Jump to content
Sign in to follow this  
Skitty

Help with asm

Recommended Posts

Skitty

I've been searching everywhere but it's like no one talks about it or something, question is, how the heck do I get the home drive letter in assembly?

I need to make this string automatically change to the correct users home drive lable~

"%s:\Documents and Settings\TEST\Desktop\Log.dat"

I can't find anything on google about or related to it, it's like google has an anti asm fetish.

Also, is it me or are these forums getting a little slower?


Things that I've done..

Icon Resource Editor: icon resource editor 

AutoIt Piano: a piano

AutoIt Unlocker: unlocks files when you want to delete them

Colorful tooltips: a wrapper for the tool tips UDF

Rouge GoogleBot: a full screen animation

ASciTE text editor: a text editor written in autoit

Warning: Posts by this user are subject to change or may disappear without notice.

Share this post


Link to post
Share on other sites
Mat

Uhmmm... The same way you would in C, or any native windows application? Why is this question specifically about asm?

Rough outline:

strIn db "%HOMEDRIVE%Documents and SettingsTESTDesktopLog.dat"
strOut db MAX_PATH+1 dup 0

invoke ExpandEnvironmentStringsA,lpIn,lpOut,MAX_PATH

Then of course, there is the small matter that even then you are doing it wrong. You want the desktop directory for user TEST? Then you are actually trying to find a known folder. There are examples for that on these forums. Search for SHGetKnownFolderPath.

The reason it's not on google is because not many asm users ask questions like this. Most have previous knowledge of the winapi etc.

Edited by Mat

Share this post


Link to post
Share on other sites
Skitty

Uhmmm... The same way you would in C, or any native windows application? Why is this question specifically about asm?

Rough outline:

strIn db "%HOMEDRIVE%Documents and SettingsTESTDesktopLog.dat"
strOut db MAX_PATH+1 dup 0

invoke ExpandEnvironmentStringsA,lpIn,lpOut,MAX_PATH

Then of course, there is the small matter that even then you are doing it wrong. You want the desktop directory for user TEST? Then you are actually trying to find a known folder. There are examples for that on these forums. Search for SHGetKnownFolderPath.

The reason it's not on google is because not many asm users ask questions like this. Most have previous knowledge of the winapi etc.

I see, makes sense, and the reason it's specifically targeted to ASM is due to the fact that I don't know C, C++ etc, I was tinkering with some little project written in asm that creates a file in its directory (where it was launched from) and enters some data into it, suddenly I wan't the file to be created at a specific location, adding my user name was an accident but you get the idea, I wan't to have the app always create the file in a specific directory regardless of the home drive label.

When my the app is going to create the file, the string location is as so~

MAC "ab" ; binary mode
MAC "C:directoryLog.dat" ;Location
call fopen
Edited by THAT1ANONYMOUSEDUDE

Things that I've done..

Icon Resource Editor: icon resource editor 

AutoIt Piano: a piano

AutoIt Unlocker: unlocks files when you want to delete them

Colorful tooltips: a wrapper for the tool tips UDF

Rouge GoogleBot: a full screen animation

ASciTE text editor: a text editor written in autoit

Warning: Posts by this user are subject to change or may disappear without notice.

Share this post


Link to post
Share on other sites
Mat

So you are going to mix native winapi and libc?

Did you try using fopen with the environment strings in there (%HOMEDRIVE%)?

Share this post


Link to post
Share on other sites
Skitty

So you are going to mix native winapi and libc?

Did you try using fopen with the environment strings in there (%HOMEDRIVE%)?

Yes, windows xp suggested I send a crash report to microsoft afterward.

Damn, I really want to learn assembly, this is how I tried, which I know is wrong because of the crash report thing.

MAC "ab"
MAC "%HOMEDRIVE%Documents and SettingsLog.dat"
call fopen

Assembling: test.asm
test.asm(58) : error A2006: undefined symbol : HOMEDRIVE
MAC(1): Macro Called From
  test.asm(58): Main Line Code
test.asm(58) : error A2206: missing operator in expression
MAC(3): Macro Called From
  test.asm(58): Main Line Code
Edited by THAT1ANONYMOUSEDUDE

Things that I've done..

Icon Resource Editor: icon resource editor 

AutoIt Piano: a piano

AutoIt Unlocker: unlocks files when you want to delete them

Colorful tooltips: a wrapper for the tool tips UDF

Rouge GoogleBot: a full screen animation

ASciTE text editor: a text editor written in autoit

Warning: Posts by this user are subject to change or may disappear without notice.

Share this post


Link to post
Share on other sites
Valik

You really need to read some Windows guidelines. A directory already exists for applications to write their data. The root of the home drive is not it.

Share this post


Link to post
Share on other sites
Skitty

Do %s in strings have a special meaning in masm?

I would imagine they do since this works for me~

push offset hUser
call GetUserNameA
push offset hUser
MAC "-Current User:%s-"

And I can write the user name the file in place of the %s, where it would be written as "-Current User: TEST-".

You really need to read some Windows guidelines. A directory already exists for applications to write their data. The root of the home drive is not it.

Where can I find a good source? a nice help file like autoit's would be really good, also, I noticed that if I don't include the drive letter and start the path as if it was a directory in nix like "documents and settingsdata.dat" it's created without any errors.

Things that I've done..

Icon Resource Editor: icon resource editor 

AutoIt Piano: a piano

AutoIt Unlocker: unlocks files when you want to delete them

Colorful tooltips: a wrapper for the tool tips UDF

Rouge GoogleBot: a full screen animation

ASciTE text editor: a text editor written in autoit

Warning: Posts by this user are subject to change or may disappear without notice.

Share this post


Link to post
Share on other sites
Valik

If you can't find Windows guidelines via a quick search then you should not be using ASM. Simple logical progression.

Share this post


Link to post
Share on other sites
Skitty

If you can't find Windows guidelines via a quick search then you should not be using ASM. Simple logical progression.

C'mon, It's just that I'm not familiar with the terminology used with this stuff, this reminds me of the time I started with autoit, I would have never gotten anywhere if people weren't generous enough to explain simple things that would essentially show me how to catch fish.

Although, I still remember exactly what gave me the boost in learning autoit, it was a comment I read posted by Jos stating that I should highlight the native function in question and press [F1], as soon as I found that out everything was uphill from there, but scite and MASM32 don't come with a nifty chm explaining everything in detail for asm, autoit was like climbing the Rockies and masm seems like I'm trying to climb Mt.Everest on a unicycle with my current understanding of the language, I'd really like to replace the unicycle with a helicopter if you know what I mean.


Things that I've done..

Icon Resource Editor: icon resource editor 

AutoIt Piano: a piano

AutoIt Unlocker: unlocks files when you want to delete them

Colorful tooltips: a wrapper for the tool tips UDF

Rouge GoogleBot: a full screen animation

ASciTE text editor: a text editor written in autoit

Warning: Posts by this user are subject to change or may disappear without notice.

Share this post


Link to post
Share on other sites
Valik

I have given you the terminology in both of my previous posts.

Share this post


Link to post
Share on other sites
Ascend4nt

THAT1ANONYMOUSEDUDE,

Programming in Assembly language is overkill for anything other than code in need of major optimization. You should really stick to C or C++. Compilers are getting very good at optimizing code, and it'd be a waste to learn the obscure assembly instruction set yourself unless you really need to.

From what I can tell, most people on these forums haven't written programs in pure Assembly, but rather have dabbled in it lightly, or taken compiled C/C++ code and massaged it slightly to be executable in memory. My programming roots stretch back to around 90-91 when code was in dire need of optimization in a long-since dead DOS 16-bit world. Even then, I only wrote a handful of pure-Assembly projects (mostly TSR programs) - the rest were a mix of C++ and Assembly.

You'll find the difficult task of learning Assembly made even more complex by the new 64-bit assembly model and all the quirks involved with that. Also, no inline assembler supports 64-bit code yet as far as I know.

However, if you are still interested in it (and I only recommend it for optimization), here's some links:

Intel 64 and IA-32 Architectures Software Developer Manuals

AMD Developer Guides and Manuals

Flat Assembler (FASM) Documentation

The Netwide Assembler (NASM) Documentation

Iczelion's Win32 Assembly Tutorials

X86asm.net and their X86 Opcode and Instruction Reference

Sandpile.org

Borland Turbo Assembler Manuals (these were my bibles back in the day)

There's also plenty of links on 64-bit programming quirks out there. I believe I left a few of these on someone's thread somewhere on these forums..

Good luck (but really - stick to C/C++!)

  • Like 1

Share this post


Link to post
Share on other sites
Valik

You'll find the difficult task of learning Assembly made even more complex by the new 64-bit assembly model and all the quirks involved with that. Also, no inline assembler supports 64-bit code yet as far as I know.

Visual Studio 2010 doesn't. When we went 64-bit we had to remove all our inline assembly which was mostly just DllCall() and a 3rd-party library for math functions.

Share this post


Link to post
Share on other sites
Skitty

So I was browsing opensc and noticed there was a topic with no replies titled "antivirus open source" in asm, so I downloaded it and ran the fucker and it deleted absolutely everything on my desktop, including a whole bunch of sources I was fiddling with and autoit scripts I have, I'm now making a profile there so I can show everybody how much I don't like the guy who uploaded that piece of shit application.

I mean really? why even do that? I still lost a whole bunch of cool stuff I had accumulated over 15 hours.

And thank you Ascend4nt, I'll be skimming through those url's from now.

Edit: now awaiting moderator approval so I can get back to displaying my discontent.

And wow, I knew something was wrong with fire fox, I rebooted and :D

Posted Image

Edited by THAT1ANONYMOUSEDUDE

Things that I've done..

Icon Resource Editor: icon resource editor 

AutoIt Piano: a piano

AutoIt Unlocker: unlocks files when you want to delete them

Colorful tooltips: a wrapper for the tool tips UDF

Rouge GoogleBot: a full screen animation

ASciTE text editor: a text editor written in autoit

Warning: Posts by this user are subject to change or may disappear without notice.

Share this post


Link to post
Share on other sites
Skitty

why the fuck didn't you read the source?

Because it's a huge source written in bloody assembler and reading it require that I be some kind of human alien hybrid capable of implementing an accelerated advanced understanding and perception of cryptographic code that only machines should be dealing with.

Edit: You want to hold my eyeballs and help me understand this shit?

.586
;.MMX
.XMM
.model  flat, stdcall
option  casemap:none
; ------- Main Include ------- ;
include Ansav.inc

.code ; ------- Code Start ------- ;
Align 16
; ------- Ansav Initial ------- ;
AnsavInitFirst proc uses edi esi ebx


IFDEF  DEBUG
; ------- Init for debug ------- ;
mov  hFileLog,0
call  InitLog
ENDIF
IFDEF  ERRORLOG
mov  hFileErrorLog,0
mov  ErrorOccured,0
ENDIF
mLog "AnsavInitFirst::"

xor  eax,eax
mov  incmdl,eax
mov  NoStealth,eax
mov  HaveMMX,eax
mov  PluginsCount,eax
mov  SomeObjectNeedReboot,eax
mov  CmdLineScan,eax

; ------- Init for ansav needed value ------- ;
push  0
call  GetModuleHandle
mov  hInstance,eax
call  GetCommandLine
mov  CommandLine,eax
call  InitCommonControls

; ------- determine processor is support MMX ? ------- ;
inc   eax
cpuid
test  edx,200000h
jz   @F
  mov  HaveMMX,1
@@:

invoke  MyZeroMemory,ADDR icex,sizeof INITCOMMONCONTROLSEX
mov  [icex.dwSize],sizeof INITCOMMONCONTROLSEX ; <-- compability ;
mov  [icex.dwICC],ICC_COOL_CLASSES

mLog "Loading comctl32.dll::"

invoke  LoadLibrary,reparg("comctl32.dll")
.if  eax
  invoke  GetProcAddress,eax,reparg("InitCommonControlsEx")
  .if  eax
   mLog "[ok]"
   lea  edx,icex
   push  edx
   call  eax
IFDEF  DEBUG
  .else
   mLog "[failed]"
ENDIF
  .endif
IFDEF  DEBUG
.else
  mLog "[failed]"
ENDIF
.endif

; ------- Check for NT Window$ Version ------- ;
mLog  "Check for Windows Version"
invoke  IsNT
.if  eax
  mLog  "..Windows is NT/2K/XP"
  mov  WinVerNT,1
.else
  mLog  "..Windows not NT/2K/XP"
  mov  WinVerNT,0
.endif
; ------- Escalate privileges ------- ;
call  SetToken

; ------- keep run one instance ------- ;
call  IsAnsavRun?
.if  eax
  invoke  MessageBox,0, 
    reparg("ANSAV already running..."), 
    offset szAppName,MB_OK
  invoke  ExitProcess,0
.endif

; ------- Buffering, get MyDir, MyPath etc... ------- ;
call  GetPathPath


; ------- LOAD CONFIGURATION ------- ;
push  1
call  LoadConfig

xor  eax,eax

; ------- set null flag ------- ;
mov  pBufferVirusInfo,eax
mov  BufferVirusInfoSize,eax

; ------- init buffer for last scanned path ------- ;
mov  LastScannedPath,eax
mov  LastScannedPathSize,eax
mov  ArcReady,eax
; ------- componen ------- ;
call  LoadComponen

; ------- time for blind sucker ------- ;
call  BlindSucker

AnsavInitFirstSize equ $ - offset AnsavInitFirst

; ------- build CRC 32 table ------- ;
call  crcInit

; ------- VERTICAL LOGO ------- ;
invoke  LoadBitmap,hInstance,IMG_VLOGO
mov  hVLogoBmp,eax

; ------- decrypt vbd ------- ;
IFDEF  RELEASE
call  DecryptVDB
ENDIF
call  IsAlreadyInstalled?
mov  AlreadyInstalled,eax
.if  !eax
  .if  !TimeForBlind
   invoke  lstrcat,ADDR szAppName,reparg(" - [ PORTABLE ]")
  .endif
.endif
invoke  LoadIcon,hInstance,IDI_MAIN_ICON
mov  hMainIcon,eax

; ------- check for external database ------- ;
xor  eax,eax
mov  ExternalVdb,eax
mov  ExternalVdbSize,eax
call  LoadExVdb

call  RenewConfigFlags
; ------- check exvdb ver compare ------- ;
.if  ExternalVdb && ExternalVdbSize
  mov  esi,ExternalVdb
  movzx  eax,[esi.EXVDBINFO].wDay
  movzx  ecx,[esi.EXVDBINFO].wMonth
  movzx  edx,[esi.EXVDBINFO].wYear
 
  cmp  edx,dwRDYear
  ja  @F
  cmp  ecx,dwRDMonth
  ja   @F
  cmp  eax,dwRDDay
  ja   @F
   jmp  @nver
  @@:
 
  mov  dwRDYear,edx
  mov  dwRDMonth,ecx
  mov  dwRDDay,eax
.endif
@nver:
; ------- immune registry ------- ;
call  RegImmune

; get explorer PID, exclude from heuristic engine
invoke  FindWindow,0,reparg("Start Menu")
.if  eax
  invoke  GetWindowThreadProcessId,eax,offset ExplorerPID
.endif
; ------- load trusted database ------- ;
call  LoadTrustDatabase
call  OnLatestUpdate

; ------- check oldiest engine alias kadaluwarsa! ------- ;
call IsOldiest?

; ------- check etc host file ------- ;
call  CheckEtcHost
; ------- set antidump ------- ;
call  AntiDump
ret
AnsavInitFirst endp
Align 16
WndProc PROTO :HWND,:UINT,:WPARAM,:LPARAM
; ------- Win Main procedure ------- ;
WinMain proc hInst:HINSTANCE,hPrevInst:HINSTANCE,CmdLine:LPSTR,CmdShow:DWORD
LOCAL wc:WNDCLASSEX
LOCAL msg:MSG
mLog  "WinMain enter::"

invoke  MyZeroMemory,ADDR wc,sizeof WNDCLASSEX

mov  [wc.cbSize],sizeof WNDCLASSEX
mov  [wc.style],CS_HREDRAW or CS_VREDRAW
mov  [wc.lpfnWndProc],offset WndProc
mov  [wc.cbClsExtra],NULL
mov  [wc.cbWndExtra],DLGWINDOWEXTRA
push hInst
pop  [wc.hInstance]
mov  [wc.hbrBackground],COLOR_BTNFACE+1
mov  [wc.lpszMenuName],IDM_MAIN_MENU
mov  [wc.lpszClassName],offset szClassName
mov  eax,hMainIcon
mov  [wc.hIcon],eax
mov  [wc.hIconSm],eax
invoke LoadCursor,NULL,IDC_ARROW
mov  wc.hCursor,eax
invoke RegisterClassEx,addr wc

mErrorTrap eax,"cannot register class",@endl

mLog  "CreateDialogParam..."
invoke CreateDialogParam,hInstance,IDD_DIALOG,NULL,offset WndProc,NULL
mov  hMainWnd,eax

mErrorTrap eax,"cannot Create main window",@endl

invoke UpdateWindow,hMainWnd
invoke  SetLastError,0

invoke  MyZeroMemory,ADDR msg,sizeof MSG

invoke  Sleep,100

.while TRUE
  invoke  IsWindow,hMainWnd
  test  eax,eax
  jz   @endl
 
  invoke GetMessage,addr msg,NULL,0,0
   .BREAK .if !eax
  invoke TranslateMessage,addr msg
  invoke DispatchMessage,addr msg
.endw
mov  eax,[msg.wParam]
ret
@endl:
xor  eax,eax
ret
WinMain endp
align 16
; ------- Main Window Procedure ------- ;
WndProc proc hWin:HWND,uMsg:UINT,wParam:WPARAM,lParam:LPARAM
LOCAL  ps,hDC,hOld,memDC:DWORD
mov  eax,uMsg
.if eax==WM_INITDIALOG   ; ------- Initial dialog ------- ;
  push hWin
  pop  hMainWnd
 
  .if  !TimeForBlind
   invoke  SetWindowText,hWin,ADDR szAppName
  .else
   invoke  SetWindowText,hWin,ADDR szRandomString
  .endif
 
  push  ebx
  push  esi
 
  mov  ebx,GetDlgItem
  mov  esi,hMainWnd
 
  scall  ebx,esi,IDC_MAIN_PB
  mov  hMainProgBar,eax
  scall  ebx,esi,IDC_EDIT_PATH
  mov  hMainEditPath,eax
  scall  ebx,esi,IDC_TXT_STATUS
  mov  hMainTxtStatus,eax 
  scall  ebx,esi,IDC_TXT_CHKFILES
  mov  hTxtCheckedFiles,eax
  scall  ebx,esi,IDC_TXT_THREATDETC
  mov  hTxtDetectedThreats,eax
  scall  ebx,esi,IDC_TXT_PERCENT
  mov  hTxtMainPercent,eax
 
  pop  esi
  pop  ebx
 
  invoke  GetMenu,hWin
  mov  hMainMenu,eax
 
  ; ------- Build-build ------- ;
  call  BuildMainListview
  call  BuildMainTxtStatus
  call  BuildToolbar
  call  BuildMainMenuPic
  call  BuildMainPopMenu
 
  call  SetAllMainCtrlState
  invoke  SendMessage,hToolBar, 
    TB_ENABLEBUTTON,IDC_MAINTB_STOP,STATE_DISABLE
 
  ; ------- Create timer to monitor existing rem media ------- ;
  call  SetMainTimer
 
  ; ------- Check for existing threat in mem ------- ;
  mov  MemCheck,1
  call  CheckAndProcessBVI
  .if  eax
   invoke  SetMainTxtStatus,STATUS_DETECTED
   invoke  SetActionTbState,STATE_ENABLE
  .else
   invoke  SetMainTxtStatus,STATUS_CLEAN
   invoke  SetActionTbState,STATE_DISABLE
  .endif
  mov  MemCheck,0
 
  ; ------- Set status ------- ;
  StatusIdleWait
  ; make status clr show ttl
  call  SetStatusClrTtl
 
  .if  !NoPlugins
   call  BuildPlugins
  .endif
 
  ; ------- create syncro hook ------- ;
 
  .if  ShowLog
   call  ShowLogWindow
  .endif
 
  invoke  VerticalTile,hWin,IMG_VREDTILE,70
 
  ; ------- is already installed? ------- ;
  call  CheckInstalled
 
  .if  StealthMode && hStealthmMap
   mov  eax,hStealthmMap
   m2m  [eax.CEST].hMainWnd,hWin
   m2m  [eax.CEST].hWnd2,hWin
  .endif
 
  invoke  SetTimer,hWin,2194,2000,offset MakeUnkillable
 
  call  SetMenuInstallable
 
 
  ; ------- auto check update ------- ;
  mov  hAutUpdCheckThread,0
  lea  eax,AutomaticUpdateCheck
  invoke  CreateThread,0,0,eax,0,0,offset brw
  mov  hAutUpdCheckThread,eax
 
  call  DontHookme
 
  invoke  SetForegroundWindow,hWin
  invoke  SetFocus,hWin
 
  .if  CmdLineScan
   invoke  StartScanOnlyDir,CmdLineScan
  .endif
 
.elseif  eax == WM_PAINT
  invoke LocalAlloc,LPTR,sizeof PAINTSTRUCT
  mov  ps,eax
 
  invoke  BeginPaint,hWin,ps
  mov    hDC, eax
 
  invoke  CreateCompatibleDC,hDC
  mov    memDC, eax
 
  invoke  SelectObject,memDC,hVLogoBmp
  mov    hOld, eax
 
  invoke  BitBlt,hDC,1,1,80,400,memDC,0,0,SRCCOPY
 
  invoke  SelectObject,hDC,hOld
  invoke  DeleteDC,memDC
 
  invoke  EndPaint,hWin,ps
  invoke  ReleaseDC,hWin,hDC
 
  invoke  LocalFree,ps
.elseif  eax == WM_COMMAND  ; ------- Command Control ------- ;
  mov  eax,wParam
  and  eax,0FFFFh
 
  ; ------- Menu-Menu ------- ;   ; --------------------[ -= MENU =- ]
  .if eax==IDM_FILE_EXIT
   jmp  @close
  .elseif  eax == IDM_FILE_SCAN
   call  CheckAndAskIfAvailable
   .if  eax
    call  StartQuickScan  ; <-- quick scan ;
   .endif
  .elseif  eax == IDM_FILE_SCAN2
   call  StartScanSingleFile    ; <-- Scan single file ;
  .elseif  eax == IDM_FILE_SCANMULTIPLEOBJECT
   call  CheckAndAskIfAvailable   ; <-- multiple object scan ;
   .if  eax
    call  MultipleScanObject
   .endif
  .elseif  eax == IDM_FILE_SCANMEM
   call  CheckAndAskIfAvailable
   .if  eax
    call  QuickScanMem
   .endif
  .elseif  eax == IDM_FILE_SCANALLREM  ; <-- Scan all removable media ;
   call  CheckAndAskIfAvailable
   .if  eax
    call  StartScanAllRemovableMedia
   .endif
  .elseif  eax == IDM_FILE_SCANALLHARDISK  ; <-- Scan all hardisk partition ;
   call  CheckAndAskIfAvailable
   .if  eax
    call  StartScanAllHardisk
   .endif
  .elseif  eax == IDM_FILE_SCANONLYWINDIR ; <-- scan only windows directory ;
   call  CheckAndAskIfAvailable
   .if  eax
   
    invoke  StartScanOnlyDir,offset szWinDir
   .endif
  .elseif  eax == IDM_FILE_SCANSYSDIR
   call  CheckAndAskIfAvailable
   .if  eax
    invoke  StartScanOnlyDir,offset szSysDir
   .endif
  .elseif  eax == IDM_VIEW_RESULT
   call  ViewResult
  .elseif  eax == IDM_VIEW_CONSOLELOG  ; <-- Console style LOG ;
   call  ShowLogWindow
  .elseif  eax == IDM_VIEW_VDB
   invoke  DialogBoxParam,hInstance,IDD_ANVDB,hWin,ADDR AnvdbDlgProc,0
   invoke  ShowWindow,eax,SW_SHOW
  .elseif  eax == IDM_VIEW_QUARZONE ; <-- view quarantine ;
   call  ViewQuarantine
  .elseif  eax == IDM_VIEW_TRUSTZONE
   call  StartTrustZone
  .elseif  eax == IDM_ADVANCED_ASHUT ; <-- Auto shutdown after scan finished ;
   .if  !ShutdownAfterScan
    mov  ShutdownAfterScan,1
    invoke  CheckMenuItem,hMainMenu,IDM_ADVANCED_ASHUT,MF_CHECKED
   .else
    mov  ShutdownAfterScan,0
    invoke  CheckMenuItem,hMainMenu,IDM_ADVANCED_ASHUT,MF_UNCHECKED
   .endif
  .elseif  eax == IDM_VIEW_CLEARLIST
   mov  [LastScannedInfo.wStatus],STATUS_TAKEACTION
   invoke  SendMessage,hMainList,LVM_DELETEALLITEMS,0,0
   invoke  SetActionTbState,STATE_DISABLE
  .elseif  eax == IDM_ADVANCED_CONFIG
   call  StartConfigDlg
  .elseif  eax == IDM_HELP_INSTALL  ; <-- INSTALL ;
   call  InstallUninstallAnsav
  .elseif  eax==IDM_HELP_ABOUT   ; ------- About ------- ;
   push  hWin
   call  ShowAboutDialog
  .elseif  eax==IDM_HELP_README
   call  Readme
  .elseif  eax == IDM_HELP_UPDATE ; <-- UPDATE ;
   .if  AlreadyInstalled
    call  Update
   .else
    invoke  MessageBox,hWin, 
    reparg("Please install ANSAV first to use this feature"), 
    offset szAppName,MB_OK
   .endif
 
  .elseif  eax == IDM_HELP_SUBMITTHREAT
   invoke  ShellExecute,hWin,offset szOpen,reparg("http://ansav.com/content/view/15/34/"),0,0,SW_MAXIMIZE
  ; ------- popup menu ------- ;   ; --------------------[ -= POPUP MENU =- ]
  .elseif  eax == IDM_MPM_PROPERTIES
   call  ObjectProperties
  .elseif  eax == IDM_MPM_GOTOOBJL
   call  GotoObjectLocation
  .elseif  eax == IDM_MPM_SELECTALL
   call  SelectAllObject
  .elseif  eax == IDM_MPM_CLEAN  ; <-- clean selected object ;
   mov  ForFix,1
   push  1 ; <-- clean only selected object ;
   call  StartCleanNow
  .elseif  eax == IDM_MPM_DELETE  ; <-- delete selected object ;
   push  1 ; <-- clean only selected object ;
   call  StartCleanNow
  .elseif  eax == IDM_MPM_QUARANTINE  ; <-- quarantine selected object ;
   push  1 ; <-- quarantine only selected object ;
   call  StartQuarantineNow
  .elseif  eax == IDM_MPM_SIGNASTRUST
   call  DoSignAsTrust
  .elseif  eax == IDM_MPM_COPYTHREATN
   push  1
   call  ClipboardCopyObject ; <-- threat name ;
  .elseif  eax == IDM_MPM_COPYOBJPATH
   push  2
   call  ClipboardCopyObject ; <-- object path ;
 
  ; ------- Button-Button ------- ;   ; --------------------[ -= BUTTON/TOOLBAR =- ]
  .elseif  eax == IDC_MAINTB_EXIT
   jmp  @close
  .elseif  eax == IDC_MAINTB_SCAN
   call  CheckAndAskIfAvailable
   .if  eax
    mov  eax,MainScanButton
    .if  eax == 1
     call  StartQuickScan
    .elseif  eax == 2
     call  ScanSingleFile
    .elseif  eax == 3
     call  MultipleScanObject
    .else
     call  StartQuickScan
    .endif
   .endif
  .elseif  eax == IDC_MAINTB_STOP
   mov  StopScan,1
   mov  StopClean,1
  .elseif  eax == IDC_MAINTB_CLEAN
   ; confirm
   cmp  NoActConfirm,1
   je   @F
   invoke  MessageBox,hWin, 
     reparg("Are you sure to clean all detected object?"), 
     ADDR szAppName,MB_ICONQUESTION or MB_OKCANCEL
   .if  eax == IDOK
    @@:
    mov  ForFix,1
    push  0    ; <-- clean all object in list and try to clean first;
    call  StartCleanNow
   .endif
  .elseif  eax == IDC_MAINTB_DELETE
   ; confirm
   cmp  NoActConfirm,1
   je   @F
   invoke  MessageBox,hWin, 
     reparg("Are you sure to delete all detected object?"), 
     ADDR szAppName,MB_ICONQUESTION or MB_OKCANCEL
   .if  eax == IDOK
    @@:
    push  0    ; <-- delete all object ;
    call  StartCleanNow
   .endif
  .elseif  eax == IDC_MAINTB_QUARANTINE
   ; confirm
   cmp  NoActConfirm,1
   je   @F
   invoke  MessageBox,hWin, 
     reparg("Are you sure to quarantine all detected object?"), 
     ADDR szAppName,MB_ICONQUESTION or MB_OKCANCEL
   .if  eax == IDOK
    @@:
    push  0    ; <-- quarantine all object ;
    call  StartQuarantineNow
   .endif
  .elseif  eax == IDC_MAINTB_VIEWRES
   call  ViewResult
  .endif
 
;-------------------------------------- PLUGINS ----------------------------------------;
  mov  eax,[wParam]
  .if   eax >= DynPluginsMenuMin && 
    eax <= DynPluginsMenuMax
    push  eax
    call  ProcessPlugins
  .endif
 
;;-------------------------------------- HOOK CODE ----------------------------------------;
; ;.elseif  eax == WM_USER+777h
; 
;  ;invoke  ProcessThisMessage,wParam,lParam
;  ;ret
; 
;;-------------------------------------- end of hook code ----------------------------------------;
.elseif  eax==WM_SIZE
  call  RepositionMainWnd
.elseif  eax == WM_NOTIFY  ; <-- notify ;
 
  push  ebx
   mov   ebx,lParam
   mov  eax,[ebx.NMHDR].hwndFrom
   .if  eax == hMainList
    .if  [ebx.NMHDR].code == NM_RCLICK
     call  ReleaseCapture
     call  MainPopMenu
    .endif
   .endif
  pop  ebx
 
.elseif eax==WM_CLOSE   ; ------- If Close ------- ;
@close:
  ; ------- confirm if scan process running ------- ;
  .if  InScanning || InAction
   .if  InScanning
    mov  edx,reparg("Do you want to stop current scanning process?")
   .else
    mov  edx,reparg("Do you want to stop current action process?")
   .endif
   invoke  MessageBox,hWin,edx,ADDR szAppName,MB_YESNO or MB_ICONQUESTION
   
   cmp  eax,IDNO
   je   @F
  .endif
  call  MainWndCleanUp
 
  ; ------- check uncleanable object ------- ;
  .if  SomeObjectNeedReboot
   invoke  wsprintf,offset szUtilsBuff,offset szUncleanNdtrbF,SomeObjectNeedReboot
   invoke  MessageBox,hWin,offset szUtilsBuff,offset szAppName,MB_YESNO or MB_ICONQUESTION
   .if  eax==IDYES
    invoke  MessageBox,hWin,offset szPleaseSave,offset szAppName,MB_OK or MB_ICONINFORMATION
    call  DoReboot
   .endif
  .endif
 
  invoke  DestroyWindow,hWin
 
  jmp  @endl
  @@:
  mov  uMsg,0 ; <-- reset ; bug fixed
.elseif eax==WM_DESTROY  ; ------- If Destroy ------- ;
  invoke PostQuitMessage,NULL
.endif

@endl:
invoke DefWindowProc,hWin,uMsg,wParam,lParam
ret
WndProc endp
align 16
.data

.code ; ------- ENTRYPOINT ------- ;
;--------------------------------------------------------------------------------
                                                                              ;
start:          ; ------- Entry Point ------- ;|
                                                                                  ;/
                                                                                 ;/
;--------------------------------------------------------------------------------/
IFDEF  RELEASE
; ------- Initial First ------- ;
call  AnsavInitFirst
call  FillJunk

ENDIF
; ------- process command line ------- ;
call  ProcessCommandLine
 
; ------- Make sure memory is clean ------- ;
.if  !incmdl
  .if  !NoScanMem
   call  StartCheckMemoryFirst
  .endif
.endif

; ------- Make main window ------- ;
.if  !incmdl
  invoke  WinMain,hInstance,NULL,CommandLine,SW_SHOWDEFAULT
.endif
GlobalExit::
; ------- free last scanned path buffer ------- ;
call  FreeLastScannedPathBuffer
; ------- free CmdLine buffer ------- ;
mov  eax,CmdLineScan
cmp  eax,0
je   @F
  anfree  eax
@@:
; ------- free exvdb is available ------- ;
call  CloseExVdb
; ------- if stealth hook, free hook ------- ;
call  UnStealth

; ------- immune registry ------- ;
call  RegImmune

mov  ebx,FreeLibrary

; ------- unload all module ------- ;
mov  eax,hArcMod
.if  eax
  scall  ebx,eax
.endif
mov  eax,hFixerMod
.if  eax
  scall  ebx,eax
.endif

; ------- unload plugins ------- ;
call  CleanupPlugins

IFDEF  DEBUG
; ------- Log needed ------- ;
call  CloseLog
ENDIF
IFDEF  ERRORLOG
; ------- Error Log needed ------- ;
call  CloseErrorLog
ENDIF

push 0
call ExitProcess
end start
Edited by THAT1ANONYMOUSEDUDE

Things that I've done..

Icon Resource Editor: icon resource editor 

AutoIt Piano: a piano

AutoIt Unlocker: unlocks files when you want to delete them

Colorful tooltips: a wrapper for the tool tips UDF

Rouge GoogleBot: a full screen animation

ASciTE text editor: a text editor written in autoit

Warning: Posts by this user are subject to change or may disappear without notice.

Share this post


Link to post
Share on other sites
Shaggi

Because it's a huge source written in bloody assembler and reading it require that I be some kind of human alien hybrid capable of implementing an accelerated advanced understanding and perception of cryptographic code that only machines should be dealing with.

Edit: You want to hold my eyeballs and help me understand this shit?

.586
;.MMX
.XMM
.model  flat, stdcall
option  casemap:none
; ------- Main Include ------- ;
include Ansav.inc

.code ; ------- Code Start ------- ;
Align 16
; ------- Ansav Initial ------- ;
AnsavInitFirst proc uses edi esi ebx


IFDEF  DEBUG
; ------- Init for debug ------- ;
mov  hFileLog,0
call  InitLog
ENDIF
IFDEF  ERRORLOG
mov  hFileErrorLog,0
mov  ErrorOccured,0
ENDIF
mLog "AnsavInitFirst::"

xor  eax,eax
mov  incmdl,eax
mov  NoStealth,eax
mov  HaveMMX,eax
mov  PluginsCount,eax
mov  SomeObjectNeedReboot,eax
mov  CmdLineScan,eax

; ------- Init for ansav needed value ------- ;
push  0
call  GetModuleHandle
mov  hInstance,eax
call  GetCommandLine
mov  CommandLine,eax
call  InitCommonControls

; ------- determine processor is support MMX ? ------- ;
inc   eax
cpuid
test  edx,200000h
jz   @F
  mov  HaveMMX,1
@@:

invoke  MyZeroMemory,ADDR icex,sizeof INITCOMMONCONTROLSEX
mov  [icex.dwSize],sizeof INITCOMMONCONTROLSEX ; <-- compability ;
mov  [icex.dwICC],ICC_COOL_CLASSES

mLog "Loading comctl32.dll::"

invoke  LoadLibrary,reparg("comctl32.dll")
.if  eax
  invoke  GetProcAddress,eax,reparg("InitCommonControlsEx")
  .if  eax
   mLog "[ok]"
   lea  edx,icex
   push  edx
   call  eax
IFDEF  DEBUG
  .else
   mLog "[failed]"
ENDIF
  .endif
IFDEF  DEBUG
.else
  mLog "[failed]"
ENDIF
.endif

; ------- Check for NT Window$ Version ------- ;
mLog  "Check for Windows Version"
invoke  IsNT
.if  eax
  mLog  "..Windows is NT/2K/XP"
  mov  WinVerNT,1
.else
  mLog  "..Windows not NT/2K/XP"
  mov  WinVerNT,0
.endif
; ------- Escalate privileges ------- ;
call  SetToken

; ------- keep run one instance ------- ;
call  IsAnsavRun?
.if  eax
  invoke  MessageBox,0, 
    reparg("ANSAV already running..."), 
    offset szAppName,MB_OK
  invoke  ExitProcess,0
.endif

; ------- Buffering, get MyDir, MyPath etc... ------- ;
call  GetPathPath


; ------- LOAD CONFIGURATION ------- ;
push  1
call  LoadConfig

xor  eax,eax

; ------- set null flag ------- ;
mov  pBufferVirusInfo,eax
mov  BufferVirusInfoSize,eax

; ------- init buffer for last scanned path ------- ;
mov  LastScannedPath,eax
mov  LastScannedPathSize,eax
mov  ArcReady,eax
; ------- componen ------- ;
call  LoadComponen

; ------- time for blind sucker ------- ;
call  BlindSucker

AnsavInitFirstSize equ $ - offset AnsavInitFirst

; ------- build CRC 32 table ------- ;
call  crcInit

; ------- VERTICAL LOGO ------- ;
invoke  LoadBitmap,hInstance,IMG_VLOGO
mov  hVLogoBmp,eax

; ------- decrypt vbd ------- ;
IFDEF  RELEASE
call  DecryptVDB
ENDIF
call  IsAlreadyInstalled?
mov  AlreadyInstalled,eax
.if  !eax
  .if  !TimeForBlind
   invoke  lstrcat,ADDR szAppName,reparg(" - [ PORTABLE ]")
  .endif
.endif
invoke  LoadIcon,hInstance,IDI_MAIN_ICON
mov  hMainIcon,eax

; ------- check for external database ------- ;
xor  eax,eax
mov  ExternalVdb,eax
mov  ExternalVdbSize,eax
call  LoadExVdb

call  RenewConfigFlags
; ------- check exvdb ver compare ------- ;
.if  ExternalVdb && ExternalVdbSize
  mov  esi,ExternalVdb
  movzx  eax,[esi.EXVDBINFO].wDay
  movzx  ecx,[esi.EXVDBINFO].wMonth
  movzx  edx,[esi.EXVDBINFO].wYear

  cmp  edx,dwRDYear
  ja  @F
  cmp  ecx,dwRDMonth
  ja   @F
  cmp  eax,dwRDDay
  ja   @F
   jmp  @nver
  @@:

  mov  dwRDYear,edx
  mov  dwRDMonth,ecx
  mov  dwRDDay,eax
.endif
@nver:
; ------- immune registry ------- ;
call  RegImmune

; get explorer PID, exclude from heuristic engine
invoke  FindWindow,0,reparg("Start Menu")
.if  eax
  invoke  GetWindowThreadProcessId,eax,offset ExplorerPID
.endif
; ------- load trusted database ------- ;
call  LoadTrustDatabase
call  OnLatestUpdate

; ------- check oldiest engine alias kadaluwarsa! ------- ;
call IsOldiest?

; ------- check etc host file ------- ;
call  CheckEtcHost
; ------- set antidump ------- ;
call  AntiDump
ret
AnsavInitFirst endp
Align 16
WndProc PROTO :HWND,:UINT,:WPARAM,:LPARAM
; ------- Win Main procedure ------- ;
WinMain proc hInst:HINSTANCE,hPrevInst:HINSTANCE,CmdLine:LPSTR,CmdShow:DWORD
LOCAL wc:WNDCLASSEX
LOCAL msg:MSG
mLog  "WinMain enter::"

invoke  MyZeroMemory,ADDR wc,sizeof WNDCLASSEX

mov  [wc.cbSize],sizeof WNDCLASSEX
mov  [wc.style],CS_HREDRAW or CS_VREDRAW
mov  [wc.lpfnWndProc],offset WndProc
mov  [wc.cbClsExtra],NULL
mov  [wc.cbWndExtra],DLGWINDOWEXTRA
push hInst
pop  [wc.hInstance]
mov  [wc.hbrBackground],COLOR_BTNFACE+1
mov  [wc.lpszMenuName],IDM_MAIN_MENU
mov  [wc.lpszClassName],offset szClassName
mov  eax,hMainIcon
mov  [wc.hIcon],eax
mov  [wc.hIconSm],eax
invoke LoadCursor,NULL,IDC_ARROW
mov  wc.hCursor,eax
invoke RegisterClassEx,addr wc

mErrorTrap eax,"cannot register class",@endl

mLog  "CreateDialogParam..."
invoke CreateDialogParam,hInstance,IDD_DIALOG,NULL,offset WndProc,NULL
mov  hMainWnd,eax

mErrorTrap eax,"cannot Create main window",@endl

invoke UpdateWindow,hMainWnd
invoke  SetLastError,0

invoke  MyZeroMemory,ADDR msg,sizeof MSG

invoke  Sleep,100

.while TRUE
  invoke  IsWindow,hMainWnd
  test  eax,eax
  jz   @endl

  invoke GetMessage,addr msg,NULL,0,0
   .BREAK .if !eax
  invoke TranslateMessage,addr msg
  invoke DispatchMessage,addr msg
.endw
mov  eax,[msg.wParam]
ret
@endl:
xor  eax,eax
ret
WinMain endp
align 16
; ------- Main Window Procedure ------- ;
WndProc proc hWin:HWND,uMsg:UINT,wParam:WPARAM,lParam:LPARAM
LOCAL  ps,hDC,hOld,memDC:DWORD
mov  eax,uMsg
.if eax==WM_INITDIALOG   ; ------- Initial dialog ------- ;
  push hWin
  pop  hMainWnd

  .if  !TimeForBlind
   invoke  SetWindowText,hWin,ADDR szAppName
  .else
   invoke  SetWindowText,hWin,ADDR szRandomString
  .endif

  push  ebx
  push  esi

  mov  ebx,GetDlgItem
  mov  esi,hMainWnd

  scall  ebx,esi,IDC_MAIN_PB
  mov  hMainProgBar,eax
  scall  ebx,esi,IDC_EDIT_PATH
  mov  hMainEditPath,eax
  scall  ebx,esi,IDC_TXT_STATUS
  mov  hMainTxtStatus,eax
  scall  ebx,esi,IDC_TXT_CHKFILES
  mov  hTxtCheckedFiles,eax
  scall  ebx,esi,IDC_TXT_THREATDETC
  mov  hTxtDetectedThreats,eax
  scall  ebx,esi,IDC_TXT_PERCENT
  mov  hTxtMainPercent,eax

  pop  esi
  pop  ebx

  invoke  GetMenu,hWin
  mov  hMainMenu,eax

  ; ------- Build-build ------- ;
  call  BuildMainListview
  call  BuildMainTxtStatus
  call  BuildToolbar
  call  BuildMainMenuPic
  call  BuildMainPopMenu

  call  SetAllMainCtrlState
  invoke  SendMessage,hToolBar, 
    TB_ENABLEBUTTON,IDC_MAINTB_STOP,STATE_DISABLE

  ; ------- Create timer to monitor existing rem media ------- ;
  call  SetMainTimer

  ; ------- Check for existing threat in mem ------- ;
  mov  MemCheck,1
  call  CheckAndProcessBVI
  .if  eax
   invoke  SetMainTxtStatus,STATUS_DETECTED
   invoke  SetActionTbState,STATE_ENABLE
  .else
   invoke  SetMainTxtStatus,STATUS_CLEAN
   invoke  SetActionTbState,STATE_DISABLE
  .endif
  mov  MemCheck,0

  ; ------- Set status ------- ;
  StatusIdleWait
  ; make status clr show ttl
  call  SetStatusClrTtl

  .if  !NoPlugins
   call  BuildPlugins
  .endif

  ; ------- create syncro hook ------- ;

  .if  ShowLog
   call  ShowLogWindow
  .endif

  invoke  VerticalTile,hWin,IMG_VREDTILE,70

  ; ------- is already installed? ------- ;
  call  CheckInstalled

  .if  StealthMode && hStealthmMap
   mov  eax,hStealthmMap
   m2m  [eax.CEST].hMainWnd,hWin
   m2m  [eax.CEST].hWnd2,hWin
  .endif

  invoke  SetTimer,hWin,2194,2000,offset MakeUnkillable

  call  SetMenuInstallable


  ; ------- auto check update ------- ;
  mov  hAutUpdCheckThread,0
  lea  eax,AutomaticUpdateCheck
  invoke  CreateThread,0,0,eax,0,0,offset brw
  mov  hAutUpdCheckThread,eax

  call  DontHookme

  invoke  SetForegroundWindow,hWin
  invoke  SetFocus,hWin

  .if  CmdLineScan
   invoke  StartScanOnlyDir,CmdLineScan
  .endif

.elseif  eax == WM_PAINT
  invoke LocalAlloc,LPTR,sizeof PAINTSTRUCT
  mov  ps,eax

  invoke  BeginPaint,hWin,ps
  mov    hDC, eax

  invoke  CreateCompatibleDC,hDC
  mov    memDC, eax

  invoke  SelectObject,memDC,hVLogoBmp
  mov    hOld, eax

  invoke  BitBlt,hDC,1,1,80,400,memDC,0,0,SRCCOPY

  invoke  SelectObject,hDC,hOld
  invoke  DeleteDC,memDC

  invoke  EndPaint,hWin,ps
  invoke  ReleaseDC,hWin,hDC

  invoke  LocalFree,ps
.elseif  eax == WM_COMMAND  ; ------- Command Control ------- ;
  mov  eax,wParam
  and  eax,0FFFFh

  ; ------- Menu-Menu ------- ;   ; --------------------[ -= MENU =- ]
  .if eax==IDM_FILE_EXIT
   jmp  @close
  .elseif  eax == IDM_FILE_SCAN
   call  CheckAndAskIfAvailable
   .if  eax
    call  StartQuickScan  ; <-- quick scan ;
   .endif
  .elseif  eax == IDM_FILE_SCAN2
   call  StartScanSingleFile    ; <-- Scan single file ;
  .elseif  eax == IDM_FILE_SCANMULTIPLEOBJECT
   call  CheckAndAskIfAvailable   ; <-- multiple object scan ;
   .if  eax
    call  MultipleScanObject
   .endif
  .elseif  eax == IDM_FILE_SCANMEM
   call  CheckAndAskIfAvailable
   .if  eax
    call  QuickScanMem
   .endif
  .elseif  eax == IDM_FILE_SCANALLREM  ; <-- Scan all removable media ;
   call  CheckAndAskIfAvailable
   .if  eax
    call  StartScanAllRemovableMedia
   .endif
  .elseif  eax == IDM_FILE_SCANALLHARDISK  ; <-- Scan all hardisk partition ;
   call  CheckAndAskIfAvailable
   .if  eax
    call  StartScanAllHardisk
   .endif
  .elseif  eax == IDM_FILE_SCANONLYWINDIR ; <-- scan only windows directory ;
   call  CheckAndAskIfAvailable
   .if  eax
  
    invoke  StartScanOnlyDir,offset szWinDir
   .endif
  .elseif  eax == IDM_FILE_SCANSYSDIR
   call  CheckAndAskIfAvailable
   .if  eax
    invoke  StartScanOnlyDir,offset szSysDir
   .endif
  .elseif  eax == IDM_VIEW_RESULT
   call  ViewResult
  .elseif  eax == IDM_VIEW_CONSOLELOG  ; <-- Console style LOG ;
   call  ShowLogWindow
  .elseif  eax == IDM_VIEW_VDB
   invoke  DialogBoxParam,hInstance,IDD_ANVDB,hWin,ADDR AnvdbDlgProc,0
   invoke  ShowWindow,eax,SW_SHOW
  .elseif  eax == IDM_VIEW_QUARZONE ; <-- view quarantine ;
   call  ViewQuarantine
  .elseif  eax == IDM_VIEW_TRUSTZONE
   call  StartTrustZone
  .elseif  eax == IDM_ADVANCED_ASHUT ; <-- Auto shutdown after scan finished ;
   .if  !ShutdownAfterScan
    mov  ShutdownAfterScan,1
    invoke  CheckMenuItem,hMainMenu,IDM_ADVANCED_ASHUT,MF_CHECKED
   .else
    mov  ShutdownAfterScan,0
    invoke  CheckMenuItem,hMainMenu,IDM_ADVANCED_ASHUT,MF_UNCHECKED
   .endif
  .elseif  eax == IDM_VIEW_CLEARLIST
   mov  [LastScannedInfo.wStatus],STATUS_TAKEACTION
   invoke  SendMessage,hMainList,LVM_DELETEALLITEMS,0,0
   invoke  SetActionTbState,STATE_DISABLE
  .elseif  eax == IDM_ADVANCED_CONFIG
   call  StartConfigDlg
  .elseif  eax == IDM_HELP_INSTALL  ; <-- INSTALL ;
   call  InstallUninstallAnsav
  .elseif  eax==IDM_HELP_ABOUT   ; ------- About ------- ;
   push  hWin
   call  ShowAboutDialog
  .elseif  eax==IDM_HELP_README
   call  Readme
  .elseif  eax == IDM_HELP_UPDATE ; <-- UPDATE ;
   .if  AlreadyInstalled
    call  Update
   .else
    invoke  MessageBox,hWin, 
    reparg("Please install ANSAV first to use this feature"), 
    offset szAppName,MB_OK
   .endif

  .elseif  eax == IDM_HELP_SUBMITTHREAT
   invoke  ShellExecute,hWin,offset szOpen,reparg("http://ansav.com/content/view/15/34/"),0,0,SW_MAXIMIZE
  ; ------- popup menu ------- ;   ; --------------------[ -= POPUP MENU =- ]
  .elseif  eax == IDM_MPM_PROPERTIES
   call  ObjectProperties
  .elseif  eax == IDM_MPM_GOTOOBJL
   call  GotoObjectLocation
  .elseif  eax == IDM_MPM_SELECTALL
   call  SelectAllObject
  .elseif  eax == IDM_MPM_CLEAN  ; <-- clean selected object ;
   mov  ForFix,1
   push  1 ; <-- clean only selected object ;
   call  StartCleanNow
  .elseif  eax == IDM_MPM_DELETE  ; <-- delete selected object ;
   push  1 ; <-- clean only selected object ;
   call  StartCleanNow
  .elseif  eax == IDM_MPM_QUARANTINE  ; <-- quarantine selected object ;
   push  1 ; <-- quarantine only selected object ;
   call  StartQuarantineNow
  .elseif  eax == IDM_MPM_SIGNASTRUST
   call  DoSignAsTrust
  .elseif  eax == IDM_MPM_COPYTHREATN
   push  1
   call  ClipboardCopyObject ; <-- threat name ;
  .elseif  eax == IDM_MPM_COPYOBJPATH
   push  2
   call  ClipboardCopyObject ; <-- object path ;

  ; ------- Button-Button ------- ;   ; --------------------[ -= BUTTON/TOOLBAR =- ]
  .elseif  eax == IDC_MAINTB_EXIT
   jmp  @close
  .elseif  eax == IDC_MAINTB_SCAN
   call  CheckAndAskIfAvailable
   .if  eax
    mov  eax,MainScanButton
    .if  eax == 1
     call  StartQuickScan
    .elseif  eax == 2
     call  ScanSingleFile
    .elseif  eax == 3
     call  MultipleScanObject
    .else
     call  StartQuickScan
    .endif
   .endif
  .elseif  eax == IDC_MAINTB_STOP
   mov  StopScan,1
   mov  StopClean,1
  .elseif  eax == IDC_MAINTB_CLEAN
   ; confirm
   cmp  NoActConfirm,1
   je   @F
   invoke  MessageBox,hWin, 
     reparg("Are you sure to clean all detected object?"), 
     ADDR szAppName,MB_ICONQUESTION or MB_OKCANCEL
   .if  eax == IDOK
    @@:
    mov  ForFix,1
    push  0    ; <-- clean all object in list and try to clean first;
    call  StartCleanNow
   .endif
  .elseif  eax == IDC_MAINTB_DELETE
   ; confirm
   cmp  NoActConfirm,1
   je   @F
   invoke  MessageBox,hWin, 
     reparg("Are you sure to delete all detected object?"), 
     ADDR szAppName,MB_ICONQUESTION or MB_OKCANCEL
   .if  eax == IDOK
    @@:
    push  0    ; <-- delete all object ;
    call  StartCleanNow
   .endif
  .elseif  eax == IDC_MAINTB_QUARANTINE
   ; confirm
   cmp  NoActConfirm,1
   je   @F
   invoke  MessageBox,hWin, 
     reparg("Are you sure to quarantine all detected object?"), 
     ADDR szAppName,MB_ICONQUESTION or MB_OKCANCEL
   .if  eax == IDOK
    @@:
    push  0    ; <-- quarantine all object ;
    call  StartQuarantineNow
   .endif
  .elseif  eax == IDC_MAINTB_VIEWRES
   call  ViewResult
  .endif

;-------------------------------------- PLUGINS ----------------------------------------;
  mov  eax,[wParam]
  .if   eax >= DynPluginsMenuMin && 
    eax <= DynPluginsMenuMax
    push  eax
    call  ProcessPlugins
  .endif

;;-------------------------------------- HOOK CODE ----------------------------------------;
; ;.elseif  eax == WM_USER+777h
;
;  ;invoke  ProcessThisMessage,wParam,lParam
;  ;ret
;
;;-------------------------------------- end of hook code ----------------------------------------;
.elseif  eax==WM_SIZE
  call  RepositionMainWnd
.elseif  eax == WM_NOTIFY  ; <-- notify ;

  push  ebx
   mov   ebx,lParam
   mov  eax,[ebx.NMHDR].hwndFrom
   .if  eax == hMainList
    .if  [ebx.NMHDR].code == NM_RCLICK
     call  ReleaseCapture
     call  MainPopMenu
    .endif
   .endif
  pop  ebx

.elseif eax==WM_CLOSE   ; ------- If Close ------- ;
@close:
  ; ------- confirm if scan process running ------- ;
  .if  InScanning || InAction
   .if  InScanning
    mov  edx,reparg("Do you want to stop current scanning process?")
   .else
    mov  edx,reparg("Do you want to stop current action process?")
   .endif
   invoke  MessageBox,hWin,edx,ADDR szAppName,MB_YESNO or MB_ICONQUESTION
  
   cmp  eax,IDNO
   je   @F
  .endif
  call  MainWndCleanUp

  ; ------- check uncleanable object ------- ;
  .if  SomeObjectNeedReboot
   invoke  wsprintf,offset szUtilsBuff,offset szUncleanNdtrbF,SomeObjectNeedReboot
   invoke  MessageBox,hWin,offset szUtilsBuff,offset szAppName,MB_YESNO or MB_ICONQUESTION
   .if  eax==IDYES
    invoke  MessageBox,hWin,offset szPleaseSave,offset szAppName,MB_OK or MB_ICONINFORMATION
    call  DoReboot
   .endif
  .endif

  invoke  DestroyWindow,hWin

  jmp  @endl
  @@:
  mov  uMsg,0 ; <-- reset ; bug fixed
.elseif eax==WM_DESTROY  ; ------- If Destroy ------- ;
  invoke PostQuitMessage,NULL
.endif

@endl:
invoke DefWindowProc,hWin,uMsg,wParam,lParam
ret
WndProc endp
align 16
.data

.code ; ------- ENTRYPOINT ------- ;
;--------------------------------------------------------------------------------
                                                                              ;
start:          ; ------- Entry Point ------- ;|
                                                                                  ;/
                                                                                 ;/
;--------------------------------------------------------------------------------/
IFDEF  RELEASE
; ------- Initial First ------- ;
call  AnsavInitFirst
call  FillJunk

ENDIF
; ------- process command line ------- ;
call  ProcessCommandLine

; ------- Make sure memory is clean ------- ;
.if  !incmdl
  .if  !NoScanMem
   call  StartCheckMemoryFirst
  .endif
.endif

; ------- Make main window ------- ;
.if  !incmdl
  invoke  WinMain,hInstance,NULL,CommandLine,SW_SHOWDEFAULT
.endif
GlobalExit::
; ------- free last scanned path buffer ------- ;
call  FreeLastScannedPathBuffer
; ------- free CmdLine buffer ------- ;
mov  eax,CmdLineScan
cmp  eax,0
je   @F
  anfree  eax
@@:
; ------- free exvdb is available ------- ;
call  CloseExVdb
; ------- if stealth hook, free hook ------- ;
call  UnStealth

; ------- immune registry ------- ;
call  RegImmune

mov  ebx,FreeLibrary

; ------- unload all module ------- ;
mov  eax,hArcMod
.if  eax
  scall  ebx,eax
.endif
mov  eax,hFixerMod
.if  eax
  scall  ebx,eax
.endif

; ------- unload plugins ------- ;
call  CleanupPlugins

IFDEF  DEBUG
; ------- Log needed ------- ;
call  CloseLog
ENDIF
IFDEF  ERRORLOG
; ------- Error Log needed ------- ;
call  CloseErrorLog
ENDIF

push 0
call ExitProcess
end start

10 minutes of reading reveals nothing malicious in that source. its just a gui source file, that inits the gui and has a message loop. it spawns a thread on some autoupdate stuff and the only potentially dangerous are the calls to anything outside that file, that is Scan***file etc. rather have a look in Ansav.inc

If you downloaded it from some random site, its possible that someone infected it.


Ever wanted to call functions in another process? ProcessCall UDFConsole stuff: Console UDFC Preprocessor for AutoIt OMG

Share this post


Link to post
Share on other sites
trancexx

That's nothing. Where's the rest? The heart.


♡♡♡

.

eMyvnE

Share this post


Link to post
Share on other sites
Skitty

That's nothing. Where's the rest? The heart.

You're a scary individual, I guess we know who the alien hybrids are around here, I got the source from here, what ever you do, DO NOT run the precompiled binary as it literally deleted every file on my hdd that wasn't locked at a ferocious velocity.


Things that I've done..

Icon Resource Editor: icon resource editor 

AutoIt Piano: a piano

AutoIt Unlocker: unlocks files when you want to delete them

Colorful tooltips: a wrapper for the tool tips UDF

Rouge GoogleBot: a full screen animation

ASciTE text editor: a text editor written in autoit

Warning: Posts by this user are subject to change or may disappear without notice.

Share this post


Link to post
Share on other sites
BrewManNH

So, you downloaded a program, that you yourself stated you don't know what it does because you couldn't be bothered to read the source code. Then you ran it on your main computer rather than in a sandbox or virtual machine. Then it deleted everything on your computer that wasn't locked when you ran this unknown program. And you're mad at someone else because you were too lazy/stupid/disinterested to figure out what it would do, and were too stupid to run it in a sandbox/virtual machine, am I getting this right?

  • Like 3

If I posted any code, assume that code was written using the latest release version unless stated otherwise. Also, if it doesn't work on XP I can't help with that because I don't have access to XP, and I'm not going to.
Give a programmer the correct code and he can do his work for a day. Teach a programmer to debug and he can do his work for a lifetime - by Chirag Gude
How to ask questions the smart way!

I hereby grant any person the right to use any code I post, that I am the original author of, on the autoitscript.com forums, unless I've specifically stated otherwise in the code or the thread post. If you do use my code all I ask, as a courtesy, is to make note of where you got it from.

Back up and restore Windows user files _Array.au3 - Modified array functions that include support for 2D arrays.  -  ColorChooser - An add-on for SciTE that pops up a color dialog so you can select and paste a color code into a script.  -  Customizable Splashscreen GUI w/Progress Bar - Create a custom "splash screen" GUI with a progress bar and custom label.  -  _FileGetProperty - Retrieve the properties of a file  -  SciTE Toolbar - A toolbar demo for use with the SciTE editor  -  GUIRegisterMsg demo - Demo script to show how to use the Windows messages to interact with controls and your GUI.  -   Latin Square password generator

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

  • Similar Content

    • Bilgus
      By Bilgus
      User asked about checking for cpuid features that weren't supported by _WinAPI_IsProcessorFeaturePresent()
      I researched it a bit and found that 'Andreik' executed some asm on the fly to get vendorID which quite frankly is amazing
      So I ran with it and created a function that is more general purpose and good for x86 and x64
       
      #include <String.au3> #include <Memory.au3> Test(); Func Test() Local $sFeat1D = "" Local $aFeat1D[32] = ["FPU","VME","DE","PSE","TSC","MSR","PAE","MCE", _ "CX8","APIC","?","SEP","MTRR","PGE","MCA","CMOV", _ "PAT","PSE36","PSN","CLFSH","?","DS","ACPI","MMX", _ "FXSR","SSE","SSE2","SS","HTT","TM","IA64","PBE"] Local $iEdx = CpuID(0x00000001)[3] For $i = 0 to 31 if Get_BitGroup_Dword($iEdx, $i, $i) = 1 Then $sFeat1D &= $aFeat1D[$i] & " " Next Local $sFeat1C = "" Local $aFeat1C[32] = ["SSE3","PCLMULQDQ","DTES64","MONITOR","DS-CPL","VMX","SMX","EST", _ "TM2","SSSE3","CNTX-ID","SDBG","FMA","CX16","XTPR","PDCM", _ "?","PCID","DCA","SSE4.1","SSE4.2","X2APIC","MOVBE","POPCNT", _ "TSC-DEADLINE","AES","XSAVE","OSXSAVE","AVX","F16C","RDRND","HYPERVISOR"] Local $iEcx = CpuID(0x00000001)[2] For $i = 0 to 31 if Get_BitGroup_Dword($iEcx, $i, $i) = 1 Then $sFeat1C &= $aFeat1C[$i] & " " Next MsgBox(0, "CpuId", CpuId_Vendor() & @CRLF & CpuId_Processor_Brand() & @cRLF & $sFeat1D & @cRLF & $sFeat1C) EndFunc ;---------------------------------------------------------------------------- Func Get_BitGroup_Dword($iDword, $iLsb, $iMsb) Local $iVal1 = BitShift($iDword, $iLsb) ;>> Local Const $iMask = 0xFFFFFFFF Local $iVal2 = BitNOT(BitShift($iMask, ($iLsb-$iMsb-1))) ;~<< Return BitAND($iVal1, $iVal2) EndFunc Func RevBinStr($val) Local $rev For $n = BinaryLen($val) To 1 Step -1 $rev &= Hex(BinaryMid($val, $n, 1)) Next Return BinaryToString("0x" & $rev) EndFunc Func CpuId($iLeaf, $iSubLeaf = 0) Local $aE[4] = [0, 0, 0, 0] Local $aCPUID = __Cpuid_Get_Leaf(BitAND($iLeaf, 0xFFFF0000)) ;need to get max first If @error or $aCPUID[0] < $iLeaf Then Return SetError(1, @error, $aE) Return __Cpuid_Get_Leaf($iLeaf, $iSubLeaf) EndFunc Func CpuId_Vendor() Local $aCPUID = __Cpuid_Get_Leaf(0x0) Return RevBinStr($aCPUID[1]) & RevBinStr($aCPUID[3]) & RevBinStr($aCPUID[2]) EndFunc Func CpuId_Processor_Brand() Local $sPBS = "NOT SUPPORT" Local $aCPUID = __Cpuid_Get_Leaf(0x80000000) ;need to get max extended value first If $aCPUID[0] < 0x80000004 Then Return SetError(1, 0, $sPBS) $aCPUID = __Cpuid_Get_Leaf(0x80000002) $sPBS = RevBinStr($aCPUID[0]) & RevBinStr($aCPUID[1]) & RevBinStr($aCPUID[2]) & RevBinStr($aCPUID[3]) $aCPUID = __Cpuid_Get_Leaf(0x80000003) $sPBS &= RevBinStr($aCPUID[0]) & RevBinStr($aCPUID[1]) & RevBinStr($aCPUID[2]) & RevBinStr($aCPUID[3]) $aCPUID = __Cpuid_Get_Leaf(0x80000004) $sPBS &= RevBinStr($aCPUID[0]) & RevBinStr($aCPUID[1]) & RevBinStr($aCPUID[2]) & RevBinStr($aCPUID[3]) Return StringStripWS($sPBS, 7) EndFunc Func CpuId_Signature_Info() Local $aRet[6] = [0, 0, 0, 0, 0 ,0] Local Enum $eStep = 0, $eModel, $eFamily, $eType, $eExtModel, $eExtFamily Local $aCPUID = __Cpuid_Get_Leaf(0x00000000) ;need to get max id value first If $aCPUID[0] < 0x00000001 Then Return SetError(1, 0, $aRet) $aCPUID = __Cpuid_Get_Leaf(0x00000001) Local $iEax = $aCPUID[0] $aRet[$eStep] = Get_BitGroup_Dword($iEax, 0, 3) $aRet[$eModel] = Get_BitGroup_Dword($iEax, 4, 7) $aRet[$eFamily] = Get_BitGroup_Dword($iEax, 8, 11) $aRet[$eType] = Get_BitGroup_Dword($iEax, 12, 13) $aRet[$eExtModel] = Get_BitGroup_Dword($iEax, 16, 19) $aRet[$eExtFamily] = Get_BitGroup_Dword($iEax, 20, 27) Return $aRet EndFunc Func __Cpuid_Get_Leaf($iLeaf, $iSubLeaf = 0) Local Const $sCode32 = "0x" & _ ; use32 "55" & _ ; push ebp "89E5" & _ ; mov ebp, esp "53" & _ ; push ebx "8B4508" & _ ; mov eax, [ebp + 08] ;$iLeaf "8B4D0C" & _ ; mov ecx, [epb + 12] ;$iSubLeaf "31DB" & _ ; xor ebx, ebx ; set ebx = 0 "31D2" & _ ; xor edx, edx ; set edx = 0 "0FA2" & _ ; cpuid "8B6D10" & _ ; mov ebp, [ebp + 16] ;ptr int[4] "894500" & _ ; mov [ebp + 00], eax "895D04" & _ ; mov [edi + 04], ebx "894D08" & _ ; mov [edi + 08], ecx "89550C" & _ ; mov [edi + 12], edx "5B" & _ ; pop ebx "5D" & _ ; pop ebp "C3" ; ret Local Const $sCode64 = "0x" & _ ; use 64 "53" & _ ; push rbx "89C8" & _ ; mov eax, ecx ;$ileaf "89D1" & _ ; mov ecx, edx ;$iSubleaf "31DB" & _ ; xor ebx, ebx "31D2" & _ ; xor edx, edx "0FA2" & _ ; cpuid "67418900" & _ ; mov [r8d], eax ;ptr int[4] "6741895804" & _ ; mov [r8d + 04], ebx "6741894808" & _ ; mov [r8d + 08], ecx "674189500C" & _ ; mov [r8d + 12], edx "5B" & _ ; pop rbx "C3" ; ret Local Const $sCode = @AutoItX64 ? $sCode64 : $sCode32 Local Const $iSize = BinaryLen($sCode) Local $aE_X[4] = [0, 0, 0, 0] Local $iErr Do $iErr = 1 Local $pBuffer = _MemVirtualAlloc(0, $iSize, BitOR($MEM_COMMIT, $MEM_RESERVE), $PAGE_EXECUTE_READWRITE) If $pBuffer = 0 Then ExitLoop $iErr = 2 DllStructSetData(DllStructCreate("BYTE[" & $iSize & "]", $pBuffer), 1, $sCode) If @error Then ExitLoop $iErr = 3 Local $tRet = DllStructCreate("int EAX;int EBX;int ECX;int EDX;") If @error Then ExitLoop $iErr = 4 Local $aRet = DllCallAddress("uint:cdecl", $pBuffer, "int", Int($iLeaf), "int", Int($iSubLeaf), "ptr", DllStructGetPtr($tRet)) If @error Then ExitLoop $iErr = 0;Success? Until(True) _MemVirtualFree($pBuffer, $iSize, $MEM_DECOMMIT) ConsoleWrite($iErr <> 0 ? "Error " & $iErr & @CRLF : Hex($aRet[0], 8) & " Leaf: 0x" & Hex($iLeaf, 8) & " SubLeaf: 0x" & Hex($iSubLeaf, 8) & @CRLF) For $i = 0 To $iErr <> 0 ? -1 : UBound($aE_X) - 1 $aE_X[$i] = "0x" & Hex(DllStructGetData($tRet, $i + 1)) ConsoleWrite("E" & Chr(65 + $i) & "X: " & $aE_X[$i] & @CRLF) Next Return SetError($iErr, @error, $aE_X) EndFunc  
      Most of the processor features can be checked with CPUID(0xXXXXXXXX) and using GET_BitGroup_Dword($iE_X, $iBitpos, $iBitpos) as shown in the example
      I broke the weirder ones out into their own specialized functions
    • UEZ
      By UEZ
      I will try to maintain this topic by inserting links in the first post (here) to the snippets to keep track of the snippets.
      My examples are using AndyG's AssembleIt UDF / AssembleIt2 UDF which is here:
      AssembleIt.au3 (needs FASM.au3 -> see link below (ward))
      ;AssembleIt by Andy @ www.autoit.de ;BIG thx to progandy for the "Buttons" in the debugger ;see examples how to call _AssembleIt() ;Listview changed in Debugger 12.05.2012 ;SSE-Register are nor in the right direction (bitwise from right to left) 20.02.2012 ;Debugger included 07.04.2011 ;modified by UEZ 05.03.2015 #include-once #include "FASM.au3" #include <ButtonConstants.au3> #include <EditConstants.au3> #include <GUIConstantsEx.au3> ;#include <GUIListBox.au3> #include <GuiStatusBar.au3> #include <StaticConstants.au3> #include <WindowsConstants.au3> #include <Constants.au3> #include <array.au3> #include <GuiListView.au3> #include <WinAPI.au3> ;Opt("MustDeclareVars", 1) If @AutoItX64 Then MsgBox(0, "_AssembleIt Error", "Sorry, 64Bit is not supported. Program will be terminated!") Exit EndIf Global $_ASSEMBLEIT_FLAG = 1 Global $Fasm = FasmInit() If @error Then MsgBox(0, "_AssembleIt Error", "Not able to FasmInit! Program will be terminated!") Exit EndIf ; #FUNCTION# ====================================================================================== ; Name ..........: _AssembleIt() ; Description ...: "Wrapper" for the FASM.au3 by Ward ; Syntax ........: _AssembleIt($Returntype, $sFunc, $Type1 = "type", $Param1 = 0, $Type2 = "type", $Param2 = 0.... ; Parameters ....: $Returntype - Data type returned by the assembled program ; $sFunc - Name of the function, in which the Assemblercode is contained ; $sType1 - DataType of Parameter1 ; $sParam1 - Parameter1 ; $sType2 - DataType of Parameter2 ; $sParam2 - Parameter2.....and so on, you can pass up to 20 parameters ; ; Return values .: Success depends on $Returntype @error=0 ; Failure @error = -2 FasmReset has failed ; Failure @error = -3 Error in Assemblercode detected by Fasm ; Failure @error = -4 Function with Assemblercode doesn´t exist (i.e. wrong functionname) ; Failure @error = -5 Error while executing MemoryFuncCall ; ; Author ........: Andy @ www.autoit.de ; Modified ......: ; Remarks .......: _AssembleIt() instructs MemoryFuncCall with cdecl-convention, so only a RET is necessary at the end of the ASM-code ; If $_ASSEMBLEIT_FLAG = 0 is set before calling AssembleIt(), an AutoIt-code to call the opcodes without the need of FASM.au3 is created ; Related .......: Fasm.au3 by Ward http://www.autoitscript.com/forum/index.php?showtopic=111613&view=findpost&p=782727 ; Link ..........: ; Example .......: ; ================================================================================================= Func _AssembleIt($Returntype, $sFunc, $Type1 = "int", $Param1 = 0, $Type2 = "int", $Param2 = 0, $Type3 = "int", $Param3 = 0, $Type4 = "int", $Param4 = 0, $Type5 = "", $Param5 = 0, $Type6 = "", $Param6 = 0, $Type7 = "", $Param7 = 0, $Type8 = "", $Param8 = 0, $Type9 = "", $Param9 = 0, $Type10 = "", $Param10 = 0, $Type11 = "", $Param11 = 0, $Type12 = "", $Param12 = 0, $Type13 = "", $Param13 = 0, $Type14 = "", $Param14 = 0, $Type15 = "", $Param15 = 0, $Type16 = "", $Param16 = 0, $Type17 = "", $Param17 = 0, $Type18 = "", $Param18 = 0, $Type19 = "", $Param19 = 0, $Type20 = "", $Param20 = 0) ;assembles the code FasmReset($Fasm) If @error Then MsgBox(0, "_AssembleIt Error", "Error in Function FasmReset()") Return SetError(-2, 0, "ERROR -2") EndIf If $sFunc <> "" Then Call($sFunc) ;extract Assemblercode from function $sFunc() If @error = 0xDEAD Then MsgBox(0, "_AssembleIt Error", "The called function " & $sFunc & " doesn´t exist or contains errors!") Return SetError(-4, 0, "ERROR -4") EndIf Local $bytecode = FasmGetBinary($Fasm) ;assemble ASM-code to opcodes If @extended Then ;shows errors during assembling Local $Error = FasmGetLastError() ;gets errors MsgBox(0, "FASM-ERROR in function " & $sFunc & "()", "Error Code:" & $Error[0] & _ @CRLF & "Error Message:" & $Error[1] & @CRLF & "Error Line:" & $Error[2] & @CRLF) Return SetError(-3, 0, "ERROR -3") Else ;no errors during assembling the code FileDelete("asm_test.bin") ;creates binary file with opcodes, in the case that someone wants to use an external debugger^^ FileWrite("asm_test.bin", BinaryToString(String(FasmGetBinary($Fasm)))) ; ConsoleWrite($bytecode & @CRLF) ;opcodes, can easily be copied and inserted somewhere.... If $_ASSEMBLEIT_FLAG = 0 Then ;if less then 4 parameters, CallWindowProcW is possible If @NumParams > 10 Then ;only a maximum of 4 parameters in CallWindowProcW posssible MsgBox(0, "_AssembleIt Error", "The $_ASSEMBLEIT_FLAG is set to 0, but more than 4 Parameters are used in the Function " & $sFunc & @CRLF & _ "Please reduce the number of parameters to a maximum of 4 if you want an AutoItscript with a CallWindowProcW-call!") Exit Else ;all is ready to create an AutoItscript which can execute the opcodes without FASM.au3 Local $scriptstring = 'Local $iRet, $tCodeBuffer = DllStructCreate("byte ASM[' & StringLen($bytecode) / 2 - 1 & ']") ;reserve memory for ASM opcodes' & @CRLF & _ '$tCodeBuffer.ASM = "' & $bytecode & '" ;write opcodes into memory (struct)' & @CRLF $scriptstring &= '$iRet = DllCall("user32.dll", "' & $Returntype & '", "CallWindowProcW", "ptr", DllStructGetPtr($tCodeBuffer)' Local $n = 1 For $i = 3 To 9 Step 2 ;CallWindowProcW must be called with 4 parameters... $scriptstring &= ', "' & Eval("Type" & $n) & '", ' If Eval("Param" & $n) <> 0 Or Eval("Param" & $n) <> "" Then $scriptstring &= "Param" & $n Else $scriptstring &= '0' EndIf $n += 1 Next $scriptstring &= ')' & @CRLF ClipPut($scriptstring) ;puts the AutoItcode into Clipboard MsgBox(0, "_AssembleIt() Info!", "The following code was created and written into the Clipboard:" & _ @CRLF & @CRLF & $scriptstring & @CRLF & @CRLF & @CRLF & _ "This code can now be inserted into an AutoIt-Script, please adapt the parameters in the Dll-call to the used AutoIt-variables!" & _ @CRLF & "The Program will be terminated!") FasmExit($Fasm) Exit EndIf ElseIf $_ASSEMBLEIT_FLAG = 2 Then $scriptstring = '$tCodeBuffer.ASM = "' & $bytecode & '" ;write opcodes into memory (struct) / length: ' & StringLen($bytecode) / 2 - 1 ClipPut($scriptstring) MsgBox(0, "_AssembleIt() Info!", "ONLY the byte code line was created and written into the Clipboard:" & _ @CRLF & @CRLF & $scriptstring) FasmExit($Fasm) Exit EndIf ;MemoryFuncCall Local $scriptstring = 'MemoryFuncCall("' & $Returntype & ':cdecl",' & FasmGetFuncPtr($Fasm) ;cdecl instructs the function to clean the stack, only a simple RET at the end is necessary ;Local $scriptstring = 'MemoryFuncCall("' & $Returntype & '",' & FasmGetFuncPtr($Fasm) ;if "compatible" mode to existing programs is required, please commend out this line Local $n = 1 For $i = 3 To @NumParams Step 2 ;all parameters $scriptstring &= ',"' & Eval("Type" & $n) & '", $Param' & $n $n += 1 Next $scriptstring &= ')' Local $a = Execute($scriptstring) ;do the MemoryFuncCall, execute the opcodes If @error Then MsgBox(0, "_AssembleIt Error", "Error executing the MemoryFuncCall!") Return SetError(-5, 0, "ERROR -5") EndIf ;_arraydisplay($a) Return SetError(0, 0, $a[0]) EndIf EndFunc ;==>_AssembleIt Func _($str) ;short version of Fasmadd Fasmadd($Fasm, $str) EndFunc ;==>_ ;debug-Fenster Dim $_DBG_LABEL[170] Global $hwnd_weiterbutton, $_DBG_closebutton Global $_DBG_firstcall = True, $_DBG_buttonID Global $_DBG_GUI = GUICreate("AssembleIt Debug-Info 1.0", 670, 550, 10, 10, 0, $WS_EX_DLGMODALFRAME) Global $_DBG_winpos = WinGetPos($_DBG_GUI) Global $_DBG_Window_posold_x = $_DBG_winpos[0] ;fensterposition merken Global $_DBG_Window_posold_y = $_DBG_winpos[1] + $_DBG_winpos[3] ;$WM_MOVING = 0x0216 Global $_DBG_BUTTONSGUI = -1 GUIRegisterMsg(0x0216, "_DBG_WM_MOVING") ; $WM_MOVING GUIRegisterMsg(0x0232, "_DBG_WM_MOVING") ; $WM_EXITSIZEMOVE GUIRegisterMsg($WM_MOVE, "_DBG_WM_MOVING") ;~ GUIRegisterMsg($WM_MOVING, "_DBG_WM_MOVING") ;~ GUIRegisterMsg($WM_SIZE, "_DBG_WM_SIZE") ;GUIRegisterMsg($WM_COMMAND, "_DBG_WM_COMMAND") $_DBG_LABEL[18] = GUICtrlCreateLabel("FPU-Register showed as DOUBLE!", 10, 175, 290, 16) GUICtrlSetFont(-1, -1, -1, 4) ;GUICtrlSetResizing ( -1, 32+ 2 ) $_DBG_LABEL[17] = GUICtrlCreateLabel("EFlags", 580, 16, 102, 16) GUICtrlSetFont(-1, -1, -1, 4) $_DBG_LABEL[38] = GUICtrlCreateLabel("CF =", 580, 32 + 16 * 0, 30, 16);CF $_DBG_LABEL[59] = GUICtrlCreateLabel("DF =", 580, 32 + 16 * 1, 30, 16) $_DBG_LABEL[39] = GUICtrlCreateLabel("PF =", 580, 32 + 16 * 2, 30, 16) $_DBG_LABEL[68] = GUICtrlCreateLabel("OF =", 580, 32 + 16 * 3, 30, 16) $_DBG_LABEL[48] = GUICtrlCreateLabel("AF =", 580, 32 + 16 * 4, 30, 16) $_DBG_LABEL[49] = GUICtrlCreateLabel("ZF =", 580, 32 + 16 * 6, 30, 16) $_DBG_LABEL[58] = GUICtrlCreateLabel("SF =", 580, 32 + 16 * 7, 30, 16) For $i = 0 To 7 $_DBG_LABEL[10 + $i] = GUICtrlCreateLabel("ST" & $i & " = ", 10 + Mod($i, 2) * 180, 195 + 16 * Int($i / 2), 30, 16) $_DBG_LABEL[80 + $i] = GUICtrlCreateLabel("", 50 + Mod($i, 2) * 180, 195 + 16 * Int($i / 2), 100, 16) $_DBG_LABEL[30 + $i] = GUICtrlCreateLabel("XMM" & $i & " = ", 10, 400 + 15 * $i, 40, 16);XMM0-XMM7 $_DBG_LABEL[90 + $i] = GUICtrlCreateLabel("", 60, 400 + 15 * $i, 300, 16);XMM $_DBG_LABEL[40 + $i] = GUICtrlCreateLabel("", 60, 32 + 16 * $i, 400, 16);hex $_DBG_LABEL[50 + $i] = GUICtrlCreateLabel("", 150, 32 + 16 * $i, 400, 16);int $_DBG_LABEL[60 + $i] = GUICtrlCreateLabel("", 230, 32 + 16 * $i, 300, 16);float $_DBG_LABEL[70 + $i] = GUICtrlCreateLabel("", 320, 32 + 16 * $i, 240, 16);bin $_DBG_LABEL[100 + $i] = GUICtrlCreateLabel("", 610, 32 + 16 * $i, 40, 16) ;eflags $_DBG_LABEL[110 + $i] = GUICtrlCreateLabel("", 280, 400 + 15 * $i, 250, 16);XMM-2xdouble $_DBG_LABEL[120 + $i] = GUICtrlCreateLabel("", 440, 400 + 15 * $i, 250, 16);XMM-4xfloat Next GUICtrlSetPos($_DBG_LABEL[105], 590, 32 + 16 * 5, 1, 1) ;platz machen für ungenutztes label $_DBG_LABEL[20] = GUICtrlCreateLabel("FPU-Flags", 10, 270, 55, 16) GUICtrlSetFont(-1, -1, -1, 4) $_DBG_LABEL[21] = GUICtrlCreateLabel("CO= C1= C2=", 520, 200, 135, 20) $_DBG_LABEL[25] = GUICtrlCreateLabel("Stack", 370, 175, 130, 20) GUICtrlSetFont(-1, -1, -1, 4) $_DBG_LABEL[26] = GUICtrlCreateLabel("HEX", 450, 175, 130, 20) GUICtrlSetFont(-1, -1, -1, 4) $_DBG_LABEL[27] = GUICtrlCreateLabel("INT", 550, 175, 130, 20) GUICtrlSetFont(-1, -1, -1, 4) For $i = 40 To 0 Step -4 $_DBG_LABEL[129 + $i / 4] = GUICtrlCreateLabel(StringFormat("[esp %+02.2d]", 40 - $i), 370, 195 + 16 * $i / 4, 50, 16);129-140 $_DBG_LABEL[141 + $i / 4] = GUICtrlCreateLabel("", 450, 195 + 16 * $i / 4, 100, 16);141-152 $_DBG_LABEL[155 + $i / 4] = GUICtrlCreateLabel("", 550, 195 + 16 * $i / 4, 100, 16);155-161 Next $_DBG_LABEL[108] = GUICtrlCreateLabel("SSE-Register HEX", 10, 375, 150, 20) GUICtrlSetFont(-1, -1, -1, 4) $_DBG_LABEL[109] = GUICtrlCreateLabel("2x Double", 280, 375, 100, 20) GUICtrlSetFont(-1, -1, -1, 4) $_DBG_LABEL[118] = GUICtrlCreateLabel("4x Float", 450, 375, 100, 20) GUICtrlSetFont(-1, -1, -1, 4) ;GUIRegisterMsg($WM_COMMAND, "MyWM_COMMAND") Global $listviewitem_reg32[8] Global $reg_32[8] = ["EAX", "EBX", "ECX", "EDX", "ESI", "EDI", "ESP", "EBP"] Global $Listview_reg32 = GUICtrlCreateListView("REG32|HEX|INT|FLOAT|BIN [BIT31....Bit0]", 10, 2, 560, 172, BitOR($GUI_SS_DEFAULT_LISTVIEW, $LVS_NOSORTHEADER));,$GUI_BKCOLOR_LV_ALTERNATE ) GUICtrlSetFont(-1, 8.5, -1, -1) GUICtrlSetBkColor($Listview_reg32, 0xF0f0f0) ; Grau GUICtrlSetBkColor($Listview_reg32, $GUI_BKCOLOR_LV_ALTERNATE) _GUICtrlListView_BeginUpdate($Listview_reg32) For $i = 0 To 7 $listviewitem_reg32[$i] = GUICtrlCreateListViewItem($reg_32[$i] & "|0xDDDDDDDD|88888888888|9.99999999E999|00000000 00000000 00000000 00000000 ", $Listview_reg32) GUICtrlSetBkColor($listviewitem_reg32[$i], 0xFFFFFF) ; weiss Next For $i = 0 To 4 _GUICtrlListView_SetColumnWidth($Listview_reg32, $i, $LVSCW_AUTOSIZE_USEHEADER);$LVSCW_AUTOSIZE) Next _GUICtrlListView_EndUpdate($Listview_reg32) ;thx progandy für den "button" ! Global Const $tagDLGTEMPLATE = "align 2 ;DWORD style; DWORD dwExtendedStyle; WORD cdit; short x; short y; short cx; short cy;" Global Const $tagDLGITEMTEMPLATE = "align 2 ;DWORD style; DWORD dwExtendedStyle; short x; short y; short cx; short cy; WORD id;" Global $_DBG_noshowflag = 0 Global $dlgproc = DllCallbackRegister("_DlgProc", "bool", "hwnd;uint;wparam;lparam") Global $_DBG_ = DllCallbackRegister("_DBG_MSGBOX", "dword", "dword;dword;dword;dword;dword;dword;dword;dword;dword") ;speicher reservieren für datenbereich Global $ptr_dbgmem = Number(_MemGlobalAlloc(600, 0)) ;512 byte + 8 byte weil nur 8byte-align Local $mod = Mod($ptr_dbgmem, 16) ;benötigt wird für SSE-Register abe 16-byte-align If $mod <> 0 Then $ptr_dbgmem += (16 - $mod) ;16 byte align EndIf Global $_dbg_string[100], $_DBG_nr = 0, $_DBG_command[2] Global $struct_FXSAVE = DllStructCreate("byte[512]", $ptr_dbgmem);platz für Daten aus FXSAVE Global $struct_STACK = DllStructCreate("dword[11]", $ptr_dbgmem + 520);platz für Daten aus STACK [esp-20] bis [esp+20] Global $ptr_STACK = DllStructGetPtr($struct_STACK) ;http://siyobik.info/index.php?module=x86&id=128 ;ob ich diese flags noch einbaue, weiss ich nicht Local $struct = DllStructCreate("" & _ "word FCW;" & _ ;FPU control word 0+1 "word FSW;" & _ ;FPU statusword 2+3 "byte FTW;" & _ ;FPU ag word 4 "byte;" & _ ;reserved 5 "word FOP;" & _ ;FPU opcode 6+7 "dword FIP;" & _ ;FPU instruction pointer 8-11 "word CS;" & _ ; 12-13 "word ;" & _ ;reserved 14-15 "dword FDP;" & _ ; 16-19 "word DS;" & _ ; 20+21 "word ;" & _ ;reserved 22-23 "dword MXCSR;" & _ ;MXCSR 24-27 "dword MXCSR_MASK;" & _ ;MXCSR_MASK 28-31 "byte[10] ST0;") ;ST0 32-41 Global $struct_double = DllStructCreate("double[8]") ;platz für 8 doubles der FPU register st0-st7 Global $struct_128SSE = DllStructCreate("byte[128]", Ptr($ptr_dbgmem + 160));platz für 16 byte SSE Global $struct_EFLAGS = DllStructCreate("dword EFLAGS", Ptr($ptr_dbgmem + 512));platz 32 bit eflags Global $ptr_SSE = DllStructGetPtr($struct_128SSE) ;pointer Global $ptr_EFLAGS = DllStructGetPtr($struct_EFLAGS) Global $struct_SSE64x2int = DllStructCreate("uint64[16]", $ptr_SSE) ;platz für 2x 64byte SSE Global $struct_SSE32x4int = DllStructCreate("uint[32]", $ptr_SSE) ;platz für 4x 32byte SSE Global $struct_SSE16x8int = DllStructCreate("word[64]", $ptr_SSE) ;platz für 8x 16byte SSE Global $struct_SSE64x2dbl = DllStructCreate("double[16]", $ptr_SSE) ;platz für 2x 64byte DOUBLE SSE Global $struct_SSE32x4flt = DllStructCreate("float[32]", $ptr_SSE) ;platz für 4x 32byte FLOAT SSE ;debug-funktion, aus dem asmcode per call an die callback-adresse aufgerufen Func _DBG_MSGBOX($anz, $edi, $esi, $ebp, $esp, $ebx, $edx, $ecx, $eax);aus asm übergebene register If $_DBG_noshowflag = 1 Then Return 0 GUISetState(@SW_SHOW, $_DBG_GUI) _WinAPI_UpdateWindow($_DBG_GUI) ;_DBG_WM_SIZE($_DBG_GUI,0,0,0) Dim $reg[8] = [$eax, $ebx, $ecx, $edx, $esi, $edi, $esp, $ebp] _GUICtrlListView_BeginUpdate($Listview_reg32) For $i = 0 To 7 ;fenster mit Werten füllen GUICtrlSetData($listviewitem_reg32[$i], "|" & Ptr($reg[$i]) & "|" & _ String($reg[$i]) & "|" & _ StringFormat(" %2.6G", int2float($reg[$i])) & "|" & int2bin($reg[$i])) ;hex GUICtrlSetData($_DBG_LABEL[$i + 80], DllStructGetData($struct_double, 1, $i + 1));FPU st0-st7 ;SSE $struct_temp = DllStructCreate("byte[16]", $ptr_SSE + 16 * $i) $struct = DllStructCreate("byte[16]") For $z = 1 To 16 DllStructSetData($struct, 1, DllStructGetData($struct_temp, 1, 17 - $z), $z) Next GUICtrlSetData($_DBG_LABEL[$i + 90], DllStructGetData($struct, 1)) GUICtrlSetData($_DBG_LABEL[$i + 100], BitAND(2 ^ $i, DllStructGetData($struct_EFLAGS, 1)) / (2 ^ $i));eflags $struct = DllStructCreate("double[2]", $ptr_SSE + 16 * $i); 2x 64byte DOUBLE SSE GUICtrlSetData($_DBG_LABEL[$i + 110], StringFormat("%6s %6s", DllStructGetData($struct, 1, 2), DllStructGetData($struct, 1, 1))) $struct = DllStructCreate("float[4]", $ptr_SSE + 16 * $i); 4x 32byte FLOAT SSE GUICtrlSetData($_DBG_LABEL[$i + 120], StringFormat("%10.5f %10.5f %10.5f %10.5f", DllStructGetData($struct, 1, 4), DllStructGetData($struct, 1, 3), DllStructGetData($struct, 1, 2), DllStructGetData($struct, 1, 1))) Next GUICtrlSetData($_DBG_LABEL[101], BitAND(2 ^ 10, DllStructGetData($struct_EFLAGS, 1)) / (2 ^ 10));eflags DF GUICtrlSetData($_DBG_LABEL[103], BitAND(2 ^ 11, DllStructGetData($struct_EFLAGS, 1)) / (2 ^ 11));eflags OF For $i = 0 To 10 ;stack GUICtrlSetData($_DBG_LABEL[141 + $i], Ptr(DllStructGetData($struct_STACK, 1, $i + 1)));stack hex GUICtrlSetData($_DBG_LABEL[155 + $i], Int(DllStructGetData($struct_STACK, 1, $i + 1)));stack int Next _GUICtrlListView_EndUpdate($Listview_reg32) If $anz = 0 Or Execute($_dbg_string[$anz]) Then Switch __GET_MSGBOX_BUTTON() Case 0, 1 Case 2 $_DBG_noshowflag = True Case 3 DllCall("kernel32.dll", "none", "ExitProcess", "int", 0xDEADBEEF) EndSwitch EndIf Return 0 EndFunc ;==>_DBG_MSGBOX Func __GET_MSGBOX_BUTTON() Local Static $tDLG, $aOldPos[4] = [0, 0, -1, -1] Local $pos_DBB_Window = WinGetPos($_DBG_GUI) ;Positionsdaten der GUI holen If $aOldPos[0] <> $pos_DBB_Window[0] Or $aOldPos[1] <> $pos_DBB_Window[1] Or $aOldPos[2] <> $pos_DBB_Window[2] Or $aOldPos[2] <> $pos_DBB_Window[2] Then $aOldPos = $pos_DBB_Window Local $x = Int($pos_DBB_Window[0] / 2) Local $y = Int(($pos_DBB_Window[1] + $pos_DBB_Window[3]) / 2) ;es folgen die Daten für den "...NEXT"-Button, der muss ein modales Fenster sein, wer da eine andere Idee hat, bitte melden Local $w = Int($pos_DBB_Window[2] / 2) ;breite Button Local $h = 30 ;höhe Button Local $bTitle = StringToBinary("Next....", 2) ;text Button Local $bXY = BinaryMid(Binary($x), 1, 2) & BinaryMid(Binary($y), 1, 2);Buttondaten Local $bWH = BinaryMid(Binary($w), 1, 2) & BinaryMid(Binary($h), 1, 2) Local $bWhalfH = BinaryMid(Binary(Int($w / 2 - 15)), 1, 2) & BinaryMid(Binary($h), 1, 2) Local $bDIALOG = Binary("0x00000090400000040300") & $bXY & $bWH & Binary("0x000000000000") & Binary("0x000000500000000000000000") & $bWhalfH & Binary("0x0100FFFF8000") & $bTitle & Binary("0x0000") & Binary("0x0000") ; |Style ||ExStyl||cdit| |Empty "Arrays"| |Style ||ExStyl||x ||y | |id||BUTTON| |Chr0| |irgend welche anderen Arrays $x = Mod(BinaryLen($bDIALOG), 4) If $x Then $bDIALOG &= BinaryMid(Binary("0x000000"), 1, $x) $bTitle = StringToBinary("End Debugging", 2) ;text Button $bDIALOG &= Binary("0x0000005000000000") & BinaryMid(Int($w / 2 - 15), 1, 2) & Binary("0x0000") & $bWhalfH & Binary("0x0200FFFF8000") & $bTitle & Binary("0x0000") & Binary("0x0000") $x = Mod(BinaryLen($bDIALOG), 4) If $x Then $bDIALOG &= BinaryMid(Binary("0x000000"), 1, $x) $bTitle = StringToBinary("Kill", 2) ;text Button $bDIALOG &= Binary("0x0000005000000000") & BinaryMid(Int($w - 30), 1, 2) & Binary("0x0000") & BinaryMid(30, 1, 2) & BinaryMid($h, 1, 2) & Binary("0x0300FFFF8000") & $bTitle & Binary("0x0000") & Binary("0x0000") $tDLG = DllStructCreate("byte[" & BinaryLen($bDIALOG) & "]") DllStructSetData($tDLG, 1, $bDIALOG) ;Button-Daten in struct schreiben EndIf Local $aRet = DllCall("user32.dll", "int", "DialogBoxIndirectParamW", "ptr", 0, "ptr", DllStructGetPtr($tDLG), "hwnd", 0, "ptr", DllCallbackGetPtr($dlgproc), "lparam", 0) If @error Then Return 0 Return $aRet[0] EndFunc ;==>__GET_MSGBOX_BUTTON ;Alle Register, Flags, Stack usw werden in einen Speicherbereich geschrieben und von dort mit ;der Funktion _DBG_MSGBOX() ausgelesen Func _asmdbg_($_DBG_command = "") ;Register _("push dword[esp+40]") ;stack in memory _("pop dword[" & $ptr_STACK & "]") _("push dword[esp+36]") ;stack in memory _("pop dword[" & $ptr_STACK + 4 & "]") _("push dword[esp+32]") ;stack in memory _("pop dword[" & $ptr_STACK + 8 & "]") _("push dword[esp+28]") ;stack in memory _("pop dword[" & $ptr_STACK + 12 & "]") _("push dword[esp+24]") ;stack in memory _("pop dword[" & $ptr_STACK + 16 & "]") _("push dword[esp+20]") ;stack in memory _("pop dword[" & $ptr_STACK + 20 & "]") _("push dword[esp+16]") ;stack in memory _("pop dword[" & $ptr_STACK + 24 & "]") _("push dword[esp+12]") ;stack in memory _("pop dword[" & $ptr_STACK + 28 & "]") _("push dword[esp+08]") ;stack in memory _("pop dword[" & $ptr_STACK + 32 & "]") _("push dword[esp+04]") ;stack in memory _("pop dword[" & $ptr_STACK + 36 & "]") _("push dword[esp+00]") ;stack in memory _("pop dword[" & $ptr_STACK + 40 & "]") _("pushfd") ;eflags sichern _("pop dword[" & Ptr($ptr_EFLAGS) & "]") ;eflags speichern in struct _("pushfd") ;eflags sichern _("push eax") _("mov eax," & $ptr_dbgmem) ;alle FPU+SSE Registerinhalte und flags sichern _("FXSAVE [eax]") _("fstp qword[" & DllStructGetPtr($struct_double) & "]") ;alle FPU-Register sichern _("fstp qword[" & DllStructGetPtr($struct_double) + 8 & "]") _("fstp qword[" & DllStructGetPtr($struct_double) + 16 & "]") _("fstp qword[" & DllStructGetPtr($struct_double) + 24 & "]") _("fstp qword[" & DllStructGetPtr($struct_double) + 32 & "]") _("fstp qword[" & DllStructGetPtr($struct_double) + 40 & "]") _("fstp qword[" & DllStructGetPtr($struct_double) + 48 & "]") _("fstp qword[" & DllStructGetPtr($struct_double) + 56 & "]") ; _("fwait") _("pop eax") _("pushad") ;alle Register sichern _("pushad") ;auf den stack für für die msgbox If $_DBG_command <> "" Then ;falls kein Befehl übergeben wurde $_DBG_nr += 1 $_dbg_string[$_DBG_nr] = $_DBG_command _("push " & Ptr($_DBG_nr)) ;anzahl der Else _("push " & Ptr(0)) EndIf _("call " & DllCallbackGetPtr($_DBG_)) ;in autoit-callbackroutine springen _("mov eax," & $ptr_dbgmem) ;alle FPU+SSE registerinhalte und flags restore _("FXRSTOR [eax]") ;restore alle FPU-Register ; _("fwait") _("popad") ;alle register wieder zurücksetzen _("popfd") ;eflags setzen EndFunc ;==>_asmdbg_ Func bin2ascii($bin_string) ;string aus nullen und einsen in 8-bit-ascii text string umwandeln Local $step = 8 ;8-Bit ASCII Buchstaben Local $ascii_string = "" ;Rückgabestring For $f = 1 To StringLen($bin_string) Step $step ;string von Vorne nach hinten 8-bitweise durchsuchen Local $t = StringMid($bin_string, $f, $step) ; 8-Bit-Wort, ein ASCII-Buchstabe Local $bin = 0 ;startwert für For $i = 1 To $step ;jedes Bit suchen If StringMid($t, $i, 1) = "1" Then $bin += (2 ^ ($step - $i)) ;wenn Bit=1 dann binärzahl=binärzahl+2^(8-Bitposition) Next $ascii_string &= Chr($bin) Next Return $ascii_string EndFunc ;==>bin2ascii Func int2bin($integer) ;32Bit in binärstring darstellen Local $bin_string = "" For $i = 31 To 0 Step -1 ;asciicode in bits If Mod($i + 1, 8) = 0 Then $bin_string &= " " If BitAND($integer, 2 ^ $i) Then $bin_string &= "1" Else $bin_string &= "0" EndIf Next Return $bin_string EndFunc ;==>int2bin Func int2float($integer) Local $struct = DllStructCreate("int") Local $struct2 = DllStructCreate("float", DllStructGetPtr($struct)) DllStructSetData($struct, 1, $integer) Local $ret = DllStructGetData($struct2, 1) $struct = 0 $struct2 = 0 Return $ret EndFunc ;==>int2float Func _DlgProc($hwnd, $uMsg, $wParam, $lParam) ;thx to progandy! If $uMsg = $WM_INITDIALOG Then $_DBG_BUTTONSGUI = $hwnd ElseIf $uMsg = $WM_CLOSE Then DllCall("user32.dll", "bool", "EndDialog", "hwnd", $hwnd, "int_ptr", 0) Return True ElseIf $uMsg = $WM_COMMAND Then DllCall("user32.dll", "bool", "EndDialog", "hwnd", $hwnd, "int_ptr", BitAND($wParam, 0xFFFF)) Return True ElseIf $uMsg = $WM_DESTROY Then $_DBG_BUTTONSGUI = -1 EndIf Return False EndFunc ;==>_DlgProc Func _DBG_WM_MOVING($hwnd, $uMsg, $wParam, $lParam) If $hwnd = $_DBG_GUI And IsHWnd($_DBG_BUTTONSGUI) Then Local $pos = WinGetPos($hwnd) WinMove($_DBG_BUTTONSGUI, "", $pos[0], $pos[1] + $pos[3]) EndIf Return $GUI_RUNDEFMSG EndFunc ;==>_DBG_WM_MOVING Func _DBG_WM_SIZE($hwnd, $message, $wParam, $lParam);fenstergrösse wird verändert Local $posgui = WinGetPos($_DBG_GUI) $_DBG_Window_posold_x = $posgui[0] ;fensterposition merken $_DBG_Window_posold_y = $posgui[1] ;WinMove($hwnd_weiterbutton, "", $pos[0], $pos[1] + $pos[3], 200, 60);buttonposition anpassen WinMove($hwnd_weiterbutton, "", $posgui[0], $posgui[1] + $posgui[3], $posgui[2], 60);fensterposition anpassen WinMove($_DBG_GUI, "", $posgui[0], $posgui[1], $posgui[2], $posgui[3]);fensterposition anpassen _WinAPI_SetWindowPos($_DBG_buttonID, 0, 0, 0, $posgui[2], 60, 0x0020);buttonpos im fenster resze EndFunc ;==>_DBG_WM_SIZE You can use also different inline assembler UDFs, e.g. Extended Flat Assembler (by Beege) or the originaly by Ward The Embedded Flat Assembler (FASM) UDF
      Without the help of AndyG and Eukalyptus I wouldn't be able to create ASM code - many thanks!!!
      Many thanks dudes - you rock! 
       
      I'm a novice in assembler coding - please don't blame me.
       
      Feel free to post your snippets here!
       
      Categories
      String
      _ASM_StringLFCharCount (counts the line feeds within a string)
      _ASM_StringReplaceWChar (replaces a unicode char within a string)
      _StringReverse / _StringReverse2 (reverse a string coded by AndyG)
       
      Graphic
      _ASM_DrawRectFilled (draws a filled rectangle)
      _ASM_ImageInvert (inverts (negative) an image)
      _ASM_BitmapCreateBitmapWithAlpha (merges an image with an alpha blend image)
      _ASM_ImageCreateNegativeMMX (inverts (negative) an image using MMX)
      _ASM_DrawLineUsingGDIPlus (draws a line using the GDIPlus lib)
      _ASM_BitCompareBitmapsMMX (bitwise bitmap compare)
      _ASM_BitmapGetAverageColorValue / _ASM64_BitmapGetAverageColorValue.au3 (gets the average color of a bitmap)
    • UEZ
      By UEZ
      Simple snowfall using GDI+ & ASM.
      Thanks to Eukalyptus for the ASM codes. 
       
      If the script runs too slow reduce the amount of flakes in line 48.
       
      For more information please visit the forum thread.
       
      Happy snowing.
    • UEZ
      By UEZ
      Simple snowfall using GDI+ & ASM.
      Thanks to Eukalyptus for the ASM codes.
       
      If the script runs too slow reduce the amount of flakes in line 115.
       
      You can switch now between local MP3 stream and internet stream. Further you can also set the scrolling text.
      Command line options:
      -local "<path to local MP3 file>"
      -url "<URL to a MP3 file>"
      -text "<your individual text>"
      Max. text length are 500 chars.
      Don't forget the double quotes after the parameters!
       
      Download: click me
       

       
      Happy snowing and romantic moments...
    • UEZ
      By UEZ
      Here a little Outro for all the animation lovers which I created when I played around with spheres.
      Download:    Sphere Outro.7z     --=> 7-Zip archive
       

       
      Credits:
      Eukalyptus (GDIPlusEx.au3 -> don't search for it because it is not released for the public )
      wakillon & TitchySID.dll creator
       
      If it is too slow reduce the stars in line 77 (-=> $iStars)
      If you cannot see the fade in/out text change in line 152 the font name from "Plantagenet Cherokee" to "Times New Roman"!
       

×