📄 tea.cod
字号:
TITLE C:\Documents and Settings\Administrator\桌面\病毒原理\加壳\bambam004_source\Stub\tea.cpp
.386P
include listing.inc
if @Version gt 510
.model FLAT
else
_TEXT SEGMENT PARA USE32 PUBLIC 'CODE'
_TEXT ENDS
_DATA SEGMENT DWORD USE32 PUBLIC 'DATA'
_DATA ENDS
CONST SEGMENT DWORD USE32 PUBLIC 'CONST'
CONST ENDS
_BSS SEGMENT DWORD USE32 PUBLIC 'BSS'
_BSS ENDS
_TLS SEGMENT DWORD USE32 PUBLIC 'TLS'
_TLS ENDS
; COMDAT ??_C@_0CH@JKEA@?5_0123456789abcdefghijklmnopqrst@
_DATA SEGMENT DWORD USE32 PUBLIC 'DATA'
_DATA ENDS
; COMDAT ?IsWhiteSpace@@YA_NI@Z
_TEXT SEGMENT PARA USE32 PUBLIC 'CODE'
_TEXT ENDS
; COMDAT ?ToLowerCase@@YAII@Z
_TEXT SEGMENT PARA USE32 PUBLIC 'CODE'
_TEXT ENDS
; COMDAT ?MemcpyXor@@YAXPAXPBXH@Z
_TEXT SEGMENT PARA USE32 PUBLIC 'CODE'
_TEXT ENDS
; COMDAT ?EncipherChunk_TEA@@YAXPBXPAX0H@Z
_TEXT SEGMENT PARA USE32 PUBLIC 'CODE'
_TEXT ENDS
; COMDAT ?DecipherChunk_TEA@@YAXPBXPAX0H@Z
_TEXT SEGMENT PARA USE32 PUBLIC 'CODE'
_TEXT ENDS
; COMDAT ?GetKeyFromPhrase@@YAHPAXPBDH@Z
_TEXT SEGMENT PARA USE32 PUBLIC 'CODE'
_TEXT ENDS
; COMDAT ?EncryptData_TEA@@YA_NPBXHPBD@Z
_TEXT SEGMENT PARA USE32 PUBLIC 'CODE'
_TEXT ENDS
; COMDAT ?DecryptData_TEA@@YA_NPBXHPBD@Z
_TEXT SEGMENT PARA USE32 PUBLIC 'CODE'
_TEXT ENDS
FLAT GROUP _DATA, CONST, _BSS
ASSUME CS: FLAT, DS: FLAT, SS: FLAT
endif
PUBLIC ?IsWhiteSpace@@YA_NI@Z ; IsWhiteSpace
; COMDAT ?IsWhiteSpace@@YA_NI@Z
_TEXT SEGMENT
_c$ = 8
?IsWhiteSpace@@YA_NI@Z PROC NEAR ; IsWhiteSpace, COMDAT
; 9 : {
00000 55 push ebp
00001 8b ec mov ebp, esp
; 10 : return c && c <= ' ';
00003 8b 45 08 mov eax, DWORD PTR _c$[ebp]
00006 85 c0 test eax, eax
00008 74 0c je SHORT $L16806
0000a 83 f8 20 cmp eax, 32 ; 00000020H
0000d 77 07 ja SHORT $L16806
0000f b8 01 00 00 00 mov eax, 1
; 11 : }
00014 5d pop ebp
00015 c3 ret 0
$L16806:
; 10 : return c && c <= ' ';
00016 33 c0 xor eax, eax
; 11 : }
00018 5d pop ebp
00019 c3 ret 0
?IsWhiteSpace@@YA_NI@Z ENDP ; IsWhiteSpace
_TEXT ENDS
PUBLIC ?ToLowerCase@@YAII@Z ; ToLowerCase
; COMDAT ?ToLowerCase@@YAII@Z
_TEXT SEGMENT
_c$ = 8
?ToLowerCase@@YAII@Z PROC NEAR ; ToLowerCase, COMDAT
; 14 : {
00000 55 push ebp
00001 8b ec mov ebp, esp
; 15 : if (c >= 'A' && c <= 'Z')
00003 8b 45 08 mov eax, DWORD PTR _c$[ebp]
00006 83 f8 41 cmp eax, 65 ; 00000041H
00009 72 08 jb SHORT $L16671
0000b 83 f8 5a cmp eax, 90 ; 0000005aH
0000e 77 03 ja SHORT $L16671
; 16 : return c - 'A' + 'a';
00010 83 c0 20 add eax, 32 ; 00000020H
$L16671:
; 17 :
; 18 : return c; // return unchanged... unlike stupid _tolower() function
; 19 : }
00013 5d pop ebp
00014 c3 ret 0
?ToLowerCase@@YAII@Z ENDP ; ToLowerCase
_TEXT ENDS
PUBLIC ?MemcpyXor@@YAXPAXPBXH@Z ; MemcpyXor
; COMDAT ?MemcpyXor@@YAXPAXPBXH@Z
_TEXT SEGMENT
_dest$ = 8
_src$ = 12
_n$ = 16
?MemcpyXor@@YAXPAXPBXH@Z PROC NEAR ; MemcpyXor, COMDAT
; 22 : {
00000 55 push ebp
00001 8b ec mov ebp, esp
00003 56 push esi
; 23 : for (int i = 0; i < n; i++)
00004 8b 75 10 mov esi, DWORD PTR _n$[ebp]
00007 85 f6 test esi, esi
00009 7e 17 jle SHORT $L16681
0000b 8b 45 08 mov eax, DWORD PTR _dest$[ebp]
0000e 8b 4d 0c mov ecx, DWORD PTR _src$[ebp]
00011 53 push ebx
00012 2b c8 sub ecx, eax
$L16679:
; 24 : ((BYTE*)dest)[i] ^= ((BYTE*)src)[i];
00014 8a 14 01 mov dl, BYTE PTR [ecx+eax]
00017 8a 18 mov bl, BYTE PTR [eax]
00019 32 da xor bl, dl
0001b 88 18 mov BYTE PTR [eax], bl
0001d 40 inc eax
0001e 4e dec esi
0001f 75 f3 jne SHORT $L16679
00021 5b pop ebx
$L16681:
00022 5e pop esi
; 25 : }
00023 5d pop ebp
00024 c3 ret 0
?MemcpyXor@@YAXPAXPBXH@Z ENDP ; MemcpyXor
_TEXT ENDS
PUBLIC ?EncipherChunk_TEA@@YAXPBXPAX0H@Z ; EncipherChunk_TEA
; COMDAT ?EncipherChunk_TEA@@YAXPBXPAX0H@Z
_TEXT SEGMENT
_src64$ = 8
_dst64$ = 12
_key128$ = 16
_aux$ = 20
?EncipherChunk_TEA@@YAXPBXPAX0H@Z PROC NEAR ; EncipherChunk_TEA, COMDAT
; 28 : {
00000 55 push ebp
00001 8b ec mov ebp, esp
; 29 : const unsigned long * src = (const unsigned long *)src64;
; 30 : unsigned long * dst = (unsigned long *)dst64;
; 31 : const unsigned long * key = (const unsigned long *)key128;
; 32 : register unsigned long y=src[0], z=src[1], sum=0, delta=0x9E3779B9, n=32;
00003 8b 4d 08 mov ecx, DWORD PTR _src64$[ebp]
00006 53 push ebx
00007 56 push esi
; 33 : y ^= aux;
00008 8b 75 14 mov esi, DWORD PTR _aux$[ebp]
0000b 8b 51 04 mov edx, DWORD PTR [ecx+4]
0000e 8b 09 mov ecx, DWORD PTR [ecx]
00010 33 c0 xor eax, eax
00012 33 ce xor ecx, esi
00014 8b 75 10 mov esi, DWORD PTR _key128$[ebp]
00017 57 push edi
00018 c7 45 08 20 00
00 00 mov DWORD PTR 8+[ebp], 32 ; 00000020H
$L16702:
; 34 :
; 35 : while(n-- > 0)
; 36 : {
; 37 : y += (z << 4 ^ z >> 5) + z ^ sum + key[sum&3];
0001f 8b fa mov edi, edx
00021 8b da mov ebx, edx
00023 c1 ef 05 shr edi, 5
00026 c1 e3 04 shl ebx, 4
00029 33 fb xor edi, ebx
0002b 8b d8 mov ebx, eax
0002d 83 e3 03 and ebx, 3
00030 03 fa add edi, edx
00032 8b 1c 9e mov ebx, DWORD PTR [esi+ebx*4]
00035 03 d8 add ebx, eax
; 38 : sum += delta;
00037 2d 47 86 c8 61 sub eax, 1640531527 ; 61c88647H
0003c 33 fb xor edi, ebx
0003e 03 cf add ecx, edi
; 39 : z += (y << 4 ^ y >> 5) + y ^ sum + key[sum>>11 & 3];
00040 8b f9 mov edi, ecx
00042 8b d9 mov ebx, ecx
00044 c1 ef 05 shr edi, 5
00047 c1 e3 04 shl ebx, 4
0004a 33 fb xor edi, ebx
0004c 8b d8 mov ebx, eax
0004e c1 eb 0b shr ebx, 11 ; 0000000bH
00051 83 e3 03 and ebx, 3
00054 03 f9 add edi, ecx
00056 8b 1c 9e mov ebx, DWORD PTR [esi+ebx*4]
00059 03 d8 add ebx, eax
0005b 33 fb xor edi, ebx
0005d 03 d7 add edx, edi
0005f 8b 7d 08 mov edi, DWORD PTR 8+[ebp]
00062 4f dec edi
00063 89 7d 08 mov DWORD PTR 8+[ebp], edi
00066 75 b7 jne SHORT $L16702
; 40 : }
; 41 : dst[0]=y;
00068 8b 45 0c mov eax, DWORD PTR _dst64$[ebp]
0006b 5f pop edi
0006c 5e pop esi
0006d 5b pop ebx
0006e 89 08 mov DWORD PTR [eax], ecx
; 42 : dst[1]=z;
00070 89 50 04 mov DWORD PTR [eax+4], edx
; 43 : }
00073 5d pop ebp
00074 c3 ret 0
?EncipherChunk_TEA@@YAXPBXPAX0H@Z ENDP ; EncipherChunk_TEA
_TEXT ENDS
PUBLIC ?DecipherChunk_TEA@@YAXPBXPAX0H@Z ; DecipherChunk_TEA
; COMDAT ?DecipherChunk_TEA@@YAXPBXPAX0H@Z
_TEXT SEGMENT
_src64$ = 8
_dst64$ = 12
_key128$ = 16
_aux$ = 20
?DecipherChunk_TEA@@YAXPBXPAX0H@Z PROC NEAR ; DecipherChunk_TEA, COMDAT
; 46 : {
00000 55 push ebp
00001 8b ec mov ebp, esp
; 47 : const unsigned long * src = (const unsigned long *)src64;
; 48 : unsigned long * dst = (unsigned long *)dst64;
; 49 : const unsigned long * key = (const unsigned long *)key128;
; 50 :
; 51 : register unsigned long y=src[0], z=src[1], sum=0xC6EF3720, delta=0x9E3779B9, n=32;
00003 8b 45 08 mov eax, DWORD PTR _src64$[ebp]
00006 53 push ebx
00007 56 push esi
00008 8b 75 10 mov esi, DWORD PTR _key128$[ebp]
0000b 8b 08 mov ecx, DWORD PTR [eax]
0000d 8b 50 04 mov edx, DWORD PTR [eax+4]
00010 57 push edi
00011 b8 20 37 ef c6 mov eax, -957401312 ; c6ef3720H
00016 c7 45 08 20 00
00 00 mov DWORD PTR 8+[ebp], 32 ; 00000020H
$L16722:
; 52 :
; 53 : // sum = delta<<5, in general sum = delta * n
; 54 :
; 55 : while(n-- > 0)
; 56 : {
; 57 : z -= (y << 4 ^ y >> 5) + y ^ sum + key[sum>>11 & 3];
0001d 8b f9 mov edi, ecx
0001f 8b d9 mov ebx, ecx
00021 c1 ef 05 shr edi, 5
00024 c1 e3 04 shl ebx, 4
00027 33 fb xor edi, ebx
00029 8b d8 mov ebx, eax
0002b c1 eb 0b shr ebx, 11 ; 0000000bH
0002e 83 e3 03 and ebx, 3
00031 03 f9 add edi, ecx
00033 8b 1c 9e mov ebx, DWORD PTR [esi+ebx*4]
00036 03 d8 add ebx, eax
; 58 : sum -= delta;
00038 05 47 86 c8 61 add eax, 1640531527 ; 61c88647H
0003d 33 fb xor edi, ebx
0003f 2b d7 sub edx, edi
; 59 : y -= (z << 4 ^ z >> 5) + z ^ sum + key[sum&3];
00041 8b fa mov edi, edx
00043 8b da mov ebx, edx
00045 c1 ef 05 shr edi, 5
00048 c1 e3 04 shl ebx, 4
0004b 33 fb xor edi, ebx
0004d 8b d8 mov ebx, eax
0004f 83 e3 03 and ebx, 3
00052 03 fa add edi, edx
00054 8b 1c 9e mov ebx, DWORD PTR [esi+ebx*4]
00057 03 d8 add ebx, eax
00059 33 fb xor edi, ebx
0005b 2b cf sub ecx, edi
0005d 8b 7d 08 mov edi, DWORD PTR 8+[ebp]
00060 4f dec edi
00061 89 7d 08 mov DWORD PTR 8+[ebp], edi
00064 75 b7 jne SHORT $L16722
; 60 : }
; 61 :
; 62 : y ^= aux;
00066 8b 45 14 mov eax, DWORD PTR _aux$[ebp]
00069 5f pop edi
0006a 33 c8 xor ecx, eax
; 63 :
; 64 : dst[0]=y;
0006c 8b 45 0c mov eax, DWORD PTR _dst64$[ebp]
0006f 5e pop esi
00070 5b pop ebx
00071 89 08 mov DWORD PTR [eax], ecx
; 65 : dst[1]=z;
00073 89 50 04 mov DWORD PTR [eax+4], edx
; 66 : }
00076 5d pop ebp
00077 c3 ret 0
?DecipherChunk_TEA@@YAXPBXPAX0H@Z ENDP ; DecipherChunk_TEA
_TEXT ENDS
PUBLIC ?GetKeyFromPhrase@@YAHPAXPBDH@Z ; GetKeyFromPhrase
PUBLIC ??_C@_0CH@JKEA@?5_0123456789abcdefghijklmnopqrst@ ; `string'
; COMDAT ??_C@_0CH@JKEA@?5_0123456789abcdefghijklmnopqrst@
; File C:\Documents and Settings\Administrator\桌面\病毒原理\加壳\bambam004_source\Stub\tea.cpp
_DATA SEGMENT
??_C@_0CH@JKEA@?5_0123456789abcdefghijklmnopqrst@ DB ' _0123456789abcdefg'
DB 'hijklmnopqrstuvwxyz', 00H ; `string'
_DATA ENDS
; COMDAT ?GetKeyFromPhrase@@YAHPAXPBDH@Z
_TEXT SEGMENT
_key128$ = 8
_pass$ = 12
_pLen$ = 16
_a_validCharacters$ = -4
?GetKeyFromPhrase@@YAHPAXPBDH@Z PROC NEAR ; GetKeyFromPhrase, COMDAT
; 69 : {
00000 55 push ebp
00001 8b ec mov ebp, esp
00003 51 push ecx
; 70 : if (pLen <= 0) // get the length of the pass phrase if we haven't got it already
; 71 : pLen = strlen(pass);
00004 8b 55 0c mov edx, DWORD PTR _pass$[ebp]
00007 56 push esi
00008 57 push edi
00009 8b 7d 10 mov edi, DWORD PTR _pLen$[ebp]
0000c 85 ff test edi, edi
0000e 7f 11 jg SHORT $L16729
00010 8b fa mov edi, edx
00012 83 c9 ff or ecx, -1
00015 33 c0 xor eax, eax
00017 f2 ae repne scasb
00019 f7 d1 not ecx
0001b 49 dec ecx
0001c 89 4d 10 mov DWORD PTR _pLen$[ebp], ecx
0001f 8b f9 mov edi, ecx
$L16729:
; 72 :
; 73 : const char * a_set = PASSPHRASE_CHARSET;
; 74 :
; 75 : memset(key128, 0, 16); // initialize the key to zero
00021 8b 4d 08 mov ecx, DWORD PTR _key128$[ebp]
00024 33 c0 xor eax, eax
; 76 : int a_validCharacters = 0; // counts characters that actually contribute to the key
; 77 :
; 78 : // normalize passphrase
; 79 : for (int i = 0; i < pLen; i++)
00026 33 f6 xor esi, esi
00028 89 01 mov DWORD PTR [ecx], eax
0002a 85 ff test edi, edi
0002c 89 41 04 mov DWORD PTR [ecx+4], eax
0002f 89 41 08 mov DWORD PTR [ecx+8], eax
00032 89 45 fc mov DWORD PTR _a_validCharacters$[ebp], eax
00035 89 41 0c mov DWORD PTR [ecx+12], eax
00038 0f 8e bb 00 00
00 jle $L16736
0003e 53 push ebx
0003f eb 06 jmp SHORT $L16734
$L16853:
00041 8b 55 0c mov edx, DWORD PTR _pass$[ebp]
00044 8b 7d 10 mov edi, DWORD PTR _pLen$[ebp]
$L16734:
; 80 : {
; 81 : int c = ToLowerCase(pass[i]);
00047 0f be 04 16 movsx eax, BYTE PTR [esi+edx]
0004b 83 f8 41 cmp eax, 65 ; 00000041H
0004e 72 08 jb SHORT $L16822
00050 83 f8 5a cmp eax, 90 ; 0000005aH
00053 77 03 ja SHORT $L16822
00055 83 c0 20 add eax, 32 ; 00000020H
$L16822:
; 82 :
; 83 : if (IsWhiteSpace(c)) // collapse whitespace to single space
00058 85 c0 test eax, eax
0005a 8b d8 mov ebx, eax
0005c 74 24 je SHORT $L16839
0005e 83 f8 20 cmp eax, 32 ; 00000020H
00061 77 1f ja SHORT $L16839
; 84 : {
; 85 : c = ' ';
; 86 : while (i+1 < pLen && IsWhiteSpace(pass[i+1])) // skip extras
00063 8d 46 01 lea eax, DWORD PTR [esi+1]
00066 bb 20 00 00 00 mov ebx, 32 ; 00000020H
0006b 3b c7 cmp eax, edi
0006d 7d 13 jge SHORT $L16839
$L16740:
0006f 0f be 0c 10 movsx ecx, BYTE PTR [eax+edx]
00073 85 c9 test ecx, ecx
00075 74 0b je SHORT $L16839
00077 83 f9 20 cmp ecx, 32 ; 00000020H
0007a 77 06 ja SHORT $L16839
; 87 : i++;
0007c 46 inc esi
0007d 40 inc eax
0007e 3b c7 cmp eax, edi
00080 7c ed jl SHORT $L16740
; 84 : {
; 85 : c = ' ';
; 86 : while (i+1 < pLen && IsWhiteSpace(pass[i+1])) // skip extras
$L16839:
; 88 : }
; 89 :
; 90 : // now check to see if it's a valid pass character
; 91 : //char * p = strchr(a_set, c);
; 92 :
; 93 : char * p = 0;
; 94 : // quick and dirty strchr equiv caus we're not linking with the c run time
; 95 : for(int j=0; j<(int)strlen(a_set); j++)
00082 bf 00 00 00 00 mov edi, OFFSET FLAT:??_C@_0CH@JKEA@?5_0123456789abcdefghijklmnopqrst@ ; `string'
00087 83 c9 ff or ecx, -1
0008a 33 c0 xor eax, eax
0008c 33 d2 xor edx, edx
0008e f2 ae repne scasb
00090 f7 d1 not ecx
00092 49 dec ecx
00093 85 c9 test ecx, ecx
00095 7e 52 jle SHORT $L16735
$L16745:
; 96 : {
; 97 : if(c == a_set[j])
00097 0f be 82 00 00
00 00 movsx eax, BYTE PTR ??_C@_0CH@JKEA@?5_0123456789abcdefghijklmnopqrst@[edx]
0009e 3b d8 cmp ebx, eax
000a0 74 16 je SHORT $L16845
000a2 bf 00 00 00 00 mov edi, OFFSET FLAT:??_C@_0CH@JKEA@?5_0123456789abcdefghijklmnopqrst@ ; `string'
000a7 83 c9 ff or ecx, -1
000aa 33 c0 xor eax, eax
000ac 42 inc edx
000ad f2 ae repne scasb
000af f7 d1 not ecx
000b1 49 dec ecx
000b2 3b d1 cmp edx, ecx
000b4 7c e1 jl SHORT $L16745
000b6 eb 31 jmp SHORT $L16735
$L16845:
; 98 : {
; 99 : p = (char*)&a_set[j];
000b8 8d 8a 00 00 00
00 lea ecx, DWORD PTR ??_C@_0CH@JKEA@?5_0123456789abcdefghijklmnopqrst@[edx]
; 100 : break;
; 101 : }
; 102 : }
; 103 :
; 104 : if (p) // let's hash it into the key then
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -