 | |
| |
|
00401116 Saturday, 30-Jan-99 08:35:48
hi all, I shifted here for easier reference next time. First call to 401116 consist of 4 loops for the byte 1 to 16. * Referenced by a CALL at Addresses: |:00401079 , :00401098 | :00401116 C8000000 enter 0000, 00 :0040111A 8B7508 mov esi, dword ptr [ebp+08] :0040111D 8B7D0C mov edi, dword ptr [ebp+0C] * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:004011B7(C) | :00401120 8B06 mov eax, dword ptr [esi] <-- move 4 bytes into eax :00401122 A36B204000 mov dword ptr [0040206B], eax :00401127 83C604 add esi, 00000004 <-- advance esi by 4 :0040112A A071204000 mov al, byte ptr [00402071] <-- move the 33rd byte into al :0040112F 28056B204000 sub byte ptr [0040206B], al <--subtract 1st byte by it :00401135 28056C204000 sub byte ptr [0040206C], a <--subtract 2nd byte by it :0040113B 28056D204000 sub byte ptr [0040206D], al <--subtract 3rd byte by it :00401141 28056E204000 sub byte ptr [0040206E], al <--subtract 4th byte by it :00401147 A06C204000 mov al, byte ptr [0040206C] <--move the result of 2nd subtraction into al :0040114C 8AD8 mov bl, al <--moved into bl, so bl = 2nd subtraction :0040114E 240F and al, 0F :00401150 A26C204000 mov byte ptr [0040206C], al <--move result back after the above :00401155 80E3F0 and bl, F0 <--remember, bl is the 2nd subtraction :00401158 C0EB04 shr bl, 04 :0040115B A06D204000 mov al, byte ptr [0040206D] <--move result of 3rd subtraction into al :00401160 881D6D204000 mov byte ptr [0040206D], bl <--move result of "and" and "shr" of bl :00401166 8AD8 mov bl, al <--move result of 3rd subtraction into bl :00401168 2403 and al, 03 :0040116A A26F204000 mov byte ptr [0040206F], al <--move result of the above to 0040206F :0040116F 80E3FC and bl, FC <--remember, bl is the 3rd subtraction :00401172 C0EB02 shr bl, 02 :00401175 881D70204000 mov byte ptr [00402070], bl <--processed answer moved to 00402070 :0040117B A06B204000 mov al, byte ptr [0040206B] <-- move result of 1st subtraction into al :00401180 8A1D6D204000 mov bl, byte ptr [0040206D] <--see 00401160 for value of 0040206D :00401186 C0E002 shl al, 02 <--"shl" the result of 1st subtraction :00401189 0AC3 or al, bl <--then "or" with bl :0040118B 8807 mov byte ptr [edi], al <--move al into edi. edi location=0040203B :0040118D 47 inc edi <--increase edi to store next value after processing :0040118E A06C204000 mov al, byte ptr [0040206C] <--see 00401150 :00401193 8A1D70204000 mov bl, byte ptr [00402070] <--see 00401175 :00401199 C0E004 shl al, 04 :0040119C 0AC3 or al, bl :0040119E 8807 mov byte ptr [edi], al <--store result in edi. edi location=0040203C :004011A0 47 inc edi :004011A1 A06F204000 mov al, byte ptr [0040206F] <--see 0040116A :004011A6 8A1D6E204000 mov bl, byte ptr [0040206E] <--result of 4th subtraction :004011AC C0E006 shl al, 06 :004011AF 0AC3 or al, bl :004011B1 8807 mov byte ptr [edi], al <--move into edi. edi=0040203D :004011B3 47 inc edi :004011B4 FE4D10 dec [ebp+10] :004011B7 0F8563FFFFFF jne 00401120 :004011BD C9 leave :004011BE C20C00 ret 000C So after the first loop, you will notice the storage of results into edi... That's all I found for this call. Hope that things are explained adequately. EB |
| My Shiny New Thread (Cronos) (29-Jan-99 14:40:23) |
|
Copyright © InsideTheWeb, Inc. 1997-1999
All rights reserved.