编译并提取RC4算法函数的asm code:

https://s3-us-west-2.amazonaws.com/secure.notion-static.com/ac91f1a0-9776-4cee-9aa8-7849c854429c/Untitled.png

//Author:Nek0y4nsu Flu0rite
// RC4 Crypt SMC
///X64 MingW
// gcc gen_smc_rc4.c -o gen.exe

#include <stdio.h>
#include <stdlib.h>
#include <string.h>

void Init_Sbox(unsigned char *sbox,unsigned char* key,unsigned int key_len);
void RC4Crypt(unsigned char* data_in,unsigned char* output ,unsigned int data_len, unsigned char* key, unsigned int key_len){
	unsigned char Sbox[256];
	Init_Sbox(Sbox, key, key_len);
	unsigned int i = 0, j = 0, t = 0;
	for (int x = 0; x < data_len; ++x)
	{
		i = (i + 1) % 256;
		j = (j + Sbox[i]) % 256;
		//swap
		unsigned char tmp = Sbox[i];
		Sbox[i] = Sbox[j];
		Sbox[j] = tmp;
		
		t = (Sbox[i] + Sbox[j]) % 256;
		output[x] = data_in[x] ^ Sbox[t];
	}
}
void Init_Sbox(unsigned char *sbox,unsigned char* key,unsigned int key_len){
    for(int i = 0;i < 256;++i){
        sbox[i] = i;
    }
    
    unsigned int j = 0;
    for(int n = 0 ;n < 256; n++){
        j = (j + sbox[n] + key[n % key_len]) % 256;
        //swap sbox
        unsigned char tmp = sbox[j];
        sbox[j] = sbox[n];
        sbox[n] = tmp;
    }

}

__attribute__((naked)) void _end(){};

int main(){
	int size = (int)_end - (int)RC4Crypt;
	printf("size: %d \\n",size);
	char* buf = (char*)malloc(size);
	if(!buf){
		printf("malloc failed \\n");
		return 0;
	}
	
	memcpy(buf,(void*)RC4Crypt,size);
	for(int i = 0;i < size;++i)
		buf[i] = buf[i] ^ (i % 100);

	FILE* fp = fopen("rc4_func.bin","wb");
	fwrite(buf,1,size,fp);
	fclose(fp);
	printf("Extract ok!");
	getchar();
	return 0;
}

用CL编译器测试能不能用

#include <windows.h>
#include <stdio.h>

typedef void (*PRC4Crypt)(
    unsigned char* data_in,
    unsigned char* output ,
    unsigned int data_len, 
    unsigned char* key, 
    unsigned int key_len
);

int file_size(char* filename){
    FILE *fp=fopen(filename,"r");
    if(!fp) return -1;
    fseek(fp,0L,SEEK_END);
    int size=ftell(fp);
    fclose(fp);
    
    return size;
}

int main(){
    int size = file_size("rc4_func.bin");
    char* buffer = (void* )VirtualAlloc(0, size, MEM_COMMIT, PAGE_EXECUTE_READWRITE);
    FILE* fp = fopen("rc4_func.bin","rb");
    fread(buffer,size,1,fp);
    fclose(fp);

    PRC4Crypt RC4_Crypt = (PRC4Crypt)buffer;
 
		for(int n = 0;n < size;++n)
			buffer[n] = buffer[n] ^ (n % 100);
	
    unsigned char data[] = "helloworld";
    RC4_Crypt(data,data,sizeof(data),"abc",3);
    for(int i = 0;i < sizeof(data);++i){
        printf("%x ",data[i]);
    }
    getchar();
    return 0;
}

https://s3-us-west-2.amazonaws.com/secure.notion-static.com/ff2179fe-2bae-436e-ae87-1d4bf49d1f1f/Untitled.png

https://s3-us-west-2.amazonaws.com/secure.notion-static.com/ef46e05c-4ab5-4ccb-a2be-71a4aa9ab649/Untitled.png