设为首页收藏一下又不会死!新人公告
切换到窄版

 找回密码
 立即注册→加入我们

QQ登录

只需一步,快速开始

搜索
热搜: 下载 VB C 实现 编写
技术宅的结界»论坛 计算机技术 源码分享 【VB】VB6+ASM实现MD5计算
返回列表 发新帖
查看: 3007|回复: 13

【VB】VB6+ASM实现MD5计算

[复制链接]
0xAA55
发表于 2020-7-4 16:42:23 | 显示全部楼层 |阅读模式

欢迎访问技术宅的结界,请注册或者登录吧。

您需要 登录 才可以下载或查看,没有账号?立即注册→加入我们

×
上次写的VB6实现SHA1一样,因为我受不了各种无法移位、各种整数乘除法代替移位还不得不使用有符号整数乘除法的操作,我选择直接写汇编,然后以类似于shellcode的方式调用。

  1. Option Explicit

  3. Type MD5Reg_t
  4.     A As Long
  5.     B As Long
  6.     C As Long
  7.     D As Long
  8. End Type

  10. Private Declare Sub CopyMemory Lib "kernel32" Alias "RtlMoveMemory" (Destination As Any, Source As Any, ByVal Length As Long)
  11. Private Declare Sub ZeroMemory Lib "kernel32" Alias "RtlZeroMemory" (Destination As Any, ByVal numBytes As Long)
  12. Private Declare Function CallProcPtr Lib "user32" Alias "CallWindowProcA" (FuncPtr As Any, Arg1 As Any, ByVal Arg2 As Long, ByVal Arg3 As Long, ByVal Arg4 As Long) As Long

  14. Private Const m_MD5_DigestChunkCode As String = "" & _
  15. "83EC1056578B74241C8D7C2408B904000000F3A58B7424208B44240C2344241089C28B44240CF7D02344241409D00344240803060578A46AD7C1C0070344240C894424088B4424082344240C89C28B442408F7D02344241009D0034424140346040556B7C7E8C1C00C03442408894424148B4424142344240889C28B442414F7D02344240C09D00344241003460805DB702024C1C01103442414894424108B4424102344241489C28B442410F7D02344240809D00344240C03460C05EECEBDC1C1C016034424108944240C8B44240C2344241089C28B44240CF7D02344241409D00344240803461005AF0F7CF5C1C0070344240C894424088B4424082344240C89C28B442408F7D02344241009D003442414034614052AC68747C1C00C03442408894424148B4424142344240889C28B442414F7D02344240C09D00344241003461805134630A8C1C01103442414894424108B4424102344241489C28B442410F7D02344240809D00344240C03461C05019546FDC1C016034424108944240C8B44240C2344241089C28B44240CF7D02344241409D00344240803462005D8988069C1C0070344240C894424088B4424082344240C89C28B442408F7D02344241009D00344241403462405AFF7448BC1C00C03442408894424148B4424142344240889C28B442414F7D02344240C09D00344241003462805B15BFFFFC1C" & _
  16. "01103442414894424108B4424102344241489C28B442410F7D02344240809D00344240C03462C05BED75C89C1C016034424108944240C8B44240C2344241089C28B44240CF7D02344241409D003442408034630052211906BC1C0070344240C894424088B4424082344240C89C28B442408F7D02344241009D00344241403463405937198FDC1C00C03442408894424148B4424142344240889C28B442414F7D02344240C09D003442410034638058E4379A6C1C01103442414894424108B4424102344241489C28B442410F7D02344240809D00344240C03463C052108B449C1C016034424108944240C8B44240C2344241489C28B442414F7D02344241009D0034424080346040562251EF6C1C0050344240C894424088B4424082344241089C28B442410F7D02344240C09D0034424140346180540B340C0C1C00903442408894424148B4424142344240C89C28B44240CF7D02344240809D00344241003462C05515A5E26C1C00E03442414894424108B4424102344240889C28B442408F7D02344241409D00344240C030605AAC7B6E9C1C014034424108944240C8B44240C2344241489C28B442414F7D02344241009D003442408034614055D102FD6C1C0050344240C894424088B4424082344241089C28B442410F7D02344240C09D0034424140346280553144402C1C00903442408894424148B44241423" & _
  17. "44240C89C28B44240CF7D02344240809D00344241003463C0581E6A1D8C1C00E03442414894424108B4424102344240889C28B442408F7D02344241409D00344240C03461005C8FBD3E7C1C014034424108944240C8B44240C2344241489C28B442414F7D02344241009D00344240803462405E6CDE121C1C0050344240C894424088B4424082344241089C28B442410F7D02344240C09D00344241403463805D60737C3C1C00903442408894424148B4424142344240C89C28B44240CF7D02344240809D00344241003460C05870DD5F4C1C00E03442414894424108B4424102344240889C28B442408F7D02344241409D00344240C03462005ED145A45C1C014034424108944240C8B44240C2344241489C28B442414F7D02344241009D0034424080346340505E9E3A9C1C0050344240C894424088B4424082344241089C28B442410F7D02344240C09D00344241403460805F8A3EFFCC1C00903442408894424148B4424142344240C89C28B44240CF7D02344240809D00344241003461C05D9026F67C1C00E03442414894424108B4424102344240889C28B442408F7D02344241409D00344240C034630058A4C2A8DC1C014034424108944240C8B44240C334424103344241403442408034614054239FAFFC1C0040344240C894424088B4424083344240C33442410034424140346200581F67187C1C00B034" & _
  18. "42408894424148B442414334424083344240C0344241003462C0522619D6DC1C01003442414894424108B44241033442414334424080344240C034638050C38E5FDC1C017034424108944240C8B44240C3344241033442414034424080346040544EABEA4C1C0040344240C894424088B4424083344240C334424100344241403461005A9CFDE4BC1C00B03442408894424148B442414334424083344240C0344241003461C05604BBBF6C1C01003442414894424108B44241033442414334424080344240C0346280570BCBFBEC1C017034424108944240C8B44240C33442410334424140344240803463405C67E9B28C1C0040344240C894424088B4424083344240C3344241003442414030605FA27A1EAC1C00B03442408894424148B442414334424083344240C0344241003460C058530EFD4C1C01003442414894424108B44241033442414334424080344240C03461805051D8804C1C017034424108944240C8B44240C3344241033442414034424080346240539D0D4D9C1C0040344240C894424088B4424083344240C334424100344241403463005E599DBE6C1C00B03442408894424148B442414334424083344240C0344241003463C05F87CA21FC1C01003442414894424108B44241033442414334424080344240C034608056556ACC4C1C017034424108944240C8B442414F7D00B44240C334424" & _
  19. "1003442408030605442229F4C1C0060344240C894424088B442410F7D00B4424083344240C0344241403461C0597FF2A43C1C00A03442408894424148B44240CF7D00B442414334424080344241003463805A72394ABC1C00F03442414894424108B442408F7D00B442410334424140344240C0346140539A093FCC1C015034424108944240C8B442414F7D00B44240C334424100344240803463005C3595B65C1C0060344240C894424088B442410F7D00B4424083344240C0344241403460C0592CC0C8FC1C00A03442408894424148B44240CF7D00B4424143344240803442410034628057DF4EFFFC1C00F03442414894424108B442408F7D00B442410334424140344240C03460405D15D8485C1C015034424108944240C8B442414F7D00B44240C3344241003442408034620054F7EA86FC1C0060344240C894424088B442410F7D00B4424083344240C0344241403463C05E0E62CFEC1C00A03442408894424148B44240CF7D00B442414334424080344241003461805144301A3C1C00F03442414894424108B442408F7D00B442410334424140344240C03463405A111084EC1C015034424108944240C8B442414F7D00B44240C334424100344240803461005827E53F7C1C0060344240C894424088B442410F7D00B4424083344240C0344241403462C0535F23ABDC1C00A03442408894424148B44240CF" & _
  20. "7D00B442414334424080344241003460805BBD2D72AC1C00F03442414894424108B442408F7D00B442410334424140344240C0346240591D386EBC1C015034424108944240C8D7424088B7C241CB904000000AD0307ABE2FA5F5E83C410C2100090"

  22. Private Const m_32Mul64Code As String = "578B4C24148B7C24088B44240CF7E189078957048B442410F7E10147045FC21000909090909090909090909090909090"

  24. Private m_MD5_DigestChunkCore() As Byte
  25. Private m_32Mul64Core() As Byte

  27. Private Const PAGE_EXECUTE As Long = &H10
  28. Private Const PAGE_EXECUTE_READ As Long = &H20
  29. Private Const PAGE_EXECUTE_READWRITE As Long = &H40
  30. Private Const PAGE_EXECUTE_WRITECOPY As Long = &H80
  31. Private Const PAGE_NOACCESS As Long = &H1
  32. Private Const PAGE_READONLY As Long = &H2
  33. Private Const PAGE_READWRITE As Long = &H4
  34. Private Const PAGE_WRITECOPY As Long = &H8
  35. Private Declare Function VirtualProtect Lib "kernel32" (lpAddress As Any, ByVal dwSize As Long, ByVal flNewProtect As Long, lpflOldProtect As Long) As Long

  37. Private Declare Function BSWAPD Lib "ws2_32.dll" Alias "htonl" (ByVal Value As Long) As Long

  39. '检测是否在IDE环境下运行
  40. Function IsRunningInVB6IDE() As Boolean
  41. Static Counter As Variant
  42. If IsEmpty(Counter) Then
  43.     Counter = 1
  44.     Debug.Assert IsRunningInVB6IDE() Or True
  45.     Counter = Counter - 1
  46. ElseIf Counter = 1 Then
  47.     Counter = 0
  48. End If
  49. IsRunningInVB6IDE = Counter
  50. End Function

  52. Private Sub InitMD5Lib()
  53. Dim FuncLength As Long, I As Long
  54. Dim OldProtect As Long

  56. FuncLength = Len(m_MD5_DigestChunkCode) \ 2
  57. ReDim m_MD5_DigestChunkCore(FuncLength - 1)
  58. For I = 0 To FuncLength - 1
  59.     m_MD5_DigestChunkCore(I) = CByte("&H" & Mid$(m_MD5_DigestChunkCode, 1 + I * 2, 2))
  60. Next
  61. VirtualProtect m_MD5_DigestChunkCore(0), FuncLength, PAGE_EXECUTE_READWRITE, OldProtect

  63. FuncLength = Len(m_32Mul64Code) \ 2
  64. ReDim m_32Mul64Core(FuncLength - 1)
  65. For I = 0 To FuncLength - 1
  66.     m_32Mul64Core(I) = CByte("&H" & Mid$(m_32Mul64Code, 1 + I * 2, 2))
  67. Next
  68. VirtualProtect m_MD5_DigestChunkCore(0), FuncLength, PAGE_EXECUTE_READWRITE, OldProtect
  69. End Sub

  71. Sub MD5_Init(Regs As MD5Reg_t)
  72. Regs.A = &H67452301
  73. Regs.B = &HEFCDAB89
  74. Regs.C = &H98BADCFE
  75. Regs.D = &H10325476
  76. End Sub

  78. Sub MD5_DigestChunk(Regs As MD5Reg_t, ByVal ChunkPtr As Long)
  79. On Local Error GoTo ErrHandler

  81. CallProcPtr m_MD5_DigestChunkCore(0), Regs, ChunkPtr, 0, 0

  83. Exit Sub
  84. ErrHandler:
  85.     InitMD5Lib
  86.     CallProcPtr m_MD5_DigestChunkCore(0), Regs, ChunkPtr, 0, 0
  87.     Resume Next
  88. End Sub

  90. Sub Int64Mul32(ByVal Result_Ptr As Long, ByVal Number64_Low As Long, ByVal Number64_High As Long, ByVal Numerator As Long)
  91. On Local Error GoTo ErrHandler
  92. CallProcPtr m_32Mul64Core(0), ByVal Result_Ptr, Number64_Low, Number64_High, Numerator
  93. Exit Sub
  94. ErrHandler:
  95.     InitMD5Lib
  96.     CallProcPtr m_32Mul64Core(0), ByVal Result_Ptr, Number64_Low, Number64_High, Numerator
  97.     Resume Next
  98. End Sub

  100. Sub MD5_TailChunk(Regs As MD5Reg_t, ByVal ChunkPtr As Long, ByVal RestLen As Long, ByVal TotalSizeLow As Long, ByVal TotalSizeHigh As Long)
  101. Dim PadBuf(63) As Byte
  102. If RestLen Then CopyMemory PadBuf(0), ByVal ChunkPtr, RestLen
  103. PadBuf(RestLen) = &H80&
  104. RestLen = RestLen + 1

  106. If RestLen < 56 Then
  107.     Int64Mul32 VarPtr(PadBuf(56)), TotalSizeLow, TotalSizeHigh, 8
  108.     MD5_DigestChunk Regs, VarPtr(PadBuf(0))
  109. Else
  110.     MD5_DigestChunk Regs, VarPtr(PadBuf(0))
  111.     ZeroMemory PadBuf(0), 64
  112.     Int64Mul32 VarPtr(PadBuf(56)), TotalSizeLow, TotalSizeHigh, 8
  113.     MD5_DigestChunk Regs, VarPtr(PadBuf(0))
  114. End If
  115. End Sub

  117. Sub MD5_Sum(ByVal DataPtr As Long, ByVal DataLen As Long, MD5Out() As Long)
  118. Dim Regs As MD5Reg_t
  119. MD5_Init Regs

  121. Dim CurPtr As Long
  122. Dim RestLen As Long

  124. CurPtr = DataPtr
  125. RestLen = DataLen

  127. Do While RestLen >= 64
  128.     MD5_DigestChunk Regs, CurPtr
  129.     CurPtr = CurPtr + 64
  130.     RestLen = RestLen - 64
  131. Loop

  133. MD5_TailChunk Regs, CurPtr, RestLen, DataLen, 0

  135. MD5Out(0) = Regs.A
  136. MD5Out(1) = Regs.B
  137. MD5Out(2) = Regs.C
  138. MD5Out(3) = Regs.D
  139. End Sub

  141. Function MD5_ToString(MD5Hash() As Long) As String
  142. MD5_ToString = Right$("0000000" & Hex$(BSWAPD(MD5Hash(0))), 8) & Right$("0000000" & Hex$(BSWAPD(MD5Hash(1))), 8) & Right$("0000000" & Hex$(BSWAPD(MD5Hash(2))), 8) & Right$("0000000" & Hex$(BSWAPD(MD5Hash(3))), 8)
  143. End Function

  145. Function MD5_String(StrSrc As String) As String
  146. Dim Result(3) As Long
  147. MD5_Sum StrPtr(StrSrc), LenB(StrSrc), Result
  148. MD5_String = MD5_ToString(Result)
  149. End Function

  151. Function MD5_StringA(StrSrc As String) As String
  152. Dim Result(3) As Long
  153. If Len(StrSrc) Then
  154.     Dim ABuf() As Byte
  155.     ABuf = StrConv(StrSrc, vbFromUnicode)
  156.     MD5_Sum VarPtr(ABuf(0)), UBound(ABuf) + 1, Result
  157. Else
  158.     MD5_Sum 0, 0, Result
  159. End If
  160. MD5_StringA = MD5_ToString(Result)
  161. End Function
复制代码
不过,其实真正比较能看的地方就是汇编的部分,个人感觉还是可以拿出来当作典范的,因为不仅省略了帧指针,而且你还可以中途随便push pop,因为我使用一系列的宏来定位局部变量、参数等。即使我用了一万个宏,还“重写”了两个本来是指令的“指令”,但个人感觉写汇编的话这种还是属于好看的那种。
  1. bits 32

  3. %assign Stack_Usage 0
  4. %define Local_Var_Count 4
  5. %define Local_Var_Size (Local_Var_Count * 4)
  6. %define Local_Var(x) (esp + (Stack_Usage + x) * 4)
  7. %define Param(x) (esp + (Stack_Usage + Local_Var_Count + x + 1) * 4)
  8. %define TmpVar edx

  10. %macro push 1
  11. push %1
  12. %assign Stack_Usage Stack_Usage + 1
  13. %endmacro

  15. %macro pop 1
  16. pop %1
  17. %assign Stack_Usage Stack_Usage - 1
  18. %endmacro

  20. ;F(ret,x,y,z)
  21. %imacro F 4
  22. mov %1, %2
  23. and %1, %3
  24. mov TmpVar, %1
  25. mov %1, %2
  26. not %1
  27. and %1, %4
  28. or %1, TmpVar
  29. %endmacro

  31. ;G(ret,x,y,z)
  32. %imacro G 4
  33. mov %1, %2
  34. and %1, %4
  35. mov TmpVar, %1
  36. mov %1, %4
  37. not %1
  38. and %1, %3
  39. or %1, TmpVar
  40. %endmacro

  42. ;H(ret,x,y,z)
  43. %imacro H 4
  44. mov %1, %2
  45. xor %1, %3
  46. xor %1, %4
  47. %endmacro

  49. ;I(ret,x,y,z)
  50. %imacro I 4
  51. mov %1, %4
  52. not %1
  53. or %1, %2
  54. xor %1, %3
  55. %endmacro

  57. %imacro FF 8
  58. F %1, %3, %4 ,%5
  59. add %1, %2
  60. add %1, %6
  61. add %1, %8
  62. rol %1, %7
  63. add %1, %3
  64. %endmacro

  66. %imacro GG 8
  67. G %1, %3, %4 ,%5
  68. add %1, %2
  69. add %1, %6
  70. add %1, %8
  71. rol %1, %7
  72. add %1, %3
  73. %endmacro

  75. %imacro HH 8
  76. H %1, %3, %4 ,%5
  77. add %1, %2
  78. add %1, %6
  79. add %1, %8
  80. rol %1, %7
  81. add %1, %3
  82. %endmacro

  84. %imacro II 8
  85. I %1, %3, %4 ,%5
  86. add %1, %2
  87. add %1, %6
  88. add %1, %8
  89. rol %1, %7
  90. add %1, %3
  91. %endmacro

  93. ;void MD5_DigestChunk(uint32_t *MD5_Registers, void *pData, void *Preserved1, void *Preserved2);
  94. _MD5_DigestChunk@16:

  96. sub esp, Local_Var_Size
  97. push esi
  98. push edi

  100. mov esi, [Param(0)]
  101. lea edi, [Local_Var(0)]
  102. mov ecx, 4
  103. rep movsd

  105. mov esi, [Param(1)]

  107. FF eax, [Local_Var(0)], [Local_Var(1)], [Local_Var(2)], [Local_Var(3)], [esi + 0x0 * 4], 0x07, 0xD76AA478
  108. mov [Local_Var(0)], eax
  109. FF eax, [Local_Var(3)], [Local_Var(0)], [Local_Var(1)], [Local_Var(2)], [esi + 0x1 * 4], 0x0C, 0xE8C7B756
  110. mov [Local_Var(3)], eax
  111. FF eax, [Local_Var(2)], [Local_Var(3)], [Local_Var(0)], [Local_Var(1)], [esi + 0x2 * 4], 0x11, 0x242070DB
  112. mov [Local_Var(2)], eax
  113. FF eax, [Local_Var(1)], [Local_Var(2)], [Local_Var(3)], [Local_Var(0)], [esi + 0x3 * 4], 0x16, 0xC1BDCEEE
  114. mov [Local_Var(1)], eax
  115. FF eax, [Local_Var(0)], [Local_Var(1)], [Local_Var(2)], [Local_Var(3)], [esi + 0x4 * 4], 0x07, 0xF57C0FAF
  116. mov [Local_Var(0)], eax
  117. FF eax, [Local_Var(3)], [Local_Var(0)], [Local_Var(1)], [Local_Var(2)], [esi + 0x5 * 4], 0x0C, 0x4787C62A
  118. mov [Local_Var(3)], eax
  119. FF eax, [Local_Var(2)], [Local_Var(3)], [Local_Var(0)], [Local_Var(1)], [esi + 0x6 * 4], 0x11, 0xA8304613
  120. mov [Local_Var(2)], eax
  121. FF eax, [Local_Var(1)], [Local_Var(2)], [Local_Var(3)], [Local_Var(0)], [esi + 0x7 * 4], 0x16, 0xFD469501
  122. mov [Local_Var(1)], eax
  123. FF eax, [Local_Var(0)], [Local_Var(1)], [Local_Var(2)], [Local_Var(3)], [esi + 0x8 * 4], 0x07, 0x698098D8
  124. mov [Local_Var(0)], eax
  125. FF eax, [Local_Var(3)], [Local_Var(0)], [Local_Var(1)], [Local_Var(2)], [esi + 0x9 * 4], 0x0C, 0x8B44F7AF
  126. mov [Local_Var(3)], eax
  127. FF eax, [Local_Var(2)], [Local_Var(3)], [Local_Var(0)], [Local_Var(1)], [esi + 0xA * 4], 0x11, 0xFFFF5BB1
  128. mov [Local_Var(2)], eax
  129. FF eax, [Local_Var(1)], [Local_Var(2)], [Local_Var(3)], [Local_Var(0)], [esi + 0xB * 4], 0x16, 0x895CD7BE
  130. mov [Local_Var(1)], eax
  131. FF eax, [Local_Var(0)], [Local_Var(1)], [Local_Var(2)], [Local_Var(3)], [esi + 0xC * 4], 0x07, 0x6B901122
  132. mov [Local_Var(0)], eax
  133. FF eax, [Local_Var(3)], [Local_Var(0)], [Local_Var(1)], [Local_Var(2)], [esi + 0xD * 4], 0x0C, 0xFD987193
  134. mov [Local_Var(3)], eax
  135. FF eax, [Local_Var(2)], [Local_Var(3)], [Local_Var(0)], [Local_Var(1)], [esi + 0xE * 4], 0x11, 0xA679438E
  136. mov [Local_Var(2)], eax
  137. FF eax, [Local_Var(1)], [Local_Var(2)], [Local_Var(3)], [Local_Var(0)], [esi + 0xF * 4], 0x16, 0x49B40821
  138. mov [Local_Var(1)], eax

  140. GG eax, [Local_Var(0)], [Local_Var(1)], [Local_Var(2)], [Local_Var(3)], [esi + 0x1 * 4], 0x05, 0xF61E2562
  141. mov [Local_Var(0)], eax
  142. GG eax, [Local_Var(3)], [Local_Var(0)], [Local_Var(1)], [Local_Var(2)], [esi + 0x6 * 4], 0x09, 0xC040B340
  143. mov [Local_Var(3)], eax
  144. GG eax, [Local_Var(2)], [Local_Var(3)], [Local_Var(0)], [Local_Var(1)], [esi + 0xB * 4], 0x0E, 0x265E5A51
  145. mov [Local_Var(2)], eax
  146. GG eax, [Local_Var(1)], [Local_Var(2)], [Local_Var(3)], [Local_Var(0)], [esi + 0x0 * 4], 0x14, 0xE9B6C7AA
  147. mov [Local_Var(1)], eax
  148. GG eax, [Local_Var(0)], [Local_Var(1)], [Local_Var(2)], [Local_Var(3)], [esi + 0x5 * 4], 0x05, 0xD62F105D
  149. mov [Local_Var(0)], eax
  150. GG eax, [Local_Var(3)], [Local_Var(0)], [Local_Var(1)], [Local_Var(2)], [esi + 0xA * 4], 0x09, 0x02441453
  151. mov [Local_Var(3)], eax
  152. GG eax, [Local_Var(2)], [Local_Var(3)], [Local_Var(0)], [Local_Var(1)], [esi + 0xF * 4], 0x0E, 0xD8A1E681
  153. mov [Local_Var(2)], eax
  154. GG eax, [Local_Var(1)], [Local_Var(2)], [Local_Var(3)], [Local_Var(0)], [esi + 0x4 * 4], 0x14, 0xE7D3FBC8
  155. mov [Local_Var(1)], eax
  156. GG eax, [Local_Var(0)], [Local_Var(1)], [Local_Var(2)], [Local_Var(3)], [esi + 0x9 * 4], 0x05, 0x21E1CDE6
  157. mov [Local_Var(0)], eax
  158. GG eax, [Local_Var(3)], [Local_Var(0)], [Local_Var(1)], [Local_Var(2)], [esi + 0xE * 4], 0x09, 0xC33707D6
  159. mov [Local_Var(3)], eax
  160. GG eax, [Local_Var(2)], [Local_Var(3)], [Local_Var(0)], [Local_Var(1)], [esi + 0x3 * 4], 0x0E, 0xF4D50D87
  161. mov [Local_Var(2)], eax
  162. GG eax, [Local_Var(1)], [Local_Var(2)], [Local_Var(3)], [Local_Var(0)], [esi + 0x8 * 4], 0x14, 0x455A14ED
  163. mov [Local_Var(1)], eax
  164. GG eax, [Local_Var(0)], [Local_Var(1)], [Local_Var(2)], [Local_Var(3)], [esi + 0xD * 4], 0x05, 0xA9E3E905
  165. mov [Local_Var(0)], eax
  166. GG eax, [Local_Var(3)], [Local_Var(0)], [Local_Var(1)], [Local_Var(2)], [esi + 0x2 * 4], 0x09, 0xFCEFA3F8
  167. mov [Local_Var(3)], eax
  168. GG eax, [Local_Var(2)], [Local_Var(3)], [Local_Var(0)], [Local_Var(1)], [esi + 0x7 * 4], 0x0E, 0x676F02D9
  169. mov [Local_Var(2)], eax
  170. GG eax, [Local_Var(1)], [Local_Var(2)], [Local_Var(3)], [Local_Var(0)], [esi + 0xC * 4], 0x14, 0x8D2A4C8A
  171. mov [Local_Var(1)], eax

  173. HH eax, [Local_Var(0)], [Local_Var(1)], [Local_Var(2)], [Local_Var(3)], [esi + 0x5 * 4], 0x04, 0xFFFA3942
  174. mov [Local_Var(0)], eax
  175. HH eax, [Local_Var(3)], [Local_Var(0)], [Local_Var(1)], [Local_Var(2)], [esi + 0x8 * 4], 0x0B, 0x8771F681
  176. mov [Local_Var(3)], eax
  177. HH eax, [Local_Var(2)], [Local_Var(3)], [Local_Var(0)], [Local_Var(1)], [esi + 0xB * 4], 0x10, 0x6D9D6122
  178. mov [Local_Var(2)], eax
  179. HH eax, [Local_Var(1)], [Local_Var(2)], [Local_Var(3)], [Local_Var(0)], [esi + 0xE * 4], 0x17, 0xFDE5380C
  180. mov [Local_Var(1)], eax
  181. HH eax, [Local_Var(0)], [Local_Var(1)], [Local_Var(2)], [Local_Var(3)], [esi + 0x1 * 4], 0x04, 0xA4BEEA44
  182. mov [Local_Var(0)], eax
  183. HH eax, [Local_Var(3)], [Local_Var(0)], [Local_Var(1)], [Local_Var(2)], [esi + 0x4 * 4], 0x0B, 0x4BDECFA9
  184. mov [Local_Var(3)], eax
  185. HH eax, [Local_Var(2)], [Local_Var(3)], [Local_Var(0)], [Local_Var(1)], [esi + 0x7 * 4], 0x10, 0xF6BB4B60
  186. mov [Local_Var(2)], eax
  187. HH eax, [Local_Var(1)], [Local_Var(2)], [Local_Var(3)], [Local_Var(0)], [esi + 0xA * 4], 0x17, 0xBEBFBC70
  188. mov [Local_Var(1)], eax
  189. HH eax, [Local_Var(0)], [Local_Var(1)], [Local_Var(2)], [Local_Var(3)], [esi + 0xD * 4], 0x04, 0x289B7EC6
  190. mov [Local_Var(0)], eax
  191. HH eax, [Local_Var(3)], [Local_Var(0)], [Local_Var(1)], [Local_Var(2)], [esi + 0x0 * 4], 0x0B, 0xEAA127FA
  192. mov [Local_Var(3)], eax
  193. HH eax, [Local_Var(2)], [Local_Var(3)], [Local_Var(0)], [Local_Var(1)], [esi + 0x3 * 4], 0x10, 0xD4EF3085
  194. mov [Local_Var(2)], eax
  195. HH eax, [Local_Var(1)], [Local_Var(2)], [Local_Var(3)], [Local_Var(0)], [esi + 0x6 * 4], 0x17, 0x04881D05
  196. mov [Local_Var(1)], eax
  197. HH eax, [Local_Var(0)], [Local_Var(1)], [Local_Var(2)], [Local_Var(3)], [esi + 0x9 * 4], 0x04, 0xD9D4D039
  198. mov [Local_Var(0)], eax
  199. HH eax, [Local_Var(3)], [Local_Var(0)], [Local_Var(1)], [Local_Var(2)], [esi + 0xC * 4], 0x0B, 0xE6DB99E5
  200. mov [Local_Var(3)], eax
  201. HH eax, [Local_Var(2)], [Local_Var(3)], [Local_Var(0)], [Local_Var(1)], [esi + 0xF * 4], 0x10, 0x1FA27CF8
  202. mov [Local_Var(2)], eax
  203. HH eax, [Local_Var(1)], [Local_Var(2)], [Local_Var(3)], [Local_Var(0)], [esi + 0x2 * 4], 0x17, 0xC4AC5665
  204. mov [Local_Var(1)], eax

  206. II eax, [Local_Var(0)], [Local_Var(1)], [Local_Var(2)], [Local_Var(3)], [esi + 0x0 * 4], 0x06, 0xF4292244
  207. mov [Local_Var(0)], eax
  208. II eax, [Local_Var(3)], [Local_Var(0)], [Local_Var(1)], [Local_Var(2)], [esi + 0x7 * 4], 0x0A, 0x432AFF97
  209. mov [Local_Var(3)], eax
  210. II eax, [Local_Var(2)], [Local_Var(3)], [Local_Var(0)], [Local_Var(1)], [esi + 0xE * 4], 0x0F, 0xAB9423A7
  211. mov [Local_Var(2)], eax
  212. II eax, [Local_Var(1)], [Local_Var(2)], [Local_Var(3)], [Local_Var(0)], [esi + 0x5 * 4], 0x15, 0xFC93A039
  213. mov [Local_Var(1)], eax
  214. II eax, [Local_Var(0)], [Local_Var(1)], [Local_Var(2)], [Local_Var(3)], [esi + 0xC * 4], 0x06, 0x655B59C3
  215. mov [Local_Var(0)], eax
  216. II eax, [Local_Var(3)], [Local_Var(0)], [Local_Var(1)], [Local_Var(2)], [esi + 0x3 * 4], 0x0A, 0x8F0CCC92
  217. mov [Local_Var(3)], eax
  218. II eax, [Local_Var(2)], [Local_Var(3)], [Local_Var(0)], [Local_Var(1)], [esi + 0xA * 4], 0x0F, 0xFFEFF47D
  219. mov [Local_Var(2)], eax
  220. II eax, [Local_Var(1)], [Local_Var(2)], [Local_Var(3)], [Local_Var(0)], [esi + 0x1 * 4], 0x15, 0x85845DD1
  221. mov [Local_Var(1)], eax
  222. II eax, [Local_Var(0)], [Local_Var(1)], [Local_Var(2)], [Local_Var(3)], [esi + 0x8 * 4], 0x06, 0x6FA87E4F
  223. mov [Local_Var(0)], eax
  224. II eax, [Local_Var(3)], [Local_Var(0)], [Local_Var(1)], [Local_Var(2)], [esi + 0xF * 4], 0x0A, 0xFE2CE6E0
  225. mov [Local_Var(3)], eax
  226. II eax, [Local_Var(2)], [Local_Var(3)], [Local_Var(0)], [Local_Var(1)], [esi + 0x6 * 4], 0x0F, 0xA3014314
  227. mov [Local_Var(2)], eax
  228. II eax, [Local_Var(1)], [Local_Var(2)], [Local_Var(3)], [Local_Var(0)], [esi + 0xD * 4], 0x15, 0x4E0811A1
  229. mov [Local_Var(1)], eax
  230. II eax, [Local_Var(0)], [Local_Var(1)], [Local_Var(2)], [Local_Var(3)], [esi + 0x4 * 4], 0x06, 0xF7537E82
  231. mov [Local_Var(0)], eax
  232. II eax, [Local_Var(3)], [Local_Var(0)], [Local_Var(1)], [Local_Var(2)], [esi + 0xB * 4], 0x0A, 0xBD3AF235
  233. mov [Local_Var(3)], eax
  234. II eax, [Local_Var(2)], [Local_Var(3)], [Local_Var(0)], [Local_Var(1)], [esi + 0x2 * 4], 0x0F, 0x2AD7D2BB
  235. mov [Local_Var(2)], eax
  236. II eax, [Local_Var(1)], [Local_Var(2)], [Local_Var(3)], [Local_Var(0)], [esi + 0x9 * 4], 0x15, 0xEB86D391
  237. mov [Local_Var(1)], eax

  239. lea esi, [Local_Var(0)]
  240. mov edi, [Param(0)]
  241. mov ecx, 4
  242. .AddOut:
  243. lodsd
  244. add eax, [edi]
  245. stosd
  246. loop .AddOut

  248. pop edi
  249. pop esi
  250. add esp, Local_Var_Size

  252. ret 16

  254. times 16 - ($ - $$) % 16 nop
复制代码



哈希, MD5, 算法, 汇编, VB6

相关帖子
回复

使用道具 举报

Ayala
发表于 2020-7-5 05:44:37 | 显示全部楼层
也可以使用ntdll的api RtlLargeInteger
.........
  之类的移位运算
回复 赞! 1 靠! 1

使用道具 举报

系统消息
发表于 2020-7-4 22:53:32 | 显示全部楼层
我之前写过VB6的位移运算模块
回复 赞! 靠!

使用道具 举报

0xAA55
 楼主| 发表于 2020-7-6 15:41:50 | 显示全部楼层
系统消息 发表于 2020-7-4 22:53
我之前写过VB6的位移运算模块

WANTED

求分享
回复 赞! 靠!

使用道具 举报

Ayala
发表于 2020-7-6 19:31:39 | 显示全部楼层
0xAA55 发表于 2020-7-6 15:41
WANTED

求分享

vb6有个内联汇编插件挺好玩的
回复 赞! 靠!

使用道具 举报

0xAA55
 楼主| 发表于 2020-7-6 20:38:55 | 显示全部楼层
Ayala 发表于 2020-7-6 19:31
vb6有个内联汇编插件挺好玩的

哦,用过,兴趣不大。就算是现场编译,跑的时候都是必须走CallWindowProc还要传递4个参数。支持的指令也就那几个。
回复 赞! 靠!

使用道具 举报

系统消息
发表于 2020-7-6 21:44:03 | 显示全部楼层
0xAA55 发表于 2020-7-6 15:41
WANTED

求分享

分享好了:https://www.0xaa55.com/thread-26026-1-1.html
回复 赞! 靠!

使用道具 举报

Ayala
发表于 2020-7-6 23:34:38 | 显示全部楼层
0xAA55 发表于 2020-7-6 20:38
哦,用过,兴趣不大。就算是现场编译,跑的时候都是必须走CallWindowProc还要传递4个参数。支持的指令也 ...

看来用的不是同一个,我记得之前用的那个是外部调用ml编译的,hook的vb6,修改的build参数
回复 赞! 靠!

使用道具 举报

0xAA55
 楼主| 发表于 2020-7-7 23:22:29 | 显示全部楼层
Ayala 发表于 2020-7-6 23:34
看来用的不是同一个,我记得之前用的那个是外部调用ml编译的,hook的vb6,修改的build参数 ...

哦。这不是常规操作么。加入自己的OBJ。
回复 赞! 靠!

使用道具 举报

Ayala
发表于 2020-7-8 18:58:44 | 显示全部楼层
0xAA55 发表于 2020-7-7 23:22
哦。这不是常规操作么。加入自己的OBJ。

不过之前用的内联汇编可以任意位置内联的,除了不定参数外的函数也都支持

  2. Private Sub foo()
  3. 'xor eax,eax
  4. End Sub
  5. Private Function foo(a As Integer)
  6.     'mov eax,a
  7. End Function
  8. Private Function foo(a As Integer)
  9.     Dim m, n As Integer
  10.    
  11.     For m = 0 To 3
  12.         If m > 2 Then
  13.         'mov eax,m
  14.         'add eax,n
  15.         'add eax,a
  16.         End If
  17.     Next
  18. End Function
复制代码

三种都是支持的,肯定不是单纯添加obj那么简单的东西
回复 赞! 靠!

使用道具 举报

0xAA55
 楼主| 发表于 2020-7-9 01:22:10 | 显示全部楼层
Ayala 发表于 2020-7-8 18:58
不过之前用的内联汇编可以任意位置内联的,除了不定参数外的函数也都支持
[code]
Private ...

这个有点厉害啊!
回复 赞! 靠!

使用道具 举报

Ayala
发表于 2020-7-9 08:44:34 | 显示全部楼层
0xAA55 发表于 2020-7-9 01:22
这个有点厉害啊!

不知道怎么实现的,我有个大体思路,源代码有asm部分填充无用的有特征性的vb代码,然后编译生成asm文件,将特征部分的代码改成内联汇编代码(符号部分处理起来一点也不简单,需要很清楚了解vb的各种符号,可能需要启发式搜索引擎)然后再编译
回复 赞! 靠!

使用道具 举报

返回列表 发新帖

本版积分规则

QQ|Archiver|小黑屋|技术宅的结界 ( 滇ICP备16008837号 )|网站地图

GMT+8, 2024-11-21 21:03 , Processed in 0.040950 second(s), 30 queries , Gzip On.

Powered by Discuz! X3.5

© 2001-2024 Discuz! Team.

快速回复 返回顶部 返回列表