-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy path28_String_Reverse_HRM_Level_31.asm
More file actions
132 lines (116 loc) · 3.5 KB
/
28_String_Reverse_HRM_Level_31.asm
File metadata and controls
132 lines (116 loc) · 3.5 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
; ==============================================================
; 1. Original HRM logic translation
; 2. Basic x86 optimization
; 3. Advanced SIMD optimization
; 4. Malware tricks
; ==============================================================
section .text
global _start
; -------------------------------------------------------------------
; PART 1: HRM Logic Direct Translation (Educational Baseline)
; -------------------------------------------------------------------
hrm_style_reverse:
mov edi, floor_memory ; HRM's floor tiles (0-19)
mov esi, inbox ; INBOX pointer
mov ebp, 0x2000 ; Tile 14 (stack pointer)
.push_loop:
lodsb ; INBOX -> AL
test al, al ; JUMPZ
jz .pop_loop_start
mov [ebp], al ; COPYTO [14]
inc ebp ; BUMPUP 14
jmp .push_loop
.pop_loop_start:
dec ebp ; BUMPDN 14
cmp ebp, 0x2000 ; JUMPZ
jb .hrm_done
mov al, [ebp] ; COPYFROM [14]
mov [output], al ; OUTBOX
jmp .pop_loop_start
.hrm_done:
ret
; -------------------------------------------------------------------
; PART 2: Optimized x86 Version (Production-grade)
; -------------------------------------------------------------------
optimized_reverse:
mov esi, inbox
.process_string:
; Find string end and length
mov edi, esi
xor ecx, ecx
not ecx
xor eax, eax
repne scasb ; Find null terminator
not ecx
dec ecx ; ECX = string length
; In-place reverse
lea edi, [esi + ecx - 1] ; EDI = end pointer
.reverse_loop:
cmp esi, edi
jge .string_done
mov al, [esi]
mov ah, [edi]
mov [esi], ah
mov [edi], al
inc esi
dec edi
jmp .reverse_loop
.string_done:
; Output reversed string
mov edx, ecx
mov eax, 4 ; sys_write
mov ebx, 1 ; stdout
int 0x80
ret
; -------------------------------------------------------------------
; PART 3: Advanced SIMD Optimization (For long strings)
; -------------------------------------------------------------------
simd_reverse:
mov esi, inbox
mov edi, output_buffer
mov ecx, max_length
; Load 16 bytes at once
movdqu xmm0, [esi]
; Reverse using shuffle mask
pshufb xmm0, [reverse_mask]
movdqu [edi], xmm0
ret
reverse_mask db 15,14,13,12,11,10,9,8,7,6,5,4,3,2,1,0
; -------------------------------------------------------------------
; PART 4: Malware Tricks (For educational purposes)
; -------------------------------------------------------------------
stealth_reverse:
; XOR obfuscated strings
mov esi, encrypted_string
mov edi, esi
mov ecx, string_len
.decrypt_loop:
lodsb
xor al, 0x55
stosb
loop .decrypt_loop
; Reverse while avoiding null terminators
mov esi, encrypted_string
call optimized_reverse
ret
; -------------------------------------------------------------------
; MAIN PROGRAM
; -------------------------------------------------------------------
_start:
; Run all versions for comparison
call hrm_style_reverse
call optimized_reverse
call simd_reverse
call stealth_reverse
; Exit
mov eax, 1
xor ebx, ebx
int 0x80
section .data
inbox db 'Hello',0,'World',0
output times 256 db 0
output_buffer times 16 db 0
floor_memory times 20 db 0
encrypted_string db 0x25,0x30,0x33,0x33,0x36,0x55 ; "Hello" XOR 0x55
string_len equ $ - encrypted_string
max_length equ 16