giangnguyen Posted July 7, 2016 Share Posted July 7, 2016 (edited) deleted Edited March 1, 2017 by giangnguyen Link to comment Share on other sites More sharing options...
Danyfirex Posted July 7, 2016 Share Posted July 7, 2016 Saludos Danysys.com AutoIt... UDFs: VirusTotal API 2.0 UDF - libZPlay UDF - Apps: Guitar Tab Tester - VirusTotal Hash Checker Examples: Text-to-Speech ISpVoice Interface - Get installed applications - Enable/Disable Network connection PrintHookProc - WINTRUST - Mute Microphone Level - Get Connected NetWorks - Create NetWork Connection ShortCut Link to comment Share on other sites More sharing options...
AndyG Posted July 7, 2016 Share Posted July 7, 2016 Hi, why do you want to use assembler to make a " mov eax,pe call eax"? This could be done easily with native AutoIt functions DllCall() or/and DllCallAddress() . If you want to create your own Assembler-Functions, take a look at AssembleIt(). It has an integrated debugger, you can use AutoIt-variables within the asm-code, use could macros and you can assemble your code to "standalone"-opcodes where can be called by DllCallAddress() (no need of AssembleIt() in this case) Link to comment Share on other sites More sharing options...
giangnguyen Posted July 7, 2016 Author Share Posted July 7, 2016 (edited) delted Edited March 1, 2017 by giangnguyen Link to comment Share on other sites More sharing options...
AndyG Posted July 7, 2016 Share Posted July 7, 2016 Did you ever read the helpfile? If you want to call a function, first you need is.....a function (that´s where the (base) adress is come from, the "pe" in your first post.) The most functions have some parameters, what are the parameters of your function? Where did the "pe" come from? If you want some help, first you have to give (us) some (as much as possible) informations! 1 hour ago, giangnguyen said: All I am interested in is executing that ASM snippet ok, but don´t ask for help any more if it crashes your script...$pe is the address dllcalladdress("none",$pe) Link to comment Share on other sites More sharing options...
giangnguyen Posted July 7, 2016 Author Share Posted July 7, 2016 (edited) deleted Edited March 1, 2017 by giangnguyen Link to comment Share on other sites More sharing options...
AndyG Posted July 8, 2016 Share Posted July 8, 2016 (edited) 15 hours ago, giangnguyen said: $pe is the address that I obtained from calling VirtualAlloc which I use to allocate an executable. hmmm, it could be that i am wrong, but i think you don´t know what you are talking about... VirtualAlloc is used to allocate a piece of (empty! ) memory. If you want to call that address, what do you think will happens next? You know what a asm-"call" is in difference to a "jmp"? Ever heard about calling conventions? 15 hours ago, giangnguyen said: DllCallAddress("none",$pe) will work as long as $pe is valid right? If your program, which base address is at $pe, is so programmed that this "DllCallAddress("none",$pe)" will work, yes, that works.... Think about what you really mean with "valid". This depends on what you are expecting.... If you want another answer, describe in simple words what you WANT TO DO! Edited July 8, 2016 by AndyG Link to comment Share on other sites More sharing options...
giangnguyen Posted July 8, 2016 Author Share Posted July 8, 2016 11 hours ago, AndyG said: hmmm, it could be that i am wrong, but i think you don´t know what you are talking about... VirtualAlloc is used to allocate a piece of (empty! ) memory. If you want to call that address, what do you think will happens next? You know what a asm-"call" is in difference to a "jmp"? Ever heard about calling conventions? If your program, which base address is at $pe, is so programmed that this "DllCallAddress("none",$pe)" will work, yes, that works.... Think about what you really mean with "valid". This depends on what you are expecting.... If you want another answer, describe in simple words what you WANT TO DO! What I am doing: Read data from resource Use virtual alloc and WriteProcessMemory to write a piece of position independent executable to memory And after that I am trying to execute it. Link to comment Share on other sites More sharing options...
Moderators Melba23 Posted July 8, 2016 Moderators Share Posted July 8, 2016 giangnguyen, When you reply, please use the "Reply to this topic" button at the top of the thread or the "Reply to this topic" editor at the bottom rather than the "Quote" button - responders know what they wrote and it just pads the thread unnecessarily. Thanks in advance for your co-operation. M23 Any of my own code posted anywhere on the forum is available for use by others without any restriction of any kind Open spoiler to see my UDFs: Spoiler ArrayMultiColSort ---- Sort arrays on multiple columnsChooseFileFolder ---- Single and multiple selections from specified path treeview listingDate_Time_Convert -- Easily convert date/time formats, including the language usedExtMsgBox --------- A highly customisable replacement for MsgBoxGUIExtender -------- Extend and retract multiple sections within a GUIGUIFrame ---------- Subdivide GUIs into many adjustable framesGUIListViewEx ------- Insert, delete, move, drag, sort, edit and colour ListView itemsGUITreeViewEx ------ Check/clear parent and child checkboxes in a TreeViewMarquee ----------- Scrolling tickertape GUIsNoFocusLines ------- Remove the dotted focus lines from buttons, sliders, radios and checkboxesNotify ------------- Small notifications on the edge of the displayScrollbars ----------Automatically sized scrollbars with a single commandStringSize ---------- Automatically size controls to fit textToast -------------- Small GUIs which pop out of the notification area Link to comment Share on other sites More sharing options...
AutoBert Posted July 8, 2016 Share Posted July 8, 2016 On 7.7.2016 at 5:28 PM, giangnguyen said: Hi, I am trying to find a way to execute ASM code in AutoIt. In the hope you have a good translation-script i suggest read: https://autoit.de/index.php/Thread/84416-AssembleIt2-64-incl-Debugger-uvm/ May be good AutoIt- and ASM-skills help also. Link to comment Share on other sites More sharing options...
Danyfirex Posted July 8, 2016 Share Posted July 8, 2016 You don't need to use WriteProcessMemory. Saludos Danysys.com AutoIt... UDFs: VirusTotal API 2.0 UDF - libZPlay UDF - Apps: Guitar Tab Tester - VirusTotal Hash Checker Examples: Text-to-Speech ISpVoice Interface - Get installed applications - Enable/Disable Network connection PrintHookProc - WINTRUST - Mute Microphone Level - Get Connected NetWorks - Create NetWork Connection ShortCut Link to comment Share on other sites More sharing options...
Tekk Posted July 8, 2016 Share Posted July 8, 2016 A concise example -> #include <Memory.au3> Global $g_pTinyAdd = _MemVirtualAlloc(0, 4096, $MEM_COMMIT, $PAGE_EXECUTE_READWRITE) DllStructSetData(DllStructCreate("BYTE[7]", $g_pTinyAdd), 1, "0x" _ & "5A" _ ; pop edx & "59" _ ; pop ecx & "58" _ ; pop eax & "01C8" _ ; add eax, ecx & "FFE2" _ ; jmp edx ) ConsoleWrite(DllCallAddress("INT", $g_pTinyAdd, "INT", 10, "INT", 17)[0] & @CRLF) Link to comment Share on other sites More sharing options...
AndyG Posted July 8, 2016 Share Posted July 8, 2016 (edited) 3 hours ago, giangnguyen said: write a piece of position independent executable to memory Ok, and what´s the problem? Many times (not only here in this thread) is shown how to do this....you have to READ the given answers...but I still do not believe that you know what you are talking about, nor able to understand the given hints...never mind, last one from me, i am out. @all others, if you know something about hexspeak, have fun expandcollapse popup#AutoIt3Wrapper_UseX64=n ;#include "AssembleIt2_64.au3" #cs separatestheboysfromthemen use32 ;32-Bitmode mov edi,edx ;hard stuff is our daily job... mov eax,0xDEADBEEF ;you have to know, i am old... xor eax, 0xB1D9CBAE mov dword[edi],eax mov eax,0xA921A444 xor eax,0xC001D00D ;not to mention, mov dword[edi+4],eax mov eax,0x6FD9FA26 xor eax,0xBADA55 ;thats me, too^^ mov dword[edi+8],eax mov eax,0xBAFD6182 xor eax,0xBADC0DED ;yes thats true :o) mov dword[edi+12],eax ret #ce ;~ $code_asm = _AssembleIt2("retbinary", "separatestheboysfromthemen");returns the opcodes... ;~ ConsoleWrite('@@ Debug(' & @ScriptLineNumber & ') : $code_asm = ' & $code_asm & @CRLF & '>Error code: ' & @error & @CRLF) ;### Debug Console ; _AssembleIt2("ptr", "separatestheboysfromthemen");...or executes the code ;this is how it works...copied from console $code_asm = "0x89D7B8EFBEADDE35AECBD9B18907B844A421A9350DD001C0894704B826FAD96F3555DABA00894708B88261FDBA35ED0DDCBA89470CC3" $struct_asm = DllStructCreate("byte[" & StringLen($code_asm) / 2 - 1 & "]") ;platz für asmcode im speicher $ptr_asm = DllStructGetPtr($struct_asm) ;pointer asmcode DllStructSetData($struct_asm, 1, $code_asm) ;asmcode in struct schreiben DllCallAddress("ptr:cdecl", $ptr_asm) ;executes code MsgBox(0, 0, BinaryToString(DllStructGetData($struct_asm, 1))) ;surprise, surprise^^ Edited July 8, 2016 by AndyG Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now