format PE GUI 4.0 include 'win32ax.inc' .data szMsg db "Hello, It`s test!", 0h szTitle db "Matrix is Anywere!", 0h szHackMsg db "Matrix Has You!", 0h SpliceData db 02ch dup(0) .code proc SetSplicingHookByAddr32 addrOldFnc, addrNewFnc, addrBuffer pusha pushfd mov edi, [addrBuffer] mov ebx, edi mov edx, [addrNewFnc] mov esi, [addrOldFnc] mov ecx, 04h cld rep movsd mov Byte [ebx+010h], 0e9h mov edx, [addrNewFnc] sub edx, [addrOldFnc] sub edx, 05h mov DWord [ebx+011h], edx mov eax, [addrNewFnc] mov DWord [ebx+020h], eax mov eax, [addrOldFnc] mov DWord [ebx+024h], eax lea eax, [ebx+028h] invoke VirtualProtectEx, -1, DWord [addrOldFnc], 010h, PAGE_EXECUTE_READWRITE, eax mov edi, [addrOldFnc] lea esi, [ebx+010h] mov ecx, 04h rep movsd invoke VirtualProtectEx, -1, DWord [addrOldFnc], 010h, DWord [ebx+028h], NULL popfd popa ret endp proc UnsetSplicing32 addrBuffer pusha pushf mov ebx, [addrBuffer] invoke VirtualProtectEx, -1, DWord [ebx+024h], 010h, PAGE_EXECUTE_READWRITE, NULL cld mov ecx, 04h mov edi, [ebx+024h] lea esi, [ebx+0h] rep movsd invoke VirtualProtectEx, -1, DWord [ebx+024h], 010h, DWord [ebx+028h], NULL popf popa ret endp proc ReSplicing32 addrBuffer pusha pushf mov ebx, [addrBuffer] invoke VirtualProtectEx, -1, DWord [ebx+024h], 010h, PAGE_EXECUTE_READWRITE, NULL cld mov ecx, 04h mov edi, [ebx+024h] lea esi, [ebx+010h] rep movsd invoke VirtualProtectEx, -1, DWord [ebx+024h], 010h, DWord [ebx+028h], NULL popf popa ret endp macro stdcallOldFnc32 addrBuffer, [args] { reverse push args common mov ebx, addrBuffer call DWord [ebx+024h] } Start: invoke MessageBoxA, 0h, szMsg, szTitle, 0h stdcall SetSplicingHookByAddr32, [MessageBoxA], NewMessageBoxA, SpliceData invoke MessageBoxA, 0h, szMsg, szTitle, 0h invoke ExitProcess, 0h proc NewMessageBoxA P1, P2, P3, P4 stdcall UnsetSplicing32, SpliceData stdcallOldFnc32 SpliceData, [P1], szHackMsg, szHackMsg, [P4] stdcall ReSplicing32, SpliceData ret endp .end Start
Друзья: Всё для вебмастера | [ Реклама на форуме ] |
#1
Отправлено 07 May 2012 - 23:40
Моя учебная программа, может быть кому поможет понять ассемблер и сплайсинг:
Темы с аналогичным тегами assembler, x86, splice, asm, win32, demo
Thematic →
Программирование →
[FASM] Учебный пример сплайсинга - х64Автор movsd , 18 May 2012 assembler, x64, FASM, demo и 1 еще... |
|
|
Количество пользователей, читающих эту тему: 0
0 пользователей, 0 гостей, 0 анонимных