找回密码
 立即注册→加入我们

QQ登录

只需一步,快速开始

搜索
热搜: 下载 VB C 实现 编写
查看: 3032|回复: 13

【VB】VB6+ASM实现MD5计算

[复制链接]
发表于 2020-7-4 16:42:23 | 显示全部楼层 |阅读模式

欢迎访问技术宅的结界,请注册或者登录吧。

您需要 登录 才可以下载或查看,没有账号?立即注册→加入我们

×
上次写的VB6实现SHA1一样,因为我受不了各种无法移位、各种整数乘除法代替移位还不得不使用有符号整数乘除法的操作,我选择直接写汇编,然后以类似于shellcode的方式调用。

  1. Option Explicit

  2. Type MD5Reg_t
  3.     A As Long
  4.     B As Long
  5.     C As Long
  6.     D As Long
  7. End Type

  8. Private Declare Sub CopyMemory Lib "kernel32" Alias "RtlMoveMemory" (Destination As Any, Source As Any, ByVal Length As Long)
  9. Private Declare Sub ZeroMemory Lib "kernel32" Alias "RtlZeroMemory" (Destination As Any, ByVal numBytes As Long)
  10. Private Declare Function CallProcPtr Lib "user32" Alias "CallWindowProcA" (FuncPtr As Any, Arg1 As Any, ByVal Arg2 As Long, ByVal Arg3 As Long, ByVal Arg4 As Long) As Long

  11. Private Const m_MD5_DigestChunkCode As String = "" & _
  12. "83EC1056578B74241C8D7C2408B904000000F3A58B7424208B44240C2344241089C28B44240CF7D02344241409D00344240803060578A46AD7C1C0070344240C894424088B4424082344240C89C28B442408F7D02344241009D0034424140346040556B7C7E8C1C00C03442408894424148B4424142344240889C28B442414F7D02344240C09D00344241003460805DB702024C1C01103442414894424108B4424102344241489C28B442410F7D02344240809D00344240C03460C05EECEBDC1C1C016034424108944240C8B44240C2344241089C28B44240CF7D02344241409D00344240803461005AF0F7CF5C1C0070344240C894424088B4424082344240C89C28B442408F7D02344241009D003442414034614052AC68747C1C00C03442408894424148B4424142344240889C28B442414F7D02344240C09D00344241003461805134630A8C1C01103442414894424108B4424102344241489C28B442410F7D02344240809D00344240C03461C05019546FDC1C016034424108944240C8B44240C2344241089C28B44240CF7D02344241409D00344240803462005D8988069C1C0070344240C894424088B4424082344240C89C28B442408F7D02344241009D00344241403462405AFF7448BC1C00C03442408894424148B4424142344240889C28B442414F7D02344240C09D00344241003462805B15BFFFFC1C" & _
  13. "01103442414894424108B4424102344241489C28B442410F7D02344240809D00344240C03462C05BED75C89C1C016034424108944240C8B44240C2344241089C28B44240CF7D02344241409D003442408034630052211906BC1C0070344240C894424088B4424082344240C89C28B442408F7D02344241009D00344241403463405937198FDC1C00C03442408894424148B4424142344240889C28B442414F7D02344240C09D003442410034638058E4379A6C1C01103442414894424108B4424102344241489C28B442410F7D02344240809D00344240C03463C052108B449C1C016034424108944240C8B44240C2344241489C28B442414F7D02344241009D0034424080346040562251EF6C1C0050344240C894424088B4424082344241089C28B442410F7D02344240C09D0034424140346180540B340C0C1C00903442408894424148B4424142344240C89C28B44240CF7D02344240809D00344241003462C05515A5E26C1C00E03442414894424108B4424102344240889C28B442408F7D02344241409D00344240C030605AAC7B6E9C1C014034424108944240C8B44240C2344241489C28B442414F7D02344241009D003442408034614055D102FD6C1C0050344240C894424088B4424082344241089C28B442410F7D02344240C09D0034424140346280553144402C1C00903442408894424148B44241423" & _
  14. "44240C89C28B44240CF7D02344240809D00344241003463C0581E6A1D8C1C00E03442414894424108B4424102344240889C28B442408F7D02344241409D00344240C03461005C8FBD3E7C1C014034424108944240C8B44240C2344241489C28B442414F7D02344241009D00344240803462405E6CDE121C1C0050344240C894424088B4424082344241089C28B442410F7D02344240C09D00344241403463805D60737C3C1C00903442408894424148B4424142344240C89C28B44240CF7D02344240809D00344241003460C05870DD5F4C1C00E03442414894424108B4424102344240889C28B442408F7D02344241409D00344240C03462005ED145A45C1C014034424108944240C8B44240C2344241489C28B442414F7D02344241009D0034424080346340505E9E3A9C1C0050344240C894424088B4424082344241089C28B442410F7D02344240C09D00344241403460805F8A3EFFCC1C00903442408894424148B4424142344240C89C28B44240CF7D02344240809D00344241003461C05D9026F67C1C00E03442414894424108B4424102344240889C28B442408F7D02344241409D00344240C034630058A4C2A8DC1C014034424108944240C8B44240C334424103344241403442408034614054239FAFFC1C0040344240C894424088B4424083344240C33442410034424140346200581F67187C1C00B034" & _
  15. "42408894424148B442414334424083344240C0344241003462C0522619D6DC1C01003442414894424108B44241033442414334424080344240C034638050C38E5FDC1C017034424108944240C8B44240C3344241033442414034424080346040544EABEA4C1C0040344240C894424088B4424083344240C334424100344241403461005A9CFDE4BC1C00B03442408894424148B442414334424083344240C0344241003461C05604BBBF6C1C01003442414894424108B44241033442414334424080344240C0346280570BCBFBEC1C017034424108944240C8B44240C33442410334424140344240803463405C67E9B28C1C0040344240C894424088B4424083344240C3344241003442414030605FA27A1EAC1C00B03442408894424148B442414334424083344240C0344241003460C058530EFD4C1C01003442414894424108B44241033442414334424080344240C03461805051D8804C1C017034424108944240C8B44240C3344241033442414034424080346240539D0D4D9C1C0040344240C894424088B4424083344240C334424100344241403463005E599DBE6C1C00B03442408894424148B442414334424083344240C0344241003463C05F87CA21FC1C01003442414894424108B44241033442414334424080344240C034608056556ACC4C1C017034424108944240C8B442414F7D00B44240C334424" & _
  16. "1003442408030605442229F4C1C0060344240C894424088B442410F7D00B4424083344240C0344241403461C0597FF2A43C1C00A03442408894424148B44240CF7D00B442414334424080344241003463805A72394ABC1C00F03442414894424108B442408F7D00B442410334424140344240C0346140539A093FCC1C015034424108944240C8B442414F7D00B44240C334424100344240803463005C3595B65C1C0060344240C894424088B442410F7D00B4424083344240C0344241403460C0592CC0C8FC1C00A03442408894424148B44240CF7D00B4424143344240803442410034628057DF4EFFFC1C00F03442414894424108B442408F7D00B442410334424140344240C03460405D15D8485C1C015034424108944240C8B442414F7D00B44240C3344241003442408034620054F7EA86FC1C0060344240C894424088B442410F7D00B4424083344240C0344241403463C05E0E62CFEC1C00A03442408894424148B44240CF7D00B442414334424080344241003461805144301A3C1C00F03442414894424108B442408F7D00B442410334424140344240C03463405A111084EC1C015034424108944240C8B442414F7D00B44240C334424100344240803461005827E53F7C1C0060344240C894424088B442410F7D00B4424083344240C0344241403462C0535F23ABDC1C00A03442408894424148B44240CF" & _
  17. "7D00B442414334424080344241003460805BBD2D72AC1C00F03442414894424108B442408F7D00B442410334424140344240C0346240591D386EBC1C015034424108944240C8D7424088B7C241CB904000000AD0307ABE2FA5F5E83C410C2100090"

  18. Private Const m_32Mul64Code As String = "578B4C24148B7C24088B44240CF7E189078957048B442410F7E10147045FC21000909090909090909090909090909090"

  19. Private m_MD5_DigestChunkCore() As Byte
  20. Private m_32Mul64Core() As Byte

  21. Private Const PAGE_EXECUTE As Long = &H10
  22. Private Const PAGE_EXECUTE_READ As Long = &H20
  23. Private Const PAGE_EXECUTE_READWRITE As Long = &H40
  24. Private Const PAGE_EXECUTE_WRITECOPY As Long = &H80
  25. Private Const PAGE_NOACCESS As Long = &H1
  26. Private Const PAGE_READONLY As Long = &H2
  27. Private Const PAGE_READWRITE As Long = &H4
  28. Private Const PAGE_WRITECOPY As Long = &H8
  29. Private Declare Function VirtualProtect Lib "kernel32" (lpAddress As Any, ByVal dwSize As Long, ByVal flNewProtect As Long, lpflOldProtect As Long) As Long

  30. Private Declare Function BSWAPD Lib "ws2_32.dll" Alias "htonl" (ByVal Value As Long) As Long

  31. '检测是否在IDE环境下运行
  32. Function IsRunningInVB6IDE() As Boolean
  33. Static Counter As Variant
  34. If IsEmpty(Counter) Then
  35.     Counter = 1
  36.     Debug.Assert IsRunningInVB6IDE() Or True
  37.     Counter = Counter - 1
  38. ElseIf Counter = 1 Then
  39.     Counter = 0
  40. End If
  41. IsRunningInVB6IDE = Counter
  42. End Function

  43. Private Sub InitMD5Lib()
  44. Dim FuncLength As Long, I As Long
  45. Dim OldProtect As Long

  46. FuncLength = Len(m_MD5_DigestChunkCode) \ 2
  47. ReDim m_MD5_DigestChunkCore(FuncLength - 1)
  48. For I = 0 To FuncLength - 1
  49.     m_MD5_DigestChunkCore(I) = CByte("&H" & Mid$(m_MD5_DigestChunkCode, 1 + I * 2, 2))
  50. Next
  51. VirtualProtect m_MD5_DigestChunkCore(0), FuncLength, PAGE_EXECUTE_READWRITE, OldProtect

  52. FuncLength = Len(m_32Mul64Code) \ 2
  53. ReDim m_32Mul64Core(FuncLength - 1)
  54. For I = 0 To FuncLength - 1
  55.     m_32Mul64Core(I) = CByte("&H" & Mid$(m_32Mul64Code, 1 + I * 2, 2))
  56. Next
  57. VirtualProtect m_MD5_DigestChunkCore(0), FuncLength, PAGE_EXECUTE_READWRITE, OldProtect
  58. End Sub

  59. Sub MD5_Init(Regs As MD5Reg_t)
  60. Regs.A = &H67452301
  61. Regs.B = &HEFCDAB89
  62. Regs.C = &H98BADCFE
  63. Regs.D = &H10325476
  64. End Sub

  65. Sub MD5_DigestChunk(Regs As MD5Reg_t, ByVal ChunkPtr As Long)
  66. On Local Error GoTo ErrHandler

  67. CallProcPtr m_MD5_DigestChunkCore(0), Regs, ChunkPtr, 0, 0

  68. Exit Sub
  69. ErrHandler:
  70.     InitMD5Lib
  71.     CallProcPtr m_MD5_DigestChunkCore(0), Regs, ChunkPtr, 0, 0
  72.     Resume Next
  73. End Sub

  74. Sub Int64Mul32(ByVal Result_Ptr As Long, ByVal Number64_Low As Long, ByVal Number64_High As Long, ByVal Numerator As Long)
  75. On Local Error GoTo ErrHandler
  76. CallProcPtr m_32Mul64Core(0), ByVal Result_Ptr, Number64_Low, Number64_High, Numerator
  77. Exit Sub
  78. ErrHandler:
  79.     InitMD5Lib
  80.     CallProcPtr m_32Mul64Core(0), ByVal Result_Ptr, Number64_Low, Number64_High, Numerator
  81.     Resume Next
  82. End Sub

  83. Sub MD5_TailChunk(Regs As MD5Reg_t, ByVal ChunkPtr As Long, ByVal RestLen As Long, ByVal TotalSizeLow As Long, ByVal TotalSizeHigh As Long)
  84. Dim PadBuf(63) As Byte
  85. If RestLen Then CopyMemory PadBuf(0), ByVal ChunkPtr, RestLen
  86. PadBuf(RestLen) = &H80&
  87. RestLen = RestLen + 1

  88. If RestLen < 56 Then
  89.     Int64Mul32 VarPtr(PadBuf(56)), TotalSizeLow, TotalSizeHigh, 8
  90.     MD5_DigestChunk Regs, VarPtr(PadBuf(0))
  91. Else
  92.     MD5_DigestChunk Regs, VarPtr(PadBuf(0))
  93.     ZeroMemory PadBuf(0), 64
  94.     Int64Mul32 VarPtr(PadBuf(56)), TotalSizeLow, TotalSizeHigh, 8
  95.     MD5_DigestChunk Regs, VarPtr(PadBuf(0))
  96. End If
  97. End Sub

  98. Sub MD5_Sum(ByVal DataPtr As Long, ByVal DataLen As Long, MD5Out() As Long)
  99. Dim Regs As MD5Reg_t
  100. MD5_Init Regs

  101. Dim CurPtr As Long
  102. Dim RestLen As Long

  103. CurPtr = DataPtr
  104. RestLen = DataLen

  105. Do While RestLen >= 64
  106.     MD5_DigestChunk Regs, CurPtr
  107.     CurPtr = CurPtr + 64
  108.     RestLen = RestLen - 64
  109. Loop

  110. MD5_TailChunk Regs, CurPtr, RestLen, DataLen, 0

  111. MD5Out(0) = Regs.A
  112. MD5Out(1) = Regs.B
  113. MD5Out(2) = Regs.C
  114. MD5Out(3) = Regs.D
  115. End Sub

  116. Function MD5_ToString(MD5Hash() As Long) As String
  117. MD5_ToString = Right$("0000000" & Hex$(BSWAPD(MD5Hash(0))), 8) & Right$("0000000" & Hex$(BSWAPD(MD5Hash(1))), 8) & Right$("0000000" & Hex$(BSWAPD(MD5Hash(2))), 8) & Right$("0000000" & Hex$(BSWAPD(MD5Hash(3))), 8)
  118. End Function

  119. Function MD5_String(StrSrc As String) As String
  120. Dim Result(3) As Long
  121. MD5_Sum StrPtr(StrSrc), LenB(StrSrc), Result
  122. MD5_String = MD5_ToString(Result)
  123. End Function

  124. Function MD5_StringA(StrSrc As String) As String
  125. Dim Result(3) As Long
  126. If Len(StrSrc) Then
  127.     Dim ABuf() As Byte
  128.     ABuf = StrConv(StrSrc, vbFromUnicode)
  129.     MD5_Sum VarPtr(ABuf(0)), UBound(ABuf) + 1, Result
  130. Else
  131.     MD5_Sum 0, 0, Result
  132. End If
  133. MD5_StringA = MD5_ToString(Result)
  134. End Function
复制代码
不过,其实真正比较能看的地方就是汇编的部分,个人感觉还是可以拿出来当作典范的,因为不仅省略了帧指针,而且你还可以中途随便push pop,因为我使用一系列的宏来定位局部变量、参数等。即使我用了一万个宏,还“重写”了两个本来是指令的“指令”,但个人感觉写汇编的话这种还是属于好看的那种。
  1. bits 32

  2. %assign Stack_Usage 0
  3. %define Local_Var_Count 4
  4. %define Local_Var_Size (Local_Var_Count * 4)
  5. %define Local_Var(x) (esp + (Stack_Usage + x) * 4)
  6. %define Param(x) (esp + (Stack_Usage + Local_Var_Count + x + 1) * 4)
  7. %define TmpVar edx

  8. %macro push 1
  9. push %1
  10. %assign Stack_Usage Stack_Usage + 1
  11. %endmacro

  12. %macro pop 1
  13. pop %1
  14. %assign Stack_Usage Stack_Usage - 1
  15. %endmacro

  16. ;F(ret,x,y,z)
  17. %imacro F 4
  18. mov %1, %2
  19. and %1, %3
  20. mov TmpVar, %1
  21. mov %1, %2
  22. not %1
  23. and %1, %4
  24. or %1, TmpVar
  25. %endmacro

  26. ;G(ret,x,y,z)
  27. %imacro G 4
  28. mov %1, %2
  29. and %1, %4
  30. mov TmpVar, %1
  31. mov %1, %4
  32. not %1
  33. and %1, %3
  34. or %1, TmpVar
  35. %endmacro

  36. ;H(ret,x,y,z)
  37. %imacro H 4
  38. mov %1, %2
  39. xor %1, %3
  40. xor %1, %4
  41. %endmacro

  42. ;I(ret,x,y,z)
  43. %imacro I 4
  44. mov %1, %4
  45. not %1
  46. or %1, %2
  47. xor %1, %3
  48. %endmacro

  49. %imacro FF 8
  50. F %1, %3, %4 ,%5
  51. add %1, %2
  52. add %1, %6
  53. add %1, %8
  54. rol %1, %7
  55. add %1, %3
  56. %endmacro

  57. %imacro GG 8
  58. G %1, %3, %4 ,%5
  59. add %1, %2
  60. add %1, %6
  61. add %1, %8
  62. rol %1, %7
  63. add %1, %3
  64. %endmacro

  65. %imacro HH 8
  66. H %1, %3, %4 ,%5
  67. add %1, %2
  68. add %1, %6
  69. add %1, %8
  70. rol %1, %7
  71. add %1, %3
  72. %endmacro

  73. %imacro II 8
  74. I %1, %3, %4 ,%5
  75. add %1, %2
  76. add %1, %6
  77. add %1, %8
  78. rol %1, %7
  79. add %1, %3
  80. %endmacro

  81. ;void MD5_DigestChunk(uint32_t *MD5_Registers, void *pData, void *Preserved1, void *Preserved2);
  82. _MD5_DigestChunk@16:

  83. sub esp, Local_Var_Size
  84. push esi
  85. push edi

  86. mov esi, [Param(0)]
  87. lea edi, [Local_Var(0)]
  88. mov ecx, 4
  89. rep movsd

  90. mov esi, [Param(1)]

  91. FF eax, [Local_Var(0)], [Local_Var(1)], [Local_Var(2)], [Local_Var(3)], [esi + 0x0 * 4], 0x07, 0xD76AA478
  92. mov [Local_Var(0)], eax
  93. FF eax, [Local_Var(3)], [Local_Var(0)], [Local_Var(1)], [Local_Var(2)], [esi + 0x1 * 4], 0x0C, 0xE8C7B756
  94. mov [Local_Var(3)], eax
  95. FF eax, [Local_Var(2)], [Local_Var(3)], [Local_Var(0)], [Local_Var(1)], [esi + 0x2 * 4], 0x11, 0x242070DB
  96. mov [Local_Var(2)], eax
  97. FF eax, [Local_Var(1)], [Local_Var(2)], [Local_Var(3)], [Local_Var(0)], [esi + 0x3 * 4], 0x16, 0xC1BDCEEE
  98. mov [Local_Var(1)], eax
  99. FF eax, [Local_Var(0)], [Local_Var(1)], [Local_Var(2)], [Local_Var(3)], [esi + 0x4 * 4], 0x07, 0xF57C0FAF
  100. mov [Local_Var(0)], eax
  101. FF eax, [Local_Var(3)], [Local_Var(0)], [Local_Var(1)], [Local_Var(2)], [esi + 0x5 * 4], 0x0C, 0x4787C62A
  102. mov [Local_Var(3)], eax
  103. FF eax, [Local_Var(2)], [Local_Var(3)], [Local_Var(0)], [Local_Var(1)], [esi + 0x6 * 4], 0x11, 0xA8304613
  104. mov [Local_Var(2)], eax
  105. FF eax, [Local_Var(1)], [Local_Var(2)], [Local_Var(3)], [Local_Var(0)], [esi + 0x7 * 4], 0x16, 0xFD469501
  106. mov [Local_Var(1)], eax
  107. FF eax, [Local_Var(0)], [Local_Var(1)], [Local_Var(2)], [Local_Var(3)], [esi + 0x8 * 4], 0x07, 0x698098D8
  108. mov [Local_Var(0)], eax
  109. FF eax, [Local_Var(3)], [Local_Var(0)], [Local_Var(1)], [Local_Var(2)], [esi + 0x9 * 4], 0x0C, 0x8B44F7AF
  110. mov [Local_Var(3)], eax
  111. FF eax, [Local_Var(2)], [Local_Var(3)], [Local_Var(0)], [Local_Var(1)], [esi + 0xA * 4], 0x11, 0xFFFF5BB1
  112. mov [Local_Var(2)], eax
  113. FF eax, [Local_Var(1)], [Local_Var(2)], [Local_Var(3)], [Local_Var(0)], [esi + 0xB * 4], 0x16, 0x895CD7BE
  114. mov [Local_Var(1)], eax
  115. FF eax, [Local_Var(0)], [Local_Var(1)], [Local_Var(2)], [Local_Var(3)], [esi + 0xC * 4], 0x07, 0x6B901122
  116. mov [Local_Var(0)], eax
  117. FF eax, [Local_Var(3)], [Local_Var(0)], [Local_Var(1)], [Local_Var(2)], [esi + 0xD * 4], 0x0C, 0xFD987193
  118. mov [Local_Var(3)], eax
  119. FF eax, [Local_Var(2)], [Local_Var(3)], [Local_Var(0)], [Local_Var(1)], [esi + 0xE * 4], 0x11, 0xA679438E
  120. mov [Local_Var(2)], eax
  121. FF eax, [Local_Var(1)], [Local_Var(2)], [Local_Var(3)], [Local_Var(0)], [esi + 0xF * 4], 0x16, 0x49B40821
  122. mov [Local_Var(1)], eax

  123. GG eax, [Local_Var(0)], [Local_Var(1)], [Local_Var(2)], [Local_Var(3)], [esi + 0x1 * 4], 0x05, 0xF61E2562
  124. mov [Local_Var(0)], eax
  125. GG eax, [Local_Var(3)], [Local_Var(0)], [Local_Var(1)], [Local_Var(2)], [esi + 0x6 * 4], 0x09, 0xC040B340
  126. mov [Local_Var(3)], eax
  127. GG eax, [Local_Var(2)], [Local_Var(3)], [Local_Var(0)], [Local_Var(1)], [esi + 0xB * 4], 0x0E, 0x265E5A51
  128. mov [Local_Var(2)], eax
  129. GG eax, [Local_Var(1)], [Local_Var(2)], [Local_Var(3)], [Local_Var(0)], [esi + 0x0 * 4], 0x14, 0xE9B6C7AA
  130. mov [Local_Var(1)], eax
  131. GG eax, [Local_Var(0)], [Local_Var(1)], [Local_Var(2)], [Local_Var(3)], [esi + 0x5 * 4], 0x05, 0xD62F105D
  132. mov [Local_Var(0)], eax
  133. GG eax, [Local_Var(3)], [Local_Var(0)], [Local_Var(1)], [Local_Var(2)], [esi + 0xA * 4], 0x09, 0x02441453
  134. mov [Local_Var(3)], eax
  135. GG eax, [Local_Var(2)], [Local_Var(3)], [Local_Var(0)], [Local_Var(1)], [esi + 0xF * 4], 0x0E, 0xD8A1E681
  136. mov [Local_Var(2)], eax
  137. GG eax, [Local_Var(1)], [Local_Var(2)], [Local_Var(3)], [Local_Var(0)], [esi + 0x4 * 4], 0x14, 0xE7D3FBC8
  138. mov [Local_Var(1)], eax
  139. GG eax, [Local_Var(0)], [Local_Var(1)], [Local_Var(2)], [Local_Var(3)], [esi + 0x9 * 4], 0x05, 0x21E1CDE6
  140. mov [Local_Var(0)], eax
  141. GG eax, [Local_Var(3)], [Local_Var(0)], [Local_Var(1)], [Local_Var(2)], [esi + 0xE * 4], 0x09, 0xC33707D6
  142. mov [Local_Var(3)], eax
  143. GG eax, [Local_Var(2)], [Local_Var(3)], [Local_Var(0)], [Local_Var(1)], [esi + 0x3 * 4], 0x0E, 0xF4D50D87
  144. mov [Local_Var(2)], eax
  145. GG eax, [Local_Var(1)], [Local_Var(2)], [Local_Var(3)], [Local_Var(0)], [esi + 0x8 * 4], 0x14, 0x455A14ED
  146. mov [Local_Var(1)], eax
  147. GG eax, [Local_Var(0)], [Local_Var(1)], [Local_Var(2)], [Local_Var(3)], [esi + 0xD * 4], 0x05, 0xA9E3E905
  148. mov [Local_Var(0)], eax
  149. GG eax, [Local_Var(3)], [Local_Var(0)], [Local_Var(1)], [Local_Var(2)], [esi + 0x2 * 4], 0x09, 0xFCEFA3F8
  150. mov [Local_Var(3)], eax
  151. GG eax, [Local_Var(2)], [Local_Var(3)], [Local_Var(0)], [Local_Var(1)], [esi + 0x7 * 4], 0x0E, 0x676F02D9
  152. mov [Local_Var(2)], eax
  153. GG eax, [Local_Var(1)], [Local_Var(2)], [Local_Var(3)], [Local_Var(0)], [esi + 0xC * 4], 0x14, 0x8D2A4C8A
  154. mov [Local_Var(1)], eax

  155. HH eax, [Local_Var(0)], [Local_Var(1)], [Local_Var(2)], [Local_Var(3)], [esi + 0x5 * 4], 0x04, 0xFFFA3942
  156. mov [Local_Var(0)], eax
  157. HH eax, [Local_Var(3)], [Local_Var(0)], [Local_Var(1)], [Local_Var(2)], [esi + 0x8 * 4], 0x0B, 0x8771F681
  158. mov [Local_Var(3)], eax
  159. HH eax, [Local_Var(2)], [Local_Var(3)], [Local_Var(0)], [Local_Var(1)], [esi + 0xB * 4], 0x10, 0x6D9D6122
  160. mov [Local_Var(2)], eax
  161. HH eax, [Local_Var(1)], [Local_Var(2)], [Local_Var(3)], [Local_Var(0)], [esi + 0xE * 4], 0x17, 0xFDE5380C
  162. mov [Local_Var(1)], eax
  163. HH eax, [Local_Var(0)], [Local_Var(1)], [Local_Var(2)], [Local_Var(3)], [esi + 0x1 * 4], 0x04, 0xA4BEEA44
  164. mov [Local_Var(0)], eax
  165. HH eax, [Local_Var(3)], [Local_Var(0)], [Local_Var(1)], [Local_Var(2)], [esi + 0x4 * 4], 0x0B, 0x4BDECFA9
  166. mov [Local_Var(3)], eax
  167. HH eax, [Local_Var(2)], [Local_Var(3)], [Local_Var(0)], [Local_Var(1)], [esi + 0x7 * 4], 0x10, 0xF6BB4B60
  168. mov [Local_Var(2)], eax
  169. HH eax, [Local_Var(1)], [Local_Var(2)], [Local_Var(3)], [Local_Var(0)], [esi + 0xA * 4], 0x17, 0xBEBFBC70
  170. mov [Local_Var(1)], eax
  171. HH eax, [Local_Var(0)], [Local_Var(1)], [Local_Var(2)], [Local_Var(3)], [esi + 0xD * 4], 0x04, 0x289B7EC6
  172. mov [Local_Var(0)], eax
  173. HH eax, [Local_Var(3)], [Local_Var(0)], [Local_Var(1)], [Local_Var(2)], [esi + 0x0 * 4], 0x0B, 0xEAA127FA
  174. mov [Local_Var(3)], eax
  175. HH eax, [Local_Var(2)], [Local_Var(3)], [Local_Var(0)], [Local_Var(1)], [esi + 0x3 * 4], 0x10, 0xD4EF3085
  176. mov [Local_Var(2)], eax
  177. HH eax, [Local_Var(1)], [Local_Var(2)], [Local_Var(3)], [Local_Var(0)], [esi + 0x6 * 4], 0x17, 0x04881D05
  178. mov [Local_Var(1)], eax
  179. HH eax, [Local_Var(0)], [Local_Var(1)], [Local_Var(2)], [Local_Var(3)], [esi + 0x9 * 4], 0x04, 0xD9D4D039
  180. mov [Local_Var(0)], eax
  181. HH eax, [Local_Var(3)], [Local_Var(0)], [Local_Var(1)], [Local_Var(2)], [esi + 0xC * 4], 0x0B, 0xE6DB99E5
  182. mov [Local_Var(3)], eax
  183. HH eax, [Local_Var(2)], [Local_Var(3)], [Local_Var(0)], [Local_Var(1)], [esi + 0xF * 4], 0x10, 0x1FA27CF8
  184. mov [Local_Var(2)], eax
  185. HH eax, [Local_Var(1)], [Local_Var(2)], [Local_Var(3)], [Local_Var(0)], [esi + 0x2 * 4], 0x17, 0xC4AC5665
  186. mov [Local_Var(1)], eax

  187. II eax, [Local_Var(0)], [Local_Var(1)], [Local_Var(2)], [Local_Var(3)], [esi + 0x0 * 4], 0x06, 0xF4292244
  188. mov [Local_Var(0)], eax
  189. II eax, [Local_Var(3)], [Local_Var(0)], [Local_Var(1)], [Local_Var(2)], [esi + 0x7 * 4], 0x0A, 0x432AFF97
  190. mov [Local_Var(3)], eax
  191. II eax, [Local_Var(2)], [Local_Var(3)], [Local_Var(0)], [Local_Var(1)], [esi + 0xE * 4], 0x0F, 0xAB9423A7
  192. mov [Local_Var(2)], eax
  193. II eax, [Local_Var(1)], [Local_Var(2)], [Local_Var(3)], [Local_Var(0)], [esi + 0x5 * 4], 0x15, 0xFC93A039
  194. mov [Local_Var(1)], eax
  195. II eax, [Local_Var(0)], [Local_Var(1)], [Local_Var(2)], [Local_Var(3)], [esi + 0xC * 4], 0x06, 0x655B59C3
  196. mov [Local_Var(0)], eax
  197. II eax, [Local_Var(3)], [Local_Var(0)], [Local_Var(1)], [Local_Var(2)], [esi + 0x3 * 4], 0x0A, 0x8F0CCC92
  198. mov [Local_Var(3)], eax
  199. II eax, [Local_Var(2)], [Local_Var(3)], [Local_Var(0)], [Local_Var(1)], [esi + 0xA * 4], 0x0F, 0xFFEFF47D
  200. mov [Local_Var(2)], eax
  201. II eax, [Local_Var(1)], [Local_Var(2)], [Local_Var(3)], [Local_Var(0)], [esi + 0x1 * 4], 0x15, 0x85845DD1
  202. mov [Local_Var(1)], eax
  203. II eax, [Local_Var(0)], [Local_Var(1)], [Local_Var(2)], [Local_Var(3)], [esi + 0x8 * 4], 0x06, 0x6FA87E4F
  204. mov [Local_Var(0)], eax
  205. II eax, [Local_Var(3)], [Local_Var(0)], [Local_Var(1)], [Local_Var(2)], [esi + 0xF * 4], 0x0A, 0xFE2CE6E0
  206. mov [Local_Var(3)], eax
  207. II eax, [Local_Var(2)], [Local_Var(3)], [Local_Var(0)], [Local_Var(1)], [esi + 0x6 * 4], 0x0F, 0xA3014314
  208. mov [Local_Var(2)], eax
  209. II eax, [Local_Var(1)], [Local_Var(2)], [Local_Var(3)], [Local_Var(0)], [esi + 0xD * 4], 0x15, 0x4E0811A1
  210. mov [Local_Var(1)], eax
  211. II eax, [Local_Var(0)], [Local_Var(1)], [Local_Var(2)], [Local_Var(3)], [esi + 0x4 * 4], 0x06, 0xF7537E82
  212. mov [Local_Var(0)], eax
  213. II eax, [Local_Var(3)], [Local_Var(0)], [Local_Var(1)], [Local_Var(2)], [esi + 0xB * 4], 0x0A, 0xBD3AF235
  214. mov [Local_Var(3)], eax
  215. II eax, [Local_Var(2)], [Local_Var(3)], [Local_Var(0)], [Local_Var(1)], [esi + 0x2 * 4], 0x0F, 0x2AD7D2BB
  216. mov [Local_Var(2)], eax
  217. II eax, [Local_Var(1)], [Local_Var(2)], [Local_Var(3)], [Local_Var(0)], [esi + 0x9 * 4], 0x15, 0xEB86D391
  218. mov [Local_Var(1)], eax

  219. lea esi, [Local_Var(0)]
  220. mov edi, [Param(0)]
  221. mov ecx, 4
  222. .AddOut:
  223. lodsd
  224. add eax, [edi]
  225. stosd
  226. loop .AddOut

  227. pop edi
  228. pop esi
  229. add esp, Local_Var_Size

  230. ret 16

  231. times 16 - ($ - $$) % 16 nop
复制代码



回复

使用道具 举报

发表于 2020-7-5 05:44:37 | 显示全部楼层
也可以使用ntdll的api RtlLargeInteger
.........
  之类的移位运算
回复 赞! 1 靠! 1

使用道具 举报

发表于 2020-7-4 22:53:32 | 显示全部楼层
我之前写过VB6的位移运算模块
回复 赞! 靠!

使用道具 举报

 楼主| 发表于 2020-7-6 15:41:50 | 显示全部楼层
系统消息 发表于 2020-7-4 22:53
我之前写过VB6的位移运算模块

WANTED

求分享
回复 赞! 靠!

使用道具 举报

发表于 2020-7-6 19:31:39 | 显示全部楼层

vb6有个内联汇编插件挺好玩的
回复 赞! 靠!

使用道具 举报

 楼主| 发表于 2020-7-6 20:38:55 | 显示全部楼层
Ayala 发表于 2020-7-6 19:31
vb6有个内联汇编插件挺好玩的

哦,用过,兴趣不大。就算是现场编译,跑的时候都是必须走CallWindowProc还要传递4个参数。支持的指令也就那几个。
回复 赞! 靠!

使用道具 举报

发表于 2020-7-6 21:44:03 | 显示全部楼层

分享好了:https://www.0xaa55.com/thread-26026-1-1.html
回复 赞! 靠!

使用道具 举报

发表于 2020-7-6 23:34:38 | 显示全部楼层
0xAA55 发表于 2020-7-6 20:38
哦,用过,兴趣不大。就算是现场编译,跑的时候都是必须走CallWindowProc还要传递4个参数。支持的指令也 ...

看来用的不是同一个,我记得之前用的那个是外部调用ml编译的,hook的vb6,修改的build参数
回复 赞! 靠!

使用道具 举报

 楼主| 发表于 2020-7-7 23:22:29 | 显示全部楼层
Ayala 发表于 2020-7-6 23:34
看来用的不是同一个,我记得之前用的那个是外部调用ml编译的,hook的vb6,修改的build参数 ...

哦。这不是常规操作么。加入自己的OBJ。
回复 赞! 靠!

使用道具 举报

发表于 2020-7-8 18:58:44 | 显示全部楼层
0xAA55 发表于 2020-7-7 23:22
哦。这不是常规操作么。加入自己的OBJ。

不过之前用的内联汇编可以任意位置内联的,除了不定参数外的函数也都支持

  1. Private Sub foo()
  2. 'xor eax,eax
  3. End Sub
  4. Private Function foo(a As Integer)
  5.     'mov eax,a
  6. End Function
  7. Private Function foo(a As Integer)
  8.     Dim m, n As Integer
  9.    
  10.     For m = 0 To 3
  11.         If m > 2 Then
  12.         'mov eax,m
  13.         'add eax,n
  14.         'add eax,a
  15.         End If
  16.     Next
  17. End Function
复制代码

三种都是支持的,肯定不是单纯添加obj那么简单的东西
回复 赞! 靠!

使用道具 举报

 楼主| 发表于 2020-7-9 01:22:10 | 显示全部楼层
Ayala 发表于 2020-7-8 18:58
不过之前用的内联汇编可以任意位置内联的,除了不定参数外的函数也都支持
[code]
Private ...

这个有点厉害啊!
回复 赞! 靠!

使用道具 举报

发表于 2020-7-9 08:44:34 | 显示全部楼层
0xAA55 发表于 2020-7-9 01:22
这个有点厉害啊!

不知道怎么实现的,我有个大体思路,源代码有asm部分填充无用的有特征性的vb代码,然后编译生成asm文件,将特征部分的代码改成内联汇编代码(符号部分处理起来一点也不简单,需要很清楚了解vb的各种符号,可能需要启发式搜索引擎)然后再编译
回复 赞! 靠!

使用道具 举报

本版积分规则

QQ|Archiver|小黑屋|技术宅的结界 ( 滇ICP备16008837号 )|网站地图

GMT+8, 2024-12-21 20:17 , Processed in 0.043123 second(s), 29 queries , Gzip On.

Powered by Discuz! X3.5

© 2001-2024 Discuz! Team.

快速回复 返回顶部 返回列表