// 0x90cpu.cpp : SOTM33 - 0x90 - Nicola Cuomo // #include #define GETDWORD(x) (*(int*)(x)) #define GETWORD(x) (*(short int*)(x)) #define R(x) ( ((x & 0xff) << 8) | ((x & 0xff00) >> 8) ) int main(int argc, char* argv[]) { unsigned int ip; unsigned char data[470] = { 0x02, 0x02, 0x0A, 0x15, 0x02, 0x51, 0x03, 0x00, 0x01, 0x2E, 0xA7, 0x11, 0x53, 0x00, 0x03, 0x66, 0x02, 0x02, 0xFC, 0x12, 0x02, 0x51, 0x02, 0x01, 0x03, 0x02, 0x00, 0x00, 0x02, 0x04, 0x00, 0x02, 0x03, 0x03, 0x04, 0x01, 0x16, 0x00, 0x00, 0x00, 0x02, 0x02, 0x2D, 0x21, 0xCA, 0xAD, 0x01, 0x02, 0x01, 0x2F, 0xDE, 0x36, 0x02, 0x02, 0x06, 0x20, 0x55, 0x02, 0x04, 0x02, 0x2E, 0x01, 0x00, 0x00, 0x02, 0x08, 0x00, 0x02, 0x01, 0x04, 0x05, 0x45, 0xDC, 0x9B, 0x1D, 0x01, 0x04, 0x04, 0x45, 0x97, 0x51, 0x74, 0x01, 0x05, 0x04, 0xE2, 0xDF, 0x45, 0xAD, 0x01, 0x04, 0x04, 0xEF, 0xBE, 0xAD, 0xDE, 0x01, 0x04, 0x05, 0x6C, 0x6C, 0x65, 0x68, 0x01, 0x05, 0x03, 0x65, 0x41, 0x85, 0x17, 0x01, 0x05, 0x04, 0x69, 0x61, 0x77, 0x41, 0x01, 0x04, 0x04, 0x77, 0x6F, 0x68, 0x73, 0x01, 0x04, 0x05, 0x20, 0x73, 0x74, 0x69, 0x01, 0x05, 0x03, 0x20, 0x6F, 0x6E, 0x20, 0x01, 0x04, 0x05, 0x76, 0x69, 0x72, 0x64, 0x01, 0x04, 0x04, 0x63, 0x72, 0x65, 0x6D, 0x01, 0x05, 0x04, 0x73, 0x74, 0x75, 0x6E, 0x01, 0x05, 0x03, 0x21, 0x21, 0x21, 0x79, 0x01, 0x05, 0x04, 0x21, 0x3F, 0x68, 0x65, 0x01, 0x06, 0x07, 0xFF, 0xFF, 0xFF, 0xDF, 0x00, 0x02, 0x45, 0x00, 0x02, 0x46, 0x03, 0x00, 0x3D, 0xCE, 0xE4, 0x00, 0x02, 0x05, 0x03, 0x04, 0x02, 0x2E, 0x01, 0x00, 0x00, 0x02, 0x04, 0x00, 0x01, 0x04, 0x03, 0x02, 0x00, 0x00, 0x00, 0x02, 0x04, 0x00, 0x02, 0x0B, 0x00, 0x01, 0x00, 0x02, 0x46, 0x00, 0x03, 0x64, 0x00, 0x02, 0x47, 0x00, 0x01, 0xD6, 0x22, 0x08, 0x53, 0x00, 0x03, 0x66, 0x01, 0x04, 0x03, 0x48, 0x85, 0x09, 0x00, 0x02, 0x03, 0x00, 0x01, 0x03, 0x02, 0x01, 0x00, 0x00, 0x03, 0x66, 0x02, 0x0A, 0x00, 0x02, 0x01, 0x04, 0x03, 0x02, 0x00, 0x00, 0x00, 0x02, 0x0A, 0x00, 0x01, 0x01, 0x09, 0x02, 0x05, 0x05, 0x00, 0x86, 0xBB, 0xE1, 0x00, /**/ 0x02, 0x03, /* 0x47, 0x42, */ /**/ 0x03, 0x00, 0x02, 0x44, 0x00, 0x01, 0xF3, 0xA8, 0x11, 0x53, 0x02, 0x01, 0x23, 0xDE, 0x36, 0x02, 0x00, 0x04, 0x4D, 0x04, 0x00, 0xD7, 0xDC, 0xF6, 0xF2, 0x00, 0x00, 0x11, 0x54, 0x19, 0x37, 0x00, 0x01, 0xDC, 0xA8, 0x11, 0x53, 0x02, 0x01, 0x23, 0xDE, 0x36, 0x02, 0x00, 0x04, 0x4D, 0x02, 0x00, 0x02, 0x02, 0x48, 0x13, 0x02, 0x51, 0x01, 0x02, 0x04, 0x01, 0x02, 0x04, 0x01, 0x01, 0x04, 0x04, 0x05, 0x00, 0x00, 0x00, 0x02, 0x03, 0x01, 0x01, 0x05, 0x03, 0x04, 0x00, 0x00, 0x00, 0x01, 0x05, 0x04, 0x5A, 0x00, 0x00, 0x00, 0x01, 0x0A, 0x04, 0x02, 0x04, 0x01, 0x31, 0x01, 0x00, 0x00, 0x02, 0x03, 0x00, 0x02, 0x0A, 0x00, 0x02, 0x01, 0x04, 0x03, 0x02, 0x00, 0x00, 0x00, 0x02, 0x0A, 0x00, 0x01, 0x01, 0x09, 0x02, 0x05, 0x02, 0x04, 0x02, 0x01, 0x05, 0x04, 0x4E, 0x00, 0x00, 0x00, 0x00, 0x01, 0x2D, 0xCA, 0x10, 0x53, 0x00, 0x03, 0x66, 0x01, 0x04, 0x03, 0xAC, 0xDE, 0x00, 0x00, 0x02, 0x04, 0x00, 0x01, 0x03, 0x02, 0x00, 0x00, 0x02, 0x02, 0x45, 0x13, 0x02, 0x51, 0x03, 0x00, 0x01, 0xF3, 0xA8, 0x11, 0x53, 0x00, 0x03, 0x66, 0x02, 0x04, 0x02, 0x01, 0x03, 0x02, 0x00, 0x00, 0x02, 0x04, 0x00, 0x02, 0x03, 0x03, 0x04, 0x01, 0xC2, 0x01, 0x00, 0x00, 0x05, 0x01 }; ip = 0; while( ip != sizeof( data ) ) { //printf( "r1:0x%x r2:0x%x r3:0x%x r4:0x%x r5:0x%x r6:0x%x \n", r[0], r[1], r[2], r[3], r[4], r[5] ); printf( "0x%0.2x> ", ip ); switch( R(GETWORD(data + ip)) ) { case 0x0000: printf( "push 0x%x\n", GETDWORD( data + ip + 2 ) ^ 0x3719553F ); ip += 6; break; case 0x0001: printf( "push 0x%x\n", GETDWORD( data + ip + 2 ) + 0xADD01337 ); ip += 6; break; case 0x0002: printf( "push r%d\n", data[ip + 2] ^ 0x47 ); ip += 3; break; case 0x0003: printf( "pop r%d\n", data[ip + 2] ^ 0x66 ); ip += 3; break; case 0x0004: printf( "add esp, %d\n", data[ip + 2] ^ 0x45 ); ip += 3; break; case 0x0103: if( data[ip + 3] == 0 ) { printf( "xor byte [r%d], r%d\n", data[ip + 4], data[ip + 2] ); ip += 5; } else if( data[ip + 3] == 1 ) { printf( "xor word [r%d], r%d\n", data[ip + 4], data[ip + 2] ); ip += 5; } else if( data[ip + 3] == 2 ) { printf( "xor [r%d], 0x%x\n", data[ip + 2], GETDWORD( data + ip + 4 ) ); ip += 8; } break; case 0x0104: printf( "add r%d, 0x%x\n", data[ip + 2] - 3, GETDWORD( data + ip + 3 ) ); ip += 7; break; case 0x0105: printf( "sub r%d, 0x%x\n", data[ip + 2] - 2, GETDWORD( data + ip + 3 ) ); ip += 7; break; case 0x0106: printf( "and r%d, 0x%x\n", data[ip + 2] - 5, GETDWORD( data + ip + 3 ) ); ip += 7; break; case 0x0109: printf( "add r%d, r%d\n", data[ip + 3] - 3, data[ip + 2] - 1 ); ip += 4; break; case 0x010a: printf( "cmp r%d, r%d\n", data[ip + 2] - 2, data[ip + 3] - 1 ); ip += 4; break; case 0x0200: printf( "exit\n" ); ip += 2; break; case 0x0201: printf( "r0 = apicall 0x%x\n", GETDWORD( data + ip + 3 ) + 0xFEA731DE ); ip += 6; break; case 0x0202: printf( "mov r%d, 0x%x\n", data[ip + 6] , GETDWORD( data + ip + 2 ) + 0xAEFDED04 ); ip += 7; break; case 0x203: printf( "dec r%d\n", data[ip + 2] ); ip += 3; break; case 0x0204: printf( "inc r%d\n", data[ip + 2] ); ip += 3; break; case 0x0205: printf( "xor r%d, r%d\n", data[ip + 2], data[ip + 2] ); ip += 3; break; case 0x0206: printf( "memchr( r0, 0x%x, 0x%x )\n", data[ip + 2], GETWORD( data + ip + 3) ); ip += 5; break; case 0x0208: printf( "mov r%d, dword [r%d]\n", data[ip + 3] , data[ip + 2] ); ip += 4; break; case 0x020a: printf( "mov r%d, byte [r%d]\n", data[ip + 3] , data[ip + 2] ); ip += 4; break; case 0x020b: printf( "mov r%d, word [r%d]\n", data[ip + 3] , data[ip + 2] ); ip += 4; break; case 0x0300: printf( "cmpandgoto 0x%x\n", GETDWORD( data + ip + 2 ) - 0x31337 - 0x00E1BA3D ); ip += 6; break; case 0x0400: printf( "jmp 0x%x\n", GETDWORD( data + ip + 2 ) - 0xDEADEAD - 0x00E1BA3D ); ip += 6; break; case 0x0401: printf( "jne 0x%x\n", GETDWORD( data + ip + 2 ) + 1 ); ip += 6; break; case 0x0402: printf( "je 0x%x\n", GETDWORD( data + ip + 2 ) + 4 ); ip += 6; break; case 0x0500: printf( "call 0x%x\n", GETDWORD( data + ip + 2 ) - 0x00E1BA3D ); ip += 6; break; case 0x0501: printf( "ret\n" ); ip += 2; break; default: printf( "%x o_O\n", data[ip] ); return 0; } } return 0; }