zoukankan      html  css  js  c++  java

  • 基于DES加密的服务端分析

    此程序建立了一个TCP服务端,端口号为10010,之后accept等待连接,如果接受到连接,那么就发送一些欢迎信息,以及提示信息---发送quit退出.

    之后不停地调用recv,如果接受到数据,那么判断是否为quit,是则退出,否则进入401e00对接收到的数据进行加密

    ,之后把加密后的数据发送回客户端:

     

    之后跳回recv等待.

    加密过程401e00抠出,如下:

    ;第一步 抠出加密函数
.586
.model flat,stdcall 
                     
                     
option casemap:none

   include msvcrt.inc       ; 
   include windows.inc      ;
   include kernel32.inc     ; 
   ;
   includelib msvcrt.lib
   includelib KERNEL32.LIB

.data

   format db "%s",0
   string db "1234567890",0
   
   ecode  db 041h, 00eh, 097h, 0a3h, 02bh, 05ah, 0b7h, 06dh, 039h, 030h, 036h

   
   src  db 100 dup(1)
   buf  db 100 dup(0)
   
   var_98C         dd 000000000h
   var_988      dd 000000000h
   var_984      dd 000000002h
   
    var_980 dd 000802001h, 000002081h, 000002081h, 000000080h, 000802080h, 000800081h, 000800001h, 000002001h, 000000000h, 000802000h, 000802000h, 000802081h, 000000081h, 000000000h, 000800080h, 000800001h
        dd 000000001h, 000002000h, 000800000h, 000802001h, 000000080h, 000800000h, 000002001h, 000002080h, 000800081h, 000000001h, 000002080h, 000800080h, 000002000h, 000802080h, 000802081h, 000000081h
        dd 000800080h, 000800001h, 000802000h, 000802081h, 000000081h, 000000000h, 000000000h, 000802000h, 000002080h, 000800080h, 000800081h, 000000001h, 000802001h, 000002081h, 000002081h, 000000080h
        dd 000802081h, 000000081h, 000000001h, 000002000h, 000800001h, 000002001h, 000802080h, 000800081h, 000002001h, 000002080h, 000800000h, 000802001h, 000000080h, 000800000h, 000002000h, 000802080h
    var_880 dd 080108020h, 080008000h, 000008000h, 000108020h, 000100000h, 000000020h, 080100020h, 080008020h, 080000020h, 080108020h, 080108000h, 080000000h, 080008000h, 000100000h, 000000020h, 080100020h
        dd 000108000h, 000100020h, 080008020h, 000000000h, 080000000h, 000008000h, 000108020h, 080100000h, 000100020h, 080000020h, 000000000h, 000108000h, 000008020h, 080108000h, 080100000h, 000008020h
        dd 000000000h, 000108020h, 080100020h, 000100000h, 080008020h, 080100000h, 080108000h, 000008000h, 080100000h, 080008000h, 000000020h, 080108020h, 000108020h, 000000020h, 000008000h, 080000000h
        dd 000008020h, 080108000h, 000100000h, 080000020h, 000100020h, 080008020h, 080000020h, 000100020h, 000108000h, 000000000h, 080008000h, 000008020h, 080000000h, 080100020h, 080108020h, 000108000h
    var_780 dd 001010400h, 000000000h, 000010000h, 001010404h, 001010004h, 000010404h, 000000004h, 000010000h, 000000400h, 001010400h, 001010404h, 000000400h, 001000404h, 001010004h, 001000000h, 000000004h
        dd 000000404h, 001000400h, 001000400h, 000010400h, 000010400h, 001010000h, 001010000h, 001000404h, 000010004h, 001000004h, 001000004h, 000010004h, 000000000h, 000000404h, 000010404h, 001000000h
        dd 000010000h, 001010404h, 000000004h, 001010000h, 001010400h, 001000000h, 001000000h, 000000400h, 001010004h, 000010000h, 000010400h, 001000004h, 000000400h, 000000004h, 001000404h, 000010404h
        dd 001010404h, 000010004h, 001010000h, 001000404h, 001000004h, 000000404h, 000010404h, 001010400h, 000000404h, 001000400h, 001000400h, 000000000h, 000010004h, 000010400h, 000000000h, 001010004h
    var_680 dd 020000010h, 020400000h, 000004000h, 020404010h, 020400000h, 000000010h, 020404010h, 000400000h, 020004000h, 000404010h, 000400000h, 020000010h, 000400010h, 020004000h, 020000000h, 000004010h
        dd 000000000h, 000400010h, 020004010h, 000004000h, 000404000h, 020004010h, 000000010h, 020400010h, 020400010h, 000000000h, 000404010h, 020404000h, 000004010h, 000404000h, 020404000h, 020000000h
        dd 020004000h, 000000010h, 020400010h, 000404000h, 020404010h, 000400000h, 000004010h, 020000010h, 000400000h, 020004000h, 020000000h, 000004010h, 020000010h, 020404010h, 000404000h, 020400000h
        dd 000404010h, 020404000h, 000000000h, 020400010h, 000000010h, 000004000h, 020400000h, 000404010h, 000004000h, 000400010h, 020004010h, 000000000h, 020404000h, 020000000h, 000400010h, 020004010h
    var_580 dd 010001040h, 000001000h, 000040000h, 010041040h, 010000000h, 010001040h, 000000040h, 010000000h, 000040040h, 010040000h, 010041040h, 000041000h, 010041000h, 000041040h, 000001000h, 000000040h
        dd 010040000h, 010000040h, 010001000h, 000001040h, 000041000h, 000040040h, 010040040h, 010041000h, 000001040h, 000000000h, 000000000h, 010040040h, 010000040h, 010001000h, 000041040h, 000040000h
        dd 000041040h, 000040000h, 010041000h, 000001000h, 000000040h, 010040040h, 000001000h, 000041040h, 010001000h, 000000040h, 010000040h, 010040000h, 010040040h, 010000000h, 000040000h, 010001040h
        dd 000000000h, 010041040h, 000040040h, 010000040h, 010040000h, 010001000h, 010001040h, 000000000h, 010041040h, 000041000h, 000041000h, 000001040h, 000001040h, 000040040h, 010000000h, 010041000h
    var_480    dd 000000100h, 002080100h, 002080000h, 042000100h, 000080000h, 000000100h, 040000000h, 002080000h, 040080100h, 000080000h, 002000100h, 040080100h, 042000100h, 042080000h, 000080100h, 040000000h
        dd 002000000h, 040080000h, 040080000h, 000000000h, 040000100h, 042080100h, 042080100h, 002000100h, 042080000h, 040000100h, 000000000h, 042000000h, 002080100h, 002000000h, 042000000h, 000080100h
        dd 000080000h, 042000100h, 000000100h, 002000000h, 040000000h, 002080000h, 042000100h, 040080100h, 002000100h, 040000000h, 042080000h, 002080100h, 040080100h, 000000100h, 002000000h, 042080000h
        dd 042080100h, 000080100h, 042000000h, 042080100h, 002080000h, 000000000h, 040080000h, 042000000h, 000080100h, 002000100h, 040000100h, 000080000h, 000000000h, 040080000h, 002080100h, 040000100h
    var_380 dd 000200000h, 004200002h, 004000802h, 000000000h, 000000800h, 004000802h, 000200802h, 004200800h, 004200802h, 000200000h, 000000000h, 004000002h, 000000002h, 004000000h, 004200002h, 000000802h
        dd 004000800h, 000200802h, 000200002h, 004000800h, 004000002h, 004200000h, 004200800h, 000200002h, 004200000h, 000000800h, 000000802h, 004200802h, 000200800h, 000000002h, 004000000h, 000200800h
        dd 004000000h, 000200800h, 000200000h, 004000802h, 004000802h, 004200002h, 004200002h, 000000002h, 000200002h, 004000000h, 004000800h, 000200000h, 004200800h, 000000802h, 000200802h, 004200800h
        dd 000000802h, 004000002h, 004200802h, 004200000h, 000200800h, 000000000h, 000000002h, 004200802h, 000000000h, 000200802h, 004200000h, 000000800h, 004000002h, 004000800h, 000000800h, 000200002h
    var_280 dd 000000208h, 008020200h, 000000000h, 008020008h, 008000200h, 000000000h, 000020208h, 008000200h, 000020008h, 008000008h, 008000008h, 000020000h, 008020208h, 000020008h, 008020000h, 000000208h
        dd 008000000h, 000000008h, 008020200h, 000000200h, 000020200h, 008020000h, 008020008h, 000020208h, 008000208h, 000020200h, 000020000h, 008000208h, 000000008h, 008020208h, 000000200h, 008000000h
        dd 008020200h, 008000000h, 000020008h, 000000208h, 000020000h, 008020200h, 008000200h, 000000000h, 000000200h, 000020008h, 008020208h, 008000200h, 008000008h, 000000200h, 000000000h, 008020008h
        dd 008000208h, 000020000h, 008000000h, 008020208h, 000000008h, 000020208h, 000020200h, 008000008h, 008020000h, 008000208h, 000000208h, 008020000h, 000020208h, 000000008h, 008020008h, 000020200h
    Dst dd 002002608h
    var_17C dd 010200e3ah, 000242327h, 004000431h, 000042834h, 020002b26h, 000241613h, 00008003fh, 001203811h, 020001f00h, 00020340eh, 020093015h, 005000b0ch, 02008030eh, 001000525h, 0000d3c13h
        dd 020103f04h, 008001a21h, 000100e3ah, 003000816h, 020181107h, 001002b30h, 020002432h, 00300330bh, 020081c0dh, 00220052dh, 002082910h, 002002413h, 000081a25h, 00030321ch, 000001d29h, 00402090ah
        dd 000000000h, 000000000h, 000000000h, 000000000h, 000000000h, 000000000h, 000000000h, 000000000h, 000000000h, 000000000h, 000000000h, 000000000h, 000000000h, 000000000h, 000000000h, 000000000h
        dd 000000000h, 000000000h, 000000000h, 000000000h, 000000000h, 000000000h, 000000000h, 000000000h, 000000000h, 000000000h, 000000000h, 000000000h, 000000000h, 000000000h, 000000000h, 000000000h
        dd 000000000h, 000000000h, 000000000h, 000000000h, 000000000h, 000000000h, 000000000h, 000000000h, 000000000h, 000000000h, 000000000h, 000000000h, 000000000h, 000000000h, 000000000h, 000000000h
        dd 000000000h, 000000000h, 000000000h, 000000000h, 000000000h, 000000000h, 000000000h, 000000000h, 000000000h, 000000000h, 000000000h, 000000000h, 000000000h, 000000000h, 000000000h, 000000000h
   
.code

GetXor proc
    
    
    retn

GetXor endp

Ecode proc ;arg_0:dword,len:dword
  push ebp
  mov  ebp,esp
   pushad
                xor     esi,esi
                mov     ebx,[ebp+0ch]
                shr     ebx, 2          ; ebx = 数据长度
                add     esp, 10h
                xor     edi, edi
                mov     [var_984], ebx
                cmp     ebx, esi
                jbe     loc_40332F
                lea     esp, [esp+0]
                
                mov     esi, [ebp+8]

loc_403100:                             ; CODE XREF: sub_401E00+1529j
                mov     edx, [ebp+8]
                mov     eax, [edx+edi*4]
                mov     edx, [edx+edi*4+4]
                mov     ecx, eax
                mov     ebx, eax
                shr     ebx, 10h
                and     ecx, 0FF0000h
                or      ecx, ebx
                mov     ebx, eax
                and     eax, 0FF00h
                shl     ebx, 10h
                or      ebx, eax
                mov     eax, edx
                shl     ebx, 8
                shr     ecx, 8
                or      ecx, ebx
                mov     ebx, edx
                and     eax, 0FF0000h
                shr     ebx, 10h
                or      eax, ebx
                mov     ebx, edx
                and     edx, 0FF00h
                shl     ebx, 10h
                or      ebx, edx
                shr     eax, 8
                shl     ebx, 8
                or      eax, ebx
                mov     edx, ecx
                shr     edx, 4
                xor     edx, eax
                and     edx, 0F0F0F0Fh
                xor     eax, edx
                shl     edx, 4
                xor     ecx, edx
                mov     edx, ecx
                shr     edx, 10h
                xor     edx, eax
                and     edx, 0FFFFh
                xor     eax, edx
                shl     edx, 10h
                xor     ecx, edx
                mov     edx, eax
                shr     edx, 2
                xor     edx, ecx
                and     edx, 33333333h
                xor     ecx, edx
                add     edx, edx
                add     edx, edx
                xor     eax, edx
                mov     edx, eax
                shr     edx, 8
                xor     edx, ecx
                and     edx, 0FF00FFh
                xor     ecx, edx
                shl     edx, 8
                xor     eax, edx
                mov     edx, ecx
                shr     edx, 1
                xor     edx, eax
                and     edx, 55555555h
                lea     ebx, [edx+edx]
                xor     ebx, ecx
                xor     eax, edx
                rol     ebx, 1
                rol     eax, 1
                xor     ebp, ebp             
                mov     [var_98C], ebp
                mov     ecx, eax

loc_4031C4:                             ; CODE XREF: sub_401E00+145Cj
                mov     eax, [ebp*4+Dst]
                xor     eax, ecx
                mov     edx, ecx
                ror     edx, 4
                xor     edx, [ebp*4+var_17C]
                mov     [var_988], ebx
                mov     ebx, ecx
                mov     ecx, eax
                shr     ecx, 8
                and     ecx, 3Fh
                mov     ecx, [ecx*4+var_680]
                mov     ebp, edx
                shr     ebp, 8
                and     ebp, 3Fh
                or      ecx, [ebp*4+var_480]
                mov     ebp, eax
                shr     ebp, 10h
                and     ebp, 3Fh
                or      ecx, [ebp*4+var_980]
                mov     ebp, edx
                shr     ebp, 10h
                and     ebp, 3Fh
                or      ecx, [ebp*4+var_280]
                mov     ebp, eax
                shr     ebp, 18h
                and     ebp, 3Fh
                or      ecx, [ebp*4+var_880]
                mov     ebp, edx
                shr     ebp, 18h
                and     ebp, 3Fh
                or      ecx, [ebp*4+var_780]
                mov     ebp, [var_98C]
                and     eax, 3Fh
                or      ecx, [eax*4+var_580]
                and     edx, 3Fh
                or      ecx, [edx*4+var_380]
                add     ebp, 2
                xor     ecx, [var_988]
                mov     [var_98C], ebp
                cmp     ebp, 20h
                jnz     loc_4031C4
                ror     ecx, 1
                ror     ebx, 1
                mov     edx, ecx
                shr     edx, 1
                mov     eax, ebx
                xor     edx, eax
                and     edx, 55555555h
                xor     eax, edx
                add     edx, edx
                xor     ecx, edx
                mov     edx, eax
                shr     edx, 8
                xor     edx, ecx
                and     edx, 0FF00FFh
                xor     ecx, edx
                shl     edx, 8
                xor     eax, edx
                mov     edx, eax
                shr     edx, 2
                xor     edx, ecx
                and     edx, 33333333h
                xor     ecx, edx
                add     edx, edx
                add     edx, edx
                xor     eax, edx
                mov     edx, ecx
                shr     edx, 10h
                xor     edx, eax
                and     edx, 0FFFFh
                xor     eax, edx
                shl     edx, 10h
                xor     ecx, edx
                mov     ebx, ecx
                shr     ebx, 4
                xor     ebx, eax
                and     ebx, 0F0F0F0Fh
                mov     edx, ebx
                shl     edx, 4
                xor     edx, ecx
                mov     ebp, edx
                mov     ecx, edx
                shr     ecx, 10h
                and     ebp, 0FF0000h
                or      ebp, ecx
                mov     ecx, edx
                xor     eax, ebx
                and     edx, 0FF00h
                shl     ecx, 10h
                or      ecx, edx
                mov     edx, eax
                and     edx, 0FF0000h
                mov     ebx, eax
                shr     ebx, 10h
                or      edx, ebx
                mov     ebx, eax
                shl     ebx, 10h
                and     eax, 0FF00h
                shl     ecx, 8
                or      ebx, eax
                shr     ebp, 8
                or      ebp, ecx
                mov     ecx, esi
                shr     edx, 8
                shl     ebx, 8
                or      edx, ebx
                mov     [ecx+edi*4], ebp
                mov     [ecx+edi*4+4], edx
                add     edi, 2
                cmp     edi, [var_984]
                jb      loc_403100
loc_40332F: 
    popad 
    sub esp,10h
    pop ebp
    ret 8

Ecode endp

main:        ;for test

    push 0ah
    push offset string
    call Ecode
    

    ret


end main
    ;第二步 化解加密函数
.586
.model flat,stdcall 
                     
                     
option casemap:none

   include msvcrt.inc       ; 
   include windows.inc      ;
   include kernel32.inc     ; 
   ;
   includelib msvcrt.lib
   includelib KERNEL32.LIB

.data

   format db "%s",0
   string db "1234567890",0
   
   ecode  db 041h, 00eh, 097h, 0a3h, 02bh, 05ah, 0b7h, 06dh, 039h, 030h, 036h

   
   src  db 100 dup(1)
   buf  db 100 dup(0)
   
   var_98C         dd 000000000h
   var_988      dd 000000000h
   var_984      dd 000000002h
   
    var_980 dd 000802001h, 000002081h, 000002081h, 000000080h, 000802080h, 000800081h, 000800001h, 000002001h, 000000000h, 000802000h, 000802000h, 000802081h, 000000081h, 000000000h, 000800080h, 000800001h
        dd 000000001h, 000002000h, 000800000h, 000802001h, 000000080h, 000800000h, 000002001h, 000002080h, 000800081h, 000000001h, 000002080h, 000800080h, 000002000h, 000802080h, 000802081h, 000000081h
        dd 000800080h, 000800001h, 000802000h, 000802081h, 000000081h, 000000000h, 000000000h, 000802000h, 000002080h, 000800080h, 000800081h, 000000001h, 000802001h, 000002081h, 000002081h, 000000080h
        dd 000802081h, 000000081h, 000000001h, 000002000h, 000800001h, 000002001h, 000802080h, 000800081h, 000002001h, 000002080h, 000800000h, 000802001h, 000000080h, 000800000h, 000002000h, 000802080h
    var_880 dd 080108020h, 080008000h, 000008000h, 000108020h, 000100000h, 000000020h, 080100020h, 080008020h, 080000020h, 080108020h, 080108000h, 080000000h, 080008000h, 000100000h, 000000020h, 080100020h
        dd 000108000h, 000100020h, 080008020h, 000000000h, 080000000h, 000008000h, 000108020h, 080100000h, 000100020h, 080000020h, 000000000h, 000108000h, 000008020h, 080108000h, 080100000h, 000008020h
        dd 000000000h, 000108020h, 080100020h, 000100000h, 080008020h, 080100000h, 080108000h, 000008000h, 080100000h, 080008000h, 000000020h, 080108020h, 000108020h, 000000020h, 000008000h, 080000000h
        dd 000008020h, 080108000h, 000100000h, 080000020h, 000100020h, 080008020h, 080000020h, 000100020h, 000108000h, 000000000h, 080008000h, 000008020h, 080000000h, 080100020h, 080108020h, 000108000h
    var_780 dd 001010400h, 000000000h, 000010000h, 001010404h, 001010004h, 000010404h, 000000004h, 000010000h, 000000400h, 001010400h, 001010404h, 000000400h, 001000404h, 001010004h, 001000000h, 000000004h
        dd 000000404h, 001000400h, 001000400h, 000010400h, 000010400h, 001010000h, 001010000h, 001000404h, 000010004h, 001000004h, 001000004h, 000010004h, 000000000h, 000000404h, 000010404h, 001000000h
        dd 000010000h, 001010404h, 000000004h, 001010000h, 001010400h, 001000000h, 001000000h, 000000400h, 001010004h, 000010000h, 000010400h, 001000004h, 000000400h, 000000004h, 001000404h, 000010404h
        dd 001010404h, 000010004h, 001010000h, 001000404h, 001000004h, 000000404h, 000010404h, 001010400h, 000000404h, 001000400h, 001000400h, 000000000h, 000010004h, 000010400h, 000000000h, 001010004h
    var_680 dd 020000010h, 020400000h, 000004000h, 020404010h, 020400000h, 000000010h, 020404010h, 000400000h, 020004000h, 000404010h, 000400000h, 020000010h, 000400010h, 020004000h, 020000000h, 000004010h
        dd 000000000h, 000400010h, 020004010h, 000004000h, 000404000h, 020004010h, 000000010h, 020400010h, 020400010h, 000000000h, 000404010h, 020404000h, 000004010h, 000404000h, 020404000h, 020000000h
        dd 020004000h, 000000010h, 020400010h, 000404000h, 020404010h, 000400000h, 000004010h, 020000010h, 000400000h, 020004000h, 020000000h, 000004010h, 020000010h, 020404010h, 000404000h, 020400000h
        dd 000404010h, 020404000h, 000000000h, 020400010h, 000000010h, 000004000h, 020400000h, 000404010h, 000004000h, 000400010h, 020004010h, 000000000h, 020404000h, 020000000h, 000400010h, 020004010h
    var_580 dd 010001040h, 000001000h, 000040000h, 010041040h, 010000000h, 010001040h, 000000040h, 010000000h, 000040040h, 010040000h, 010041040h, 000041000h, 010041000h, 000041040h, 000001000h, 000000040h
        dd 010040000h, 010000040h, 010001000h, 000001040h, 000041000h, 000040040h, 010040040h, 010041000h, 000001040h, 000000000h, 000000000h, 010040040h, 010000040h, 010001000h, 000041040h, 000040000h
        dd 000041040h, 000040000h, 010041000h, 000001000h, 000000040h, 010040040h, 000001000h, 000041040h, 010001000h, 000000040h, 010000040h, 010040000h, 010040040h, 010000000h, 000040000h, 010001040h
        dd 000000000h, 010041040h, 000040040h, 010000040h, 010040000h, 010001000h, 010001040h, 000000000h, 010041040h, 000041000h, 000041000h, 000001040h, 000001040h, 000040040h, 010000000h, 010041000h
    var_480    dd 000000100h, 002080100h, 002080000h, 042000100h, 000080000h, 000000100h, 040000000h, 002080000h, 040080100h, 000080000h, 002000100h, 040080100h, 042000100h, 042080000h, 000080100h, 040000000h
        dd 002000000h, 040080000h, 040080000h, 000000000h, 040000100h, 042080100h, 042080100h, 002000100h, 042080000h, 040000100h, 000000000h, 042000000h, 002080100h, 002000000h, 042000000h, 000080100h
        dd 000080000h, 042000100h, 000000100h, 002000000h, 040000000h, 002080000h, 042000100h, 040080100h, 002000100h, 040000000h, 042080000h, 002080100h, 040080100h, 000000100h, 002000000h, 042080000h
        dd 042080100h, 000080100h, 042000000h, 042080100h, 002080000h, 000000000h, 040080000h, 042000000h, 000080100h, 002000100h, 040000100h, 000080000h, 000000000h, 040080000h, 002080100h, 040000100h
    var_380 dd 000200000h, 004200002h, 004000802h, 000000000h, 000000800h, 004000802h, 000200802h, 004200800h, 004200802h, 000200000h, 000000000h, 004000002h, 000000002h, 004000000h, 004200002h, 000000802h
        dd 004000800h, 000200802h, 000200002h, 004000800h, 004000002h, 004200000h, 004200800h, 000200002h, 004200000h, 000000800h, 000000802h, 004200802h, 000200800h, 000000002h, 004000000h, 000200800h
        dd 004000000h, 000200800h, 000200000h, 004000802h, 004000802h, 004200002h, 004200002h, 000000002h, 000200002h, 004000000h, 004000800h, 000200000h, 004200800h, 000000802h, 000200802h, 004200800h
        dd 000000802h, 004000002h, 004200802h, 004200000h, 000200800h, 000000000h, 000000002h, 004200802h, 000000000h, 000200802h, 004200000h, 000000800h, 004000002h, 004000800h, 000000800h, 000200002h
    var_280 dd 000000208h, 008020200h, 000000000h, 008020008h, 008000200h, 000000000h, 000020208h, 008000200h, 000020008h, 008000008h, 008000008h, 000020000h, 008020208h, 000020008h, 008020000h, 000000208h
        dd 008000000h, 000000008h, 008020200h, 000000200h, 000020200h, 008020000h, 008020008h, 000020208h, 008000208h, 000020200h, 000020000h, 008000208h, 000000008h, 008020208h, 000000200h, 008000000h
        dd 008020200h, 008000000h, 000020008h, 000000208h, 000020000h, 008020200h, 008000200h, 000000000h, 000000200h, 000020008h, 008020208h, 008000200h, 008000008h, 000000200h, 000000000h, 008020008h
        dd 008000208h, 000020000h, 008000000h, 008020208h, 000000008h, 000020208h, 000020200h, 008000008h, 008020000h, 008000208h, 000000208h, 008020000h, 000020208h, 000000008h, 008020008h, 000020200h
    Dst dd 002002608h
    var_17C dd 010200e3ah, 000242327h, 004000431h, 000042834h, 020002b26h, 000241613h, 00008003fh, 001203811h, 020001f00h, 00020340eh, 020093015h, 005000b0ch, 02008030eh, 001000525h, 0000d3c13h
        dd 020103f04h, 008001a21h, 000100e3ah, 003000816h, 020181107h, 001002b30h, 020002432h, 00300330bh, 020081c0dh, 00220052dh, 002082910h, 002002413h, 000081a25h, 00030321ch, 000001d29h, 00402090ah
        dd 000000000h, 000000000h, 000000000h, 000000000h, 000000000h, 000000000h, 000000000h, 000000000h, 000000000h, 000000000h, 000000000h, 000000000h, 000000000h, 000000000h, 000000000h, 000000000h
        dd 000000000h, 000000000h, 000000000h, 000000000h, 000000000h, 000000000h, 000000000h, 000000000h, 000000000h, 000000000h, 000000000h, 000000000h, 000000000h, 000000000h, 000000000h, 000000000h
        dd 000000000h, 000000000h, 000000000h, 000000000h, 000000000h, 000000000h, 000000000h, 000000000h, 000000000h, 000000000h, 000000000h, 000000000h, 000000000h, 000000000h, 000000000h, 000000000h
        dd 000000000h, 000000000h, 000000000h, 000000000h, 000000000h, 000000000h, 000000000h, 000000000h, 000000000h, 000000000h, 000000000h, 000000000h, 000000000h, 000000000h, 000000000h, 000000000h
   
.code

InitXor proc near
    push ebp
    mov ebp,esp
    mov     edx, [ebp+8]
                mov     eax, [edx+edi*4]
                mov     edx, [edx+edi*4+4]
                mov     ecx, eax
                mov     ebx, eax
                shr     ebx, 10h
                and     ecx, 0FF0000h
                or      ecx, ebx
                mov     ebx, eax
                and     eax, 0FF00h
                shl     ebx, 10h
                or      ebx, eax
                mov     eax, edx
                shl     ebx, 8
                shr     ecx, 8
                or      ecx, ebx
                mov     ebx, edx
                and     eax, 0FF0000h
                shr     ebx, 10h
                or      eax, ebx
                mov     ebx, edx
                and     edx, 0FF00h
                shl     ebx, 10h
                or      ebx, edx
                shr     eax, 8
                shl     ebx, 8
                or      eax, ebx
                mov     edx, ecx
                shr     edx, 4
                xor     edx, eax
                and     edx, 0F0F0F0Fh
                xor     eax, edx
                shl     edx, 4
                xor     ecx, edx
                mov     edx, ecx
                shr     edx, 10h
                xor     edx, eax
                and     edx, 0FFFFh
                xor     eax, edx
                shl     edx, 10h
                xor     ecx, edx
                mov     edx, eax
                shr     edx, 2
                xor     edx, ecx
                and     edx, 33333333h
                xor     ecx, edx
                add     edx, edx
                add     edx, edx
                xor     eax, edx
                mov     edx, eax
                shr     edx, 8
                xor     edx, ecx
                and     edx, 0FF00FFh
                xor     ecx, edx
                shl     edx, 8
                xor     eax, edx
                mov     edx, ecx
                shr     edx, 1
                xor     edx, eax
                and     edx, 55555555h
                lea     ebx, [edx+edx]
                xor     ebx, ecx
                xor     eax, edx
                rol     ebx, 1
                rol     eax, 1
                pop ebp
    retn 4

InitXor endp


LoopXor proc near ; 操作 ebx,eax,返回 ebx,ecx
    
                xor     ebp, ebp             
                mov     [var_98C], ebp
                mov     ecx, eax

loc_4031C4:                             ; CODE XREF: sub_401E00+145Cj
                mov     eax, [ebp*4+Dst]
                xor     eax, ecx
                mov     edx, ecx
                ror     edx, 4
                xor     edx, [ebp*4+var_17C]
                mov     [var_988], ebx
                mov     ebx, ecx
                mov     ecx, eax
                shr     ecx, 8
                and     ecx, 3Fh
                mov     ecx, [ecx*4+var_680]
                mov     ebp, edx
                shr     ebp, 8
                and     ebp, 3Fh
                or      ecx, [ebp*4+var_480]
                mov     ebp, eax
                shr     ebp, 10h
                and     ebp, 3Fh
                or      ecx, [ebp*4+var_980]
                mov     ebp, edx
                shr     ebp, 10h
                and     ebp, 3Fh
                or      ecx, [ebp*4+var_280]
                mov     ebp, eax
                shr     ebp, 18h
                and     ebp, 3Fh
                or      ecx, [ebp*4+var_880]
                mov     ebp, edx
                shr     ebp, 18h
                and     ebp, 3Fh
                or      ecx, [ebp*4+var_780]
                mov     ebp, [var_98C]
                and     eax, 3Fh
                or      ecx, [eax*4+var_580]
                and     edx, 3Fh
                or      ecx, [edx*4+var_380]
                add     ebp, 2
                xor     ecx, [var_988]
                mov     [var_98C], ebp
                cmp     ebp, 20h
                jnz     loc_4031C4
    retn

LoopXor endp

ExitXor proc near
    
    ror     ecx, 1
                ror     ebx, 1
                mov     edx, ecx
                shr     edx, 1
                mov     eax, ebx
                xor     edx, eax
                and     edx, 55555555h
                xor     eax, edx
                add     edx, edx
                xor     ecx, edx
                mov     edx, eax
                shr     edx, 8
                xor     edx, ecx
                and     edx, 0FF00FFh
                xor     ecx, edx
                shl     edx, 8
                xor     eax, edx
                mov     edx, eax
                shr     edx, 2
                xor     edx, ecx
                and     edx, 33333333h
                xor     ecx, edx
                add     edx, edx
                add     edx, edx
                xor     eax, edx
                mov     edx, ecx
                shr     edx, 10h
                xor     edx, eax
                and     edx, 0FFFFh
                xor     eax, edx
                shl     edx, 10h
                xor     ecx, edx
                mov     ebx, ecx
                shr     ebx, 4
                xor     ebx, eax
                and     ebx, 0F0F0F0Fh
                mov     edx, ebx
                shl     edx, 4
                xor     edx, ecx
                mov     ebp, edx
                mov     ecx, edx
                shr     ecx, 10h
                and     ebp, 0FF0000h
                or      ebp, ecx
                mov     ecx, edx
                xor     eax, ebx
                and     edx, 0FF00h
                shl     ecx, 10h
                or      ecx, edx
                mov     edx, eax
                and     edx, 0FF0000h
                mov     ebx, eax
                shr     ebx, 10h
                or      edx, ebx
                mov     ebx, eax
                shl     ebx, 10h
                and     eax, 0FF00h
                shl     ecx, 8
                or      ebx, eax
                shr     ebp, 8
                or      ebp, ecx                
                shr     edx, 8
                shl     ebx, 8
                or      edx, ebx
    retn

ExitXor endp

Ecode proc ;arg_0:dword,len:dword
  push ebp
  mov  ebp,esp
   pushad

                xor     esi,esi
                mov     ebx,[ebp+0ch]
                shr     ebx, 2          ; ebx = 数据长度
                add     esp, 10h
                xor     edi, edi
                mov     [var_984], ebx
                cmp     ebx, esi
                jbe     loc_40332F
                lea     esp, [esp+0]
                
                mov     esi, [ebp+8]

loc_403100:                             ; CODE XREF: sub_401E00+1529j
                push    esi
                call    InitXor          ; 操作 eax,edx  返回 ebx,eax
                call    LoopXor          ; 操作 ebx,eax  返回 ebx,ecx 
                call    ExitXor          ; 操作 ebx,ecx  返回 ebp,edx
                mov     ecx, esi
                mov     [ecx+edi*4], ebp
                mov     [ecx+edi*4+4], edx
                add     edi, 2
                cmp     edi, [var_984]
                jb      loc_403100
loc_40332F: 
    popad 
    sub esp,10h
    pop ebp
    ret 8

Ecode endp
    ;第三步 根据加密函数写出解密函数
.586
.model flat,stdcall 
                     
                     
option casemap:none

   include msvcrt.inc       ; 
   include windows.inc      ;
   include kernel32.inc     ; 
   ;
   includelib msvcrt.lib
   includelib KERNEL32.LIB

.data

   format db "%s",0
   string db "1234567890",0
   
   ecode  db 041h, 00eh, 097h, 0a3h, 02bh, 05ah, 0b7h, 06dh, 039h, 030h, 036h

   
   src  db 100 dup(1)
   buf  db 100 dup(0)
   
   var_98C         dd 000000000h
   var_988      dd 000000000h
   var_984      dd 000000002h
   
    var_980 dd 000802001h, 000002081h, 000002081h, 000000080h, 000802080h, 000800081h, 000800001h, 000002001h, 000000000h, 000802000h, 000802000h, 000802081h, 000000081h, 000000000h, 000800080h, 000800001h
        dd 000000001h, 000002000h, 000800000h, 000802001h, 000000080h, 000800000h, 000002001h, 000002080h, 000800081h, 000000001h, 000002080h, 000800080h, 000002000h, 000802080h, 000802081h, 000000081h
        dd 000800080h, 000800001h, 000802000h, 000802081h, 000000081h, 000000000h, 000000000h, 000802000h, 000002080h, 000800080h, 000800081h, 000000001h, 000802001h, 000002081h, 000002081h, 000000080h
        dd 000802081h, 000000081h, 000000001h, 000002000h, 000800001h, 000002001h, 000802080h, 000800081h, 000002001h, 000002080h, 000800000h, 000802001h, 000000080h, 000800000h, 000002000h, 000802080h
    var_880 dd 080108020h, 080008000h, 000008000h, 000108020h, 000100000h, 000000020h, 080100020h, 080008020h, 080000020h, 080108020h, 080108000h, 080000000h, 080008000h, 000100000h, 000000020h, 080100020h
        dd 000108000h, 000100020h, 080008020h, 000000000h, 080000000h, 000008000h, 000108020h, 080100000h, 000100020h, 080000020h, 000000000h, 000108000h, 000008020h, 080108000h, 080100000h, 000008020h
        dd 000000000h, 000108020h, 080100020h, 000100000h, 080008020h, 080100000h, 080108000h, 000008000h, 080100000h, 080008000h, 000000020h, 080108020h, 000108020h, 000000020h, 000008000h, 080000000h
        dd 000008020h, 080108000h, 000100000h, 080000020h, 000100020h, 080008020h, 080000020h, 000100020h, 000108000h, 000000000h, 080008000h, 000008020h, 080000000h, 080100020h, 080108020h, 000108000h
    var_780 dd 001010400h, 000000000h, 000010000h, 001010404h, 001010004h, 000010404h, 000000004h, 000010000h, 000000400h, 001010400h, 001010404h, 000000400h, 001000404h, 001010004h, 001000000h, 000000004h
        dd 000000404h, 001000400h, 001000400h, 000010400h, 000010400h, 001010000h, 001010000h, 001000404h, 000010004h, 001000004h, 001000004h, 000010004h, 000000000h, 000000404h, 000010404h, 001000000h
        dd 000010000h, 001010404h, 000000004h, 001010000h, 001010400h, 001000000h, 001000000h, 000000400h, 001010004h, 000010000h, 000010400h, 001000004h, 000000400h, 000000004h, 001000404h, 000010404h
        dd 001010404h, 000010004h, 001010000h, 001000404h, 001000004h, 000000404h, 000010404h, 001010400h, 000000404h, 001000400h, 001000400h, 000000000h, 000010004h, 000010400h, 000000000h, 001010004h
    var_680 dd 020000010h, 020400000h, 000004000h, 020404010h, 020400000h, 000000010h, 020404010h, 000400000h, 020004000h, 000404010h, 000400000h, 020000010h, 000400010h, 020004000h, 020000000h, 000004010h
        dd 000000000h, 000400010h, 020004010h, 000004000h, 000404000h, 020004010h, 000000010h, 020400010h, 020400010h, 000000000h, 000404010h, 020404000h, 000004010h, 000404000h, 020404000h, 020000000h
        dd 020004000h, 000000010h, 020400010h, 000404000h, 020404010h, 000400000h, 000004010h, 020000010h, 000400000h, 020004000h, 020000000h, 000004010h, 020000010h, 020404010h, 000404000h, 020400000h
        dd 000404010h, 020404000h, 000000000h, 020400010h, 000000010h, 000004000h, 020400000h, 000404010h, 000004000h, 000400010h, 020004010h, 000000000h, 020404000h, 020000000h, 000400010h, 020004010h
    var_580 dd 010001040h, 000001000h, 000040000h, 010041040h, 010000000h, 010001040h, 000000040h, 010000000h, 000040040h, 010040000h, 010041040h, 000041000h, 010041000h, 000041040h, 000001000h, 000000040h
        dd 010040000h, 010000040h, 010001000h, 000001040h, 000041000h, 000040040h, 010040040h, 010041000h, 000001040h, 000000000h, 000000000h, 010040040h, 010000040h, 010001000h, 000041040h, 000040000h
        dd 000041040h, 000040000h, 010041000h, 000001000h, 000000040h, 010040040h, 000001000h, 000041040h, 010001000h, 000000040h, 010000040h, 010040000h, 010040040h, 010000000h, 000040000h, 010001040h
        dd 000000000h, 010041040h, 000040040h, 010000040h, 010040000h, 010001000h, 010001040h, 000000000h, 010041040h, 000041000h, 000041000h, 000001040h, 000001040h, 000040040h, 010000000h, 010041000h
    var_480    dd 000000100h, 002080100h, 002080000h, 042000100h, 000080000h, 000000100h, 040000000h, 002080000h, 040080100h, 000080000h, 002000100h, 040080100h, 042000100h, 042080000h, 000080100h, 040000000h
        dd 002000000h, 040080000h, 040080000h, 000000000h, 040000100h, 042080100h, 042080100h, 002000100h, 042080000h, 040000100h, 000000000h, 042000000h, 002080100h, 002000000h, 042000000h, 000080100h
        dd 000080000h, 042000100h, 000000100h, 002000000h, 040000000h, 002080000h, 042000100h, 040080100h, 002000100h, 040000000h, 042080000h, 002080100h, 040080100h, 000000100h, 002000000h, 042080000h
        dd 042080100h, 000080100h, 042000000h, 042080100h, 002080000h, 000000000h, 040080000h, 042000000h, 000080100h, 002000100h, 040000100h, 000080000h, 000000000h, 040080000h, 002080100h, 040000100h
    var_380 dd 000200000h, 004200002h, 004000802h, 000000000h, 000000800h, 004000802h, 000200802h, 004200800h, 004200802h, 000200000h, 000000000h, 004000002h, 000000002h, 004000000h, 004200002h, 000000802h
        dd 004000800h, 000200802h, 000200002h, 004000800h, 004000002h, 004200000h, 004200800h, 000200002h, 004200000h, 000000800h, 000000802h, 004200802h, 000200800h, 000000002h, 004000000h, 000200800h
        dd 004000000h, 000200800h, 000200000h, 004000802h, 004000802h, 004200002h, 004200002h, 000000002h, 000200002h, 004000000h, 004000800h, 000200000h, 004200800h, 000000802h, 000200802h, 004200800h
        dd 000000802h, 004000002h, 004200802h, 004200000h, 000200800h, 000000000h, 000000002h, 004200802h, 000000000h, 000200802h, 004200000h, 000000800h, 004000002h, 004000800h, 000000800h, 000200002h
    var_280 dd 000000208h, 008020200h, 000000000h, 008020008h, 008000200h, 000000000h, 000020208h, 008000200h, 000020008h, 008000008h, 008000008h, 000020000h, 008020208h, 000020008h, 008020000h, 000000208h
        dd 008000000h, 000000008h, 008020200h, 000000200h, 000020200h, 008020000h, 008020008h, 000020208h, 008000208h, 000020200h, 000020000h, 008000208h, 000000008h, 008020208h, 000000200h, 008000000h
        dd 008020200h, 008000000h, 000020008h, 000000208h, 000020000h, 008020200h, 008000200h, 000000000h, 000000200h, 000020008h, 008020208h, 008000200h, 008000008h, 000000200h, 000000000h, 008020008h
        dd 008000208h, 000020000h, 008000000h, 008020208h, 000000008h, 000020208h, 000020200h, 008000008h, 008020000h, 008000208h, 000000208h, 008020000h, 000020208h, 000000008h, 008020008h, 000020200h
    Dst dd 002002608h
    var_17C dd 010200e3ah, 000242327h, 004000431h, 000042834h, 020002b26h, 000241613h, 00008003fh, 001203811h, 020001f00h, 00020340eh, 020093015h, 005000b0ch, 02008030eh, 001000525h, 0000d3c13h
        dd 020103f04h, 008001a21h, 000100e3ah, 003000816h, 020181107h, 001002b30h, 020002432h, 00300330bh, 020081c0dh, 00220052dh, 002082910h, 002002413h, 000081a25h, 00030321ch, 000001d29h, 00402090ah
        dd 000000000h, 000000000h, 000000000h, 000000000h, 000000000h, 000000000h, 000000000h, 000000000h, 000000000h, 000000000h, 000000000h, 000000000h, 000000000h, 000000000h, 000000000h, 000000000h
        dd 000000000h, 000000000h, 000000000h, 000000000h, 000000000h, 000000000h, 000000000h, 000000000h, 000000000h, 000000000h, 000000000h, 000000000h, 000000000h, 000000000h, 000000000h, 000000000h
        dd 000000000h, 000000000h, 000000000h, 000000000h, 000000000h, 000000000h, 000000000h, 000000000h, 000000000h, 000000000h, 000000000h, 000000000h, 000000000h, 000000000h, 000000000h, 000000000h
        dd 000000000h, 000000000h, 000000000h, 000000000h, 000000000h, 000000000h, 000000000h, 000000000h, 000000000h, 000000000h, 000000000h, 000000000h, 000000000h, 000000000h, 000000000h, 000000000h
        
        
    debuf dd 000001d29h 
    debuf2 dd 00402090ah    
        dd 000081a25h, 00030321ch
        dd 002082910h, 002002413h
        dd 020081c0dh, 00220052dh
        dd 020002432h, 00300330bh
        dd 020181107h, 001002b30h
        dd 000100e3ah, 003000816h
        dd 020103f04h, 008001a21h
        dd 001000525h, 0000d3c13h
        dd 005000b0ch, 02008030eh
        dd 00020340eh, 020093015h
        dd 001203811h, 020001f00h
        dd 000241613h, 00008003fh
        dd 000042834h, 020002b26h
        dd 000242327h, 004000431h
        dd 002002608h, 010200e3ah
        
.code

InitXor proc near
    push ebp
    mov ebp,esp
    mov     edx, [ebp+8]
                mov     eax, [edx+edi*4]
                mov     edx, [edx+edi*4+4]
                mov     ecx, eax
                mov     ebx, eax
                shr     ebx, 10h
                and     ecx, 0FF0000h
                or      ecx, ebx
                mov     ebx, eax
                and     eax, 0FF00h
                shl     ebx, 10h
                or      ebx, eax
                mov     eax, edx
                shl     ebx, 8
                shr     ecx, 8
                or      ecx, ebx
                mov     ebx, edx
                and     eax, 0FF0000h
                shr     ebx, 10h
                or      eax, ebx
                mov     ebx, edx
                and     edx, 0FF00h
                shl     ebx, 10h
                or      ebx, edx
                shr     eax, 8
                shl     ebx, 8
                or      eax, ebx
                mov     edx, ecx
                shr     edx, 4
                xor     edx, eax
                and     edx, 0F0F0F0Fh
                xor     eax, edx
                shl     edx, 4
                xor     ecx, edx
                mov     edx, ecx
                shr     edx, 10h
                xor     edx, eax
                and     edx, 0FFFFh
                xor     eax, edx
                shl     edx, 10h
                xor     ecx, edx
                mov     edx, eax
                shr     edx, 2
                xor     edx, ecx
                and     edx, 33333333h
                xor     ecx, edx
                add     edx, edx
                add     edx, edx
                xor     eax, edx
                mov     edx, eax
                shr     edx, 8
                xor     edx, ecx
                and     edx, 0FF00FFh
                xor     ecx, edx
                shl     edx, 8
                xor     eax, edx
                mov     edx, ecx
                shr     edx, 1
                xor     edx, eax
                and     edx, 55555555h
                lea     ebx, [edx+edx]
                xor     ebx, ecx
                xor     eax, edx
                rol     ebx, 1
                rol     eax, 1
                pop ebp
    retn 4

InitXor endp


LoopXor proc near ; 操作 ebx,eax,返回 ebx,ecx
    
                xor     ebp, ebp             
                mov     [var_98C], ebp
                mov     ecx, eax

loc_4031C4:                             ; CODE XREF: sub_401E00+145Cj
                mov     eax, [ebp*4+Dst]
                xor     eax, ecx
                mov     edx, ecx
                ror     edx, 4
                xor     edx, [ebp*4+var_17C]
                mov     [var_988], ebx
                mov     ebx, ecx
                mov     ecx, eax
                shr     ecx, 8
                and     ecx, 3Fh
                mov     ecx, [ecx*4+var_680]
                mov     ebp, edx
                shr     ebp, 8
                and     ebp, 3Fh
                or      ecx, [ebp*4+var_480]
                mov     ebp, eax
                shr     ebp, 10h
                and     ebp, 3Fh
                or      ecx, [ebp*4+var_980]
                mov     ebp, edx
                shr     ebp, 10h
                and     ebp, 3Fh
                or      ecx, [ebp*4+var_280]
                mov     ebp, eax
                shr     ebp, 18h
                and     ebp, 3Fh
                or      ecx, [ebp*4+var_880]
                mov     ebp, edx
                shr     ebp, 18h
                and     ebp, 3Fh
                or      ecx, [ebp*4+var_780]
                mov     ebp, [var_98C]
                and     eax, 3Fh
                or      ecx, [eax*4+var_580]
                and     edx, 3Fh
                or      ecx, [edx*4+var_380]
                add     ebp, 2
                xor     ecx, [var_988]
                mov     [var_98C], ebp
                cmp     ebp, 20h
                jnz     loc_4031C4
    retn

LoopXor endp

ExitXor proc near
    
    ror     ecx, 1
                ror     ebx, 1
                mov     edx, ecx
                shr     edx, 1
                mov     eax, ebx
                xor     edx, eax
                and     edx, 55555555h
                xor     eax, edx
                add     edx, edx
                xor     ecx, edx
                mov     edx, eax
                shr     edx, 8
                xor     edx, ecx
                and     edx, 0FF00FFh
                xor     ecx, edx
                shl     edx, 8
                xor     eax, edx
                mov     edx, eax
                shr     edx, 2
                xor     edx, ecx
                and     edx, 33333333h
                xor     ecx, edx
                add     edx, edx
                add     edx, edx
                xor     eax, edx
                mov     edx, ecx
                shr     edx, 10h
                xor     edx, eax
                and     edx, 0FFFFh
                xor     eax, edx
                shl     edx, 10h
                xor     ecx, edx
                mov     ebx, ecx
                shr     ebx, 4
                xor     ebx, eax
                and     ebx, 0F0F0F0Fh
                mov     edx, ebx
                shl     edx, 4
                xor     edx, ecx
                mov     ebp, edx
                mov     ecx, edx
                shr     ecx, 10h
                and     ebp, 0FF0000h
                or      ebp, ecx
                mov     ecx, edx
                xor     eax, ebx
                and     edx, 0FF00h
                shl     ecx, 10h
                or      ecx, edx
                mov     edx, eax
                and     edx, 0FF0000h
                mov     ebx, eax
                shr     ebx, 10h
                or      edx, ebx
                mov     ebx, eax
                shl     ebx, 10h
                and     eax, 0FF00h
                shl     ecx, 8
                or      ebx, eax
                shr     ebp, 8
                or      ebp, ecx                
                shr     edx, 8
                shl     ebx, 8
                or      edx, ebx
    retn

ExitXor endp

LoopXor2 proc near ; 操作 ebx,eax,返回 ebx,ecx
    
                xor     ebp, ebp             
                mov     [var_98C], ebp
                mov     ecx, eax

LOOP1:                             ; CODE XREF: sub_401E00+145Cj
                mov     eax, [ebp*4+debuf]
                xor     eax, ecx
                mov     edx, ecx
                ror     edx, 4
                xor     edx, [ebp*4+debuf2]
                mov     [var_988], ebx
                mov     ebx, ecx
                mov     ecx, eax
                shr     ecx, 8
                and     ecx, 3Fh
                mov     ecx, [ecx*4+var_680]
                mov     ebp, edx
                shr     ebp, 8
                and     ebp, 3Fh
                or      ecx, [ebp*4+var_480]
                mov     ebp, eax
                shr     ebp, 10h
                and     ebp, 3Fh
                or      ecx, [ebp*4+var_980]
                mov     ebp, edx
                shr     ebp, 10h
                and     ebp, 3Fh
                or      ecx, [ebp*4+var_280]
                mov     ebp, eax
                shr     ebp, 18h
                and     ebp, 3Fh
                or      ecx, [ebp*4+var_880]
                mov     ebp, edx
                shr     ebp, 18h
                and     ebp, 3Fh
                or      ecx, [ebp*4+var_780]
                and     eax, 3Fh
                or      ecx, [eax*4+var_580]
                and     edx, 3Fh
                or      ecx, [edx*4+var_380]
                xor     ecx, [var_988]
                mov     ebp, [var_98C]
                add     ebp, 2
                mov     [var_98C], ebp
                cmp     ebp, 20h
                jne     LOOP1
    retn

LoopXor2 endp

Ecode proc ;arg_0:dword,len:dword
  push ebp
  mov  ebp,esp
   pushad

                xor     esi,esi
                mov     ebx,[ebp+0ch]
                shr     ebx, 2          ; ebx = 数据长度
                add     esp, 10h
                xor     edi, edi
                mov     [var_984], ebx
                cmp     ebx, esi
                jbe     loc_40332F
                lea     esp, [esp+0]
                
                mov     esi, [ebp+8]

loc_403100:                             ; CODE XREF: sub_401E00+1529j
                push    esi
                call    InitXor          ; 操作 eax,edx  返回 ebx,eax
                call    LoopXor          ; 操作 ebx,eax  返回 ebx,ecx 
                call    ExitXor          ; 操作 ebx,ecx  返回 ebp,edx
                mov     ecx, esi
                mov     [ecx+edi*4], ebp
                mov     [ecx+edi*4+4], edx
                add     edi, 2
                cmp     edi, [var_984]
                jb      loc_403100
loc_40332F: 
    popad 
    sub esp,10h
    pop ebp
    ret 8

Ecode endp



decode proc 
    
    
  push ebp
  mov  ebp,esp
   pushad

                xor     esi,esi
                mov     ebx,[ebp+0ch]
                shr     ebx, 2          ; ebx = 数据长度
                add     esp, 10h
                xor     edi, edi
                mov     [var_984], ebx
                cmp     ebx, esi
                jbe     loc_40332F
                lea     esp, [esp+0]
                
                mov     esi, [ebp+8]

loc_403100:                             ; CODE XREF: sub_401E00+1529j
                push    esi
                call    InitXor          ; 操作 eax,edx  返回 ebx,eax
                call    LoopXor2          ; 操作 ebx,eax  返回 ebx,ecx 
                call    ExitXor          ; 操作 ebx,ecx  返回 ebp,edx
                mov     ecx, esi
                mov     [ecx+edi*4], ebp
                mov     [ecx+edi*4+4], edx
                add     edi, 2
                cmp     edi, [var_984]
                jb      loc_403100
loc_40332F: 
    popad 
    sub esp,10h
    pop ebp
    ret 8

decode endp

DecodeBuf proc arg0:dword,arg1:dword
    
    push arg1
    push arg0
    call decode
    ret

DecodeBuf endp

end
;main:  ;for test
;
;    push 0ah
;    push offset string
;    call Ecode
;    
;    push 0ah
;    push offset string
;    call decode
;    
;
;    ret
;
;
;end main

    将第三部代码放入RADASM编译后,导入VS项目,在test.cpp中声明一下,调用解密即可:

    #define _WINSOCK_DEPRECATED_NO_WARNINGS

#include <stdio.h>
#include <WinSock2.h>
#include <windows.h>

#pragma comment (lib, "Ws2_32.lib")

extern "C" void __stdcall DecodeBuf(DWORD, DWORD);

int main()
{
    WSADATA wd = { 0 };
    WSAStartup(MAKEWORD(2, 2), &wd);

    SOCKET s = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
    
    SOCKADDR_IN sai = { 0 };
    sai.sin_addr.S_un.S_addr = inet_addr("127.0.0.1");
    sai.sin_port = htons(10010);
    sai.sin_family = AF_INET;
    connect(s, (sockaddr*)&sai, sizeof(SOCKADDR_IN));
    
    CHAR szToSend[100] = { 0 };
    printf("请输入要发送的信息
");

    scanf_s("%s", szToSend, 100);

    send(s, szToSend, 11, NULL);

    CHAR RecvBuf[200] = { 0 };
    int nlen = recv(s, RecvBuf, 200, NULL);
    
    printf("接收到的加密了之后的信息:
");
    for (int i = 0; i < nlen; ++i)
    {
        printf("0x%x ", (BYTE)RecvBuf[i]);
    }
    printf("
");

    DecodeBuf((DWORD)RecvBuf, nlen);
    printf("解密之后的信息:%s
",RecvBuf);

    system("pause");

    send(s, "quit", 5, NULL);
    closesocket(s);
    WSACleanup();


    return 0;
}
  • 相关阅读:
    Codeforces 525C Om Nom and Candies 枚举 + 复杂度分析
    Codeforces 526B Om Nom and Dark Park 树形dp
    Codeforces 526A King of Thieves 枚举
    Regionals 2014 Asia
    Regionals 2014 Asia
    access数据库和sqlsever数据库sql语句的布尔值boolean的写法
    取消阴影行
    引用其他单元的2种方法
    选中阴影行
    全选
  • 原文地址:https://www.cnblogs.com/cqubsj/p/6617782.html
Copyright © 2011-2022 走看看