:)
Option Explicit
Option Base 0
'---------------------------------------------------------------------------------------
' Module : mCopyMemoryASM
' Author : Karcrack
' Date : 280710
' Purpose : A kewl RtlMoveMemory/CopyMemory replacement using ASM :)
'---------------------------------------------------------------------------------------
'USER32
Private Declare Function CallWindowProcW Lib "USER32" (ByVal lpCodePointer As Long, Optional ByVal l1 As Long, Optional ByVal l2 As Long, Optional ByVal l3 As Long, Optional ByVal l4 As Long) As Long
Private bvCode(20) As Byte
'{
' PUSH ESI
' PUSH EDI
' MOV EDI,DWORD PTR SS:[ESP+C]
' MOV ESI,DWORD PTR SS:[ESP+10]
' MOV ECX,DWORD PTR SS:[ESP+14]
' REP MOVS BYTE PTR ES:[EDI],BYTE PTR DS:[ESI]
' POP EDI
' POP ESI
' RETN 10
'}
Private bInitialized As Boolean
Public Function ASM_Initialize() As Boolean
On Error GoTo Initialize_Error
Dim i As Long
For i = 0 To 20
bvCode(i) = CByte(Choose(i + 1, &H56, &H57, &H8B, &H7C, &H24, &HC, &H8B, &H74, &H24, &H10, &H8B, &H4C, &H24, &H14, &HF3, &HA4, &H5F, &H5E, &HC2, &H10, &H0))
Next i
bInitialized = True
ASM_Initialize = True
On Error GoTo 0
Exit Function
Initialize_Error:
ASM_Initialize = False
End Function
Public Sub ASM_CopyMemory(ByVal Source As Long, ByVal Destination As Long, ByVal Length As Long)
If bInitialized = True Then
Call CallWindowProcW(VarPtr(bvCode(0)), Destination, Source, Length)
End If
End Sub
'PutMem4 Wrapper
Public Sub ASM_PutMem4(ByVal lLong As Long, ByVal Destination As Long)
Call ASM_CopyMemory(VarPtr(lLong), Destination, &H4)
End Sub
'GetMem4 Wrapper
Public Function ASM_GetMem4(ByVal Source As Long) As Long
Call ASM_CopyMemory(Source, VarPtr(ASM_GetMem4), &H4)
End Function*Actualizado
Ejemplo:
Private Sub Form_Load()
Dim x As Long
Dim y As Long
Dim i As String
Dim n As String
If ASM_Initialize = True Then
x = &H1337
Call ASM_CopyMemory(VarPtr(x), VarPtr(y), &H4)
Debug.Print Hex$(x), Hex$(y)
y = 0
Call ASM_PutMem4(x, VarPtr(y))
Debug.Print Hex$(ASM_GetMem4(VarPtr(x)))
Debug.Print Hex$(x), Hex$(y)
i = "KARCRACK_ES_GUAY!!!!!!!"
n = Space$(Len(i))
Call ASM_CopyMemory(StrPtr(i), StrPtr(n), LenB(i))
Debug.Print i
Debug.Print n
End If
End SubSaluuudos ;)
Aquí no pusistes, que no te podía preguntar como implementarlo en el runpe ehhh así que ya me vas contando >:( Jajajajajaja (L)
Muy buena tio..
Exelente Karcrack! Vas a tener que sacar un libro con tanto code interesante! ;-) :xD
Edit:
Alguien podria comentar cada linea del shellcode, aver si logro entenderlo?
'{
' PUSH ESI 'variable?
' PUSH EDI 'variable?
' MOV EDI,DWORD PTR SS:[ESP+C] 'parametro 1?
' MOV ESI,DWORD PTR SS:[ESP+10] 'parametro 2?
' MOV ECX,DWORD PTR SS:[ESP+14] 'parametro 3?
' REP MOVS BYTE PTR ES:[EDI],BYTE PTR DS:[ESI] 'esto mueve la data en mem?
' POP EDI 'fee a var?
' POP ESI 'fee a var?
' RETN 10 'retorno
'}
Soy un completo indio en ASM, solo sé un par de instrucciones $:, es parcialmnte correcto lo que puse? :D
Mas o menos, solo que el PUSH es para guardar en el Stack(Pila) un registro (en este caso ESI,EDI), luego con el POP se restaura...
CitarOption Base 0
Eso es prescindible no?¿
DoEvents¡! :P
Option Base es para definir el numero del cual partira una matrix, vector, bueno es decri si desde 0 o el 1, de forma predeterminada es 0, y este no tendria caso ponerlo por lo antes dicho!¡.
Option Explicit
Option Base 0 'Da igual si se declara en 0 (evita escribir 0 to X)
Private Sub Form_Load()
Dim aaa(10) As Long ' 0 to 10
MsgBox LBound(aaa) ' 0
End Sub
Option Explicit
Option Base 1 'Solo si se quiere indicar de forma predeterminada el inicio de una matrix en 1 (Evita escrito 1 to X)
Private Sub Form_Load()
Dim aaa(10) As Long ' 1 to 10
MsgBox LBound(aaa) ' 1
End Sub
Sangriento Infierno Lunar!¡.
A eso me referia... :P
DoEvents¡! :P