Hi,
I have this asm code to analyze, this is 16 bit code.
I understand this is Xor operation between two buffers, one is the Xor key and the other is the data to cipher. I know that the XOR decyprion decrypt sectors of a hard drive but I cannot understand where the key comes from?
If some experts in asm could help me and give me hints, I would be extremely obliged.
arg_0= WORD ptr 4
push bp
mov bp, sp
push si
push di
mov si, [bp+arg_0]
cmp WORD ptr [si], 0
jge short loc_213D
mov dx, [si+6]
add dx, [si]
inc dx
mov di, dx
jmp short loc_2148
loc_213D:
mov ax, [si]
cwd
xor ax, dx
sub ax, dx
mov dx, ax
mov di, ax
loc_2148:
test WORD ptr [si+2], 40h
jnz short loc_217B
mov cx, [si+0Ah]
cmp WORD ptr [si], 0
jge short loc_2174
jmp short loc_2162
I get this from hopper disassembler:
function EntryPoint {
if (*(int16_t *)var_12 >= 0x0) {
asm{ cwd };
eax = (*esi ^ edx) - edx;
}
if (((*(esi + 0x2) & 0x40) == 0x0) && (*esi < 0x0)) {
}
return 0x0;
Reversing alien code is violation of forum rules.
Admins and moderators will alert you.
:biggrin:
"alien code"
Dword to Ascii routine:
(http://ancientx.com/images/ecriummo.gif)
notice the use of "leave" at the end - lol
Quote from: dedndave on June 22, 2013, 05:13:01 AM
:biggrin:
"alien code"
The game of the words. -- непереводимая игра слов -- lol
xor is fun but why not try floating point. Everyone thinks whole number variables. I had to break out of this because floating point is precise (get it)
Hi goofprog,
Interesting idea. Can you give an example? Especially for "floating point is precise" ;-)
P.S.: Welcome to the Forum :icon14: