_START_ROUTINE)&LAB_004010f0, (LPVOID)0x0,0,&local_c);
*(HANDLE *)(&stack0xffffffb8 + iVar6 * 4) = pvVar2;
if (pvVar2 == (HANDLE)0x0) break;
printf(L"CreateThread() # % u is OK.Thread ID is % u\n",(char)iVar6);
iVar6 = iVar6 + 1;
if (0xe < iVar6) {
iVar6 = 0;
do {
DVar3 = WaitForSingleObject(*(HANDLE *)(&stack0xffffffb8 + iVar6 * 4),0xffffffff);
printf(L"The WaitForSingleObject() return value is 0X % .8x\n",(char)DVar3);
iVar6 = iVar6 + 1;
} while (iVar6 < 0xf);
BVar4 = TlsFree(DAT_00405370);
if (BVar4 != 0) {
printf(L"The TLS index, dwTlsIndex was released!\n",in_stack_ffffffb8);
}
pwVar5 = L"\nTotal genious!\n";
if (DAT_00405374 != *DAT_0040537c + 0x43) {
pwVar5 = L"\nNopo :-( \n";
}
printf(pwVar5,in_stack_ffffffb8);
@__security_check_cookie@4(local_8 ^ (uint)&stack0xfffffffc);
return;
}
}
FUN_00401350(L"CreateThread() error\n");
}
FUN_00401350(L"TlsAlloc() failed");
pcVar1 = (code *)swi(3);
(*pcVar1)();
return;
}