kolibrios/programs/other/kerpack/trunk/calltrick2.inc
Marat Zakiyanov (Mario79) 843504d669 Kerpack - disassembled, rewrited and corrected for FASM
git-svn-id: svn://kolibrios.org@1712 a494cfbc-eb01-0410-851d-a64ba20cac60
2010-12-01 20:02:47 +00:00

33 lines
561 B
PHP

pop esi
push esi
loader_patch4:
mov ecx, 0 ; will be patched: number of calltrick entries
ctrloop:
lodsb
@@:
cmp al, 0xF
jnz .f
lodsb
cmp al, 80h
jb @b
cmp al, 90h
jb @f
.f:
sub al, 0E8h
cmp al, 1
ja ctrloop
@@:
cmp byte [esi], 0 ; will be patched: code in calltrick entries
loader_patch5:
jnz ctrloop
lodsd
; "bswap eax" is not supported on i386
; mov al,0/bswap eax = 4 bytes, following instructions = 9 bytes
shr ax, 8
ror eax, 16
xchg al, ah
sub eax, esi
add eax, [esp]
mov [esi-4], eax
loop ctrloop