import string
start = 0x4015C3
end = 0x6C5CF0
MakeUnknown(start, end - start, 0)
f = open('candidates','w')
good_endpoint = 0x4015B9

start_addr = 0x42f016
start_prefix = 'HITCON{Cap7ur3 Wh1t3 F1ag'.encode('hex')
MakeCode(start_addr)
MakeName(start_addr, 'handle_' + start_prefix)

def myhex(x):
    return hex(x).strip('L')

def process(addr, prefix):
    results = set()

    imul_addr = addr + 1
    multiplier = GetOperandValue(imul_addr, 2)
    if multiplier < 0:
        print 'Woah:', myhex(addr)
        return results

    mov_addr = imul_addr + 7
    offset = GetOperandValue(mov_addr, 1)
    if offset < 0:
        print 'Also woah:', myhex(addr)
        return results

    space = string.printable

    if len(prefix.decode('hex')) == 40:
        space = '\0'

    for b in space:
        c = ord(b)
        doff = Dword((c * multiplier) + addr + offset)
        new_addr = (addr + doff) & 0xffffffff
        new_prefix = prefix + '%02x' % c
        if b == '\0':
            f.write('Endpoint: ' + myhex(new_addr) + '\n')
            if new_addr == good_endpoint:
                f.write('Good: ' + new_prefix.decode('hex') + '\n')

        results.add((new_addr, new_prefix))

    return results

seen = set()
addrs = set([(start_prefix, start_addr)])
while len(addrs) > 0:
    prefix, addr = addrs.pop()
    if (addr, len(prefix)) in seen:
        continue

    seen.add((addr, len(prefix)))

    for new_addr, new_prefix in process(addr, prefix):
        if (new_addr, len(new_prefix)) not in seen:
            if MakeCode(new_addr) == 0:
                f.write('Failed to make code: ' + myhex(new_addr) + '\n')
                continue
            MakeName(new_addr, 'handle_' + new_prefix)
            pfx = new_prefix.decode('hex')
            f.write(myhex(new_addr) + ' ' +  pfx + ' ' + str(len(pfx)) + '\n')
            addrs.add((new_prefix, new_addr))