During these days, I have been working on cracking expensive commercial software. That’s why I write up in English. Hopes that no one spotted it 😽

Understand the Python packed binary

I have succeeded in cracking this software long ago. At that time the programs are naïve. The newer version confuses me. When I opened it under reverse engineering software such as Ghidra and IDA Pro, I got only confusing codes. A genius guy at the BBS releases a patcher written in Golang for the older versions. I then reverse-engineer the patcher. The code isn’t clear to me. But it says an immediate value of “40202b2028207370”, meaning “@ + ( sp” in my opinion. I suddenly realized, the program is compiled to an executable file (PE or ELF) from Python scripts!

From the Internet, many articles tell me how to unpack the binary compiled by PyInstaller. The official pyi-archive_viewer could do it for me. However, it confuses me because I got only several files from the top-level, instead of the innumerable files in the PYZ-00.pyz! I think pyinstxtractor is easier to use and straightforward. It extracts all the files in one run.

The pyc to py by uncompyle6 goes smoothly, except that you have to use Python versions earlier than 3.9. There are, indeed, a lot of struggling efforts.

After obtaining the Python source codes, I then lost. I could, of course, patch the .py files. I cannot restore them to the binary file. It is not mentioned in the Internet. Maybe it is impossible. One thing to mention is, the file is packed using Python 2.7.

And how I got to know where to patch is, I run the program under strace. It is, the Python program calls a binary program with a certain parameter and parses the output. I can patch that binary program!

Have to patch the binary

Well, the code isn’t clear to me either. No, it is me that is a dummy and weak. I patched the program using Ghidra by changing three JNZ to JMP in the .so.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
                             **************************************************************
                             * Licensing::LicensingStateLexActivator::is_licensed(Lice... *
                             **************************************************************
                             undefined __thiscall is_licensed(LicensingStateLexActiva
             undefined         AL:1           <RETURN>
             LicensingState    RDI:8 (auto)   this
             FeatureIdentif    RSI:8          param_1
             undefined1        Stack[-0x20]:1 local_20                                XREF[2]:     001c5343(*), 
                                                                                                   001c53a0(*)  
                             _ZNK9Licensing26LicensingStateLexActivator11is  XREF[6]:     Entry Point(*), 003cdda4, 
                             Licensing::LicensingStateLexActivator::is_lice               003e1844(*), 00417764(*), 
                                                                                          0041776e(*), 00432070(*)  
        001c52f0 41 55           PUSH       R13
        001c52f2 48 8d 15        LEA        RDX,[Licensing::LicensingStateLexActivator::is
                 47 f3 ff ff
        001c52f9 41 54           PUSH       R12
        001c52fb 49 89 f4        MOV        R12,param_1
        001c52fe 55              PUSH       RBP
        001c52ff 48 89 fd        MOV        RBP,this
        001c5302 48 83 ec 10     SUB        RSP,0x10
        001c5306 48 8b 07        MOV        RAX,qword ptr [this]
        001c5309 48 8b 40 60     MOV        RAX,qword ptr [RAX + 0x60]
        001c530d 48 39 d0        CMP        RAX,RDX
        001c5310 75 6e           JNZ        LAB_001c5380                   <- JMP 
        001c5312 48 8b 47 10     MOV        RAX,qword ptr [this + 0x10]
        001c5316 8b 40 10        MOV        EAX,dword ptr [RAX + 0x10]
        001c5319 89 c2           MOV        EDX,EAX
        001c531b 83 e2 fd        AND        EDX,0xfffffffd
        001c531e 83 fa 14        CMP        EDX,0x14
        001c5321 74 63           JZ         LAB_001c5386
        001c5323 83 f8 01        CMP        EAX,0x1
        001c5326 74 5e           JZ         LAB_001c5386
                             LAB_001c5328                                    XREF[1]:     001c5384(j)  
        001c5328 48 8b 45 00     MOV        RAX,qword ptr [RBP]
        001c532c 48 8d 15        LEA        RDX,[Licensing::LicensingStateLexActivator::ge
                 9d ff ff ff
        001c5333 48 8b 80        MOV        RAX,qword ptr [RAX + 0xa8]
                 a8 00 00 00
        001c533a 48 39 d0        CMP        RAX,RDX
        001c533d 75 61           JNZ        LAB_001c53a0                   <- JMP 
        001c533f 48 8b 75 10     MOV        param_1,qword ptr [RBP + 0x10]
        001c5343 4c 8d 6c        LEA        R13=>local_20,[RSP + 0x8]
                 24 08
        001c5348 4c 89 ef        MOV        this,R13
        001c534b 48 83 c6 58     ADD        param_1,0x58
                             LAB_001c534f                                    XREF[1]:     00417762(*)  
        001c534f e8 fc d5        CALL       QList<QString>::QList                            undefined QList(QList<QString> *
                 fb ff

.....

                             LAB_001c5380                                    XREF[2]:     001c5310(j), 0041776b(*)  
        001c5380 ff d0           CALL       RAX
        001c5382 84 c0           TEST       AL,AL
        001c5384 75 a2           JNZ        LAB_001c5328                   <- JMP 
                             LAB_001c5386                                    XREF[2]:     001c5321(j), 001c5326(j)  
        001c5386 48 83 c4 10     ADD        RSP,0x10

It starts but fails to conduct a search. I then NOP the CALL in the main program.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
                     try { // try from 004039dc to 004039e0 has its CatchHandler @
                     LAB_004039dc                                    XREF[1]:     004055c7(*)  
004039dc e8 cf f8        CALL       libthomasv2_kernel.so.1.0.0::Licensing::Checke   undefined is_licensed_or_exit(Fe              <- NOP
         ff ff
                     } // end try from 004039dc to 004039e0
004039e1 4c 89 e7        MOV        RDI,R12
004039e4 48 8d 5c        LEA        RBX=>local_2b4,[RSP + 0x34]
         24 34
004039e9 e8 f2 05        CALL       QString::~QString                                undefined ~QString(QString * this)
         00 00
004039ee be 01 00        MOV        ESI,0x1
         00 00
004039f3 48 89 df        MOV        RDI,RBX
004039f6 48 89 5c        MOV        qword ptr [RSP + local_2e0],RBX
         24 08

The story in Windows

The Windows version is similar to this, only the 1 could bring you to the right place. Three JMP is enough.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
                      LAB_1400138a2                                            XREF[1]:             14001386f(j)  
1400138a2 48 8b 46 10     MOV        RAX,qword ptr [RSI + 0x10]
1400138a6 8b 48 10        MOV        param_1,dword ptr [RAX + 0x10]
1400138a9 83 f9 16        CMP        param_1,0x16
1400138ac 75 2d           JNZ        LAB_1400138db                   <- JMP 
1400138ae 48 8b 07        MOV        RAX,qword ptr [RDI]
1400138b1 48 8b 58 38     MOV        RBX,qword ptr [RAX + 0x38]
1400138b5 48 8b 06        MOV        RAX,qword ptr [RSI]
1400138b8 48 8d 55 40     LEA        param_2=>local_res8,[RBP + 0x40]
1400138bc 48 8b ce        MOV        param_1,RSI
1400138bf ff 90 88        CALL       qword ptr [RAX + 0x88]
          00 00 00
1400138c5 90              NOP
1400138c6 4c 8b c0        MOV        param_3,RAX
1400138c9 49 8b d4        MOV        param_2,R12
1400138cc 48 8b cf        MOV        param_1,RDI
1400138cf ff d3           CALL       RBX
1400138d1 90              NOP
1400138d2 48 8d 4d 40     LEA        param_1=>local_res8,[RBP + 0x40]
1400138d6 e9 42 02        JMP        LAB_140013b1d
          00 00
                      LAB_1400138db                                            XREF[1]:             1400138ac(j)  
1400138db 83 f9 14        CMP        param_1,0x14
1400138de 75 2d           JNZ        LAB_14001390d                   <- JMP 
1400138e0 48 8b 07        MOV        RAX,qword ptr [RDI]
1400138e3 48 8b 58 40     MOV        RBX,qword ptr [RAX + 0x40]
1400138e7 48 8b 06        MOV        RAX,qword ptr [RSI]
1400138ea 48 8d 55 40     LEA        param_2=>local_res8,[RBP + 0x40]
1400138ee 48 8b ce        MOV        param_1,RSI
1400138f1 ff 90 80        CALL       qword ptr [RAX + 0x80]
          00 00 00
1400138f7 90              NOP
1400138f8 4c 8b c0        MOV        param_3,RAX
1400138fb 49 8b d4        MOV        param_2,R12
1400138fe 48 8b cf        MOV        param_1,RDI
140013901 ff d3           CALL       RBX
140013903 90              NOP
140013904 48 8d 4d 40     LEA        param_1=>local_res8,[RBP + 0x40]
140013908 e9 10 02        JMP        LAB_140013b1d
          00 00
                      LAB_14001390d                                            XREF[1]:             1400138de(j)  
14001390d 83 f9 01        CMP        param_1,0x1
140013910 75 28           JNZ        LAB_14001393a                   <- JMP 
140013912 48 8b 4e 10     MOV        param_1,qword ptr [RSI + 0x10]
140013916 48 83 c1 60     ADD        param_1,0x60
14001391a e8 41 53        CALL       FUN_140008c60                                                                                      undef
          ff ff
14001391f 48 8b 17        MOV        param_2,qword ptr [RDI]

The bad thing for GDB in Windows is that the entry point is keeping changing. You can use info file to manually read it. That is,

1
2
3
4
5
(gdb) starti
(gdb) info file
# It tells you the Entry point is 0x7ff76017bcf0.
(gdb) layout asm  # Find the asm code, and search in the ghidra.
# You will do the transformation between 0x14001bcf0 in file to 0x7ff76017bcf0 in the memory, manually.

The Windows version needs another patch, say

1
2
3
4
5
6
7
8
18000cae0 48 8d 4c        LEA        RCX=>local_res10,[RSP + 0x58]
          24 58
18000cae5 ff 15 3d        CALL       qword ptr [->QT5CORE.DLL::QString::~QString]                                                                                   = 0005f9e2
          3b 03 00
18000caeb 84 db           TEST       BL,BL
18000caed 74 29           JZ         LAB_18000cb18                   <- NOP
18000caef 48 83 c4 40     ADD        RSP,0x40
18000caf3 5b              POP        RBX

For the Windows version, the code is different. I can bypass the check through a wrapper program. I’m still studying the logic of the Windows version.

Now it can search in both GNU/Linux and Windows.

Another binary

It doesn’t use Python. I cannot find strings. I give up.

Finding the strings through grep, there are many .do files. I give up.

Round two

2022-12-26 Update:

You should use x64dbg for Windows. It feels like OllyDbg!

The logic is simple!

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205

00007FFCC34EA4A0 | 48:895C24 10             | mov qword ptr ss:[rsp+10],rbx  <- RET                                                                                                         |
00007FFCC34EA4A5 | 55                       | push rbp                                                                                                                                      |
00007FFCC34EA4A6 | 56                       | push rsi                                                                                                                                      |
00007FFCC34EA4A7 | 57                       | push rdi                                                                                                                                      |
00007FFCC34EA4A8 | 41:54                    | push r12                                                                                                                                      |
00007FFCC34EA4AA | 41:55                    | push r13                                                                                                                                      | r13:&"C:\\CCDC\\CSD_2022\\Mercury\\mercury.exe"
00007FFCC34EA4AC | 41:56                    | push r14                                                                                                                                      |
00007FFCC34EA4AE | 41:57                    | push r15                                                                                                                                      |
00007FFCC34EA4B0 | 48:8BEC                  | mov rbp,rsp                                                                                                                                   |
00007FFCC34EA4B3 | 48:83EC 70               | sub rsp,70                                                                                                                                    |
00007FFCC34EA4B7 | 49:8BF8                  | mov rdi,r8                                                                                                                                    |
00007FFCC34EA4BA | 4C:8BE2                  | mov r12,rdx                                                                                                                                   |
00007FFCC34EA4BD | 48:8BF1                  | mov rsi,rcx                                                                                                                                   |
00007FFCC34EA4C0 | 48:8B41 10               | mov rax,qword ptr ds:[rcx+10]                                                                                                                 |
00007FFCC34EA4C4 | 8B48 10                  | mov ecx,dword ptr ds:[rax+10]                                                                                                                 |
00007FFCC34EA4C7 | 90                       | nop                                                                                                                                           |
00007FFCC34EA4C8 | 83F9 16                  | cmp ecx,16                                                                                                                                    |
00007FFCC34EA4CB | 75 2D                    | jne guilib_qt.7FFCC34EA4FA                                                                                                                    |
00007FFCC34EA4CD | 49:8B00                  | mov rax,qword ptr ds:[r8]                                                                                                                     |
00007FFCC34EA4D0 | 48:8B58 30               | mov rbx,qword ptr ds:[rax+30]                                                                                                                 |
00007FFCC34EA4D4 | 48:8B06                  | mov rax,qword ptr ds:[rsi]                                                                                                                    |
00007FFCC34EA4D7 | 48:8D55 40               | lea rdx,qword ptr ss:[rbp+40]                                                                                                                 |
00007FFCC34EA4DB | 48:8BCE                  | mov rcx,rsi                                                                                                                                   |
00007FFCC34EA4DE | FF90 88000000            | call qword ptr ds:[rax+88]                                                                                                                    |
00007FFCC34EA4E4 | 90                       | nop                                                                                                                                           |
00007FFCC34EA4E5 | 4C:8BC0                  | mov r8,rax                                                                                                                                    |
00007FFCC34EA4E8 | 49:8BD4                  | mov rdx,r12                                                                                                                                   |
00007FFCC34EA4EB | 48:8BCF                  | mov rcx,rdi                                                                                                                                   |
00007FFCC34EA4EE | FFD3                     | call rbx                                                                                                                                      |
00007FFCC34EA4F0 | 90                       | nop                                                                                                                                           |
00007FFCC34EA4F1 | 48:8D4D 40               | lea rcx,qword ptr ss:[rbp+40]                                                                                                                 |
00007FFCC34EA4F5 | E9 43020000              | jmp guilib_qt.7FFCC34EA73D                                                                                                                    |
00007FFCC34EA4FA | 83F9 14                  | cmp ecx,14                                                                                                                                    |
00007FFCC34EA4FD | 75 2D                    | jne guilib_qt.7FFCC34EA52C                                                                                                                    |
00007FFCC34EA4FF | 49:8B00                  | mov rax,qword ptr ds:[r8]                                                                                                                     |
00007FFCC34EA502 | 48:8B58 38               | mov rbx,qword ptr ds:[rax+38]                                                                                                                 |
00007FFCC34EA506 | 48:8B06                  | mov rax,qword ptr ds:[rsi]                                                                                                                    |
00007FFCC34EA509 | 48:8D55 40               | lea rdx,qword ptr ss:[rbp+40]                                                                                                                 |
00007FFCC34EA50D | 48:8BCE                  | mov rcx,rsi                                                                                                                                   |
00007FFCC34EA510 | FF90 80000000            | call qword ptr ds:[rax+80]                                                                                                                    |
00007FFCC34EA516 | 90                       | nop                                                                                                                                           |
00007FFCC34EA517 | 4C:8BC0                  | mov r8,rax                                                                                                                                    |
00007FFCC34EA51A | 49:8BD4                  | mov rdx,r12                                                                                                                                   |
00007FFCC34EA51D | 48:8BCF                  | mov rcx,rdi                                                                                                                                   |
00007FFCC34EA520 | FFD3                     | call rbx                                                                                                                                      |
00007FFCC34EA522 | 90                       | nop                                                                                                                                           |
00007FFCC34EA523 | 48:8D4D 40               | lea rcx,qword ptr ss:[rbp+40]                                                                                                                 |
00007FFCC34EA527 | E9 11020000              | jmp guilib_qt.7FFCC34EA73D                                                                                                                    |
00007FFCC34EA52C | 83F9 01                  | cmp ecx,1                                                                                                                                     |
00007FFCC34EA52F | 75 28                    | jne guilib_qt.7FFCC34EA559                                                                                                                    |
00007FFCC34EA531 | 48:8B4E 10               | mov rcx,qword ptr ds:[rsi+10]                                                                                                                 |
00007FFCC34EA535 | 48:83C1 60               | add rcx,60                                                                                                                                    |
00007FFCC34EA539 | E8 C208FEFF              | call <guilib_qt.public: enum RotatedTextWidgets::Rotation __cdecl RotatedTextWidgets::CheckBox::rotation(void) const>                         |
00007FFCC34EA53E | 48:8B17                  | mov rdx,qword ptr ds:[rdi]                                                                                                                    |
00007FFCC34EA541 | 48:8BCF                  | mov rcx,rdi                                                                                                                                   |
00007FFCC34EA544 | 83F8 01                  | cmp eax,1                                                                                                                                     |
00007FFCC34EA547 | 75 08                    | jne guilib_qt.7FFCC34EA551                                                                                                                    |
00007FFCC34EA549 | FF52 28                  | call qword ptr ds:[rdx+28]                                                                                                                    |
00007FFCC34EA54C | E9 F2010000              | jmp guilib_qt.7FFCC34EA743                                                                                                                    |
00007FFCC34EA551 | FF52 18                  | call qword ptr ds:[rdx+18]                                                                                                                    |
00007FFCC34EA554 | E9 EA010000              | jmp guilib_qt.7FFCC34EA743                                                                                                                    |
00007FFCC34EA559 | 48:8B06                  | mov rax,qword ptr ds:[rsi]                                                                                                                    |
00007FFCC34EA55C | 48:8BCE                  | mov rcx,rsi                                                                                                                                   |
00007FFCC34EA55F | FF50 58                  | call qword ptr ds:[rax+58]                                                                                                                    |
00007FFCC34EA562 | 84C0                     | test al,al                                                                                                                                    |
00007FFCC34EA564 | 0F84 D9010000            | je guilib_qt.7FFCC34EA743      <- NOP                                                                                                         |
00007FFCC34EA56A | 48:8B06                  | mov rax,qword ptr ds:[rsi]                                                                                                                    |
00007FFCC34EA56D | 48:8D55 58               | lea rdx,qword ptr ss:[rbp+58]                                                                                                                 |
00007FFCC34EA571 | 48:8BCE                  | mov rcx,rsi                                                                                                                                   |
00007FFCC34EA574 | FF90 A0000000            | call qword ptr ds:[rax+A0]                                                                                                                    |
00007FFCC34EA57A | 90                       | nop                                                                                                                                           |
00007FFCC34EA57B | 41:B8 01000000           | mov r8d,1                                                                                                                                     |
00007FFCC34EA581 | 49:8BD4                  | mov rdx,r12                                                                                                                                   |
00007FFCC34EA584 | 48:8BC8                  | mov rcx,rax                                                                                                                                   |
00007FFCC34EA587 | FF15 9B461000            | call qword ptr ds:[<&bool __cdecl QtPrivate::QStringList_contains(class QStringList const *, class QString const &, enum Qt::CaseSensitivity) |
00007FFCC34EA58D | 84C0                     | test al,al                                                                                                                                    |
00007FFCC34EA58F | 41:0F94C5                | sete r13b                                                                                                                                     |
00007FFCC34EA593 | 48:8B45 58               | mov rax,qword ptr ss:[rbp+58]                                                                                                                 |
00007FFCC34EA597 | 8B08                     | mov ecx,dword ptr ds:[rax]                                                                                                                    |
00007FFCC34EA599 | 85C9                     | test ecx,ecx                                                                                                                                  |
00007FFCC34EA59B | 74 17                    | je guilib_qt.7FFCC34EA5B4                                                                                                                     |
00007FFCC34EA59D | 83F9 FF                  | cmp ecx,FFFFFFFF                                                                                                                              |
00007FFCC34EA5A0 | 74 5A                    | je guilib_qt.7FFCC34EA5FC                                                                                                                     |
00007FFCC34EA5A2 | 48:8B45 58               | mov rax,qword ptr ss:[rbp+58]                                                                                                                 |
00007FFCC34EA5A6 | B9 FFFFFFFF              | mov ecx,FFFFFFFF                                                                                                                              |
00007FFCC34EA5AB | F0:0FC108                | lock xadd dword ptr ds:[rax],ecx                                                                                                              |
00007FFCC34EA5AF | 83F9 01                  | cmp ecx,1                                                                                                                                     |
00007FFCC34EA5B2 | 75 48                    | jne guilib_qt.7FFCC34EA5FC                                                                                                                    |
00007FFCC34EA5B4 | 4C:8B7D 58               | mov r15,qword ptr ss:[rbp+58]                                                                                                                 |
00007FFCC34EA5B8 | 4D:6377 08               | movsxd r14,dword ptr ds:[r15+8]                                                                                                               |
00007FFCC34EA5BC | 49:83C6 02               | add r14,2                                                                                                                                     |
00007FFCC34EA5C0 | 4F:8D34F7                | lea r14,qword ptr ds:[r15+r14*8]                                                                                                              |
00007FFCC34EA5C4 | 49:635F 0C               | movsxd rbx,dword ptr ds:[r15+C]                                                                                                               |
00007FFCC34EA5C8 | 48:83C3 02               | add rbx,2                                                                                                                                     |
00007FFCC34EA5CC | 49:8D1CDF                | lea rbx,qword ptr ds:[r15+rbx*8]                                                                                                              |
00007FFCC34EA5D0 | 49:3BDE                  | cmp rbx,r14                                                                                                                                   |
00007FFCC34EA5D3 | 74 1D                    | je guilib_qt.7FFCC34EA5F2                                                                                                                     |
00007FFCC34EA5D5 | 666666:0F1F8400 00000000 | nop word ptr ds:[rax+rax],ax                                                                                                                  |
00007FFCC34EA5E0 | 48:83EB 08               | sub rbx,8                                                                                                                                     |
00007FFCC34EA5E4 | 48:8BCB                  | mov rcx,rbx                                                                                                                                   |
00007FFCC34EA5E7 | FF15 E3501000            | call qword ptr ds:[<&public: __cdecl QString::~QString(void)>]                                                                                |
00007FFCC34EA5ED | 49:3BDE                  | cmp rbx,r14                                                                                                                                   |
00007FFCC34EA5F0 | 75 EE                    | jne guilib_qt.7FFCC34EA5E0                                                                                                                    |
00007FFCC34EA5F2 | 49:8BCF                  | mov rcx,r15                                                                                                                                   |
00007FFCC34EA5F5 | FF15 85501000            | call qword ptr ds:[<&public: static void __cdecl QListData::dispose(struct QListData::Data *)>]                                               |
00007FFCC34EA5FB | 90                       | nop                                                                                                                                           |
00007FFCC34EA5FC | 48:8B07                  | mov rax,qword ptr ds:[rdi]                                                                                                                    |
00007FFCC34EA5FF | 49:8BD4                  | mov rdx,r12                                                                                                                                   |
00007FFCC34EA602 | 48:8BCF                  | mov rcx,rdi                                                                                                                                   |
00007FFCC34EA605 | 45:84ED                  | test r13b,r13b                                                                                                                                |
00007FFCC34EA608 | 74 13                    | je guilib_qt.7FFCC34EA61D                                                                                                                     |
00007FFCC34EA60A | C745 40 01000000         | mov dword ptr ss:[rbp+40],1                                                                                                                   |
00007FFCC34EA611 | 4C:8D45 40               | lea r8,qword ptr ss:[rbp+40]                                                                                                                  |
00007FFCC34EA615 | FF50 10                  | call qword ptr ds:[rax+10]                                                                                                                    |
00007FFCC34EA618 | E9 26010000              | jmp guilib_qt.7FFCC34EA743                                                                                                                    |
00007FFCC34EA61D | FF50 08                  | call qword ptr ds:[rax+8]                                                                                                                     |
00007FFCC34EA620 | 48:8D4D B0               | lea rcx,qword ptr ss:[rbp-50]                                                                                                                 |
00007FFCC34EA624 | FF15 A6401000            | call qword ptr ds:[<&public: static class QDateTime __cdecl QDateTime::currentDateTimeUtc(void)>]                                             |
00007FFCC34EA62A | 90                       | nop                                                                                                                                           |
00007FFCC34EA62B | 48:8D55 D8               | lea rdx,qword ptr ss:[rbp-28]                                                                                                                 |
00007FFCC34EA62F | 48:8D4D B0               | lea rcx,qword ptr ss:[rbp-50]                                                                                                                 |
00007FFCC34EA633 | FF15 FF501000            | call qword ptr ds:[<&public: class QDate __cdecl QDateTime::date(void) const>]                                                                |
00007FFCC34EA639 | 48:8BD8                  | mov rbx,rax                                                                                                                                   |
00007FFCC34EA63C | 48:8B0E                  | mov rcx,qword ptr ds:[rsi]                                                                                                                    |
00007FFCC34EA63F | 4C:8B81 80000000         | mov r8,qword ptr ds:[rcx+80]                                                                                                                  |
00007FFCC34EA646 | 48:8D55 C0               | lea rdx,qword ptr ss:[rbp-40]                                                                                                                 |
00007FFCC34EA64A | 48:8BCE                  | mov rcx,rsi                                                                                                                                   |
00007FFCC34EA64D | 41:FFD0                  | call r8                                                                                                                                       |
00007FFCC34EA650 | 90                       | nop                                                                                                                                           |
00007FFCC34EA651 | 48:8D55 E0               | lea rdx,qword ptr ss:[rbp-20]                                                                                                                 |
00007FFCC34EA655 | 48:8BC8                  | mov rcx,rax                                                                                                                                   |
00007FFCC34EA658 | FF15 DA501000            | call qword ptr ds:[<&public: class QDate __cdecl QDateTime::date(void) const>]                                                                |
00007FFCC34EA65E | 48:8BD0                  | mov rdx,rax                                                                                                                                   |
00007FFCC34EA661 | 48:8BCB                  | mov rcx,rbx                                                                                                                                   |
00007FFCC34EA664 | FF15 D6441000            | call qword ptr ds:[<&public: __int64 __cdecl QDate::daysTo(class QDate const &) const>]                                                       |
00007FFCC34EA66A | 48:8BD8                  | mov rbx,rax                                                                                                                                   |
00007FFCC34EA66D | 48:8D4D C0               | lea rcx,qword ptr ss:[rbp-40]                                                                                                                 |
00007FFCC34EA671 | FF15 B14E1000            | call qword ptr ds:[<&public: __cdecl QDateTime::~QDateTime(void)>]                                                                            |
00007FFCC34EA677 | 48:83FB 1E               | cmp rbx,1E                                                                                                                                    |
00007FFCC34EA67B | 7F 14                    | jg guilib_qt.7FFCC34EA691                                                                                                                     |
00007FFCC34EA67D | 48:8B0F                  | mov rcx,qword ptr ds:[rdi]                                                                                                                    |
00007FFCC34EA680 | 4C:8B49 40               | mov r9,qword ptr ds:[rcx+40]                                                                                                                  |
00007FFCC34EA684 | 44:8BC3                  | mov r8d,ebx                                                                                                                                   |
00007FFCC34EA687 | 49:8BD4                  | mov rdx,r12                                                                                                                                   |
00007FFCC34EA68A | 48:8BCF                  | mov rcx,rdi                                                                                                                                   |
00007FFCC34EA68D | 41:FFD1                  | call r9                                                                                                                                       |
00007FFCC34EA690 | 90                       | nop                                                                                                                                           |
00007FFCC34EA691 | 48:8D4D B0               | lea rcx,qword ptr ss:[rbp-50]                                                                                                                 |
00007FFCC34EA695 | FF15 8D4E1000            | call qword ptr ds:[<&public: __cdecl QDateTime::~QDateTime(void)>]                                                                            |
00007FFCC34EA69B | 48:8D4D B8               | lea rcx,qword ptr ss:[rbp-48]                                                                                                                 |
00007FFCC34EA69F | FF15 2B401000            | call qword ptr ds:[<&public: static class QDateTime __cdecl QDateTime::currentDateTimeUtc(void)>]                                             |
00007FFCC34EA6A5 | 90                       | nop                                                                                                                                           |
00007FFCC34EA6A6 | 48:8B06                  | mov rax,qword ptr ds:[rsi]                                                                                                                    |
00007FFCC34EA6A9 | 48:8D55 C8               | lea rdx,qword ptr ss:[rbp-38]                                                                                                                 |
00007FFCC34EA6AD | 48:8BCE                  | mov rcx,rsi                                                                                                                                   |
00007FFCC34EA6B0 | FF90 88000000            | call qword ptr ds:[rax+88]                                                                                                                    |
00007FFCC34EA6B6 | 90                       | nop                                                                                                                                           |
00007FFCC34EA6B7 | 48:8BC8                  | mov rcx,rax                                                                                                                                   |
00007FFCC34EA6BA | FF15 18401000            | call qword ptr ds:[<&public: bool __cdecl QDateTime::isNull(void) const>]                                                                     |
00007FFCC34EA6C0 | 0FB6D8                   | movzx ebx,al                                                                                                                                  |
00007FFCC34EA6C3 | 48:8D4D C8               | lea rcx,qword ptr ss:[rbp-38]                                                                                                                 |
00007FFCC34EA6C7 | FF15 5B4E1000            | call qword ptr ds:[<&public: __cdecl QDateTime::~QDateTime(void)>]                                                                            |
00007FFCC34EA6CD | 84DB                     | test bl,bl                                                                                                                                    |
00007FFCC34EA6CF | 75 68                    | jne guilib_qt.7FFCC34EA739                                                                                                                    |
00007FFCC34EA6D1 | 48:8D55 E8               | lea rdx,qword ptr ss:[rbp-18]                                                                                                                 |
00007FFCC34EA6D5 | 48:8D4D B8               | lea rcx,qword ptr ss:[rbp-48]                                                                                                                 |
00007FFCC34EA6D9 | FF15 59501000            | call qword ptr ds:[<&public: class QDate __cdecl QDateTime::date(void) const>]                                                                |
00007FFCC34EA6DF | 48:8BD8                  | mov rbx,rax                                                                                                                                   |
00007FFCC34EA6E2 | 48:8B0E                  | mov rcx,qword ptr ds:[rsi]                                                                                                                    |
00007FFCC34EA6E5 | 4C:8B81 88000000         | mov r8,qword ptr ds:[rcx+88]                                                                                                                  |
00007FFCC34EA6EC | 48:8D55 D0               | lea rdx,qword ptr ss:[rbp-30]                                                                                                                 |
00007FFCC34EA6F0 | 48:8BCE                  | mov rcx,rsi                                                                                                                                   |
00007FFCC34EA6F3 | 41:FFD0                  | call r8                                                                                                                                       |
00007FFCC34EA6F6 | 90                       | nop                                                                                                                                           |
00007FFCC34EA6F7 | 48:8D55 F0               | lea rdx,qword ptr ss:[rbp-10]                                                                                                                 |
00007FFCC34EA6FB | 48:8BC8                  | mov rcx,rax                                                                                                                                   |
00007FFCC34EA6FE | FF15 34501000            | call qword ptr ds:[<&public: class QDate __cdecl QDateTime::date(void) const>]                                                                |
00007FFCC34EA704 | 48:8BD0                  | mov rdx,rax                                                                                                                                   |
00007FFCC34EA707 | 48:8BCB                  | mov rcx,rbx                                                                                                                                   |
00007FFCC34EA70A | FF15 30441000            | call qword ptr ds:[<&public: __int64 __cdecl QDate::daysTo(class QDate const &) const>]                                                       |
00007FFCC34EA710 | 48:8BD8                  | mov rbx,rax                                                                                                                                   |
00007FFCC34EA713 | 48:8D4D D0               | lea rcx,qword ptr ss:[rbp-30]                                                                                                                 |
00007FFCC34EA717 | FF15 0B4E1000            | call qword ptr ds:[<&public: __cdecl QDateTime::~QDateTime(void)>]                                                                            |
00007FFCC34EA71D | 48:83FB 01               | cmp rbx,1                                                                                                                                     |
00007FFCC34EA721 | 7F 16                    | jg guilib_qt.7FFCC34EA739                                                                                                                     |
00007FFCC34EA723 | 48:8B0F                  | mov rcx,qword ptr ds:[rdi]                                                                                                                    |
00007FFCC34EA726 | 4C:8B49 48               | mov r9,qword ptr ds:[rcx+48]                                                                                                                  |
00007FFCC34EA72A | 41:B8 07000000           | mov r8d,7                                                                                                                                     |
00007FFCC34EA730 | 8BD3                     | mov edx,ebx                                                                                                                                   |
00007FFCC34EA732 | 48:8BCF                  | mov rcx,rdi                                                                                                                                   |
00007FFCC34EA735 | 41:FFD1                  | call r9                                                                                                                                       |
00007FFCC34EA738 | 90                       | nop                                                                                                                                           |
00007FFCC34EA739 | 48:8D4D B8               | lea rcx,qword ptr ss:[rbp-48]                                                                                                                 |
00007FFCC34EA73D | FF15 E54D1000            | call qword ptr ds:[<&public: __cdecl QDateTime::~QDateTime(void)>]                                                                            |
00007FFCC34EA743 | 48:8B9C24 B8000000       | mov rbx,qword ptr ss:[rsp+B8]                                                                                                                 |
00007FFCC34EA74B | 48:83C4 70               | add rsp,70                                                                                                                                    |
00007FFCC34EA74F | 41:5F                    | pop r15                                                                                                                                       |
00007FFCC34EA751 | 41:5E                    | pop r14                                                                                                                                       |
00007FFCC34EA753 | 41:5D                    | pop r13                                                                                                                                       | r13:&"C:\\CCDC\\CSD_2022\\Mercury\\mercury.exe"
00007FFCC34EA755 | 41:5C                    | pop r12                                                                                                                                       |
00007FFCC34EA757 | 5F                       | pop rdi                                                                                                                                       |
00007FFCC34EA758 | 5E                       | pop rsi                                                                                                                                       |
00007FFCC34EA759 | 5D                       | pop rbp                                                                                                                                       |
00007FFCC34EA75A | C3                       | ret                                                                                                                                           |

Round three

2023-05-05 Update:

The last leftout was fixed.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
00007FFEB4D2D595           | FF15 B5220B00                           | call qword ptr ds:[<&public: __cdecl QString::~QString(void)>]                                                                                                                                                                     |
00007FFEB4D2D59B           | 84DB                                    | test bl,bl                                                                                                                                                                                                                         |
00007FFEB4D2D59D           | 74 29                                   | je thomasv2_kernel.7FFEB4D2D5C8                                                                                                                                                                                                    | <- NOP. Jump here means IO ERROR.
00007FFEB4D2D59F           | 48:83C4 40                              | add rsp,40                                                                                                                                                                                                                         |
00007FFEB4D2D5A3           | 5B                                      | pop rbx                                                                                                                                                                                                                            | rbx:"LdrpInitializeProcess"
00007FFEB4D2D5A4           | C3                                      | ret                                                                                                                                                                                                                                |
00007FFEB4D2D5A5           | 48:8D15 84430B00                        | lea rdx,qword ptr ds:[7FFEB4DE1930]                                                                                                                                                                                                | 00007FFEB4DE1930:"Feature name can't be empty"
00007FFEB4D2D5AC           | 48:8D4C24 20                            | lea rcx,qword ptr ss:[rsp+20]                                                                                                                                                                                                      |
00007FFEB4D2D5B1           | E8 DAE2FFFF                             | call thomasv2_kernel.7FFEB4D2B890                                                                                                                                                                                                  |
00007FFEB4D2D5B6           | 48:8D15 83BD0F00                        | lea rdx,qword ptr ds:[7FFEB4E29340]                                                                                                                                                                                                |
00007FFEB4D2D5BD           | 48:8D4C24 20                            | lea rcx,qword ptr ss:[rsp+20]                                                                                                                                                                                                      |
00007FFEB4D2D5C2           | E8 434B0A00                             | call <JMP.&_CxxThrowException>                                                                                                                                                                                                     |
00007FFEB4D2D5C7           | 90                                      | nop                                                                                                                                                                                                                                |
00007FFEB4D2D5C8           | 48:8D15 F1430B00                        | lea rdx,qword ptr ds:[7FFEB4DE19C0]                                                                                                                                                                                                | 00007FFEB4DE19C0:"I-O ERROR"
00007FFEB4D2D5CF           | 48:8D4C24 50                            | lea rcx,qword ptr ss:[rsp+50]                                                                                                                                                                                                      |
00007FFEB4D2D5D4           | FF15 46220B00                           | call qword ptr ds:[<&public: __cdecl QString::QString(char const *)>]                                                                                                                                                              |
00007FFEB4D2D5DA           | 90                                      | nop                                                                                                                                                                                                                                |
00007FFEB4D2D5DB           | 4C:8D4424 50                            | lea r8,qword ptr ss:[rsp+50]                                                                                                                                                                                                       |
00007FFEB4D2D5E0           | BA EF020000                             | mov edx,2EF                                                                                                                                                                                                                        |
00007FFEB4D2D5E5           | 48:8D4C24 20                            | lea rcx,qword ptr ss:[rsp+20]                                                                                                                                                                                                      |
00007FFEB4D2D5EA           | FF15 402B0B00                           | call qword ptr ds:[<&public: __cdecl ConQuestReadableError::ConQuestReadableError(enum ConQuestReadableError::ThomasErrorNumber, class QString const &)>]                                                                          |
00007FFEB4D2D5F0           | 48:8D15 D9BD0F00                        | lea rdx,qword ptr ds:[7FFEB4E293D0]                                                                                                                                                                                                |
00007FFEB4D2D5F7           | 48:8D4C24 20                            | lea rcx,qword ptr ss:[rsp+20]                                                                                                                                                                                                      |
00007FFEB4D2D5FC           | E8 094B0A00                             | call <JMP.&_CxxThrowException>                                                                                                                                                                                                     |

Dixi et salvavi animam meam

I say nothing of the software’s name. I do respect the software developers.