能力值:
( LV4,RANK:50 )
|
-
-
5 楼
;
; 赏屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯?
; ?This file is generated by The Interactive Disassembler (IDA) ?
; ?Copyright (c) 2006 by DataRescue sa/nv, <ida@datarescue.com> ?
; ?Licensed to: Paul Ashton - Blue Lane Technologies (1-user Advanced 03/2006) ?s
; 韧屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯?
;
sub_C01E0DF0 proc near
var_118= dword ptr -118h
var_114= dword ptr -114h
var_110= dword ptr -110h
var_108= dword ptr -108h
arg_0= dword ptr 0Ch
push ebp
mov eax, 0FFFFE000h
push edi
mov edi, 0C05430A0h
push esi
push ebx
sub esp, 110h
mov ebx, 360h
mov esi, [esp+118h+arg_0]
and eax, esp
mov edx, esi
add edx, ebx
sbb ecx, ecx
cmp [eax+0Ch], edx
sbb ecx, 0
test ecx, ecx
jnz loc_C01E1292
mov ecx, 0D8h
loc_C01E0E2B:
rep movsd
mov ebx, ecx
loc_C01E0E2F:
test ebx, ebx
mov eax, 0FFFFFFF2h
jnz loc_C01E1110
mov eax, 10h
mov ecx, 0C05433C0h
xor ebx, ebx
mov ds:0C054B700h, eax
xor esi, esi
mov edi, 38h
loc_C01E0E54:
movzx edx, byte ptr [ecx]
inc ecx
add esi, 8
movzx eax, byte ptr [ecx]
inc ecx
shl eax, 8
or edx, eax
movzx eax, byte ptr [ecx]
inc ecx
shl eax, 10h
or edx, eax
movzx eax, byte ptr [ecx]
inc ecx
shl eax, 18h
or edx, eax
mov [esp+ebx*4+118h+var_108], edx
inc ebx
movzx edx, byte ptr [ecx]
inc ecx
movzx eax, byte ptr [ecx]
inc ecx
shl eax, 8
or edx, eax
movzx eax, byte ptr [ecx]
inc ecx
shl eax, 10h
or edx, eax
movzx eax, byte ptr [ecx]
inc ecx
shl eax, 18h
or edx, eax
mov [esp+ebx*4+118h+var_108], edx
inc ebx
cmp esi, edi
jle short loc_C01E0E54
mov eax, 0B7E15163h
mov edx, 0C054B704h
add edx, 4
mov ds:0C054B704h, eax
mov esi, 21h
lea esi, [esi+0]
loc_C01E0EC0:
mov eax, [edx-4]
sub eax, 61C88647h
mov [edx], eax
add edx, 4
dec esi
jnz short loc_C01E0EC0
mov eax, 10h
cmp eax, 22h
mov ebx, 22h
cmovge ebx, eax
xor edi, edi
lea eax, [ebx+ebx*2]
xor edx, edx
xor ebp, ebp
xor ebx, ebx
test eax, eax
jz short loc_C01E0F38
mov esi, eax
loc_C01E0EF1:
mov eax, ds:0C054B704h[edx*4]
mov ecx, 3
add edi, eax
lea eax, [ebp+edi+0]
rol eax, cl
mov ds:0C054B704h[edx*4], eax
lea ecx, [ebp+eax+0]
mov edi, eax
mov eax, [esp+ebx*4+118h+var_108]
inc edx
add eax, edi
add eax, ebp
rol eax, cl
cmp edx, 22h
mov ebp, eax
mov [esp+ebx*4+118h+var_108], eax
mov eax, 0
cmovge edx, eax
inc ebx
cmp ebx, 10h
cmovge ebx, eax
dec esi
jnz short loc_C01E0EF1
loc_C01E0F38:
xor ebp, ebp
lea ebx, [esp+118h+var_110]
mov esi, esi
loc_C01E0F40:
movzx edx, byte ptr [ebp-3FABCF60h]
lea edi, [ebp-3FABCF60h]
lea ecx, [edi+1]
mov [esp+118h+var_114], ecx
movzx eax, byte ptr [edi+1]
shl eax, 8
or edx, eax
movzx eax, byte ptr [edi+2]
shl eax, 10h
or edx, eax
movzx eax, byte ptr [edi+3]
shl eax, 18h
or edx, eax
mov [esp+118h+var_110], edx
mov ecx, edx
movzx eax, byte ptr [edi+5]
movzx edx, byte ptr [edi+4]
shl eax, 8
or edx, eax
movzx eax, byte ptr [edi+6]
shl eax, 10h
or edx, eax
movzx eax, byte ptr [edi+7]
shl eax, 18h
or edx, eax
mov eax, ecx
mov [ebx+4], edx
mov esi, ds:0C054B700h
mov [esp+118h+var_118], edx
cmp esi, 10h
jz loc_C01E11A0
cmp esi, 0Ch
jz loc_C01E1120
loc_C01E0FB4:
mov edx, ds:0C054B748h
mov ecx, eax
mov esi, ds:0C054B744h
sub [esp+118h+var_118], edx
mov edx, [esp+118h+var_118]
ror edx, cl
xor edx, eax
sub eax, esi
mov esi, ds:0C054B734h
mov ecx, edx
ror eax, cl
xor eax, edx
mov edx, ds:0C054B740h
sub ecx, edx
mov edx, ecx
mov ecx, eax
ror edx, cl
mov ecx, ds:0C054B73Ch
xor edx, eax
sub eax, ecx
mov ecx, edx
ror eax, cl
xor eax, edx
mov edx, ds:0C054B738h
sub ecx, edx
mov edx, ecx
mov ecx, eax
ror edx, cl
xor edx, eax
sub eax, esi
mov esi, ds:0C054B724h
mov ecx, edx
ror eax, cl
xor eax, edx
mov edx, ds:0C054B730h
sub ecx, edx
mov edx, ecx
mov ecx, eax
ror edx, cl
mov ecx, ds:0C054B72Ch
xor edx, eax
sub eax, ecx
mov ecx, edx
ror eax, cl
xor eax, edx
mov edx, ds:0C054B728h
sub ecx, edx
mov edx, ecx
mov ecx, eax
ror edx, cl
xor edx, eax
sub eax, esi
mov esi, ds:0C054B714h
mov ecx, edx
ror eax, cl
xor eax, edx
mov edx, ds:0C054B720h
sub ecx, edx
mov edx, ecx
mov ecx, eax
ror edx, cl
mov ecx, ds:0C054B71Ch
xor edx, eax
sub eax, ecx
add ebp, 8
mov ecx, edx
ror eax, cl
xor eax, edx
mov edx, ds:0C054B718h
sub ecx, edx
mov edx, ecx
mov ecx, eax
ror edx, cl
xor edx, eax
sub eax, esi
mov ecx, edx
ror eax, cl
xor eax, edx
mov edx, ds:0C054B710h
sub ecx, edx
mov edx, ecx
mov ecx, eax
ror edx, cl
mov ecx, ds:0C054B70Ch
xor edx, eax
mov [esp+118h+var_118], edx
sub eax, ecx
mov ecx, edx
ror eax, cl
xor eax, edx
mov edx, ds:0C054B704h
sub eax, edx
mov [ebx], eax
mov eax, ds:0C054B708h
sub ecx, eax
mov [ebx+4], ecx
mov edx, [esp+118h+var_110]
mov [edi], dl
shr edx, 8
mov edi, [esp+118h+var_114]
mov [edi], dl
shr edx, 8
inc edi
mov [edi], dl
shr edx, 8
inc edi
mov [edi], dl
inc edi
mov edx, [ebx+4]
mov [edi], dl
shr edx, 8
inc edi
mov [edi], dl
shr edx, 8
inc edi
mov [edi], dl
shr edx, 8
cmp ebp, 320h
mov [edi+1], dl
mov dword ptr [ebx+4], 0
mov [esp+118h+var_110], 0
jl loc_C01E0F40
xor eax, eax
loc_C01E1110:
add esp, 110h
pop ebx
pop esi
pop edi
pop ebp
retn
align 10h
loc_C01E1120:
mov ecx, ds:0C054B768h
mov esi, ds:0C054B764h
sub edx, ecx
mov ecx, eax
ror edx, cl
xor edx, eax
sub eax, esi
mov esi, ds:0C054B754h
mov ecx, edx
ror eax, cl
xor eax, edx
mov edx, ds:0C054B760h
sub ecx, edx
mov edx, ecx
mov ecx, eax
ror edx, cl
mov ecx, ds:0C054B75Ch
xor edx, eax
sub eax, ecx
mov ecx, edx
ror eax, cl
xor eax, edx
mov edx, ds:0C054B758h
sub ecx, edx
mov edx, ecx
mov ecx, eax
ror edx, cl
xor edx, eax
sub eax, esi
mov ecx, edx
ror eax, cl
xor eax, edx
mov edx, ds:0C054B750h
sub ecx, edx
mov edx, ecx
mov ecx, eax
ror edx, cl
mov ecx, ds:0C054B74Ch
xor edx, eax
mov [esp+118h+var_118], edx
sub eax, ecx
mov ecx, edx
ror eax, cl
loc_C01E1197:
xor eax, ecx
jmp loc_C01E0FB4
align 10h
loc_C01E11A0:
mov esi, ds:0C054B788h
sub edx, esi
mov esi, ds:0C054B77Ch
ror edx, cl
xor edx, ecx
mov ecx, ds:0C054B784h
sub eax, ecx
mov ecx, edx
ror eax, cl
xor eax, edx
mov edx, ds:0C054B780h
sub ecx, edx
mov edx, ecx
mov ecx, eax
ror edx, cl
xor edx, eax
sub eax, esi
mov esi, ds:0C054B76Ch
mov ecx, edx
ror eax, cl
xor eax, edx
mov edx, ds:0C054B778h
sub ecx, edx
mov edx, ecx
mov ecx, eax
ror edx, cl
mov ecx, ds:0C054B774h
xor edx, eax
sub eax, ecx
mov ecx, edx
ror eax, cl
xor eax, edx
mov edx, ds:0C054B770h
sub ecx, edx
mov edx, ecx
mov ecx, eax
ror edx, cl
xor edx, eax
sub eax, esi
mov esi, ds:0C054B75Ch
mov ecx, edx
ror eax, cl
xor eax, edx
mov edx, ds:0C054B768h
sub ecx, edx
mov edx, ecx
mov ecx, eax
ror edx, cl
mov ecx, ds:0C054B764h
xor edx, eax
sub eax, ecx
mov ecx, edx
ror eax, cl
xor eax, edx
mov edx, ds:0C054B760h
sub ecx, edx
mov edx, ecx
mov ecx, eax
ror edx, cl
xor edx, eax
sub eax, esi
mov esi, ds:0C054B74Ch
mov ecx, edx
ror eax, cl
xor eax, edx
mov edx, ds:0C054B758h
sub ecx, edx
mov edx, ecx
mov ecx, eax
ror edx, cl
mov ecx, ds:0C054B754h
xor edx, eax
sub eax, ecx
mov ecx, edx
ror eax, cl
xor eax, edx
mov edx, ds:0C054B750h
sub ecx, edx
mov edx, ecx
mov ecx, eax
ror edx, cl
xor edx, eax
sub eax, esi
mov ecx, edx
ror eax, cl
mov [esp+118h+var_118], edx
jmp loc_C01E1197
loc_C01E1292:
xor eax, eax
mov ecx, 0D8h
rep stosd
jmp loc_C01E0E2F
sub_C01E0DF0 endp
这是从linux内核中反编译出来的关键函数的代码.
这段代码把从用户空间传来的0x360字节的注册信息文件内容进行计算,然后把结果保存在某个地方.
然后在另外的函数中根据计算的结果开启特定的功能.
但是我在这段代码中完全看不出什么来.
不知道ds:0C054B700h这个有没有问题?
|
如果是硬盘很小的那种。工控设备之类的。可以考虑直接用 复制硬盘所有底层信息的方式绕过...也就是每个硬盘都是同一个编号
