defcon parallel-af

# defcon parallel-af 1. program 相關 2. syscall 相關 3. opcode / ALU , sub_1700 好像是 memory 相關的 4. console output 5. flow control (? ```C // status in emulate struct __attribute__((packed)) __attribute__((aligned(1))) VM { int pair_low; _BYTE gap4[4]; __int64 arg1; __int64 arg3; int pair_high; _BYTE gap1C[4]; __int64 arg_c; __int64 arg3_; char more_msg; }; // binary file structure struct S40 { int opcode; int field_4; int field_8; int field_C; __int64 arg1; __int64 arg2; int field_20; int field_24; }; // parse_file -> syscall -> opcode struct msg30 { __int64 arg1; __int64 arg2; int opcode; int field_14; __int64 arg3; __int64 some_pair; int idx; char field_2C; char field_2D; char field_2E; char field_2F; }; // opcode -> flow struct msg18 { int op; int field_4; __int64 arg1; __int64 arg3; }; // flow -> parse_file struct msg30_2 { int field_0; int field_4; __int64 field_8; __int64 field_10; int field_18; int field_1C; __int64 field_20; __int64 field_28; }; ``` * 0x16C0: send_msg (in emulate) * 0x1700: maybe memory * 0x21F0: run_emulate * 0x2480: run_console * 0x2710: shm_put * 0x2780: shm_get * 0x29D0: run_flow * 0x2C10: send_program (in parse) * 0x2DE0: parse_file * 0x34B0: run_parse * 0x3AF0: run_syscall ```python 00000000 ; status in emulate 00000000 VM struc ; (sizeof=0x31, mappedto_15) 00000000 ; XREF: emulate/r 00000000 pair_low dd ? ; XREF: emulate+E0/r 00000000 ; emulate+110/r ... 00000004 db ? ; undefined 00000005 db ? ; undefined 00000006 db ? ; undefined 00000007 db ? ; undefined 00000008 arg1 dq ? ; XREF: emulate+D9/r 00000008 ; emulate+109/r ... 00000010 arg3 dq ? ; XREF: emulate+D2/r 00000010 ; emulate+102/r 00000018 pair_high dd ? ; XREF: emulate+CB/r 00000018 ; emulate+146/r 0000001C db ? ; undefined 0000001D db ? ; undefined 0000001E db ? ; undefined 0000001F db ? ; undefined 00000020 arg_c dq ? ; XREF: emulate+C4/r 00000020 ; emulate+13F/r 00000028 arg3_ dq ? ; XREF: emulate+BD/r 00000028 ; emulate+138/r 00000030 more_msg db ? ; XREF: emulate+B6/r 00000030 ; emulate+120/r 00000031 VM ends 00000031 00000000 ; --------------------------------------------------------------------------- 00000000 ; binary file structure 00000000 S40 struc ; (sizeof=0x28, mappedto_21) 00000000 field_0 dd ? 00000004 field_4 dd ? 00000008 field_8 dd ? 0000000C field_C dd ? 00000010 arg1 dq ? 00000018 arg2 dq ? 00000020 field_20 dd ? 00000024 field_24 dd ? 00000028 S40 ends 00000028 00000000 ; --------------------------------------------------------------------------- 00000000 ; parse_file -> syscall -> opcode 00000000 msg30 struc ; (sizeof=0x30, mappedto_22) 00000000 ; XREF: emulate/r 00000000 ; sub_29D0/r ... 00000000 arg1 dq ? ; XREF: emulate+7F/r 00000000 ; sub_29D0+16C/w ... 00000008 arg2 dq ? ; XREF: emulate+7B/r 00000008 ; sub_29D0+170/w ... 00000010 opcode dd ? ; XREF: emulate+77/r 00000010 ; emulate+95/r ... 00000014 field_14 dd ? 00000018 arg3 dq ? ; XREF: emulate+73/r 00000018 ; sub_29D0+153/w ... 00000020 some_pair dq ? ; XREF: emulate+6C/r 00000020 ; sub_29D0+15A/w ... 00000028 idx dd ? ; XREF: emulate+68/r 00000028 ; emulate:loc_2290/r ... 0000002C field_2C db ? ; XREF: send_program+CD/w 0000002C ; parse+1A1/w ... 0000002D field_2D db ? 0000002E field_2E db ? 0000002F field_2F db ? 00000030 msg30 ends 00000030 00000000 ; --------------------------------------------------------------------------- 00000000 ; last -> parse_file 00000000 msg30_2 struc ; (sizeof=0x30, mappedto_24) 00000000 ; XREF: sub_29D0/r 00000000 ; parse/r 00000000 field_0 dd ? ; XREF: sub_29D0+16C/w 00000000 ; sub_29D0+1AE/w ... 00000004 field_4 dd ? 00000008 field_8 dq ? ; XREF: sub_29D0+170/w 00000008 ; parse:loc_35F0/r ... 00000010 field_10 dq ? ; XREF: sub_29D0:loc_2B1E/w 00000010 ; sub_29D0+1B3/w ... 00000018 field_18 dd ? ; XREF: sub_29D0+153/w 0000001C field_1C dd ? 00000020 field_20 dq ? ; XREF: sub_29D0+15A/w 00000020 ; parse:loc_3680/r ... 00000028 field_28 dq ? ; XREF: sub_29D0+175/w 00000030 msg30_2 ends --------------------------------------------------------------------------- 00000000 ; opcode -> console -> last -> parse_file 00000000 msg18 struc ; (sizeof=0x18, mappedto_23) 00000000 ; XREF: emulate/r 00000000 ; console/r ... 00000000 op dd ? ; XREF: emulate+262/w 00000000 ; console+40/r ... 00000004 field_4 dd ? 00000008 arg1 dq ? ; XREF: console+54/r 00000008 ; sub_29D0+129/r ... 00000010 arg3 dq ? ; XREF: emulate+26B/w 00000010 ; sub_29D0+A6/r ... 00000018 msg18 ends ```