[求助]大家帮忙看看这是什么加密算法-密码应用-看雪-安全社区|安全招聘|kanxue.com

[求助]大家帮忙看看这是什么加密算法
发表于: 2009-9-7 10:26 4163
[求助]大家帮忙看看这是什么加密算法

SFQin
2009-9-7 10:26
4163
这个加密算法是对称的，算法中，数据4字节一组，会先进行bswap颠倒,再左移一定位数，再和0x80000000,0xC0000000,0xE0000000,0xF0000000,0xF8000000等一系列进行比较，根据比较结果不同进行不同处理，代码如下，大家帮忙看看这是啥算法：
005B56B6     8B86 04200000  mov eax,dword ptr ds:[esi+2004]                      ; 005B56BC     8B8E 14200000  mov ecx,dword ptr ds:[esi+2014]
005B56C2     8BD0           mov edx,eax
005B56C4     8986 08200000  mov dword ptr ds:[esi+2008],eax
005B56CA     C1EA 03        shr edx,3
005B56CD     83E0 07        and eax,7
005B56D0     03D1           add edx,ecx
005B56D2     8986 04200000  mov dword ptr ds:[esi+2004],eax
005B56D8     8BC2           mov eax,edx
005B56DA     898E 18200000  mov dword ptr ds:[esi+2018],ecx
005B56E0     8996 14200000  mov dword ptr ds:[esi+2014],edx
005B56E6     8B08           mov ecx,dword ptr ds:[eax]                           ; 待解密的数据
005B56E8     894D F8        mov dword ptr ss:[ebp-8],ecx
005B56EB     8B45 F8        mov eax,dword ptr ss:[ebp-8]
005B56EE     0FC8           bswap eax
005B56F0     8945 F8        mov dword ptr ss:[ebp-8],eax
005B56F3     8B8E 04200000  mov ecx,dword ptr ds:[esi+2004]
005B56F9     8B45 F8        mov eax,dword ptr ss:[ebp-8]
005B56FC     D3E0           shl eax,cl                                           ; 待解密数据左移的位数
005B56FE     3D 00000080    cmp eax,80000000                                     ; 
005B5703     73 45          jnb short ElementC.005B574A
005B5705     8BBE 0C200000  mov edi,dword ptr ds:[esi+200C]
005B570B     8B96 10200000  mov edx,dword ptr ds:[esi+2010]
005B5711     83C1 08        add ecx,8
005B5714     83C7 08        add edi,8
005B5717     898E 04200000  mov dword ptr ds:[esi+2004],ecx
005B571D     8BCF           mov ecx,edi
005B571F     3BCA           cmp ecx,edx
005B5721     89BE 0C200000  mov dword ptr ds:[esi+200C],edi
005B5727     0F83 C7050000  jnb ElementC.005B5CF4
005B572D     8B96 00200000  mov edx,dword ptr ds:[esi+2000]
005B5733     C1E8 18        shr eax,18
005B5736     8802           mov byte ptr ds:[edx],al                             ; 解密后的数据
005B5738     8B86 00200000  mov eax,dword ptr ds:[esi+2000]
005B573E     40             inc eax
005B573F     8986 00200000  mov dword ptr ds:[esi+2000],eax
005B5745     E9 61050000    jmp ElementC.005B5CAB
005B574A     3D 000000C0    cmp eax,C0000000
005B574F     73 47          jnb short ElementC.005B5798
005B5751     8BBE 0C200000  mov edi,dword ptr ds:[esi+200C]
005B5757     8B96 10200000  mov edx,dword ptr ds:[esi+2010]
005B575D     83C1 09        add ecx,9
005B5760     83C7 09        add edi,9
005B5763     898E 04200000  mov dword ptr ds:[esi+2004],ecx
005B5769     8BCF           mov ecx,edi
005B576B     3BCA           cmp ecx,edx
005B576D     89BE 0C200000  mov dword ptr ds:[esi+200C],edi
005B5773     0F83 47050000  jnb ElementC.005B5CC0
005B5779     8B8E 00200000  mov ecx,dword ptr ds:[esi+2000]
005B577F     C1E8 17        shr eax,17
005B5782     0C 80          or al,80
005B5784     8801           mov byte ptr ds:[ecx],al
005B5786     8B86 00200000  mov eax,dword ptr ds:[esi+2000]
005B578C     40             inc eax
005B578D     8986 00200000  mov dword ptr ds:[esi+2000],eax
005B5793     E9 13050000    jmp ElementC.005B5CAB
005B5798     3D 000000F0    cmp eax,F0000000
005B579D     0F82 FA000000  jb ElementC.005B589D
005B57A3     8B96 0C200000  mov edx,dword ptr ds:[esi+200C]
005B57A9     8BBE 10200000  mov edi,dword ptr ds:[esi+2010]
005B57AF     83C2 0A        add edx,0A
005B57B2     83C1 0A        add ecx,0A
005B57B5     3BD7           cmp edx,edi
005B57B7     898E 04200000  mov dword ptr ds:[esi+2004],ecx
005B57BD     8996 0C200000  mov dword ptr ds:[esi+200C],edx
005B57C3     0F83 11050000  jnb ElementC.005B5CDA
005B57C9     C1E8 16        shr eax,16
005B57CC     83E0 3F        and eax,3F
005B57CF     8BD8           mov ebx,eax
005B57D1     0F85 39010000  jnz ElementC.005B5910
005B57D7     8BD9           mov ebx,ecx
005B57D9     B8 08000000    mov eax,8
005B57DE     83E3 07        and ebx,7
005B57E1     2BC3           sub eax,ebx
005B57E3     83F8 08        cmp eax,8
005B57E6     73 18          jnb short ElementC.005B5800
005B57E8     03C8           add ecx,eax
005B57EA     03C2           add eax,edx
005B57EC     3BC7           cmp eax,edi
005B57EE     898E 04200000  mov dword ptr ds:[esi+2004],ecx
005B57F4     8986 0C200000  mov dword ptr ds:[esi+200C],eax
005B57FA     0F83 F4040000  jnb ElementC.005B5CF4
005B5800     8BBE 00200000  mov edi,dword ptr ds:[esi+2000]
005B5806     8B4D FC        mov ecx,dword ptr ss:[ebp-4]
005B5809     2BF9           sub edi,ecx
005B580B     8B4D 08        mov ecx,dword ptr ss:[ebp+8]
005B580E     8B51 08        mov edx,dword ptr ds:[ecx+8]
005B5811     8B41 04        mov eax,dword ptr ds:[ecx+4]
005B5814     8955 F8        mov dword ptr ss:[ebp-8],edx
005B5817     8BDA           mov ebx,edx
005B5819     2BD0           sub edx,eax
005B581B     2BD8           sub ebx,eax
005B581D     03D7           add edx,edi
005B581F     52             push edx
005B5820     E8 5BA9E6FF    call ElementC.00420180
005B5825     8B45 F8        mov eax,dword ptr ss:[ebp-8]
005B5828     85C0           test eax,eax
005B582A     74 30          je short ElementC.005B585C
005B582C     8B45 08        mov eax,dword ptr ss:[ebp+8]
005B582F     8B48 04        mov ecx,dword ptr ds:[eax+4]
005B5832     8B50 08        mov edx,dword ptr ds:[eax+8]
005B5835     03D9           add ebx,ecx
005B5837     2BD3           sub edx,ebx
005B5839     52             push edx
005B583A     8D043B         lea eax,dword ptr ds:[ebx+edi]
005B583D     53             push ebx
005B583E     50             push eax
005B583F     FF15 9CE39500  call dword ptr ds:[<&MSVCRT.memmove>]                ; MSVCRT.memmove
005B5845     8B4D FC        mov ecx,dword ptr ss:[ebp-4]
005B5848     57             push edi
005B5849     51             push ecx
005B584A     53             push ebx
005B584B     FF15 9CE39500  call dword ptr ds:[<&MSVCRT.memmove>]                ; MSVCRT.memmove
005B5851     8B45 08        mov eax,dword ptr ss:[ebp+8]
005B5854     83C4 18        add esp,18
005B5857     0178 08        add dword ptr ds:[eax+8],edi
005B585A     EB 1D          jmp short ElementC.005B5879
005B585C     8B5D 08        mov ebx,dword ptr ss:[ebp+8]
005B585F     8B55 FC        mov edx,dword ptr ss:[ebp-4]
005B5862     57             push edi
005B5863     52             push edx
005B5864     8B43 04        mov eax,dword ptr ds:[ebx+4]
005B5867     50             push eax
005B5868     FF15 9CE39500  call dword ptr ds:[<&MSVCRT.memmove>]                ; MSVCRT.memmove
005B586E     8B43 04        mov eax,dword ptr ds:[ebx+4]
005B5871     83C4 0C        add esp,0C
005B5874     03F8           add edi,eax
005B5876     897B 08        mov dword ptr ds:[ebx+8],edi
005B5879     8B8E 00200000  mov ecx,dword ptr ds:[esi+2000]
005B587F     2BCE           sub ecx,esi
005B5881     81F9 00200000  cmp ecx,2000
005B5887     75 06          jnz short ElementC.005B588F
005B5889     89B6 00200000  mov dword ptr ds:[esi+2000],esi
005B588F     8B96 00200000  mov edx,dword ptr ds:[esi+2000]
005B5895     8955 FC        mov dword ptr ss:[ebp-4],edx
005B5898     E9 0E040000    jmp ElementC.005B5CAB
005B589D     3D 000000E0    cmp eax,E0000000
005B58A2     72 35          jb short ElementC.005B58D9
005B58A4     8BBE 0C200000  mov edi,dword ptr ds:[esi+200C]
005B58AA     8B96 10200000  mov edx,dword ptr ds:[esi+2010]
005B58B0     83C1 0C        add ecx,0C
005B58B3     83C7 0C        add edi,0C
005B58B6     898E 04200000  mov dword ptr ds:[esi+2004],ecx
005B58BC     8BCF           mov ecx,edi
005B58BE     3BCA           cmp ecx,edx
005B58C0     89BE 0C200000  mov dword ptr ds:[esi+200C],edi
005B58C6     0F83 F4030000  jnb ElementC.005B5CC0
005B58CC     C1E8 14        shr eax,14
005B58CF     25 FF000000    and eax,0FF
005B58D4     83C0 40        add eax,40
005B58D7     EB 35          jmp short ElementC.005B590E
005B58D9     8BBE 0C200000  mov edi,dword ptr ds:[esi+200C]
005B58DF     8B96 10200000  mov edx,dword ptr ds:[esi+2010]
005B58E5     83C1 10        add ecx,10
005B58E8     83C7 10        add edi,10
005B58EB     898E 04200000  mov dword ptr ds:[esi+2004],ecx
005B58F1     8BCF           mov ecx,edi
005B58F3     3BCA           cmp ecx,edx
005B58F5     89BE 0C200000  mov dword ptr ds:[esi+200C],edi
005B58FB     0F83 D9030000  jnb ElementC.005B5CDA
005B5901     C1E8 10        shr eax,10
005B5904     25 FF1F0000    and eax,1FFF
005B5909     05 40010000    add eax,140
005B590E     8BD8           mov ebx,eax
005B5910     8B86 04200000  mov eax,dword ptr ds:[esi+2004]
005B5916     8B96 14200000  mov edx,dword ptr ds:[esi+2014]
005B591C     8BC8           mov ecx,eax
005B591E     83E0 07        and eax,7
005B5921     C1E9 03        shr ecx,3
005B5924     03D1           add edx,ecx
005B5926     8986 04200000  mov dword ptr ds:[esi+2004],eax
005B592C     8996 14200000  mov dword ptr ds:[esi+2014],edx
005B5932     8B02           mov eax,dword ptr ds:[edx]
005B5934     8945 F8        mov dword ptr ss:[ebp-8],eax
005B5937     8B45 F8        mov eax,dword ptr ss:[ebp-8]
005B593A     0FC8           bswap eax
005B593C     8945 F8        mov dword ptr ss:[ebp-8],eax
005B593F     8B8E 04200000  mov ecx,dword ptr ds:[esi+2004]
005B5945     8B45 F8        mov eax,dword ptr ss:[ebp-8]
005B5948     D3E0           shl eax,cl
005B594A     3D 00000080    cmp eax,80000000
005B594F     73 2E          jnb short ElementC.005B597F
005B5951     8B96 0C200000  mov edx,dword ptr ds:[esi+200C]
005B5957     41             inc ecx
005B5958     42             inc edx
005B5959     898E 04200000  mov dword ptr ds:[esi+2004],ecx
005B595F     8B8E 10200000  mov ecx,dword ptr ds:[esi+2010]
005B5965     8BC2           mov eax,edx
005B5967     3BC1           cmp eax,ecx
005B5969     8996 0C200000  mov dword ptr ds:[esi+200C],edx
005B596F     0F83 7F030000  jnb ElementC.005B5CF4
005B5975     B8 03000000    mov eax,3
005B597A     E9 C4020000    jmp ElementC.005B5C43
005B597F     3D 000000C0    cmp eax,C0000000
005B5984     73 3A          jnb short ElementC.005B59C0
005B5986     8BBE 0C200000  mov edi,dword ptr ds:[esi+200C]
005B598C     8B96 10200000  mov edx,dword ptr ds:[esi+2010]
005B5992     83C1 04        add ecx,4
005B5995     83C7 04        add edi,4
005B5998     898E 04200000  mov dword ptr ds:[esi+2004],ecx
005B599E     8BCF           mov ecx,edi
005B59A0     3BCA           cmp ecx,edx
005B59A2     89BE 0C200000  mov dword ptr ds:[esi+200C],edi
005B59A8     0F83 12030000  jnb ElementC.005B5CC0
005B59AE     25 00000030    and eax,30000000
005B59B3     0D 00000040    or eax,40000000
005B59B8     C1E8 1C        shr eax,1C
005B59BB     E9 83020000    jmp ElementC.005B5C43
005B59C0     3D 000000E0    cmp eax,E0000000
005B59C5     73 3A          jnb short ElementC.005B5A01
005B59C7     8BBE 0C200000  mov edi,dword ptr ds:[esi+200C]
005B59CD     8B96 10200000  mov edx,dword ptr ds:[esi+2010]
005B59D3     83C1 06        add ecx,6
005B59D6     83C7 06        add edi,6
005B59D9     898E 04200000  mov dword ptr ds:[esi+2004],ecx
005B59DF     8BCF           mov ecx,edi
005B59E1     3BCA           cmp ecx,edx
005B59E3     89BE 0C200000  mov dword ptr ds:[esi+200C],edi
005B59E9     0F83 EB020000  jnb ElementC.005B5CDA
005B59EF     25 0000001C    and eax,1C000000
005B59F4     0D 00000020    or eax,20000000
005B59F9     C1E8 1A        shr eax,1A
005B59FC     E9 42020000    jmp ElementC.005B5C43
005B5A01     3D 000000F0    cmp eax,F0000000
005B5A06     73 3A          jnb short ElementC.005B5A42
005B5A08     8BBE 0C200000  mov edi,dword ptr ds:[esi+200C]
005B5A0E     8B96 10200000  mov edx,dword ptr ds:[esi+2010]
005B5A14     83C1 08        add ecx,8
005B5A17     83C7 08        add edi,8
005B5A1A     898E 04200000  mov dword ptr ds:[esi+2004],ecx
005B5A20     8BCF           mov ecx,edi
005B5A22     3BCA           cmp ecx,edx
005B5A24     89BE 0C200000  mov dword ptr ds:[esi+200C],edi
005B5A2A     0F83 C4020000  jnb ElementC.005B5CF4
005B5A30     25 0000000F    and eax,0F000000
005B5A35     0D 00000010    or eax,10000000
005B5A3A     C1E8 18        shr eax,18
005B5A3D     E9 01020000    jmp ElementC.005B5C43
005B5A42     3D 000000F8    cmp eax,F8000000
005B5A47     73 3A          jnb short ElementC.005B5A83
005B5A49     8BBE 0C200000  mov edi,dword ptr ds:[esi+200C]
005B5A4F     8B96 10200000  mov edx,dword ptr ds:[esi+2010]
005B5A55     83C1 0A        add ecx,0A
005B5A58     83C7 0A        add edi,0A
005B5A5B     898E 04200000  mov dword ptr ds:[esi+2004],ecx
005B5A61     8BCF           mov ecx,edi
005B5A63     3BCA           cmp ecx,edx
005B5A65     89BE 0C200000  mov dword ptr ds:[esi+200C],edi
005B5A6B     0F83 4F020000  jnb ElementC.005B5CC0
005B5A71     25 0000C007    and eax,7C00000
005B5A76     0D 00000008    or eax,8000000
005B5A7B     C1E8 16        shr eax,16
005B5A7E     E9 C0010000    jmp ElementC.005B5C43
005B5A83     3D 000000FC    cmp eax,FC000000
005B5A88     73 3A          jnb short ElementC.005B5AC4
005B5A8A     8BBE 0C200000  mov edi,dword ptr ds:[esi+200C]
005B5A90     8B96 10200000  mov edx,dword ptr ds:[esi+2010]
005B5A96     83C1 0C        add ecx,0C
005B5A99     83C7 0C        add edi,0C
005B5A9C     898E 04200000  mov dword ptr ds:[esi+2004],ecx
005B5AA2     8BCF           mov ecx,edi
005B5AA4     3BCA           cmp ecx,edx
005B5AA6     89BE 0C200000  mov dword ptr ds:[esi+200C],edi
005B5AAC     0F83 28020000  jnb ElementC.005B5CDA
005B5AB2     25 0000F003    and eax,3F00000
005B5AB7     0D 00000004    or eax,4000000
005B5ABC     C1E8 14        shr eax,14
005B5ABF     E9 7F010000    jmp ElementC.005B5C43
005B5AC4     3D 000000FE    cmp eax,FE000000
005B5AC9     73 3A          jnb short ElementC.005B5B05
005B5ACB     8BBE 0C200000  mov edi,dword ptr ds:[esi+200C]
005B5AD1     8B96 10200000  mov edx,dword ptr ds:[esi+2010]
005B5AD7     83C1 0E        add ecx,0E
005B5ADA     83C7 0E        add edi,0E
005B5ADD     898E 04200000  mov dword ptr ds:[esi+2004],ecx
005B5AE3     8BCF           mov ecx,edi
005B5AE5     3BCA           cmp ecx,edx
005B5AE7     89BE 0C200000  mov dword ptr ds:[esi+200C],edi
005B5AED     0F83 01020000  jnb ElementC.005B5CF4
005B5AF3     25 0000FC01    and eax,1FC0000
005B5AF8     0D 00000002    or eax,2000000
005B5AFD     C1E8 12        shr eax,12
005B5B00     E9 3E010000    jmp ElementC.005B5C43
005B5B05     3D 000000FF    cmp eax,FF000000
005B5B0A     73 3A          jnb short ElementC.005B5B46
005B5B0C     8BBE 0C200000  mov edi,dword ptr ds:[esi+200C]
005B5B12     8B96 10200000  mov edx,dword ptr ds:[esi+2010]
005B5B18     83C1 10        add ecx,10
005B5B1B     83C7 10        add edi,10
005B5B1E     898E 04200000  mov dword ptr ds:[esi+2004],ecx
005B5B24     8BCF           mov ecx,edi
005B5B26     3BCA           cmp ecx,edx
005B5B28     89BE 0C200000  mov dword ptr ds:[esi+200C],edi
005B5B2E     0F83 8C010000  jnb ElementC.005B5CC0
005B5B34     25 0000FF00    and eax,0FF0000
005B5B39     0D 00000001    or eax,1000000
005B5B3E     C1E8 10        shr eax,10
005B5B41     E9 FD000000    jmp ElementC.005B5C43
005B5B46     3D 000080FF    cmp eax,FF800000
005B5B4B     73 3A          jnb short ElementC.005B5B87
005B5B4D     8BBE 0C200000  mov edi,dword ptr ds:[esi+200C]
005B5B53     8B96 10200000  mov edx,dword ptr ds:[esi+2010]
005B5B59     83C1 12        add ecx,12
005B5B5C     83C7 12        add edi,12
005B5B5F     898E 04200000  mov dword ptr ds:[esi+2004],ecx
005B5B65     8BCF           mov ecx,edi
005B5B67     3BCA           cmp ecx,edx
005B5B69     89BE 0C200000  mov dword ptr ds:[esi+200C],edi
005B5B6F     0F83 65010000  jnb ElementC.005B5CDA
005B5B75     25 00C07F00    and eax,7FC000
005B5B7A     0D 00008000    or eax,800000
005B5B7F     C1E8 0E        shr eax,0E
005B5B82     E9 BC000000    jmp ElementC.005B5C43
005B5B87     3D 0000C0FF    cmp eax,FFC00000
005B5B8C     73 37          jnb short ElementC.005B5BC5
005B5B8E     8BBE 0C200000  mov edi,dword ptr ds:[esi+200C]
005B5B94     8B96 10200000  mov edx,dword ptr ds:[esi+2010]
005B5B9A     83C1 14        add ecx,14
005B5B9D     83C7 14        add edi,14
005B5BA0     898E 04200000  mov dword ptr ds:[esi+2004],ecx
005B5BA6     8BCF           mov ecx,edi
005B5BA8     3BCA           cmp ecx,edx
005B5BAA     89BE 0C200000  mov dword ptr ds:[esi+200C],edi
005B5BB0     0F83 3E010000  jnb ElementC.005B5CF4
005B5BB6     25 00F03F00    and eax,3FF000
005B5BBB     0D 00004000    or eax,400000
005B5BC0     C1E8 0C        shr eax,0C
005B5BC3     EB 7E          jmp short ElementC.005B5C43
005B5BC5     3D 0000E0FF    cmp eax,FFE00000
005B5BCA     73 37          jnb short ElementC.005B5C03
005B5BCC     8BBE 0C200000  mov edi,dword ptr ds:[esi+200C]
005B5BD2     8B96 10200000  mov edx,dword ptr ds:[esi+2010]
005B5BD8     83C1 16        add ecx,16
005B5BDB     83C7 16        add edi,16
005B5BDE     898E 04200000  mov dword ptr ds:[esi+2004],ecx
005B5BE4     8BCF           mov ecx,edi
005B5BE6     3BCA           cmp ecx,edx
005B5BE8     89BE 0C200000  mov dword ptr ds:[esi+200C],edi
005B5BEE     0F83 CC000000  jnb ElementC.005B5CC0
005B5BF4     25 00FC1F00    and eax,1FFC00
005B5BF9     0D 00002000    or eax,200000
005B5BFE     C1E8 0A        shr eax,0A
005B5C01     EB 40          jmp short ElementC.005B5C43
005B5C03     3D 0000F0FF    cmp eax,FFF00000
005B5C08     0F83 E6000000  jnb ElementC.005B5CF4
005B5C0E     8BBE 0C200000  mov edi,dword ptr ds:[esi+200C]
005B5C14     8B96 10200000  mov edx,dword ptr ds:[esi+2010]
005B5C1A     83C1 18        add ecx,18
005B5C1D     83C7 18        add edi,18
005B5C20     898E 04200000  mov dword ptr ds:[esi+2004],ecx
005B5C26     8BCF           mov ecx,edi
005B5C28     3BCA           cmp ecx,edx
005B5C2A     89BE 0C200000  mov dword ptr ds:[esi+200C],edi
005B5C30     0F83 A4000000  jnb ElementC.005B5CDA
005B5C36     25 00FF0F00    and eax,0FFF00
005B5C3B     0D 00001000    or eax,100000
005B5C40     C1E8 08        shr eax,8
005B5C43     8B8E 00200000  mov ecx,dword ptr ds:[esi+2000]
005B5C49     8D96 00200000  lea edx,dword ptr ds:[esi+2000]
005B5C4F     8BF9           mov edi,ecx
005B5C51     2BFB           sub edi,ebx
005B5C53     3BFE           cmp edi,esi
005B5C55     0F82 B1000000  jb ElementC.005B5D0C
005B5C5B     8D1C01         lea ebx,dword ptr ds:[ecx+eax]
005B5C5E     3BDA           cmp ebx,edx
005B5C60     0F87 A6000000  ja ElementC.005B5D0C
005B5C66     8BD9           mov ebx,ecx
005B5C68     8BD0           mov edx,eax
005B5C6A     2BDF           sub ebx,edi
005B5C6C     83FB 03        cmp ebx,3
005B5C6F     7E 23          jle short ElementC.005B5C94
005B5C71     83F8 03        cmp eax,3
005B5C74     76 1E          jbe short ElementC.005B5C94
005B5C76     8BD8           mov ebx,eax
005B5C78     C1EB 02        shr ebx,2
005B5C7B     895D F8        mov dword ptr ss:[ebp-8],ebx
005B5C7E     8B1F           mov ebx,dword ptr ds:[edi]
005B5C80     83C7 04        add edi,4
005B5C83     8919           mov dword ptr ds:[ecx],ebx
005B5C85     8B5D F8        mov ebx,dword ptr ss:[ebp-8]
005B5C88     83C1 04        add ecx,4
005B5C8B     83EA 04        sub edx,4
005B5C8E     4B             dec ebx
005B5C8F     895D F8        mov dword ptr ss:[ebp-8],ebx
005B5C92   ^ 75 EA          jnz short ElementC.005B5C7E
005B5C94     8BDA           mov ebx,edx
005B5C96     4A             dec edx
005B5C97     85DB           test ebx,ebx
005B5C99     74 0A          je short ElementC.005B5CA5
005B5C9B     42             inc edx
005B5C9C     8A1F           mov bl,byte ptr ds:[edi]
005B5C9E     8819           mov byte ptr ds:[ecx],bl
005B5CA0     41             inc ecx
005B5CA1     47             inc edi
005B5CA2     4A             dec edx
005B5CA3   ^ 75 F7          jnz short ElementC.005B5C9C
005B5CA5     0186 00200000  add dword ptr ds:[esi+2000],eax
005B5CAB     8B8E 10200000  mov ecx,dword ptr ds:[esi+2010]
005B5CB1     8B86 0C200000  mov eax,dword ptr ds:[esi+200C]
005B5CB7     3BC8           cmp ecx,eax
005B5CB9     76 51          jbe short ElementC.005B5D0C
005B5CBB   ^ E9 F6F9FFFF    jmp ElementC.005B56B6
005B5CC0     8B8E 08200000  mov ecx,dword ptr ds:[esi+2008]
005B5CC6     8B96 18200000  mov edx,dword ptr ds:[esi+2018]
005B5CCC     898E 04200000  mov dword ptr ds:[esi+2004],ecx
005B5CD2     8996 14200000  mov dword ptr ds:[esi+2014],edx
005B5CD8     EB 32          jmp short ElementC.005B5D0C
005B5CDA     8B86 08200000  mov eax,dword ptr ds:[esi+2008]
005B5CE0     8B8E 18200000  mov ecx,dword ptr ds:[esi+2018]
005B5CE6     8986 04200000  mov dword ptr ds:[esi+2004],eax
005B5CEC     898E 14200000  mov dword ptr ds:[esi+2014],ecx
005B5CF2     EB 18          jmp short ElementC.005B5D0C
005B5CF4     8B96 08200000  mov edx,dword ptr ds:[esi+2008]
005B5CFA     8B86 18200000  mov eax,dword ptr ds:[esi+2018]
005B5D00     8996 04200000  mov dword ptr ds:[esi+2004],edx
005B5D06     8986 14200000  mov dword ptr ds:[esi+2014],eax
005B5D0C     8BBE 00200000  mov edi,dword ptr ds:[esi+2000]
005B5D12     8B4D FC        mov ecx,dword ptr ss:[ebp-4]
005B5D15     2BF9           sub edi,ecx
005B5D17     8B4D 08        mov ecx,dword ptr ss:[ebp+8]
005B5D1A     8B51 08        mov edx,dword ptr ds:[ecx+8]
005B5D1D     8B41 04        mov eax,dword ptr ds:[ecx+4]
005B5D20     8955 F8        mov dword ptr ss:[ebp-8],edx
005B5D23     8BDA           mov ebx,edx
005B5D25     2BD0           sub edx,eax
005B5D27     2BD8           sub ebx,eax
005B5D29     03D7           add edx,edi
005B5D2B     52             push edx
005B5D2C     E8 4FA4E6FF    call ElementC.00420180
005B5D31     8B45 F8        mov eax,dword ptr ss:[ebp-8]
005B5D34     85C0           test eax,eax
005B5D36     74 32          je short ElementC.005B5D6A
005B5D38     8B45 08        mov eax,dword ptr ss:[ebp+8]
005B5D3B     8B48 04        mov ecx,dword ptr ds:[eax+4]
005B5D3E     03D9           add ebx,ecx
005B5D40     8B48 08        mov ecx,dword ptr ds:[eax+8]
005B5D43     2BCB           sub ecx,ebx
005B5D45     51             push ecx
005B5D46     8D143B         lea edx,dword ptr ds:[ebx+edi]
005B5D49     53             push ebx
005B5D4A     52             push edx
005B5D4B     FF15 9CE39500  call dword ptr ds:[<&MSVCRT.memmove>]                ; MSVCRT.memmove
005B5D51     8B45 FC        mov eax,dword ptr ss:[ebp-4]
005B5D54     57             push edi
005B5D55     50             push eax
005B5D56     53             push ebx
005B5D57     FF15 9CE39500  call dword ptr ds:[<&MSVCRT.memmove>]                ; MSVCRT.memmove
005B5D5D     8B45 08        mov eax,dword ptr ss:[ebp+8]
005B5D60     83C4 18        add esp,18
005B5D63     8BD8           mov ebx,eax
005B5D65     0178 08        add dword ptr ds:[eax+8],edi
005B5D68     EB 1D          jmp short ElementC.005B5D87
005B5D6A     8B5D 08        mov ebx,dword ptr ss:[ebp+8]
005B5D6D     8B4D FC        mov ecx,dword ptr ss:[ebp-4]
005B5D70     57             push edi
005B5D71     51             push ecx
005B5D72     8B53 04        mov edx,dword ptr ds:[ebx+4]
005B5D75     52             push edx
005B5D76     FF15 9CE39500  call dword ptr ds:[<&MSVCRT.memmove>]                ; MSVCRT.memmove
005B5D7C     8B43 04        mov eax,dword ptr ds:[ebx+4]
005B5D7F     83C4 0C        add esp,0C
005B5D82     03F8           add edi,eax
005B5D84     897B 08        mov dword ptr ds:[ebx+8],edi
005B5D87     8BBE 20200000  mov edi,dword ptr ds:[esi+2020]
005B5D8D     8BB6 14200000  mov esi,dword ptr ds:[esi+2014]
005B5D93     3BFE           cmp edi,esi
005B5D95     74 2A          je short ElementC.005B5DC1
005B5D97     8B5D F4        mov ebx,dword ptr ss:[ebp-C]
005B5D9A     8B43 08        mov eax,dword ptr ds:[ebx+8]
005B5D9D     2BC6           sub eax,esi
005B5D9F     50             push eax
005B5DA0     56             push esi
005B5DA1     57             push edi
005B5DA2     FF15 9CE39500  call dword ptr ds:[<&MSVCRT.memmove>]                ; MSVCRT.memmove
005B5DA8     8B43 08        mov eax,dword ptr ds:[ebx+8]
005B5DAB     83C4 0C        add esp,0C
005B5DAE     2BFE           sub edi,esi
005B5DB0     03C7           add eax,edi
005B5DB2     5F             pop edi
005B5DB3     8943 08        mov dword ptr ds:[ebx+8],eax
005B5DB6     8B45 08        mov eax,dword ptr ss:[ebp+8]
005B5DB9     5E             pop esi
005B5DBA     5B             pop ebx
005B5DBB     8BE5           mov esp,ebp
005B5DBD     5D             pop ebp
[课程]Linux pwn 探索篇！
收藏・0
免费・0
支持
最新回复 (3)
maikkk 雪币： 215 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 8 回帖 32 粉丝 0 关注私信	maikkk 2 楼好长头大,不过给个建议你.拷贝加密后数据前面几个字节,一般是加密数据的特征,用google搜索下可以找到大概是什么算法 2009-9-7 13:09 0
SFQin 雪币： 22 活跃值： (74) 能力值： ( LV2，RANK：10 ) 在线值：发帖 36 回帖 154 粉丝 0 关注私信	SFQin 3 楼谢谢你的建议，不过对这个算法这种方法不行，它的数据没有什么特征。 2009-9-7 13:33 0
xwtwho 雪币： 2791 活跃值： (6509) 能力值： ( LV13，RANK：409 ) 在线值：发帖 15 回帖 109 粉丝 217 关注私信	xwtwho 1 4 楼诛仙 d 2009-9-23 21:51 0
	游客登录 \| 注册方可回帖回帖表情雪币赚取及消费高级回复
SFQin
发帖
154
回帖
RANK
关注
私信
他的文章
win32程序设置成开机启动，无法打开文件 2668
关于我们
联系我们
企业服务
看雪公众号
最新回复 (3)
maikkk 雪币： 215 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 8 回帖 32 粉丝 0 关注私信	maikkk 2 楼好长头大,不过给个建议你.拷贝加密后数据前面几个字节,一般是加密数据的特征,用google搜索下可以找到大概是什么算法 2009-9-7 13:09 0
SFQin 雪币： 22 活跃值： (74) 能力值： ( LV2，RANK：10 ) 在线值：发帖 36 回帖 154 粉丝 0 关注私信	SFQin 3 楼谢谢你的建议，不过对这个算法这种方法不行，它的数据没有什么特征。 2009-9-7 13:33 0
xwtwho 雪币： 2791 活跃值： (6509) 能力值： ( LV13，RANK：409 ) 在线值：发帖 15 回帖 109 粉丝 217 关注私信	xwtwho 1 4 楼诛仙 d 2009-9-23 21:51 0
	游客登录 \| 注册方可回帖回帖表情雪币赚取及消费高级回复