push eax
push ecx
and eax,0x3C
ror eax,1
ror eax,1
inc eax
mov edx,eax
pop eax
xor eax,edx
pop ecx
xor eax,ecx
rol al,1
ret
任何人都可以通过评论它以及为什么我们这样的例程像和和ror一样帮助我理解这段代码的作用吗?感谢
答案 0 :(得分:3)
此代码与:
相同unsigned int func(arg0, arg1)
{
unsigned int tmp = (arg1 ^ (((arg0 & 0x3C) >> 2) + 1)) ^ arg0;
unsigned char c = (unsigned char)(tmp & 0xff);
return (tmp & ~0xff) | (unsigned int)((c << 7) | (c >> 1));
}
如果我读完了,就是这样。相当复杂 - 它来自哪里?
无论如何,详情如下:
开始于:使用EAX
/ ECX
作为参数,可以看出这使用了Microsoft的__fastcall
调用约定arg0
的函数{ {1}},EAX
中的arg1
。
然后按照算术进行操作。除了 last 仅在ECX
上使用轮换,它实际上很简单:
AL
编辑:Zuljin在这里给了我一个想法...如果函数实际上明确地在 bytes 上运行,那么可以用更简单的方式说明:
push eax ; saves arg0 to stack
push ecx ; saves arg1 to stack
and eax,0x3C ; tmp = arg0 & 0x3C (this isolates bits 3-6, makes all else zero)
ror eax,1 ;
ror eax,1 ; twice rot right. Since upper bits are zero: tmp >>= 2;
inc eax ; tmp++
mov edx,eax ; EDX = tmp
pop eax ; retrieve last item on stack, tmp2 = arg1
xor eax,edx ; tmp2 ^= tmp;
pop ecx ; retrieve prev item on stack, tmp3 = arg0
xor eax,ecx ; tmp2 ^= tmp3
; full line: (arg1 ^ (((arg0 & 0x3C) >> 2) + 1)) ^ arg0
rol al,1 ; complex ... rotate lowest byte right by one
; al = (al >> 1) | (al << 7)
;
ret
这种char transmogrify(char arg0, char arg1)
{
char tmp = (arg1 ^ (((arg0 << 2) >> 4) + 1))) ^ arg0;
return ((tmp << 7) | (tmp >> 1));
}
操作被用作DES之类的一些密码的一部分,但你究竟拥有什么取决于rotate(a ^ X ^ b, 1)
(这里只是有点混乱)。我不是加密专家,也不承认具体案例。如果有人能填补这个空白,那将会很有趣。
答案 1 :(得分:1)
push eax ; pushing eax into stack
push ecx ; pushing ecx into stack
and eax,0x3C ; performs logical and operation on eax and 0x3C
ror eax,1 ; one bit right shift value from eax with carrying shifted bit to most significant bit (cyclic right shift)
ror eax,1 ; one bit right shift value from eax with carrying shifted bit to most significant bit (cyclic right shift)
inc eax ; increment eax value
mov edx,eax ; copy value from eax to edx
pop eax ; restore eax value from stack, which was pushed by this command "push ecx"
xor eax,edx ; exclusive or operation on eax and edx values
pop ecx ; restore ecx value from stack, which was pushed by this command "push eax"
xor eax,ecx ; exclusive or operation on eax and ecx values
rol al,1 ; one bit left shift value from al (least significant byte from eax) with carrying shifted bit to least significant bit (cyclic left shift)
ret ; return from function
我建议您阅读https://stackoverflow.com/questions/199679/good-beginners-books-for-assembly-languages
中的一些文章答案 2 :(得分:0)
push eax - saves eax to stack
push ecx - saves ecx to stack
and eax,0x3C - logical AND register eax with 0x3c ( 111100 in binary) - this means that only 4 bits starting from bit 2 are interesting - in C : a = a &
0x3C;
ror eax,1 - rotate one bit right - in C : a = a >> 1;
ror eax,1 - rotate one bit right - in C : a = a >> 1; so after this command these 4 interesting bits starting in position 0;
inc eax - increse these 4 bits value by one - in C : a++;
mov edx,eax - copy value from register eax to register edx
pop eax - load value from stack (value that was previously in ecx) and copy it to eax registry
xor eax,edx - xor value from stack(previously ecx) with incremented 4bits value - in C : b = b ^ a;
pop ecx - load value from stack (value that was previously in eax) and copy it to ecx registry
xor eax,ecx - xor value from stack(previously eax) once again - in C : c = c ^ b;
rol al,1 - rotate left by one bit the last byte (al) of registry eax - in C : c = (unsigned char)c << 1;
ret - return from function - probably this what is in EAX is a return value
所以这或多或少是这个函数在C
中的样子unsigned char func1(unsigned int parm1, insigned int parm2)
{
unsigned int a = par1 & 0x3C;
a = a >> 1;
a = a >> 1;
a++;
a = parm2 ^ a;
a = parm1 ^ a;
return (unsigned char)a << 1;
}