static uint32_t summit (char *src, int size)
{
uint32_t eax=0xffffffff, ebx=0xffffffff;
int i;
while(size) {
eax ^= *src++<<8 & 0xff00;
eax = eax>>3 & 0x1fffffff;
for (i=0; i<4; i++) {
uint32_t swap;
eax ^= ebx>>8 & 0xff;
eax += 0x7801a108;
eax ^= ebx;
CLI_ROR(eax, ebx&0xff);
swap = eax;
eax = ebx;
ebx = swap;
}
size--;
}
return ebx;
}
static int yc_poly_emulator(char* decryptor_offset, char* code, unsigned int ecx)
{
/*
This is the instruction set of the poly code.
Numbers stand for example only.
2C 05 SUB AL,5
2AC1 SUB AL,CL
34 10 XOR AL,10
32C1 XOR AL,CL
FEC8 DEC AL
04 10 ADD AL,10
02C1 ADD AL,CL
C0C0 06 ROL AL,6
C0C8 05 ROR AL,5
D2C8 ROR AL,CL
D2C0 ROL AL,CL
*/
unsigned char al;
unsigned char cl = ecx & 0xff;
unsigned int j,i;
for(i=0;i<ecx;i++) /* Byte looper - Decrypts every byte and write it back */
{
al = code[i];
for(j=0;j<0x30;j++) /* Poly Decryptor "Emulator" */
{
switch(decryptor_offset[j])
{
case '\xEB': /* JMP short */
j++;
j = j + decryptor_offset[j];
break;
case '\xFE': /* DEC AL */
al--;
j++;
break;
case '\x2A': /* SUB AL,CL */
al = al - cl;
j++;
break;
case '\x02': /* ADD AL,CL */
al = al + cl;
j++;
break
;
case '\x32': /* XOR AL,CL */
al = al ^ cl;
j++;
break;
;
case '\x04': /* ADD AL,num */
j++;
al = al + decryptor_offset[j];
break;
;
case '\x34': /* XOR AL,num */
j++;
al = al ^ decryptor_offset[j];
break;
case '\x2C': /* SUB AL,num */
j++;
al = al - decryptor_offset[j];
break;
case '\xC0':
j++;
if(decryptor_offset[j]=='\xC0') /* ROL AL,num */
{
j++;
CLI_ROL(al,decryptor_offset[j]);
}
else /* ROR AL,num */
{
j++;
CLI_ROR(al,decryptor_offset[j]);
}
break;
case '\xD2':
j++;
if(decryptor_offset[j]=='\xC8') /* ROR AL,CL */
{
j++;
CLI_ROR(al,cl);
}
else /* ROL AL,CL */
{
j++;
CLI_ROL(al,cl);
}
break;
case '\x90':
case '\xf8':
case '\xf9':
break;
default:
cli_dbgmsg("yC: Unhandled opcode %x\n", (unsigned char)decryptor_offset[j]);
return 1;
}
}
cl--;
code[i] = al;
}
return 0;
}
static char exec86(uint8_t aelle, uint8_t cielle, char *curremu, int *retval) {
int len = 0;
*retval=0;
while (len <0x24) {
uint8_t opcode = curremu[len], support;
len++;
switch (opcode) {
case 0xeb:
len++;
case 0x0a:
len++;
case 0x90:
case 0xf8:
case 0xf9:
break;
case 0x02: /* add al, cl */
aelle+=cielle;
len++;
break;
case 0x2a: /* sub al, cl */
aelle-=cielle;
len++;
break;
case 0x04: /* add al, ?? */
aelle+=curremu[len];
len++;
break;
case 0x2c: /* sub al, ?? */
aelle-=curremu[len];
len++;
break;
case 0x32: /* xor al, cl */
aelle^=cielle;
len++;
break;
case 0x34: /* xor al, ?? */
aelle^=curremu[len];
len++;
break;
case 0xfe: /* inc/dec al */
if ( curremu[len] == '\xc0' ) aelle++;
else aelle--;
len++;
break;
case 0xc0: /* ror/rol al, ?? */
support = curremu[len];
len++;
if ( support == 0xc0 ) CLI_ROL(aelle, curremu[len]);
else CLI_ROR(aelle, curremu[len]);
len++;
break;
default:
cli_dbgmsg("spin: bogus opcode %x\n", opcode);
*retval=1;
return aelle;
}
}
if ( len!=0x24 || curremu[len]!='\xaa' ) {
cli_dbgmsg("spin: bad emucode\n");
*retval=1;
}
return aelle;
}
