Jump to content

Assembly Code

Shanheavel
 Share

Recommended Posts

Shanheavel Wayfarer

Shanheavel

Posted
Posted (edited)

Hi,

I've function using Asm code.

; by trancexx
#include <GUIConstantsEx.au3>
#include <Memory.au3>
#include <WinAPI.au3>
Opt("GUIOnEventMode", 1)
Global Const $STM_SETIMAGE = 370
Global Const $iWidth = 810
Global Const $iHeight = 470
GUICreate("", $iWidth, $iHeight)
GUISetOnEvent(-3, "_Quit")
GUISetBkColor(0)
Global $hPic = GUICtrlCreatePic("", 0, 0, $iWidth, $iHeight)
Global $iSize = $iWidth * $iHeight
Global $tBits = DllStructCreate("int[" & $iSize & "]")
Global $pBits = DllStructGetPtr($tBits)
 
Global $hBitmap, $aCall, $iHMsg
Global $hPicHandle = GUICtrlGetHandle($hPic)
Global $tRandom = DllStructCreate("dword")
Global $pRandom = DllStructGetPtr($tRandom)
GUISetState()
 
Global $aRtlRandomEx = DllCall("kernel32.dll", "ptr", "GetProcAddress", "ptr", _WinAPI_GetModuleHandle("ntdll.dll"), "str", "RtlRandomEx")
Global $pRtlRandomEx = $aRtlRandomEx[0]
Global $aRtlMoveMemory = DllCall("kernel32.dll", "ptr", "GetProcAddress", "ptr", _WinAPI_GetModuleHandle("kernel32.dll"), "str", "RtlMoveMemory")
Global $pRtlMoveMemory = $aRtlMoveMemory[0]
Global $aSendMessageW = DllCall("kernel32.dll", "ptr", "GetProcAddress", "ptr", _WinAPI_GetModuleHandle("user32.dll"), "str", "SendMessageW")
Global $pSendMessageW = $aSendMessageW[0]
Global $aDeleteObject = DllCall("kernel32.dll", "ptr", "GetProcAddress", "ptr", _WinAPI_GetModuleHandle("gdi32.dll"), "str", "DeleteObject")
Global $pDeleteObject = $aDeleteObject[0]
Global $aCreateBitmap = DllCall("kernel32.dll", "ptr", "GetProcAddress", "ptr", _WinAPI_GetModuleHandle("gdi32.dll"), "str", "CreateBitmap")
Global $pCreateBitmap = $aCreateBitmap[0]
Global $pRemoteCode = _MemVirtualAlloc(0, 512, $MEM_COMMIT, $PAGE_EXECUTE_READWRITE)
Local $tCodeBuffer = DllStructCreate("byte[512]", $pRemoteCode)
#Region Assemply
DllStructSetData($tCodeBuffer, 1, _
            "0x" & _
            "33DB" & _                                          ; xor ebx, ebx
            "68" & SwapEndian($pRandom) & _                         ; push $pRandom
            "B8" & SwapEndian($pRtlRandomEx) & _                    ; mov eax, RtlRandomEx
            "FFD0" & _                                          ; call eax
            "8BCB" & _                                          ; mov ecx, ebx
            "69C9" & SwapEndian(4) & _                          ; imul ecx, 4
            "81C1" & SwapEndian($pBits) & _                         ; add ecx, $pBits
            "68" & SwapEndian(3) & _                                ; push 3 bytes
            "68" & SwapEndian($pRandom) & _                         ; push $pRandom
            "51" & _                                                ; push ecx
            "B8" & SwapEndian($pRtlMoveMemory) & _              ; mov eax, RtlMoveMemory
            "FFD0" & _                                          ; call eax
            "43" & _                                                ; inc ebx
            "81FB" & SwapEndian($iSize) & _                         ; cmp ebx, $iSize; <- compare ebx with $iSize
            "75" & Hex(256 - 53, 2) & _                             ; jne -53 bytes; <- this is saying go back and do it again if not equal
            "68" & SwapEndian($pBits) & _                           ; push $pBits
            "68" & SwapEndian(32) & _                               ; push BitsPerPel
            "68" & SwapEndian(1) & _                                ; push Planes
            "68" & SwapEndian($iHeight) & _                         ; push $iHeight
            "68" & SwapEndian($iWidth) & _                      ; push $iWidth
            "B8" & SwapEndian($pCreateBitmap) & _                   ; mov eax, CreateBitmap
            "FFD0" & _                                          ; call eax
            "50" & _                                                ; push eax
            "68" & SwapEndian(0) & _                                ; push IMAGE_BITMAP
            "68" & SwapEndian($STM_SETIMAGE) & _                    ; push STM_SETIMAGE
            "68" & SwapEndian($hPicHandle) & _                  ; push $hPicHandle
            "B8" & SwapEndian($pSendMessageW) & _                   ; mov eax, SendMessageW
            "FFD0" & _                                          ; call eax
            "50" & _                                                ; push eax
            "B8" & SwapEndian($pDeleteObject) & _                   ; mov eax, DeleteObject
            "FFD0" & _                                          ; call eax
            "C3" _                                              ; ret
            )
#EndRegion Assembly
While 1
    #region Assembly
  
    DllCall("user32.dll", "int", "CallWindowProcW", _
            "ptr", $pRemoteCode, _
            "int", 0, _
            "int", 0, _
            "int", 0, _
            "int", 0)
    #endregion Assembly
    Sleep(10)
WEnd
 
Func SwapEndian($iValue)
    Return Hex(Binary($iValue))
EndFunc ;==>SwapEndian
 
Func _Quit()
    Exit
EndFunc ;==>_Quit

Pixels are random (look RtlRandomEx). I'm trying to replace it to get pixels' colors from some string (not random).

Global $tColor = DllStructCreate("int[" & $iSize & "]")
DllStructSetData($tColor, 1, 0xFFFF00)

I need help someone who is experienced.

I'm waiting for your replies

/Shanheavel

Edited by Shanheavel
Link to comment
Share on other sites
Shanheavel Wayfarer

Shanheavel

Posted
  • Author
Posted (edited)

@Shaggi

$tPixel = DllStructCreate("dword")
DllStructSetData($tPixel, 1, 0xFF00AA)
$pPixel = DllStructGetPtr($tPixel)

And replace:

"68" & SwapEndian($pRandom) & _ ; push $pRandom
"B8" & SwapEndian($pRtlRandomEx) & _ ; mov eax, RtlRandomEx
"FFD0" & _

With:

B8" & SwapEndian($pPixel)
? Edited by Shanheavel
Link to comment
Share on other sites
Shaggi Universalist

Shaggi

Posted
Posted

@Shaggi

$tPixel = DllStructCreate("dword")
DllStructSetData($tPixel, 1, 0xFF00AA)
$pPixel = DllStructGetPtr($tPixel)

And replace:

"68" & SwapEndian($pRandom) & _ ; push $pRandom
"B8" & SwapEndian($pRtlRandomEx) & _ ; mov eax, RtlRandomEx
"FFD0" & _

With:

B8" & SwapEndian($pPixel)
?

Well that depends on how you want to implement it. You can do it so the pixel is a constant, as i showed you, or you can operate with pointers, so you can change it.

"B8" & SwapEndian($pPixel)
<- This stands for MOV EAX, $pPixel.

Ever wanted to call functions in another process? ProcessCall UDFConsole stuff: Console UDFC Preprocessor for AutoIt OMG

Link to comment
Share on other sites
MvGulik Universalist

MvGulik

Posted
Posted

I did that and my program crashed. I don't understand why...

:mellow: Asm-code tend to do that when you don't know what your doing.

Suggest:

- You stay away from modifying Asm-code until you have readup on it ... A lot.

- Find a forum that's more targeted in helping beginners in ASM. (as that part falls outside this forum general targets in my view.)

"Straight_and_Crooked_Thinking" : A "classic guide to ferreting out untruths, half-truths, and other distortions of facts in political and social discussions."
"The Secrets of Quantum Physics" : New and excellent 2 part documentary on Quantum Physics by Jim Al-Khalili. (Dec 2014)

"Believing what you know ain't so" ...

Knock Knock ...
 

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...