Nytro Posted October 25, 2010 Report Posted October 25, 2010 Credits :HUTCH pour la fonction StringComparePHRACK pour le tips pour récuperer K32Reference :NEITSA pour la méthodoAuthor: steve10120 call .hwndDelta.hwndDelta: pop ebp sub ebp, .hwndDelta.find_kernel: mov eax, [fs:30h] ;EAX = PEB base mov eax, [eax + 0ch] ;EAX = PEB_LDR_DATA mov esi, [eax + 1ch] ;first entry in InInitializationOrderModuleList lodsd ;forward to next LIST_ENTRY mov ebx, [eax + 08h] ;EBX = Kernel32 base memory mov [ebp + _kernelBase], ebx mov esi, dword[ebx + 3Ch] ;ESI = PE MAGIC add esi, [ebp + _kernelBase] mov edx, [esi + 078h] ;EDX = RVA table export add edx, [ebp + _kernelBase] ;EDX = VA table export mov ecx, [edx + 018h] ;ECX = nombre d'export de la DLL mov [ebp + _function_nb], ecx mov ebx, [edx + 020h] ;EBX = VA du pointeur de nom add ebx, 4 add ebx, [ebp + _kernelBase] ;EBX = VA table export ;A partir de la on a tous les éléments pour rechercher les fonctions ;Recuperation de GetProcAddress pushad lea edi, [ebp + _szGetProcAddress] ;EDI = GetProcAddress string call .find_function mov [ebp + _getProcAddress], eax popad ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ;Recuperation de LoadLibrary pushad lea edi, [ebp + _szLoadLibrary] ;EDI = GetProcAddress string call .find_function mov [ebp + _loadLibrary], eax popad ;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ;TEST MESSAGEBOX ; lea ebx,[ebp +_szUser32] push ebx call [ebp +_loadLibrary] ; lea ebx,[ebp +_szMessageBox] push ebx push eax lea edx, [ebp +_getProcAddress] call dword[edx] ; push 0 lea esi, [ebp +_szGetProcAddress] push esi lea edi, [ebp +_szGetProcAddress] push edi push 0 call eax ;;;;;;;;;;;;;;;; ret.find_function: .find_function_loop: mov esi, dword[ebx] ;ESI = RVA STRING FUNC add ebx, 4 add esi, [ebp + _kernelBase] ;EBX = VA STRING FUNC dec ecx ;ECX = ECX - 1 call .stringCompare cmp eax, -1 je .find_function_loop mov ebx, [edx + 01ch] ; ebx = export table address RVA add ebx, [ebp + _kernelBase] ; pointeur vers table d'export mov edx, dword[_function_nb] sub edx, ecx imul edx, edx, 4 add ebx, edx mov eax, ebx mov eax, dword[eax] add eax, [ebp + _kernelBase] ret.stringCompare: pushad mov ecx, esi mov edx, edi.cmst: mov al, [ecx] cmp al, [edx] jne .no_match add ecx, 1 add edx, 1 test al, al jne .cmst popad xor eax, eax ret.no_match: popad mov eax, -1 ret_szGetProcAddress db "GetProcAddress",0_szLoadLibrary db "LoadLibraryA",0_kernelBase dd ?_function_nb dd ?_szMessageBox db "MessageBoxA",0_szUser32 db "user32.dll",0_getProcAddress dd ?_loadLibrary dd ? Quote
Krisler12™ Posted October 25, 2010 Report Posted October 25, 2010 De unde se poate invata asm ? Nu vad nimic structurat sa zicem asa cum e ptr. celelalte limbaje si totusi vad ca sunt multi care stapanesc asm destul de bine...Voi cum ati invatat asm ? (Prin invatat ma refer la stapnit bine acest limbaj nu numai sa intelegi un cod scris de altu'...) Quote
Nytro Posted October 25, 2010 Author Report Posted October 25, 2010 Cel mai bine se invata din carti, dar sunt si tutoriale bune.Eu fac ASM la facultate (la Arhitectura Sistemelor de Calcul - Universitatea Bucuresti, Informatica). Quote
Krisler12™ Posted October 25, 2010 Report Posted October 25, 2010 Cel mai bine se invata din carti, dar sunt si tutoriale bune.Eu fac ASM la facultate (la Arhitectura Sistemelor de Calcul - Universitatea Bucuresti, Informatica).Nu poti posta cursurile in format electronic, te rog ? Mi se pare ca mai usor as invata de pe ele plus ca sunt si in romana dar se exprima ptr. oameni si nu folosesc limbaj de ala de lemn de la urma te intrebi ce a vrut sa zica.Multumesc anticipat ! Quote
Nytro Posted October 25, 2010 Author Report Posted October 25, 2010 Arhitectura calculatorului (sau sistemelor de calcul) - Adrian Atanasiu, Ed. InfodataProgramarea procesoarelor Intel (parca) - Vasile Lungu, Ed. Teora Quote
M2G Posted October 25, 2010 Report Posted October 25, 2010 @krisler12Vezi pe aici:ALastNameNu e foarte usor, trebuie sa intelegi foarte bine cum lucreaza un procesor cu registrii si flaguri. Prin invatat ma refer la stapnit bine acest limbaj nu numai sa intelegi un cod scris de altu'...Ca sa intelegi un cod scris de altcineva in ASM trebuie sa sti bine, altfel nu prea ai sanse.Nu e ca si la limbajele de nivel inalt. Mai bine invata java sau ceva de nivel inalt daca tot nu ai ce face cu timpul liber! Quote