format PE64 console
entry start
section '.text' code readable executable
start:
call begin
mov rax,0
mov rbx,0
mov rcx,0
call woman_wants_to_enter
call man_wants_to_enter
call man_wants_to_enter
call woman_wants_to_enter
call woman_wants_to_enter
call woman_leaves
call woman_leaves
call man_wants_to_enter
call woman_leaves
call man_wants_to_enter
call man_wants_to_enter
call woman_wants_to_enter
call woman_wants_to_enter
call man_leaves
call woman_wants_to_enter
call man_leaves
mov ecx,0
call qword [r14+8]
woman_wants_to_enter:
cmp rax,0
je no_one
cmp rax,1
je girl
jmp boy
no_one:
mov rax,1
girl:
inc rbx
boy:
ret
man_wants_to_enter:
cmp rax,0
je no_one_1
cmp rax,2
je man
jmp woman
no_one_1:
mov rax,2
man:
inc rcx
woman:
ret
man_leaves:
dec rcx
cmp rcx,0
jne dongzuo
mov rax,0
dongzuo:
ret
woman_leaves:
dec rbx
cmp rbx,0
jne rr
mov rax,0
rr:
ret
include 'hello.inc'
section '.data' readable writeable
position dq 50h dup (0)
pig dq 40 dup (0)
user32 db "User32.dll",0 ;2
d3d12 db "D3D12.dll",0 ;3
gdi32 db "gdi32.dll",0 ;4
ole32 db "ole32.dll",0 ;5
dxgi db "dxgi.dll",0 ;6
procname db "LoadLibraryExA.1ExitProcess.",0
stay dq -1
no dq 0
hh dq 0
begin:
mov r14,position
mov rsi,[gs:60h]
mov rsi,[rsi+18h]
mov rsi,[rsi+30h]
mov rsi,[rsi]
mov rdi,[rsi+98h]
mov r8,procname
mov qword [pig],rdi
pe:
mov ebx,dword [rdi+3Ch]
mov esi,dword [rdi+rbx+88h]
add rsi,rdi
mov ecx,dword [rsi+20h]
add rcx,rdi
mov rdx,[stay]
name:
inc rdx
mov ebp,dword [rcx+rdx*4]
add rbp,rdi
mov r9,0
mov r12,0
name_loop:
mov al,byte [r8+r9]
mov bl,byte [rbp+r12]
cmp al,"."
je re
inc r9
jmp re2
re:
cmp byte [r8+r9+1],0
jne out2
mov r15,0
jmp out1
out2:
mov r15,'1'
pigs:
cmp r15b,byte [r8+r9+1]
je out1
inc r15
jmp pigs
re2:
inc r12
cmp al,bl
je name_loop
jmp name
out1:
add r9,2
add r8,r9
mov eax,dword [rsi + 24h]
add rax,rdi
mov dx,word [rax+2*rdx]
mov eax,dword [rsi+1Ch]
add rax,rdi
mov eax,dword [rax+4*rdx]
add rdi,rax
mov rax,[no]
mov [r14+rax],rdi
add [no],8
cmp r15,0
je outside
call diaoyong
jmp name
outside:
ret
diaoyong:
sub rsp,48h
cmp [hh],0
jne L1
push r8
push rax
mov rcx,user32
mov rdx,0
mov r8,8
call qword [r14] ;LoadLibraryExA
mov qword [pig+8d],rax
mov rcx,d3d12
mov rdx,0
mov r8,8
call qword [r14]
mov qword [pig+16d],rax
mov rcx,gdi32
mov rdx,0
mov r8,8
call qword [r14]
mov qword [pig+24d],rax
mov rcx,ole32
mov rdx,0
mov r8,8
call qword [r14]
mov qword [pig+32d],rax
mov rcx,dxgi
mov rdx,0
mov r8,8
call qword [r14]
mov qword [pig+40d],rax
pop rax
pop r8
L1:
inc [hh]
cmp r15,'1'
jne L2
mov rdi,[pig] ;kernel32
L2:
cmp r15,'2'
jne L3
mov rdi,[pig+8] ;user32
L3:
cmp r15,'3'
jne L4
mov rdi,[pig+16d] ;d3d12
L4:
cmp r15,'4'
jne L5 ;gdi32
mov rdi,[pig+24d]
L5:
cmp r15,'5'
jne L6
mov rdi,[pig+32d] ;ole32
L6:
cmp r15,'6'
jne L7
mov rdi,[pig+40d] ;dxgi
L7:
mov ebx,dword [rdi+3Ch]
mov esi,dword [rdi+rbx+88h]
add rsi,rdi
mov ecx,dword [rsi+20h]
add rcx,rdi
mov rdx,[stay]
add rsp,48h
ret
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
