Ejemplo n.º 1
0
 public void generateOpcodeTable(int key)
 {
     if (key == 0)
     {
         byte[] opcodes = new byte[0xd1]; // d0 + 1
         for (int i = 0; i < opcodes.Length; i++)
         {
             opcodes[i] = (byte)i;
         }
         short[] exOpcodes = new short[0x4e];
         for (int i = 0; i < exOpcodes.Length; i++)
         {
             exOpcodes[i] = (byte)i;
         }
         _table = new OpCodeTable(opcodes, exOpcodes);
     }
     else
     {
         _table = OpcodeObfuscator.getObfuscatedTable(key);
     }
 }
Ejemplo n.º 2
0
        public static OpCodeTable getObfuscatedTable(int key)
        {
            byte[] array = new byte[0xd1];

            for (int i = 0; i < array.Length; i++)
            {
                array[i] = (byte)i;
            }

            byte tmp;
            byte opcode;

            int edx = 0;
            int ecx = 2;
            int edi = 1;

            int subKey;
            int j = 0;

            do
            {
                //MOVZX EAX,AX
                key = rotateKey(key);

                subKey  = key >> 16;
                subKey &= 0x7FFF;

                //System.err.printf("SubKey1: %04X\n" , eax);
                // CDQ
                edx = 0;

                // IDIV ECX
                //edxeax = (edx << 32) + eax;
                //eax = (int) (edxeax / ecx);
                edx = subKey % ecx++;
                //System.err.printf("SubKey2: %04X - EDX: %04X\n" , eax, edx);

                // INC EDI
                edi++;

                // SKIPPED: DEC EBX (ZF enabler)

                // SKIPPED: MOVZX EDX,DL

                // MOV CL,BYTE PTR DS:[EDX+ESI+4174]
                opcode = array[edx];

                // MOV DL,BYTE PTR DS:[EDI-1]
                tmp = array[edi - 1];

                // MOV BYTE PTR DS:[EAX],DL
                array[edx] = tmp;

                // MOV BYTE PTR DS:[EDI-1],CL
                array[edi - 1] = opcode;
            }while (++j < 0xd0);

            OpcodeObfuscator.revertOpcodeToOriginal(array, (byte)0x12);
            OpcodeObfuscator.revertOpcodeToOriginal(array, (byte)0xb1);

            /*for (int i = 0; i < array.length; i++)
             * {
             *  System.err.printf("array[%02X] = %02X\n", i, array[i]);
             * }*/

            short[] exOpcodes = OpcodeObfuscator.shuffleEx(key);

            return(new OpCodeTable(array, exOpcodes));
        }