19 replies to this topic

[Ward]

Thanks to disasm source code by Oleh Yuschuk from http://www.ollydbg.de/.
I compiled them into a DLL and use it in this UDF.

Loot at the example script first:

Plain Text        expandcollapse  popup

#include <ASM.au3>

; Initial an asm object
Global $Asm = AsmInit()

Demo1()

Func Demo1()
; Demo 1: Using Parameters
    AsmReset($Asm)
    AsmAdd($Asm, "push ebp")
    AsmAdd($Asm, "mov ebp, esp")
    AsmAdd($Asm, "mov eax, [ebp + 08]")
    AsmAdd($Asm, "add eax, [ebp + 0c]")
    AsmAdd($Asm, "pop ebp")
    AsmAdd($Asm, "retn 8")
    ConsoleWrite(String(AsmGetBinary($Asm)) & @CRLF)
    $Ret = MemoryFuncCall("int", AsmGetPtr($Asm), "int", 1, "int", 2)
    MsgBox(0, "Demo 1: Using Parameters", "1 + 2 = " & $Ret[0])
EndFunc

; Release the asm object
AsmExit($Asm)
Exit

There are more examples including read Time-Stamp counter, using label,
call AutoIt function from assembly, and a assembly crc32 routine in the archive.

Have fun!
 asm.zip   36.4K   1836 downloads

[Lazycat]

I have no words... It's time to start learning assembler?
It's still need to compare performance (is this faster then calling regular function from dll?), but anyway this a lot more flexible way then preparing machine code!

[Dampe]

Very nice, Unfortunately:

Func Demo1()
; Demo 1: Using Parameters
    $timer = TimerInit()
    AsmReset($Asm)
    AsmAdd($Asm, "push ebp")
    AsmAdd($Asm, "mov ebp, esp")
    AsmAdd($Asm, "mov eax, [ebp + 08]")
    AsmAdd($Asm, "add eax, [ebp + 0c]")
    AsmAdd($Asm, "pop ebp")
    AsmAdd($Asm, "retn 8")
    ConsoleWrite(String(AsmGetBinary($Asm)) & @CRLF)
    $Ret = MemoryFuncCall("int", AsmGetPtr($Asm), "int", 1, "int", 2)
    ConsoleWrite (TimerDiff ($timer) & "ms" & @CRLF)
    $timer = ""
    MsgBox(0, "Demo 1: Using Parameters", "1 + 2 = " & $Ret[0])
EndFunc

Result: 5.0036303630363ms

Func Demotwo()
    $timer = TimerInit()
    $t = 1 + 2
    ConsoleWrite (TimerDiff ($timer) & "ms" & @CRLF)
    $timer = ""
    MsgBox (32, "test", $t)
EndFunc

Result: 0.00672067206720672ms

Edited by Dampe, 26 December 2008 - 07:43 AM.

[Ward]

Very nice, Unfortunately:

I don't think it is unfortunately.

This UDF assemble the code to binary machine code, and then run it. So other machine code UDF must be faster than these.

So, it is not for speed, it for powerful, and for fun. Want to get cpu's Time-Stamp Counter ? You will find assembly is the easiest way.

If you need speed, see my other post about machine code UDF or MemoryDll UDF.

Edited by Ward, 26 December 2008 - 08:10 AM.

[Lazycat]

Unfortunately:

This is bad example for compare speed, since Ward's UDF require some time for initializing. It's need time-intensive tasks, like checksums for big files, for which using those techiques are reasonable.

[SmOke_N]

Wow... No time this evening to play/test... but this could be huge. Thanks Ward.

[Dampe]

I don't think it is unfortunately.

This UDF assemble the code to binary machine code, and then run it. So other machine code UDF must be faster than these.

So, it is not for speed, it for powerful, and for fun. Want to get cpu's Time-Stamp Counter ? You will find assembly is the easiest way.

If you need speed, see my other post about machine code UDF or MemoryDll UDF.

Yeah, I agree completely on the fact of it's power, I just don't think it would be efficient to use it for basic addition and subtraction / whatever else.

Nice UDF none the less

[oMBRa]

Newbie question: I have found with cheat engine and address ( for example 0x6F000000) and the opcode is ''mov eax, [ebp + 08]'' and ebp + 08 is the address Im searching to read a value... is possible to determine it with this UDF?

[James]

Wow... No time this evening to play/test... but this could be huge. Thanks Ward.

Well you got be stunned. And Smoke too? Wow, this is really good!

[doudou]

LOL
Nice toy! I can't imagine any practical use for it in a scripting language but hey, who says programmers are not allowed to play around?
Next challenge: write a hardware driver entirely in AutoIt script!

[doudou]

Newbie question: I have found with cheat engine and address ( for example 0x6F000000) and the opcode is ''mov eax, [ebp + 08]'' and ebp + 08 is the address Im searching to read a value... is possible to determine it with this UDF?

If You are talking about reading some other process' memory - bad luck, in protected mode it is ahm... protected Assembler won't help You at all unless Your cheat prog is registered as a debugger.

[oMBRa]

u mean SeDebugPrivileges?

[doudou]

u mean SeDebugPrivileges?

I mean You need to start the cheatee or attach to it with debugging rights and Your user has to be granted the privilege to debug software in first place. From my perspective it's easier just to fire up Visual Studio (or similar) and do the dirty work from there.

[oMBRa]

I just have to do ''ebp + 08'', but how to determine ebp? (let's say I have debugging rights etc...)

[doudou]

I just have to do ''ebp + 08'', but how to determine ebp? (let's say I have debugging rights etc...)

I may have misunderstood his UDF but I think all register content is in $Ret array after MemoryFuncCall. We'll have to figure out which one is which or wait for a reply from the author.

[Pain]

I'm speechless, this is awesome. Thee is so many new opportunities with asm support.

[StrategicX]

Can this be used to inject ASM into a live process I.E online game like wow, And as for debugging writes all you need is the new NomadMemory.au3 and use the function SETPRIVILEGE("SeDebugPrivilege", 1) and your au3 app has all the rights a debugger has... hackinggggggg If someone has done this please PM me or post it thanks alotttt

[Dalord]

I too am interested in inject ASM into a live process (Hi StrategicX, nice to see we are both researching the same line)

[TheOnlyOne]

Hmm how can u use the jmp or je in here ? to a self made asm function ?

[AndyG]

with Ward´s FASM-Assembly-UDF it is possible to call AutoIt-functions from Assemblercode. Look at the nice examples. With FASM the forward-jumps are also now possible.