ASM Community

What operator in IDC language (hmm may be there is the same in ANSI C) rotates operand?
>> is shr i guess...
and what is ror?

ror is rotate right, rol is rotate left

thnx xlifewirex.
may be there is a way to rotate operand not using bit operations (and using only >>, <<, ~,^)?

i found it in my system some virus and its crypted by easy algorithm:
00405FED mov esi, offset dword_401000
00405FF2 mov edi, esi
00405FF4 mov ecx, 4FE2h
00405FF9 cld
00405FFA
00405FFA loc_405FFA: ; CODE XREF: start+1Bj
00405FFA lodsb
00405FFB ror al, 3
00405FFE xor al, 88h
00406000 stosb
00406001 loop loc_405FFA

and i never write IDC scripts before.
I know that hiew can help me to make it much faster, but i want to understand how to do it in IDA.

unfortunately it doesnt work :(
i made such a script:
#include <idc.idc>
#define b 0x401000
#define ror(x,a) (x >> a || x << (32-a))

static main()
{
auto c;
Message("Patching started...
");
for (c=0; c<=0x4fe2;c++)
PatchByte(b+c, (ror(Byte(b+c), 3))^0x88);
Message("Patched successfully
");
}

may be i made a mistake?

unfortunately it doesnt work too :(
i made prog on VC:
#include "stdafx.h"
#include <stdio.h>
#define ror(x,a) (x >> a || x << (8-a))


int main(int argc, char* argv[])
{
char z = 0x44;
printf("%X
",ror(z,3));
scanf("%x",&z);
return 0;
}
The result is 1 (hmm)
and i made prog on asm:
dbg equ int 3
mov al, 44h
ror al, 3
dbg
the result is 0x88
may be the formula u gave me is wrong?

so the script looks like (it works! :)) this:
#include <idc.idc>
#define b 0x401000
#define ror(x,a) (x >> a | x << (8-a))

static main()
{
auto c;
Message("Patching started...
");
for (c=0; c<=0x4fe2;c++)
PatchByte(b+c, (ror(Byte(b+c), 3))^0x88);
Message("Patched successfully
");
}