mirror of
https://github.com/vxunderground/MalwareSourceCode.git
synced 2026-06-15 15:29:23 +00:00
TheDuchy
399 lines
19 KiB
NASM
399 lines
19 KiB
NASM
;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx;
|
||
; ;
|
||
; ;
|
||
; ### ;
|
||
; ### ;
|
||
; ### #################################################### ;
|
||
; ### #################################################### ;
|
||
; ### ### ### ;
|
||
; ### ### ### ######### ### ;
|
||
; ### ### ### ########### ;
|
||
; ### ### ## ## ;
|
||
; ### ### ### ## ## ;
|
||
; ### ### ### ## ## ;
|
||
; ### ### ### ### ## ## ;
|
||
; ### ### ### ### ## ## ;
|
||
; ############ ### ### ########### ;
|
||
; ################################################################ ;
|
||
; ;
|
||
; ;
|
||
;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx;
|
||
; ;
|
||
; Advanced Length dIsassembler moTOr:) ;
|
||
; ;
|
||
;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx;
|
||
; ;
|
||
; ‚¥àá¨ï 2.1 ;
|
||
; ;
|
||
;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx;
|
||
;äãªæ¨ï _LiTo_ ;
|
||
;¤¨§ áᥬ¡«¨à®¢ ¨¥ ¬ 訮© ª®¬ ¤ë ;
|
||
;®¯à¥¤¥«¥¨¥ ¤«¨ë ¬ 訮© ª®¬ ¤ë ;
|
||
;‚室: ;
|
||
;esi - ¤à¥á à §¡¨à ¥¬®© ¬ 訮© ª®¬ ¤ë ;
|
||
;edi - 㪠§ â¥«ì ¢ë室ãî áâàãªâãàã (¨«¨ ¡ãä¥à) ( §®¢¥¬ ¥¥ INSTR:) ;
|
||
;‚ë室: ;
|
||
;¢ eax - ¤«¨ ¬ 訮© ª®¬ ¤ë. ;
|
||
;‡ ¬¥âª¨: ;
|
||
;(x) ‚ë室 ï áâàãªâãà (¨«¨ ¡ãä¥à) § ¯®«ï¥âáï ¢ ¯à®æ¥áᥠ¤¨§ áᥬ¡«¨à®¢ ¨ï ;
|
||
;¨áâàãªæ¨¨ ¨ ¤®«¦ ¯à¥¤áâ ¢«ïâì ᮡ®© á«¥¤ãî饥: ;
|
||
; ;
|
||
; INSTR1 struct ;
|
||
; (+ 00) len_com db 00h ; - ¤«¨ ª®¬ ¤ë; ;
|
||
; (+ 01) flags dd 00h ; - ¢ëáâ ¢«¥ë¥ ä« £¨ ;
|
||
; (+ 05) seg db 00h ; - ᥣ¬¥â (¥á«¨ ¥áâì); ;
|
||
; (+ 06) repx db 00h ; - ¯à¥ä¨ªá (0F2h/0F3h) (¥á«¨ ¥áâì); ;
|
||
; (+ 07) len_offset db 00h ; - à §¬¥à ᬥ饨ï; ;
|
||
; (+ 08) len_operand db 00h ; - à §¬¥à ®¯¥à ¤ ; ;
|
||
; (+ 09) opcode db 00h ; - ®¯ª®¤ (¥á«¨ ®¯ª®¤=0Fh, ⮣¤ ;
|
||
; ; áî¤ á®åà ï¥âáï 2-®© ®¯ª®¤, ¨ ;
|
||
; ; ãáâ ¢«¨¢ ¥âáï ä« £ B_OPCODE2); ;
|
||
; (+ 10) modrm db 00h ; - ¡ ©â MODRM (â ª¦¥, ¥á«¨ ¥áâì) ;
|
||
; (+ 11) sib db 00h ; - ¡ ©â SIB ;
|
||
; (+ 12) offset db 8 dup (00h); - ᬥ饨¥ ¨áâàãªæ¨¨ ;
|
||
; (+ 20) operand db 8 dup (00h); - ®¯¥à ¤ ¨áâàãªæ¨¨ ;
|
||
; INSTR1 ends ;
|
||
; ;
|
||
;(å) ¯®¨¬ îâáï (¯®ª ) ⮫쪮 general purpose & fpu instructions ;
|
||
; (®áâ «ìë¥ - ¢ ⮯ªã:)! ;
|
||
;(å) ¥â ¯à®¢¥àª¨ ¬ ªá¨¬ «ìãî ¤«¨ã ¨áâàãªæ¨¨ (15 ¡ ©â) ( åà¥) ;
|
||
;(å) Š ª ¯®áâ஥ë í⨠⠡«¨çª¨: ;
|
||
; Ž—…�œ ��Ž‘’Ž: â ª ª ª ¢ í⮬ ¤¨§ ᬥ ¨á¯®«ì§ãîâáï ä« £¨ á ç¨á«®¢ë¬ ;
|
||
; ®¡®§ 票¥¬ <=8, â® ¤«ï ®¤®£® ä« £ ¤®áâ â®ç® ¬¥áâ ¢ ¯®«®¢¨ã ¡ ©â ;
|
||
; (¬ ªá¨¬ «ì®¥ ç¨á«® =8 (B_PREFIX6X) - ¢ ¤¢®¨ç®¬ ¯à¥¤áâ ¢«¥¨¨ =1000b). ;
|
||
; ‡ ï íâ®, ¯à®áâ® â㯮 ¢ ®¤¨ ¡ ©â § ¯¨å¨¢ ¥¬ 2 ä« £ - ¢®â ¨ ¢á¥. ’ ª¨¬ ;
|
||
; ®¡à §®¬, ª ¦¤ ï â ¡«¨çª ¢ 256 ¡ ©â ã१ ¥âáï ¤® 128. ;
|
||
;(å) „«ï 32-¡¨â®£® ¨á¯®«ï¥¬®£® ª®¤ . ;
|
||
;(å) Šâ® å®ç¥â, ¯ãáâì 䨣 á ¬ ¨ ¤®¡ ¢«ï¥â ®áâ «ìë¥ ª®¬ ¤ë ¨ ¢á直¥ â ¬ ;
|
||
; ¯à®¢¥àª¨. ;
|
||
;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx;
|
||
;
|
||
;
|
||
;
|
||
;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx;
|
||
; ”ˆ—ˆ: ;
|
||
;(+) ¡ §®¥§ ¢¨á¨¬®áâì ;
|
||
;(+) 㯠ª®¢ ë¥ â ¡«¨çª¨ ;
|
||
; ;
|
||
;(-) ¬ãâ®à® ¤®¡ ¢«ïâì ®¢ë¥ ¨áâàãªæ¨¨ ;
|
||
;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx;
|
||
;
|
||
;
|
||
;
|
||
;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx;
|
||
; ˆ‘�Ž‹œ‡Ž‚€�ˆ…: ;
|
||
;1)�®¤ª«î票¥: ;
|
||
; lito.asm ;
|
||
;2)‚맮¢:(¯à¨¬¥à) ;
|
||
; lea esi,XXXXXXXXh ; ¤à¥á ª®¬ ¤ë, çìî ¤«¨ã ¤® 㧠âì ;
|
||
; lea edi,XXXXXXXXh ;lea edi,INSTR1 ;
|
||
; call LiTo ;
|
||
;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx;
|
||
|
||
|
||
;m1x
|
||
;pr0mix@mail.ru
|
||
|
||
_LiTo_:
|
||
pushad
|
||
call _delta_lito_
|
||
;===================================================================================
|
||
|
||
;áâப ¯à¥ä¨ªá®¢
|
||
pfx:
|
||
db 2Eh,36h,3Eh,26h,64h,65h,0F2h,0F3h,0F0h,66h,67h
|
||
|
||
SizePfx equ $-pfx ;¤«¨ pfx
|
||
|
||
;===================================================================================
|
||
|
||
;â ¡«¨æ ä« £®¢ ¤«ï ®¤®¡ ©âëå ®¯ª®¤®¢
|
||
TableFlags1:
|
||
|
||
; 01 23 45 67 89 AB CD EF
|
||
db 11h,11h,28h,00h,11h,11h,28h,00h ;00
|
||
db 11h,11h,28h,00h,11h,11h,28h,00h ;01
|
||
db 11h,11h,28h,00h,11h,11h,28h,00h ;02
|
||
db 11h,11h,28h,00h,11h,11h,28h,00h ;03
|
||
db 00h,00h,00h,00h,00h,00h,00h,00h ;04
|
||
db 00h,00h,00h,00h,00h,00h,00h,00h ;05
|
||
db 00h,11h,00h,00h,89h,23h,00h,00h ;06
|
||
db 22h,22h,22h,22h,22h,22h,22h,22h ;07
|
||
db 39h,33h,11h,11h,11h,11h,11h,11h ;08
|
||
db 00h,00h,00h,00h,00h,0C0h,00h,00h ;09
|
||
db 88h,88h,00h,00h,28h,00h,00h,00h ;0A
|
||
db 22h,22h,22h,22h,88h,88h,88h,88h ;0B
|
||
db 33h,40h,11h,39h,60h,40h,02h,00h ;0C
|
||
db 11h,11h,22h,00h,11h,11h,11h,11h ;0D
|
||
db 22h,22h,22h,22h,88h,0C2h,00h,00h ;0E
|
||
db 00h,00h,00h,11h,00h,00h,00h,11h ;0F
|
||
|
||
|
||
;===================================================================================
|
||
|
||
;â ¡«¨æ ä« £®¢ ¤«ï ¤¢ãå¡ ©âëå ®¯ª®¤®¢
|
||
TableFlags2:
|
||
|
||
; 01 23 45 67 89 AB CD EF
|
||
db 11h,11h,00h,00h,00h,00h,01h,00h ;00
|
||
db 00h,00h,00h,00h,00h,00h,00h,01h ;01
|
||
db 11h,11h,00h,00h,00h,00h,00h,00h ;02
|
||
db 00h,00h,00h,00h,00h,00h,00h,00h ;03
|
||
db 11h,11h,11h,11h,11h,11h,11h,11h ;04
|
||
db 00h,00h,00h,00h,00h,00h,00h,00h ;05
|
||
db 00h,00h,00h,00h,00h,00h,00h,00h ;06
|
||
db 00h,00h,00h,00h,00h,00h,00h,00h ;07
|
||
db 88h,88h,88h,88h,88h,88h,88h,88h ;08
|
||
db 11h,11h,11h,11h,11h,11h,11h,11h ;09
|
||
db 00h,01h,31h,00h,00h,01h,31h,01h ;0A
|
||
db 11h,11h,11h,11h,00h,31h,11h,11h ;0B
|
||
db 11h,00h,00h,01h,00h,00h,00h,00h ;0C
|
||
db 00h,00h,00h,00h,00h,00h,00h,00h ;0D
|
||
db 00h,00h,00h,00h,00h,00h,00h,00h ;0E
|
||
db 00h,00h,00h,00h,00h,00h,00h,00h ;0F
|
||
;===================================================================================
|
||
|
||
SizeTbl equ $-pfx
|
||
;===================================================================================
|
||
;ä« £¨
|
||
;-----------------------------------------------------------------------------------
|
||
B_NONE equ 00h ;xex
|
||
B_MODRM equ 01h ;present byte MODRM
|
||
B_DATA8 equ 02h ;present imm8,rel8, etc
|
||
B_DATA16 equ 04h ;present imm16,rel16, etc
|
||
B_PREFIX6X equ 08h ;present imm16/imm32 (¢ § ¢¨á¨¬®á⨠®â «¨ç¨ï ¯à¥ä¨ªá 0x66 (0x67 ¤«ï ®¯ª®¤®¢ 0xA0-0xA3))
|
||
B_SEG equ 10h ;present segment (¯à¨¬¥à: 0x2e,0x3E, etc)
|
||
B_PFX66 equ 20h ;present byte 0x66
|
||
B_PFX67 equ 40h ;present byte 0x67
|
||
B_LOCK equ 80h ;present byte LOCK (0xF0)
|
||
B_REP equ 100h ;present byte rep[e/ne]
|
||
B_OPCODE2 equ 200h ;present second opcode (first opcode=0x0F)
|
||
B_SIB equ 400h ;present byte SIB
|
||
B_RELX equ 800h ;present jxx/jmp/call (rel8,rel16,rel32)
|
||
;===================================================================================
|
||
|
||
_delta_lito_:
|
||
pop ebp
|
||
cld
|
||
xor eax,eax
|
||
xor ebx,ebx
|
||
cdq ;¢ edx: dl(0/1) - ¥â/¥áâì ¯à¥ä¨ªá 0x66
|
||
; dh(0/1) - ¥â/¥áâì ¯à¥ä¨ªá 0x67
|
||
;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxBEG ¯®¨áª ¯à¥ä¨ªá®¢xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
|
||
_nextpfx_:
|
||
lodsb ;¯®«ãç ¥¬ ®ç¥à¥¤®© ¡ ©â ª®¬ ¤ë
|
||
push edi
|
||
lea edi,[ebp+(pfx-_delta_lito_+SizeTbl)] ;¢ edi - ¤à¥á áâப¨ ¯à¥ä¨ªá®¢
|
||
db 6Ah,SizePfx
|
||
pop ecx
|
||
repne scasb ;¥áâì «¨ ¢ à §¡¨à ¥¬®© ª®¬ ¤¥ ¯à¥ä¨ªáë?
|
||
pop edi
|
||
jne _endpfx_ ;¥â? - ¢ë室
|
||
cmp ecx,5
|
||
jl _lock_
|
||
or bl,B_SEG
|
||
mov byte ptr [edi+05h],al ;seg
|
||
_lock_:
|
||
cmp al,0F0h
|
||
jne _rep_
|
||
or bl,B_LOCK
|
||
_rep_:
|
||
mov ch,al
|
||
and ch,0FEh
|
||
cmp ch,0F2h
|
||
jne _66_
|
||
or bx,B_REP
|
||
mov byte ptr [edi+06h],al ;rep
|
||
_66_:
|
||
cmp al,66h ;¨ ç¥ á¬®âਬ, íâ® 0x66?
|
||
jne _67_
|
||
mov dl,1
|
||
or bl,B_PFX66
|
||
_67_:
|
||
cmp al,67h ;¨ ç¥, íâ® 0x67?
|
||
jnz _nextpfx_ ;¥á«¨ ¥â, â® ¨é¥¬ ¤à㣨¥ ¯à¥ä¨ªáë
|
||
mov dh,1
|
||
or bl,B_PFX67
|
||
jmp _nextpfx_ ;¯à®¤®«¦ ¥¬ ¯®¨áª
|
||
;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxEND ¯®¨áª ¯à¥ä¨ªá®¢xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
|
||
_endpfx_:
|
||
_search_jxx_call_jmp_:
|
||
mov ch,al
|
||
and ch,0FEh
|
||
cmp ch,0E8h
|
||
je _jxxok_
|
||
mov ch,al
|
||
and ch,11110000b
|
||
cmp ch,70h
|
||
je _jxxok_
|
||
cmp al,0EBh
|
||
je _jxxok_
|
||
cmp al,0Fh ;®¯ª®¤ á®á⮨⠨§ 2-å ¡ ©â?
|
||
jne _opcode_
|
||
lodsb ;¥á«¨ ¤ , â® ¡¥à¥¬ 2-®© ¡ ©â ®¯ª®¤
|
||
mov cl,80h ;¨ 㢥«¨ç¨¢ ¥¬ cl=80h
|
||
or bx,B_OPCODE2
|
||
mov ch,al
|
||
and ch,11110000b
|
||
cmp ch,80h
|
||
jne _opcode_
|
||
_jxxok_:
|
||
or bx,B_RELX
|
||
|
||
;-----------------------------------------------------------------------------------
|
||
_opcode_:
|
||
xor ch,ch
|
||
mov byte ptr [edi+09h],al ;save first opcode
|
||
lea ebp,[ebp+ecx+(TableFlags1-_delta_lito_+SizeTbl)];¢ edi - ¤à¥á 㦮© â ¡«¨æë ä« £®¢(å à-ª)
|
||
cmp al,0A0h ;¥á«¨ ®¯ª®¤>=0xA0 ¨ ®¯ª®¤<=A3,
|
||
jl _01_;jb ;
|
||
cmp al,0A3h
|
||
jg _01_
|
||
test cl,cl
|
||
jne _01_;je ;â® dl=dh
|
||
mov dl,dh ;mov dl,dh
|
||
;-----------------------------------------------------------------------------------
|
||
_01_:
|
||
push eax
|
||
shr eax,1
|
||
mov cl,byte ptr [ebp+eax] ;¢ cl - ä« £¨ ª®¬ ¤ë
|
||
jc _noCF_
|
||
shr cl,4
|
||
_noCF_:
|
||
and cl,0Fh
|
||
xor ebp,ebp ;¢ ebp - ¡ã¤¥â åà ¨âìáï ¤«¨ ᬥ饨ï(offset)
|
||
|
||
;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxBEG à §¡®à MODRMxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
|
||
|
||
or ecx,ebx
|
||
pop ebx ;bl=opcode
|
||
test cl,B_MODRM ;¯à¨áãâáâ¢ã¥â «¨ ¡ ©â modrm?
|
||
je _endmodrm_ ;¥â? ¢ë室
|
||
lodsb ;al=modrm
|
||
mov byte ptr [edi+10],al ;MODRM
|
||
mov ah,al
|
||
;-----------------------------------------------------------------------------------
|
||
shr ah,6 ;ah=mod
|
||
;-----------------------------------------------------------------------------------
|
||
test al,38h ;¤ «¥¥ ᬮâਬ, à ¢® «¨ ¯®«¥ reg==0?
|
||
jne _03_
|
||
sub bl,0F6h ;¥á«¨ ¤ , ⮠ᬮâਬ ®¯ª®¤:
|
||
jne _02_ ;à ¢¥ «¨ ® 0xF6 ¨«¨ 0xF7(test)?
|
||
or cl,B_DATA8 ;¥á«¨ ¤ , â® ãáâ ¢«¨¢ ¥¬ ã¦ë© ä« £
|
||
_02_:
|
||
dec ebx
|
||
jne _03_
|
||
or cl,B_PREFIX6X
|
||
;-----------------------------------------------------------------------------------
|
||
_03_:
|
||
and al,07h
|
||
xor ebx,ebx ;bl ®â¢¥ç ¥â § ¯à¨áãâá⢨¥ ¡ ©â sib
|
||
mov bh,ah ;bh=mod
|
||
cmp dh,1 ;¥áâì «¨ ¢ à §¡¨à ¥¬®© ª®¬ ¤¥ ¯à¥ä¨ªá 0x67?
|
||
je _mod00_ ;¥á«¨ ¤ , â® ¯¥à¥áª ª¨¢ ¥¬
|
||
cmp al,4 ;¨ ç¥ ¯à®¢¥à塞,à ¢® «¨ ¯®«¥ rm==4?
|
||
jne _mod00_
|
||
inc ebx ;¥á«¨ ¤ , â® ¢®§¬®¦® ¥áâì sib
|
||
;-----------------------------------------------------------------------------------
|
||
_mod00_:
|
||
test ah,ah ;¯®«¥ mod==0?
|
||
jne _mod01_
|
||
dec dh ;ᮤ¥à¦¨â «¨ ª®¬ ¤ 0x67?
|
||
jne _nop67_ ;¥â? ¯¥à¥áª ª¨¢ ¥¬
|
||
cmp al,6 ;¥á«¨ ¤ , â® rm==6?
|
||
jne _sib_
|
||
inc ebp ;¥á«¨ ¤ , â® ¤«¨ ᬥ饨ï=2(16 bit)
|
||
inc ebp
|
||
_nop67_:
|
||
cmp al,5 ;¨ ç¥, rm==5?
|
||
jne _sib_
|
||
add ebp,4 ;¥á«¨ ¤ , â® ¤«¨ ®ääá¥â =4 (32 bit)
|
||
jmp _sib_ ;¨¤¥¬ ¤ «ìè¥
|
||
;-----------------------------------------------------------------------------------
|
||
_mod01_: ;mod==1?
|
||
dec ah
|
||
jne _mod02_
|
||
inc ebp ;¤ ? ⮣¤ ebp=1
|
||
jmp _sib_
|
||
;-----------------------------------------------------------------------------------
|
||
_mod02_: ;mod==2?
|
||
dec ah
|
||
jne _mod03_
|
||
inc ebp ;ebp=2
|
||
inc ebp
|
||
dec dh ;¥á«¨ ¥áâì ¯à¥ä¨ªá 0x67, ¯¥à¥áª ª¨¢ ¥¬ ¤ «ìè¥
|
||
je _sib_
|
||
inc ebp ;â® ebp+=2
|
||
inc ebp
|
||
inc ebx
|
||
;-----------------------------------------------------------------------------------
|
||
_mod03_: ;mod==3?
|
||
dec bl ;¥á«¨ ¤ , ⮣¤ sib' â®ç® ¥â!
|
||
;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxEND à §¡®à MODRMxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
|
||
|
||
;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxBEG ¯®«ã票¥ SIBxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
|
||
_sib_:
|
||
dec bl ;¥áâì «¨ ¡ ©â sib?
|
||
jne _endmodrm_
|
||
or cx,B_SIB
|
||
lodsb ;¥á«¨ ¤ , â® ¢ al ⥯¥àì «¥¦¨â sib(al=sib)
|
||
mov byte ptr [edi+11],al ;SIB
|
||
and al,7 ;¤ «¥¥,
|
||
cmp al,5 ;al==5?
|
||
jne _endmodrm_
|
||
test bh,bh ;¥á«¨ ¤ , ⮠ᬮâਬ, ¯®«¥ mod==0?
|
||
jne _endmodrm_
|
||
push 4 ;¥á«¨ ¤ , â® ¥áâì 4-¡ ©â®¢®¥ ᬥ饨¥
|
||
pop ebp
|
||
;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxEND ¯®«ã票¥ SIBxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
|
||
|
||
;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxBEG ä« £¨xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
|
||
_endmodrm_:
|
||
xor ebx,ebx
|
||
test cl,B_DATA8 ;¥áâì «¨ ®¤®¡ ©â®¢®¥ ᬥ饨¥?
|
||
je _nf1_
|
||
inc ebx
|
||
_nf1_:
|
||
test cl,B_DATA16 ;¥áâì «¨ ¤¢ãå¡ ©â®¢®¥ ᬥ饨¥?
|
||
je _nf2_
|
||
inc ebx
|
||
inc ebx
|
||
_nf2_:
|
||
test cl,B_PREFIX6X ;¥áâì «¨ ¢ ª®¬ ¤¥ ¥¯®á।á⢥®¥ § 票¥?
|
||
je _endflag_
|
||
dec dl ;¥áâì «¨ 0x66(0x67 ¤«ï [0xA0,0xA3]) ¢ à §¡¨à ¥¬®© ª®¬ ¤¥?
|
||
je _okp66_
|
||
inc ebx
|
||
inc ebx
|
||
_okp66_:
|
||
inc ebx
|
||
inc ebx
|
||
;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxEND ä« £¨xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
|
||
_endflag_:
|
||
push ecx
|
||
push edi
|
||
mov ecx,ebp
|
||
add edi,12
|
||
rep movsb
|
||
sub edi,ebp
|
||
add edi,8
|
||
mov ecx,ebx
|
||
rep movsb
|
||
pop edi
|
||
pop dword ptr [edi+1]
|
||
sub esi,dword ptr [esp+4];eax
|
||
xchg esi,eax
|
||
mov byte ptr [edi+0],al
|
||
mov dword ptr [esp+7*4],eax ;á®åà 塞 à §¬¥à ¢ ¥ å
|
||
xchg ebp,eax
|
||
mov byte ptr [edi+7],al
|
||
mov byte ptr [edi+8],bl
|
||
popad
|
||
ret ;¢ë室¨¬:)
|
||
;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
|
||
;Š®¥æ äãªæ¨¨ _LiTo_ ;
|
||
;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
|
||
|
||
|
||
SizeOfLiTo equ $-_LiTo_ ;à §¬¥à äãªæ¨¨ _LiTo_
|