- 论坛徽章:
- 1
|
回复 18楼 lovett 的帖子
比较隐晦,前面一段有点象可操作的代码,数据比较隐晦。靠读就比较困难。
能在对应的环境下跟踪也许容易理解些。
00000000 cld
00000001 pushl $0xeb
00000003 decl %ebp
00000004 call 00000002
00000009 pushal
0000000a movl 0x24(%esp), %ebp
0000000e movl 0x3c(%ebp), %eax
00000011 movl 0x78(%ebp,%eax,1), %edi
00000015 addl %ebp, %edi
00000017 movl 0x18(%edi), %ecx
0000001a movl 0x20(%edi), %ebx
0000001d addl %ebp, %ebx
0000001f decl %ecx
00000020 movl (%ebx,%ecx,4), %esi
00000023 addl %ebp, %esi
00000025 xorl %eax, %eax
00000027 cltd
00000028 lodsb (%esi)
00000029 testb %al, %al
0000002b jz 00000034
0000002d rorl $0xd, %edx
00000030 addl %eax, %edx
00000032 jmp 00000028
00000034 cmpl 0x28(%esp), %edx
00000038 jnz 0000001f
0000003a movl 0x24(%edi), %ebx
0000003d addl %ebp, %ebx
0000003f movw (%ebx,%ecx,2), %cx
00000043 movl 0x1c(%edi), %ebx
00000046 addl %ebp, %ebx
00000048 addl (%ebx,%ecx,4), %ebp
0000004b movl %ebp, 0x1c(%esp)
0000004f popal
00000050 ret |
|