有没有这样的数据处理,解密数据时需要和DF,C0,20,1F,7F进行比较的算法
汇编代码如下:
6353F38C /$ 8B4424 04 MOV EAX,DWORD PTR SS:[ESP+4]
6353F390 |. 53 PUSH EBX
6353F391 |. 33DB XOR EBX,EBX
6353F393 |. 56 PUSH ESI
6353F394 |. 57 PUSH EDI
6353F395 |. 3BC3 CMP EAX,EBX
6353F397 |. 0F84 E0000000 JE local.6353F47D
6353F39D |. 3918 CMP DWORD PTR DS:[EAX],EBX
6353F39F |. 0F84 D8000000 JE local.6353F47D
6353F3A5 |. 8B50 04 MOV EDX,DWORD PTR DS:[EAX+4]
6353F3A8 |. 8B48 08 MOV ECX,DWORD PTR DS:[EAX+8]
6353F3AB |. 8BF2 MOV ESI,EDX
6353F3AD |. 2BF1 SUB ESI,ECX
6353F3AF |. 46 INC ESI
6353F3B0 |. 85F6 TEST ESI,ESI
6353F3B2 |. 0F8E C5000000 JLE local.6353F47D
6353F3B8 |. 33FF XOR EDI,EDI
6353F3BA |. 3BCA CMP ECX,EDX
6353F3BC |. 77 2E JA SHORT local.6353F3EC
6353F3BE |. 8A11 MOV DL,BYTE PTR DS:[ECX]
6353F3C0 |. 41 INC ECX
6353F3C1 |. 8948 08 MOV DWORD PTR DS:[EAX+8],ECX
6353F3C4 |. 8B4C24 14 MOV ECX,DWORD PTR SS:[ESP+14]
6353F3C8 |. 8ADA MOV BL,DL
6353F3CA |. 80E3 C0 AND BL,0C0
6353F3CD |. 8819 MOV BYTE PTR DS:[ECX],BL
6353F3CF |. 8ADA MOV BL,DL
6353F3D1 |. 80E3 20 AND BL,20
6353F3D4 |. 8859 01 MOV BYTE PTR DS:[ECX+1],BL
6353F3D7 |. 8ADA MOV BL,DL
6353F3D9 |. 80E3 1F AND BL,1F
6353F3DC |. 80FB 1F CMP BL,1F
6353F3DF |. 74 15 JE SHORT local.6353F3F6
6353F3E1 |. 0FB6D2 MOVZX EDX,DL
6353F3E4 |. 83E2 1F AND EDX,1F
6353F3E7 |. 8951 04 MOV DWORD PTR DS:[ECX+4],EDX
6353F3EA |. EB 2C JMP SHORT local.6353F418
6353F3EC |> B8 0536DA6E MOV EAX,6EDA3605
6353F3F1 |. E9 9F000000 JMP local.6353F495
6353F3F6 |> 8B58 04 MOV EBX,DWORD PTR DS:[EAX+4]
6353F3F9 |> 8B70 08 /MOV ESI,DWORD PTR DS:[EAX+8]
6353F3FC |. 3BF3 |CMP ESI,EBX
6353F3FE |.^ 77 EC |JA SHORT local.6353F3EC
6353F400 |. 8A16 |MOV DL,BYTE PTR DS:[ESI]
6353F402 |. 46 |INC ESI
6353F403 |. 8970 08 |MOV DWORD PTR DS:[EAX+8],ESI
6353F406 |. 0FB6F2 |MOVZX ESI,DL
6353F409 |. 83E6 7F |AND ESI,7F
6353F40C |. C1E7 07 |SHL EDI,7
6353F40F |. 03FE |ADD EDI,ESI
6353F411 |. 84D2 |TEST DL,DL
6353F413 |.^ 78 E4 \JS SHORT local.6353F3F9
6353F415 |. 8979 04 MOV DWORD PTR DS:[ECX+4],EDI
6353F418 |> 33DB XOR EBX,EBX
6353F41A |. 8959 0C MOV DWORD PTR DS:[ECX+C],EBX
6353F41D |. 8B70 08 MOV ESI,DWORD PTR DS:[EAX+8]
6353F420 |. 3B70 04 CMP ESI,DWORD PTR DS:[EAX+4]
6353F423 |.^ 77 C7 JA SHORT local.6353F3EC
6353F425 |. 8A16 MOV DL,BYTE PTR DS:[ESI]
6353F427 |. 46 INC ESI
6353F428 |. 8970 08 MOV DWORD PTR DS:[EAX+8],ESI
6353F42B |. 84D2 TEST DL,DL
6353F42D |. 78 0B JS SHORT local.6353F43A
6353F42F |. 0FB6C2 MOVZX EAX,DL
6353F432 |. 83E0 7F AND EAX,7F
6353F435 |. 8941 08 MOV DWORD PTR DS:[ECX+8],EAX
6353F438 |. EB 30 JMP SHORT local.6353F46A
6353F43A |> 0FB6FA MOVZX EDI,DL
6353F43D |. 83E7 7F AND EDI,7F
6353F440 |. 7E 1E JLE SHORT local.6353F460
6353F442 |> 3B70 04 /CMP ESI,DWORD PTR DS:[EAX+4]
6353F445 |.^ 77 A5 |JA SHORT local.6353F3EC
6353F447 |. 8A16 |MOV DL,BYTE PTR DS:[ESI]
6353F449 |. C1E3 08 |SHL EBX,8
6353F44C |. 0FB6D2 |MOVZX EDX,DL
6353F44F |. 46 |INC ESI
6353F450 |. 03DA |ADD EBX,EDX
6353F452 |. 4F |DEC EDI
6353F453 |. 8970 08 |MOV DWORD PTR DS:[EAX+8],ESI
6353F456 |. 85FF |TEST EDI,EDI
6353F458 |.^ 7F E8 \JG SHORT local.6353F442
6353F45A |. 85DB TEST EBX,EBX
6353F45C |.^ 7C 8E JL SHORT local.6353F3EC
6353F45E |. 75 07 JNZ SHORT local.6353F467
6353F460 |> C741 0C 01000>MOV DWORD PTR DS:[ECX+C],1
6353F467 |> 8959 08 MOV DWORD PTR DS:[ECX+8],EBX
6353F46A |> 8379 0C 00 CMP DWORD PTR DS:[ECX+C],0
6353F46E |. 74 23 JE SHORT local.6353F493
6353F470 |. 8079 01 20 CMP BYTE PTR DS:[ECX+1],20
6353F474 |. 74 1D JE SHORT local.6353F493
6353F476 |. B8 0B36DA6E MOV EAX,6EDA360B
6353F47B |. EB 18 JMP SHORT local.6353F495
6353F47D |> 8B4424 14 MOV EAX,DWORD PTR SS:[ESP+14]
6353F481 |. C740 04 FFFFF>MOV DWORD PTR DS:[EAX+4],7FFFFFFF
6353F488 |. 8818 MOV BYTE PTR DS:[EAX],BL
6353F48A |. 8858 01 MOV BYTE PTR DS:[EAX+1],BL
6353F48D |. 8958 08 MOV DWORD PTR DS:[EAX+8],EBX
6353F490 |. 8958 0C MOV DWORD PTR DS:[EAX+C],EBX
6353F493 |> 33C0 XOR EAX,EAX
6353F495 |> 5F POP EDI
6353F496 |. 5E POP ESI
6353F497 |. 5B POP EBX
6353F498 \. C3 RETN
[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课
