c# [zend混淆函数]Zend Obfuscate Function Implement | LsevenTT博客-站群哥
   

LsevenTT博客-站群哥

认真你就输了

c# [zend混淆函数]Zend Obfuscate Function Implement

 

 

const UCHAR Key[24] = {   
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,   
0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF,   
0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10   
};   
  
ULONG my_DDCE30_ex( const TCHAR *String, ULONG Length )   
{   
register ULONG RetCode;   
register ULONG Iter;   
register ULONG Count;   
  
RetCode = 0x1505;   
Count = Length;   
for ( Iter = 0; Iter < Count; Iter++ )   
RetCode = String[Iter] + ( RetCode << 5 ) + RetCode;   
  
return RetCode;   
}   
  
__declspec( naked ) void my_DD6D40( void *Buffer, const TCHAR *String )   
{  
#define var_40 -0x40  
#define var_3C -0x3C  
#define var_38 -0x38  
#define var_34 -0x34  
#define var_30 -0x30  
#define var_2C -0x2C  
#define var_28 -0x28  
#define var_24 -0x24  
#define var_20 -0x20  
#define var_1C -0x1C  
#define var_18 -0x18  
#define var_14 -0x14  
#define var_10 -0x10  
#define var_C -0x0C  
#define var_8 -8  
#define var_4 -4  
#define arg_0 4  
#define arg_4 8   
  
__asm   
{   
mov ecx, [esp+arg_4]   
mov eax, [esp+arg_0]   
sub esp, 40h   
add ecx, 2   
push ebx   
push ebp   
push esi   
push edi   
lea esi, [esp+50h+var_40]   
mov edi, 10h   
  
loc_DD6D5B :   
xor edx, edx   
xor ebx, ebx   
mov dl, [ecx+1]   
mov bl, [ecx]   
shl edx, 8   
add edx, ebx   
xor ebx, ebx   
mov bl, [ecx-1]   
add esi, 4   
shl edx, 8   
add edx, ebx   
xor ebx, ebx   
mov bl, [ecx-2]   
add ecx, 4   
shl edx, 8   
add edx, ebx   
dec edi   
mov [esi-4], edx   
jnz short loc_DD6D5B   
mov esi, [eax+0Ch]   
mov edi, [eax+10h]   
mov edx, [eax+14h]   
mov ebp, [esp+50h+var_40]   
mov ecx, esi   
mov eax, [eax+8]   
not ecx   
mov ebx, edi   
and ecx, edx   
and ebx, esi   
or ecx, ebx   
mov ebx, esi   
add ecx, ebp   
mov ebp, [esp+50h+var_3C]   
lea ecx, [ecx+eax-28955B88h]   
mov eax, ecx   
shr eax, 19h   
shl ecx, 7   
or eax, ecx   
add eax, esi   
mov ecx, eax   
and ebx, eax   
not ecx   
and ecx, edi   
or ecx, ebx   
add ecx, ebp   
mov ebp, [esp+50h+var_38]   
lea edx, [ecx+edx-173848AAh]   
mov ecx, edx   
shr ecx, 14h   
shl edx, 0Ch   
or ecx, edx   
add ecx, eax   
mov edx, ecx   
mov ebx, ecx   
not edx   
and edx, esi   
and ebx, eax   
or edx, ebx   
mov ebx, ecx   
add edx, ebp   
mov ebp, [esp+50h+var_34]   
lea edi, [edx+edi+242070DBh]   
mov edx, edi   
shr edx, 0Fh   
shl edi, 11h   
or edx, edi   
add edx, ecx   
mov edi, edx   
and ebx, edx   
not edi   
and edi, eax   
or edi, ebx   
mov ebx, edx   
add edi, ebp   
mov ebp, [esp+50h+var_30]   
lea edi, [edi+esi-3E423112h]   
mov esi, edi   
shl esi, 16h   
shr edi, 0Ah   
or esi, edi   
add esi, edx   
mov edi, esi   
and ebx, esi   
not edi   
and edi, ecx   
or edi, ebx   
mov ebx, esi   
add edi, ebp   
mov ebp, [esp+50h+var_2C]   
lea edi, [edi+eax-0A83F051h]   
mov eax, edi   
shr eax, 19h   
shl edi, 7   
or eax, edi   
add eax, esi   
mov edi, eax   
and ebx, eax   
not edi   
and edi, edx   
or edi, ebx   
add edi, ebp   
mov ebp, [esp+50h+var_28]   
lea edi, [edi+ecx+4787C62Ah]   
mov ecx, edi   
shl edi, 0Ch   
shr ecx, 14h   
or ecx, edi   
add ecx, eax   
mov edi, ecx   
mov ebx, ecx   
not edi   
and edi, esi   
and ebx, eax   
or edi, ebx   
mov ebx, ecx   
add edi, ebp   
mov ebp, [esp+50h+var_24]   
lea edi, [edi+edx-57CFB9EDh]   
mov edx, edi   
shl edi, 11h   
shr edx, 0Fh   
or edx, edi   
add edx, ecx   
mov edi, edx   
and ebx, edx   
not edi   
and edi, eax   
or edi, ebx   
mov ebx, edx   
add edi, ebp   
mov ebp, [esp+50h+var_20]   
lea edi, [edi+esi-2B96AFFh]   
mov esi, edi   
shl esi, 16h   
shr edi, 0Ah   
or esi, edi   
add esi, edx   
mov edi, esi   
and ebx, esi   
not edi   
and edi, ecx   
or edi, ebx   
mov ebx, esi   
add edi, ebp   
mov ebp, [esp+50h+var_1C]   
lea edi, [edi+eax+698098D8h]   
mov eax, edi   
shr eax, 19h   
shl edi, 7   
or eax, edi   
add eax, esi   
mov edi, eax   
and ebx, eax   
not edi   
and edi, edx   
or edi, ebx   
add edi, ebp   
mov ebp, [esp+50h+var_18]   
lea edi, [edi+ecx-74BB0851h]   
mov ecx, edi   
shr ecx, 14h   
shl edi, 0Ch   
or ecx, edi   
add ecx, eax   
mov edi, ecx   
mov ebx, ecx   
not edi   
and edi, esi   
and ebx, eax   
or edi, ebx   
mov ebx, ecx   
add edi, ebp   
lea edi, [edi+edx-0A44Fh]   
mov edx, edi   
shr edx, 0Fh   
shl edi, 11h   
or edx, edi   
add edx, ecx   
mov edi, edx   
not edi   
and edi, eax   
mov ebp, [esp+50h+var_14]   
and ebx, edx   
or edi, ebx   
mov ebx, edx   
add edi, ebp   
mov ebp, [esp+50h+var_10]   
lea edi, [edi+esi-76A32842h]   
mov esi, edi   
shl esi, 16h   
shr edi, 0Ah   
or esi, edi   
add esi, edx   
mov edi, esi   
and ebx, esi   
not edi   
and edi, ecx   
or edi, ebx   
mov ebx, esi   
add edi, ebp   
mov ebp, [esp+50h+var_C]   
lea edi, [edi+eax+6B901122h]   
mov eax, edi   
shr eax, 19h   
shl edi, 7   
or eax, edi   
add eax, esi   
mov edi, eax   
and ebx, eax   
not edi   
and edi, edx   
or edi, ebx   
add edi, ebp   
lea edi, [edi+ecx-2678E6Dh]   
mov ecx, edi   
shr ecx, 14h   
shl edi, 0Ch   
or ecx, edi   
add ecx, eax   
mov edi, ecx   
mov ebp, ecx   
not edi   
mov ebx, edi   
and ebp, eax   
and ebx, esi   
or ebx, ebp   
mov ebp, [esp+50h+var_8]   
add ebx, ebp   
mov ebp, ecx   
lea ebx, [ebx+edx-5986BC72h]   
mov edx, ebx   
shr edx, 0Fh   
shl ebx, 11h   
or edx, ebx   
add edx, ecx   
mov ebx, edx   
and ebp, edx   
not ebx   
mov [esp+50h+arg_4], ebx   
and ebx, eax   
or ebx, ebp   
mov ebp, [esp+50h+var_4]   
add ebx, ebp   
and edi, edx   
lea ebx, [ebx+esi+49B40821h]   
mov esi, ebx   
shl esi, 16h   
shr ebx, 0Ah   
or esi, ebx   
mov ebx, ecx   
add esi, edx   
and ebx, esi   
or edi, ebx   
mov ebx, [esp+50h+var_3C]   
add edi, ebx   
lea edi, [edi+eax-9E1DA9Eh]   
mov eax, edi   
shr eax, 1Bh   
shl edi, 5   
or eax, edi   
mov edi, [esp+50h+arg_4]   
add eax, esi   
mov ebx, edx   
and edi, esi   
and ebx, eax   
or edi, ebx   
mov ebx, [esp+50h+var_28]   
add edi, ebx   
lea edi, [edi+ecx-3FBF4CC0h]   
mov ecx, edi   
shl edi, 9   
shr ecx, 17h   
or ecx, edi   
mov edi, esi   
add ecx, eax   
not edi   
mov ebx, ecx   
and edi, eax   
and ebx, esi   
or edi, ebx   
mov ebx, [esp+50h+var_14]   
add edi, ebx   
lea edi, [edi+edx+265E5A51h]   
mov edx, edi   
shr edx, 12h   
shl edi, 0Eh   
or edx, edi   
mov edi, eax   
add edx, ecx   
not edi   
mov ebx, edx   
and edi, ecx   
and ebx, eax   
or edi, ebx   
mov ebx, [esp+50h+var_40]   
add edi, ebx   
mov ebx, ecx   
lea edi, [edi+esi-16493856h]   
mov esi, edi   
shl esi, 14h   
shr edi, 0Ch   
or esi, edi   
mov edi, ecx   
add esi, edx   
not edi   
and edi, edx   
and ebx, esi   
or edi, ebx   
mov ebx, [esp+50h+var_2C]   
add edi, ebx   
mov ebx, edx   
lea edi, [edi+eax-29D0EFA3h]   
mov eax, edi   
shr eax, 1Bh   
shl edi, 5   
or eax, edi   
mov edi, edx   
add eax, esi   
not edi   
and edi, esi   
and ebx, eax   
or edi, ebx   
mov ebx, [esp+50h+var_18]   
add edi, ebx   
lea edi, [edi+ecx+2441453h]   
mov ecx, edi   
shr ecx, 17h   
shl edi, 9   
or ecx, edi   
mov edi, esi   
add ecx, eax   
not edi   
mov ebx, ecx   
and edi, eax   
and ebx, esi   
or edi, ebx   
add edi, ebp   
lea edi, [edi+edx-275E197Fh]   
mov edx, edi   
shr edx, 12h   
shl edi, 0Eh   
or edx, edi   
add edx, ecx   
mov edi, eax   
mov ebx, edx   
not edi   
and edi, ecx   
and ebx, eax   
or edi, ebx   
mov ebx, [esp+50h+var_30]   
add edi, ebx   
mov ebx, ecx   
lea edi, [edi+esi-182C0438h]   
mov esi, edi   
shr edi, 0Ch   
shl esi, 14h   
or esi, edi   
mov edi, ecx   
not edi   
add esi, edx   
and edi, edx   
and ebx, esi   
or edi, ebx   
mov ebx, [esp+50h+var_1C]   
add edi, ebx   
mov ebx, edx   
lea edi, [edi+eax+21E1CDE6h]   
mov eax, edi   
shr eax, 1Bh   
shl edi, 5   
or eax, edi   
mov edi, edx   
add eax, esi   
not edi   
and edi, esi   
and ebx, eax   
or edi, ebx   
mov ebx, [esp+50h+var_8]   
add edi, ebx   
lea edi, [edi+ecx-3CC8F82Ah]   
mov ecx, edi   
shr ecx, 17h   
shl edi, 9   
or ecx, edi   
mov edi, esi   
add ecx, eax   
not edi   
mov ebx, ecx   
and edi, eax   
and ebx, esi   
or edi, ebx   
mov ebx, [esp+50h+var_34]   
add edi, ebx   
lea edi, [edi+edx-0B2AF279h]   
mov edx, edi   
shr edx, 12h   
shl edi, 0Eh   
or edx, edi   
mov edi, eax   
add edx, ecx   
not edi   
mov ebx, edx   
and edi, ecx   
and ebx, eax   
or edi, ebx   
mov ebx, [esp+50h+var_20]   
add edi, ebx   
mov ebx, ecx   
lea edi, [edi+esi+455A14EDh]   
mov esi, edi   
shl esi, 14h   
shr edi, 0Ch   
or esi, edi   
mov edi, ecx   
add esi, edx   
not edi   
and edi, edx   
and ebx, esi   
or edi, ebx   
mov ebx, [esp+50h+var_C]   
add edi, ebx   
lea edi, [edi+eax-561C16FBh]   
mov eax, edi   
shr eax, 1Bh   
shl edi, 5   
or eax, edi   
mov edi, edx   
not edi   
add eax, esi   
mov ebx, edx   
and edi, esi   
and ebx, eax   
or edi, ebx   
mov ebx, [esp+50h+var_38]   
add edi, ebx   
lea edi, [edi+ecx-3105C08h]   
mov ecx, edi   
shr ecx, 17h   
shl edi, 9   
or ecx, edi   
mov edi, esi   
add ecx, eax   
not edi   
mov ebx, ecx   
and edi, eax   
and ebx, esi   
or edi, ebx   
mov ebx, [esp+50h+var_24]   
add edi, ebx   
lea edi, [edi+edx+676F02D9h]   
mov edx, edi   
shr edx, 12h   
shl edi, 0Eh   
or edx, edi   
mov edi, eax   
add edx, ecx   
not edi   
mov ebx, edx   
and edi, ecx   
and ebx, eax   
or edi, ebx   
mov ebx, [esp+50h+var_10]   
add edi, ebx   
mov ebx, [esp+50h+var_2C]   
lea edi, [edi+esi-72D5B376h]   
mov esi, edi   
shl esi, 14h   
shr edi, 0Ch   
or esi, edi   
mov edi, ecx   
add esi, edx   
xor edi, edx   
xor edi, esi   
add edi, ebx   
mov ebx, [esp+50h+var_20]   
lea edi, [edi+eax-5C6BEh]   
mov eax, edi   
shr eax, 1Ch   
shl edi, 4   
or eax, edi   
mov edi, edx   
add eax, esi   
xor edi, esi   
xor edi, eax   
add edi, ebx   
mov ebx, [esp+50h+var_14]   
lea ecx, [edi+ecx-788E097Fh]   
mov edi, ecx   
shr edi, 15h   
shl ecx, 0Bh   
or edi, ecx   
add edi, eax   
mov ecx, edi   
xor ecx, esi   
xor ecx, eax   
add ecx, ebx   
mov ebx, edi   
lea ecx, [ecx+edx+6D9D6122h]   
mov edx, ecx   
shr edx, 10h   
shl ecx, 10h   
or edx, ecx   
add edx, edi   
xor ebx, edx   
mov ecx, ebx   
xor ecx, eax   
add ecx, [esp+50h+var_8]   
lea esi, [ecx+esi-21AC7F4h]   
mov ecx, esi   
shl ecx, 17h   
shr esi, 9   
or ecx, esi   
mov esi, [esp+50h+var_3C]   
add ecx, edx   
xor ebx, ecx   
add ebx, esi   
mov esi, edx   
xor esi, ecx   
lea ebx, [ebx+eax-5B4115BCh]   
mov eax, ebx   
shr eax, 1Ch   
shl ebx, 4   
or eax, ebx   
mov ebx, [esp+50h+var_30]   
add eax, ecx   
xor esi, eax   
add esi, ebx   
mov ebx, [esp+50h+var_24]   
lea edi, [esi+edi+4BDECFA9h]   
mov esi, edi   
shr esi, 15h   
shl edi, 0Bh   
or esi, edi   
add esi, eax   
mov edi, esi   
xor edi, ecx   
xor edi, eax   
add edi, ebx   
lea edi, [edi+edx-944B4A0h]   
mov edx, edi   
shr edx, 10h   
shl edi, 10h   
or edx, edi   
mov edi, esi   
add edx, esi   
xor edi, edx   
mov ebx, edi   
xor ebx, eax   
add ebx, [esp+50h+var_18]   
lea ebx, [ebx+ecx-41404390h]   
mov ecx, ebx   
shl ecx, 17h   
shr ebx, 9   
or ecx, ebx   
mov ebx, [esp+50h+var_C]   
add ecx, edx   
xor edi, ecx   
add edi, ebx   
mov ebx, [esp+50h+var_40]   
lea edi, [edi+eax+289B7EC6h]   
mov eax, edi   
shr eax, 1Ch   
shl edi, 4   
or eax, edi   
mov edi, edx   
add eax, ecx   
xor edi, ecx   
xor edi, eax   
add edi, ebx   
mov ebx, [esp+50h+var_34]   
lea edi, [edi+esi-155ED806h]   
mov esi, edi   
shr esi, 15h   
shl edi, 0Bh   
or esi, edi   
add esi, eax   
mov edi, esi   
xor edi, ecx   
xor edi, eax   
add edi, ebx   
lea edx, [edi+edx-2B10CF7Bh]   
mov edi, edx   
shr edi, 10h   
shl edx, 10h   
or edi, edx   
add edi, esi   
mov edx, esi   
xor edx, edi   
mov ebx, edx   
xor ebx, eax   
add ebx, [esp+50h+var_28]   
lea ebx, [ebx+ecx+4881D05h]   
mov ecx, ebx   
shl ecx, 17h   
shr ebx, 9   
or ecx, ebx   
mov ebx, [esp+50h+var_1C]   
add ecx, edi   
xor edx, ecx   
add edx, ebx   
mov ebx, [esp+50h+var_10]   
lea edx, [edx+eax-262B2FC7h]   
mov eax, edx   
shr eax, 1Ch   
shl edx, 4   
or eax, edx   
mov edx, edi   
add eax, ecx   
xor edx, ecx   
xor edx, eax   
add edx, ebx   
mov ebx, [esp+50h+var_38]   
lea esi, [edx+esi-1924661Bh]   
mov edx, esi   
shr edx, 15h   
shl esi, 0Bh   
or edx, esi   
add edx, eax   
mov esi, edx   
xor esi, ecx   
xor esi, eax   
add esi, ebp   
lea edi, [esi+edi+1FA27CF8h]   
mov esi, edi   
shr esi, 10h   
shl edi, 10h   
or esi, edi   
mov edi, edx   
add esi, edx   
xor edi, esi   
xor edi, eax   
add edi, ebx   
mov ebx, [esp+50h+var_40]   
lea edi, [edi+ecx-3B53A99Bh]   
mov ecx, edi   
shl ecx, 17h   
shr edi, 9   
or ecx, edi   
mov edi, edx   
add ecx, esi   
not edi   
or edi, ecx   
xor edi, esi   
add edi, ebx   
mov ebx, [esp+50h+var_24]   
lea edi, [edi+eax-0BD6DDBCh]   
mov eax, edi   
shr eax, 1Ah   
shl edi, 6   
or eax, edi   
mov edi, esi   
add eax, ecx   
not edi   
or edi, eax   
xor edi, ecx   
add edi, ebx   
mov ebx, [esp+50h+var_8]   
lea edi, [edi+edx+432AFF97h]   
mov edx, edi   
shr edx, 16h   
shl edi, 0Ah   
or edx, edi   
mov edi, ecx   
add edx, eax   
not edi   
or edi, edx   
xor edi, eax   
add edi, ebx   
mov ebx, [esp+50h+var_2C]   
lea edi, [edi+esi-546BDC59h]   
mov esi, edi   
shl edi, 0Fh   
shr esi, 11h   
or esi, edi   
mov edi, eax   
not edi   
add esi, edx   
or edi, esi   
xor edi, edx   
add edi, ebx   
mov ebx, [esp+50h+var_10]   
lea edi, [edi+ecx-36C5FC7h]   
mov ecx, edi   
shr edi, 0Bh   
shl ecx, 15h   
or ecx, edi   
mov edi, edx   
not edi   
add ecx, esi   
or edi, ecx   
xor edi, esi   
add edi, ebx   
mov ebx, [esp+50h+var_34]   
lea edi, [edi+eax+655B59C3h]   
mov eax, edi   
shl edi, 6   
shr eax, 1Ah   
or eax, edi   
mov edi, esi   
add eax, ecx   
not edi   
or edi, eax   
xor edi, ecx   
add edi, ebx   
mov ebx, [esp+50h+var_18]   
lea edi, [edi+edx-70F3336Eh]   
mov edx, edi   
shr edx, 16h   
shl edi, 0Ah   
or edx, edi   
mov edi, ecx   
add edx, eax   
not edi   
or edi, edx   
xor edi, eax   
add edi, ebx   
mov ebx, [esp+50h+var_3C]   
lea edi, [edi+esi-100B83h]   
mov esi, edi   
shr esi, 11h   
shl edi, 0Fh   
or esi, edi   
mov edi, eax   
add esi, edx   
not edi   
or edi, esi   
xor edi, edx   
add edi, ebx   
mov ebx, [esp+50h+var_20]   
lea edi, [edi+ecx-7A7BA22Fh]   
mov ecx, edi   
shl ecx, 15h   
shr edi, 0Bh   
or ecx, edi   
mov edi, edx   
add ecx, esi   
not edi   
or edi, ecx   
xor edi, esi   
add edi, ebx   
lea edi, [edi+eax+6FA87E4Fh]   
mov eax, edi   
shr eax, 1Ah   
shl edi, 6   
or eax, edi   
mov edi, esi   
add eax, ecx   
not edi   
or edi, eax   
mov ebx, [esp+50h+var_1C]   
xor edi, ecx   
add edi, ebp   
mov ebp, [esp+50h+var_28]   
lea edi, [edi+edx-1D31920h]   
mov edx, edi   
shl edi, 0Ah   
shr edx, 16h   
or edx, edi   
mov edi, ecx   
not edi   
add edx, eax   
or edi, edx   
xor edi, eax   
add edi, ebp   
mov ebp, [esp+50h+var_C]   
lea edi, [edi+esi-5CFEBCECh]   
mov esi, edi   
shl edi, 0Fh   
shr esi, 11h   
or esi, edi   
mov edi, eax   
add esi, edx   
not edi   
or edi, esi   
xor edi, edx   
add edi, ebp   
mov ebp, [esp+50h+var_30]   
lea edi, [edi+ecx+4E0811A1h]   
mov ecx, edi   
shl ecx, 15h   
shr edi, 0Bh   
or ecx, edi   
mov edi, edx   
add ecx, esi   
not edi   
or edi, ecx   
xor edi, esi   
add edi, ebp   
mov ebp, [esp+50h+var_14]   
lea edi, [edi+eax-8AC817Eh]   
mov eax, edi   
shr eax, 1Ah   
shl edi, 6   
or eax, edi   
mov edi, esi   
add eax, ecx   
not edi   
or edi, eax   
xor edi, ecx   
add edi, ebp   
mov ebp, [esp+50h+var_38]   
lea edi, [edi+edx-42C50DCBh]   
mov edx, edi   
shr edx, 16h   
shl edi, 0Ah   
or edx, edi   
mov edi, ecx   
add edx, eax   
not edi   
or edi, edx   
xor edi, eax   
add edi, ebp   
lea esi, [edi+esi+2AD7D2BBh]   
mov edi, esi   
shr edi, 11h   
shl esi, 0Fh   
or edi, esi   
mov esi, eax   
add edi, edx   
not esi   
or esi, edi   
xor esi, edx   
add esi, ebx   
lea ecx, [esi+ecx-14792C6Fh]   
mov esi, [esp+50h+arg_0]   
mov ebx, [esi+8]   
add ebx, eax   
mov eax, ecx   
mov [esi+8], ebx   
mov ebx, [esi+0Ch]   
shl eax, 15h   
shr ecx, 0Bh   
or eax, ecx   
add eax, ebx   
add eax, edi   
mov [esi+0Ch], eax   
mov eax, [esi+10h]   
add eax, edi   
pop edi   
mov [esi+10h], eax   
mov eax, [esi+14h]   
add eax, edx   
mov [esi+14h], eax   
pop esi   
pop ebp   
pop ebx   
add esp, 40h   
retn   
}   
}   
  
void my_DD6C70_ex( void *Key, const TCHAR *String, ULONG Length )   
{   
ULONG Iter;   
ULONG Count;   
ULONG Eax;   
LONG Edx;   
ULONG *Ebx;   
const TCHAR *Esi;   
ULONG Edi;   
ULONG Ecx;   
  
Edx = Length;   
Ebx = ( ULONG* )Key;   
Esi = String;   
Eax = ( Ebx[0] >> 3 ) & 0x3F;   
Edi = Edx;   
Ecx = Edx * 8;   
Ebx[0] += Ecx;   
Ebx[1] += ( Edx >> 0x1D );   
if ( Ebx[0] < Ecx )   
Ebx[1]++;   
  
if ( Eax )   
{   
/*  
Length = ( 55 - x ) % 64 + 1;  
Ecx = Length + x = ( 55 - x ) % 64 + 1 + x = 56 + 64 * n;  
0 <= 64 * n + 55 - x < 64;  
( x - 55 ) / 64 <= n < ( x + 7 ) / 64;  
*/  
Ecx = Eax + Edx;   
if ( Ecx > 0x40 )   
{   
/* n >= 1, x >= 119; */  
Ecx = 0x40 - Eax;   
}   
else  
{   
/* n = 0, 4 < x <= 55 */  
Ecx = Edx;   
}   
Length = Ecx;   
memcpy( Eax + ( TCHAR* )Ebx + 24, Esi, Ecx );   
Eax += Ecx;   
if ( Eax < 0x40 )   
return;   
  
Edi = Edx - Ecx;   
Esi = Ecx + String;   
my_DD6D40( Ebx, ( TCHAR* )Ebx + 24 );   
}   
  
if ( Edi >= 0x40 )   
{   
Count = ( Edi >> 6 );   
Edi += ( 0 - Count ) << 6;   
  
for ( Iter = 0; Iter < Count; Iter++ )   
{   
my_DD6D40( Ebx, Esi );   
Esi += 0x40;   
}   
}   
  
if ( Edi )   
memcpy( ( TCHAR* )Ebx + 24, Esi, Edi );   
}   
  
void my_DD7650_ex( void *Key, TCHAR *Buffer )   
{   
register LONG Iter;   
register ULONG *Esi;   
UCHAR Var[8];   
  
Esi = ( ULONG* )Key;   
for ( Iter = 0; Iter < 8; Iter++ )   
Var[Iter] = ( UCHAR )( Esi[( Iter >> 2 )] >> ( ( Iter & 3 ) << 3 ) );   
  
/* ( 55 - x ) % 64 + 1 */  
my_DD6C70_ex( Esi, ( TCHAR* )0xE84530, ( ( - 9 - ( Esi[0] >> 3 ) ) & 0x3F ) + 1 );   
my_DD6C70_ex( Esi, Var, 8 );   
  
for ( Iter = 0; Iter < 16; Iter++ )   
Buffer[Iter] = ( UCHAR )( Esi[( Iter >> 2 ) + 2] >> ( ( Iter & 3 ) << 3 ) );   
}   
  
void obfuscate_name( zend_function *Function, TCHAR *Buffer, const TCHAR *String, ULONG Length )   
{   
zval ArgVal;   
zval *RetValue;   
zval *RetValuePtr;   
void *Dummy;   
  
TSRMLS_FETCH( );   
  
INIT_PZVAL( &ArgVal );   
ArgVal.type = IS_STRING;   
ArgVal.value.str.val = ( TCHAR* )String;   
ArgVal.value.str.len = Length;   
zend_ptr_stack_push( &GET_GS( )->GExecutor->argument_stack, &ArgVal );   
zend_ptr_stack_n_push( &GET_GS( )->GExecutor->argument_stack, 2, 1, NULL );   
zend_ptr_stack_n_push( &GET_GS( )->GExecutor->arg_types_stack, 3, NULL, NULL, NULL );   
  
ALLOC_ZVAL( RetValue );   
INIT_ZVAL( *RetValue );   
  
if ( GET_GS( )->ExtensionId < EXTENSION_ID_2 )   
( ( HANDLER_1 )Function->internal_function.handler )( 1, RetValue, NULL, TRUE TSRMLS_CC );   
else  
( ( HANDLER_2 )Function->internal_function.handler )( 1, RetValue, &RetValuePtr, NULL, TRUE TSRMLS_CC );   
  
RetValue->is_ref = 0;   
RetValue->refcount = 1;   
_tcscpy( Buffer, RetValue->value.str.val );   
zval_ptr_dtor( &RetValue );   
  
zend_ptr_stack_n_pop( &GET_GS( )->GExecutor->argument_stack, 3, &Dummy, &Dummy, &Dummy );   
zend_ptr_stack_n_pop( &GET_GS( )->GExecutor->arg_types_stack, 3, &Dummy, &Dummy, &Dummy );   
}   
  
void obfuscate_class_name_ex( TCHAR *Obfuscate, const TCHAR *String, ULONG Length )   
{   
register ULONG Iter;   
register ULONG Count;   
register TCHAR *In;   
register TCHAR *Out;   
register ULONG Eax;   
UCHAR UseKey[SMALL_BUFFER_SIZE];   
UCHAR Buffer[SMALL_BUFFER_SIZE];   
const TCHAR LegecyCharSet[] = _T( "0123456789_abcdefghijklmnopqrstuvwxyz" );   
  
do  
{   
if ( *String == _T( '\0' ) )   
{   
String++;   
Length--;   
}   
  
if ( Length == 0 )   
break;   
  
Out = Obfuscate;   
if ( Length <= 4 )   
{   
_tcscpy( Buffer, String );   
for ( Iter = 0, Count = Length, In = Buffer; Iter < Count; Iter++ )   
{   
if ( In[Iter] == 0x7A )   
In[Iter] = 0x5A;   
Eax = my_DDCE30_ex( In, Count );   
*Out++ = In[Iter] = LegecyCharSet[Eax % ( SIZE_OF_ARRAY( LegecyCharSet ) - 1 )];   
}   
}   
else  
{   
Out = Obfuscate;   
memcpy( UseKey, Key, sizeof( Key ) );   
my_DD6C70_ex( UseKey, String, Length );   
my_DD7650_ex( UseKey, Buffer );   
  
for ( Iter = 0, Count = Length, In = ( TCHAR* )String; Iter < Count; Iter++ )   
{   
Eax = Iter + 2;   
Eax &= 0x8000000F;   
if ( ( LONG )Eax < 0 )   
{   
Eax--;   
Eax |= 0xFFFFFFF0;   
Eax++;   
}   
Eax = Buffer[Eax];   
Eax ^= *( ( UCHAR* )In );   
In++;   
*Out++ = LegecyCharSet[Eax % ( SIZE_OF_ARRAY( LegecyCharSet ) - 1 )];   
}   
}   
*Out = _T( '\0' );   
} while ( 0 );   
}   
  
void obfuscate_function_name_ex( TCHAR *Obfuscate, const TCHAR *String, ULONG Length )   
{   
register ULONG Iter;   
register ULONG Count;   
register TCHAR *In;   
register TCHAR *Out;   
register ULONG Eax;   
UCHAR UseKey[SMALL_BUFFER_SIZE];   
UCHAR Buffer[SMALL_BUFFER_SIZE];   
  
do  
{   
if ( *String == _T( '\0' ) )   
{   
String++;   
Length--;   
}   
  
if ( Length == 0 )   
break;   
  
Out = Obfuscate;   
if ( Length <= 4 )   
{   
_tcscpy( Buffer, String );   
for ( Iter = 0, Count = Length, In = Buffer; Iter < Count; Iter++ )   
{   
Eax = my_DDCE30_ex( In, Count ) & 0x7F;   
if ( Eax == 0 )   
Eax++;   
else if ( Eax == 0x3A )   
Eax++;   
*Out++ = In[Iter] = ( TCHAR )Eax;   
}   
}   
else  
{   
memcpy( UseKey, Key, sizeof( Key ) );   
my_DD6C70_ex( UseKey, String, Length );   
my_DD7650_ex( UseKey, Buffer );   
  
for ( Iter = 0, Count = Length, In = ( TCHAR* )String; Iter < Count; Iter++ )   
{   
Eax = Iter + 1;   
Eax &= 0x8000000F;   
if ( ( LONG )Eax < 0 )   
{   
Eax--;   
Eax |= 0xFFFFFFF0;   
Eax++;   
}   
Eax = Buffer[Eax];   
Eax ^= *( ( UCHAR* )In );   
Eax &= 0x8000007F;   
if ( ( LONG )Eax < 0 )   
{   
Eax--;   
Eax |= 0xFFFFFF80;   
Eax++;   
}   
if ( Eax == 0 )   
Eax++;   
else if ( Eax == 0x3A )   
Eax++;   
In++;   
*Out++ = ( TCHAR )Eax;   
}   
}   
*Out = _T( '\0' );   
} while( 0 );   
}  

 

  • Unique Post

相关阅读

评论被关闭