Jump to content

AutoIt Inline Assembly UDF


Ward
 Share

Recommended Posts

Thanks to disasm source code by Oleh Yuschuk from http://www.ollydbg.de/.

I compiled them into a DLL and use it in this UDF.

Loot at the example script first:

#include <ASM.au3>

; Initial an asm object
Global $Asm = AsmInit()

Demo1()

Func Demo1()
; Demo 1: Using Parameters
    AsmReset($Asm)
    AsmAdd($Asm, "push ebp")
    AsmAdd($Asm, "mov ebp, esp")
    AsmAdd($Asm, "mov eax, [ebp + 08]")
    AsmAdd($Asm, "add eax, [ebp + 0c]")
    AsmAdd($Asm, "pop ebp")
    AsmAdd($Asm, "retn 8")
    ConsoleWrite(String(AsmGetBinary($Asm)) & @CRLF)
    $Ret = MemoryFuncCall("int", AsmGetPtr($Asm), "int", 1, "int", 2)
    MsgBox(0, "Demo 1: Using Parameters", "1 + 2 = " & $Ret[0])
EndFunc

; Release the asm object
AsmExit($Asm)
Exit

There are more examples including read Time-Stamp counter, using label,

call AutoIt function from assembly, and a assembly crc32 routine in the archive.

Have fun!

asm.zip

新版 _ArrayAdd 的白痴作者,不管是誰,去死一死好了

 

Link to comment
Share on other sites

Very nice, Unfortunately:

Func Demo1()
; Demo 1: Using Parameters
    $timer = TimerInit()
    AsmReset($Asm)
    AsmAdd($Asm, "push ebp")
    AsmAdd($Asm, "mov ebp, esp")
    AsmAdd($Asm, "mov eax, [ebp + 08]")
    AsmAdd($Asm, "add eax, [ebp + 0c]")
    AsmAdd($Asm, "pop ebp")
    AsmAdd($Asm, "retn 8")
    ConsoleWrite(String(AsmGetBinary($Asm)) & @CRLF)
    $Ret = MemoryFuncCall("int", AsmGetPtr($Asm), "int", 1, "int", 2)
    ConsoleWrite (TimerDiff ($timer) & "ms" & @CRLF)
    $timer = ""
    MsgBox(0, "Demo 1: Using Parameters", "1 + 2 = " & $Ret[0])
EndFunc

Result: 5.0036303630363ms

Func Demotwo()
    $timer = TimerInit()
    $t = 1 + 2
    ConsoleWrite (TimerDiff ($timer) & "ms" & @CRLF)
    $timer = ""
    MsgBox (32, "test", $t)
EndFunc

Result: 0.00672067206720672ms

Edited by Dampe
Link to comment
Share on other sites

Very nice, Unfortunately:

I don't think it is unfortunately.

This UDF assemble the code to binary machine code, and then run it. So other machine code UDF must be faster than these.

So, it is not for speed, it for powerful, and for fun. Want to get cpu's Time-Stamp Counter ? You will find assembly is the easiest way.

If you need speed, see my other post about machine code UDF or MemoryDll UDF.

Edited by Ward

新版 _ArrayAdd 的白痴作者,不管是誰,去死一死好了

 

Link to comment
Share on other sites

  • Moderators

Wow... No time this evening to play/test... but this could be huge. Thanks Ward.

Common sense plays a role in the basics of understanding AutoIt... If you're lacking in that, do us all a favor, and step away from the computer.

Link to comment
Share on other sites

I don't think it is unfortunately.

This UDF assemble the code to binary machine code, and then run it. So other machine code UDF must be faster than these.

So, it is not for speed, it for powerful, and for fun. Want to get cpu's Time-Stamp Counter ? You will find assembly is the easiest way.

If you need speed, see my other post about machine code UDF or MemoryDll UDF.

Yeah, I agree completely on the fact of it's power, I just don't think it would be efficient to use it for basic addition and subtraction / whatever else.

Nice UDF none the less :)

Link to comment
Share on other sites

Newbie question: I have found with cheat engine and address ( for example 0x6F000000) and the opcode is ''mov eax, [ebp + 08]'' and ebp + 08 is the address Im searching to read a value... is possible to determine it with this UDF?

Link to comment
Share on other sites

LOL

Nice toy! I can't imagine any practical use for it in a scripting language but hey, who says programmers are not allowed to play around?

Next challenge: write a hardware driver entirely in AutoIt script! :)

UDFS & Apps:

Spoiler

DDEML.au3 - DDE Client + Server
Localization.au3 - localize your scripts
TLI.au3 - type information on COM objects (TLBINF emulation)
TLBAutoEnum.au3 - auto-import of COM constants (enums)
AU3Automation - export AU3 scripts via COM interfaces
TypeLibInspector - OleView was yesterday

Coder's last words before final release: WE APOLOGIZE FOR INCONVENIENCE 

Link to comment
Share on other sites

Newbie question: I have found with cheat engine and address ( for example 0x6F000000) and the opcode is ''mov eax, [ebp + 08]'' and ebp + 08 is the address Im searching to read a value... is possible to determine it with this UDF?

If You are talking about reading some other process' memory - bad luck, in protected mode it is ahm... protected :) Assembler won't help You at all unless Your cheat prog is registered as a debugger.

UDFS & Apps:

Spoiler

DDEML.au3 - DDE Client + Server
Localization.au3 - localize your scripts
TLI.au3 - type information on COM objects (TLBINF emulation)
TLBAutoEnum.au3 - auto-import of COM constants (enums)
AU3Automation - export AU3 scripts via COM interfaces
TypeLibInspector - OleView was yesterday

Coder's last words before final release: WE APOLOGIZE FOR INCONVENIENCE 

Link to comment
Share on other sites

u mean SeDebugPrivileges?

I mean You need to start the cheatee or attach to it with debugging rights and Your user has to be granted the privilege to debug software in first place. From my perspective it's easier just to fire up Visual Studio (or similar) and do the dirty work from there.

UDFS & Apps:

Spoiler

DDEML.au3 - DDE Client + Server
Localization.au3 - localize your scripts
TLI.au3 - type information on COM objects (TLBINF emulation)
TLBAutoEnum.au3 - auto-import of COM constants (enums)
AU3Automation - export AU3 scripts via COM interfaces
TypeLibInspector - OleView was yesterday

Coder's last words before final release: WE APOLOGIZE FOR INCONVENIENCE 

Link to comment
Share on other sites

I just have to do ''ebp + 08'', but how to determine ebp? (let's say I have debugging rights etc...)

I may have misunderstood his UDF but I think all register content is in $Ret array after MemoryFuncCall. We'll have to figure out which one is which or wait for a reply from the author.

UDFS & Apps:

Spoiler

DDEML.au3 - DDE Client + Server
Localization.au3 - localize your scripts
TLI.au3 - type information on COM objects (TLBINF emulation)
TLBAutoEnum.au3 - auto-import of COM constants (enums)
AU3Automation - export AU3 scripts via COM interfaces
TypeLibInspector - OleView was yesterday

Coder's last words before final release: WE APOLOGIZE FOR INCONVENIENCE 

Link to comment
Share on other sites

  • 3 months later...

Can this be used to inject ASM into a live process I.E online game like wow, And as for debugging writes all you need is the new NomadMemory.au3 and use the function SETPRIVILEGE("SeDebugPrivilege", 1) and your au3 app has all the rights a debugger has... hackinggggggg :D If someone has done this please PM me or post it thanks alotttt

*WoW Dev Projects: AFK Tele Bot development journalSimple Player Pointer Scanner + Z-Teleport*My Projects: coming soon.Check out my WoW Dev wiki for patch 3.0.9!http://www.wowdev.wikidot.com

Link to comment
Share on other sites

  • 1 year later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...