-
Notifications
You must be signed in to change notification settings - Fork 23
/
Copy pathVirTool.Win32.Cryptor.Pkrng.inc
222 lines (210 loc) · 6.58 KB
/
VirTool.Win32.Cryptor.Pkrng.inc
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
;
; pker's Random Number Generator (PKRNG)
; ======================================
;
;
; Description
; -----------
;
; PKRNG is a random number generator. It can be used for MASM, TASM, FASM, etc. It
; containz four procedurez: __randomize, __random and __m_seq_gen and
; __random_rdtsc. __randomize procedure is for generating initial seed in the seed
; field, which specified as parameter. The __m_seq_gen procedure is used to
; generate m-sequence, which used by __random, which generate random numberz
; finally. __random_rdtsc is the simplest one, it just get the RDTSC and divide it
; by the range given as parameter.
;
;
; How to use PKRNG
; ----------------
;
; When using MASM or TASM to initialize seed field:
;
; mov edi,offset dwSeed
; call __randomize
;
; The get a random number in eax:
;
; mov eax,offset dwSeed
; mov ecx,32 ; get a random number between 0~31
; call __random
;
;
; Same thing happened with FASM:
;
; mov edi,dwSeed
; call __randomize
;
; mov eax,dwSeed
; mov ecx,32 ; get a random number between 0~31
; call __random
;
;
; Copyright
; ---------
;
; (c) 2004. No rightz reserved. Use without permission :P.
;
;
; __randomize procedure
; =====================
;
;
; Description
; -----------
;
; This function use RDTSC instruction to generator a random number in order to
; initialize the seed field.
;
;
; Parameterz and Return Values
; ----------------------------
;
; input:
; edi --- points to the seed field
; output:
; nothing
;
__randomize: pushad
db 0fh,31h ; RDTSC
add eax,edx ; ...
stosd ; fill in the seed buffer
popad
ret
;
; __random procedure
; ==================
;
;
; Description
; -----------
;
; This function generates a random number and rewrite the seed field. The function
; first get a 32 bit m-sequence, which then multiply with the previous seed, with
; __m_seq_gen procedure. And then, it calls __m_seq_gen again to generate another
; m-sequence to make noise by adding on the DWORD calculated before. Also, this
; result is the new seed, and will be write to the seed field which pointed by EAX
; as argument. Finally, the seed is divided by ECX, and return the modulus, which
; is the expected random number.
;
;
; Parameterz and Return Values
; ----------------------------
;
; input:
; eax --- pointz to the random seed field
; edx --- the range of the random number to be generated
; output:
; eax --- random number as result
;
__random: pushad
xchg ecx,edx
mov edi,eax
mov esi,eax
lodsd ; get the previous seed value
mov ebx,eax
mov ebp,ebx
call __m_seq_gen ; generate a m-sequence
imul ebp ; multiply with the previous seed
xchg ebx,eax
call __m_seq_gen ; generate anothe m-sequence
add eax,ebx ; to make noise...
add eax,92151fech ; and some noisez...
stosd ; write new seed value
xor edx,edx
div ecx ; calculate the random number
mov [esp+28],edx ; according to a specified range
popad
ret
;
; __m_seq_gen procedure
; =====================
;
;
; Description
; -----------
;
; This function use a PN (Pseudo Noise) generator to generate m-sequencez. The
; configuration of the generator shows below (figure 1):
;
; (module 2 addition)
; ___
; / \
; +---------- | + | <------------------------------+
; | \___/ |
; | A |
; | +-----+ | +-----+ +-----+ |
; +--> | D31 | -+-> | D30 | ---> ... ---> | D01 | -+-> output
; +-----+ +-----+ +-----+
; A A A
; | | |
; CLK ---------------+------------+---------------------+
;
; figure 1. m-Sequence Generator
;
;
; Parameterz and Return Values
; ----------------------------
;
; input:
; eax --- a non-zero random number, which could be generated by RDTSC or
; GetTickCount or such functionz
; output:
; eax --- the result of the function
;
__m_seq_gen: pushad
xor esi,esi ; use to save the 32bit m-sequence
push 32 ; loop 32 times (but it's not a
pop ecx ; cycle in the m-sequence generator)
msg_next_bit: mov ebx,eax
mov ebp,ebx
xor edx,edx
inc edx
and ebp,edx ; get the lowest bit
dec cl
shl ebp,cl
or esi,ebp ; output...
inc cl
and ebx,80000001h ; \
ror bx,1 ; \
mov edx,ebx ; \
ror ebx,16 ; module 2 addition
xor bx,dx ; /
rcl ebx,17 ; /
rcr eax,1 ; /
loop msg_next_bit
mov [esp+28],esi
popad
ret
;
; __random_rdtsc procedure
; ========================
;
;
; Description
; -----------
;
; This is the simplest RNG in the packet. Well, nothing to explain :P
;
;
; Parameterz and Return Value
; ---------------------------
;
; input:
; ecx --- the range of the random number to be generated
;
; output:
; eax --- random number as result
;
__random_rdtsc: pushad
db 0fh,31h
add eax,edx
xor edx,edx
or ecx,ecx
jz rnd_rdt_no_range
div ecx
xchg eax,edx
rnd_rdt_no_range:
mov [esp+28],eax
popad
ret