dromenox Posted August 23, 2014 Share Posted August 23, 2014 Using this UDF, how do I save the value of a register in a variable? With C ++ do so: int variable; __asm mov variable, eax; Link to comment Share on other sites More sharing options...
trancexx Posted August 23, 2014 Share Posted August 23, 2014 eax will be the return value of the procedure, so that's easy. Which register? ♡♡♡ . eMyvnE Link to comment Share on other sites More sharing options...
dromenox Posted August 23, 2014 Author Share Posted August 23, 2014 eax will be the return value of the procedure, so that's easy. Which register? Any register Link to comment Share on other sites More sharing options...
dromenox Posted August 23, 2014 Author Share Posted August 23, 2014 I created this function, but it only works the first time I call. Link to comment Share on other sites More sharing options...
Danyfirex Posted August 23, 2014 Share Posted August 23, 2014 I think maybe something like this: #Include "FASM.au3" Opt("MustDeclareVars", 1) ; Initial a FASM object Global $Fasm = FasmInit() ConsoleWrite("AutoIt Embedded Flat Assembler (v" & FasmGetVersion() & ") Demo" & @CRLF) ; Demo 1: Using Parameters FasmReset($Fasm) FasmAdd($Fasm, "use32") FasmAdd($Fasm, "org " & FasmGetBasePtr($Fasm)) FasmAdd($Fasm, "mov ebx, 10") FasmAdd($Fasm, "mov ecx, 40") Local $t= Registro("ebx,ecx") ConsoleWrite($t.ebx & @CRLF) ConsoleWrite($t.ecx & @CRLF) FasmExit($Fasm) Exit Func Registro($reg) Local $tStructure=DllStructCreate("DWORD ebx;DWORD ecx") Local $pt=DllStructGetPtr($tStructure) Local $split=StringSplit($reg,",") FasmAdd($Fasm, "mov [" & $pt & "]," & $split[1]) FasmAdd($Fasm, "mov [" & $pt+4 & "]," & $split[2]) FasmAdd($Fasm, "ret") ConsoleWrite(String(FasmGetBinary($Fasm)) & @CRLF) Local $Ret = MemoryFuncCall("int", FasmGetFuncPtr($Fasm)) Return $tStructure EndFunc Saludos Danysys.com AutoIt... UDFs: VirusTotal API 2.0 UDF - libZPlay UDF - Apps: Guitar Tab Tester - VirusTotal Hash Checker Examples: Text-to-Speech ISpVoice Interface - Get installed applications - Enable/Disable Network connection PrintHookProc - WINTRUST - Mute Microphone Level - Get Connected NetWorks - Create NetWork Connection ShortCut Link to comment Share on other sites More sharing options...
LarsJ Posted August 24, 2014 Share Posted August 24, 2014 dromenox, "Any register"? Do you mean this and this? Controls, File Explorer, ROT objects, UI Automation, Windows Message MonitorCompiled code: Accessing AutoIt variables, DotNet.au3 UDF, Using C# and VB codeShell menus: The Context menu, The Favorites menu. Shell related: Control Panel, System Image ListsGraphics related: Rubik's Cube, OpenGL without external libraries, Navigating in an image, Non-rectangular selectionsListView controls: Colors and fonts, Multi-line header, Multi-line items, Checkboxes and icons, Incremental searchListView controls: Virtual ListViews, Editing cells, Data display functions Link to comment Share on other sites More sharing options...
dromenox Posted August 24, 2014 Author Share Posted August 24, 2014 dromenox, "Any register"? Do you mean this and this? Yes, mainly EAX, EBX, ECX, EDX, ESI, EIP, EBP Link to comment Share on other sites More sharing options...
Danyfirex Posted August 24, 2014 Share Posted August 24, 2014 (edited) Well this is my try: Edited... expandcollapse popup; ------------------------------------------------------------------ ; The Embedded Flat Assembler 1.69 UDF Demo (2011.6.4) ; Purpose: Demonstrate the usage of embedded flat assembler ; Author: Ward ; ------------------------------------------------------------------ #Include "FASM.au3" #include <WinAPI.au3> #include <Array.au3> Opt("MustDeclareVars", 1) ;Strings For printf Global Enum $eax,$ecx,$edx,$ebx,$esp,$ebp,$esi,$edi Global $aRegistro[8]=["eax","ecx","edx","ebx","esp","ebp","esi","edi"] Global $tStrings[8] Global $pStrings[8] CreateStructuresAndPointer() ;Get printf Funtion pointer Global $hModule = _WinAPI_GetModuleHandle("msvcrt.dll") If $hModule Then Global $pFunction = _WinAPI_GetProcAddress($hModule, "printf") ConsoleWrite("The address of the function is " & $pFunction & @CRLF) EndIf ;Start Assembly Global $Fasm = FasmInit() ConsoleWrite("AutoIt Embedded Flat Assembler (v" & FasmGetVersion() & ") Demo" & @CRLF) FasmReset($Fasm) FasmAdd($Fasm, "use32") FasmAdd($Fasm, "org " & FasmGetBasePtr($Fasm)) FasmAdd($Fasm, "mov ebx, 10") FasmAdd($Fasm, "mov ecx, 40") ;Debug Debug($ebx) Debug($ecx) Debug($edx) Debug($esp) Debug($ebp) Debug($eax) Debug($esi) Debug($edi) ;End Debug FasmAdd($Fasm, "mov eax, 100") FasmAdd($Fasm, "mov ecx, 100") FasmAdd($Fasm, "add ecx, eax") ;Debug Debug($eax) Debug($ecx) ;EndDebug FasmAdd($Fasm, "ret") ConsoleWrite(String(FasmGetBinary($Fasm)) & @CRLF) Local $Ret = MemoryFuncCall("int", FasmGetFuncPtr($Fasm)) MsgBox(0,"",$Ret[0]) FasmExit($Fasm) Exit ;Function Debug Func Debug($eReg) FasmAdd($Fasm, "pushad") FasmAdd($Fasm, "push " & $aRegistro[$eReg]) FasmAdd($Fasm, "push " & $pStrings[$eReg]) FasmAdd($Fasm, "call " & $pFunction) FasmAdd($Fasm, "add esp,8") FasmAdd($Fasm, "popad") EndFunc ;Create Strings Structures and Pointer Function Func CreateStructuresAndPointer() Local $sString="" for $i=0 to 8-1 $sString="!Register " & $aRegistro[$i] & " Value: %d" & chr(10) & chr(0) $tStrings[$i]=DllStructCreate("char[" & Stringlen($sString)+1 & "]") $pStrings[$i]=DllStructGetPtr($tStrings[$i]) DllStructSetData($tStrings[$i],1,$sString) Next EndFunc Salida: Saludos Edited August 24, 2014 by Danyfirex Danysys.com AutoIt... UDFs: VirusTotal API 2.0 UDF - libZPlay UDF - Apps: Guitar Tab Tester - VirusTotal Hash Checker Examples: Text-to-Speech ISpVoice Interface - Get installed applications - Enable/Disable Network connection PrintHookProc - WINTRUST - Mute Microphone Level - Get Connected NetWorks - Create NetWork Connection ShortCut Link to comment Share on other sites More sharing options...
trancexx Posted August 24, 2014 Share Posted August 24, 2014 I can't see any smart reason for this, unless it's for learning. In that case, you can use some online assembler (like this one) and generate opcodes yourself. Then you can write something like this: expandcollapse popup#include <Memory.au3> If @AutoItX64 Then Exit MsgBox(4096, "Bzzz...", "x86 instructions below!" & @CRLF & "Re-run script with 32-bit interpretter.") ; allocation of executable space $tCodeBuffer = _allocate_512_bytes_of_executable_code_and_get_it_to_me_as_dllstruct() ; write opcodes now: ;========================== eax = 778 ============================== DllStructSetData($tCodeBuffer, 1, _ "0x" & _ "B8" & swap_endian(778) & _ ; mov eax, 778 "C3") ; ret $iVar = DllCallAddress("int", DllStructGetPtr($tCodeBuffer))[0] ConsoleWrite("eax = " & $iVar & @CRLF) ;=================================================================== ;========================== ecx = 122 ============================== DllStructSetData($tCodeBuffer, 1, _ "0x" & _ "B9" & swap_endian(122) & _ ; mov ecx, 122 "89C8" & _ ; mov eax, ecx "C3") ; ret $iVar = DllCallAddress("int", DllStructGetPtr($tCodeBuffer))[0] ConsoleWrite("ecx = " & $iVar & @CRLF) ;=================================================================== ;========================== edx = 77692 ============================ DllStructSetData($tCodeBuffer, 1, _ "0x" & _ "BA" & swap_endian(77692) & _ ; mov edx, 77692 "89D0" & _ ; mov eax, edx "C3") ; ret $iVar = DllCallAddress("int", DllStructGetPtr($tCodeBuffer))[0] ConsoleWrite("edx = " & $iVar & @CRLF) ;=================================================================== ;========================== ebx = 234445 =========================== DllStructSetData($tCodeBuffer, 1, _ "0x" & _ "BB" & swap_endian(234445) & _ ; mov ebx, 234445 "89D8" & _ ; mov eax, ebx (8BC3) "C3") ; ret $iVar = DllCallAddress("int", DllStructGetPtr($tCodeBuffer))[0] ConsoleWrite("ebx = " & $iVar & @CRLF) ;=================================================================== ;========================== esi = 9123 ============================= DllStructSetData($tCodeBuffer, 1, _ "0x" & _ "BE" & swap_endian(9123) & _ ; mov esi, 9123 "89F0" & _ ; mov eax, esi "C3") ; ret $iVar = DllCallAddress("int", DllStructGetPtr($tCodeBuffer))[0] ConsoleWrite("esi = " & $iVar & @CRLF) ;=================================================================== ;========================== edi = 43 =============================== DllStructSetData($tCodeBuffer, 1, _ "0x" & _ "BF" & swap_endian(43) & _ ; mov edi, 43 "89F8" & _ ; mov eax, edi "C3") ; ret $iVar = DllCallAddress("int", DllStructGetPtr($tCodeBuffer))[0] ConsoleWrite("edi = " & $iVar & @CRLF) ;=================================================================== ;...etc ; normally you would free exe buffer when not needed any more (omited here just because) ; few helper functions Func _allocate_512_bytes_of_executable_code_and_get_it_to_me_as_dllstruct() Return DllStructCreate("byte[512]", _MemVirtualAlloc(0, 512, $MEM_COMMIT, $PAGE_EXECUTE_READWRITE)) EndFunc Func swap_endian($iValue) Return Hex(BinaryMid($iValue, 1, 4)) EndFunc ♡♡♡ . eMyvnE Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now