7c902645 8b4c2404 mov ecx,dword ptr [esp+4]
7c902649 f7c103000000 test ecx,3 ;check if the address is 4 bytes aligned
7c90264f 7412 je ntdll!strlen+0x20 (7c902663)
7c902651 8a01 mov al,byte ptr [ecx] ; calculate length byte by byte
7c902653 41 inc ecx
7c902654 84c0 test al,al
7c902656 7440 je ntdll!strlen+0x53 (7c902698)
7c902658 f7c103000000 test ecx,3
7c90265e 75f1 jne ntdll!strlen+0xc (7c902651)
7c902660 83c000 add eax,0
7c902663 8b01 mov eax,dword ptr [ecx]
7c902665 bafffefe7e mov edx,7EFEFEFFh ; the algorithm is little bit confusing..
7c90266a 03d0 add edx,eax
7c90266c 83f0ff xor eax,0FFFFFFFFh
7c90266f 33c2 xor eax,edx
7c902671 83c104 add ecx,4
7c902674 a900010181 test eax,81010100h ; If the content of [ecx] is 0 the next jump is not taken.
7c902679 74e8 je ntdll!strlen+0x20 (7c902663) ; calculate length by dword.
7c90267b 8b41fc mov eax,dword ptr [ecx-4]
7c90267e 84c0 test al,al ; add the lowest byte
7c902680 7434 je ntdll!strlen+0x71 (7c9026b6)
7c902682 84e4 test ah,ah ; add the second lowest byte
7c902684 7426 je ntdll!strlen+0x67 (7c9026ac)
7c902686 a90000ff00 test eax,0FF0000h ; add the third one
7c90268b 7415 je ntdll!strlen+0x5d (7c9026a2)
7c90268d a9000000ff test eax,0FF000000h ; add the last one
7c902692 75cf jne ntdll!strlen+0x20 (7c902663)
7c902694 eb02 jmp ntdll!strlen+0x53 (7c902698)
7c902696 ebcb jmp ntdll!strlen+0x20 (7c902663)
7c902698 8d41ff lea eax,[ecx-1]
7c90269b 8b4c2404 mov ecx,dword ptr [esp+4]
7c90269f 2bc1 sub eax,ecx
7c9026a1 c3 ret
7c9026a2 8d41fe lea eax,[ecx-2]
7c9026a5 8b4c2404 mov ecx,dword ptr [esp+4]
7c9026a9 2bc1 sub eax,ecx
7c9026ab c3 ret
7c9026ac 8d41fd lea eax,[ecx-3]
7c9026af 8b4c2404 mov ecx,dword ptr [esp+4]
7c9026b3 2bc1 sub eax,ecx
7c9026b5 c3 ret
7c9026b6 8d41fc lea eax,[ecx-4]
7c9026b9 8b4c2404 mov ecx,dword ptr [esp+4]
7c9026bd 2bc1 sub eax,ecx
7c9026bf c3 ret
7c902649 f7c103000000 test ecx,3 ;check if the address is 4 bytes aligned
7c90264f 7412 je ntdll!strlen+0x20 (7c902663)
7c902651 8a01 mov al,byte ptr [ecx] ; calculate length byte by byte
7c902653 41 inc ecx
7c902654 84c0 test al,al
7c902656 7440 je ntdll!strlen+0x53 (7c902698)
7c902658 f7c103000000 test ecx,3
7c90265e 75f1 jne ntdll!strlen+0xc (7c902651)
7c902660 83c000 add eax,0
7c902663 8b01 mov eax,dword ptr [ecx]
7c902665 bafffefe7e mov edx,7EFEFEFFh ; the algorithm is little bit confusing..
7c90266a 03d0 add edx,eax
7c90266c 83f0ff xor eax,0FFFFFFFFh
7c90266f 33c2 xor eax,edx
7c902671 83c104 add ecx,4
7c902674 a900010181 test eax,81010100h ; If the content of [ecx] is 0 the next jump is not taken.
7c902679 74e8 je ntdll!strlen+0x20 (7c902663) ; calculate length by dword.
7c90267b 8b41fc mov eax,dword ptr [ecx-4]
7c90267e 84c0 test al,al ; add the lowest byte
7c902680 7434 je ntdll!strlen+0x71 (7c9026b6)
7c902682 84e4 test ah,ah ; add the second lowest byte
7c902684 7426 je ntdll!strlen+0x67 (7c9026ac)
7c902686 a90000ff00 test eax,0FF0000h ; add the third one
7c90268b 7415 je ntdll!strlen+0x5d (7c9026a2)
7c90268d a9000000ff test eax,0FF000000h ; add the last one
7c902692 75cf jne ntdll!strlen+0x20 (7c902663)
7c902694 eb02 jmp ntdll!strlen+0x53 (7c902698)
7c902696 ebcb jmp ntdll!strlen+0x20 (7c902663)
7c902698 8d41ff lea eax,[ecx-1]
7c90269b 8b4c2404 mov ecx,dword ptr [esp+4]
7c90269f 2bc1 sub eax,ecx
7c9026a1 c3 ret
7c9026a2 8d41fe lea eax,[ecx-2]
7c9026a5 8b4c2404 mov ecx,dword ptr [esp+4]
7c9026a9 2bc1 sub eax,ecx
7c9026ab c3 ret
7c9026ac 8d41fd lea eax,[ecx-3]
7c9026af 8b4c2404 mov ecx,dword ptr [esp+4]
7c9026b3 2bc1 sub eax,ecx
7c9026b5 c3 ret
7c9026b6 8d41fc lea eax,[ecx-4]
7c9026b9 8b4c2404 mov ecx,dword ptr [esp+4]
7c9026bd 2bc1 sub eax,ecx
7c9026bf c3 ret
扫一扫
1万+
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
