Trong Posted January 9, 2016 Share Posted January 9, 2016 Dll ASM: expandcollapse popup;********************************************************************************************** ;* Example (how to use) * ;* ------------------------------------------------------------------------------------------ * ;* search : 2A 45 EB ?? C3 ?? EF * ;* replace: 2A ?? ?? 10 33 C0 ?? * ;* * ;* .data * ;* SearchPattern db 02Ah, 045h, 0EBh, 000h, 0C3h, 000h, 0EFh * ;* SearchMask db 0, 0, 0, 1, 0, 1, 0 ;(1=Ignore Byte) * ;* * ;* ReplacePattern db 02Ah, 000h, 000h, 010h, 033h, 0C0h, 000h * ;* ReplaceMask db 0, 1, 1, 0, 0, 0, 1 ;(1=Ignore Byte) * ;* * ;* .const * ;* PatternSize equ 7 * ;* * ;* .code * ;* push -1 ;Replace Number (-1=ALL / 2=2nd match ...) * ;* push FileSize ;how many bytes to search from beginning from TargetAdress * ;* push PatternSize ;lenght of Pattern * ;* push offset ReplaceMask * ;* push offset ReplacePattern * ;* push offset SearchMask * ;* push offset SearchPattern * ;* push TargetAddress ;the memory address where the search starts * ;* call SearchAndReplace * ;* * ;* ReturnValue in eax (1=Success 0=Failed) * ;********************************************************************************************** .586 .model flat, stdcall option casemap :none SearchAndReplace PROTO :DWORD,:DWORD,:DWORD,:DWORD,:DWORD,:DWORD,:DWORD,:DWORD .code ;----this procedure is only for compiling a dll--- align 16 DllEntry proc _hinstance:DWORD, _reason:DWORD, _reserved1:DWORD mov eax,1 ;TRUE ret DllEntry endp align 16 SearchAndReplace proc _TargetAdress:dword,_SearchPattern:dword,_SearchMask:dword,_ReplacePattern:dword, _ReplaceMask:dword,_PatternSize:dword,_SearchSize:dword,_PatchNumber:dword LOCAL local_returnvalue :byte ;returns if something was patched LOCAL local_match :dword ;counts how many matches pushad mov local_returnvalue,0 mov local_match,0 mov edi,_TargetAdress mov esi,_SearchPattern mov edx,_SearchMask mov ebx,_PatternSize xor ecx,ecx .while ecx!=_SearchSize @search_again: ;---check if pattern exceed memory--- mov eax,ecx ;ecx=raw offset add eax,ebx ;raw offset + PatternSize cmp eax,_SearchSize ja @return ;if (raw offset + PatternSize) > SearchSize then bad! push ecx ;counter push esi ;searchpattern push edi ;targetaddress push edx ;SearchMask mov ecx,ebx ;ebx=PatternSize @cmp_mask: test ecx,ecx je @pattern_found cmp byte ptr[edx],1 ;SearchMask je @ignore lodsb ;load searchbyte to al & inc esi scasb ;cmp al,targetadressbyte & inc edi jne @skip inc edx ;SearchMask dec ecx ;PatternSize jmp @cmp_mask @ignore: inc edi ;targetadress inc esi ;searchpattern inc edx ;SearchMask dec ecx ;PatternSize jmp @cmp_mask @skip: pop edx pop edi ;targetadress pop esi ;searchpattern pop ecx inc edi ;targetadress inc ecx ;counter .endw ;---scanned whole memory size--- jmp @return @pattern_found: inc local_match pop edx pop edi ;targetadress pop esi mov eax,_PatchNumber cmp eax,-1 je @replace cmp local_match,eax je @replace pop ecx ;counter inc edi ;targetadress jmp @search_again ;---replace pattern--- @replace: mov esi,_ReplacePattern mov edx,_ReplaceMask xor ecx,ecx .while ecx!=ebx ;ebx=PatternSize @cmp_mask_2: cmp byte ptr[edx],1 je @ignore_2 lodsb ;load replacebyte to al from esi & inc esi stosb ;mov byte ptr[edi],al & inc edi jmp @nextbyte @ignore_2: inc edi ;targetadress inc esi ;ReplacePattern @nextbyte: inc edx ;ReplaceMask inc ecx ;counter .endw mov local_returnvalue,1 ;yes, something was patched ;---search again?--- pop ecx ;counter-->scanned size cmp _PatchNumber,-1 jne @return sub edi,ebx ;edi=targetadress ; countinue where stopped inc edi ;... inc ecx ;ecx=counter(pointer to offset) /bug fixed in v2.07 mov esi,_SearchPattern mov edx,_SearchMask jmp @search_again ;---return--- @return: popad movzx eax,local_returnvalue ret SearchAndReplace endp end DllEntry DEF: LIBRARY DVT_PatchEngine EXPORTS SearchAndReplace Regards, Link to comment Share on other sites More sharing options...
Danyfirex Posted January 9, 2016 Share Posted January 9, 2016 My suggestions . 1.- If you want to use that same code just use x64 register/instructions. (Not the best way if you don't know assembly)2.- You can create your own dll using C/C++. I would be easy to do that code. 2.- Or even better (if speed does not matter) Create your own one using just AutoIt. Saludos Trong 1 Danysys.com AutoIt... UDFs: VirusTotal API 2.0 UDF - libZPlay UDF - Apps: Guitar Tab Tester - VirusTotal Hash Checker Examples: Text-to-Speech ISpVoice Interface - Get installed applications - Enable/Disable Network connection PrintHookProc - WINTRUST - Mute Microphone Level - Get Connected NetWorks - Create NetWork Connection ShortCut Link to comment Share on other sites More sharing options...
AndyG Posted January 9, 2016 Share Posted January 9, 2016 Trong,show us what you have done so far, you ask for help and only post some code...This code is definitely not from you, so why don´t you ask the author if 64-bitcode is available?If you want to improve speed, use SSE/SIMD, this is 2-3 times faster than simply "translate" the code to 64bit.A dll is not necessary if you develop the code and call it directly in AutoIt via DllCallAddress(). Trong 1 Link to comment Share on other sites More sharing options...
Trong Posted January 9, 2016 Author Share Posted January 9, 2016 Well, the dependence is inconvenient.Can be run directly by the AutoIt is best.I will try to rewrite my script. Regards, Link to comment Share on other sites More sharing options...
Danyfirex Posted January 9, 2016 Share Posted January 9, 2016 If you dont want dll dependence you can hardcode. or better use raw AutoIt.Saludos Trong 1 Danysys.com AutoIt... UDFs: VirusTotal API 2.0 UDF - libZPlay UDF - Apps: Guitar Tab Tester - VirusTotal Hash Checker Examples: Text-to-Speech ISpVoice Interface - Get installed applications - Enable/Disable Network connection PrintHookProc - WINTRUST - Mute Microphone Level - Get Connected NetWorks - Create NetWork Connection ShortCut Link to comment Share on other sites More sharing options...
Danyfirex Posted January 10, 2016 Share Posted January 10, 2016 I'm curious. why you don't write that in AutoIt? Saludos Danysys.com AutoIt... UDFs: VirusTotal API 2.0 UDF - libZPlay UDF - Apps: Guitar Tab Tester - VirusTotal Hash Checker Examples: Text-to-Speech ISpVoice Interface - Get installed applications - Enable/Disable Network connection PrintHookProc - WINTRUST - Mute Microphone Level - Get Connected NetWorks - Create NetWork Connection ShortCut Link to comment Share on other sites More sharing options...
Trong Posted January 10, 2016 Author Share Posted January 10, 2016 I had written and I failed.until now I still write. Regards, Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now