const UCHAR Key[24] = {
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF,
0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10
};
ULONG my_DDCE30_ex( const TCHAR *String, ULONG Length )
{
register ULONG RetCode;
register ULONG Iter;
register ULONG Count;
RetCode = 0x1505;
Count = Length;
for ( Iter = 0; Iter < Count; Iter++ )
RetCode = String[Iter] + ( RetCode << 5 ) + RetCode;
return RetCode;
}
__declspec( naked ) void my_DD6D40( void *Buffer, const TCHAR *String )
{
#define var_40 -0x40
#define var_3C -0x3C
#define var_38 -0x38
#define var_34 -0x34
#define var_30 -0x30
#define var_2C -0x2C
#define var_28 -0x28
#define var_24 -0x24
#define var_20 -0x20
#define var_1C -0x1C
#define var_18 -0x18
#define var_14 -0x14
#define var_10 -0x10
#define var_C -0x0C
#define var_8 -8
#define var_4 -4
#define arg_0 4
#define arg_4 8
__asm
{
mov ecx, [esp+arg_4]
mov eax, [esp+arg_0]
sub esp, 40h
add ecx, 2
push ebx
push ebp
push esi
push edi
lea esi, [esp+50h+var_40]
mov edi, 10h
loc_DD6D5B :
xor edx, edx
xor ebx, ebx
mov dl, [ecx+1]
mov bl, [ecx]
shl edx, 8
add edx, ebx
xor ebx, ebx
mov bl, [ecx-1]
add esi, 4
shl edx, 8
add edx, ebx
xor ebx, ebx
mov bl, [ecx-2]
add ecx, 4
shl edx, 8
add edx, ebx
dec edi
mov [esi-4], edx
jnz short loc_DD6D5B
mov esi, [eax+0Ch]
mov edi, [eax+10h]
mov edx, [eax+14h]
mov ebp, [esp+50h+var_40]
mov ecx, esi
mov eax, [eax+8]
not ecx
mov ebx, edi
and ecx, edx
and ebx, esi
or ecx, ebx
mov ebx, esi
add ecx, ebp
mov ebp, [esp+50h+var_3C]
lea ecx, [ecx+eax-28955B88h]
mov eax, ecx
shr eax, 19h
shl ecx, 7
or eax, ecx
add eax, esi
mov ecx, eax
and ebx, eax
not ecx
and ecx, edi
or ecx, ebx
add ecx, ebp
mov ebp, [esp+50h+var_38]
lea edx, [ecx+edx-173848AAh]
mov ecx, edx
shr ecx, 14h
shl edx, 0Ch
or ecx, edx
add ecx, eax
mov edx, ecx
mov ebx, ecx
not edx
and edx, esi
and ebx, eax
or edx, ebx
mov ebx, ecx
add edx, ebp
mov ebp, [esp+50h+var_34]
lea edi, [edx+edi+242070DBh]
mov edx, edi
shr edx, 0Fh
shl edi, 11h
or edx, edi
add edx, ecx
mov edi, edx
and ebx, edx
not edi
and edi, eax
or edi, ebx
mov ebx, edx
add edi, ebp
mov ebp, [esp+50h+var_30]
lea edi, [edi+esi-3E423112h]
mov esi, edi
shl esi, 16h
shr edi, 0Ah
or esi, edi
add esi, edx
mov edi, esi
and ebx, esi
not edi
and edi, ecx
or edi, ebx
mov ebx, esi
add edi, ebp
mov ebp, [esp+50h+var_2C]
lea edi, [edi+eax-0A83F051h]
mov eax, edi
shr eax, 19h
shl edi, 7
or eax, edi
add eax, esi
mov edi, eax
and ebx, eax
not edi
and edi, edx
or edi, ebx
add edi, ebp
mov ebp, [esp+50h+var_28]
lea edi, [edi+ecx+4787C62Ah]
mov ecx, edi
shl edi, 0Ch
shr ecx, 14h
or ecx, edi
add ecx, eax
mov edi, ecx
mov ebx, ecx
not edi
and edi, esi
and ebx, eax
or edi, ebx
mov ebx, ecx
add edi, ebp
mov ebp, [esp+50h+var_24]
lea edi, [edi+edx-57CFB9EDh]
mov edx, edi
shl edi, 11h
shr edx, 0Fh
or edx, edi
add edx, ecx
mov edi, edx
and ebx, edx
not edi
and edi, eax
or edi, ebx
mov ebx, edx
add edi, ebp
mov ebp, [esp+50h+var_20]
lea edi, [edi+esi-2B96AFFh]
mov esi, edi
shl esi, 16h
shr edi, 0Ah
or esi, edi
add esi, edx
mov edi, esi
and ebx, esi
not edi
and edi, ecx
or edi, ebx
mov ebx, esi
add edi, ebp
mov ebp, [esp+50h+var_1C]
lea edi, [edi+eax+698098D8h]
mov eax, edi
shr eax, 19h
shl edi, 7
or eax, edi
add eax, esi
mov edi, eax
and ebx, eax
not edi
and edi, edx
or edi, ebx
add edi, ebp
mov ebp, [esp+50h+var_18]
lea edi, [edi+ecx-74BB0851h]
mov ecx, edi
shr ecx, 14h
shl edi, 0Ch
or ecx, edi
add ecx, eax
mov edi, ecx
mov ebx, ecx
not edi
and edi, esi
and ebx, eax
or edi, ebx
mov ebx, ecx
add edi, ebp
lea edi, [edi+edx-0A44Fh]
mov edx, edi
shr edx, 0Fh
shl edi, 11h
or edx, edi
add edx, ecx
mov edi, edx
not edi
and edi, eax
mov ebp, [esp+50h+var_14]
and ebx, edx
or edi, ebx
mov ebx, edx
add edi, ebp
mov ebp, [esp+50h+var_10]
lea edi, [edi+esi-76A32842h]
mov esi, edi
shl esi, 16h
shr edi, 0Ah
or esi, edi
add esi, edx
mov edi, esi
and ebx, esi
not edi
and edi, ecx
or edi, ebx
mov ebx, esi
add edi, ebp
mov ebp, [esp+50h+var_C]
lea edi, [edi+eax+6B901122h]
mov eax, edi
shr eax, 19h
shl edi, 7
or eax, edi
add eax, esi
mov edi, eax
and ebx, eax
not edi
and edi, edx
or edi, ebx
add edi, ebp
lea edi, [edi+ecx-2678E6Dh]
mov ecx, edi
shr ecx, 14h
shl edi, 0Ch
or ecx, edi
add ecx, eax
mov edi, ecx
mov ebp, ecx
not edi
mov ebx, edi
and ebp, eax
and ebx, esi
or ebx, ebp
mov ebp, [esp+50h+var_8]
add ebx, ebp
mov ebp, ecx
lea ebx, [ebx+edx-5986BC72h]
mov edx, ebx
shr edx, 0Fh
shl ebx, 11h
or edx, ebx
add edx, ecx
mov ebx, edx
and ebp, edx
not ebx
mov [esp+50h+arg_4], ebx
and ebx, eax
or ebx, ebp
mov ebp, [esp+50h+var_4]
add ebx, ebp
and edi, edx
lea ebx, [ebx+esi+49B40821h]
mov esi, ebx
shl esi, 16h
shr ebx, 0Ah
or esi, ebx
mov ebx, ecx
add esi, edx
and ebx, esi
or edi, ebx
mov ebx, [esp+50h+var_3C]
add edi, ebx
lea edi, [edi+eax-9E1DA9Eh]
mov eax, edi
shr eax, 1Bh
shl edi, 5
or eax, edi
mov edi, [esp+50h+arg_4]
add eax, esi
mov ebx, edx
and edi, esi
and ebx, eax
or edi, ebx
mov ebx, [esp+50h+var_28]
add edi, ebx
lea edi, [edi+ecx-3FBF4CC0h]
mov ecx, edi
shl edi, 9
shr ecx, 17h
or ecx, edi
mov edi, esi
add ecx, eax
not edi
mov ebx, ecx
and edi, eax
and ebx, esi
or edi, ebx
mov ebx, [esp+50h+var_14]
add edi, ebx
lea edi, [edi+edx+265E5A51h]
mov edx, edi
shr edx, 12h
shl edi, 0Eh
or edx, edi
mov edi, eax
add edx, ecx
not edi
mov ebx, edx
and edi, ecx
and ebx, eax
or edi, ebx
mov ebx, [esp+50h+var_40]
add edi, ebx
mov ebx, ecx
lea edi, [edi+esi-16493856h]
mov esi, edi
shl esi, 14h
shr edi, 0Ch
or esi, edi
mov edi, ecx
add esi, edx
not edi
and edi, edx
and ebx, esi
or edi, ebx
mov ebx, [esp+50h+var_2C]
add edi, ebx
mov ebx, edx
lea edi, [edi+eax-29D0EFA3h]
mov eax, edi
shr eax, 1Bh
shl edi, 5
or eax, edi
mov edi, edx
add eax, esi
not edi
and edi, esi
and ebx, eax
or edi, ebx
mov ebx, [esp+50h+var_18]
add edi, ebx
lea edi, [edi+ecx+2441453h]
mov ecx, edi
shr ecx, 17h
shl edi, 9
or ecx, edi
mov edi, esi
add ecx, eax
not edi
mov ebx, ecx
and edi, eax
and ebx, esi
or edi, ebx
add edi, ebp
lea edi, [edi+edx-275E197Fh]
mov edx, edi
shr edx, 12h
shl edi, 0Eh
or edx, edi
add edx, ecx
mov edi, eax
mov ebx, edx
not edi
and edi, ecx
and ebx, eax
or edi, ebx
mov ebx, [esp+50h+var_30]
add edi, ebx
mov ebx, ecx
lea edi, [edi+esi-182C0438h]
mov esi, edi
shr edi, 0Ch
shl esi, 14h
or esi, edi
mov edi, ecx
not edi
add esi, edx
and edi, edx
and ebx, esi
or edi, ebx
mov ebx, [esp+50h+var_1C]
add edi, ebx
mov ebx, edx
lea edi, [edi+eax+21E1CDE6h]
mov eax, edi
shr eax, 1Bh
shl edi, 5
or eax, edi
mov edi, edx
add eax, esi
not edi
and edi, esi
and ebx, eax
or edi, ebx
mov ebx, [esp+50h+var_8]
add edi, ebx
lea edi, [edi+ecx-3CC8F82Ah]
mov ecx, edi
shr ecx, 17h
shl edi, 9
or ecx, edi
mov edi, esi
add ecx, eax
not edi
mov ebx, ecx
and edi, eax
and ebx, esi
or edi, ebx
mov ebx, [esp+50h+var_34]
add edi, ebx
lea edi, [edi+edx-0B2AF279h]
mov edx, edi
shr edx, 12h
shl edi, 0Eh
or edx, edi
mov edi, eax
add edx, ecx
not edi
mov ebx, edx
and edi, ecx
and ebx, eax
or edi, ebx
mov ebx, [esp+50h+var_20]
add edi, ebx
mov ebx, ecx
lea edi, [edi+esi+455A14EDh]
mov esi, edi
shl esi, 14h
shr edi, 0Ch
or esi, edi
mov edi, ecx
add esi, edx
not edi
and edi, edx
and ebx, esi
or edi, ebx
mov ebx, [esp+50h+var_C]
add edi, ebx
lea edi, [edi+eax-561C16FBh]
mov eax, edi
shr eax, 1Bh
shl edi, 5
or eax, edi
mov edi, edx
not edi
add eax, esi
mov ebx, edx
and edi, esi
and ebx, eax
or edi, ebx
mov ebx, [esp+50h+var_38]
add edi, ebx
lea edi, [edi+ecx-3105C08h]
mov ecx, edi
shr ecx, 17h
shl edi, 9
or ecx, edi
mov edi, esi
add ecx, eax
not edi
mov ebx, ecx
and edi, eax
and ebx, esi
or edi, ebx
mov ebx, [esp+50h+var_24]
add edi, ebx
lea edi, [edi+edx+676F02D9h]
mov edx, edi
shr edx, 12h
shl edi, 0Eh
or edx, edi
mov edi, eax
add edx, ecx
not edi
mov ebx, edx
and edi, ecx
and ebx, eax
or edi, ebx
mov ebx, [esp+50h+var_10]
add edi, ebx
mov ebx, [esp+50h+var_2C]
lea edi, [edi+esi-72D5B376h]
mov esi, edi
shl esi, 14h
shr edi, 0Ch
or esi, edi
mov edi, ecx
add esi, edx
xor edi, edx
xor edi, esi
add edi, ebx
mov ebx, [esp+50h+var_20]
lea edi, [edi+eax-5C6BEh]
mov eax, edi
shr eax, 1Ch
shl edi, 4
or eax, edi
mov edi, edx
add eax, esi
xor edi, esi
xor edi, eax
add edi, ebx
mov ebx, [esp+50h+var_14]
lea ecx, [edi+ecx-788E097Fh]
mov edi, ecx
shr edi, 15h
shl ecx, 0Bh
or edi, ecx
add edi, eax
mov ecx, edi
xor ecx, esi
xor ecx, eax
add ecx, ebx
mov ebx, edi
lea ecx, [ecx+edx+6D9D6122h]
mov edx, ecx
shr edx, 10h
shl ecx, 10h
or edx, ecx
add edx, edi
xor ebx, edx
mov ecx, ebx
xor ecx, eax
add ecx, [esp+50h+var_8]
lea esi, [ecx+esi-21AC7F4h]
mov ecx, esi
shl ecx, 17h
shr esi, 9
or ecx, esi
mov esi, [esp+50h+var_3C]
add ecx, edx
xor ebx, ecx
add ebx, esi
mov esi, edx
xor esi, ecx
lea ebx, [ebx+eax-5B4115BCh]
mov eax, ebx
shr eax, 1Ch
shl ebx, 4
or eax, ebx
mov ebx, [esp+50h+var_30]
add eax, ecx
xor esi, eax
add esi, ebx
mov ebx, [esp+50h+var_24]
lea edi, [esi+edi+4BDECFA9h]
mov esi, edi
shr esi, 15h
shl edi, 0Bh
or esi, edi
add esi, eax
mov edi, esi
xor edi, ecx
xor edi, eax
add edi, ebx
lea edi, [edi+edx-944B4A0h]
mov edx, edi
shr edx, 10h
shl edi, 10h
or edx, edi
mov edi, esi
add edx, esi
xor edi, edx
mov ebx, edi
xor ebx, eax
add ebx, [esp+50h+var_18]
lea ebx, [ebx+ecx-41404390h]
mov ecx, ebx
shl ecx, 17h
shr ebx, 9
or ecx, ebx
mov ebx, [esp+50h+var_C]
add ecx, edx
xor edi, ecx
add edi, ebx
mov ebx, [esp+50h+var_40]
lea edi, [edi+eax+289B7EC6h]
mov eax, edi
shr eax, 1Ch
shl edi, 4
or eax, edi
mov edi, edx
add eax, ecx
xor edi, ecx
xor edi, eax
add edi, ebx
mov ebx, [esp+50h+var_34]
lea edi, [edi+esi-155ED806h]
mov esi, edi
shr esi, 15h
shl edi, 0Bh
or esi, edi
add esi, eax
mov edi, esi
xor edi, ecx
xor edi, eax
add edi, ebx
lea edx, [edi+edx-2B10CF7Bh]
mov edi, edx
shr edi, 10h
shl edx, 10h
or edi, edx
add edi, esi
mov edx, esi
xor edx, edi
mov ebx, edx
xor ebx, eax
add ebx, [esp+50h+var_28]
lea ebx, [ebx+ecx+4881D05h]
mov ecx, ebx
shl ecx, 17h
shr ebx, 9
or ecx, ebx
mov ebx, [esp+50h+var_1C]
add ecx, edi
xor edx, ecx
add edx, ebx
mov ebx, [esp+50h+var_10]
lea edx, [edx+eax-262B2FC7h]
mov eax, edx
shr eax, 1Ch
shl edx, 4
or eax, edx
mov edx, edi
add eax, ecx
xor edx, ecx
xor edx, eax
add edx, ebx
mov ebx, [esp+50h+var_38]
lea esi, [edx+esi-1924661Bh]
mov edx, esi
shr edx, 15h
shl esi, 0Bh
or edx, esi
add edx, eax
mov esi, edx
xor esi, ecx
xor esi, eax
add esi, ebp
lea edi, [esi+edi+1FA27CF8h]
mov esi, edi
shr esi, 10h
shl edi, 10h
or esi, edi
mov edi, edx
add esi, edx
xor edi, esi
xor edi, eax
add edi, ebx
mov ebx, [esp+50h+var_40]
lea edi, [edi+ecx-3B53A99Bh]
mov ecx, edi
shl ecx, 17h
shr edi, 9
or ecx, edi
mov edi, edx
add ecx, esi
not edi
or edi, ecx
xor edi, esi
add edi, ebx
mov ebx, [esp+50h+var_24]
lea edi, [edi+eax-0BD6DDBCh]
mov eax, edi
shr eax, 1Ah
shl edi, 6
or eax, edi
mov edi, esi
add eax, ecx
not edi
or edi, eax
xor edi, ecx
add edi, ebx
mov ebx, [esp+50h+var_8]
lea edi, [edi+edx+432AFF97h]
mov edx, edi
shr edx, 16h
shl edi, 0Ah
or edx, edi
mov edi, ecx
add edx, eax
not edi
or edi, edx
xor edi, eax
add edi, ebx
mov ebx, [esp+50h+var_2C]
lea edi, [edi+esi-546BDC59h]
mov esi, edi
shl edi, 0Fh
shr esi, 11h
or esi, edi
mov edi, eax
not edi
add esi, edx
or edi, esi
xor edi, edx
add edi, ebx
mov ebx, [esp+50h+var_10]
lea edi, [edi+ecx-36C5FC7h]
mov ecx, edi
shr edi, 0Bh
shl ecx, 15h
or ecx, edi
mov edi, edx
not edi
add ecx, esi
or edi, ecx
xor edi, esi
add edi, ebx
mov ebx, [esp+50h+var_34]
lea edi, [edi+eax+655B59C3h]
mov eax, edi
shl edi, 6
shr eax, 1Ah
or eax, edi
mov edi, esi
add eax, ecx
not edi
or edi, eax
xor edi, ecx
add edi, ebx
mov ebx, [esp+50h+var_18]
lea edi, [edi+edx-70F3336Eh]
mov edx, edi
shr edx, 16h
shl edi, 0Ah
or edx, edi
mov edi, ecx
add edx, eax
not edi
or edi, edx
xor edi, eax
add edi, ebx
mov ebx, [esp+50h+var_3C]
lea edi, [edi+esi-100B83h]
mov esi, edi
shr esi, 11h
shl edi, 0Fh
or esi, edi
mov edi, eax
add esi, edx
not edi
or edi, esi
xor edi, edx
add edi, ebx
mov ebx, [esp+50h+var_20]
lea edi, [edi+ecx-7A7BA22Fh]
mov ecx, edi
shl ecx, 15h
shr edi, 0Bh
or ecx, edi
mov edi, edx
add ecx, esi
not edi
or edi, ecx
xor edi, esi
add edi, ebx
lea edi, [edi+eax+6FA87E4Fh]
mov eax, edi
shr eax, 1Ah
shl edi, 6
or eax, edi
mov edi, esi
add eax, ecx
not edi
or edi, eax
mov ebx, [esp+50h+var_1C]
xor edi, ecx
add edi, ebp
mov ebp, [esp+50h+var_28]
lea edi, [edi+edx-1D31920h]
mov edx, edi
shl edi, 0Ah
shr edx, 16h
or edx, edi
mov edi, ecx
not edi
add edx, eax
or edi, edx
xor edi, eax
add edi, ebp
mov ebp, [esp+50h+var_C]
lea edi, [edi+esi-5CFEBCECh]
mov esi, edi
shl edi, 0Fh
shr esi, 11h
or esi, edi
mov edi, eax
add esi, edx
not edi
or edi, esi
xor edi, edx
add edi, ebp
mov ebp, [esp+50h+var_30]
lea edi, [edi+ecx+4E0811A1h]
mov ecx, edi
shl ecx, 15h
shr edi, 0Bh
or ecx, edi
mov edi, edx
add ecx, esi
not edi
or edi, ecx
xor edi, esi
add edi, ebp
mov ebp, [esp+50h+var_14]
lea edi, [edi+eax-8AC817Eh]
mov eax, edi
shr eax, 1Ah
shl edi, 6
or eax, edi
mov edi, esi
add eax, ecx
not edi
or edi, eax
xor edi, ecx
add edi, ebp
mov ebp, [esp+50h+var_38]
lea edi, [edi+edx-42C50DCBh]
mov edx, edi
shr edx, 16h
shl edi, 0Ah
or edx, edi
mov edi, ecx
add edx, eax
not edi
or edi, edx
xor edi, eax
add edi, ebp
lea esi, [edi+esi+2AD7D2BBh]
mov edi, esi
shr edi, 11h
shl esi, 0Fh
or edi, esi
mov esi, eax
add edi, edx
not esi
or esi, edi
xor esi, edx
add esi, ebx
lea ecx, [esi+ecx-14792C6Fh]
mov esi, [esp+50h+arg_0]
mov ebx, [esi+8]
add ebx, eax
mov eax, ecx
mov [esi+8], ebx
mov ebx, [esi+0Ch]
shl eax, 15h
shr ecx, 0Bh
or eax, ecx
add eax, ebx
add eax, edi
mov [esi+0Ch], eax
mov eax, [esi+10h]
add eax, edi
pop edi
mov [esi+10h], eax
mov eax, [esi+14h]
add eax, edx
mov [esi+14h], eax
pop esi
pop ebp
pop ebx
add esp, 40h
retn
}
}
void my_DD6C70_ex( void *Key, const TCHAR *String, ULONG Length )
{
ULONG Iter;
ULONG Count;
ULONG Eax;
LONG Edx;
ULONG *Ebx;
const TCHAR *Esi;
ULONG Edi;
ULONG Ecx;
Edx = Length;
Ebx = ( ULONG* )Key;
Esi = String;
Eax = ( Ebx[0] >> 3 ) & 0x3F;
Edi = Edx;
Ecx = Edx * 8;
Ebx[0] += Ecx;
Ebx[1] += ( Edx >> 0x1D );
if ( Ebx[0] < Ecx )
Ebx[1]++;
if ( Eax )
{
/*
Length = ( 55 - x ) % 64 + 1;
Ecx = Length + x = ( 55 - x ) % 64 + 1 + x = 56 + 64 * n;
0 <= 64 * n + 55 - x < 64;
( x - 55 ) / 64 <= n < ( x + 7 ) / 64;
*/
Ecx = Eax + Edx;
if ( Ecx > 0x40 )
{
/* n >= 1, x >= 119; */
Ecx = 0x40 - Eax;
}
else
{
/* n = 0, 4 < x <= 55 */
Ecx = Edx;
}
Length = Ecx;
memcpy( Eax + ( TCHAR* )Ebx + 24, Esi, Ecx );
Eax += Ecx;
if ( Eax < 0x40 )
return;
Edi = Edx - Ecx;
Esi = Ecx + String;
my_DD6D40( Ebx, ( TCHAR* )Ebx + 24 );
}
if ( Edi >= 0x40 )
{
Count = ( Edi >> 6 );
Edi += ( 0 - Count ) << 6;
for ( Iter = 0; Iter < Count; Iter++ )
{
my_DD6D40( Ebx, Esi );
Esi += 0x40;
}
}
if ( Edi )
memcpy( ( TCHAR* )Ebx + 24, Esi, Edi );
}
void my_DD7650_ex( void *Key, TCHAR *Buffer )
{
register LONG Iter;
register ULONG *Esi;
UCHAR Var[8];
Esi = ( ULONG* )Key;
for ( Iter = 0; Iter < 8; Iter++ )
Var[Iter] = ( UCHAR )( Esi[( Iter >> 2 )] >> ( ( Iter & 3 ) << 3 ) );
/* ( 55 - x ) % 64 + 1 */
my_DD6C70_ex( Esi, ( TCHAR* )0xE84530, ( ( - 9 - ( Esi[0] >> 3 ) ) & 0x3F ) + 1 );
my_DD6C70_ex( Esi, Var, 8 );
for ( Iter = 0; Iter < 16; Iter++ )
Buffer[Iter] = ( UCHAR )( Esi[( Iter >> 2 ) + 2] >> ( ( Iter & 3 ) << 3 ) );
}
void obfuscate_name( zend_function *Function, TCHAR *Buffer, const TCHAR *String, ULONG Length )
{
zval ArgVal;
zval *RetValue;
zval *RetValuePtr;
void *Dummy;
TSRMLS_FETCH( );
INIT_PZVAL( &ArgVal );
ArgVal.type = IS_STRING;
ArgVal.value.str.val = ( TCHAR* )String;
ArgVal.value.str.len = Length;
zend_ptr_stack_push( &GET_GS( )->GExecutor->argument_stack, &ArgVal );
zend_ptr_stack_n_push( &GET_GS( )->GExecutor->argument_stack, 2, 1, NULL );
zend_ptr_stack_n_push( &GET_GS( )->GExecutor->arg_types_stack, 3, NULL, NULL, NULL );
ALLOC_ZVAL( RetValue );
INIT_ZVAL( *RetValue );
if ( GET_GS( )->ExtensionId < EXTENSION_ID_2 )
( ( HANDLER_1 )Function->internal_function.handler )( 1, RetValue, NULL, TRUE TSRMLS_CC );
else
( ( HANDLER_2 )Function->internal_function.handler )( 1, RetValue, &RetValuePtr, NULL, TRUE TSRMLS_CC );
RetValue->is_ref = 0;
RetValue->refcount = 1;
_tcscpy( Buffer, RetValue->value.str.val );
zval_ptr_dtor( &RetValue );
zend_ptr_stack_n_pop( &GET_GS( )->GExecutor->argument_stack, 3, &Dummy, &Dummy, &Dummy );
zend_ptr_stack_n_pop( &GET_GS( )->GExecutor->arg_types_stack, 3, &Dummy, &Dummy, &Dummy );
}
void obfuscate_class_name_ex( TCHAR *Obfuscate, const TCHAR *String, ULONG Length )
{
register ULONG Iter;
register ULONG Count;
register TCHAR *In;
register TCHAR *Out;
register ULONG Eax;
UCHAR UseKey[SMALL_BUFFER_SIZE];
UCHAR Buffer[SMALL_BUFFER_SIZE];
const TCHAR LegecyCharSet[] = _T( "0123456789_abcdefghijklmnopqrstuvwxyz" );
do
{
if ( *String == _T( '\0' ) )
{
String++;
Length--;
}
if ( Length == 0 )
break;
Out = Obfuscate;
if ( Length <= 4 )
{
_tcscpy( Buffer, String );
for ( Iter = 0, Count = Length, In = Buffer; Iter < Count; Iter++ )
{
if ( In[Iter] == 0x7A )
In[Iter] = 0x5A;
Eax = my_DDCE30_ex( In, Count );
*Out++ = In[Iter] = LegecyCharSet[Eax % ( SIZE_OF_ARRAY( LegecyCharSet ) - 1 )];
}
}
else
{
Out = Obfuscate;
memcpy( UseKey, Key, sizeof( Key ) );
my_DD6C70_ex( UseKey, String, Length );
my_DD7650_ex( UseKey, Buffer );
for ( Iter = 0, Count = Length, In = ( TCHAR* )String; Iter < Count; Iter++ )
{
Eax = Iter + 2;
Eax &= 0x8000000F;
if ( ( LONG )Eax < 0 )
{
Eax--;
Eax |= 0xFFFFFFF0;
Eax++;
}
Eax = Buffer[Eax];
Eax ^= *( ( UCHAR* )In );
In++;
*Out++ = LegecyCharSet[Eax % ( SIZE_OF_ARRAY( LegecyCharSet ) - 1 )];
}
}
*Out = _T( '\0' );
} while ( 0 );
}
void obfuscate_function_name_ex( TCHAR *Obfuscate, const TCHAR *String, ULONG Length )
{
register ULONG Iter;
register ULONG Count;
register TCHAR *In;
register TCHAR *Out;
register ULONG Eax;
UCHAR UseKey[SMALL_BUFFER_SIZE];
UCHAR Buffer[SMALL_BUFFER_SIZE];
do
{
if ( *String == _T( '\0' ) )
{
String++;
Length--;
}
if ( Length == 0 )
break;
Out = Obfuscate;
if ( Length <= 4 )
{
_tcscpy( Buffer, String );
for ( Iter = 0, Count = Length, In = Buffer; Iter < Count; Iter++ )
{
Eax = my_DDCE30_ex( In, Count ) & 0x7F;
if ( Eax == 0 )
Eax++;
else if ( Eax == 0x3A )
Eax++;
*Out++ = In[Iter] = ( TCHAR )Eax;
}
}
else
{
memcpy( UseKey, Key, sizeof( Key ) );
my_DD6C70_ex( UseKey, String, Length );
my_DD7650_ex( UseKey, Buffer );
for ( Iter = 0, Count = Length, In = ( TCHAR* )String; Iter < Count; Iter++ )
{
Eax = Iter + 1;
Eax &= 0x8000000F;
if ( ( LONG )Eax < 0 )
{
Eax--;
Eax |= 0xFFFFFFF0;
Eax++;
}
Eax = Buffer[Eax];
Eax ^= *( ( UCHAR* )In );
Eax &= 0x8000007F;
if ( ( LONG )Eax < 0 )
{
Eax--;
Eax |= 0xFFFFFF80;
Eax++;
}
if ( Eax == 0 )
Eax++;
else if ( Eax == 0x3A )
Eax++;
In++;
*Out++ = ( TCHAR )Eax;
}
}
*Out = _T( '\0' );
} while( 0 );
}
继续阅读
本文章来自站群哥LsevenTT博客~转载请注明出处
