www.pudn.com > oicqspysrc.zip > SymEncrypt.asm

.386p 
 
extrn   _ntohl@4: near 
extrn   _htonl@4: near 
extrn   _memset : near 
extrn   _rand : near 
 
; Segment type:	Pure code 
_text		segment	para public 'CODE' use32 
		assume cs:_text 
		assume es:nothing, ss:nothing, ds:_text, fs:nothing, gs:nothing 
 
TeaEncrypt	proc near 
 
pTemp		= dword	ptr -10h 
var_C		= dword	ptr -0Ch 
var_8		= dword	ptr -8 
var_4		= dword	ptr -4 
 
pBuf1		= dword	ptr  8 
arg_8		= dword	ptr  0Ch 
arg_C		= dword	ptr  10h 
 
		push	ebp 
		mov	ebp, esp 
		sub	esp, 10h		//alloc stack for local var 
		push	ebx 
		push	esi 
		mov	esi, [ebp+pBuf1]	//esi=pBuf1; 
		push	edi 
		push	dword ptr [esi]		// 
		call	_ntohl@4		// 
		push	dword ptr [esi+4]	// 
		mov	edi, eax		//edi=ntohl(pBuf1[0]); 
		call	_ntohl@4		// 
		mov	ebx, eax		//ebx=ntohl(pBuf[1]); 
		mov	eax, [ebp+arg_8]	//eax=arg_8 
		lea	ecx, [ebp+pTemp]	//ecx=ebp-pTemp; 
		lea	esi, [ebp+pTemp]	//esi=ebppTemp; 
		sub	eax, ecx		//eax=arg_8-ebp+pTemp; 
		mov	[ebp+pBuf1], 4		//pBuf1=4; 
		mov	[ebp+arg_8], eax	//arg_8=arg_8-pTemp; 
		jmp	short loc_0_43D04D 
 
loc_0_43D04A: 
		mov	eax, [ebp+arg_8]	//eax=arg_8; 
 
loc_0_43D04D: 
		push	dword ptr [eax+esi]	//arg_8-pTemp+pTemp; 
		call	_ntohl@4 
		mov	[esi], eax		//*esi=ntohl(arg_8); 
		add	esi, 4			//esi+=4;   notice! pdwBuf++; 
		dec	[ebp+pBuf1]		//pBuf1--; 
		jnz	short loc_0_43D04A	//while(pBuf1<>0); 
		push	10h			//push 16; 
		xor	eax, eax		//eax=0; 
		pop	ecx			//ecx=16; 
 
loc_0_43D064: 
		mov	edx, ebx		//e 
		mov	esi, ebx 
		shr	edx, 5			//edx=htohl(edx>>5); 
		add	edx, [ebp+var_C]	//edx+=var_C; 
		sub	eax, 61C88647h		//eax-=0x61c88647 
		shl	esi, 4			//esi<<4; 
		add	esi, [ebp+pTemp]	// 
		xor	edx, esi 
		lea	esi, [eax+ebx] 
		xor	edx, esi 
		add	edi, edx 
		mov	edx, edi 
		mov	esi, edi 
		shr	edx, 5 
		add	edx, [ebp+var_4] 
		shl	esi, 4 
		add	esi, [ebp+var_8] 
		xor	edx, esi 
		lea	esi, [eax+edi] 
		xor	edx, esi 
		add	ebx, edx 
		dec	ecx 
		jnz	short loc_0_43D064 
		push	edi 
		call	_htonl@4 
		mov	esi, [ebp+arg_C] 
		push	ebx 
		mov	[esi], eax 
		call	_htonl@4 
		mov	[esi+4], eax 
		pop	edi 
		pop	esi 
		pop	ebx 
		leave	 
		retn	 
TeaEncrypt	endp 
 
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; 
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; 
 
            public  _SymmetryEncrypt 
 
_SymmetryEncrypt		proc near 
 
pBuf3		= byte ptr -14h 
pBuf2		= byte ptr -0Dh 
pBuf1		= byte ptr -0Ch			随机数缓冲区指针? 
i	        = dword	ptr -4			DWORD left byte number 
arg_0		= dword	ptr  8             	DWORD Length? 
arg_4		= dword	ptr  0Ch		DWORD PlainText Buffer Length   UNKNOW 
arg_8		= dword	ptr  10h		DWORD pointer unknow 
arg_C		= dword	ptr  14h		DWORD Buffer pinter 
arg_10		= dword	ptr  18h		DWORD 
 
//处理数据包长度 
		push	ebp 
		mov	ebp, esp 
		sub	esp, 14h		//alloc local var 
		mov	eax, [ebp+arg_4]	//eax=arg_4 
		push	ebx 
		push	esi 
		push	edi 
		push	8 
		add	eax, 0Ah		//eax=arg_4+10; 
		pop	ebx			//ebx=8; 
		cdq				//edx=signed bit of eax 
		mov	ecx, ebx		//ecx=8//估计是数据包长度/8 
		idiv	ecx			//eax=arg_4/8   edx=arg_4 mod 8 
		test	edx, edx		//edx=0? 
		mov	[ebp+i], edx		//i=arg_4 mod 8 
		jz	short loc_0_43D182	//if(i!=0){ 
		mov	eax, ebx		//	eax=8; 
		sub	eax, edx		//	eax=8-(arg_4 mod 8) 
		mov	[ebp+i], eax		//	i=eax 
						//} 
 
loc_0_43D182:				 
		call	_rand 
		mov	ecx, eax		//ecx=rand() 
		mov	eax, [ebp+i]		//eax=i 
		and	cl, 0F8h		//cl&=0xf8  cl=8 
		push	1 
		or	cl, al			//cl=8|al 
		pop	edi			//edi=1 
		mov	[ebp+pBuf1], cl		//将（数据包长度or随机数)存入缓冲区[0] 
						//pBuf1[0]=(BYTE)rand()|8; 
		mov	ecx, eax		//ecx=i 
		dec	eax			//eax--; 
		test	ecx, ecx 
		jz	short loc_0_43D1AE	// 
						//if(i==0)goto 
		lea	esi, [eax+1]		//esi=i; 
 
//生成随机数缓冲区 
loc_0_43D1A1:					//do	{ 
		call	_rand			//	 
		mov	[ebp+edi+pBuf1], al	//	pBuf1[edi]=rand(); 
		inc	edi			//	edi++; 
		dec	esi			//	esi--; 
		jnz	short loc_0_43D1A1	//while(esi!=0); 
//处理完成后 
loc_0_43D1AE:			 
		push	ebx			//push 8?? 
		lea	eax, [ebp+pBuf3]	//eax=pBuf3; 
		push	0			// 
		push	eax			 
		call	_memset			//memset(pBuf3,0,ebx),ebx is length of pBuf3 
		mov	esi, [ebp+arg_10]	//esi=arg_10 
		lea	eax, [ebp+pBuf3]	//eax=pBuf3; 
		add	esp, 0Ch		//restore stack 
		mov	[ebp+i], eax		//i=pBuf3 
		and	dword ptr [esi], 0	//*arg_10=0 
		mov	[ebp+arg_10], 1		//arg_10=1 
 
loc_0_43D1D0:					//do	{ 
		cmp	edi, ebx		 
		jge	short loc_0_43D1E3	//  if(edi=2); 
		 
		 
 
loc_0_43D222:					 
		cmp	[ebp+arg_4], 0 
		jz	short loc_0_43D279	//while(arg_4!=0){ 
		cmp	edi, ebx		//  if(ediebx); 
		push	[ebp+arg_C]		//   
		lea	eax, [ebp+pBuf1] 
		push	[ebp+arg_8] 
		push	eax 
		call	TeaEncrypt		//  TeaEncrypt(pBuf1,arg_8,arg_c); 
		mov	eax, [ebp+arg_C]	//  eax=arg_C; 
		add	[esi], ebx		//  *esi+=ebx; 
		add	esp, 0Ch 
		xor	edi, edi		//  edi+0; 
		add	[ebp+arg_C], ebx	//  arg_C+=ebx; 
		mov	[ebp+i], eax		//  i=arg_C; 
		jmp	short loc_0_43D222	//}arg_4!=0; 
 
loc_0_43D279: 
		mov	[ebp+arg_10], 1		//arg_10=1; 
 
loc_0_43D280:					//do{ 
		cmp	edi, ebx		// 
		jge	short loc_0_43D28F	//  if(ediebx); 
		push	[ebp+arg_C]		// 
		lea	eax, [ebp+pBuf1] 
		push	[ebp+arg_8] 
		push	eax 
		call	TeaEncrypt		//  	TeaEncrypt(pBuf1,arg_8,arg_c); 
		mov	eax, [ebp+arg_C]	//  	eax=arg_c; 
		add	[esi], ebx		//  	*esi+=ebx; 
		add	esp, 0Ch		//   
		xor	edi, edi		//  	edi=0; 
		add	[ebp+arg_C], ebx	//  	arg_c+=ebx; 
		mov	[ebp+i], eax		//  	i=arg_c; 
 
loc_0_43D2C8:					//  	} 
		cmp	[ebp+arg_10], 7 
		jle	short loc_0_43D280	//}while(arg_10>=7); 
		pop	edi 
		pop	esi 
		pop	ebx 
		leave	 
		retn	 
_SymmetryEncrypt		endp 
 
 
_text   ends