目次
Avast Free Antivirus - 無料のセキュリティ対策ソフト
本家: アバスト | 無料アンチウイルスと VPN をダウンロード | 無料&簡単
ブログ: Avast Blog
Avast 公式 セキュリティ ブログ
ソースコード: Avast · GitHub
※Avast Antivirus 自体のソースコードは、製品のセキュリティ上の都合などから公開されていないが、RetDec と呼ばれるプラットフォームに依存しない実行可能ファイルの分析のためのデコンパイラーは 2017/12/12 にオープンソース化されたようである。
Avast open-sources its machine-code decompiler
デコンパイラーによる解析技術を公開することで、誰でもアプリケーションを実行せずにコードを調べる事ができる。一緒に悪のアプリケーションと戦おうという事のようである。
Avast (アバスト) は、Windows、MacOS、Android、iOS 用に Avast Software が開発したアンチウィルス製品である。家庭用に非営利目的で利用する場合は無償で利用する事ができる。
アバストは、世界に 4 億人のユーザーがおり 1 日に 6,600 万件を超える脅威をブロックしている。
過去には誤認識の問題もあったが最近は安定していると思う。(個人的に…) 受賞歴 のような数々の受賞歴がある。さらに、アンチウイルス エンジンとしてはとても軽量で動作が高速である。
怪しいファイルが検出されたら...
誤検出かどうか判断に迷った場合は、以下のサイトでファイルを確認してみる。
VirusTotal
VirusTotal のページで Choose file をクリックする。
誤検出の場合は、以下のように複数エンジンで検査してもウイルスは検出されない。
※VirusTotal では複数エンジンで検査した結果を、ファイルのハッシュコード(SHA-256)ごとに記録している。
技術情報
ウイルスチェストの場所
%ALLUSERSPROFILE%\AVAST Software\Avast\chest
$ cd "$env:ALLUSERSPROFILE\AVAST Software\Avast\chest" $ dir
ウイルスチェストには ChestId のファイル名で保管されている。
Directory: C:\ProgramData\AVAST Software\Avast\chest Mode LastWriteTime Length Name ---- ------------- ------ ---- -a--- 2020/05/29 2:51 1348616 00000004 -a--- 2020/05/29 2:51 1348616 00000005 -a--- 2020/05/29 3:07 892936 00000006 -a--- 2020/05/29 3:07 892936 00000007 -a--- 2020/05/29 3:12 15880 00000008 -a--- 2020/05/29 3:12 15880 00000009 -a--- 2020/05/29 3:13 15880 0000000A -a--- 2020/05/29 3:13 15880 0000000B -a--- 2020/05/29 3:20 12808 0000000C -a--- 2020/05/29 3:20 12808 0000000D -a--- 2020/05/29 3:20 5660 index.xml
index.xml の <ChestEntry> ごとに詳細が記録されている。
- index.xml
<?xml version="1.0" encoding="UTF-8"?> <aswObject> <NewId>0000000E</NewId> <Size>4572208</Size> <ChestEntry> <ChestId>00000004</ChestId> <FileTime>1590655857</FileTime> <OrigFileName>Microsoft.ServiceHub.Controller.ni.exe</OrigFileName> <OrigFolder>C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.S441824ef#\f74ea0d22c6e947abc578c9e640f90fb</OrigFolder> <Comment></Comment> <Virus>Win64:Malware-gen</Virus> <Category>Vir</Category> <Restore>yes</Restore> <TransferTime>1590688262</TransferTime> <FileSize>1348608</FileSize> <Viruses>Win64:Malware-gen|PE3-82832058000D6145DB228F0C2FC15BC9|troj;</Viruses> </ChestEntry> <ChestEntry> <ChestId>00000005</ChestId> <FileTime>1590655864</FileTime> <OrigFileName>Microsoft.ServiceHub.Controller.ni.exe</OrigFileName> <OrigFolder>C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.S441824ef#\f74ea0d22c6e947abc578c9e640f90fb</OrigFolder> <Comment></Comment> <Virus>Win64:Malware-gen</Virus> <Category>Vir</Category> <Restore>yes</Restore> <TransferTime>1590688266</TransferTime> <FileSize>1348608</FileSize> <Viruses>Win64:Malware-gen|PE3-82832058000D6145DB228F0C2FC15BC9|troj;</Viruses> </ChestEntry> <ChestEntry> <ChestId>00000006</ChestId> <FileTime>1590656856</FileTime> <OrigFileName>MSBuildTaskHost.ni.exe</OrigFileName> <OrigFolder>C:\Windows\assembly\NativeImages_v4.0.30319_64\MSBuildTaskHost\054126cfec9321b25dc9b748adeea32a</OrigFolder> <Comment></Comment> <Virus>Win64:Malware-gen</Virus> <Category>Vir</Category> <Restore>yes</Restore> <TransferTime>1590689259</TransferTime> <FileSize>892928</FileSize> <Viruses>Win64:Malware-gen|PE3-A9F1E31A00082645A36E5B552367B2B4|troj;</Viruses> </ChestEntry> <ChestEntry> <ChestId>00000007</ChestId> <FileTime>1590656861</FileTime> <OrigFileName>MSBuildTaskHost.ni.exe</OrigFileName> <OrigFolder>C:\Windows\assembly\NativeImages_v4.0.30319_64\MSBuildTaskHost\054126cfec9321b25dc9b748adeea32a</OrigFolder> <Comment></Comment> <Virus>Win64:Malware-gen</Virus> <Category>Vir</Category> <Restore>yes</Restore> <TransferTime>1590689263</TransferTime> <FileSize>892928</FileSize> <Viruses>Win64:Malware-gen|PE3-A9F1E31A00082645A36E5B552367B2B4|troj;</Viruses> </ChestEntry> <ChestEntry> <ChestId>00000008</ChestId> <FileTime>1590657164</FileTime> <OrigFileName>InteractiveHost64.ni.exe</OrigFileName> <OrigFolder>C:\Windows\assembly\NativeImages_v4.0.30319_64\InteractiveHost64\50d8c698d631fc18a8ce2f8db8119a65</OrigFolder> <Comment></Comment> <Virus>Win64:Malware-gen</Virus> <Category>Vir</Category> <Restore>yes</Restore> <TransferTime>1590689568</TransferTime> <FileSize>15872</FileSize> <Viruses>Win64:Malware-gen|PE3-4B97A2C4000045C5D0DF2C97BD80820E|troj;</Viruses> </ChestEntry> <ChestEntry> <ChestId>00000009</ChestId> <FileTime>1590657169</FileTime> <OrigFileName>InteractiveHost64.ni.exe</OrigFileName> <OrigFolder>C:\Windows\assembly\NativeImages_v4.0.30319_64\InteractiveHost64\50d8c698d631fc18a8ce2f8db8119a65</OrigFolder> <Comment></Comment> <Virus>Win64:Malware-gen</Virus> <Category>Vir</Category> <Restore>yes</Restore> <TransferTime>1590689570</TransferTime> <FileSize>15872</FileSize> <Viruses>Win64:Malware-gen|PE3-4B97A2C4000045C5D0DF2C97BD80820E|troj;</Viruses> </ChestEntry> <ChestEntry> <ChestId>0000000A</ChestId> <FileTime>1590657222</FileTime> <OrigFileName>InteractiveHost64.ni.exe</OrigFileName> <OrigFolder>C:\Windows\assembly\NativeImages_v4.0.30319_64\InteractiveHost64\50d8c698d631fc18a8ce2f8db8119a65</OrigFolder> <Comment></Comment> <Virus>Win64:Malware-gen</Virus> <Category>Vir</Category> <Restore>yes</Restore> <TransferTime>1590689625</TransferTime> <FileSize>15872</FileSize> <Viruses>Win64:Malware-gen|PE3-4B97A2C4000045C5D0DF2C97BD80820E|troj;</Viruses> </ChestEntry> <ChestEntry> <ChestId>0000000B</ChestId> <FileTime>1590657226</FileTime> <OrigFileName>InteractiveHost64.ni.exe</OrigFileName> <OrigFolder>C:\Windows\assembly\NativeImages_v4.0.30319_64\InteractiveHost64\50d8c698d631fc18a8ce2f8db8119a65</OrigFolder> <Comment></Comment> <Virus>Win64:Malware-gen</Virus> <Category>Vir</Category> <Restore>yes</Restore> <TransferTime>1590689627</TransferTime> <FileSize>15872</FileSize> <Viruses>Win64:Malware-gen|PE3-4B97A2C4000045C5D0DF2C97BD80820E|troj;</Viruses> </ChestEntry> <ChestEntry> <ChestId>0000000C</ChestId> <FileTime>1590657609</FileTime> <OrigFileName>ServiceHub.Host.CLR.x64.ni.exe</OrigFileName> <OrigFolder>C:\Windows\assembly\NativeImages_v4.0.30319_64\ServiceHub.d6c1bcee#\81785ef9f7ba078a15543a1411169cfc</OrigFolder> <Comment></Comment> <Virus>Win64:Malware-gen</Virus> <Category>Vir</Category> <Restore>yes</Restore> <TransferTime>1590690012</TransferTime> <FileSize>12800</FileSize> <Viruses>Win64:Malware-gen|PE3-D387008600002FC534A8051A723C3CE0|troj;</Viruses> </ChestEntry> <ChestEntry> <ChestId>0000000D</ChestId> <FileTime>1590657613</FileTime> <OrigFileName>ServiceHub.Host.CLR.x64.ni.exe</OrigFileName> <OrigFolder>C:\Windows\assembly\NativeImages_v4.0.30319_64\ServiceHub.d6c1bcee#\81785ef9f7ba078a15543a1411169cfc</OrigFolder> <Comment></Comment> <Virus>Win64:Malware-gen</Virus> <Category>Vir</Category> <Restore>yes</Restore> <TransferTime>1590690015</TransferTime> <FileSize>12800</FileSize> <Viruses>Win64:Malware-gen|PE3-D387008600002FC534A8051A723C3CE0|troj;</Viruses> </ChestEntry> </aswObject>
トラブルシューティング
Avast Software Analyzer が高負荷な場合
Avast Software の AVG Technologies 買収
Avast は 2016 年 7 月に AVG Technologies を買収した。
これにより世界で 4 億人のユーザーを持つ世界で最も高度な脅威検出ネットワークを持つセキュリティソフトウェア会社となった。(うち、モバイル ユーザーは 1 億 6,000 万人)
Avast のセキュリティ技術は大規模な機械学習ネットワークを基盤としたクラウドで運営されている。
クラウドシステムでは、仮想マシンでのファイルの実行、機械学習分析、およびその他の Avast 独自の検査が行われることがある。
ファイルが悪意あるものだと Avast の人工知能技術が判断した場合、その情報がクラウドサーバーに転送されて、4 億人を超える Avast ユーザーの完全な保護に、ほぼリアルタイムで活用される。
AVG の買収により、Avast は 1 か月に約 10 億件のマルウェア攻撃を防ぎ、5 億を超える悪質な URL と約 5,000 万件のフィッシング攻撃をブロックできるようになった。また、毎月約 900 万の新たな実行可能ファイルを処理しているが、その 25% は悪質なものだそうです。
アバストと AVG が合併 - Avast 公式 セキュリティ ブログ より
RetDec - LLVM に基づいたターゲット変更可能なマシンコード逆コンパイラ
RetDec(オープンソース) は Avast が開発した LLVM に基づいたターゲット変更可能なマシンコード逆コンパイラである。
- サポートされているファイル形式: ELF、PE、Mach-O、COFF、AR(アーカイブ)、Intel HEX、および raw マシンコード
- サポートされているアーキテクチャ:
- 32ビット: Intel x86、ARM、MIPS、PIC32、および PowerPC
- 64ビット: x86-64、ARM64(AArch64)
- 特徴:
- 詳細情報を含む実行可能ファイルの静的分析。
- コンパイラおよびパッカーの検出。
- ロードと命令デコード。
- 静的にリンクされたライブラリコードの署名ベースの削除。
- デバッグ情報 (DWARF、PDB) の抽出と利用。
- 命令イディオムの再構築。
- C++ クラス階層 (RTTI、vtables) の検出と再構築。
- C++ バイナリ (GCC、MSVC、Borland) からのシンボルの分解。
- 関数、型、および高レベルの構造の再構築。
- 統合された逆アセンブラー。
- 2 つの高水準言語での出力: C と Python のような言語。
- コールグラフ、制御フローグラフ、およびさまざまな統計の生成。
GitHub - avast/retdec: RetDec is a retargetable machine-code decompiler based on LLVM. より
ダウンロード
> git clone https://github.com/avast/retdec.git
ビルド
Visual Studio 2019 でビルドする。
> cd retdec > "C:\Program Files (x86)\Microsoft Visual Studio\2019\Community\Common7\Tools\VsDevCmd.bat" > mkdir build && cd build > cmake .. -DCMAKE_INSTALL_PREFIX="C:\DevTools\retdec" -G"Visual Studio 16 2019" > cmake --build . --config Release -- -m > cmake --build . --config Release --target install
CMake Error at ... Could NOT find OpenSSL が発生する場合
> cmake .. -DCMAKE_INSTALL_PREFIX="C:\DevTools\retdec" -G"Visual Studio 16 2019" -- Selecting Windows SDK version 10.0.19041.0 to target Windows 10.0.18363. -- The C compiler identification is MSVC 19.27.29111.0 -- The CXX compiler identification is MSVC 19.27.29111.0 -- Check for working C compiler: C:/Program Files (x86)/Microsoft Visual Studio/2019/Community/VC/Tools/MSVC/14.27.29110/bin/Hostx64/x64/cl.exe -- Check for working C compiler: C:/Program Files (x86)/Microsoft Visual Studio/2019/Community/VC/Tools/MSVC/14.27.29110/bin/Hostx64/x64/cl.exe - works -- Detecting C compiler ABI info -- Detecting C compiler ABI info - done -- Detecting C compile features -- Detecting C compile features - done -- Check for working CXX compiler: C:/Program Files (x86)/Microsoft Visual Studio/2019/Community/VC/Tools/MSVC/14.27.29110/bin/Hostx64/x64/cl.exe -- Check for working CXX compiler: C:/Program Files (x86)/Microsoft Visual Studio/2019/Community/VC/Tools/MSVC/14.27.29110/bin/Hostx64/x64/cl.exe - works -- Detecting CXX compiler ABI info -- Detecting CXX compiler ABI info - done -- Detecting CXX compile features -- Detecting CXX compile features - done -- Setting build type to 'Release' as none was specified. -- Found PythonInterp: C:/Users/nakayama/scoop/shims/python3.exe (found suitable version "3.8.5", minimum required is "3.4") -- Capstone: using remote Capstone revision. -- Looking for pthread.h -- Looking for pthread.h - not found -- Found Threads: TRUE -- LLVM: using remote LLVM revision. -- YARA: using remote YARA revision. -- YaraMod: using remote YaraMod revision. CMake Error at C:/Program Files (x86)/Microsoft Visual Studio/2019/Community/Common7/IDE/CommonExtensions/Microsoft/CMake/CMake/share/cmake-3.17/Modules/FindPackageHandleStandardArgs.cmake:164 (message): Could NOT find OpenSSL, try to set the path to OpenSSL root folder in the system variable OPENSSL_ROOT_DIR (missing: OPENSSL_CRYPTO_LIBRARY OPENSSL_INCLUDE_DIR) (Required is at least version "1.0.1") Call Stack (most recent call first): C:/Program Files (x86)/Microsoft Visual Studio/2019/Community/Common7/IDE/CommonExtensions/Microsoft/CMake/CMake/share/cmake-3.17/Modules/FindPackageHandleStandardArgs.cmake:445 (_FPHSA_FAILURE_MESSAGE) C:/Program Files (x86)/Microsoft Visual Studio/2019/Community/Common7/IDE/CommonExtensions/Microsoft/CMake/CMake/share/cmake-3.17/Modules/FindOpenSSL.cmake:450 (find_package_handle_standard_args) src/fileformat/CMakeLists.txt:6 (find_package) -- Configuring incomplete, errors occurred! See also "D:/My_Projects/retdec/build/CMakeFiles/CMakeOutput.log". See also "D:/My_Projects/retdec/build/CMakeFiles/CMakeError.log".
RetDec のビルド要件にあるように OpenSSL ライブラリが必要である。Visual Studio - Vcpkg コマンド でライブラリをインストールする。
error MSB6006 が発生する場合
コンソール出力:
CMake Error at C:/work/retdec/build/external/src/yaramod-project-stamp/yaramod-project-build-Release.cmake:49 (message): Command failed: 1 'C:/Program Files/CMake/bin/cmake.exe' '--build' '.' '--config' 'Release' See also C:/work/retdec/build/external/src/yaramod-project-stamp/yaramod-project-build-*.log C:\Program Files (x86)\Microsoft Visual Studio\2019\Community\MSBuild\Microsoft\VC\v160\Microsoft.CppCommon.targets(231,5): error MSB6006: "cmd.exe" はコード 1 を伴って終了しました。 [C:\work\retdec\build\deps\yaramod\yaramod-project.vcxproj]
\retdec\build\external\src\yaramod-project-stamp\yaramod-project-build-out.log を参照する。
- yaramod-project-build-out.log
.NET Framework 向け Microsoft (R) Build Engine バージョン 16.4.0+e901037fe Copyright (C) Microsoft Corporation.All rights reserved. C:\Program Files (x86)\Microsoft Visual Studio\2019\Community\MSBuild\Microsoft\VC\v160\Microsoft.CppCommon.targets(231,5): warning MSB8065: Custom build for item "C:\work\retdec\build\external\src\yaramod-project-build\CMakeFiles\77f998545d7b93c3c94bb143825a2b07\fmt-dep.rule" succeeded, but specified output "c:\my_projects\retdec\build\external\src\yaramod-project-build\deps\pog\deps\fmt\cmakefiles\fmt-dep" has not been created. This may cause incremental build to work incorrectly. [C:\work\retdec\build\external\src\yaramod-project-build\deps\pog\deps\fmt\fmt-dep.vcxproj] C:\Program Files (x86)\Microsoft Visual Studio\2019\Community\MSBuild\Microsoft\VC\v160\Microsoft.CppCommon.targets(231,5): warning MSB8065: Custom build for item "C:\work\retdec\build\external\src\yaramod-project-build\CMakeFiles\39b855f34931be93924af724109d4721\re2-dep.rule" succeeded, but specified output "c:\my_projects\retdec\build\external\src\yaramod-project-build\deps\pog\deps\re2\cmakefiles\re2-dep" has not been created. This may cause incremental build to work incorrectly. [C:\work\retdec\build\external\src\yaramod-project-build\deps\pog\deps\re2\re2-dep.vcxproj] yara_file_builder.cpp C:\work\retdec\build\external\src\yaramod-project\deps\pog\include\pog/html_report.h(1,1): warning C4819: ファイルは、現在のコード ページ (932) で表示できない文字を含んでいます。データの損失を防ぐために、ファイルを Unicode 形式で保存してください。 [C:\work\retdec\build\external\src\yaramod-project-build\src\yaramod.vcxproj] C:\work\retdec\build\external\src\yaramod-project\deps\pog\include\pog/automaton.h(1,1): warning C4819: ファイルは、現在のコード ページ (932) で表示できない文字を含んでいます。データの損失を防ぐために、ファイルを Unicode 形式で保存してください。 [C:\work\retdec\build\external\src\yaramod-project-build\src\yaramod.vcxproj] C:\work\retdec\build\external\src\yaramod-project\deps\pog\include\pog/automaton.h(127,54): error C2001: 定数が 2 行目に続いています。 [C:\work\retdec\build\external\src\yaramod-project-build\src\yaramod.vcxproj] C:\work\retdec\build\external\src\yaramod-project\deps\pog\include\pog/html_report.h(100,86): error C2001: 定数が 2 行目に続いています。 [C:\work\retdec\build\external\src\yaramod-project-build\src\yaramod.vcxproj] C:\work\retdec\build\external\src\yaramod-project\deps\pog\include\pog/html_report.h(101,87): error C2001: 定数が 2 行目に続いています。 [C:\work\retdec\build\external\src\yaramod-project-build\src\yaramod.vcxproj] C:\work\retdec\build\external\src\yaramod-project\deps\pog\include\pog/html_report.h(139,57): error C2001: 定数が 2 行目に続いています。 [C:\work\retdec\build\external\src\yaramod-project-build\src\yaramod.vcxproj] C:\work\retdec\build\external\src\yaramod-project\deps\pog\include\pog/html_report.h(155,82): error C2001: 定数が 2 行目に続いています。 [C:\work\retdec\build\external\src\yaramod-project-build\src\yaramod.vcxproj] C:\work\retdec\build\external\src\yaramod-project\deps\pog\include\pog/html_report.h(162,47): error C2001: 定数が 2 行目に続いています。 [C:\work\retdec\build\external\src\yaramod-project-build\src\yaramod.vcxproj] C:\work\retdec\build\external\src\yaramod-project\deps\pog\include\pog/html_report.h(181,82): error C2001: 定数が 2 行目に続いています。 [C:\work\retdec\build\external\src\yaramod-project-build\src\yaramod.vcxproj] C:\work\retdec\build\external\src\yaramod-project\deps\pog\include\pog/html_report.h(240,90): error C2001: 定数が 2 行目に続いています。 [C:\work\retdec\build\external\src\yaramod-project-build\src\yaramod.vcxproj] C:\work\retdec\build\external\src\yaramod-project\deps\pog\include\pog/html_report.h(240): fatal error C1075: '{': 一致するトークンが見つかりませんでした [C:\work\retdec\build\external\src\yaramod-project-build\src\yaramod.vcxproj] yaramod.cpp C:\work\retdec\build\external\src\yaramod-project\deps\pog\include\pog/html_report.h(1,1): warning C4819: ファイルは、現在のコード ページ (932) で表示できない文字を含んでいます。データの損失を防ぐために、ファイルを Unicode 形式で保存してください。 [C:\work\retdec\build\external\src\yaramod-project-build\src\yaramod.vcxproj] C:\work\retdec\build\external\src\yaramod-project\deps\pog\include\pog/automaton.h(1,1): warning C4819: ファイルは、現在のコード ページ (932) で表示できない文字を含んでいます。データの損失を防ぐために、ファイルを Unicode 形式で保存してください。 [C:\work\retdec\build\external\src\yaramod-project-build\src\yaramod.vcxproj] C:\work\retdec\build\external\src\yaramod-project\deps\pog\include\pog/automaton.h(127,54): error C2001: 定数が 2 行目に続いています。 [C:\work\retdec\build\external\src\yaramod-project-build\src\yaramod.vcxproj] C:\work\retdec\build\external\src\yaramod-project\deps\pog\include\pog/html_report.h(100,86): error C2001: 定数が 2 行目に続いています。 [C:\work\retdec\build\external\src\yaramod-project-build\src\yaramod.vcxproj] C:\work\retdec\build\external\src\yaramod-project\deps\pog\include\pog/html_report.h(101,87): error C2001: 定数が 2 行目に続いています。 [C:\work\retdec\build\external\src\yaramod-project-build\src\yaramod.vcxproj] C:\work\retdec\build\external\src\yaramod-project\deps\pog\include\pog/html_report.h(139,57): error C2001: 定数が 2 行目に続いています。 [C:\work\retdec\build\external\src\yaramod-project-build\src\yaramod.vcxproj] C:\work\retdec\build\external\src\yaramod-project\deps\pog\include\pog/html_report.h(155,82): error C2001: 定数が 2 行目に続いています。 [C:\work\retdec\build\external\src\yaramod-project-build\src\yaramod.vcxproj] C:\work\retdec\build\external\src\yaramod-project\deps\pog\include\pog/html_report.h(162,47): error C2001: 定数が 2 行目に続いています。 [C:\work\retdec\build\external\src\yaramod-project-build\src\yaramod.vcxproj] C:\work\retdec\build\external\src\yaramod-project\deps\pog\include\pog/html_report.h(181,82): error C2001: 定数が 2 行目に続いています。 [C:\work\retdec\build\external\src\yaramod-project-build\src\yaramod.vcxproj] C:\work\retdec\build\external\src\yaramod-project\deps\pog\include\pog/html_report.h(240,90): error C2001: 定数が 2 行目に続いています。 [C:\work\retdec\build\external\src\yaramod-project-build\src\yaramod.vcxproj] C:\work\retdec\build\external\src\yaramod-project\deps\pog\include\pog/html_report.h(240): fatal error C1075: '{': 一致するトークンが見つかりませんでした [C:\work\retdec\build\external\src\yaramod-project-build\src\yaramod.vcxproj] コードを生成中...
error C2001 の対処
retdec\build\external\src\yaramod-project\deps\pog\include\pog/automaton.h
retdec\build\external\src\yaramod-project\deps\pog\include\pog/html_report.h
逆コンパイラの実行
RetDec 逆コンパイラコマンド実行
> python %RETDEC_INSTALL_DIR%\bin\retdec-decompiler.py C:\Python27\Lib\site-packages\wx-3.0-msw\wx\wxbase30u_net_vc90_x64.dll
コンソール出力:
##### Checking if file is a Mach-O Universal static library... ##### Checking if file is an archive... RUN: C:\DevTools\retdec\bin\retdec-ar-extractor C:\Python27\Lib\site-packages\wx-3.0-msw\wx\wxbase30u_net_vc90_x64.dll --arch-magic Not an archive, going to the next step. ##### Gathering file information... RUN: C:\DevTools\retdec\bin\retdec-fileinfo -c C:\Python27\Lib\site-packages\wx-3.0-msw\wx\wxbase30u_net_vc90_x64.dll.json --similarity C:\Python27\Lib\site-packages\wx-3.0-msw\wx\wxbase30u_net_vc90_x64.dll --no-hashes=all --crypto C:\DevTools\retdec\bin\..\share\retdec\support\generic\yara_patterns\signsrch\signsrch.yara --crypto C:\DevTools\retdec\bin\..\share\retdec\support\generic\yara_patterns\signsrch\signsrch.yarac --max-memory-half-ram Input file : C:\Python27\Lib\site-packages\wx-3.0-msw\wx\wxbase30u_net_vc90_x64.dll File format : PE File class : 64-bit File type : DLL Architecture : x86-64 Endianness : Little endian Image base address : 0x180000000 Entry point address : 0x180013864 Entry point offset : 0x12c64 Entry point section name : .text Entry point section index: 0 Bytes on entry point : 48895c24084889742410574883ec20498bf88bda488bf183fa017505e80b0300004c8bc78bd3488bce488b5c2430488b7424 Detected tool : Microsoft Linker (9.0) (linker), combined heuristic Detected tool : MSVC (compiler), 8 from 34 significant nibbles (23.5294%) Rich header offset : 0x80 Rich header key : 0xee015e49 Rich header signature : 00964fbd000000010095780900000002008378090000000c0093780900000004007bc6270000000700010000 00000190008478090000001200927809000000010094521e000000010091780900000001 ##### Trying to unpack C:\Python27\Lib\site-packages\wx-3.0-msw\wx\wxbase30u_net_vc90_x64.dll into C:\Python27\Lib\site-packages\wx-3.0-msw\wx\wxbase30u_net_vc90_x64.dll-unpacked.tmp by using generic unpacker... RUN: C:\DevTools\retdec\bin\retdec-unpacker C:\Python27\Lib\site-packages\wx-3.0-msw\wx\wxbase30u_net_vc90_x64.dll -o C:\Python27\Lib\site-packages\wx-3.0-msw\wx\wxbase30u_net_vc90_x64.dll-unpacked.tmp --max-memory-half-ram No matching plugins found for 'Microsoft Linker 9.0' No matching plugins found for 'MSVC' ##### Unpacking by using generic unpacker: nothing to do ##### 'upx' not available: nothing to do ##### Decompiling C:\Python27\Lib\site-packages\wx-3.0-msw\wx\wxbase30u_net_vc90_x64.dll into C:\Python27\Lib\site-packages\wx-3.0-msw\wx\wxbase30u_net_vc90_x64.dll.bc... RUN: C:\DevTools\retdec\bin\retdec-bin2llvmir -provider-init -decoder -verify -x87-fpu -main-detection -idioms-libgcc -inst-opt -cond-branch-opt -syscalls -stack -constants -param-return -local-vars -inst-opt -simple-types -generate-dsm -remove-asm-instrs -class-hierarchy -select-fncs -unreachable-funcs -inst-opt -x86-addr-spaces -value-protect -instcombine -tbaa -targetlibinfo -basicaa -domtree -simplifycfg -domtree -early-cse -lower-expect -targetlibinfo -tbaa -basicaa -globalopt -mem2reg -instcombine -simplifycfg -basiccg -domtree -early-cse -lazy-value-info -jump-threading -correlated-propagation -simplifycfg -instcombine -simplifycfg -reassociate -domtree -loops -loop-simplify -lcssa -loop-rotate -licm -lcssa -instcombine -scalar-evolution -loop-simplifycfg -loop-simplify -aa -loop-accesses -loop-load-elim -lcssa -indvars -loop-idiom -loop-deletion -memdep -gvn -memdep -sccp -instcombine -lazy-value-info -jump-threading -correlated-propagation -domtree -memdep -dse -dce -bdce -adce -die -simplifycfg -instcombine -strip-dead-prototypes -globaldce -constmerge -constprop -instnamer -domtree -instcombine -instcombine -tbaa -targetlibinfo -basicaa -domtree -simplifycfg -domtree -early-cse -lower-expect -targetlibinfo -tbaa -basicaa -globalopt -mem2reg -instcombine -simplifycfg -basiccg -domtree -early-cse -lazy-value-info -jump-threading -correlated-propagation -simplifycfg -instcombine -simplifycfg -reassociate -domtree -loops -loop-simplify -lcssa -loop-rotate -licm -lcssa -instcombine -scalar-evolution -loop-simplifycfg -loop-simplify -aa -loop-accesses -loop-load-elim -lcssa -indvars -loop-idiom -loop-deletion -memdep -gvn -memdep -sccp -instcombine -lazy-value-info -jump-threading -correlated-propagation -domtree -memdep -dse -dce -bdce -adce -die -simplifycfg -instcombine -strip-dead-prototypes -globaldce -constmerge -constprop -instnamer -domtree -instcombine -simple-types -stack-ptr-op-remove -inst-opt -idioms -global-to-local -dead-global-assign -instcombine -phi2seq -value-protect -disable-inlining -disable-simplify-libcalls -config-path C:\Python27\Lib\site-packages\wx-3.0-msw\wx\wxbase30u_net_vc90_x64.dll.json -max-memory-half-ram -o C:\Python27\Lib\site-packages\wx-3.0-msw\wx\wxbase30u_net_vc90_x64.dll.bc Running phase: Initialization ( 0.01s ) Running phase: LLVM ( 0.03s ) Running phase: Providers initialization ( 0.03s ) Running phase: Input binary to LLVM IR decoding ( 3.47s ) Running phase: LLVM ( 7.41s ) Running phase: x87 fpu register analysis ( 7.62s ) Running phase: Main function identification optimization ( 7.71s ) Running phase: Libgcc idioms optimization ( 7.79s ) Running phase: LLVM instruction optimization ( 7.89s ) Running phase: Conditional branch optimization ( 8.01s ) Running phase: Syscalls optimization ( 8.57s ) Running phase: Stack optimization ( 8.65s ) Running phase: Constants optimization ( 9.73s ) Running phase: Function parameters and returns optimization ( 10.82s ) Running phase: Register localization optimization ( 11.79s ) Running phase: LLVM instruction optimization ( 12.44s ) Running phase: Simple types recovery optimization ( 12.58s ) Running phase: Disassembly generation ( 13.44s ) Running phase: Assembly mapping instruction removal ( 15.28s ) Running phase: C++ class hierarchy optimization ( 16.88s ) Running phase: Selected functions optimization ( 17.23s ) Running phase: Unreachable functions optimization ( 17.56s ) Running phase: LLVM instruction optimization ( 17.98s ) Running phase: x86 address spaces optimization ( 18.40s ) Running phase: Value protection optimization ( 18.73s ) Running phase: LLVM ( 19.52s ) Running phase: Simple types recovery optimization ( 73.26s ) Running phase: Stack pointer operations optimization ( 73.35s ) Running phase: LLVM instruction optimization ( 73.50s ) Running phase: Instruction idioms optimization ( 73.69s ) Running phase: Global to local optimization ( 73.92s ) Running phase: Dead global assign optimization ( 74.64s ) Running phase: LLVM ( 75.13s ) Running phase: Phi2Seq optimization ( 78.33s ) Running phase: Value protection optimization ( 78.41s ) Running phase: LLVM ( 78.64s ) Running phase: Bitcode Writer ( 78.71s ) Running phase: Assembly Writer ( 78.86s ) Running phase: Cleanup ( 79.92s ) ##### Decompiling C:\Python27\Lib\site-packages\wx-3.0-msw\wx\wxbase30u_net_vc90_x64.dll.bc into C:\Python27\Lib\site-packages\wx-3.0-msw\wx\wxbase30u_net_vc90_x64.dll.c... RUN: C:\DevTools\retdec\bin\retdec-llvmir2hll -target-hll=c -var-renamer=readable -var-name-gen=fruit -var-name-gen-prefix= -call-info-obtainer=optim -arithm-expr-evaluator=c -validate-module -o C:\Python27\Lib\site-packages\wx-3.0-msw\wx\wxbase30u_net_vc90_x64.dll.c C:\Python27\Lib\site-packages\wx-3.0-msw\wx\wxbase30u_net_vc90_x64.dll.bc -enable-debug -emit-debug-comments -config-path=C:\Python27\Lib\site-packages\wx-3.0-msw\wx\wxbase30u_net_vc90_x64.dll.json -max-memory-half-ram Running phase: initialization ( 0.20s ) -> creating the used HLL writer [c] ( 0.23s ) -> creating the used alias analysis [simple] ( 0.27s ) -> creating the used call info obtainer [optim] ( 0.33s ) -> creating the used evaluator of arithmetical expressions [c] ( 0.38s ) -> creating the used variable names generator [fruit] ( 0.44s ) -> creating the used variable renamer [readable] ( 0.50s ) -> creating the used semantics [libc,gcc-general,win-api] ( 0.55s ) -> loading the input config ( 0.60s ) Running phase: conversion of LLVM IR into BIR ( 1.30s ) -> converting global variables ( 1.37s ) -> converting function ?GetAddress@wxSockAddress@@QEBAAEBVwxSockAddressImpl@@XZ ( 1.48s ) -> converting function ??0wxIPaddress@@QEAA@XZ ( 1.65s ) -> converting function ??0wxIPaddress@@QEAA@AEBV0@@Z ( 1.84s ) -> converting function ?OrigHostname@wxIPaddress@@QEBA?AVwxString@@XZ ( 1.90s ) -> converting function ?GetImpl@wxIPaddress@@IEBAAEBVwxSockAddressImpl@@XZ ( 1.93s ) -> converting function ??1wxIPV4address@@UEAA@XZ ( 1.97s ) -> converting function ??0wxIPV4address@@QEAA@XZ ( 2.04s ) -> converting function ??0wxIPV4address@@QEAA@AEBV0@@Z ( 2.08s ) -> converting function ?Type@wxIPV4address@@UEAA?AW4Family@wxSockAddress@@XZ ( 2.13s ) -> converting function ?Clone@wxIPV4address@@UEBAPEAVwxSockAddress@@XZ ( 2.18s ) -> converting function ?Hostname@wxIPV4address@@QEBA?AVwxString@@XZ ( 2.21s ) -> converting function ?Hostname@wxIPV4address@@QEAA_NAEBVwxString@@@Z ( 2.26s ) -> converting function ??4wxIPV4address@@QEAAAEAV0@AEBV0@@Z ( 2.32s ) -> converting function function_1800012b0 ( 2.36s ) -> converting function ?IsOk@wxSocketBase@@QEBA_NXZ ( 2.41s ) -> converting function ?Error@wxSocketBase@@QEBA_NXZ ( 2.45s ) -> converting function ?IsClosed@wxSocketBase@@QEBA_NXZ ( 2.50s ) -> converting function ?IsConnected@wxSocketBase@@QEBA_NXZ ( 2.55s ) -> converting function ?IsData@wxSocketBase@@QEAA_NXZ ( 2.58s ) -> converting function ?IsDisconnected@wxSocketBase@@QEBA_NXZ ( 2.63s ) -> converting function ?InterruptWait@wxSocketBase@@QEAAXXZ ( 2.68s ) -> converting function ?GetFlags@wxSocketBase@@QEBAHXZ ( 2.72s ) -> converting function ?GetTimeout@wxSocketBase@@QEBAJXZ ( 2.78s ) -> converting function ?GetLastIOSize@wxSocketBase@@QEBAIXZ ( 2.82s ) -> converting function ?GetLastIOReadSize@wxSocketBase@@QEBAIXZ ( 2.87s ) -> converting function ?GetLastIOWriteSize@wxSocketBase@@QEBAIXZ ( 2.92s ) -> converting function ?GetClientData@wxSocketBase@@QEBAPEAXXZ ( 2.96s ) -> converting function ?SetClientData@wxSocketBase@@QEAAXPEAX@Z ( 3.00s ) -> converting function ?IsNoWait@wxSocketBase@@QEBA_NXZ ( 3.04s ) -> converting function ?GetType@wxSocketBase@@QEBA?AW4wxSocketType@@XZ ( 3.10s ) -> converting function ?DoWaitWithTimeout@wxSocketBase@@AEAAHH@Z ( 3.14s ) -> converting function ?SetInitialSocketBuffers@wxSocketClient@@QEAAXHH@Z ( 3.19s ) -> converting function ??1wxDatagramSocket@@UEAA@XZ ( 3.24s ) -> converting function ??_FwxSocketClient@@QEAAXXZ ( 3.28s ) -> converting function ?GetSocketEvent@wxSocketEvent@@QEBA?AW4wxSocketNotify@@XZ ( 3.33s ) -> converting function ?GetSocket@wxSocketEvent@@QEBAPEAVwxSocketBase@@XZ ( 3.49s ) -> converting function ?GetClientData@wxSocketEvent@@QEBAPEAXXZ ( 3.66s ) -> converting function ?GetEventCategory@wxSocketEvent@@UEBA?AW4wxEventCategory@@XZ ( 3.86s ) -> converting function ??1wxSocketEvent@@UEAA@XZ ( 4.05s ) -> converting function ??0wxSocketEvent@@QEAA@AEBV0@@Z ( 4.30s ) -> converting function function_180001530 ( 4.53s ) -> converting function ?Connect@wxProtocol@@UEAA_NAEBVwxString@@@Z ( 4.69s ) -> converting function ?Connect@wxProtocol@@UEAA_NAEBVwxSockAddress@@_N@Z ( 4.86s ) -> converting function ?GetError@wxProtocol@@UEBA?AW4wxProtocolError@@XZ ( 5.02s ) -> converting function ?SetUser@wxProtocol@@QEAAXAEBVwxString@@@Z ( 5.18s ) -> converting function ?SetPassword@wxProtocol@@QEAAXAEBVwxString@@@Z ( 5.39s ) -> converting function ?SetTimeout@wxProtocol@@UEAAXJ@Z ( 5.72s ) -> converting function ?GetLog@wxProtocol@@QEBAPEAVwxProtocolLog@@XZ ( 5.99s ) -> converting function ?DetachLog@wxProtocol@@QEAAPEAVwxProtocolLog@@XZ ( 6.27s ) -> converting function ??1wxProtoInfo@@UEAA@XZ ( 6.57s ) -> converting function ?Connect@wxFTP@@UEAA_NAEBVwxString@@@Z ( 6.88s ) -> converting function ?GetResponse@wxHTTP@@QEBAHXZ ( 7.10s ) -> converting function ?SetMethod@wxHTTP@@QEAAXAEBVwxString@@@Z ( 7.29s ) -> converting function ?HasCookies@wxHTTP@@QEBA_NXZ ( 7.46s ) -> converting function ?GetProtocol@wxURL@@QEAAAEAVwxProtocol@@XZ ( 7.63s ) -> converting function ?GetError@wxURL@@QEBA?AW4wxURLError@@XZ ( 7.80s ) -> converting function ?GetURL@wxURL@@QEBA?AVwxString@@XZ ( 7.95s ) -> converting function ?SetURL@wxURL@@QEAA?AW4wxURLError@@AEBVwxString@@@Z ( 8.11s ) -> converting function ?IsOk@wxURL@@QEBA_NXZ ( 8.28s ) -> converting function ??_FwxURL@@QEAAXXZ ( 8.45s ) -> converting function ??0wxInternetFSHandler@@QEAA@XZ ( 8.62s ) -> converting function ??1wxInternetFSHandler@@UEAA@XZ ( 8.79s ) -> converting function ??0wxInternetFSHandler@@QEAA@AEBV0@@Z ( 8.95s ) -> converting function function_180001840 ( 9.12s ) -> converting function function_1800018c0 ( 9.28s ) -> converting function ?OpenFile@wxInternetFSHandler@@UEAAPEAVwxFSFile@@AEAVwxFileSystem@@AEBVwxString@@@Z ( 9.46s ) -> converting function function_180001dc0 ( 9.63s ) -> converting function function_180001df0 ( 9.79s ) -> converting function function_180001e50 ( 9.97s ) -> converting function function_180001e80 ( 10.14s ) -> converting function function_180001e90 ( 10.30s ) -> converting function ??0wxSocketEvent@@QEAA@H@Z ( 10.47s ) -> converting function ?Clone@wxSocketEvent@@UEBAPEAVwxEvent@@XZ ( 10.65s ) -> converting function ??_FwxSocketEvent@@QEAAXXZ ( 10.80s ) -> converting function function_180001fb0 ( 10.97s ) -> converting function ?CanOpen@wxInternetFSHandler@@UEAA_NAEBVwxString@@@Z ( 11.10s ) -> converting function ?OnSysSeek@wxSocketInputStream@@MEAA_J_JW4wxSeekMode@@@Z ( 11.24s ) -> converting function ?SetPassive@wxFTP@@QEAAX_N@Z ( 11.33s ) -> converting function ?GetContentType@wxFTP@@UEBA?AVwxString@@XZ ( 11.43s ) -> converting function ?GetLastResult@wxFTP@@QEBAAEBVwxString@@XZ ( 11.50s ) -> converting function ?GetClassInfo@wxFTP@@UEBAPEAVwxClassInfo@@XZ ( 11.55s ) -> converting function ??0wxFTP@@QEAA@XZ ( 11.60s ) -> converting function ?Connect@wxFTP@@UEAA_NAEBVwxString@@G@Z ( 11.66s ) -> converting function function_180002420 ( 11.70s ) -> converting function function_180002460 ( 11.77s ) -> converting function ?wxCreateObject@wxFTP@@SAPEAVwxObject@@XZ ( 11.80s ) -> converting function function_1800024f0 ( 11.85s ) -> converting function function_180002570 ( 11.91s ) -> converting function function_1800025b0 ( 11.98s ) -> converting function function_180002610 ( 12.03s ) -> converting function function_180002720 ( 12.09s ) -> converting function ?AcceptIfActive@wxFTP@@IEAAPEAVwxSocketBase@@PEAV2@@Z ( 12.13s ) -> converting function ?GetResult@wxFTP@@IEAADXZ ( 12.19s ) -> converting function ?GetPortCmdArgument@wxFTP@@IEAA?AVwxString@@AEBVwxIPV4address@@0@Z ( 12.24s ) -> converting function function_180002f90 ( 12.32s ) -> converting function function_180003040 ( 12.37s ) -> converting function function_180003100 ( 12.42s ) -> converting function ?CheckResult@wxFTP@@IEAA_ND@Z ( 12.49s ) -> converting function ?SendCommand@wxFTP@@QEAADAEBVwxString@@@Z ( 12.53s ) -> converting function ?CheckCommand@wxFTP@@QEAA_NAEBVwxString@@D@Z ( 12.56s ) -> converting function ?Connect@wxFTP@@UEAA_NAEBVwxSockAddress@@_N@Z ( 12.63s ) -> converting function ?Close@wxFTP@@UEAA_NXZ ( 12.68s ) -> converting function ?Abort@wxFTP@@UEAA_NXZ ( 12.73s ) -> converting function ?DoSimpleCommand@wxFTP@@IEAA_NPEB_WAEBVwxString@@@Z ( 12.80s ) -> converting function ?ChDir@wxFTP@@QEAA_NAEBVwxString@@@Z ( 12.96s ) -> converting function ?MkDir@wxFTP@@QEAA_NAEBVwxString@@@Z ( 13.12s ) -> converting function ?RmDir@wxFTP@@QEAA_NAEBVwxString@@@Z ( 13.31s ) -> converting function ?Pwd@wxFTP@@QEAA?AVwxString@@XZ ( 13.49s ) -> converting function ?Rename@wxFTP@@QEAA_NAEBVwxString@@0@Z ( 13.68s ) -> converting function ?RmFile@wxFTP@@QEAA_NAEBVwxString@@@Z ( 13.76s ) -> converting function ?GetActivePort@wxFTP@@IEAAPEAVwxSocketBase@@XZ ( 13.81s ) -> converting function ?GetPassivePort@wxFTP@@IEAAPEAVwxSocketBase@@XZ ( 13.88s ) -> converting function ??1wxFTP@@UEAA@XZ ( 13.97s ) -> converting function ?SetTransferMode@wxFTP@@QEAA_NW4TransferMode@1@@Z ( 14.19s ) -> converting function ?GetPort@wxFTP@@IEAAPEAVwxSocketBase@@XZ ( 14.54s ) -> converting function ?GetInputStream@wxFTP@@UEAAPEAVwxInputStream@@AEBVwxString@@@Z ( 14.88s ) -> converting function ?GetOutputStream@wxFTP@@UEAAPEAVwxOutputStream@@AEBVwxString@@@Z ( 15.20s ) -> converting function ?GetList@wxFTP@@QEAA_NAEAVwxArrayString@@AEBVwxString@@_N@Z ( 15.54s ) -> converting function ?FileExists@wxFTP@@QEAA_NAEBVwxString@@@Z ( 15.88s ) -> converting function ?GetFileSize@wxFTP@@QEAAHAEBVwxString@@@Z ( 16.20s ) -> converting function ?SetBinary@wxFTP@@QEAA_NXZ ( 16.47s ) -> converting function ?SetAscii@wxFTP@@QEAA_NXZ ( 16.69s ) -> converting function ?GetFilesList@wxFTP@@QEAA_NAEAVwxArrayString@@AEBVwxString@@@Z ( 16.94s ) -> converting function ?GetDirList@wxFTP@@QEAA_NAEAVwxArrayString@@AEBVwxString@@@Z ( 17.18s ) -> converting function function_180005ed0 ( 17.36s ) -> converting function ?GetClassInfo@wxHTTP@@UEBAPEAVwxClassInfo@@XZ ( 17.56s ) -> converting function ?ClearHeaders@wxHTTP@@IEAAXXZ ( 17.70s ) -> converting function ?ClearCookies@wxHTTP@@IEAAXXZ ( 17.86s ) -> converting function ?SetProxyMode@wxHTTP@@QEAAX_N@Z ( 18.05s ) -> converting function ?FindHeader@wxHTTP@@IEAA?AViterator@wxStringToStringHashMap_wxImplementation_HashTable@@AEBVwxString@@@Z ( 18.24s ) -> converting function ?FindHeader@wxHTTP@@IEBA?AVconst_iterator@wxStringToStringHashMap_wxImplementation_HashTable@@AEBVwxString@@@Z ( 18.44s ) -> converting function ?FindCookie@wxHTTP@@IEAA?AViterator@wxStringToStringHashMap_wxImplementation_HashTable@@AEBVwxString@@@Z ( 18.64s ) -> converting function ?FindCookie@wxHTTP@@IEBA?AVconst_iterator@wxStringToStringHashMap_wxImplementation_HashTable@@AEBVwxString@@@Z ( 18.80s ) -> converting function function_180006200 ( 18.98s ) -> converting function ?SetHeader@wxHTTP@@QEAAXAEBVwxString@@0@Z ( 19.17s ) -> converting function function_1800063a0 ( 19.35s ) -> converting function ?GetHeader@wxHTTP@@QEBA?AVwxString@@AEBV2@@Z ( 19.55s ) -> converting function ?GetCookie@wxHTTP@@QEBA?AVwxString@@AEBV2@@Z ( 19.72s ) -> converting function ?ParseHeaders@wxHTTP@@IEAA_NXZ ( 19.88s ) -> converting function ?Abort@wxHTTP@@UEAA_NXZ ( 20.04s ) -> converting function function_180006ac0 ( 20.21s ) -> converting function function_180006b00 ( 20.41s ) -> converting function function_180006b10 ( 20.57s ) -> converting function function_180006b70 ( 20.77s ) -> converting function ?GetContentType@wxHTTP@@UEBA?AVwxString@@XZ ( 20.95s ) -> converting function function_180006c30 ( 21.12s ) -> converting function ?SetPostBuffer@wxHTTP@@QEAA_NAEBVwxString@@AEBVwxMemoryBuffer@@@Z ( 21.25s ) -> converting function ?Connect@wxHTTP@@UEAA_NAEBVwxString@@G@Z ( 21.43s ) -> converting function ?Connect@wxHTTP@@UEAA_NAEBVwxSockAddress@@_N@Z ( 21.59s ) -> converting function function_180007020 ( 21.76s ) -> converting function ??0wxHTTP@@QEAA@XZ ( 21.92s ) -> converting function ??1wxHTTP@@UEAA@XZ ( 22.07s ) -> converting function function_1800072e0 ( 22.23s ) -> converting function ?wxCreateObject@wxHTTP@@SAPEAVwxObject@@XZ ( 22.40s ) -> converting function function_1800073a0 ( 22.56s ) -> converting function function_180007430 ( 22.73s ) -> converting function ?GenerateAuthString@wxHTTP@@IEBA?AVwxString@@AEBV2@0@Z ( 22.89s ) -> converting function ?SetPostBuffer@wxHTTP@@QEAAXAEBVwxString@@@Z ( 23.06s ) -> converting function ?SetPostText@wxHTTP@@QEAA_NAEBVwxString@@0AEBVwxMBConv@@@Z ( 23.22s ) -> converting function ?SendHeaders@wxHTTP@@IEAAXXZ ( 23.37s ) -> converting function ?BuildRequest@wxHTTP@@IEAA_NAEBVwxString@@0@Z ( 23.54s ) -> converting function ?GetInputStream@wxHTTP@@UEAAPEAVwxInputStream@@AEBVwxString@@@Z ( 23.73s ) -> converting function function_180008970 ( 23.90s ) -> converting function ??0wxProtocolLog@@QEAA@AEBVwxString@@@Z ( 24.06s ) -> converting function ??1wxProtocolLog@@UEAA@XZ ( 24.23s ) -> converting function ?LogRequest@wxProtocolLog@@UEAAXAEBVwxString@@@Z ( 24.42s ) -> converting function ?LogResponse@wxProtocolLog@@UEAAXAEBVwxString@@@Z ( 24.58s ) -> converting function function_180008b00 ( 24.75s ) -> converting function ?GetClassInfo@wxProtoInfo@@UEBAPEAVwxClassInfo@@XZ ( 24.96s ) -> converting function ??0wxProtoInfo@@QEAA@PEB_W0_NPEAVwxClassInfo@@@Z ( 25.12s ) -> converting function ?GetClassInfo@wxProtocol@@UEBAPEAVwxClassInfo@@XZ ( 25.30s ) -> converting function ?SetDefaultTimeout@wxProtocol@@UEAAXI@Z ( 25.52s ) -> converting function ??1wxProtocol@@UEAA@XZ ( 25.70s ) -> converting function ?Reconnect@wxProtocol@@QEAA_NXZ ( 25.89s ) -> converting function ?SetLog@wxProtocol@@QEAAXPEAVwxProtocolLog@@@Z ( 26.11s ) -> converting function ?LogRequest@wxProtocol@@QEAAXAEBVwxString@@@Z ( 26.34s ) -> converting function ?LogResponse@wxProtocol@@QEAAXAEBVwxString@@@Z ( 26.53s ) -> converting function function_180008e80 ( 26.75s ) -> converting function function_180008f10 ( 26.94s ) -> converting function ??0wxProtocol@@QEAA@XZ ( 27.11s ) -> converting function function_180009010 ( 27.31s ) -> converting function ?DoLogString@wxProtocolLog@@MEAAXAEBVwxString@@@Z ( 27.48s ) -> converting function ?ReadLine@wxProtocol@@SA?AW4wxProtocolError@@PEAVwxSocketBase@@AEAVwxString@@@Z ( 27.66s ) -> converting function ?ReadLine@wxProtocol@@UEAA?AW4wxProtocolError@@AEAVwxString@@@Z ( 27.84s ) -> converting function function_1800095d0 ( 28.00s ) -> converting function function_1800095e0 ( 28.19s ) -> converting function ?GetClassInfo@wxSockAddress@@UEBAPEAVwxClassInfo@@XZ ( 28.39s ) -> converting function ?GetClassInfo@wxIPaddress@@UEBAPEAVwxClassInfo@@XZ ( 28.58s ) -> converting function ?GetClassInfo@wxIPV4address@@UEBAPEAVwxClassInfo@@XZ ( 28.72s ) -> converting function function_180009690 ( 28.76s ) -> converting function function_1800098c0 ( 28.85s ) -> converting function ?GetAddressData@wxSockAddress@@QEBAPEBUsockaddr@@XZ ( 28.91s ) -> converting function ?GetAddressDataLen@wxSockAddress@@QEBAHXZ ( 28.95s ) -> converting function function_180009a90 ( 29.13s ) -> converting function function_180009bc0 ( 29.31s ) -> converting function function_180009c50 ( 29.39s ) -> converting function function_180009cd0 ( 29.44s ) -> converting function function_180009d50 ( 29.49s ) -> converting function ?Init@wxSockAddress@@AEAAXXZ ( 29.56s ) -> converting function ??0wxSockAddress@@QEAA@XZ ( 29.63s ) -> converting function ??0wxSockAddress@@QEAA@AEBV0@@Z ( 29.67s ) -> converting function ??1wxSockAddress@@UEAA@XZ ( 29.73s ) -> converting function ?SetAddress@wxSockAddress@@QEAAXAEBVwxSockAddressImpl@@@Z ( 29.79s ) -> converting function ??4wxSockAddress@@QEAAAEAV0@AEBV0@@Z ( 29.83s ) -> converting function ?Clear@wxSockAddress@@UEAAXXZ ( 29.88s ) -> converting function ?GetImpl@wxIPaddress@@IEAAAEAVwxSockAddressImpl@@XZ ( 29.93s ) -> converting function ?DoInitImpl@wxIPV4address@@EEAAXXZ ( 30.01s ) -> converting function function_18000a0a0 ( 30.16s ) -> converting function ?wxCreateObject@wxIPV4address@@SAPEAVwxObject@@XZ ( 30.32s ) -> converting function ?Service@wxIPaddress@@QEAA_NG@Z ( 30.76s ) -> converting function ?Hostname@wxIPaddress@@QEBA?AVwxString@@XZ ( 31.10s ) -> converting function ?Service@wxIPaddress@@QEBAGXZ ( 31.35s ) -> converting function ??8wxIPaddress@@QEBA_NAEBV0@@Z ( 31.51s ) -> converting function ?BroadcastAddress@wxIPV4address@@QEAA_NXZ ( 31.69s ) -> converting function function_18000a360 ( 31.81s ) -> converting function ?AnyAddress@wxIPaddress@@QEAA_NXZ ( 31.90s ) -> converting function ?Hostname@wxIPV4address@@QEAA_NK@Z ( 31.98s ) -> converting function ?IsLocalHost@wxIPV4address@@UEBA_NXZ ( 32.08s ) -> converting function ?IPAddress@wxIPV4address@@UEBA?AVwxString@@XZ ( 32.30s ) -> converting function function_18000a840 ( 32.48s ) -> converting function function_18000a960 ( 32.65s ) -> converting function ?Service@wxIPaddress@@QEAA_NAEBVwxString@@@Z ( 32.83s ) -> converting function ?Hostname@wxIPaddress@@QEAA_NAEBVwxString@@@Z ( 32.99s ) -> converting function ?LocalHost@wxIPaddress@@QEAA_NXZ ( 33.15s ) -> converting function ?GetClassInfo@wxFileProto@@UEBAPEAVwxClassInfo@@XZ ( 33.32s ) -> converting function ??1wxFileProto@@UEAA@XZ ( 33.49s ) -> converting function ?GetInputStream@wxFileProto@@UEAAPEAVwxInputStream@@AEBVwxString@@@Z ( 33.70s ) -> converting function function_18000ae40 ( 33.89s ) -> converting function function_18000ae70 ( 34.07s ) -> converting function ?wxCreateObject@wxFileProto@@SAPEAVwxObject@@XZ ( 34.26s ) -> converting function ??1wxTCPClient@@UEAA@XZ ( 34.42s ) -> converting function ??0wxTCPClient@@QEAA@AEBV0@@Z ( 34.61s ) -> converting function function_18000afa0 ( 34.84s ) -> converting function function_18000b020 ( 35.03s ) -> converting function function_18000b0c0 ( 35.20s ) -> converting function ?Abort@wxFileProto@@UEAA_NXZ ( 35.37s ) -> converting function function_18000b130 ( 35.50s ) -> converting function function_18000b140 ( 35.63s ) -> converting function function_18000b190 ( 35.69s ) -> converting function function_18000b1c0 ( 35.74s ) -> converting function function_18000b210 ( 35.78s ) -> converting function function_18000b340 ( 35.83s ) -> converting function function_18000b400 ( 35.87s ) -> converting function ?GetClassInfo@wxTCPServer@@UEBAPEAVwxClassInfo@@XZ ( 35.91s ) -> converting function ?GetClassInfo@wxTCPClient@@UEBAPEAVwxClassInfo@@XZ ( 35.95s ) -> converting function ?GetClassInfo@wxTCPConnection@@UEBAPEAVwxClassInfo@@XZ ( 35.99s ) -> converting function ??0wxTCPClient@@QEAA@XZ ( 36.05s ) -> converting function ?ValidHost@wxTCPClient@@UEAA_NAEBVwxString@@@Z ( 36.08s ) -> converting function ??0wxTCPServer@@QEAA@XZ ( 36.13s ) -> converting function ?Create@wxTCPServer@@UEAA_NAEBVwxString@@@Z ( 36.16s ) -> converting function ??1wxTCPServer@@UEAA@XZ ( 36.30s ) -> converting function ?Init@wxTCPConnection@@AEAAXXZ ( 36.38s ) -> converting function ?Disconnect@wxTCPConnection@@UEAA_NXZ ( 36.43s ) -> converting function ?DoExecute@wxTCPConnection@@MEAA_NPEBX_KW4wxIPCFormat@@@Z ( 36.48s ) -> converting function ?Request@wxTCPConnection@@UEAAPEBXAEBVwxString@@PEA_KW4wxIPCFormat@@@Z ( 36.53s ) -> converting function ?DoPoke@wxTCPConnection@@MEAA_NAEBVwxString@@PEBX_KW4wxIPCFormat@@@Z ( 36.56s ) -> converting function ?StartAdvise@wxTCPConnection@@UEAA_NAEBVwxString@@@Z ( 36.62s ) -> converting function ?StopAdvise@wxTCPConnection@@UEAA_NAEBVwxString@@@Z ( 36.68s ) -> converting function ?DoAdvise@wxTCPConnection@@MEAA_NAEBVwxString@@PEBX_KW4wxIPCFormat@@@Z ( 36.72s ) -> converting function function_18000be10 ( 36.78s ) -> converting function function_18000be20 ( 36.82s ) -> converting function function_18000be30 ( 36.86s ) -> converting function ??0wxTCPConnection@@QEAA@XZ ( 36.92s ) -> converting function ??0wxTCPConnection@@QEAA@PEAX_K@Z ( 36.96s ) -> converting function function_18000bf10 ( 37.02s ) -> converting function function_18000bfc0 ( 37.09s ) -> converting function function_18000bff0 ( 37.12s ) -> converting function function_18000c020 ( 37.16s ) -> converting function ?wxCreateObject@wxTCPServer@@SAPEAVwxObject@@XZ ( 37.22s ) -> converting function ?wxCreateObject@wxTCPClient@@SAPEAVwxObject@@XZ ( 37.27s ) -> converting function function_18000c180 ( 37.35s ) -> converting function ?OnMakeConnection@wxTCPClient@@UEAAPEAVwxConnectionBase@@XZ ( 37.40s ) -> converting function ?OnAcceptConnection@wxTCPServer@@UEAAPEAVwxConnectionBase@@AEBVwxString@@@Z ( 37.44s ) -> converting function ??1wxTCPConnection@@UEAA@XZ ( 37.59s ) -> converting function function_18000c380 ( 37.81s ) -> converting function function_18000c5b0 ( 38.00s ) -> converting function function_18000c650 ( 38.18s ) -> converting function function_18000c6d0 ( 38.37s ) -> converting function function_18000c6e0 ( 38.57s ) -> converting function function_18000c700 ( 38.77s ) -> converting function function_18000c730 ( 38.93s ) -> converting function ?MakeConnection@wxTCPClient@@UEAAPEAVwxConnectionBase@@AEBVwxString@@00@Z ( 39.11s ) -> converting function function_18000c9f0 ( 39.31s ) -> converting function function_18000caa0 ( 39.47s ) -> converting function function_18000d1c4 ( 39.54s ) -> converting function function_18000d1c6 ( 39.61s ) -> converting function function_18000d1da ( 39.68s ) -> converting function ??0wxSocketOutputStream@@QEAA@AEAVwxSocketBase@@@Z ( 39.75s ) -> converting function ??1wxSocketOutputStream@@UEAA@XZ ( 39.78s ) -> converting function ?OnSysWrite@wxSocketOutputStream@@MEAA_KPEBX_K@Z ( 39.86s ) -> converting function ??0wxSocketInputStream@@QEAA@AEAVwxSocketBase@@@Z ( 39.90s ) -> converting function ??1wxSocketInputStream@@UEAA@XZ ( 39.96s ) -> converting function ?OnSysRead@wxSocketInputStream@@MEAA_KPEAX_K@Z ( 40.00s ) -> converting function ??0wxSocketStream@@QEAA@AEAVwxSocketBase@@@Z ( 40.06s ) -> converting function ??1wxSocketStream@@UEAA@XZ ( 40.10s ) -> converting function function_18000d440 ( 40.16s ) -> converting function function_18000d4c0 ( 40.20s ) -> converting function function_18000d540 ( 40.24s ) -> converting function function_18000d5f0 ( 40.30s ) -> converting function ?GetClassInfo@wxSocketBase@@UEBAPEAVwxClassInfo@@XZ ( 40.34s ) -> converting function ?GetClassInfo@wxSocketServer@@UEBAPEAVwxClassInfo@@XZ ( 40.39s ) -> converting function ?GetClassInfo@wxSocketClient@@UEBAPEAVwxClassInfo@@XZ ( 40.46s ) -> converting function ?GetClassInfo@wxDatagramSocket@@UEBAPEAVwxClassInfo@@XZ ( 40.51s ) -> converting function ?GetClassInfo@wxSocketEvent@@UEBAPEAVwxClassInfo@@XZ ( 40.57s ) -> converting function function_18000d650 ( 40.63s ) -> converting function function_18000d680 ( 40.69s ) -> converting function function_18000d6b0 ( 40.73s ) -> converting function function_18000d7d0 ( 40.80s ) -> converting function ?SetError@wxSocketBase@@AEAAXW4wxSocketError@@@Z ( 40.87s ) -> converting function ?LastError@wxSocketBase@@QEBA?AW4wxSocketError@@XZ ( 40.91s ) -> converting function ?ShutdownOutput@wxSocketBase@@QEAAXXZ ( 40.96s ) -> converting function function_18000d8f0 ( 41.01s ) -> converting function ?GetPeer@wxSocketBase@@UEBA_NAEAVwxSockAddress@@@Z ( 41.24s ) -> converting function ?SaveState@wxSocketBase@@QEAAXXZ ( 41.42s ) -> converting function ?RestoreState@wxSocketBase@@QEAAXXZ ( 41.52s ) -> converting function ?SetTimeout@wxSocketBase@@UEAAXJ@Z ( 41.56s ) -> converting function ?SetFlags@wxSocketBase@@QEAAXH@Z ( 41.61s ) -> converting function ?Notify@wxSocketBase@@QEAAX_N@Z ( 41.65s ) -> converting function ?SetNotify@wxSocketBase@@QEAAXH@Z ( 41.70s ) -> converting function ?SetEventHandler@wxSocketBase@@QEAAXAEAVwxEvtHandler@@H@Z ( 41.75s ) -> converting function ?Pushback@wxSocketBase@@AEAAXPEBXI@Z ( 41.80s ) -> converting function ?GetPushback@wxSocketBase@@AEAAIPEAXI_N@Z ( 41.85s ) -> converting function ?GetSocket@wxSocketBase@@QEBA_KXZ ( 41.90s ) -> converting function ?GetOption@wxSocketBase@@QEAA_NHHPEAXPEAH@Z ( 41.95s ) -> converting function ?SetOption@wxSocketBase@@QEAA_NHHPEBXH@Z ( 41.99s ) -> converting function ?SetLocal@wxSocketBase@@UEAA_NAEBVwxIPV4address@@@Z ( 42.05s ) -> converting function ?Connect@wxSocketClient@@UEAA_NAEBVwxSockAddress@@_N@Z ( 42.10s ) -> converting function ?Connect@wxSocketClient@@QEAA_NAEBVwxSockAddress@@0_N@Z ( 42.15s ) -> converting function function_18000e280 ( 42.20s ) -> converting function function_18000e290 ( 42.24s ) -> converting function ?wxCreateObject@wxSocketEvent@@SAPEAVwxObject@@XZ ( 42.30s ) -> converting function function_18000e3b0 ( 42.35s ) -> converting function function_18000e3e0 ( 42.42s ) -> converting function function_18000e3f0 ( 42.49s ) -> converting function function_18000e520 ( 42.56s ) -> converting function function_18000e5b0 ( 42.60s ) -> converting function function_18000e620 ( 42.64s ) -> converting function function_18000e6e0 ( 42.70s ) -> converting function function_18000e7c0 ( 42.74s ) -> converting function function_18000e8f0 ( 42.78s ) -> converting function function_18000e9b0 ( 42.82s ) -> converting function function_18000ea20 ( 42.87s ) -> converting function ?IsInitialized@wxSocketBase@@SA_NXZ ( 42.92s ) -> converting function ?Destroy@wxSocketBase@@QEAA_NXZ ( 42.98s ) -> converting function ?Close@wxSocketBase@@UEAA_NXZ ( 43.02s ) -> converting function ?Unread@wxSocketBase@@QEAAAEAV1@PEBXI@Z ( 43.09s ) -> converting function ?DoWait@wxSocketBase@@AEAAHJH@Z ( 43.16s ) -> converting function ?GetLocal@wxSocketBase@@UEBA_NAEAVwxSockAddress@@@Z ( 43.30s ) -> converting function ?OnRequest@wxSocketBase@@QEAAXW4wxSocketNotify@@@Z ( 43.49s ) -> converting function function_18000f130 ( 43.66s ) -> converting function function_18000f1b0 ( 43.81s ) -> converting function function_18000f2b0 ( 43.98s ) -> converting function function_18000f2c0 ( 44.11s ) -> converting function ?Initialize@wxSocketBase@@SA_NXZ ( 44.23s ) -> converting function ?Shutdown@wxSocketBase@@SAXXZ ( 44.28s ) -> converting function ??1wxSocketBase@@UEAA@XZ ( 44.33s ) -> converting function ?DoRead@wxSocketBase@@AEAAIPEAXI@Z ( 44.37s ) -> converting function ?ReadMsg@wxSocketBase@@QEAAAEAV1@PEAXI@Z ( 44.42s ) -> converting function ?Peek@wxSocketBase@@QEAAAEAV1@PEAXI@Z ( 44.47s ) -> converting function ?DoWrite@wxSocketBase@@AEAAIPEBXI@Z ( 44.51s ) -> converting function ?WriteMsg@wxSocketBase@@QEAAAEAV1@PEBXI@Z ( 44.56s ) -> converting function ?Discard@wxSocketBase@@QEAAAEAV1@XZ ( 44.59s ) -> converting function ?DoWait@wxSocketBase@@AEAAHJJH@Z ( 44.65s ) -> converting function ?Wait@wxSocketBase@@QEAA_NJJ@Z ( 44.68s ) -> converting function ?WaitForRead@wxSocketBase@@QEAA_NJJ@Z ( 44.71s ) -> converting function ?WaitForWrite@wxSocketBase@@QEAA_NJJ@Z ( 44.75s ) -> converting function ?WaitForLost@wxSocketBase@@QEAA_NJJ@Z ( 44.79s ) -> converting function ?AcceptWith@wxSocketServer@@QEAA_NAEAVwxSocketBase@@_N@Z ( 44.83s ) -> converting function ?WaitForAccept@wxSocketServer@@QEAA_NJJ@Z ( 44.87s ) -> converting function ?DoConnect@wxSocketClient@@EEAA_NAEBVwxSockAddress@@PEBV2@_N@Z ( 44.89s ) -> converting function ?WaitOnConnect@wxSocketClient@@QEAA_NJJ@Z ( 44.93s ) -> converting function function_1800105a0 ( 44.99s ) -> converting function function_1800105c0 ( 45.02s ) -> converting function function_180010640 ( 45.07s ) -> converting function function_1800106c0 ( 45.08s ) -> converting function ?Init@wxSocketBase@@QEAAXXZ ( 45.08s ) -> converting function ??0wxSocketBase@@QEAA@XZ ( 45.09s ) -> converting function ??0wxSocketBase@@QEAA@HW4wxSocketType@@@Z ( 45.09s ) -> converting function ?Read@wxSocketBase@@QEAAAEAV1@PEAXI@Z ( 45.09s ) -> converting function ?Write@wxSocketBase@@QEAAAEAV1@PEBXI@Z ( 45.09s ) -> converting function ?Accept@wxSocketServer@@QEAAPEAVwxSocketBase@@_N@Z ( 45.10s ) -> converting function ??0wxSocketClient@@QEAA@H@Z ( 45.10s ) -> converting function ??0wxDatagramSocket@@QEAA@AEBVwxSockAddress@@H@Z ( 45.10s ) -> converting function ?RecvFrom@wxDatagramSocket@@QEAAAEAV1@AEAVwxSockAddress@@PEAXI@Z ( 45.10s ) -> converting function ?SendTo@wxDatagramSocket@@QEAAAEAV1@AEBVwxSockAddress@@PEBXI@Z ( 45.11s ) -> converting function ??0wxSocketServer@@QEAA@AEBVwxSockAddress@@H@Z ( 45.11s ) -> converting function ?GetClassInfo@wxURL@@UEBAPEAVwxClassInfo@@XZ ( 45.12s ) -> converting function ?CleanData@wxURL@@IEAAXXZ ( 45.12s ) -> converting function ?Free@wxURL@@IEAAXXZ ( 45.12s ) -> converting function ??1wxURL@@UEAA@XZ ( 45.12s ) -> converting function ?GetInputStream@wxURL@@QEAAPEAVwxInputStream@@XZ ( 45.12s ) -> converting function function_180011a70 ( 45.13s ) -> converting function function_180011a80 ( 45.13s ) -> converting function function_180011af0 ( 45.13s ) -> converting function ?FetchProtocol@wxURL@@IEAA_NXZ ( 45.14s ) -> converting function ?SetDefaultProxy@wxURL@@SAXAEBVwxString@@@Z ( 45.14s ) -> converting function function_180011ed0 ( 45.14s ) -> converting function function_180011f10 ( 45.15s ) -> converting function function_180011f40 ( 45.15s ) -> converting function function_180011f70 ( 45.15s ) -> converting function ?Init@wxURL@@IEAAXAEBVwxString@@@Z ( 45.15s ) -> converting function ?ParseURL@wxURL@@IEAA_NXZ ( 45.15s ) -> converting function ?SetProxy@wxURL@@QEAAXAEBVwxString@@@Z ( 45.16s ) -> converting function ??0wxURL@@QEAA@AEBVwxString@@@Z ( 45.16s ) -> converting function ??0wxURL@@QEAA@AEBVwxURI@@@Z ( 45.16s ) -> converting function ??0wxURL@@QEAA@AEBV0@@Z ( 45.16s ) -> converting function ??4wxURL@@QEAAAEAV0@AEBVwxString@@@Z ( 45.17s ) -> converting function ??4wxURL@@QEAAAEAV0@AEBVwxURI@@@Z ( 45.17s ) -> converting function ??4wxURL@@QEAAAEAV0@AEBV0@@Z ( 45.17s ) -> converting function function_180012820 ( 45.18s ) -> converting function function_180012870 ( 45.18s ) -> converting function ?Compress@wxTCPConnection@@QEAAX_N@Z ( 45.18s ) -> converting function function_180012950 ( 45.18s ) -> converting function function_180012990 ( 45.18s ) -> converting function function_180012a30 ( 45.19s ) -> converting function function_180012c40 ( 45.19s ) -> converting function function_180012c80 ( 45.19s ) -> converting function function_180012cb0 ( 45.20s ) -> converting function function_180012cf0 ( 45.20s ) -> converting function function_180012d30 ( 45.20s ) -> converting function function_180012ee0 ( 45.20s ) -> converting function function_180012f1c ( 45.20s ) -> converting function function_180012f22 ( 45.21s ) -> converting function function_180012f28 ( 45.21s ) -> converting function function_180012f2e ( 45.21s ) -> converting function function_180012f34 ( 45.21s ) -> converting function function_180012f3a ( 45.21s ) -> converting function function_180012f40 ( 45.22s ) -> converting function function_180012f46 ( 45.22s ) -> converting function function_180012f4c ( 45.22s ) -> converting function function_180012f52 ( 45.22s ) -> converting function function_180012f58 ( 45.22s ) -> converting function function_180012f5e ( 45.23s ) -> converting function function_180012f64 ( 45.23s ) -> converting function function_180012f6a ( 45.23s ) -> converting function function_180012f70 ( 45.23s ) -> converting function function_180012f76 ( 45.24s ) -> converting function function_180012f7c ( 45.24s ) -> converting function function_180012f82 ( 45.24s ) -> converting function function_180012f88 ( 45.25s ) -> converting function function_180012f8e ( 45.25s ) -> converting function function_180012f94 ( 45.25s ) -> converting function function_180012f9a ( 45.25s ) -> converting function function_180012fa0 ( 45.25s ) -> converting function function_180012fa6 ( 45.26s ) -> converting function function_180012fac ( 45.26s ) -> converting function function_180012fb2 ( 45.26s ) -> converting function function_180012fb8 ( 45.26s ) -> converting function function_180012fbe ( 45.26s ) -> converting function function_180012fc4 ( 45.26s ) -> converting function function_180012fca ( 45.27s ) -> converting function function_180012fd0 ( 45.27s ) -> converting function function_180012fd6 ( 45.27s ) -> converting function function_180012fdc ( 45.27s ) -> converting function function_180012fe2 ( 45.27s ) -> converting function function_180012fe8 ( 45.28s ) -> converting function function_180012fee ( 45.28s ) -> converting function function_180012ff4 ( 45.28s ) -> converting function function_180012ffa ( 45.28s ) -> converting function function_180013000 ( 45.28s ) -> converting function function_180013006 ( 45.28s ) -> converting function function_18001300c ( 45.29s ) -> converting function function_180013012 ( 45.29s ) -> converting function function_180013018 ( 45.29s ) -> converting function function_18001301e ( 45.29s ) -> converting function function_180013024 ( 45.29s ) -> converting function function_18001302a ( 45.30s ) -> converting function function_180013030 ( 45.30s ) -> converting function function_180013036 ( 45.30s ) -> converting function function_18001303c ( 45.30s ) -> converting function function_180013042 ( 45.30s ) -> converting function function_180013048 ( 45.31s ) -> converting function function_18001304e ( 45.31s ) -> converting function function_180013054 ( 45.31s ) -> converting function function_18001305a ( 45.31s ) -> converting function function_180013060 ( 45.31s ) -> converting function function_180013066 ( 45.31s ) -> converting function function_18001306c ( 45.32s ) -> converting function function_180013072 ( 45.32s ) -> converting function function_180013078 ( 45.32s ) -> converting function function_18001307e ( 45.32s ) -> converting function function_180013084 ( 45.32s ) -> converting function function_18001308a ( 45.33s ) -> converting function function_180013090 ( 45.33s ) -> converting function function_180013096 ( 45.33s ) -> converting function function_18001309c ( 45.33s ) -> converting function function_1800130a2 ( 45.33s ) -> converting function function_1800130a8 ( 45.34s ) -> converting function function_1800130ae ( 45.34s ) -> converting function function_1800130b4 ( 45.34s ) -> converting function function_1800130ba ( 45.34s ) -> converting function function_1800130c0 ( 45.34s ) -> converting function function_1800130c6 ( 45.34s ) -> converting function function_1800130cc ( 45.35s ) -> converting function function_1800130d2 ( 45.35s ) -> converting function function_1800130d8 ( 45.35s ) -> converting function function_1800130de ( 45.35s ) -> converting function function_1800130e4 ( 45.35s ) -> converting function function_1800130ea ( 45.35s ) -> converting function function_1800130f0 ( 45.36s ) -> converting function function_1800130f6 ( 45.36s ) -> converting function function_1800130fc ( 45.36s ) -> converting function function_180013102 ( 45.37s ) -> converting function function_180013108 ( 45.37s ) -> converting function function_18001310e ( 45.37s ) -> converting function function_180013114 ( 45.37s ) -> converting function function_18001311c ( 45.37s ) -> converting function function_180013168 ( 45.37s ) -> converting function function_1800131c6 ( 45.38s ) -> converting function function_1800131cc ( 45.38s ) -> converting function function_180013236 ( 45.38s ) -> converting function function_18001323c ( 45.38s ) -> converting function function_180013244 ( 45.38s ) -> converting function function_1800133c0 ( 45.39s ) -> converting function function_1800133d8 ( 45.39s ) -> converting function function_1800133e0 ( 45.39s ) -> converting function function_180013444 ( 45.39s ) -> converting function function_180013462 ( 45.40s ) -> converting function function_1800134d0 ( 45.40s ) -> converting function function_18001372c ( 45.40s ) -> converting function function_180013839 ( 45.41s ) -> converting function function_18001383f ( 45.41s ) -> converting function entry_point ( 45.41s ) -> converting function function_1800138a2 ( 45.41s ) -> converting function function_1800138a8 ( 45.41s ) -> converting function function_1800138b0 ( 45.41s ) -> converting function function_1800139fa ( 45.42s ) -> converting function function_180013a00 ( 45.42s ) -> converting function function_180013a06 ( 45.42s ) -> converting function function_180013a0c ( 45.42s ) -> converting function function_180013b10 ( 45.43s ) -> converting function function_180013b52 ( 45.43s ) -> converting function function_180013b58 ( 45.43s ) -> converting function function_180013b5e ( 45.43s ) -> converting function function_180013b64 ( 45.43s ) -> converting function function_180013c44 ( 45.43s ) -> converting function function_180013c4a ( 45.44s ) -> converting function function_180013c50 ( 45.44s ) -> converting function function_180013c56 ( 45.44s ) -> converting function function_180013c5c ( 45.45s ) -> converting function function_180013cd0 ( 45.45s ) -> converting function function_180013cf0 ( 45.45s ) -> converting function function_180013d10 ( 45.45s ) -> converting function function_180013d30 ( 45.46s ) -> converting function function_180013d50 ( 45.46s ) -> converting function function_180013d70 ( 45.46s ) -> converting function function_180013d90 ( 45.46s ) -> converting function function_180013dc0 ( 45.47s ) -> converting function function_180013de0 ( 45.47s ) -> converting function function_180013e00 ( 45.47s ) -> converting function function_180013e20 ( 45.47s ) -> converting function function_180013e40 ( 45.47s ) -> converting function function_180013e60 ( 45.48s ) -> converting function function_180013e80 ( 45.48s ) -> converting function function_180013ea0 ( 45.48s ) -> converting function function_180013ec0 ( 45.48s ) -> converting function function_180013ee0 ( 45.48s ) -> converting function function_180013f00 ( 45.48s ) -> converting function function_180013f20 ( 45.48s ) -> converting function function_180013f40 ( 45.49s ) -> converting function function_180013f60 ( 45.49s ) -> converting function function_180013f80 ( 45.49s ) -> converting function function_180013fa0 ( 45.49s ) -> converting function function_180013fc0 ( 45.50s ) -> converting function function_180013fe0 ( 45.50s ) -> converting function function_180014000 ( 45.50s ) -> converting function function_180014030 ( 45.50s ) -> converting function function_180014050 ( 45.50s ) -> converting function function_180014070 ( 45.51s ) -> converting function function_180014090 ( 45.51s ) -> converting function function_1800140b0 ( 45.51s ) -> converting function function_1800140d0 ( 45.51s ) -> converting function function_1800140f0 ( 45.52s ) -> converting function function_180014110 ( 45.52s ) -> converting function function_180014130 ( 45.52s ) -> converting function function_180014150 ( 45.53s ) -> converting function function_180014180 ( 45.53s ) -> converting function function_1800141a0 ( 45.53s ) -> converting function function_1800141c0 ( 45.53s ) -> converting function function_1800141e0 ( 45.53s ) -> converting function function_180014200 ( 45.54s ) -> converting function function_180014220 ( 45.54s ) -> converting function function_180014240 ( 45.54s ) -> converting function function_180014260 ( 45.54s ) -> converting function function_180014280 ( 45.54s ) -> converting function function_1800142a0 ( 45.55s ) -> converting function function_1800142c0 ( 45.55s ) -> converting function function_1800142e0 ( 45.55s ) -> converting function function_180014300 ( 45.55s ) -> converting function function_180014320 ( 45.56s ) -> converting function function_180014340 ( 45.56s ) -> converting function function_180014360 ( 45.59s ) -> converting function function_180014380 ( 45.67s ) -> converting function function_1800143a0 ( 45.67s ) -> converting function function_1800143c0 ( 45.67s ) -> converting function function_1800143e0 ( 45.67s ) -> converting function function_180014400 ( 45.67s ) -> converting function function_180014420 ( 45.68s ) -> converting function function_180014450 ( 45.68s ) -> converting function function_180014470 ( 45.68s ) -> converting function function_180014490 ( 45.68s ) -> converting function function_1800144b0 ( 45.69s ) -> converting function function_1800144d0 ( 45.69s ) -> converting function function_1800144f0 ( 45.69s ) -> converting function function_180014510 ( 45.69s ) -> converting function function_180014530 ( 45.69s ) -> converting function function_180014550 ( 45.70s ) -> converting function function_180014570 ( 45.70s ) -> converting function function_180014590 ( 45.70s ) -> converting function function_1800145b0 ( 45.70s ) -> converting function function_1800145d0 ( 45.70s ) -> converting function function_1800145f0 ( 45.70s ) -> converting function function_180014610 ( 45.70s ) -> converting function function_180014630 ( 45.71s ) -> converting function function_180014650 ( 45.71s ) -> converting function function_180014670 ( 45.71s ) -> converting function function_180014690 ( 45.71s ) -> converting function function_1800146b0 ( 45.72s ) -> converting function function_1800146d0 ( 45.72s ) -> converting function function_1800146f0 ( 45.72s ) -> converting function function_180014710 ( 45.72s ) -> converting function function_180014730 ( 45.72s ) -> converting function function_180014750 ( 45.73s ) -> converting function function_180014770 ( 45.73s ) -> converting function function_180014790 ( 45.73s ) -> converting function function_1800147b0 ( 45.73s ) -> converting function function_1800147d0 ( 45.73s ) -> converting function function_1800147f0 ( 45.73s ) -> converting function function_180014810 ( 45.73s ) -> converting function function_180014830 ( 45.74s ) -> converting function function_180014850 ( 45.74s ) -> converting function function_180014870 ( 45.74s ) -> converting function function_180014890 ( 45.74s ) -> converting function function_1800148b0 ( 45.74s ) -> converting function function_1800148e0 ( 45.75s ) -> converting function function_180014900 ( 45.75s ) -> converting function function_180014920 ( 45.75s ) -> converting function function_180014940 ( 45.76s ) -> converting function function_180014960 ( 45.76s ) -> converting function function_180014980 ( 45.76s ) -> converting function function_1800149a0 ( 45.77s ) -> converting function function_1800149c0 ( 45.77s ) -> converting function function_1800149e0 ( 45.77s ) -> converting function function_180014a00 ( 45.78s ) -> converting function function_180014a20 ( 45.78s ) -> converting function function_180014a40 ( 45.78s ) -> converting function function_180014a60 ( 45.78s ) -> converting function function_180014a80 ( 45.78s ) -> converting function function_180014aa0 ( 45.79s ) -> converting function function_180014ac0 ( 45.79s ) -> converting function function_180014ae0 ( 45.79s ) -> converting function function_180014b00 ( 45.79s ) -> converting function function_180014b20 ( 45.80s ) -> converting function function_180014b40 ( 45.80s ) -> converting function function_180014b60 ( 45.80s ) -> converting function function_180014b80 ( 45.80s ) -> converting function function_180014ba0 ( 45.80s ) -> converting function function_180014bc0 ( 45.80s ) -> converting function function_180014be0 ( 45.81s ) -> converting function function_180014c00 ( 45.81s ) -> converting function function_180014c20 ( 45.82s ) -> converting function function_180014c40 ( 45.82s ) -> converting function function_180014c60 ( 45.82s ) -> converting function function_180014c80 ( 45.82s ) -> converting function function_180014ca0 ( 45.83s ) -> converting function function_180014cc0 ( 45.83s ) -> converting function function_180014ce0 ( 45.83s ) -> converting function function_180014d00 ( 45.83s ) -> converting function function_180014d20 ( 45.83s ) -> converting function function_180014d40 ( 45.84s ) -> converting function function_180014d60 ( 45.84s ) -> converting function function_180014d80 ( 45.84s ) -> converting function function_180014da0 ( 45.84s ) -> converting function function_180014dc0 ( 45.84s ) -> converting function function_180014de0 ( 45.85s ) -> converting function function_180014e00 ( 45.85s ) -> converting function function_180014e20 ( 45.85s ) -> converting function function_180014e40 ( 45.85s ) -> converting function function_180014e60 ( 45.85s ) -> converting function function_180014e80 ( 45.86s ) -> converting function function_180014ea0 ( 45.86s ) -> converting function function_180014ec0 ( 45.86s ) -> converting function function_180014ee0 ( 45.86s ) -> converting function function_180014f00 ( 45.87s ) -> converting function function_180014f20 ( 45.87s ) -> converting function function_180014f40 ( 45.87s ) -> converting function function_180014f60 ( 45.87s ) -> converting function function_180014f80 ( 45.87s ) -> converting function function_180014fa0 ( 45.87s ) -> converting function function_180014fc0 ( 45.88s ) -> converting function function_180014fe0 ( 45.88s ) -> converting function function_180015000 ( 45.88s ) -> converting function function_180015020 ( 45.88s ) -> converting function function_180015040 ( 45.88s ) -> converting function function_180015060 ( 45.89s ) -> converting function function_180015080 ( 45.89s ) -> converting function function_1800150a0 ( 45.89s ) -> converting function function_1800150c0 ( 45.89s ) -> converting function function_1800150f0 ( 45.90s ) -> converting function function_180015120 ( 45.90s ) -> converting function function_180015150 ( 45.90s ) -> converting function function_180015180 ( 45.90s ) -> converting function function_1800151a0 ( 45.90s ) -> converting function function_1800151c0 ( 45.90s ) -> converting function function_1800151e0 ( 45.91s ) -> converting function function_180015200 ( 45.91s ) -> converting function function_180015220 ( 45.91s ) -> converting function function_180015240 ( 45.91s ) -> converting function function_180015260 ( 45.91s ) -> converting function function_180015280 ( 45.91s ) -> converting function function_1800152a0 ( 45.92s ) -> converting function function_1800152c0 ( 45.92s ) -> converting function function_1800152e0 ( 45.92s ) -> converting function function_180015300 ( 45.92s ) -> converting function function_180015320 ( 45.93s ) -> converting function function_180015340 ( 45.93s ) -> converting function function_180015360 ( 45.93s ) -> converting function function_180015380 ( 45.93s ) -> converting function function_1800153a0 ( 45.93s ) -> converting function function_1800153c0 ( 45.93s ) -> converting function function_1800153e0 ( 45.94s ) -> converting function function_180015400 ( 45.94s ) -> converting function function_180015420 ( 45.94s ) -> converting function function_180015440 ( 45.94s ) -> converting function function_180015460 ( 45.95s ) -> converting function function_180015480 ( 45.95s ) -> converting function function_1800154a0 ( 45.95s ) -> converting function function_1800154c0 ( 45.95s ) -> converting function function_1800154e0 ( 45.95s ) -> converting function function_180015500 ( 45.96s ) -> converting function function_180015520 ( 45.96s ) -> converting function function_180015540 ( 45.96s ) -> converting function function_180015560 ( 45.96s ) -> converting function function_180015580 ( 45.96s ) -> converting function function_1800155a0 ( 45.97s ) -> converting function function_1800155c0 ( 45.97s ) -> converting function function_1800155e0 ( 45.97s ) -> converting function function_180015600 ( 45.97s ) -> converting function function_180015620 ( 45.98s ) -> converting function function_180015640 ( 45.98s ) -> converting function function_180015660 ( 45.98s ) -> converting function function_180015680 ( 45.98s ) -> converting function function_1800156a0 ( 45.98s ) -> converting function function_1800156c0 ( 45.98s ) -> converting function function_1800156f0 ( 45.99s ) -> converting function function_180015720 ( 45.99s ) -> converting function function_180015740 ( 45.99s ) -> converting function function_180015760 ( 45.99s ) -> converting function function_180015780 ( 45.99s ) -> converting function function_1800157a0 ( 46.00s ) -> converting function function_1800157c0 ( 46.00s ) -> converting function function_1800157e0 ( 46.00s ) -> converting function function_180015800 ( 46.00s ) -> converting function function_180015820 ( 46.01s ) -> converting function function_180015840 ( 46.01s ) -> converting function function_180015860 ( 46.01s ) -> converting function function_180015880 ( 46.01s ) -> converting function function_1800158a0 ( 46.01s ) -> converting function function_1800158c0 ( 46.01s ) -> converting function function_1800158e0 ( 46.02s ) -> converting function function_180015900 ( 46.02s ) -> converting function function_180015920 ( 46.02s ) -> converting function function_180015950 ( 46.02s ) -> converting function function_180015970 ( 46.02s ) -> converting function function_180015990 ( 46.03s ) -> converting function function_1800159b0 ( 46.03s ) -> converting function function_1800159d0 ( 46.03s ) -> converting function function_1800159f0 ( 46.03s ) -> converting function function_180015a10 ( 46.03s ) -> converting function function_180015a30 ( 46.04s ) -> converting function function_180015a50 ( 46.04s ) -> converting function function_180015a70 ( 46.04s ) -> converting function function_180015a90 ( 46.04s ) -> converting function function_180015ab0 ( 46.05s ) -> converting function function_180015ad0 ( 46.05s ) -> converting function function_180015af0 ( 46.05s ) -> converting function function_180015b10 ( 46.05s ) -> converting function function_180015b30 ( 46.05s ) -> converting function function_180015b50 ( 46.05s ) -> converting function function_180015b70 ( 46.06s ) -> converting function function_180015ba0 ( 46.06s ) -> converting function function_180015bc0 ( 46.06s ) -> converting function function_180015be0 ( 46.06s ) -> converting function function_180015c00 ( 46.07s ) -> converting function function_180015c20 ( 46.07s ) -> converting function function_180015c40 ( 46.07s ) -> converting function function_180015c60 ( 46.07s ) -> converting function function_180015c80 ( 46.07s ) -> converting function function_180015ca0 ( 46.07s ) -> converting function function_180015cc0 ( 46.08s ) -> converting function function_180015ce0 ( 46.08s ) -> converting function function_180015d00 ( 46.08s ) -> converting function function_180015d20 ( 46.09s ) -> converting function function_180015d40 ( 46.09s ) -> converting function function_180015d60 ( 46.09s ) -> converting function function_180015d80 ( 46.09s ) -> converting function function_180015da0 ( 46.09s ) -> converting function function_180015dc0 ( 46.09s ) -> converting function function_180015de0 ( 46.10s ) -> converting function function_180015e00 ( 46.10s ) -> converting function function_180015e20 ( 46.10s ) -> converting function function_180015e40 ( 46.10s ) -> converting function function_180015e60 ( 46.10s ) -> converting function function_180015e80 ( 46.10s ) -> converting function function_180015ea0 ( 46.11s ) -> converting function function_180015ec0 ( 46.11s ) -> converting function function_180015ee0 ( 46.11s ) -> converting function function_180015f00 ( 46.11s ) -> converting function function_180015f20 ( 46.12s ) -> converting function function_180015f40 ( 46.12s ) -> converting function function_180015f70 ( 46.12s ) -> converting function function_180015f90 ( 46.12s ) -> converting function function_180015fb0 ( 46.12s ) -> converting function function_180015fd0 ( 46.12s ) -> converting function function_180015ff0 ( 46.12s ) -> converting function function_180016010 ( 46.13s ) -> converting function function_180016030 ( 46.13s ) -> converting function function_180016050 ( 46.13s ) -> converting function function_180016070 ( 46.13s ) -> converting function function_180016090 ( 46.13s ) -> converting function function_1800160b0 ( 46.14s ) -> converting function function_1800160d0 ( 46.14s ) -> converting function function_1800160f0 ( 46.14s ) -> converting function function_180016110 ( 46.14s ) -> converting function function_180016130 ( 46.15s ) -> converting function function_180016150 ( 46.15s ) -> converting function function_180016170 ( 46.15s ) -> converting function function_180016190 ( 46.15s ) -> converting function function_1800161b0 ( 46.15s ) -> converting function function_1800161d0 ( 46.15s ) -> converting function function_1800161f0 ( 46.16s ) -> converting function function_180016210 ( 46.16s ) -> converting function function_180016230 ( 46.16s ) -> converting function function_180016250 ( 46.16s ) -> converting function function_180016270 ( 46.16s ) -> converting function function_180016290 ( 46.17s ) -> converting function function_1800162b0 ( 46.17s ) -> converting function function_1800162d0 ( 46.17s ) -> converting function function_1800162f0 ( 46.17s ) -> converting function function_180016310 ( 46.17s ) -> converting function function_180016330 ( 46.18s ) -> converting function function_180016350 ( 46.18s ) -> converting function function_180016370 ( 46.18s ) -> converting function function_180016390 ( 46.18s ) -> converting function function_1800163b0 ( 46.18s ) -> converting function function_1800163d0 ( 46.19s ) -> converting function function_1800163f0 ( 46.19s ) -> converting function function_180016410 ( 46.19s ) -> converting function function_180016430 ( 46.19s ) -> converting function function_180016450 ( 46.20s ) -> converting function function_180016470 ( 46.20s ) -> converting function function_180016490 ( 46.20s ) -> converting function function_1800164b0 ( 46.20s ) -> converting function function_1800164d0 ( 46.20s ) -> converting function function_1800164f0 ( 46.20s ) -> converting function function_180016510 ( 46.21s ) -> converting function function_180016530 ( 46.21s ) -> converting function function_180016550 ( 46.22s ) -> converting function function_180016570 ( 46.22s ) -> converting function function_180016590 ( 46.22s ) -> converting function function_1800165b0 ( 46.23s ) -> converting function function_1800165d0 ( 46.23s ) -> converting function function_1800165f0 ( 46.23s ) -> converting function function_180016610 ( 46.23s ) -> converting function function_180016630 ( 46.23s ) -> converting function function_180016650 ( 46.23s ) -> converting function function_180016670 ( 46.24s ) -> converting function function_180016690 ( 46.24s ) -> converting function function_1800166b0 ( 46.24s ) -> converting function function_1800166d0 ( 46.24s ) -> converting function function_1800166f0 ( 46.24s ) -> converting function function_180016710 ( 46.25s ) -> converting function function_180016730 ( 46.25s ) -> converting function function_180016750 ( 46.25s ) -> converting function function_180016780 ( 46.26s ) -> converting function function_1800167b0 ( 46.26s ) -> converting function function_1800167e0 ( 46.26s ) -> converting function function_180016800 ( 46.26s ) -> converting function function_180016830 ( 46.26s ) -> converting function function_180016850 ( 46.27s ) -> converting function function_180016880 ( 46.27s ) -> converting function function_1800168a0 ( 46.27s ) -> converting function function_1800168c0 ( 46.27s ) -> converting function function_1800168e0 ( 46.27s ) -> converting function function_180016900 ( 46.27s ) -> converting function function_180016930 ( 46.28s ) -> converting function function_180016950 ( 46.28s ) -> converting function function_180016970 ( 46.28s ) -> converting function function_180016990 ( 46.28s ) -> converting function function_1800169b0 ( 46.29s ) -> converting function function_1800169d0 ( 46.29s ) -> converting function function_1800169f0 ( 46.29s ) -> converting function function_180016a10 ( 46.29s ) -> converting function function_180016a30 ( 46.29s ) -> converting function function_180016a50 ( 46.30s ) -> converting function function_180016a70 ( 46.30s ) -> converting function function_180016a90 ( 46.30s ) -> converting function function_180016ab0 ( 46.30s ) -> converting function function_180016ad0 ( 46.30s ) -> converting function function_180016af0 ( 46.30s ) -> converting function function_180016b10 ( 46.31s ) -> converting function function_180016b30 ( 46.31s ) -> converting function function_180016b50 ( 46.31s ) -> converting function function_180016b70 ( 46.31s ) -> converting function function_180016b90 ( 46.32s ) -> converting function function_180016bb0 ( 46.32s ) -> converting function function_180016bd0 ( 46.32s ) -> converting function function_180016bf0 ( 46.33s ) -> converting function function_180016c10 ( 46.33s ) -> converting function function_180016c30 ( 46.33s ) -> converting function function_180016c50 ( 46.33s ) -> converting function function_180016c70 ( 46.33s ) -> converting function function_180016c90 ( 46.34s ) -> converting function function_180016cb0 ( 46.34s ) -> converting function function_180016cd0 ( 46.34s ) -> converting function function_180016cf0 ( 46.34s ) -> converting function function_180016d10 ( 46.34s ) -> converting function function_180016d30 ( 46.34s ) -> converting function function_180016d50 ( 46.35s ) -> converting function function_180016d70 ( 46.35s ) -> converting function function_180016d90 ( 46.35s ) -> converting function function_180016db0 ( 46.35s ) -> converting function function_180016dd0 ( 46.35s ) -> converting function function_180016df0 ( 46.36s ) -> converting function function_180016e10 ( 46.36s ) -> converting function function_180016e30 ( 46.36s ) -> converting function function_180016e50 ( 46.37s ) -> converting function function_180016e70 ( 46.37s ) -> converting function function_180016e90 ( 46.37s ) -> converting function function_180016eb0 ( 46.37s ) -> converting function function_180016ed0 ( 46.37s ) -> converting function function_180016ef0 ( 46.37s ) -> converting function function_180016f10 ( 46.38s ) -> converting function function_180016f30 ( 46.38s ) -> converting function function_180016f50 ( 46.38s ) -> converting function function_180016f70 ( 46.38s ) -> converting function function_180016f90 ( 46.38s ) -> converting function function_180016fb0 ( 46.38s ) -> converting function function_180016fd0 ( 46.39s ) -> converting function function_180016ff0 ( 46.39s ) -> converting function function_180017010 ( 46.39s ) -> converting function function_180017030 ( 46.39s ) -> converting function function_180017050 ( 46.40s ) -> converting function function_180017070 ( 46.40s ) -> converting function function_180017090 ( 46.40s ) -> converting function function_1800170b0 ( 46.40s ) -> converting function function_1800170d0 ( 46.40s ) -> converting function function_1800170f0 ( 46.40s ) -> converting function function_180017110 ( 46.41s ) -> converting function function_180017130 ( 46.41s ) -> converting function function_180017150 ( 46.41s ) -> converting function function_180017170 ( 46.42s ) -> converting function function_180017190 ( 46.43s ) -> converting function function_1800171b0 ( 46.43s ) -> converting function function_1800171d0 ( 46.43s ) -> converting function function_1800171f0 ( 46.43s ) -> converting function function_180017210 ( 46.43s ) -> converting function function_180017230 ( 46.44s ) -> converting function function_180017250 ( 46.44s ) -> converting function function_180017270 ( 46.44s ) -> converting function function_180017290 ( 46.44s ) -> converting function function_1800172b0 ( 46.44s ) -> converting function function_1800172d0 ( 46.45s ) -> converting function function_1800172f0 ( 46.45s ) -> converting function function_180017310 ( 46.45s ) -> converting function function_180017330 ( 46.45s ) -> converting function function_180017350 ( 46.45s ) -> converting function function_180017370 ( 46.46s ) -> converting function function_180017390 ( 46.46s ) -> converting function function_1800173b0 ( 46.46s ) -> converting function function_1800173d0 ( 46.46s ) -> converting function function_1800173f0 ( 46.46s ) -> converting function function_180017410 ( 46.46s ) -> converting function function_180017430 ( 46.47s ) -> converting function function_180017450 ( 46.47s ) -> converting function function_180017470 ( 46.47s ) -> converting function function_180017490 ( 46.47s ) -> converting function function_1800174b0 ( 46.48s ) -> converting function function_1800174d0 ( 46.48s ) -> converting function function_1800174f0 ( 46.49s ) -> converting function function_180017510 ( 46.49s ) -> converting function function_180017530 ( 46.49s ) -> converting function function_180017550 ( 46.50s ) -> converting function function_180017570 ( 46.50s ) -> converting function function_180017590 ( 46.50s ) -> converting function function_1800175b0 ( 46.50s ) -> converting function function_1800175d0 ( 46.50s ) -> converting function function_1800175f0 ( 46.51s ) -> converting function function_180017610 ( 46.51s ) -> converting function function_180017630 ( 46.51s ) -> converting function function_180017650 ( 46.51s ) -> converting function function_180017670 ( 46.51s ) -> converting function function_180017690 ( 46.52s ) -> converting function function_1800176b0 ( 46.52s ) -> converting function function_1800176d0 ( 46.52s ) -> converting function function_1800176f0 ( 46.52s ) -> converting function function_180017710 ( 46.53s ) -> converting function function_180017730 ( 46.53s ) -> converting function function_180017750 ( 46.53s ) -> converting function function_180017770 ( 46.53s ) -> converting function function_180017790 ( 46.54s ) -> converting function function_1800177b0 ( 46.54s ) -> converting function function_1800177d0 ( 46.54s ) -> converting function function_1800177f0 ( 46.54s ) -> converting function function_180017810 ( 46.55s ) -> converting function function_180017830 ( 46.55s ) -> converting function function_180017850 ( 46.55s ) -> converting function function_180017870 ( 46.55s ) -> converting function function_180017890 ( 46.55s ) -> converting function function_1800178b0 ( 46.55s ) -> converting function function_1800178d0 ( 46.56s ) -> converting function function_1800178f0 ( 46.57s ) -> converting function function_180017910 ( 46.57s ) -> converting function function_180017930 ( 46.58s ) -> converting function function_180017950 ( 46.58s ) -> converting function function_180017970 ( 46.58s ) -> converting function function_180017990 ( 46.59s ) -> converting function function_1800179b0 ( 46.59s ) -> converting function function_1800179d0 ( 46.59s ) -> converting function function_1800179f0 ( 46.59s ) -> converting function function_180017a10 ( 46.59s ) -> converting function function_180017a30 ( 46.59s ) -> converting function function_180017a50 ( 46.59s ) -> converting function function_180017a70 ( 46.59s ) -> converting function function_180017a90 ( 46.59s ) -> converting function function_180017ab0 ( 46.60s ) -> converting function function_180017ad0 ( 46.60s ) -> converting function function_180017af0 ( 46.60s ) -> converting function function_180017b10 ( 46.60s ) -> converting function function_180017b30 ( 46.61s ) -> converting function function_180017b50 ( 46.61s ) -> converting function function_180017b70 ( 46.61s ) -> converting function function_180017b90 ( 46.61s ) -> converting function function_180017bb0 ( 46.62s ) -> converting function function_180017bd0 ( 46.62s ) -> converting function function_180017bf0 ( 46.62s ) -> converting function function_180017c10 ( 46.62s ) -> converting function function_180017c30 ( 46.62s ) -> converting function function_180017c50 ( 46.62s ) -> converting function function_180017c70 ( 46.62s ) -> converting function function_180017c90 ( 46.62s ) -> converting function function_180017cb0 ( 46.63s ) -> converting function function_180017cd0 ( 46.63s ) -> converting function function_180017cf0 ( 46.63s ) -> converting function function_180017d10 ( 46.63s ) -> converting function function_180017d30 ( 46.63s ) -> converting function function_180017d50 ( 46.64s ) -> converting function function_180017d70 ( 46.64s ) -> converting function function_180017d90 ( 46.64s ) -> converting function function_180017db0 ( 46.64s ) -> converting function function_180017dd0 ( 46.64s ) -> converting function function_180017df0 ( 46.64s ) -> converting function function_180017e10 ( 46.64s ) -> converting function function_180017e30 ( 46.65s ) -> converting function function_180017e50 ( 46.65s ) -> converting function function_180017e70 ( 46.65s ) -> converting function function_180017e90 ( 46.65s ) -> converting function function_180017eb0 ( 46.65s ) -> converting function function_180017ed0 ( 46.66s ) -> converting function function_180017ef0 ( 46.66s ) -> converting function function_180017f08 ( 46.66s ) -> converting function function_180017f47 ( 46.66s ) -> converting function function_180017f71 ( 46.66s ) -> converting function function_180017f8a ( 46.67s ) -> converting function function_180018010 ( 46.67s ) -> converting function function_180018060 ( 46.67s ) -> converting function function_1800180b0 ( 46.67s ) -> converting function function_1800180f0 ( 46.67s ) -> converting function function_180018140 ( 46.67s ) -> converting function function_180018180 ( 46.67s ) -> converting function function_1800181d0 ( 46.68s ) -> converting function function_180018220 ( 46.68s ) -> converting function function_180018270 ( 46.68s ) -> converting function function_1800182c0 ( 46.68s ) -> converting function function_180018310 ( 46.69s ) -> converting function function_180018360 ( 46.69s ) -> converting function function_1800183a0 ( 46.69s ) -> converting function function_1800183f0 ( 46.69s ) -> converting function function_180018440 ( 46.69s ) -> converting function function_180018490 ( 46.70s ) -> converting function function_1800184e0 ( 46.70s ) -> converting function function_1800184f0 ( 46.70s ) -> converting function function_180018520 ( 46.70s ) -> converting function function_180018670 ( 46.70s ) -> converting function function_180018690 ( 46.70s ) -> converting function function_1800186b0 ( 46.71s ) -> converting function function_180018700 ( 46.71s ) -> converting function function_180018750 ( 46.71s ) -> converting function function_1800187a0 ( 46.71s ) -> converting function function_1800187f0 ( 46.72s ) -> converting function function_180018840 ( 46.72s ) -> converting function function_180018890 ( 46.72s ) -> converting function function_1800188a0 ( 46.72s ) -> converting function function_1800188f0 ( 46.72s ) -> converting function function_180018900 ( 46.72s ) -> converting function function_180018910 ( 46.72s ) -> converting function function_180018920 ( 46.72s ) -> converting function function_180018970 ( 46.73s ) -> converting function function_1800189a0 ( 46.73s ) -> converting function function_1800189c0 ( 46.73s ) -> converting function function_180018a10 ( 46.73s ) -> converting function function_180018a20 ( 46.73s ) -> converting function function_180018a30 ( 46.74s ) -> converting function function_180018a80 ( 46.74s ) -> converting function function_180018a90 ( 46.74s ) -> converting function function_180018ae0 ( 46.74s ) -> converting function function_180018af0 ( 46.74s ) -> converting function function_180018b00 ( 46.75s ) -> converting function function_180018b10 ( 46.75s ) -> converting function function_180018b20 ( 46.75s ) -> converting function function_180018b30 ( 46.75s ) -> converting function function_180018b40 ( 46.75s ) -> converting function function_180018b90 ( 46.75s ) -> converting function function_180018ba0 ( 46.76s ) -> converting function function_180018bb0 ( 46.76s ) -> converting function function_180018bc0 ( 46.76s ) -> converting function function_180018bd0 ( 46.76s ) -> converting function function_180018be0 ( 46.76s ) -> converting function function_180018c00 ( 46.77s ) -> converting function function_180018c10 ( 46.77s ) -> converting function function_180018c20 ( 46.77s ) -> converting function function_180018c30 ( 46.77s ) -> converting function function_180018c40 ( 46.77s ) -> converting function function_180018c50 ( 46.77s ) -> converting function function_180018c60 ( 46.77s ) -> converting function function_180018c70 ( 46.78s ) -> converting function function_180018c80 ( 46.78s ) -> converting function function_180018c90 ( 46.78s ) -> converting function function_180018cc0 ( 46.78s ) -> converting function ??_7wxIPaddress@@6B@ ( 46.78s ) -> converting function ??_7wxIPV4address@@6B@ ( 46.78s ) -> converting function ??_7wxSocketEvent@@6B@ ( 46.79s ) -> converting function ??_7wxInternetFSHandler@@6B@ ( 46.79s ) -> converting function ??_7wxFTP@@6B@ ( 46.79s ) -> converting function ??_7wxHTTP@@6B@ ( 46.79s ) -> converting function ??_7wxProtocolLog@@6B@ ( 46.79s ) -> converting function ??_7wxProtoInfo@@6B@ ( 46.80s ) -> converting function ??_7wxProtocol@@6B@ ( 46.80s ) -> converting function ??_7wxSockAddress@@6B@ ( 46.80s ) -> converting function ??_7wxFileProto@@6B@ ( 46.80s ) -> converting function ??_7wxTCPClient@@6B@ ( 46.80s ) -> converting function ??_7wxTCPServer@@6B@ ( 46.80s ) -> converting function ??_7wxTCPConnection@@6B@ ( 46.80s ) -> converting function ??_7wxSocketOutputStream@@6B@ ( 46.81s ) -> converting function ??_7wxSocketInputStream@@6B@ ( 46.81s ) -> converting function ??_7wxSocketStream@@6BwxSocketOutputStream@@@ ( 46.81s ) -> converting function ??_7wxSocketStream@@6BwxSocketInputStream@@@ ( 46.81s ) -> converting function ??_7wxSocketBase@@6B@ ( 46.81s ) -> converting function ??_7wxSocketClient@@6B@ ( 46.82s ) -> converting function ??_7wxDatagramSocket@@6B@ ( 46.82s ) -> converting function ??_7wxSocketServer@@6B@ ( 46.82s ) -> converting function ??_7wxURL@@6B@ ( 46.82s ) -> converting function ?ms_classInfo@wxFTP@@2VwxClassInfo@@A ( 46.82s ) -> converting function ?g_proto_wxFTP@wxFTP@@2VwxProtoInfo@@A ( 46.83s ) -> converting function ?ms_classInfo@wxHTTP@@2VwxClassInfo@@A ( 46.83s ) -> converting function ?g_proto_wxHTTP@wxHTTP@@2VwxProtoInfo@@A ( 46.83s ) -> converting function ?ms_classInfo@wxProtoInfo@@2VwxClassInfo@@A ( 46.83s ) -> converting function ?ms_classInfo@wxProtocol@@2VwxClassInfo@@A ( 46.83s ) -> converting function ?ms_classInfo@wxSockAddress@@2VwxClassInfo@@A ( 46.83s ) -> converting function ?ms_classInfo@wxIPaddress@@2VwxClassInfo@@A ( 46.84s ) -> converting function ?ms_classInfo@wxIPV4address@@2VwxClassInfo@@A ( 46.84s ) -> converting function ?ms_classInfo@wxFileProto@@2VwxClassInfo@@A ( 46.84s ) -> converting function ?g_proto_wxFileProto@wxFileProto@@2VwxProtoInfo@@A ( 46.84s ) -> converting function ?ms_classInfo@wxTCPServer@@2VwxClassInfo@@A ( 46.84s ) -> converting function ?ms_classInfo@wxTCPClient@@2VwxClassInfo@@A ( 46.84s ) -> converting function ?ms_classInfo@wxTCPConnection@@2VwxClassInfo@@A ( 46.85s ) -> converting function ?wxEVT_SOCKET@@3V?$wxEventTypeTag@VwxSocketEvent@@@@B ( 46.85s ) -> converting function ?ms_classInfo@wxSocketBase@@2VwxClassInfo@@A ( 46.85s ) -> converting function ?ms_classInfo@wxSocketServer@@2VwxClassInfo@@A ( 46.85s ) -> converting function ?ms_classInfo@wxSocketClient@@2VwxClassInfo@@A ( 46.85s ) -> converting function ?ms_classInfo@wxDatagramSocket@@2VwxClassInfo@@A ( 46.85s ) -> converting function ?ms_classInfo@wxSocketEvent@@2VwxClassInfo@@A ( 46.86s ) -> converting function ?ms_protocols@wxURL@@1PEAVwxProtoInfo@@EA ( 46.86s ) -> converting function ?ms_proxyDefault@wxURL@@1PEAVwxHTTP@@EA ( 46.86s ) -> converting function ?ms_useDefaultProxy@wxURL@@1_NA ( 46.86s ) -> converting function ?ms_classInfo@wxURL@@2VwxClassInfo@@A ( 46.86s ) Running phase: removing functions prefixed with [__decompiler_undefined_function_] ( 46.89s ) Running phase: removing functions from standard libraries ( 47.02s ) Running phase: removing code that is not reachable in a CFG ( 47.02s ) Warning: [NonRecursiveCFGBuilder] there is no node for an edge to `goto 0x1800080ae` -> skipping this edge Warning: [NonRecursiveCFGBuilder] there is no node for an edge to `goto 0x18000942d` -> skipping this edge Warning: [NonRecursiveCFGBuilder] there is no node for an edge to `v1_180009803 = (v0_180009803 + 8)` -> skipping this edge Warning: [NonRecursiveCFGBuilder] there is no node for an edge to `goto 0x18000f84f` -> skipping this edge Warning: [NonRecursiveCFGBuilder] there is no node for an edge to `goto 0x18000f703` -> skipping this edge Running phase: signed/unsigned types fixing ( 47.24s ) Running phase: converting LLVM intrinsic functions to standard functions ( 47.47s ) Running phase: obtaining debug information ( 47.54s ) Running phase: alias analysis [simple] ( 47.55s ) Running phase: optimizations [normal] ( 47.61s ) -> running GotoStmtOptimizer ( 47.62s ) -> running RemoveUselessCastsOptimizer ( 47.65s ) -> running UnusedGlobalVarOptimizer ( 47.70s ) -> running DeadLocalAssignOptimizer ( 47.77s ) -> running SimpleCopyPropagationOptimizer ( 48.84s ) Warning: [NonRecursiveCFGBuilder] there is no node for an edge to `goto 0x1800080ae` -> skipping this edge Warning: [NonRecursiveCFGBuilder] there is no node for an edge to `goto 0x18000942d` -> skipping this edge Warning: [NonRecursiveCFGBuilder] there is no node for an edge to `v1_180009803 = (v0_180009803 + 8)` -> skipping this edge Warning: [NonRecursiveCFGBuilder] there is no node for an edge to `goto 0x18000f84f` -> skipping this edge Warning: [NonRecursiveCFGBuilder] there is no node for an edge to `goto 0x18000f703` -> skipping this edge -> running CopyPropagationOptimizer ( 72.32s ) Warning: [NonRecursiveCFGBuilder] there is no node for an edge to `goto 0x1800080ae` -> skipping this edge Warning: [NonRecursiveCFGBuilder] there is no node for an edge to `goto 0x18000942d` -> skipping this edge Warning: [NonRecursiveCFGBuilder] there is no node for an edge to `v1_180009803 = (v0_180009803 + 8)` -> skipping this edge Warning: [NonRecursiveCFGBuilder] there is no node for an edge to `goto 0x18000f84f` -> skipping this edge Warning: [NonRecursiveCFGBuilder] there is no node for an edge to `goto 0x18000f703` -> skipping this edge -> running AuxiliaryVariablesOptimizer ( 105.12s ) Warning: [NonRecursiveCFGBuilder] there is no node for an edge to `goto 0x1800080ae` -> skipping this edge Warning: [NonRecursiveCFGBuilder] there is no node for an edge to `goto 0x18000942d` -> skipping this edge Warning: [NonRecursiveCFGBuilder] there is no node for an edge to `v1_180009803 = (v0_180009803 + 8)` -> skipping this edge Warning: [NonRecursiveCFGBuilder] there is no node for an edge to `goto 0x18000f84f` -> skipping this edge Warning: [NonRecursiveCFGBuilder] there is no node for an edge to `goto 0x18000f703` -> skipping this edge -> running SimplifyArithmExprOptimizer ( 116.70s ) -> running IfStructureOptimizer ( 116.78s ) -> running LoopLastContinueOptimizer ( 116.80s ) -> running PreWhileTrueLoopConvOptimizer ( 116.83s ) -> running WhileTrueToForLoopOptimizer ( 117.00s ) -> running WhileTrueToWhileCondOptimizer ( 117.03s ) -> running IfBeforeLoopOptimizer ( 117.05s ) -> running LLVMIntrinsicsOptimizer ( 117.08s ) -> running VoidReturnOptimizer ( 117.14s ) -> running BreakContinueReturnOptimizer ( 117.16s ) -> running BitShiftOptimizer ( 117.18s ) -> running DerefAddressOptimizer ( 117.22s ) -> running EmptyArrayToStringOptimizer ( 117.24s ) -> running BitOpToLogOpOptimizer ( 117.25s ) -> running SimplifyArithmExprOptimizer ( 117.27s ) -> running UnusedGlobalVarOptimizer ( 117.32s ) -> running DeadLocalAssignOptimizer ( 117.35s ) -> running SimpleCopyPropagationOptimizer ( 117.93s ) Warning: [NonRecursiveCFGBuilder] there is no node for an edge to `goto 0x1800080ae` -> skipping this edge Warning: [NonRecursiveCFGBuilder] there is no node for an edge to `goto 0x18000942d` -> skipping this edge Warning: [NonRecursiveCFGBuilder] there is no node for an edge to `v0_180009807 = v17_180009807` -> skipping this edge Warning: [NonRecursiveCFGBuilder] there is no node for an edge to `goto 0x18000f84f` -> skipping this edge Warning: [NonRecursiveCFGBuilder] there is no node for an edge to `goto 0x18000f703` -> skipping this edge -> running CopyPropagationOptimizer ( 144.45s ) Warning: [NonRecursiveCFGBuilder] there is no node for an edge to `goto 0x1800080ae` -> skipping this edge Warning: [NonRecursiveCFGBuilder] there is no node for an edge to `goto 0x18000942d` -> skipping this edge Warning: [NonRecursiveCFGBuilder] there is no node for an edge to `v0_180009807 = v17_180009807` -> skipping this edge Warning: [NonRecursiveCFGBuilder] there is no node for an edge to `goto 0x18000f84f` -> skipping this edge Warning: [NonRecursiveCFGBuilder] there is no node for an edge to `goto 0x18000f703` -> skipping this edge -> running SelfAssignOptimizer ( 165.13s ) -> running VarDefForLoopOptimizer ( 165.22s ) -> running VarDefStmtOptimizer ( 165.30s ) -> running EmptyStmtOptimizer ( 166.13s ) -> running GotoStmtOptimizer ( 166.23s ) -> running SimplifyArithmExprOptimizer ( 166.27s ) -> running DeadCodeOptimizer ( 166.33s ) -> running DerefToArrayIndexOptimizer ( 166.36s ) -> running IfToSwitchOptimizer ( 166.42s ) -> running CCastOptimizer ( 166.49s ) -> running CArrayArgOptimizer ( 167.28s ) Running phase: variable renaming [readable] ( 167.31s ) Running phase: converting constants to symbolic names ( 167.66s ) Running phase: module validation ( 167.76s ) -> running BreakOutsideLoopValidator ( 167.76s ) Warning: In _3f_SendHeaders_40_wxHTTP_40__40_IEAAXXZ(), found `break` outside of a loop or a switch statement. Warning: In function_180009690(), found `break` outside of a loop or a switch statement. Warning: In function_1800098c0(), found `break` outside of a loop or a switch statement. Warning: In function_1800134d0(), found `break` outside of a loop or a switch statement. -> running NoGlobalVarDefValidator ( 167.81s ) -> running ReturnValidator ( 167.86s ) Running phase: emission of the target code [c] ( 167.90s ) Running phase: finalization ( 168.32s ) Running phase: cleanup ( 169.00s ) ##### Done! >
ファイル | 形式 |
---|---|
wxbase30u_net_vc90_x64.dll.bc | LLVM bitcode format |
wxbase30u_net_vc90_x64.dll.c | C Source code |
wxbase30u_net_vc90_x64.dll.json | Metadata json format |
wxbase30u_net_vc90_x64.dll.ll | LLVM assembly language format |
wxbase30u_net_vc90_x64.dll.dsm | Disassembly output in our custom format |
参考文献
パッカーとは...
パッカーとは、マルウェアの実行時に、マルウェア対策エンジンや静的分析による検出を回避するため、マルウェアの暗号化と圧縮および復号を行う。
UPX が代表的なパッカーである。
UPX の特徴
- 圧縮にはUCLと呼ばれるデータ圧縮アルゴリズムを用いてる。
- UCL は解凍用のコードがわずか数百バイトで実装できるようなシンプルな設計となっている。
- UCLは解凍のための追加のメモリ割り当てを要求しない。このことはUPXで圧縮された実行ファイルが余計なメモリを要求しないことを意味し、明確な優位点となっている。
- UPX(2.90 beta以上)では多くのプラットフォームで LZMA が利用可能になっている。しかし、古いコンピュータでは解凍速度が遅いので16ビット環境ではデフォルトで無効化されている(–lzmaオプションを用いると強制的に有効化できる)。
逆コンパイラの前に逆アセンブルやデバッガ?
逆アセンブラやデバッガには以下のようなものがある。(有名どころ)
しかし、ここで大事なことはプログラム解析手法には、静的プログラム解析 (Static Program Analysis) と 動的プログラム解析 (Dynamic Program Analysis) の 2 つがあることである。
逆アセンブラ/逆コンパイラが静的解析 (プログラムの実行を必要としない解析) であり、デバッガは動的解析 (プログラムの実行を必要とする解析) である。(Java アプリの場合は両方の解析が必要)
マルウエアなどを動的解析するにはリスクを伴うので、通常は仮想マシンなどの サンドボックス (Sandbox) 環境で解析が行われる。
- Ghidra (ギドラ)
- ギドラ ソフトウェア リバースエンジニアリング フレームワーク
- 米国家安全保障局 (NSA) が 2019/03 にリリース 4 月にソース公開
- Ghidra - Wikipedia (英語)
- IDA Pro (アイダ プロ)
- Windows、Linux、MacOS 対応デバッガ (有償)
- OllyDbg (オリーデバッガ)
- x86 用 Windows デバッガ (x64 非対応)
- Immunity Debugger (イミュニティー デバッガ)
- x86 用 Windows デバッガ (x64 非対応)
-
- Microsoft 製 Windows デバッガ
- x86/x64 ユーザモード/カーネルモード Hyper-V のアタッチ 対応
-
- UNIX ライク リバースエンジニアリング フレームワークとコマンドラインツール
- Linux, *BSD, Windows, OSX, Android, iOS, Solaris, Haiku
- オープンソース: GitHub - radare/radare2
-
- x86/x64 Windows デバッガ
-
- クロスプラットフォーム(Linux, FreeBSD, OpenBSD, OSX, Windows AArch32/x86/x64 デバッガ
- オープンソース
この分野のおすすめ関連書籍
アナライジング・マルウェア
- フリーツールを使った感染事案対処
Amazon
リバースエンジニアリング
- Pythonによるバイナリ解析技法
Amazon
Binary Hacks
- ハッカー秘伝のテクニック100選
Amazon
インターネット上で起きているセキュリティ事件の速報
セキュリティを深めるために、現在インターネット上で起こっている事件の速報情報を入手することはとても大事なことである。
いつ自分がそのようなセキュリティリスクに直面するか分からないので、日ごろからそのような情報を集めて対策を行っておくことが重要である。
情報セキュリティ、サイバーセキュリティに関して、以下に有益な情報を提供するサイトを何個か記載しておく。
セキュリティブログ
Avast Blog (英語)
Avast 公式 セキュリティ ブログ (日本語)
OSSセキュリティブログ - サイオスセキュリティブログ (日本語)
ブラックベリーサイランス (AI セキュリティ会社) ブログ (日本語)
トレンドマイクロ セキュリティブログ (日本語)
CVE | Semmle Blog (英語)
脆弱性情報源
Japan Vulnerability Notes (日本語)
Japan Vulnerability Notes - Twitter (日本語)
JVN iPedia - 脆弱性対策情報データベース - 脆弱性情報をデータベース化し一般向けに公開
- CVE: 脆弱性のID
- CVSS: 脆弱性の深刻度点数
- CWE: 脆弱性のカテゴリ
ざっくり分かる脆弱性指標 - CVE CVSS CWE - Qiita より
JPCERT コーディネーションセンター
CVE - Common Vulnerabilities and Exposures (CVE) (英語)
IPA 独立行政法人 情報処理推進機構:重要なセキュリティ情報一覧
Web 改竄情報源
Zone-H.org - Unrestricted information - エストニアのセキュリティーニュースサイト
※Zone-H.org にはサイバー犯罪アーカイブがある。注意: 操作やアクセスはすべて自己責任で!!
JPドメイン Web改竄速報
(注意: 2019/09/14現在 zone-h の CAPTCHA 変更により 2018/05 中旬よりリアルタイム更新が止まっているようである)
Malware Domain List (英語)
※こちらも、注意: 操作やアクセスはすべて自己責任で!!
Web 改竄検知ツール
Tripwire
Tripwireについて|トリップワイヤ・ジャパン株式会社
Open Source Tripwire (商用版もあり)
GitHub - Tripwire/tripwire-open-source: Open Source Tripwire®
Tripwireによるファイル改ざん検知の導入〜設定〜運用の流れ - Qiita
Tripwire [IT Admins Group]
ソースコード セキュリティ分析
参考文献
ネットセキュリティブログ
マルウェア検体を入手する方法について
debuggers - What is the linux equivalent to OllyDbg and Ida Pro? - Reverse Engineering Stack Exchange
Ghidra - Wikipedia
ブログ | Cylance Japan株式会社
脅威のスポットライト:Ghidraによるコード解析入門| Cylance Japan株式会社
WikiLeaks - [Vault 7] の公開元
暴露されたCIAの諜報能力「Vault 7」の衝撃度(前編) - THE ZERO/ONE
暴露されたCIAの諜報能力「Vault 7」の衝撃度(中編) - THE ZERO/ONE
暴露されたCIAの諜報能力「Vault 7」の衝撃度(後編) - THE ZERO/ONE