单元MLDE32Unit; //微型拆卸器发动机接口//作者忘记了,不好意思。好像出自29A-7。//对不起,作者!函数LDE32(OpCode:Pointer):Integer;实现功能LDE32(OPCODE:POINTER):INTEGER; const // ***************************************************************************** o_unique = 0; o_prefix = 1; o_imm8 = 2; O_IMM16 = 3; O_IMM24 = 4; o_imm32 = 5; O_IMM48 = 6; O_MODRM = 7; O_MODRM8 = 8; O_MODRM32 = 9; o_extended = 10; o_weird = 11; o_error = 12;函数mlde32(opcode:pointer):integer; asm pushad cld xor edx, edx mov esi, [esp+(8*4)+4] mov ebp, esp // 256 bytes, index-compressed opcode type table push 01097F71Ch push 0F71C6780h push 017389718h push 0101CB718h push 017302C17h push 018173017h push 0F715F547h push 04C103748H推动0272CE7F7H推动0F7AC6087H推动01C121C52H推动07C10871CH推动0201C701CH推动04767602BH推动020211111111111111 13H推动028858260H按下015124045H推动05016A0C7H推动028191812H推动0F2401812H推动019154127H推动050F0F0F0F0111 047101115H MOV EAX,012472015H推动EAX推动EAX推动012471A10H添加Cl,10H推CLECX SUB CL,20H推送ECX XOR ECX,ECX ECX,ECX DEC ECX //代码 @ps @ps @ps:INC ECX ECX MOV EDI,ESP eSP @eSP @go: ,al @@ ft:Mov ah,[EDI] Inc edi shr ah,4 sub al,ah jnc @@ ft mov al,[edi-1]和al,0fh cmp al,o_error jnz @@ @@ @@ i7 pop edx not edx not edx @@ i7:inc edx cmp al,o_unique jz @@ t_exit cmp al,o_prefix jz @@ ps添加edi,51H //(@@@ettbl - @@@@@@@ttbl)cmp al (8*4)+4] @@ i6:inc edx cmp al,o_imm8 jz @@ t_exit cmp al,o_modrm jz @@ t_modrm cmp cmp al,o_weird jz @@ t_weird @t_weird @ @ @ @ @i5: @t_exit cmp al,o_modrm8 jz @@ t_modrm @@ i4:inc edx cmp al,o_imm24 jz @@ t_exit @@ i3:inc edx @ @edx @ @i2:inc edx pushad tupphad mov al,66h popnz scasb popad popad popad jn z @ @ @ d2:dec edx dec edx @@ c32:cmp al,o_modrm32 jz @@ @t_modrm sub al,o_imm32 jz @ @ @t_imm32 @@ i1:inc edx @@ @ @ @ @ @ @ @t_exit:mov esp eSP,ebp eSP,ebp mov [ESP+(7*4),,7*4),,,7*4],,,地,,地EDX Popad ret //******************************************************************化mod/rm字节*// * * // * 7 6 5 3 2 0 * // * | mod | reg/opcode | r/m | *//**// ************************************************** @@ t_modrm:lodsb mov ah,al shr Al,7 jb @@ prmk jz @@ prm添加DL,4 Pushad Mov Al,67h pepnz scasb popad jnz @@ prm @@ prm @@ d3:sub dl,sub dl,sub @@ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @t_exit incect inc @ @prm:和ah,00000111b pushad mov al,67h pepnz scasb popad jz @@ prm67chk cmp ah,04H jz @@ prmsib cmp cmp ah,05h jnz @ @t_exit @@ t_exit @@ prm5chk:dec al jz @exexit @ @t_exit @ @ @t_exit @i42: DL,4 JMP @@ T_EXIT @@ PRM67CHK:CMP AX,0600H JNZ @@ @ @ @t_exit Inc edx jmp @@ i1 @@ i1 @@ prmsib:cmp al,00h jnz @ @ @ @ @ @ @ @ @i1 lodsb and al,00000111b sub al,00000111b sub al,05H jnz @jnz @ @i11 i11 i11 i11 i11 i11 i11 i11 inc edx jmp @@i42 //**************************** //* PROCESS WEIRD OPCODES * //* * //*他妈的测试(F6H/F7H)*//**// ****************************************************** @@ t_weird:Test Byte Ptr [ ESI],00111000B jnz @@ t_modrm mov al,o_modrm8 shr bh,1 adc al,0 jmp @@ i5 // ********************************************* ********** //*处理其他一些狗屎*//**//*他妈的mov(a0h/a1h/a2h/a3h)*//*//*//*// ********** ************************* @@t_imm32: sub bh, 0A0h cmp bh, 04h jae @@d2 pushad mov al, 67h repnz scasb popad jnz @@ chk66t @@ d4:dec edx edx edx @@ chk66t:pushad mov al,66h pepnz scasb popad popad jz @@@@@@i1 jnz @@ d2 end;开始ASM推动OPCODE调用MLDE32添加ESP,4端;结尾;结尾。 =========完