004011C2 51 push ecx ; 解密前数据长度
004011C3 52 push edx ; 解密后数据长度
004011C4 53 push ebx ; 需要解密的数据指针
004011C5 57 push edi ; 解密后数据存放指针
004011C6 E8 35FEFFFF call pakup.00401000 ; 解密call
//========================算法=========================================
00401000 83EC 24 sub esp,24
00401003 53 push ebx
00401004 55 push ebp
00401005 56 push esi
00401006 57 push edi
00401007 8B7C24 40 mov edi,dword ptr ss:[esp+40]
0040100B 33F6 xor esi,esi
0040100D 33D2 xor edx,edx
0040100F C74424 14 21FF0000 mov dword ptr ss:[esp+14],0FF21
00401017 85FF test edi,edi
00401019 C74424 18 4F830000 mov dword ptr ss:[esp+18],834F
00401021 C74424 1C 5F670000 mov dword ptr ss:[esp+1C],675F
00401029 C74424 20 34000000 mov dword ptr ss:[esp+20],34
00401031 C74424 24 37F20000 mov dword ptr ss:[esp+24],0F237
00401039 C74424 28 5F810000 mov dword ptr ss:[esp+28],815F
00401041 C74424 2C 65470000 mov dword ptr ss:[esp+2C],4765
00401049 C74424 30 33020000 mov dword ptr ss:[esp+30],233
00401051 0F86 94000000 jbe pakup.004010EB
00401057 8B6C24 3C mov ebp,dword ptr ss:[esp+3C]
0040105B 8B5C24 38 mov ebx,dword ptr ss:[esp+38]
0040105F 8A042A mov al,byte ptr ds:[edx+ebp]
00401062 42 inc edx
00401063 8AC8 mov cl,al
00401065 C74424 38 00000000 mov dword ptr ss:[esp+38],0
0040106D C1E9 03 shr ecx,3
00401070 83E1 07 and ecx,7
00401073 34 C8 xor al,0C8
00401075 884424 3C mov byte ptr ss:[esp+3C],al
00401079 8B4C8C 14 mov ecx,dword ptr ss:[esp+ecx*4+14]
0040107D 894C24 10 mov dword ptr ss:[esp+10],ecx
00401081 A8 01 test al,1
00401083 74 3A je short pakup.004010BF
00401085 66:8B042A mov ax,word ptr ds:[edx+ebp]
00401089 8B4C24 10 mov ecx,dword ptr ss:[esp+10]
0040108D 33C1 xor eax,ecx
0040108F 83C2 02 add edx,2
00401092 25 FFFF0000 and eax,0FFFF
00401097 8BC8 mov ecx,eax
00401099 25 FF0F0000 and eax,0FFF
0040109E C1E9 0C shr ecx,0C
004010A1 83C1 02 add ecx,2
004010A4 85C9 test ecx,ecx
004010A6 74 1F je short pakup.004010C7
004010A8 8BF9 mov edi,ecx
004010AA 8BCE mov ecx,esi
004010AC 2BC8 sub ecx,eax
004010AE 46 inc esi
004010AF 4F dec edi
004010B0 8A0C19 mov cl,byte ptr ds:[ecx+ebx]
004010B3 884C1E FF mov byte ptr ds:[esi+ebx-1],cl
004010B7 ^ 75 F1 jnz short pakup.004010AA
004010B9 8B7C24 40 mov edi,dword ptr ss:[esp+40]
004010BD EB 08 jmp short pakup.004010C7
004010BF 8A042A mov al,byte ptr ds:[edx+ebp]
004010C2 88041E mov byte ptr ds:[esi+ebx],al
004010C5 46 inc esi
004010C6 42 inc edx
004010C7 8A4424 3C mov al,byte ptr ss:[esp+3C]
004010CB D0E8 shr al,1
004010CD 3BF7 cmp esi,edi
004010CF 884424 3C mov byte ptr ss:[esp+3C],al
004010D3 73 16 jnb short pakup.004010EB
004010D5 8B4C24 38 mov ecx,dword ptr ss:[esp+38]
004010D9 41 inc ecx
004010DA 83F9 08 cmp ecx,8
004010DD 894C24 38 mov dword ptr ss:[esp+38],ecx
004010E1 ^ 7C 9E jl short pakup.00401081
004010E3 3BF7 cmp esi,edi
004010E5 ^ 0F82 74FFFFFF jb pakup.0040105F
004010EB 5F pop edi ; kernel32.ReadFile
004010EC 5E pop esi ; kernel32.ReadFile
004010ED 5D pop ebp ; kernel32.ReadFile
004010EE 33C0 xor eax,eax
004010F0 5B pop ebx ; kernel32.ReadFile
004010F1 83C4 24 add esp,24
004010F4 C3 retn
===================================================================
[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课