Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- /----------------- ENCRYPTION ROUTINES -------------------------------------------------------------------------
- void encrypt_chars(int length, char EKey)
- {
- 00CB5C00 push ebp
- 00CB5C01 mov ebp,esp
- 00CB5C03 sub esp,0DCh
- 00CB5C09 push ebx
- 00CB5C0A push esi
- 00CB5C0B push edi
- 00CB5C0C lea edi,[ebp-0DCh]
- 00CB5C12 mov ecx,37h
- 00CB5C17 mov eax,0CCCCCCCCh
- 00CB5C1C rep stos dword ptr es:[edi]
- 00CB5C1E mov eax,dword ptr ds:[00CC0008h]
- 00CB5C23 xor eax,ebp
- 00CB5C25 mov dword ptr [ebp-4],eax
- char temp_char; // char temporary store
- for (int i = 0; i < length; i++) // encrypt characters one at a time
- 00CB5C28 mov dword ptr [ebp-18h],0
- 00CB5C2F jmp encrypt_chars+3Ah (0CB5C3Ah)
- 00CB5C31 mov eax,dword ptr [ebp-18h]
- 00CB5C34 add eax,1
- 00CB5C37 mov dword ptr [ebp-18h],eax
- 00CB5C3A mov eax,dword ptr [ebp-18h]
- 00CB5C3D cmp eax,dword ptr [length]
- 00CB5C40 jge encrypt_chars+74h (0CB5C74h)
- {
- temp_char = OChars[i]; // temp_char now contains the address values of the individual character
- 00CB5C42 mov eax,dword ptr [ebp-18h]
- 00CB5C45 mov cl,byte ptr [eax+0CC0320h]
- 00CB5C4B mov byte ptr [temp_char],cl
- __asm
- {
- push eax // Save values contained within register to stack
- 00CB5C4E push eax
- push ecx
- 00CB5C4F push ecx
- movzx ecx, temp_char
- 00CB5C50 movzx ecx,byte ptr [temp_char]
- push ecx // Push argument #2
- 00CB5C54 push ecx
- lea eax, EKey
- 00CB5C55 lea eax,[EKey]
- push eax // Push argument #1
- 00CB5C58 push eax
- call encrypt4
- 00CB5C59 call encrypt4 (0CB5C76h)
- add esp, 8 // Clean parameters of stack
- 00CB5C5E add esp,8
- mov temp_char, al // Move the temp character into a register
- 00CB5C61 mov byte ptr [temp_char],al
- pop ecx
- 00CB5C64 pop ecx
- pop eax
- 00CB5C65 pop eax
- }
- EChars[i] = temp_char; // Store encrypted char in the encrypted chars array
- 00CB5C66 mov eax,dword ptr [ebp-18h]
- 00CB5C69 mov cl,byte ptr [temp_char]
- 00CB5C6C mov byte ptr [eax+0CC0328h],cl
- }
- 00CB5C72 jmp encrypt_chars+31h (0CB5C31h)
- return;
- 00CB5C74 jmp encrypt4+21h (0CB5C97h)
- // Inputs: register EAX = 32-bit address of Ekey,
- // ECX = the character to be encrypted (in the low 8-bit field, CL).
- // Output: register EAX = the encrypted value of the source character (in the low 8-bit field, AL).
- __asm
- {
- encrypt4:
- push ebp // Set stack
- 00CB5C76 push ebp
- mov ebp, esp // Set up the base pointer
- 00CB5C77 mov ebp,esp
- mov eax, [ebp + 8] // Move value of parameter 1 into EAX
- 00CB5C79 mov eax,dword ptr [length]
- mov ecx, [ebp + 12] // Move value of parameter 2 into ECX
- 00CB5C7C mov ecx,dword ptr [EKey]
- push edi // Used for string and memory array copying
- 00CB5C7F push edi
- push ecx // Loop counter for pushing character onto stack
- 00CB5C80 push ecx
- not byte ptr[eax] // Negation
- 00CB5C81 not byte ptr [eax]
- add byte ptr[eax], 0x04 // Adds hex 4 to EKey
- 00CB5C83 add byte ptr [eax],4
- movzx edi, byte ptr[eax] // Moves value of EKey into EDI using zeroes
- 00CB5C86 movzx edi,byte ptr [eax]
- pop eax // Pop the character value from stack
- 00CB5C89 pop eax
- xor eax, edi // XOR character to give encrypted value of source
- 00CB5C8A xor eax,edi
- pop edi // Pop original address of EDI from the stack
- 00CB5C8C pop edi
- rol al, 1 // Rotates the encrypted value of source by 1 bit (left)
- 00CB5C8D rol al,1
- rol al, 1 // Rotates the encrypted value of source by 1 bit (left) again
- 00CB5C8F rol al,1
- add al, 0x04 // Adds hex 4 to encrypted value of source
- 00CB5C91 add al,4
- mov esp, ebp // Deallocate values
- 00CB5C93 mov esp,ebp
- pop ebp // Restore the base pointer
- 00CB5C95 pop ebp
- ret
- 00CB5C96 ret
- }
- //--- End of Assembly code
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
