Skip to content

REF:EnCode

Jump to bottom
congma edited this page Mar 7, 2013 · 1 revision

The function EnCode is called when obfuscating text strings.


srun3_client:     file format elf64-x86-64


Disassembly of section .text:

00000000004055c0 <EnCode>:
  4055c0:	41 54                	push   %r12
  4055c2:	49 89 d4             	mov    %rdx,%r12
  4055c5:	55                   	push   %rbp
  4055c6:	48 89 f5             	mov    %rsi,%rbp
  4055c9:	53                   	push   %rbx
  4055ca:	48 89 fb             	mov    %rdi,%rbx
  4055cd:	48 89 f7             	mov    %rsi,%rdi
  4055d0:	e8 db f4 ff ff       	callq  404ab0 <strlen@plt>
  4055d5:	0f b6 0b             	movzbl (%rbx),%ecx
  4055d8:	84 c9                	test   %cl,%cl
  4055da:	74 5c                	je     405638 <EnCode+0x78>
  4055dc:	8d 78 ff             	lea    -0x1(%rax),%edi
  4055df:	49 83 c4 01          	add    $0x1,%r12
  4055e3:	89 fa                	mov    %edi,%edx
  4055e5:	eb 27                	jmp    40560e <EnCode+0x4e>
  4055e7:	66 0f 1f 84 00 00 00 	nopw   0x0(%rax,%rax,1)
  4055ee:	00 00 
  4055f0:	41 88 4c 24 ff       	mov    %cl,-0x1(%r12)
  4055f5:	83 ea 01             	sub    $0x1,%edx
  4055f8:	41 88 34 24          	mov    %sil,(%r12)
  4055fc:	0f 48 d7             	cmovs  %edi,%edx
  4055ff:	48 83 c3 01          	add    $0x1,%rbx
  405603:	49 83 c4 02          	add    $0x2,%r12
  405607:	0f b6 0b             	movzbl (%rbx),%ecx
  40560a:	84 c9                	test   %cl,%cl
  40560c:	74 2a                	je     405638 <EnCode+0x78>
  40560e:	48 63 f2             	movslq %edx,%rsi
  405611:	32 4c 35 00          	xor    0x0(%rbp,%rsi,1),%cl
  405615:	89 c8                	mov    %ecx,%eax
  405617:	83 e1 0f             	and    $0xf,%ecx
  40561a:	c0 e8 04             	shr    $0x4,%al
  40561d:	83 c1 36             	add    $0x36,%ecx
  405620:	89 c6                	mov    %eax,%esi
  405622:	83 c6 63             	add    $0x63,%esi
  405625:	f6 c2 01             	test   $0x1,%dl
  405628:	75 c6                	jne    4055f0 <EnCode+0x30>
  40562a:	41 88 74 24 ff       	mov    %sil,-0x1(%r12)
  40562f:	89 ce                	mov    %ecx,%esi
  405631:	eb c2                	jmp    4055f5 <EnCode+0x35>
  405633:	0f 1f 44 00 00       	nopl   0x0(%rax,%rax,1)
  405638:	5b                   	pop    %rbx
  405639:	5d                   	pop    %rbp
  40563a:	41 5c                	pop    %r12
  40563c:	c3                   	retq   
  40563d:	0f 1f 00             	nopl   (%rax)
Clone this wiki locally