Difference between revisions of "Example 2"
Jump to navigation
Jump to search
Line 1: | Line 1: | ||
{{Infobox assembly}} | {{Infobox assembly}} | ||
[[Category: Assembly Examples]] | |||
This example is the first step in Starcraft's CDKey Decode. This shuffles the characters in the key in a predictable way. I made this the second example because it's a little trickier, but it's not terribly difficult. | |||
As in the previous example, try figuring this out on your own first! | |||
<pre> | <pre> | ||
Line 20: | Line 25: | ||
[[ | == Annotated Assembly == | ||
Here, comments have been added explaining each line a little bit. These comments are added in an attempt to understand what the code's doing. | |||
<pre> | |||
; This is actually continued from the last example, so esi contains the verified CDKey. | |||
lea edi, [esi+0Bh] ; edi is a pointer to the 12th character in the cdkey (0x0b = 11, and arrays start at 0). | |||
mov ecx, 0C2h ; Set ecx to 0xC2. Recall that ecx is often a loop counter. | |||
top: | |||
mov eax, ecx ; Move the loop counter to eax. | |||
mov ebx, 0Ch ; Set ebx to 0x0C (0x0C = 12, an arrays are indexed from 0, so the CDKey string goes from 0 to 12). | |||
cdq ; Get ready for a signed division. | |||
idiv ebx ; Divide the loop counter by 0x0C. It isn't clear yet whether this is division or modulus, but | |||
; because an accumulator is being divided by the CDKey length, it's logical to assume that | |||
; this is modular division. edx will likely be used, and eax will likely be overwritten. | |||
mov al, [edi] ; Move the value that edi points to (which is a character in the CDKey) to al. Recall that al is the | |||
; right-most byte in eax. This confirms two things: that edi points to a character in the CDKey | |||
; (since a character is 1 byte) and that the division above is modulus (because eax is overwritten). | |||
sub ecx, 11h ; Subtract 0x11 from ecx. Recall that ecx is often a loop counter, and likely is in this case. | |||
dec edi ; Decrement the pointer into the CDKey. edi started at the 12th character and is moving backwards. | |||
cmp ecx, 7 ; Compare ecx to 7, which confirms that ecx is the loop counter. The jump corresponding to this | |||
; comparison is a few lines below. | |||
mov bl, [edx+esi] ; Recall that edx is the remainder from the above division, which is (accumulator % 12), and that | |||
; esi points to the CDKey. So this takes the character corresponding to the accumulator and moves | |||
; it into bl, which is the right-most byte of ebx. | |||
mov [edi+1], bl ; Overwrite the character that edi pointed to at the top of the loop. Recall that [edi] is moved | |||
; into al, then decremented above, which is why this is +1 (to offset the decrement). | |||
mov [edx+esi], al ; Move al into the string corresponding to the modular division. | |||
jge top ; Jump as long as the ecx counter is greater than or equal to 7 | |||
; | |||
; Note that the loop here is simply a swap. edi decrements, starting from the 12th character and | |||
; moving backwards. ecx is reduced by 0x11 each time, and the character at (ecx % 12) is swapped | |||
; with the character pointed at by edi. | |||
</pre> |
Revision as of 14:47, 13 March 2007
Assembly Language Tutorial | |
---|---|
Please choose a tutorial page:
|
This example is the first step in Starcraft's CDKey Decode. This shuffles the characters in the key in a predictable way. I made this the second example because it's a little trickier, but it's not terribly difficult.
As in the previous example, try figuring this out on your own first!
lea edi, [esi+0Bh] mov ecx, 0C2h top: mov eax, ecx mov ebx, 0Ch cdq idiv ebx mov al, [edi] sub ecx, 11h dec edi cmp ecx, 7 mov bl, [edx+esi] mov [edi+1], bl mov [edx+esi], al jge top
Annotated Assembly
Here, comments have been added explaining each line a little bit. These comments are added in an attempt to understand what the code's doing.
; This is actually continued from the last example, so esi contains the verified CDKey. lea edi, [esi+0Bh] ; edi is a pointer to the 12th character in the cdkey (0x0b = 11, and arrays start at 0). mov ecx, 0C2h ; Set ecx to 0xC2. Recall that ecx is often a loop counter. top: mov eax, ecx ; Move the loop counter to eax. mov ebx, 0Ch ; Set ebx to 0x0C (0x0C = 12, an arrays are indexed from 0, so the CDKey string goes from 0 to 12). cdq ; Get ready for a signed division. idiv ebx ; Divide the loop counter by 0x0C. It isn't clear yet whether this is division or modulus, but ; because an accumulator is being divided by the CDKey length, it's logical to assume that ; this is modular division. edx will likely be used, and eax will likely be overwritten. mov al, [edi] ; Move the value that edi points to (which is a character in the CDKey) to al. Recall that al is the ; right-most byte in eax. This confirms two things: that edi points to a character in the CDKey ; (since a character is 1 byte) and that the division above is modulus (because eax is overwritten). sub ecx, 11h ; Subtract 0x11 from ecx. Recall that ecx is often a loop counter, and likely is in this case. dec edi ; Decrement the pointer into the CDKey. edi started at the 12th character and is moving backwards. cmp ecx, 7 ; Compare ecx to 7, which confirms that ecx is the loop counter. The jump corresponding to this ; comparison is a few lines below. mov bl, [edx+esi] ; Recall that edx is the remainder from the above division, which is (accumulator % 12), and that ; esi points to the CDKey. So this takes the character corresponding to the accumulator and moves ; it into bl, which is the right-most byte of ebx. mov [edi+1], bl ; Overwrite the character that edi pointed to at the top of the loop. Recall that [edi] is moved ; into al, then decremented above, which is why this is +1 (to offset the decrement). mov [edx+esi], al ; Move al into the string corresponding to the modular division. jge top ; Jump as long as the ecx counter is greater than or equal to 7 ; ; Note that the loop here is simply a swap. edi decrements, starting from the 12th character and ; moving backwards. ecx is reduced by 0x11 each time, and the character at (ecx % 12) is swapped ; with the character pointed at by edi.