... darkrealms ...

Forums before death by AOL, social media and spammers... "We can't have nice things"

comp.lang.asm.x86

Ahh, the lost art of x86 assembly

4,675 messages

[ << oldest | < older | list | newer > | newest >> ]

Message 2,779 of 4,675

wolfgang kern to All

Re: BASE64 again

02 Jul 17 11:27:54

   From: nowhere@never.at   
      
   added one more free modfier by reusing lost bytes:   
   (17 possible yet)   
      
   100 pop cx   
   101 push cx   
   102 push cx        ;ax=0   
   103 push byte 56   ;cx=0056   
   105 push 4130      ;dx=4130 to find my first byte with DH   
   108 pop ax   
   109 push ax   
   10a xor ax,4030   
   10d push ax        ;bx=0100   
   10e push cx  dup2  ;sp,bp=0   
   110 sub al,7e      ;   
   112 push ax        ;si=0182   
   113 push byte 044  ;di=0044   
   115 popa           ;   
   116 push BX        ;for ret   
   117 push DI        ;for ret   
   118 sub ax,5b73    ;->  a48d xor 6666 = EB C2   
   11b xor [bx+5C],ax ;make a back-branch to 0120   
   11e jnc 0142       ;=jmp always after xor (73 22)   
      
   120 cmp [si],dh    ;search my first byte (41)   
   122 jnz 0159       ;skip   
   124 3636 REP MOVSB ;   
   126 sub [bp+7a],ax ;ax= 7761 [07a] was 404c   
   129 sub [bp+74],al ;         [074] was 22   
   12c sub [bp+71],ax ; and so on...   
   13f sub [bb+6e],ax   
   132 sub [bp+6b],ax   
   135 sub [bp+69],ax   
   138 sub [bp+66],ax   
   13b sub [bp+60],ax   
   13e jnz 0161       ;=jmp always 75 21   
   140 0d 0a   
   142 36 36   
   144 push bp   
   145 pop ax   
   146 sub ax,6d3b    ;92c5 xor 3636 = A4F3   
   149 xor [bx+24],ax ;create REP MOVS   
   14c sub al,21      ;c5-21=a4   
   14d inc ax  dup2   ;a6 xor 65 = c3   
   14f xor [bx+7e],al ;create a RET in a field of 65 nops   
   152 push bx   
   153 pop di   
   154 push 7761   
   157 pop ax   
   158 dec si   
   159 36 36          ;slide nops   
   15b inc si   
   15c 6666 JMP 120   ;become eb c2   
   15e 6666   
   160 36             ;the only unused byte now   
   161 sub [bp+5e],al   
   164 sub [bp+5c],al   
   167 sub [bp+5a],ax   
   16a sub [bp+55],ax   
   16d sub [bp+51],al   
   170 sub [bb+4d],ah   
   173 363636         ;free for two more   
   176 363636         ;   
   179 sub al,7a      ;   
   17b sub [bp+4b],ax ;   
   17e 6565           ;the return goes here   
   180 6565           ;or there   
   182 0d0a   
   184 3636           ;two are enough with scan start at 0182   
   186 41414141 ...   ;raw string starts here immediate followed by B64   
      
   and with the free options I may save a few string bytes (lateron).   
   __   
   wolfgang   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)

[ << oldest | < older | list | newer > | newest >> ]