edi x12

, that is, taking the pixel (x, y) as the center, to (x-radius, Y) and (x + radius, Y) after the pixels are multiplied by weights, the new pixels are obtained and written to the corresponding points on the target image. The process ends. Since the above processing process only performs a "Ten" operation on each pixel of the image, the operation on each pixel point is greatly reduced, and the greater the fuzzy length, the more reduced. As mentioned above, the Q = 3 and r = 5 Fuzzy Operations only

: Baiyun district .. 1. dib32-bit, pre-multiplication alpha proc AlphaPreMul uses ebx edi, pBitDst,pDstRect,dwDstWight local dwWight:DWORD,dwHight:DWORD ;--------------------------------------- mov edi,[pBitDst] mov edx,[pDstRect] ;(p,q) mov eax,[edx+RECT.right] test eax,eax jz .exit mov [dwWight],eax mov eax,[edx+RECT.bottom] test e

--------------------------------------------------------------------------------. Data; InitializationBEGIN_INITDd offset Shap_destructor_FunctDd offset Shap_getArea_FunctDd offset Shap_setColor_FunctDd NULLEND_INIT--------------------------------------------------------------------------------. CodeShape_Init PROC uses edi esi lpTHIS: DWORD; Actual call InitializationSET_CLASS Shape; Set edi assmue to Shap

In Windows 7x86, the implementation of the kernel module NT (that is, the ntkrpamp module: Offset machine code command nt! Memset: 83c8ce40 8b54240c mov edX, dword ptr [esp + 0ch] 83c8ce44 8b4c2404 mov ECx, dword ptr [esp + 4] 83c8ce48 85d2 test edX, edx83c8ce4a 744f je nt! Memset + 0x5b (83c8ce9b) 83c8ce4c 33c0 XOR eax, eax83c8ce4e 8a442408 mov Al, byte PTR [esp + 8] 83c8ce52 57 push edi83c8ce53 8bf9 mov EDI, 10983fa04 CMP edX, 483c8ce58 7231 JB nt!

ECx, dword ptr [dwmovenum]SHR eax, ClRETMovebitr endp; //////////////////////////////////////// ///////////////////////////Bin2dec proc pbin: DWORD ; Argument checkMoV eax, dword ptr [pbin]Test eax, eaxJZ @ exitPush ESIMoV ESI, eaxXOR eax, eaxXOR edX, EDXClD@@:LodsbTest Al, AlJZ finalflag; FinalCMP Al, 30 h; 0JZ isbinCMP Al, 31 H; 1JZ isbinJnz @ B Isbin:Add edX, EDXLea edX, [edX + eax-30 h]JMP @ BFinalflag:MoV eax, EDXPop ESI@ Exit:RETBin2dec endp; //////////////////////////////////////// /////

: integer; var table: tgraytable); ASM push ebx cmp eax,-255 jge @ 1 mov eax,-255 JMP @ 2 @ 1: CMP eax, 255 jle @ 2 mov eax, 255 @ 2: Push eax mov EBX, 255 fild dword ptr [esp] fwait mov [esp], EBX fidiv dword ptr [esp] // bright/255 fwait XOR ECx, ECx test eax, eax JG @ loop xor ebx, EBX // mask = bright> 0? 255: 0 @ loop: mov [esp], ECx XOR [esp], EBX fild dword ptr [esp] fmul ST (0), ST (1) fistp dword ptr [esp] fwait mov eax, [esp] add eax, ECx mov [edX], Al // table [I] = (I ^ mask) * brigh

parameters, we need to translate the push command. Depending on the object of the push, different implementations are required:VPUSHREG32:; register into the stack. ESI points to the memory address of the bytecodeMov Eax,dword Ptr[esi]; Get the offset address of the register in the VMCONTEXT structure from the pseudo code (byte code)ADD esi,4; The VMCONTEXT structure preserves the values of each register. The structure is saved inside the stack.Mov eax,dowrd ptr [

Modifyfile,pmapaddr; Modify memory block contentsInvoke unmapviewoffile,pmapaddr; unlock file mappings. endifInvoke Closehandle,hmap; Close memory-mapped file. endifInvoke CloseHandle, hfile; Close file. endifRetWinMain ENDP; Get the file name to process; Return: If eax=null indicates that no file name is provided for processing; otherwise eax point to the filename addressGetFileName ProcInvoke Getfilenamefromcommandline,addr FileName. If Eax==nullCall Getfilenamefromdialog. endifRetGetFileName

to add CALLGATE for MGF virus: _ DwFlag ----- bit 0: 0 = ntldr, 1 = PE; bit 1:0 = mem, 1 = file;Bit 2: 0 = auto (ansi/unicode), 1 = ansi......................... Else; _ dwFlag; write CALLGATE if the file is NTLDRLea esi, szGdtData [ebx]Mov edi, @ lpFileMapMov ecx, @ dwFileSize@@:Inc ediPush esiPush ediPush ecxMov ecx, 10 hRepz cmpsbPop ecxPop ediPop esiLoopnz @ B In NTLDR, search for RING0 and CS in 16 bytes. After DS finds the d

call drawimage. Siid_framedimensiontime textequ Framedimensiontime guid siid_framedimensiontime Drawimage proc uses esi edi ebx hdc, X, YLocal dwticksLocal hgraphicsLocal RT: rectLocal hscrdc, htempdc, hbitmap. If m_ppropertyitem; Calculate the currently displayed frame through the Frame delay data and the elapsed timeInvoke timegettime; timegettime precision is 1 msSub eax, m_dwframe0tickXOR edX, EDXMoV ECx, 10Div ECxMoV dwticks, eaxMoV ESI, m_pprop

CRC16 common standards are used in various specifications, the principle of its algorithm is basically consistent, that is, in the data input and output differences, below the standards of the differences listed, and give the C language algorithm implementation. Crc16_ccitt: Polynomial x16+x12+x5+1 (0x1021), initial value 0x0000, low in front, high in the post, results and 0x0000 different or Crc16_ccitt_false: Polynomial x16+

the operation, such as Movl $foo,%eax equivalent to the Intel mov eax, Word ptr fooLong jump and call format is different, at/T is ljmp $section, $offset, and Intel is the JMP Section:offsetThe main difference is these, the other details are many, the following gives a specific example to illustrate#cpuid. S Sample Program. Section. DataOutput. ASCII "The processor Vendor ID is ' xxxxxxxxxxxx ' \ n". section. Text. globl _start_start:MOVL,%eaxCpuidMOVL $output,%ediMovl%ebx, (%

carried out in assembly, let's talk about some personal opinions. Next, we will conduct some small tests and explain them in assembly language. You can do it together. (1) Char name [] and char * Name [CPP] View plaincopy 1: 2:VoidProcess () 3 :{ 00401020 push EBP 00401021 mov EBP, ESP 00401023 sub ESP, 4ch 00401026 push EBX 00401027 push ESI 00401028 push EDI 00401029 Lea EDI