Jump to content
Sign in to follow this  
dromenox

Registers and Variables

Recommended Posts

dromenox
Using this UDF, how do I save the value of a register in a variable? 
 
 
With C ++ do so: 
 
int variable; 
__asm mov variable, eax;

 

Share this post


Link to post
Share on other sites
trancexx

eax will be the return value of the procedure, so that's easy.

Which register?


♡♡♡

.

eMyvnE

Share this post


Link to post
Share on other sites
dromenox

eax will be the return value of the procedure, so that's easy.

Which register?

Any register

Share this post


Link to post
Share on other sites
dromenox

I created this function, but it only works the first time I call.

MCuub3o.png

Share this post


Link to post
Share on other sites
Danyfirex

I think maybe something like this:

#Include "FASM.au3"
Opt("MustDeclareVars", 1)

; Initial a FASM object
Global $Fasm = FasmInit()

ConsoleWrite("AutoIt Embedded Flat Assembler (v" & FasmGetVersion() & ") Demo" & @CRLF)

; Demo 1: Using Parameters
    FasmReset($Fasm)
    FasmAdd($Fasm, "use32")
    FasmAdd($Fasm, "org " & FasmGetBasePtr($Fasm))
    FasmAdd($Fasm, "mov ebx, 10")
    FasmAdd($Fasm, "mov ecx, 40")
   Local $t= Registro("ebx,ecx")

ConsoleWrite($t.ebx & @CRLF)
ConsoleWrite($t.ecx & @CRLF)
FasmExit($Fasm)

Exit

Func Registro($reg)
Local $tStructure=DllStructCreate("DWORD ebx;DWORD ecx")
Local $pt=DllStructGetPtr($tStructure)
Local $split=StringSplit($reg,",")
FasmAdd($Fasm, "mov [" & $pt & "],"  & $split[1])
FasmAdd($Fasm, "mov [" & $pt+4 & "],"  & $split[2])
FasmAdd($Fasm, "ret")
ConsoleWrite(String(FasmGetBinary($Fasm)) & @CRLF)
Local $Ret = MemoryFuncCall("int", FasmGetFuncPtr($Fasm))
Return $tStructure

EndFunc

Saludos

Share this post


Link to post
Share on other sites
LarsJ
dromenox

dromenox, "Any register"? Do you mean this and this?

Yes, mainly EAX, EBX, ECX, EDX, ESI, EIP, EBP

Share this post


Link to post
Share on other sites
Danyfirex

Well this is my try:

Edited...

; ------------------------------------------------------------------
; The Embedded Flat Assembler 1.69 UDF Demo (2011.6.4)
; Purpose: Demonstrate the usage of embedded flat assembler
; Author:  Ward
; ------------------------------------------------------------------

#Include "FASM.au3"
#include <WinAPI.au3>
#include <Array.au3>
Opt("MustDeclareVars", 1)


;Strings For printf
Global Enum $eax,$ecx,$edx,$ebx,$esp,$ebp,$esi,$edi
Global $aRegistro[8]=["eax","ecx","edx","ebx","esp","ebp","esi","edi"]
Global $tStrings[8]
Global $pStrings[8]

CreateStructuresAndPointer()

;Get printf Funtion pointer
Global $hModule = _WinAPI_GetModuleHandle("msvcrt.dll")

If $hModule Then
    Global $pFunction = _WinAPI_GetProcAddress($hModule, "printf")
    ConsoleWrite("The address of the function is " & $pFunction & @CRLF)
EndIf



;Start Assembly
Global $Fasm = FasmInit()

ConsoleWrite("AutoIt Embedded Flat Assembler (v" & FasmGetVersion() & ") Demo" & @CRLF)
    FasmReset($Fasm)
    FasmAdd($Fasm, "use32")
    FasmAdd($Fasm, "org " & FasmGetBasePtr($Fasm))
    FasmAdd($Fasm, "mov ebx, 10")
    FasmAdd($Fasm, "mov ecx, 40")
    ;Debug
    Debug($ebx)
    Debug($ecx)
    Debug($edx)
    Debug($esp)
    Debug($ebp)
    Debug($eax)
    Debug($esi)
    Debug($edi)
    ;End Debug
    FasmAdd($Fasm, "mov eax, 100")
    FasmAdd($Fasm, "mov ecx, 100")
    FasmAdd($Fasm, "add ecx, eax")
    ;Debug
    Debug($eax)
    Debug($ecx)
    ;EndDebug
    FasmAdd($Fasm, "ret")
    ConsoleWrite(String(FasmGetBinary($Fasm)) & @CRLF)
    Local $Ret = MemoryFuncCall("int", FasmGetFuncPtr($Fasm))
    MsgBox(0,"",$Ret[0])
   FasmExit($Fasm)

Exit

;Function Debug
Func Debug($eReg)
FasmAdd($Fasm, "pushad")
FasmAdd($Fasm, "push " & $aRegistro[$eReg])
FasmAdd($Fasm, "push " & $pStrings[$eReg])
FasmAdd($Fasm, "call " & $pFunction)
FasmAdd($Fasm, "add esp,8")
FasmAdd($Fasm, "popad")
EndFunc

;Create Strings Structures and Pointer Function
Func CreateStructuresAndPointer()
Local $sString=""
for $i=0 to 8-1
    $sString="!Register " & $aRegistro[$i] & " Value: %d" & chr(10) & chr(0)
    $tStrings[$i]=DllStructCreate("char[" & Stringlen($sString)+1 & "]")
    $pStrings[$i]=DllStructGetPtr($tStrings[$i])
    DllStructSetData($tStrings[$i],1,$sString)
Next
EndFunc
 

Salida:

5G5HPZy.png

Saludos

Edited by Danyfirex

Share this post


Link to post
Share on other sites
trancexx

I can't see any smart reason for this, unless it's for learning. In that case, you can use some online assembler (like this one) and generate opcodes yourself. Then you can write something like this:

#include <Memory.au3>

If @AutoItX64 Then Exit MsgBox(4096, "Bzzz...", "x86 instructions below!" & @CRLF & "Re-run script with 32-bit interpretter.")

; allocation of executable space
$tCodeBuffer = _allocate_512_bytes_of_executable_code_and_get_it_to_me_as_dllstruct()

; write opcodes now:

;========================== eax = 778 ==============================
DllStructSetData($tCodeBuffer, 1, _
        "0x" & _
        "B8" & swap_endian(778) & _             ; mov eax, 778
        "C3") ; ret

$iVar = DllCallAddress("int", DllStructGetPtr($tCodeBuffer))[0]

ConsoleWrite("eax = " & $iVar & @CRLF)
;===================================================================

;========================== ecx = 122 ==============================
DllStructSetData($tCodeBuffer, 1, _
        "0x" & _
        "B9" & swap_endian(122) & _             ; mov ecx, 122
        "89C8" & _                              ; mov eax, ecx
        "C3") ; ret

$iVar = DllCallAddress("int", DllStructGetPtr($tCodeBuffer))[0]

ConsoleWrite("ecx = " & $iVar & @CRLF)
;===================================================================

;========================== edx = 77692 ============================
DllStructSetData($tCodeBuffer, 1, _
        "0x" & _
        "BA" & swap_endian(77692) & _           ; mov edx, 77692
        "89D0" & _                              ; mov eax, edx
        "C3") ; ret

$iVar = DllCallAddress("int", DllStructGetPtr($tCodeBuffer))[0]

ConsoleWrite("edx = " & $iVar & @CRLF)
;===================================================================

;========================== ebx = 234445 ===========================
DllStructSetData($tCodeBuffer, 1, _
        "0x" & _
        "BB" & swap_endian(234445) & _          ; mov ebx, 234445
        "89D8" & _                              ; mov eax, ebx (8BC3)
        "C3") ; ret

$iVar = DllCallAddress("int", DllStructGetPtr($tCodeBuffer))[0]

ConsoleWrite("ebx = " & $iVar & @CRLF)
;===================================================================

;========================== esi = 9123 =============================
DllStructSetData($tCodeBuffer, 1, _
        "0x" & _
        "BE" & swap_endian(9123) & _            ; mov esi, 9123
        "89F0" & _                              ; mov eax, esi
        "C3") ; ret

$iVar = DllCallAddress("int", DllStructGetPtr($tCodeBuffer))[0]

ConsoleWrite("esi = " & $iVar & @CRLF)
;===================================================================

;========================== edi = 43 ===============================
DllStructSetData($tCodeBuffer, 1, _
        "0x" & _
        "BF" & swap_endian(43) & _              ; mov edi, 43
        "89F8" & _                              ; mov eax, edi
        "C3") ; ret

$iVar = DllCallAddress("int", DllStructGetPtr($tCodeBuffer))[0]

ConsoleWrite("edi = " & $iVar & @CRLF)
;===================================================================

;...etc
; normally you would free exe buffer when not needed any more (omited here just because)


; few helper functions
Func _allocate_512_bytes_of_executable_code_and_get_it_to_me_as_dllstruct()
    Return DllStructCreate("byte[512]", _MemVirtualAlloc(0, 512, $MEM_COMMIT, $PAGE_EXECUTE_READWRITE))
EndFunc
Func swap_endian($iValue)
    Return Hex(BinaryMid($iValue, 1, 4))
EndFunc

♡♡♡

.

eMyvnE

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×