这个加密算法是对称的,算法中,数据4字节一组,会先进行bswap颠倒,再左移一定位数,再和0x80000000,0xC0000000,0xE0000000,0xF0000000,0xF8000000等一系列进行比较,根据比较结果不同进行不同处理,代码如下,大家帮忙看看这是啥算法:
005B56B6 8B86 04200000 mov eax,dword ptr ds:[esi+2004] ; 005B56BC 8B8E 14200000 mov ecx,dword ptr ds:[esi+2014]
005B56C2 8BD0 mov edx,eax
005B56C4 8986 08200000 mov dword ptr ds:[esi+2008],eax
005B56CA C1EA 03 shr edx,3
005B56CD 83E0 07 and eax,7
005B56D0 03D1 add edx,ecx
005B56D2 8986 04200000 mov dword ptr ds:[esi+2004],eax
005B56D8 8BC2 mov eax,edx
005B56DA 898E 18200000 mov dword ptr ds:[esi+2018],ecx
005B56E0 8996 14200000 mov dword ptr ds:[esi+2014],edx
005B56E6 8B08 mov ecx,dword ptr ds:[eax] ; 待解密的数据
005B56E8 894D F8 mov dword ptr ss:[ebp-8],ecx
005B56EB 8B45 F8 mov eax,dword ptr ss:[ebp-8]
005B56EE 0FC8 bswap eax
005B56F0 8945 F8 mov dword ptr ss:[ebp-8],eax
005B56F3 8B8E 04200000 mov ecx,dword ptr ds:[esi+2004]
005B56F9 8B45 F8 mov eax,dword ptr ss:[ebp-8]
005B56FC D3E0 shl eax,cl ; 待解密数据左移的位数
005B56FE 3D 00000080 cmp eax,80000000 ;
005B5703 73 45 jnb short ElementC.005B574A
005B5705 8BBE 0C200000 mov edi,dword ptr ds:[esi+200C]
005B570B 8B96 10200000 mov edx,dword ptr ds:[esi+2010]
005B5711 83C1 08 add ecx,8
005B5714 83C7 08 add edi,8
005B5717 898E 04200000 mov dword ptr ds:[esi+2004],ecx
005B571D 8BCF mov ecx,edi
005B571F 3BCA cmp ecx,edx
005B5721 89BE 0C200000 mov dword ptr ds:[esi+200C],edi
005B5727 0F83 C7050000 jnb ElementC.005B5CF4
005B572D 8B96 00200000 mov edx,dword ptr ds:[esi+2000]
005B5733 C1E8 18 shr eax,18
005B5736 8802 mov byte ptr ds:[edx],al ; 解密后的数据
005B5738 8B86 00200000 mov eax,dword ptr ds:[esi+2000]
005B573E 40 inc eax
005B573F 8986 00200000 mov dword ptr ds:[esi+2000],eax
005B5745 E9 61050000 jmp ElementC.005B5CAB
005B574A 3D 000000C0 cmp eax,C0000000
005B574F 73 47 jnb short ElementC.005B5798
005B5751 8BBE 0C200000 mov edi,dword ptr ds:[esi+200C]
005B5757 8B96 10200000 mov edx,dword ptr ds:[esi+2010]
005B575D 83C1 09 add ecx,9
005B5760 83C7 09 add edi,9
005B5763 898E 04200000 mov dword ptr ds:[esi+2004],ecx
005B5769 8BCF mov ecx,edi
005B576B 3BCA cmp ecx,edx
005B576D 89BE 0C200000 mov dword ptr ds:[esi+200C],edi
005B5773 0F83 47050000 jnb ElementC.005B5CC0
005B5779 8B8E 00200000 mov ecx,dword ptr ds:[esi+2000]
005B577F C1E8 17 shr eax,17
005B5782 0C 80 or al,80
005B5784 8801 mov byte ptr ds:[ecx],al
005B5786 8B86 00200000 mov eax,dword ptr ds:[esi+2000]
005B578C 40 inc eax
005B578D 8986 00200000 mov dword ptr ds:[esi+2000],eax
005B5793 E9 13050000 jmp ElementC.005B5CAB
005B5798 3D 000000F0 cmp eax,F0000000
005B579D 0F82 FA000000 jb ElementC.005B589D
005B57A3 8B96 0C200000 mov edx,dword ptr ds:[esi+200C]
005B57A9 8BBE 10200000 mov edi,dword ptr ds:[esi+2010]
005B57AF 83C2 0A add edx,0A
005B57B2 83C1 0A add ecx,0A
005B57B5 3BD7 cmp edx,edi
005B57B7 898E 04200000 mov dword ptr ds:[esi+2004],ecx
005B57BD 8996 0C200000 mov dword ptr ds:[esi+200C],edx
005B57C3 0F83 11050000 jnb ElementC.005B5CDA
005B57C9 C1E8 16 shr eax,16
005B57CC 83E0 3F and eax,3F
005B57CF 8BD8 mov ebx,eax
005B57D1 0F85 39010000 jnz ElementC.005B5910
005B57D7 8BD9 mov ebx,ecx
005B57D9 B8 08000000 mov eax,8
005B57DE 83E3 07 and ebx,7
005B57E1 2BC3 sub eax,ebx
005B57E3 83F8 08 cmp eax,8
005B57E6 73 18 jnb short ElementC.005B5800
005B57E8 03C8 add ecx,eax
005B57EA 03C2 add eax,edx
005B57EC 3BC7 cmp eax,edi
005B57EE 898E 04200000 mov dword ptr ds:[esi+2004],ecx
005B57F4 8986 0C200000 mov dword ptr ds:[esi+200C],eax
005B57FA 0F83 F4040000 jnb ElementC.005B5CF4
005B5800 8BBE 00200000 mov edi,dword ptr ds:[esi+2000]
005B5806 8B4D FC mov ecx,dword ptr ss:[ebp-4]
005B5809 2BF9 sub edi,ecx
005B580B 8B4D 08 mov ecx,dword ptr ss:[ebp+8]
005B580E 8B51 08 mov edx,dword ptr ds:[ecx+8]
005B5811 8B41 04 mov eax,dword ptr ds:[ecx+4]
005B5814 8955 F8 mov dword ptr ss:[ebp-8],edx
005B5817 8BDA mov ebx,edx
005B5819 2BD0 sub edx,eax
005B581B 2BD8 sub ebx,eax
005B581D 03D7 add edx,edi
005B581F 52 push edx
005B5820 E8 5BA9E6FF call ElementC.00420180
005B5825 8B45 F8 mov eax,dword ptr ss:[ebp-8]
005B5828 85C0 test eax,eax
005B582A 74 30 je short ElementC.005B585C
005B582C 8B45 08 mov eax,dword ptr ss:[ebp+8]
005B582F 8B48 04 mov ecx,dword ptr ds:[eax+4]
005B5832 8B50 08 mov edx,dword ptr ds:[eax+8]
005B5835 03D9 add ebx,ecx
005B5837 2BD3 sub edx,ebx
005B5839 52 push edx
005B583A 8D043B lea eax,dword ptr ds:[ebx+edi]
005B583D 53 push ebx
005B583E 50 push eax
005B583F FF15 9CE39500 call dword ptr ds:[<&MSVCRT.memmove>] ; MSVCRT.memmove
005B5845 8B4D FC mov ecx,dword ptr ss:[ebp-4]
005B5848 57 push edi
005B5849 51 push ecx
005B584A 53 push ebx
005B584B FF15 9CE39500 call dword ptr ds:[<&MSVCRT.memmove>] ; MSVCRT.memmove
005B5851 8B45 08 mov eax,dword ptr ss:[ebp+8]
005B5854 83C4 18 add esp,18
005B5857 0178 08 add dword ptr ds:[eax+8],edi
005B585A EB 1D jmp short ElementC.005B5879
005B585C 8B5D 08 mov ebx,dword ptr ss:[ebp+8]
005B585F 8B55 FC mov edx,dword ptr ss:[ebp-4]
005B5862 57 push edi
005B5863 52 push edx
005B5864 8B43 04 mov eax,dword ptr ds:[ebx+4]
005B5867 50 push eax
005B5868 FF15 9CE39500 call dword ptr ds:[<&MSVCRT.memmove>] ; MSVCRT.memmove
005B586E 8B43 04 mov eax,dword ptr ds:[ebx+4]
005B5871 83C4 0C add esp,0C
005B5874 03F8 add edi,eax
005B5876 897B 08 mov dword ptr ds:[ebx+8],edi
005B5879 8B8E 00200000 mov ecx,dword ptr ds:[esi+2000]
005B587F 2BCE sub ecx,esi
005B5881 81F9 00200000 cmp ecx,2000
005B5887 75 06 jnz short ElementC.005B588F
005B5889 89B6 00200000 mov dword ptr ds:[esi+2000],esi
005B588F 8B96 00200000 mov edx,dword ptr ds:[esi+2000]
005B5895 8955 FC mov dword ptr ss:[ebp-4],edx
005B5898 E9 0E040000 jmp ElementC.005B5CAB
005B589D 3D 000000E0 cmp eax,E0000000
005B58A2 72 35 jb short ElementC.005B58D9
005B58A4 8BBE 0C200000 mov edi,dword ptr ds:[esi+200C]
005B58AA 8B96 10200000 mov edx,dword ptr ds:[esi+2010]
005B58B0 83C1 0C add ecx,0C
005B58B3 83C7 0C add edi,0C
005B58B6 898E 04200000 mov dword ptr ds:[esi+2004],ecx
005B58BC 8BCF mov ecx,edi
005B58BE 3BCA cmp ecx,edx
005B58C0 89BE 0C200000 mov dword ptr ds:[esi+200C],edi
005B58C6 0F83 F4030000 jnb ElementC.005B5CC0
005B58CC C1E8 14 shr eax,14
005B58CF 25 FF000000 and eax,0FF
005B58D4 83C0 40 add eax,40
005B58D7 EB 35 jmp short ElementC.005B590E
005B58D9 8BBE 0C200000 mov edi,dword ptr ds:[esi+200C]
005B58DF 8B96 10200000 mov edx,dword ptr ds:[esi+2010]
005B58E5 83C1 10 add ecx,10
005B58E8 83C7 10 add edi,10
005B58EB 898E 04200000 mov dword ptr ds:[esi+2004],ecx
005B58F1 8BCF mov ecx,edi
005B58F3 3BCA cmp ecx,edx
005B58F5 89BE 0C200000 mov dword ptr ds:[esi+200C],edi
005B58FB 0F83 D9030000 jnb ElementC.005B5CDA
005B5901 C1E8 10 shr eax,10
005B5904 25 FF1F0000 and eax,1FFF
005B5909 05 40010000 add eax,140
005B590E 8BD8 mov ebx,eax
005B5910 8B86 04200000 mov eax,dword ptr ds:[esi+2004]
005B5916 8B96 14200000 mov edx,dword ptr ds:[esi+2014]
005B591C 8BC8 mov ecx,eax
005B591E 83E0 07 and eax,7
005B5921 C1E9 03 shr ecx,3
005B5924 03D1 add edx,ecx
005B5926 8986 04200000 mov dword ptr ds:[esi+2004],eax
005B592C 8996 14200000 mov dword ptr ds:[esi+2014],edx
005B5932 8B02 mov eax,dword ptr ds:[edx]
005B5934 8945 F8 mov dword ptr ss:[ebp-8],eax
005B5937 8B45 F8 mov eax,dword ptr ss:[ebp-8]
005B593A 0FC8 bswap eax
005B593C 8945 F8 mov dword ptr ss:[ebp-8],eax
005B593F 8B8E 04200000 mov ecx,dword ptr ds:[esi+2004]
005B5945 8B45 F8 mov eax,dword ptr ss:[ebp-8]
005B5948 D3E0 shl eax,cl
005B594A 3D 00000080 cmp eax,80000000
005B594F 73 2E jnb short ElementC.005B597F
005B5951 8B96 0C200000 mov edx,dword ptr ds:[esi+200C]
005B5957 41 inc ecx
005B5958 42 inc edx
005B5959 898E 04200000 mov dword ptr ds:[esi+2004],ecx
005B595F 8B8E 10200000 mov ecx,dword ptr ds:[esi+2010]
005B5965 8BC2 mov eax,edx
005B5967 3BC1 cmp eax,ecx
005B5969 8996 0C200000 mov dword ptr ds:[esi+200C],edx
005B596F 0F83 7F030000 jnb ElementC.005B5CF4
005B5975 B8 03000000 mov eax,3
005B597A E9 C4020000 jmp ElementC.005B5C43
005B597F 3D 000000C0 cmp eax,C0000000
005B5984 73 3A jnb short ElementC.005B59C0
005B5986 8BBE 0C200000 mov edi,dword ptr ds:[esi+200C]
005B598C 8B96 10200000 mov edx,dword ptr ds:[esi+2010]
005B5992 83C1 04 add ecx,4
005B5995 83C7 04 add edi,4
005B5998 898E 04200000 mov dword ptr ds:[esi+2004],ecx
005B599E 8BCF mov ecx,edi
005B59A0 3BCA cmp ecx,edx
005B59A2 89BE 0C200000 mov dword ptr ds:[esi+200C],edi
005B59A8 0F83 12030000 jnb ElementC.005B5CC0
005B59AE 25 00000030 and eax,30000000
005B59B3 0D 00000040 or eax,40000000
005B59B8 C1E8 1C shr eax,1C
005B59BB E9 83020000 jmp ElementC.005B5C43
005B59C0 3D 000000E0 cmp eax,E0000000
005B59C5 73 3A jnb short ElementC.005B5A01
005B59C7 8BBE 0C200000 mov edi,dword ptr ds:[esi+200C]
005B59CD 8B96 10200000 mov edx,dword ptr ds:[esi+2010]
005B59D3 83C1 06 add ecx,6
005B59D6 83C7 06 add edi,6
005B59D9 898E 04200000 mov dword ptr ds:[esi+2004],ecx
005B59DF 8BCF mov ecx,edi
005B59E1 3BCA cmp ecx,edx
005B59E3 89BE 0C200000 mov dword ptr ds:[esi+200C],edi
005B59E9 0F83 EB020000 jnb ElementC.005B5CDA
005B59EF 25 0000001C and eax,1C000000
005B59F4 0D 00000020 or eax,20000000
005B59F9 C1E8 1A shr eax,1A
005B59FC E9 42020000 jmp ElementC.005B5C43
005B5A01 3D 000000F0 cmp eax,F0000000
005B5A06 73 3A jnb short ElementC.005B5A42
005B5A08 8BBE 0C200000 mov edi,dword ptr ds:[esi+200C]
005B5A0E 8B96 10200000 mov edx,dword ptr ds:[esi+2010]
005B5A14 83C1 08 add ecx,8
005B5A17 83C7 08 add edi,8
005B5A1A 898E 04200000 mov dword ptr ds:[esi+2004],ecx
005B5A20 8BCF mov ecx,edi
005B5A22 3BCA cmp ecx,edx
005B5A24 89BE 0C200000 mov dword ptr ds:[esi+200C],edi
005B5A2A 0F83 C4020000 jnb ElementC.005B5CF4
005B5A30 25 0000000F and eax,0F000000
005B5A35 0D 00000010 or eax,10000000
005B5A3A C1E8 18 shr eax,18
005B5A3D E9 01020000 jmp ElementC.005B5C43
005B5A42 3D 000000F8 cmp eax,F8000000
005B5A47 73 3A jnb short ElementC.005B5A83
005B5A49 8BBE 0C200000 mov edi,dword ptr ds:[esi+200C]
005B5A4F 8B96 10200000 mov edx,dword ptr ds:[esi+2010]
005B5A55 83C1 0A add ecx,0A
005B5A58 83C7 0A add edi,0A
005B5A5B 898E 04200000 mov dword ptr ds:[esi+2004],ecx
005B5A61 8BCF mov ecx,edi
005B5A63 3BCA cmp ecx,edx
005B5A65 89BE 0C200000 mov dword ptr ds:[esi+200C],edi
005B5A6B 0F83 4F020000 jnb ElementC.005B5CC0
005B5A71 25 0000C007 and eax,7C00000
005B5A76 0D 00000008 or eax,8000000
005B5A7B C1E8 16 shr eax,16
005B5A7E E9 C0010000 jmp ElementC.005B5C43
005B5A83 3D 000000FC cmp eax,FC000000
005B5A88 73 3A jnb short ElementC.005B5AC4
005B5A8A 8BBE 0C200000 mov edi,dword ptr ds:[esi+200C]
005B5A90 8B96 10200000 mov edx,dword ptr ds:[esi+2010]
005B5A96 83C1 0C add ecx,0C
005B5A99 83C7 0C add edi,0C
005B5A9C 898E 04200000 mov dword ptr ds:[esi+2004],ecx
005B5AA2 8BCF mov ecx,edi
005B5AA4 3BCA cmp ecx,edx
005B5AA6 89BE 0C200000 mov dword ptr ds:[esi+200C],edi
005B5AAC 0F83 28020000 jnb ElementC.005B5CDA
005B5AB2 25 0000F003 and eax,3F00000
005B5AB7 0D 00000004 or eax,4000000
005B5ABC C1E8 14 shr eax,14
005B5ABF E9 7F010000 jmp ElementC.005B5C43
005B5AC4 3D 000000FE cmp eax,FE000000
005B5AC9 73 3A jnb short ElementC.005B5B05
005B5ACB 8BBE 0C200000 mov edi,dword ptr ds:[esi+200C]
005B5AD1 8B96 10200000 mov edx,dword ptr ds:[esi+2010]
005B5AD7 83C1 0E add ecx,0E
005B5ADA 83C7 0E add edi,0E
005B5ADD 898E 04200000 mov dword ptr ds:[esi+2004],ecx
005B5AE3 8BCF mov ecx,edi
005B5AE5 3BCA cmp ecx,edx
005B5AE7 89BE 0C200000 mov dword ptr ds:[esi+200C],edi
005B5AED 0F83 01020000 jnb ElementC.005B5CF4
005B5AF3 25 0000FC01 and eax,1FC0000
005B5AF8 0D 00000002 or eax,2000000
005B5AFD C1E8 12 shr eax,12
005B5B00 E9 3E010000 jmp ElementC.005B5C43
005B5B05 3D 000000FF cmp eax,FF000000
005B5B0A 73 3A jnb short ElementC.005B5B46
005B5B0C 8BBE 0C200000 mov edi,dword ptr ds:[esi+200C]
005B5B12 8B96 10200000 mov edx,dword ptr ds:[esi+2010]
005B5B18 83C1 10 add ecx,10
005B5B1B 83C7 10 add edi,10
005B5B1E 898E 04200000 mov dword ptr ds:[esi+2004],ecx
005B5B24 8BCF mov ecx,edi
005B5B26 3BCA cmp ecx,edx
005B5B28 89BE 0C200000 mov dword ptr ds:[esi+200C],edi
005B5B2E 0F83 8C010000 jnb ElementC.005B5CC0
005B5B34 25 0000FF00 and eax,0FF0000
005B5B39 0D 00000001 or eax,1000000
005B5B3E C1E8 10 shr eax,10
005B5B41 E9 FD000000 jmp ElementC.005B5C43
005B5B46 3D 000080FF cmp eax,FF800000
005B5B4B 73 3A jnb short ElementC.005B5B87
005B5B4D 8BBE 0C200000 mov edi,dword ptr ds:[esi+200C]
005B5B53 8B96 10200000 mov edx,dword ptr ds:[esi+2010]
005B5B59 83C1 12 add ecx,12
005B5B5C 83C7 12 add edi,12
005B5B5F 898E 04200000 mov dword ptr ds:[esi+2004],ecx
005B5B65 8BCF mov ecx,edi
005B5B67 3BCA cmp ecx,edx
005B5B69 89BE 0C200000 mov dword ptr ds:[esi+200C],edi
005B5B6F 0F83 65010000 jnb ElementC.005B5CDA
005B5B75 25 00C07F00 and eax,7FC000
005B5B7A 0D 00008000 or eax,800000
005B5B7F C1E8 0E shr eax,0E
005B5B82 E9 BC000000 jmp ElementC.005B5C43
005B5B87 3D 0000C0FF cmp eax,FFC00000
005B5B8C 73 37 jnb short ElementC.005B5BC5
005B5B8E 8BBE 0C200000 mov edi,dword ptr ds:[esi+200C]
005B5B94 8B96 10200000 mov edx,dword ptr ds:[esi+2010]
005B5B9A 83C1 14 add ecx,14
005B5B9D 83C7 14 add edi,14
005B5BA0 898E 04200000 mov dword ptr ds:[esi+2004],ecx
005B5BA6 8BCF mov ecx,edi
005B5BA8 3BCA cmp ecx,edx
005B5BAA 89BE 0C200000 mov dword ptr ds:[esi+200C],edi
005B5BB0 0F83 3E010000 jnb ElementC.005B5CF4
005B5BB6 25 00F03F00 and eax,3FF000
005B5BBB 0D 00004000 or eax,400000
005B5BC0 C1E8 0C shr eax,0C
005B5BC3 EB 7E jmp short ElementC.005B5C43
005B5BC5 3D 0000E0FF cmp eax,FFE00000
005B5BCA 73 37 jnb short ElementC.005B5C03
005B5BCC 8BBE 0C200000 mov edi,dword ptr ds:[esi+200C]
005B5BD2 8B96 10200000 mov edx,dword ptr ds:[esi+2010]
005B5BD8 83C1 16 add ecx,16
005B5BDB 83C7 16 add edi,16
005B5BDE 898E 04200000 mov dword ptr ds:[esi+2004],ecx
005B5BE4 8BCF mov ecx,edi
005B5BE6 3BCA cmp ecx,edx
005B5BE8 89BE 0C200000 mov dword ptr ds:[esi+200C],edi
005B5BEE 0F83 CC000000 jnb ElementC.005B5CC0
005B5BF4 25 00FC1F00 and eax,1FFC00
005B5BF9 0D 00002000 or eax,200000
005B5BFE C1E8 0A shr eax,0A
005B5C01 EB 40 jmp short ElementC.005B5C43
005B5C03 3D 0000F0FF cmp eax,FFF00000
005B5C08 0F83 E6000000 jnb ElementC.005B5CF4
005B5C0E 8BBE 0C200000 mov edi,dword ptr ds:[esi+200C]
005B5C14 8B96 10200000 mov edx,dword ptr ds:[esi+2010]
005B5C1A 83C1 18 add ecx,18
005B5C1D 83C7 18 add edi,18
005B5C20 898E 04200000 mov dword ptr ds:[esi+2004],ecx
005B5C26 8BCF mov ecx,edi
005B5C28 3BCA cmp ecx,edx
005B5C2A 89BE 0C200000 mov dword ptr ds:[esi+200C],edi
005B5C30 0F83 A4000000 jnb ElementC.005B5CDA
005B5C36 25 00FF0F00 and eax,0FFF00
005B5C3B 0D 00001000 or eax,100000
005B5C40 C1E8 08 shr eax,8
005B5C43 8B8E 00200000 mov ecx,dword ptr ds:[esi+2000]
005B5C49 8D96 00200000 lea edx,dword ptr ds:[esi+2000]
005B5C4F 8BF9 mov edi,ecx
005B5C51 2BFB sub edi,ebx
005B5C53 3BFE cmp edi,esi
005B5C55 0F82 B1000000 jb ElementC.005B5D0C
005B5C5B 8D1C01 lea ebx,dword ptr ds:[ecx+eax]
005B5C5E 3BDA cmp ebx,edx
005B5C60 0F87 A6000000 ja ElementC.005B5D0C
005B5C66 8BD9 mov ebx,ecx
005B5C68 8BD0 mov edx,eax
005B5C6A 2BDF sub ebx,edi
005B5C6C 83FB 03 cmp ebx,3
005B5C6F 7E 23 jle short ElementC.005B5C94
005B5C71 83F8 03 cmp eax,3
005B5C74 76 1E jbe short ElementC.005B5C94
005B5C76 8BD8 mov ebx,eax
005B5C78 C1EB 02 shr ebx,2
005B5C7B 895D F8 mov dword ptr ss:[ebp-8],ebx
005B5C7E 8B1F mov ebx,dword ptr ds:[edi]
005B5C80 83C7 04 add edi,4
005B5C83 8919 mov dword ptr ds:[ecx],ebx
005B5C85 8B5D F8 mov ebx,dword ptr ss:[ebp-8]
005B5C88 83C1 04 add ecx,4
005B5C8B 83EA 04 sub edx,4
005B5C8E 4B dec ebx
005B5C8F 895D F8 mov dword ptr ss:[ebp-8],ebx
005B5C92 ^ 75 EA jnz short ElementC.005B5C7E
005B5C94 8BDA mov ebx,edx
005B5C96 4A dec edx
005B5C97 85DB test ebx,ebx
005B5C99 74 0A je short ElementC.005B5CA5
005B5C9B 42 inc edx
005B5C9C 8A1F mov bl,byte ptr ds:[edi]
005B5C9E 8819 mov byte ptr ds:[ecx],bl
005B5CA0 41 inc ecx
005B5CA1 47 inc edi
005B5CA2 4A dec edx
005B5CA3 ^ 75 F7 jnz short ElementC.005B5C9C
005B5CA5 0186 00200000 add dword ptr ds:[esi+2000],eax
005B5CAB 8B8E 10200000 mov ecx,dword ptr ds:[esi+2010]
005B5CB1 8B86 0C200000 mov eax,dword ptr ds:[esi+200C]
005B5CB7 3BC8 cmp ecx,eax
005B5CB9 76 51 jbe short ElementC.005B5D0C
005B5CBB ^ E9 F6F9FFFF jmp ElementC.005B56B6
005B5CC0 8B8E 08200000 mov ecx,dword ptr ds:[esi+2008]
005B5CC6 8B96 18200000 mov edx,dword ptr ds:[esi+2018]
005B5CCC 898E 04200000 mov dword ptr ds:[esi+2004],ecx
005B5CD2 8996 14200000 mov dword ptr ds:[esi+2014],edx
005B5CD8 EB 32 jmp short ElementC.005B5D0C
005B5CDA 8B86 08200000 mov eax,dword ptr ds:[esi+2008]
005B5CE0 8B8E 18200000 mov ecx,dword ptr ds:[esi+2018]
005B5CE6 8986 04200000 mov dword ptr ds:[esi+2004],eax
005B5CEC 898E 14200000 mov dword ptr ds:[esi+2014],ecx
005B5CF2 EB 18 jmp short ElementC.005B5D0C
005B5CF4 8B96 08200000 mov edx,dword ptr ds:[esi+2008]
005B5CFA 8B86 18200000 mov eax,dword ptr ds:[esi+2018]
005B5D00 8996 04200000 mov dword ptr ds:[esi+2004],edx
005B5D06 8986 14200000 mov dword ptr ds:[esi+2014],eax
005B5D0C 8BBE 00200000 mov edi,dword ptr ds:[esi+2000]
005B5D12 8B4D FC mov ecx,dword ptr ss:[ebp-4]
005B5D15 2BF9 sub edi,ecx
005B5D17 8B4D 08 mov ecx,dword ptr ss:[ebp+8]
005B5D1A 8B51 08 mov edx,dword ptr ds:[ecx+8]
005B5D1D 8B41 04 mov eax,dword ptr ds:[ecx+4]
005B5D20 8955 F8 mov dword ptr ss:[ebp-8],edx
005B5D23 8BDA mov ebx,edx
005B5D25 2BD0 sub edx,eax
005B5D27 2BD8 sub ebx,eax
005B5D29 03D7 add edx,edi
005B5D2B 52 push edx
005B5D2C E8 4FA4E6FF call ElementC.00420180
005B5D31 8B45 F8 mov eax,dword ptr ss:[ebp-8]
005B5D34 85C0 test eax,eax
005B5D36 74 32 je short ElementC.005B5D6A
005B5D38 8B45 08 mov eax,dword ptr ss:[ebp+8]
005B5D3B 8B48 04 mov ecx,dword ptr ds:[eax+4]
005B5D3E 03D9 add ebx,ecx
005B5D40 8B48 08 mov ecx,dword ptr ds:[eax+8]
005B5D43 2BCB sub ecx,ebx
005B5D45 51 push ecx
005B5D46 8D143B lea edx,dword ptr ds:[ebx+edi]
005B5D49 53 push ebx
005B5D4A 52 push edx
005B5D4B FF15 9CE39500 call dword ptr ds:[<&MSVCRT.memmove>] ; MSVCRT.memmove
005B5D51 8B45 FC mov eax,dword ptr ss:[ebp-4]
005B5D54 57 push edi
005B5D55 50 push eax
005B5D56 53 push ebx
005B5D57 FF15 9CE39500 call dword ptr ds:[<&MSVCRT.memmove>] ; MSVCRT.memmove
005B5D5D 8B45 08 mov eax,dword ptr ss:[ebp+8]
005B5D60 83C4 18 add esp,18
005B5D63 8BD8 mov ebx,eax
005B5D65 0178 08 add dword ptr ds:[eax+8],edi
005B5D68 EB 1D jmp short ElementC.005B5D87
005B5D6A 8B5D 08 mov ebx,dword ptr ss:[ebp+8]
005B5D6D 8B4D FC mov ecx,dword ptr ss:[ebp-4]
005B5D70 57 push edi
005B5D71 51 push ecx
005B5D72 8B53 04 mov edx,dword ptr ds:[ebx+4]
005B5D75 52 push edx
005B5D76 FF15 9CE39500 call dword ptr ds:[<&MSVCRT.memmove>] ; MSVCRT.memmove
005B5D7C 8B43 04 mov eax,dword ptr ds:[ebx+4]
005B5D7F 83C4 0C add esp,0C
005B5D82 03F8 add edi,eax
005B5D84 897B 08 mov dword ptr ds:[ebx+8],edi
005B5D87 8BBE 20200000 mov edi,dword ptr ds:[esi+2020]
005B5D8D 8BB6 14200000 mov esi,dword ptr ds:[esi+2014]
005B5D93 3BFE cmp edi,esi
005B5D95 74 2A je short ElementC.005B5DC1
005B5D97 8B5D F4 mov ebx,dword ptr ss:[ebp-C]
005B5D9A 8B43 08 mov eax,dword ptr ds:[ebx+8]
005B5D9D 2BC6 sub eax,esi
005B5D9F 50 push eax
005B5DA0 56 push esi
005B5DA1 57 push edi
005B5DA2 FF15 9CE39500 call dword ptr ds:[<&MSVCRT.memmove>] ; MSVCRT.memmove
005B5DA8 8B43 08 mov eax,dword ptr ds:[ebx+8]
005B5DAB 83C4 0C add esp,0C
005B5DAE 2BFE sub edi,esi
005B5DB0 03C7 add eax,edi
005B5DB2 5F pop edi
005B5DB3 8943 08 mov dword ptr ds:[ebx+8],eax
005B5DB6 8B45 08 mov eax,dword ptr ss:[ebp+8]
005B5DB9 5E pop esi
005B5DBA 5B pop ebx
005B5DBB 8BE5 mov esp,ebp
005B5DBD 5D pop ebp
[注意]传递专业知识、拓宽行业人脉——看雪讲师团队等你加入!
d
