第一次在看雪发言!
由于毕业论文的关系,和楼主做了同样的事情。用ror对字符串加密!不过我从metasploit上得到的相应汇编代码(2feK9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8X3#2W2N6r3q4K6M7r3I4G2K9i4c8Q4x3X3g2U0L8$3#2Q4x3V1k6K6K9r3g2D9L8r3y4G2k6r3g2Q4x3V1k6%4K9h3&6V1L8%4N6K6i4K6u0r3i4K6t1&6i4K6u0W2i4@1f1^5i4@1q4r3i4@1p5#2i4@1f1%4i4@1u0p5i4K6V1I4i4@1f1&6i4@1p5I4i4@1t1#2i4@1f1@1i4@1t1^5i4K6S2m8i4@1g2r3i4@1u0o6i4K6S2o6i4@1f1#2i4K6R3#2i4@1t1$3i4@1f1@1i4@1u0n7i4K6V1$3i4@1f1#2i4K6R3%4i4@1p5H3i4@1f1@1i4@1t1^5i4@1q4m8i4@1f1#2i4@1t1%4i4@1p5#2i4@1f1#2i4K6R3#2i4@1t1%4i4@1f1@1i4@1t1&6i4K6W2r3i4@1f1$3i4K6V1^5i4@1q4r3i4@1f1%4i4K6V1@1i4@1p5^5i4@1f1%4i4K6W2n7i4@1t1^5i4@1f1#2i4K6V1H3i4K6S2o6i4@1f1%4i4K6W2m8i4K6R3@1i4@1f1#2i4K6S2m8i4K6W2q4i4@1f1$3i4@1t1K6i4K6V1#2i4@1f1$3i4K6W2p5i4@1p5#2i4@1f1#2i4K6S2m8i4@1p5H3i4@1f1#2i4@1q4r3i4K6R3$3i4@1f1#2i4K6R3%4i4@1u0p5i4@1f1$3i4K6V1#2i4@1t1H3i4@1f1#2i4K6V1H3i4K6S2p5i4@1f1%4i4@1p5%4i4@1t1H3i4@1f1%4i4K6W2m8i4K6R3@1i4@1f1K6i4K6R3H3i4K6R3J5i4@1f1#2i4@1t1^5i4K6S2o6i4@1f1$3i4K6W2o6i4K6W2n7i4@1f1$3i4@1p5#2i4@1u0o6i4@1f1@1i4@1t1^5i4@1u0n7i4@1f1$3i4K6V1^5i4@1q4r3i4@1f1^5i4@1u0r3i4K6V1&6i4@1f1@1i4@1t1^5i4@1q4m8i4@1f1$3i4K6V1$3i4@1t1&6i4@1f1$3i4@1t1K6i4K6V1#2i4@1f1%4i4K6W2m8i4K6R3@1i4@1f1#2i4K6S2q4i4K6W2r3i4@1f1#2i4@1p5%4i4K6S2n7i4@1f1#2i4K6R3^5i4K6W2n7i4@1f1#2i4@1p5%4i4K6S2n7i4@1f1@1i4@1u0m8i4@1u0m8i4@1g2r3i4@1u0o6i4K6S2o6i4@1f1^5i4K6R3H3i4K6S2o6i4@1f1@1i4@1t1^5i4K6V1@1i4@1f1$3i4K6W2q4i4K6R3I4i4@1f1@1i4@1t1^5i4@1u0m8i4@1f1#2i4K6R3%4i4K6V1I4i4@1f1#2i4@1t1%4i4@1p5%4i4@1g2r3i4@1u0o6i4K6S2o6i4@1f1$3i4K6R3J5i4@1p5^5i4@1f1$3i4K6V1$3i4K6R3%4i4@1f1%4i4@1q4n7i4@1p5H3i4@1f1%4i4K6W2m8i4K6R3@1i4@1f1@1i4@1t1&6i4K6W2r3i4@1f1$3i4K6S2r3i4K6V1H3i4@1f1#2i4K6R3^5i4@1t1H3i4@1f1@1i4@1u0m8i4K6R3$3i4@1f1%4i4K6V1@1i4@1p5^5M7X3!0J5i4@1f1%4i4@1p5%4i4@1u0n7i4@1f1#2i4K6S2m8i4@1p5^5x3e0y4Q4c8e0k6Q4b7f1y4Q4b7e0q4Q4c8f1k6Q4b7V1y4Q4z5p5x3`. 该网页上也是用这样的方式,源代码是"ror edi, 13"。期望国内多出这样的牛人吧!!!!!
这里也用python代码演示下整个加密过程,只需要在恰当的位置打印出相应变量的值,就可以看见整个字符串的加密变化的过程。 过程不复杂,但因为移位操作会让数据变长,每加密一次,只取最后8个字,下面代码中的"temp[-9:-1]"的切片就是完成该动作。
------------------------------------------------------------------------------------------------
#!/usr/bin/python
import sys
number1=1
while 1:
print '##-----------------------------------------------##'
FuncName=raw_input('Input the Function name :')
hashsum=0
StringLen=len(FuncName)
RunNum=0
for i,ch in enumerate(FuncName):
print '----------------------------------'
a=ord(ch)
hashsum=a+hashsum
hashsumTemp=hashsum
hashsum1=hashsum>>13
hashsum2=hashsum<<19
hashsum=hashsum1+hashsum2
temp=hex(hashsum)
if len(temp) > 10 :
temp1=temp[-9:-1]
temp2='0x'
temp3=temp2+temp1
hashsum=int(temp3,16)
print 'This is the correct hash-pice:',hex(hashsum)
print '----------------------------------'
print
fin=hex(hashsumTemp)
print 'The Function-hash result is :',fin
print '##-----------------------------------------------##'
print '[1] Do Once Again'
print '[2] Exit'
number1=raw_input('Input the number to select :')
if number1!='2':
pass
else:
sys.exit()
------------------------------------------------------------------------------------------------
GetApi:
pop edx
pop eax ;hModule
pop ecx ;lpApiString
push edx
pushad
mov ebx, eax ;hModule ebx
mov edi, ecx ;lpApiString edi
xor al, al ;al清零
.Scasb:
scasb ;SCASB指令将AL中的值同目标内存中的字节比较,目标内存数据是由ES:DI寻址,
;如果找到了该字符,DI指向匹配字符串后面的一个字符.
jnz .Scasb ;继续搜索
dec edi
sub edi, ecx ;这两句实现获得lpApiString的地址
xchg edi, ecx ; edi = lpApiString, ecx = ApiLen
好漂亮的代码风格……喜欢
