|
You last visited: Today at 17:58
Advertisement
Au3 und Assembler?
Discussion on Au3 und Assembler? within the GW Bots forum part of the Guild Wars category.
01/03/2009, 16:09
|
#1
|
elite*gold: 0 
Join Date: Aug 2006
Posts: 515
Received Thanks: 95
|
Au3 und Assembler?
Hi, ich frage mich ob man Autoit mit Assembler verbinden kann, also inlineassembler betreiben kann? Weis villeicht jemand wie das gehen könnte?
|
|
|
|
01/03/2009, 16:12
|
#2
|
elite*gold: 0
Join Date: Nov 2008
Posts: 576
Received Thanks: 191
|
ich kenn nur das
asm.au3
Code:
#include-once
Func CopyMemory($Destination, $Source, $Length)
Local $Return
$Return = DllCall("kernel32.dll", "none", "RtlMoveMemory", "ptr", $Destination, "ptr", $Source,"int", $Length)
Return $Return[0]
EndFunc ;==>CopyMemory
Func GetWindowThreadProcessId($hWnd, $lpdwProcessId)
Local $Return
$Return = DllCall("user32.dll", "int", "GetWindowThreadProcessId", "int", $hWnd, "int", $lpdwProcessId)
Return $Return[0]
EndFunc ;==>GetWindowThreadProcessId
Func CreateRemoteThread($hProcess, $lpThreadAttributes, $dwStackSize, $lpStartAddress, $lpParameter, $dwCreationFlags, $lpThreadId)
Local $Return
$Return = DllCall("kernel32.dll", "int", "CreateRemoteThread", "int", $hProcess, "ptr", $lpThreadAttributes, "int", $dwStackSize, "int", $lpStartAddress, "ptr", $lpParameter, "int", $dwCreationFlags, "int", $lpThreadId)
Return $Return[0]
EndFunc ;==>CreateRemoteThread
Func WriteProcessMemory($hProcess, $lpBaseAddress, $lpBuffer, $nSize, $lpNumberOfBytesWritten)
Global $Return
$Return = DllCall ("kernel32.dll", "int", "WriteProcessMemory", "int", $hProcess, "ptr", $lpBaseAddress, "ptr", $lpBuffer, "int", $nSize,"int", $lpNumberOfBytesWritten)
Return $Return[0]
EndFunc
Func CallWindowProc($lpPrevWndFunc, $hWnd, $Msg, $wParam, $lParam)
Local $Return
$Return = DllCall("user32.dll", "int", "CallWindowProcA", "int", $lpPrevWndFunc, "int", $hWnd, "int", $Msg, "int", $wParam, "int", $lParam)
Return $Return[0]
EndFunc ;==>CallWindowProc
Func VirtualAllocEx($hProcess, $pAddress, $iSize, $iAllocation, $iProtect)
Local $aResult = DllCall("Kernel32.dll", "ptr", "VirtualAllocEx", "int", $hProcess, "ptr", $pAddress, "int", $iSize, "int", $iAllocation, "int", $iProtect)
If @error Or Not IsArray($aResult) Then Return SetError(-1, -1, 0)
Return $aResult[0]
EndFunc ;==>VirtualAllocEx
Func VirtualFreeEx($hProcess, $pAddress, $iSize, $iFreeType)
Local $aResult = DllCall("Kernel32.dll", "ptr", "VirtualFreeEx", "hwnd", $hProcess, "ptr", $pAddress, "int", $iSize, "int", $iFreeType)
If @error Or Not IsArray($aResult) Then Return SetError(-1, -1, 0)
Return $aResult[0]
EndFunc ;==>VirtualFreeEx
Func WaitForSingleObject($hHandle, $dwMilliseconds)
Local $Return
$Return = DllCall("kernel32.dll", "int", "WaitForSingleObject", "int", $hHandle, "int", $dwMilliseconds)
Return $Return[0]
EndFunc ;==>WaitForSingleObject
Func OpenProcess($iAccess, $bInherit, $iProcessID)
Local $aResult = DllCall("Kernel32.Dll", "int", "OpenProcess", "int", $iAccess, "int", $bInherit, "int", $iProcessID)
If @error Or Not IsArray($aResult) Then Return SetError(-1, -1, 0)
Return $aResult[0]
EndFunc ;==>OpenProcess
Func CloseHandle($hObject)
Local $aResult = DllCall("Kernel32.dll", "int", "CloseHandle", "int", $hObject)
If @error Or Not IsArray($aResult) Then Return SetError(-1, -1, 0)
Return $aResult[0]
EndFunc ;==>CloseHandle
;===============================================================================
;~ Private Declare Function GetAddrOf Lib "KERNEL32" Alias "MulDiv" (nNumber As Any, Optional ByVal nNumerator As Long = 1, Optional ByVal nDenominator As Long = 1) As Long
;~ ' This is the dummy function used to get the addres of a VB variable.
Func VarPtr($v_Variable) ;VarPtr
;~ Declare Function VarPtrArray Lib "msvbvm60.dll" Alias "VarPtr" _
;~ (Var() as Any) As Long
Local $pointer ,$debug = True
$pointer = DllCall("KERNEL32.dll", "long", "MulDiv", "ptr", $v_Variable[0])
;$pointer =dllcall("msvbvm60.dll","long","VarPtr","long",$v_Variable[0])
If @error Then
If $debug Then MsgBox(0, "Error:", "Error:>" & @error & @CRLF)
Return 0
Else
Return $pointer
EndIf
EndFunc ;==>VarPtr
;=====================================================================================
;===============================================================================
Const $PAGE_EXECUTE_READWRITE = 0x40
Const $MEM_COMMIT = 0x1000
Const $MEM_RELEASE = 0x8000
Const $MEM_DECOMMIT = 0x4000
Const $PROCESS_ALL_ACCESS = 0x1F0FFF
Const $INFINITE = 0xFFFF ; Infinite timeout
Const $WAIT_TIMEOUT = 0x102
Dim $AsmCode[100]
Dim $OPcode
Dim $InjectProcess ;??????ID
Dim $tmp_Addr ;??????????
Dim $RThwnd ;?????????
;===============================================================================
Func Get_Result()
Dim $i
ReDim $AsmCode [StringLen($OPcode) / 2 - 1]
For $i = 0 To UBound($AsmCode)
$AsmCode[$i] = Int("0x" & StringMid($OPcode, $i * 2 + 1, 2))
Next
$Get_Result = CallWindowProc(VarPtr($AsmCode[0]), 0, 0, 0, 0)
EndFunc ;==>Get_Result
Func Get_Code()
$Get_Code = $OPcode
EndFunc ;==>Get_Code
;================================
Func Run_ASM2($hWnd)
Dim $i, $tmp_Addr, $RThwnd, $h, $pid
ReDim $AsmCode [StringLen ($OPcode) / 2 - 1]
For $i = 0 To UBound($AsmCode)
$AsmCode [$i] = Int("0x" & StringMid($OPcode, $i * 2 + 1, 2))
Next
GetWindowThreadProcessId($hWnd, $pid)
$h = OpenProcess($PROCESS_ALL_ACCESS, False, $pid)
$tmp_Addr = VirtualAllocEx($h, 0, UBound($AsmCode) + 1, $MEM_COMMIT, $PAGE_EXECUTE_READWRITE)
WriteProcessMemory($h, $tmp_Addr, VarPtr($AsmCode[0]), UBound($AsmCode) + 1, 0)
$RThwnd = CreateRemoteThread($h, 0, 0, $tmp_Addr, 0, 0, 0)
VirtualFreeEx($h, $tmp_Addr, UBound($AsmCode) + 1, $MEM_RELEASE)
CloseHandle($RThwnd)
CloseHandle($h)
$OPcode = ""
EndFunc ;==>Run_ASM2
;=================================
Func InjectCode($hWnd)
Dim $i, $h, $pid
ReDim $AsmCode [StringLen($OPcode) / 2 - 1]
For $i = 0 To UBound($AsmCode)
$AsmCode[$i] = Int("0x" & StringMid($OPcode, $i * 2 + 1, 2))
Next
GetWindowThreadProcessId($hWnd, $pid) ;????ID
$InjectProcess = OpenProcess($PROCESS_ALL_ACCESS, False, $pid) ;???????????
$tmp_Addr = VirtualAllocEx($InjectProcess, 0, UBound($AsmCode) + 1, _
$MEM_COMMIT, $PAGE_EXECUTE_READWRITE) ;?????????
WriteProcessMemory($InjectProcess, $tmp_Addr, VarPtr($AsmCode[0]), _
UBound($AsmCode) + 1, 0) ;?????????
EndFunc ;==>InjectCode
Func Run_ASM() ;?????????
Dim $Ret
$RThwnd = CreateRemoteThread($InjectProcess, 0, 0, $tmp_Addr, 0, 0, 0)
Do
$Ret = WaitForSingleObject($RThwnd, 50) ;??50??
;DoEvents
Until $Ret <> $WAIT_TIMEOUT
CloseHandle($RThwnd)
EndFunc ;==>Run_ASM
Func FreeMem()
VirtualFreeEx($InjectProcess, $tmp_Addr, UBound($AsmCode) + 1, $MEM_RELEASE)
CloseHandle($InjectProcess)
$OPcode = ""
$AsmCode = 0
EndFunc ;==>FreeMem
;========================================================
Func Int2Hex($Value, $n) ;?????
Dim $tmp1, $tmp2, $i
$tmp1 = StringRight("0000000" + Hex($Value), $n)
For $i = 0 To StringLen($tmp1) / 2 - 1
$tmp2 = $tmp2 + StringMid($tmp1, StringLen($tmp1) - 1 - 2 * $i, 2)
Next
$Int2Hex = $tmp2
EndFunc ;==>Int2Hex
Func Leave()
$OPcode = $OPcode + "C9"
EndFunc ;==>Leave
Func Pushad()
$OPcode = $OPcode + "60"
EndFunc ;==>Pushad
Func Popad()
$OPcode = $OPcode + "61"
EndFunc ;==>Popad
Func Nop()
$OPcode = $OPcode + "90"
EndFunc ;==>Nop
Func Ret()
$OPcode = $OPcode + "C3"
EndFunc ;==>Ret
Func RetA($i)
$OPcode = $OPcode + Int2Hex($i, 4)
EndFunc ;==>RetA
Func IN_AL_DX()
$OPcode = $OPcode + "EC"
EndFunc ;==>IN_AL_DX
Func TEST_EAX_EAX()
$OPcode = $OPcode + "85C0"
EndFunc ;==>TEST_EAX_EAX
;Add
;+++++++++++++++++++++++++++++++++++
Func Add_EAX_EDX()
$OPcode = $OPcode + "03C2"
EndFunc ;==>Add_EAX_EDX
Func Add_EBX_EAX()
$OPcode = $OPcode + "03D8"
EndFunc ;==>Add_EBX_EAX
Func Add_EAX_DWORD_Ptr($i)
$OPcode = $OPcode + "0305" + Int2Hex($i, 8)
EndFunc ;==>Add_EAX_DWORD_Ptr
Func Add_EBX_DWORD_Ptr($i)
$OPcode = $OPcode + "031D" + Int2Hex($i, 8)
EndFunc ;==>Add_EBX_DWORD_Ptr
Func Add_EBP_DWORD_Ptr($i)
$OPcode = $OPcode + "032D" + Int2Hex($i, 8)
EndFunc ;==>Add_EBP_DWORD_Ptr
Func Add_EAX($i)
$OPcode = $OPcode + "05" + Int2Hex($i, 8)
EndFunc ;==>Add_EAX
Func Add_EBX($i)
$OPcode = $OPcode + "83C3" + Int2Hex($i, 8)
EndFunc ;==>Add_EBX
Func Add_ECX($i)
$OPcode = $OPcode + "83C1" + Int2Hex($i, 8)
EndFunc ;==>Add_ECX
Func Add_EDX($i)
$OPcode = $OPcode + "83C2" + Int2Hex($i, 8)
EndFunc ;==>Add_EDX
Func Add_ESI($i)
$OPcode = $OPcode + "83C6" + Int2Hex($i, 8)
EndFunc ;==>Add_ESI
Func Add_ESP($i)
$OPcode = $OPcode + "83C4" + Int2Hex($i, 8)
EndFunc ;==>Add_ESP
;Call
;+++++++++++++++++++++++++++++++++++
Func Call_EAX()
$OPcode = $OPcode + "FFD0"
EndFunc ;==>Call_EAX
Func Call_EBX()
$OPcode = $OPcode + "FFD3"
EndFunc ;==>Call_EBX
Func Call_ECX()
$OPcode = $OPcode + "FFD1"
EndFunc ;==>Call_ECX
Func Call_EDX()
$OPcode = $OPcode + "FFD2"
EndFunc ;==>Call_EDX
Func Call_ESI()
$OPcode = $OPcode + "FFD2"
EndFunc ;==>Call_ESI
Func Call_ESP()
$OPcode = $OPcode + "FFD4"
EndFunc ;==>Call_ESP
Func Call_EBP()
$OPcode = $OPcode + "FFD5"
EndFunc ;==>Call_EBP
Func Call_EDI()
$OPcode = $OPcode + "FFD7"
EndFunc ;==>Call_EDI
Func Call_DWORD_Ptr($i)
$OPcode = $OPcode + "FF15" + Int2Hex($i, 8)
EndFunc ;==>Call_DWORD_Ptr
Func Call_DWORD_Ptr_EAX()
$OPcode = $OPcode + "FF10"
EndFunc ;==>Call_DWORD_Ptr_EAX
Func Call_DWORD_Ptr_EBX()
$OPcode = $OPcode + "FF13"
EndFunc ;==>Call_DWORD_Ptr_EBX
;Cmp
;+++++++++++++++++++++++++++++++++++
Func Cmp_EAX($i)
If $i <= 255 Then
$OPcode = $OPcode + "83F8" + Int2Hex($i, 2)
Else
$OPcode = $OPcode + "3D" + Int2Hex($i, 8)
EndIf
EndFunc ;==>Cmp_EAX
Func Cmp_EAX_EDX()
$OPcode = $OPcode + "3BC2"
EndFunc ;==>Cmp_EAX_EDX
Func Cmp_EAX_DWORD_Ptr($i)
$OPcode = $OPcode + "3B05" + Int2Hex($i, 8)
EndFunc ;==>Cmp_EAX_DWORD_Ptr
Func Cmp_DWORD_Ptr_EAX($i)
$OPcode = $OPcode + "3905" + Int2Hex($i, 8)
EndFunc ;==>Cmp_DWORD_Ptr_EAX
;DEC
;+++++++++++++++++++++++++++++++++++
Func Dec_EAX()
$OPcode = $OPcode + "48"
EndFunc ;==>Dec_EAX
Func Dec_EBX()
$OPcode = $OPcode + "4B"
EndFunc ;==>Dec_EBX
Func Dec_ECX()
$OPcode = $OPcode + "49"
EndFunc ;==>Dec_ECX
Func Dec_EDX()
$OPcode = $OPcode + "4A"
EndFunc ;==>Dec_EDX
;Idiv
;+++++++++++++++++++++++++++++++++++
Func Idiv_EAX()
$OPcode = $OPcode + "F7F8"
EndFunc ;==>Idiv_EAX
Func Idiv_EBX()
$OPcode = $OPcode + "F7FB"
EndFunc ;==>Idiv_EBX
Func Idiv_ECX()
$OPcode = $OPcode + "F7F9"
EndFunc ;==>Idiv_ECX
Func Idiv_EDX()
$OPcode = $OPcode + "F7FA"
EndFunc ;==>Idiv_EDX
;Imul
;+++++++++++++++++++++++++++++++++++
Func Imul_EAX_EDX()
$OPcode = $OPcode + "0FAFC2"
EndFunc ;==>Imul_EAX_EDX
Func Imul_EAX($i)
$OPcode = $OPcode + "6BC0" + Int2Hex($i, 2)
EndFunc ;==>Imul_EAX
Func ImulB_EAX($i)
$OPcode = $OPcode + "69C0" + Int2Hex($i, 8)
EndFunc ;==>ImulB_EAX
;INC
;+++++++++++++++++++++++++++++++++++
Func Inc_EAX()
$OPcode = $OPcode + "40"
EndFunc ;==>Inc_EAX
Func Inc_EBX()
$OPcode = $OPcode + "43"
EndFunc ;==>Inc_EBX
Func Inc_ECX()
$OPcode = $OPcode + "41"
EndFunc ;==>Inc_ECX
Func Inc_EDX()
$OPcode = $OPcode + "42"
EndFunc ;==>Inc_EDX
Func Inc_EDI()
$OPcode = $OPcode + "47"
EndFunc ;==>Inc_EDI
Func Inc_ESI()
$OPcode = $OPcode + "46"
EndFunc ;==>Inc_ESI
Func Inc_DWORD_Ptr_EAX()
$OPcode = $OPcode + "FF00"
EndFunc ;==>Inc_DWORD_Ptr_EAX
Func Inc_DWORD_Ptr_EBX()
$OPcode = $OPcode + "FF03"
EndFunc ;==>Inc_DWORD_Ptr_EBX
Func Inc_DWORD_Ptr_ECX()
$OPcode = $OPcode + "FF01"
EndFunc ;==>Inc_DWORD_Ptr_ECX
Func Inc_DWORD_Ptr_EDX()
$OPcode = $OPcode + "FF02"
EndFunc ;==>Inc_DWORD_Ptr_EDX
;JMP/JE/JNE
;+++++++++++++++++++++++++++++++++++
Func JMP_EAX()
$OPcode = $OPcode + "FFE0"
EndFunc ;==>JMP_EAX
;Mov
Func Mov_DWORD_Ptr_EAX($i)
$OPcode = $OPcode + "A3" + Int2Hex($i, 8)
EndFunc ;==>Mov_DWORD_Ptr_EAX
Func Mov_EAX($i)
$OPcode = $OPcode + "B8" + Int2Hex($i, 8)
EndFunc ;==>Mov_EAX
Func Mov_EBX($i)
$OPcode = $OPcode + "BB" + Int2Hex($i, 8)
EndFunc ;==>Mov_EBX
Func Mov_ECX($i)
$OPcode = $OPcode + "B9" + Int2Hex($i, 8)
EndFunc ;==>Mov_ECX
Func Mov_EDX($i)
$OPcode = $OPcode + "BA" + Int2Hex($i, 8)
EndFunc ;==>Mov_EDX
Func Mov_ESI($i)
$OPcode = $OPcode + "BE" + Int2Hex($i, 8)
EndFunc ;==>Mov_ESI
Func Mov_ESP($i)
$OPcode = $OPcode + "BC" + Int2Hex($i, 8)
EndFunc ;==>Mov_ESP
Func Mov_EBP($i)
$OPcode = $OPcode + "BD" + Int2Hex($i, 8)
EndFunc ;==>Mov_EBP
Func Mov_EDI($i)
$OPcode = $OPcode + "BF" + Int2Hex($i, 8)
EndFunc ;==>Mov_EDI
Func Mov_EBX_DWORD_Ptr($i)
$OPcode = $OPcode + "8B1D" + Int2Hex($i, 8)
EndFunc ;==>Mov_EBX_DWORD_Ptr
Func Mov_ECX_DWORD_Ptr($i)
$OPcode = $OPcode + "8B0D" + Int2Hex($i, 8)
EndFunc ;==>Mov_ECX_DWORD_Ptr
Func Mov_EAX_DWORD_Ptr($i)
$OPcode = $OPcode + "A1" + Int2Hex($i, 8)
EndFunc ;==>Mov_EAX_DWORD_Ptr
Func Mov_EDX_DWORD_Ptr($i)
$OPcode = $OPcode + "8B15" + Int2Hex($i, 8)
EndFunc ;==>Mov_EDX_DWORD_Ptr
Func Mov_ESI_DWORD_Ptr($i)
$OPcode = $OPcode + "8B35" + Int2Hex($i, 8)
EndFunc ;==>Mov_ESI_DWORD_Ptr
Func Mov_ESP_DWORD_Ptr($i)
$OPcode = $OPcode + "8B25" + Int2Hex($i, 8)
EndFunc ;==>Mov_ESP_DWORD_Ptr
Func Mov_EBP_DWORD_Ptr($i)
$OPcode = $OPcode + "8B2D" + Int2Hex($i, 8)
EndFunc ;==>Mov_EBP_DWORD_Ptr
Func Mov_EAX_DWORD_Ptr_EAX()
$OPcode = $OPcode + "8B00"
EndFunc ;==>Mov_EAX_DWORD_Ptr_EAX
Func Mov_EAX_DWORD_Ptr_EBP()
$OPcode = $OPcode + "8B4500"
EndFunc ;==>Mov_EAX_DWORD_Ptr_EBP
Func Mov_EAX_DWORD_Ptr_EBX()
$OPcode = $OPcode + "8B03"
EndFunc ;==>Mov_EAX_DWORD_Ptr_EBX
Func Mov_EAX_DWORD_Ptr_ECX()
$OPcode = $OPcode + "8B01"
EndFunc ;==>Mov_EAX_DWORD_Ptr_ECX
Func Mov_EAX_DWORD_Ptr_EDX()
$OPcode = $OPcode + "8B02"
EndFunc ;==>Mov_EAX_DWORD_Ptr_EDX
Func Mov_EAX_DWORD_Ptr_EDI()
$OPcode = $OPcode + "8B07"
EndFunc ;==>Mov_EAX_DWORD_Ptr_EDI
Func Mov_EAX_DWORD_Ptr_ESP()
$OPcode = $OPcode + "8B0424"
EndFunc ;==>Mov_EAX_DWORD_Ptr_ESP
Func Mov_EAX_DWORD_Ptr_ESI()
$OPcode = $OPcode + "8B06"
EndFunc ;==>Mov_EAX_DWORD_Ptr_ESI
Func Mov_EAX_DWORD_Ptr_EAX_Add($i)
If $i <= 255 Then
$OPcode = $OPcode + "8B40" + Int2Hex($i, 2)
Else
$OPcode = $OPcode + "8B80" + Int2Hex($i, 8)
EndIf
EndFunc ;==>Mov_EAX_DWORD_Ptr_EAX_Add
Func Mov_EAX_DWORD_Ptr_ESP_Add($i)
If $i <= 255 Then
$OPcode = $OPcode + "8B4424" + Int2Hex($i, 2)
Else
$OPcode = $OPcode + "8B8424" + Int2Hex($i, 8)
EndIf
EndFunc ;==>Mov_EAX_DWORD_Ptr_ESP_Add
Func Mov_EAX_DWORD_Ptr_EBX_Add($i)
If $i <= 255 Then
$OPcode = $OPcode + "8B43" + Int2Hex($i, 2)
Else
$OPcode = $OPcode + "8B83" + Int2Hex($i, 8)
EndIf
EndFunc ;==>Mov_EAX_DWORD_Ptr_EBX_Add
Func Mov_EAX_DWORD_Ptr_ECX_Add($i)
If $i <= 255 Then
$OPcode = $OPcode + "8B41" + Int2Hex($i, 2)
Else
$OPcode = $OPcode + "8B81" + Int2Hex($i, 8)
EndIf
EndFunc ;==>Mov_EAX_DWORD_Ptr_ECX_Add
Func Mov_EAX_DWORD_Ptr_EDX_Add($i)
If $i <= 255 Then
$OPcode = $OPcode + "8B42" + Int2Hex($i, 2)
Else
$OPcode = $OPcode + "8B82" + Int2Hex($i, 8)
EndIf
EndFunc ;==>Mov_EAX_DWORD_Ptr_EDX_Add
Func Mov_EAX_DWORD_Ptr_EDI_Add($i)
If $i <= 255 Then
$OPcode = $OPcode + "8B47" + Int2Hex($i, 2)
Else
$OPcode = $OPcode + "8B87" + Int2Hex($i, 8)
EndIf
EndFunc ;==>Mov_EAX_DWORD_Ptr_EDI_Add
Func Mov_EAX_DWORD_Ptr_EBP_Add($i)
If $i <= 255 Then
$OPcode = $OPcode + "8B45" + Int2Hex($i, 2)
Else
$OPcode = $OPcode + "8B85" + Int2Hex($i, 8)
EndIf
EndFunc ;==>Mov_EAX_DWORD_Ptr_EBP_Add
Func Mov_EAX_DWORD_Ptr_ESI_Add($i)
If $i <= 255 Then
$OPcode = $OPcode + "8B46" + Int2Hex($i, 2)
Else
$OPcode = $OPcode + "8B86" + Int2Hex($i, 8)
EndIf
EndFunc ;==>Mov_EAX_DWORD_Ptr_ESI_Add
Func Mov_EBX_DWORD_Ptr_EAX_Add($i)
If $i <= 255 Then
$OPcode = $OPcode + "8B58" + Int2Hex($i, 2)
Else
$OPcode = $OPcode + "8B98" + Int2Hex($i, 8)
EndIf
EndFunc ;==>Mov_EBX_DWORD_Ptr_EAX_Add
Func Mov_EBX_DWORD_Ptr_ESP_Add($i)
If $i <= 255 Then
$OPcode = $OPcode + "8B5C24" + Int2Hex($i, 2)
Else
$OPcode = $OPcode + "8B9C24" + Int2Hex($i, 8)
EndIf
EndFunc ;==>Mov_EBX_DWORD_Ptr_ESP_Add
Func Mov_EBX_DWORD_Ptr_EBX_Add($i)
If $i <= 255 Then
$OPcode = $OPcode + "8B5B" + Int2Hex($i, 2)
Else
$OPcode = $OPcode + "8B9B" + Int2Hex($i, 8)
EndIf
EndFunc ;==>Mov_EBX_DWORD_Ptr_EBX_Add
Func Mov_EBX_DWORD_Ptr_ECX_Add($i)
If $i <= 255 Then
$OPcode = $OPcode + "8B59" + Int2Hex($i, 2)
Else
$OPcode = $OPcode + "8B99" + Int2Hex($i, 8)
EndIf
EndFunc ;==>Mov_EBX_DWORD_Ptr_ECX_Add
Func Mov_EBX_DWORD_Ptr_EDX_Add($i)
If $i <= 255 Then
$OPcode = $OPcode + "8B5A" + Int2Hex($i, 2)
Else
$OPcode = $OPcode + "8B9A" + Int2Hex($i, 8)
EndIf
EndFunc ;==>Mov_EBX_DWORD_Ptr_EDX_Add
Func Mov_EBX_DWORD_Ptr_EDI_Add($i)
If $i <= 255 Then
$OPcode = $OPcode + "8B5F" + Int2Hex($i, 2)
Else
$OPcode = $OPcode + "8B9F" + Int2Hex($i, 8)
EndIf
EndFunc ;==>Mov_EBX_DWORD_Ptr_EDI_Add
Func Mov_EBX_DWORD_Ptr_EBP_Add($i)
If $i <= 255 Then
$OPcode = $OPcode + "8B5D" + Int2Hex($i, 2)
Else
$OPcode = $OPcode + "8B9D" + Int2Hex($i, 8)
EndIf
EndFunc ;==>Mov_EBX_DWORD_Ptr_EBP_Add
Func Mov_EBX_DWORD_Ptr_ESI_Add($i)
If $i <= 255 Then
$OPcode = $OPcode + "8B5E" + Int2Hex($i, 2)
Else
$OPcode = $OPcode + "8B9E" + Int2Hex($i, 8)
EndIf
EndFunc ;==>Mov_EBX_DWORD_Ptr_ESI_Add
Func Mov_ECX_DWORD_Ptr_EAX_Add($i)
If $i <= 255 Then
$OPcode = $OPcode + "8B48" + Int2Hex($i, 2)
Else
$OPcode = $OPcode + "8B88" + Int2Hex($i, 8)
EndIf
EndFunc ;==>Mov_ECX_DWORD_Ptr_EAX_Add
Func Mov_ECX_DWORD_Ptr_ESP_Add($i)
If $i <= 255 Then
$OPcode = $OPcode + "8B4C24" + Int2Hex($i, 2)
Else
$OPcode = $OPcode + "8B8C24" + Int2Hex($i, 8)
EndIf
EndFunc ;==>Mov_ECX_DWORD_Ptr_ESP_Add
Func Mov_ECX_DWORD_Ptr_EBX_Add($i)
If $i <= 255 Then
$OPcode = $OPcode + "8B4B" + Int2Hex($i, 2)
Else
$OPcode = $OPcode + "8B8B" + Int2Hex($i, 8)
EndIf
EndFunc ;==>Mov_ECX_DWORD_Ptr_EBX_Add
Func Mov_ECX_DWORD_Ptr_ECX_Add($i)
If $i <= 255 Then
$OPcode = $OPcode + "8B49" + Int2Hex($i, 2)
Else
$OPcode = $OPcode + "8B89" + Int2Hex($i, 8)
EndIf
EndFunc ;==>Mov_ECX_DWORD_Ptr_ECX_Add
Func Mov_ECX_DWORD_Ptr_EDX_Add($i)
If $i <= 255 Then
$OPcode = $OPcode + "8B4A" + Int2Hex($i, 2)
Else
$OPcode = $OPcode + "8B8A" + Int2Hex($i, 8)
EndIf
EndFunc ;==>Mov_ECX_DWORD_Ptr_EDX_Add
Func Mov_ECX_DWORD_Ptr_EDI_Add($i)
If $i <= 255 Then
$OPcode = $OPcode + "8B4F" + Int2Hex($i, 2)
Else
$OPcode = $OPcode + "8B8F" + Int2Hex($i, 8)
EndIf
EndFunc ;==>Mov_ECX_DWORD_Ptr_EDI_Add
Func Mov_ECX_DWORD_Ptr_EBP_Add($i)
If $i <= 255 Then
$OPcode = $OPcode + "8B4D" + Int2Hex($i, 2)
Else
$OPcode = $OPcode + "8B8D" + Int2Hex($i, 8)
EndIf
EndFunc ;==>Mov_ECX_DWORD_Ptr_EBP_Add
Func Mov_ECX_DWORD_Ptr_ESI_Add($i)
If $i <= 255 Then
$OPcode = $OPcode + "8B4E" + Int2Hex($i, 2)
Else
$OPcode = $OPcode + "8B8E" + Int2Hex($i, 8)
EndIf
EndFunc ;==>Mov_ECX_DWORD_Ptr_ESI_Add
Func Mov_EDX_DWORD_Ptr_EAX_Add($i)
If $i <= 255 Then
$OPcode = $OPcode + "8B50" + Int2Hex($i, 2)
Else
$OPcode = $OPcode + "8B90" + Int2Hex($i, 8)
EndIf
EndFunc ;==>Mov_EDX_DWORD_Ptr_EAX_Add
Func Mov_EDX_DWORD_Ptr_ESP_Add($i)
If $i <= 255 Then
$OPcode = $OPcode + "8B5424" + Int2Hex($i, 2)
Else
$OPcode = $OPcode + "8B9424" + Int2Hex($i, 8)
EndIf
EndFunc ;==>Mov_EDX_DWORD_Ptr_ESP_Add
Func Mov_EDX_DWORD_Ptr_EBX_Add($i)
If $i <= 255 Then
$OPcode = $OPcode + "8B53" + Int2Hex($i, 2)
Else
$OPcode = $OPcode + "8B93" + Int2Hex($i, 8)
EndIf
EndFunc ;==>Mov_EDX_DWORD_Ptr_EBX_Add
Func Mov_EDX_DWORD_Ptr_ECX_Add($i)
If $i <= 255 Then
$OPcode = $OPcode + "8B51" + Int2Hex($i, 2)
Else
$OPcode = $OPcode + "8B91" + Int2Hex($i, 8)
EndIf
EndFunc ;==>Mov_EDX_DWORD_Ptr_ECX_Add
Func Mov_EDX_DWORD_Ptr_EDX_Add($i)
If $i <= 255 Then
$OPcode = $OPcode + "8B52" + Int2Hex($i, 2)
Else
$OPcode = $OPcode + "8B92" + Int2Hex($i, 8)
EndIf
EndFunc ;==>Mov_EDX_DWORD_Ptr_EDX_Add
Func Mov_EDX_DWORD_Ptr_EDI_Add($i)
If $i <= 255 Then
$OPcode = $OPcode + "8B57" + Int2Hex($i, 2)
Else
$OPcode = $OPcode + "8B97" + Int2Hex($i, 8)
EndIf
EndFunc ;==>Mov_EDX_DWORD_Ptr_EDI_Add
Func Mov_EDX_DWORD_Ptr_EBP_Add($i)
If $i <= 255 Then
$OPcode = $OPcode + "8B55" + Int2Hex($i, 2)
Else
$OPcode = $OPcode + "8B95" + Int2Hex($i, 8)
EndIf
EndFunc ;==>Mov_EDX_DWORD_Ptr_EBP_Add
Func Mov_EDX_DWORD_Ptr_ESI_Add($i)
If $i <= 255 Then
$OPcode = $OPcode + "8B56" + Int2Hex($i, 2)
Else
$OPcode = $OPcode + "8B96" + Int2Hex($i, 8)
EndIf
EndFunc ;==>Mov_EDX_DWORD_Ptr_ESI_Add
Func Mov_EBX_DWORD_Ptr_EAX()
$OPcode = $OPcode + "8B18"
EndFunc ;==>Mov_EBX_DWORD_Ptr_EAX
Func Mov_EBX_DWORD_Ptr_EBP()
$OPcode = $OPcode + "8B5D00"
EndFunc ;==>Mov_EBX_DWORD_Ptr_EBP
Func Mov_EBX_DWORD_Ptr_EBX()
$OPcode = $OPcode + "8B1B"
EndFunc ;==>Mov_EBX_DWORD_Ptr_EBX
Func Mov_EBX_DWORD_Ptr_ECX()
$OPcode = $OPcode + "8B19"
EndFunc ;==>Mov_EBX_DWORD_Ptr_ECX
Func Mov_EBX_DWORD_Ptr_EDX()
$OPcode = $OPcode + "8B1A"
EndFunc ;==>Mov_EBX_DWORD_Ptr_EDX
Func Mov_EBX_DWORD_Ptr_EDI()
$OPcode = $OPcode + "8B1F"
EndFunc ;==>Mov_EBX_DWORD_Ptr_EDI
Func Mov_EBX_DWORD_Ptr_ESP()
$OPcode = $OPcode + "8B1C24"
EndFunc ;==>Mov_EBX_DWORD_Ptr_ESP
Func Mov_EBX_DWORD_Ptr_ESI()
$OPcode = $OPcode + "8B1E"
EndFunc ;==>Mov_EBX_DWORD_Ptr_ESI
Func Mov_ECX_DWORD_Ptr_EAX()
$OPcode = $OPcode + "8B08"
EndFunc ;==>Mov_ECX_DWORD_Ptr_EAX
Func Mov_ECX_DWORD_Ptr_EBP()
$OPcode = $OPcode + "8B4D00"
EndFunc ;==>Mov_ECX_DWORD_Ptr_EBP
Func Mov_ECX_DWORD_Ptr_EBX()
$OPcode = $OPcode + "8B0B"
EndFunc ;==>Mov_ECX_DWORD_Ptr_EBX
Func Mov_ECX_DWORD_Ptr_ECX()
$OPcode = $OPcode + "8B09"
EndFunc ;==>Mov_ECX_DWORD_Ptr_ECX
Func Mov_ECX_DWORD_Ptr_EDX()
$OPcode = $OPcode + "8B0A"
EndFunc ;==>Mov_ECX_DWORD_Ptr_EDX
Func Mov_ECX_DWORD_Ptr_EDI()
$OPcode = $OPcode + "8B0F"
EndFunc ;==>Mov_ECX_DWORD_Ptr_EDI
Func Mov_ECX_DWORD_Ptr_ESP()
$OPcode = $OPcode + "8B0C24"
EndFunc ;==>Mov_ECX_DWORD_Ptr_ESP
Func Mov_ECX_DWORD_Ptr_ESI()
$OPcode = $OPcode + "8B0E"
EndFunc ;==>Mov_ECX_DWORD_Ptr_ESI
Func Mov_EDX_DWORD_Ptr_EAX()
$OPcode = $OPcode + "8B10"
EndFunc ;==>Mov_EDX_DWORD_Ptr_EAX
Func Mov_EDX_DWORD_Ptr_EBP()
$OPcode = $OPcode + "8B5500"
EndFunc ;==>Mov_EDX_DWORD_Ptr_EBP
Func Mov_EDX_DWORD_Ptr_EBX()
$OPcode = $OPcode + "8B13"
EndFunc ;==>Mov_EDX_DWORD_Ptr_EBX
Func Mov_EDX_DWORD_Ptr_ECX()
$OPcode = $OPcode + "8B11"
EndFunc ;==>Mov_EDX_DWORD_Ptr_ECX
Func Mov_EDX_DWORD_Ptr_EDX()
$OPcode = $OPcode + "8B12"
EndFunc ;==>Mov_EDX_DWORD_Ptr_EDX
Func Mov_EDX_DWORD_Ptr_EDI()
$OPcode = $OPcode + "8B17"
EndFunc ;==>Mov_EDX_DWORD_Ptr_EDI
Func Mov_EDX_DWORD_Ptr_ESI()
$OPcode = $OPcode + "8B16"
EndFunc ;==>Mov_EDX_DWORD_Ptr_ESI
Func Mov_EDX_DWORD_Ptr_ESP()
$OPcode = $OPcode + "8B1424"
EndFunc ;==>Mov_EDX_DWORD_Ptr_ESP
Func Mov_EAX_EBP()
$OPcode = $OPcode + "8BC5"
EndFunc ;==>Mov_EAX_EBP
Func Mov_EAX_EBX()
$OPcode = $OPcode + "8BC3"
EndFunc ;==>Mov_EAX_EBX
Func Mov_EAX_ECX()
$OPcode = $OPcode + "8BC1"
EndFunc ;==>Mov_EAX_ECX
Func Mov_EAX_EDI()
$OPcode = $OPcode + "8BC7"
EndFunc ;==>Mov_EAX_EDI
Func Mov_EAX_EDX()
$OPcode = $OPcode + "8BC2"
EndFunc ;==>Mov_EAX_EDX
Func Mov_EAX_ESI()
$OPcode = $OPcode + "8BC6"
EndFunc ;==>Mov_EAX_ESI
Func Mov_EAX_ESP()
$OPcode = $OPcode + "8BC4"
EndFunc ;==>Mov_EAX_ESP
Func Mov_EBX_EBP()
$OPcode = $OPcode + "8BDD"
EndFunc ;==>Mov_EBX_EBP
Func Mov_EBX_EAX()
$OPcode = $OPcode + "8BD8"
EndFunc ;==>Mov_EBX_EAX
Func Mov_EBX_ECX()
$OPcode = $OPcode + "8BD9"
EndFunc ;==>Mov_EBX_ECX
Func Mov_EBX_EDI()
$OPcode = $OPcode + "8BDF"
EndFunc ;==>Mov_EBX_EDI
Func Mov_EBX_EDX()
$OPcode = $OPcode + "8BDA"
EndFunc ;==>Mov_EBX_EDX
Func Mov_EBX_ESI()
$OPcode = $OPcode + "8BDE"
EndFunc ;==>Mov_EBX_ESI
Func Mov_EBX_ESP()
$OPcode = $OPcode + "8BDC"
EndFunc ;==>Mov_EBX_ESP
Func Mov_ECX_EBP()
$OPcode = $OPcode + "8BCD"
EndFunc ;==>Mov_ECX_EBP
Func Mov_ECX_EAX()
$OPcode = $OPcode + "8BC8"
EndFunc ;==>Mov_ECX_EAX
Func Mov_ECX_EBX()
$OPcode = $OPcode + "8BCB"
EndFunc ;==>Mov_ECX_EBX
Func Mov_ECX_EDI()
$OPcode = $OPcode + "8BCF"
EndFunc ;==>Mov_ECX_EDI
Func Mov_ECX_EDX()
$OPcode = $OPcode + "8BCA"
EndFunc ;==>Mov_ECX_EDX
Func Mov_ECX_ESI()
$OPcode = $OPcode + "8BCE"
EndFunc ;==>Mov_ECX_ESI
Func Mov_ECX_ESP()
$OPcode = $OPcode + "8BCC"
EndFunc ;==>Mov_ECX_ESP
Func Mov_EDX_EBP()
$OPcode = $OPcode + "8BD5"
EndFunc ;==>Mov_EDX_EBP
Func Mov_EDX_EBX()
$OPcode = $OPcode + "8BD3"
EndFunc ;==>Mov_EDX_EBX
Func Mov_EDX_ECX()
$OPcode = $OPcode + "8BD1"
EndFunc ;==>Mov_EDX_ECX
Func Mov_EDX_EDI()
$OPcode = $OPcode + "8BD7"
EndFunc ;==>Mov_EDX_EDI
Func Mov_EDX_EAX()
$OPcode = $OPcode + "8BD0"
EndFunc ;==>Mov_EDX_EAX
Func Mov_EDX_ESI()
$OPcode = $OPcode + "8BD6"
EndFunc ;==>Mov_EDX_ESI
Func Mov_EDX_ESP()
$OPcode = $OPcode + "8BD4"
EndFunc ;==>Mov_EDX_ESP
Func Mov_ESI_EBP()
$OPcode = $OPcode + "8BF5"
EndFunc ;==>Mov_ESI_EBP
Func Mov_ESI_EBX()
$OPcode = $OPcode + "8BF3"
EndFunc ;==>Mov_ESI_EBX
Func Mov_ESI_ECX()
$OPcode = $OPcode + "8BF1"
EndFunc ;==>Mov_ESI_ECX
Func Mov_ESI_EDI()
$OPcode = $OPcode + "8BF7"
EndFunc ;==>Mov_ESI_EDI
Func Mov_ESI_EAX()
$OPcode = $OPcode + "8BF0"
EndFunc ;==>Mov_ESI_EAX
Func Mov_ESI_EDX()
$OPcode = $OPcode + "8BF2"
EndFunc ;==>Mov_ESI_EDX
Func Mov_ESI_ESP()
$OPcode = $OPcode + "8BF4"
EndFunc ;==>Mov_ESI_ESP
Func Mov_ESP_EBP()
$OPcode = $OPcode + "8BE5"
EndFunc ;==>Mov_ESP_EBP
Func Mov_ESP_EBX()
$OPcode = $OPcode + "8BE3"
EndFunc ;==>Mov_ESP_EBX
Func Mov_ESP_ECX()
$OPcode = $OPcode + "8BE1"
EndFunc ;==>Mov_ESP_ECX
Func Mov_ESP_EDI()
$OPcode = $OPcode + "8BE7"
EndFunc ;==>Mov_ESP_EDI
Func Mov_ESP_EAX()
$OPcode = $OPcode + "8BE0"
EndFunc ;==>Mov_ESP_EAX
Func Mov_ESP_EDX()
$OPcode = $OPcode + "8BE2"
EndFunc ;==>Mov_ESP_EDX
Func Mov_ESP_ESI()
$OPcode = $OPcode + "8BE6"
EndFunc ;==>Mov_ESP_ESI
Func Mov_EDI_EBP()
$OPcode = $OPcode + "8BFD"
EndFunc ;==>Mov_EDI_EBP
Func Mov_EDI_EAX()
$OPcode = $OPcode + "8BF8"
EndFunc ;==>Mov_EDI_EAX
Func Mov_EDI_EBX()
$OPcode = $OPcode + "8BFB"
EndFunc ;==>Mov_EDI_EBX
Func Mov_EDI_ECX()
$OPcode = $OPcode + "8BF9"
EndFunc ;==>Mov_EDI_ECX
Func Mov_EDI_EDX()
$OPcode = $OPcode + "8BFA"
EndFunc ;==>Mov_EDI_EDX
Func Mov_EDI_ESI()
$OPcode = $OPcode + "8BFE"
EndFunc ;==>Mov_EDI_ESI
Func Mov_EDI_ESP()
$OPcode = $OPcode + "8BFC"
EndFunc ;==>Mov_EDI_ESP
Func Mov_EBP_EDI()
$OPcode = $OPcode + "8BDF"
EndFunc ;==>Mov_EBP_EDI
Func Mov_EBP_EAX()
$OPcode = $OPcode + "8BE8"
EndFunc ;==>Mov_EBP_EAX
Func Mov_EBP_EBX()
$OPcode = $OPcode + "8BEB"
EndFunc ;==>Mov_EBP_EBX
Func Mov_EBP_ECX()
$OPcode = $OPcode + "8BE9"
EndFunc ;==>Mov_EBP_ECX
Func Mov_EBP_EDX()
$OPcode = $OPcode + "8BEA"
EndFunc ;==>Mov_EBP_EDX
Func Mov_EBP_ESI()
$OPcode = $OPcode + "8BEE"
EndFunc ;==>Mov_EBP_ESI
Func Mov_EBP_ESP()
$OPcode = $OPcode + "8BEC"
EndFunc ;==>Mov_EBP_ESP
;Push
;+++++++++++++++++++++++++++++++++++
Func Push($i)
;If $i <= 255 Then
;$OPcode = $OPcode + "6A" + Int2Hex($i, 2)
;Else
$OPcode = $OPcode + "68" + Int2Hex($i, 8)
;EndIf
EndFunc ;==>Push
Func Push_DWORD_Ptr($i)
$OPcode = $OPcode + "FF35" + Int2Hex($i, 8)
EndFunc ;==>Push_DWORD_Ptr
Func Push_EAX()
$OPcode = $OPcode + "50"
EndFunc ;==>Push_EAX
Func Push_ECX()
$OPcode = $OPcode + "51"
EndFunc ;==>Push_ECX
Func Push_EDX()
$OPcode = $OPcode + "52"
EndFunc ;==>Push_EDX
Func Push_EBX()
$OPcode = $OPcode + "53"
EndFunc ;==>Push_EBX
Func Push_ESP()
$OPcode = $OPcode + "54"
EndFunc ;==>Push_ESP
Func Push_EBP()
$OPcode = $OPcode + "55"
EndFunc ;==>Push_EBP
Func Push_ESI()
$OPcode = $OPcode + "56"
EndFunc ;==>Push_ESI
Func Push_EDI()
$OPcode = $OPcode + "57"
EndFunc ;==>Push_EDI
;LEA
Func Lea_EAX_DWORD_Ptr_EAX_Add($i)
If $i <= 255 Then
$OPcode = $OPcode + "8D40" + Int2Hex($i, 2)
Else
$OPcode = $OPcode + "8D80" + Int2Hex($i, 8)
EndIf
EndFunc ;==>Lea_EAX_DWORD_Ptr_EAX_Add
Func Lea_EAX_DWORD_Ptr_EBX_Add($i)
If $i <= 255 Then
$OPcode = $OPcode + "8D43" + Int2Hex($i, 2)
Else
$OPcode = $OPcode + "8D83" + Int2Hex($i, 8)
EndIf
EndFunc ;==>Lea_EAX_DWORD_Ptr_EBX_Add
Func Lea_EAX_DWORD_Ptr_ECX_Add($i)
If $i <= 255 Then
$OPcode = $OPcode + "8D41" + Int2Hex($i, 2)
Else
$OPcode = $OPcode + "8D81" + Int2Hex($i, 8)
EndIf
EndFunc ;==>Lea_EAX_DWORD_Ptr_ECX_Add
Func Lea_EAX_DWORD_Ptr_EDX_Add($i)
If $i <= 255 Then
$OPcode = $OPcode + "8D42" + Int2Hex($i, 2)
Else
$OPcode = $OPcode + "8D82" + Int2Hex($i, 8)
EndIf
EndFunc ;==>Lea_EAX_DWORD_Ptr_EDX_Add
Func Lea_EAX_DWORD_Ptr_ESI_Add($i)
If $i <= 255 Then
$OPcode = $OPcode + "8D46" + Int2Hex($i, 2)
Else
$OPcode = $OPcode + "8D86" + Int2Hex($i, 8)
EndIf
EndFunc ;==>Lea_EAX_DWORD_Ptr_ESI_Add
Func Lea_EAX_DWORD_Ptr_ESP_Add($i)
If $i <= 255 Then
$OPcode = $OPcode + "8D40" + Int2Hex($i, 2)
Else
$OPcode = $OPcode + "8D80" + Int2Hex($i, 8)
EndIf
EndFunc ;==>Lea_EAX_DWORD_Ptr_ESP_Add
Func Lea_EAX_DWORD_Ptr_EBP_Add($i)
If $i <= 255 Then
$OPcode = $OPcode + "8D4424" + Int2Hex($i, 2)
Else
$OPcode = $OPcode + "8D8424" + Int2Hex($i, 8)
EndIf
EndFunc ;==>Lea_EAX_DWORD_Ptr_EBP_Add
Func Lea_EAX_DWORD_Ptr_EDI_Add($i)
If $i <= 255 Then
$OPcode = $OPcode + "8D47" + Int2Hex($i, 2)
Else
$OPcode = $OPcode + "8D87" + Int2Hex($i, 8)
EndIf
EndFunc ;==>Lea_EAX_DWORD_Ptr_EDI_Add
Func Lea_EBX_DWORD_Ptr_EAX_Add($i)
If $i <= 255 Then
$OPcode = $OPcode + "8D58" + Int2Hex($i, 2)
Else
$OPcode = $OPcode + "8D98" + Int2Hex($i, 8)
EndIf
EndFunc ;==>Lea_EBX_DWORD_Ptr_EAX_Add
Func Lea_EBX_DWORD_Ptr_ESP_Add($i)
If $i <= 255 Then
$OPcode = $OPcode + "8D5C24" + Int2Hex($i, 2)
Else
$OPcode = $OPcode + "8D9C24" + Int2Hex($i, 8)
EndIf
EndFunc ;==>Lea_EBX_DWORD_Ptr_ESP_Add
Func Lea_EBX_DWORD_Ptr_EBX_Add($i)
If $i <= 255 Then
$OPcode = $OPcode + "8D5B" + Int2Hex($i, 2)
Else
$OPcode = $OPcode + "8D9B" + Int2Hex($i, 8)
EndIf
EndFunc ;==>Lea_EBX_DWORD_Ptr_EBX_Add
Func Lea_EBX_DWORD_Ptr_ECX_Add($i)
If $i <= 255 Then
$OPcode = $OPcode + "8D59" + Int2Hex($i, 2)
Else
$OPcode = $OPcode + "8D99" + Int2Hex($i, 8)
EndIf
EndFunc ;==>Lea_EBX_DWORD_Ptr_ECX_Add
Func Lea_EBX_DWORD_Ptr_EDX_Add($i)
If $i <= 255 Then
$OPcode = $OPcode + "8D5A" + Int2Hex($i, 2)
Else
$OPcode = $OPcode + "8D9A" + Int2Hex($i, 8)
EndIf
EndFunc ;==>Lea_EBX_DWORD_Ptr_EDX_Add
Func Lea_EBX_DWORD_Ptr_EDI_Add($i)
If $i <= 255 Then
$OPcode = $OPcode + "8D5F" + Int2Hex($i, 2)
Else
$OPcode = $OPcode + "8D9F" + Int2Hex($i, 8)
EndIf
EndFunc ;==>Lea_EBX_DWORD_Ptr_EDI_Add
Func Lea_EBX_DWORD_Ptr_EBP_Add($i)
If $i <= 255 Then
$OPcode = $OPcode + "8D5D" + Int2Hex($i, 2)
Else
$OPcode = $OPcode + "8D9D" + Int2Hex($i, 8)
EndIf
EndFunc ;==>Lea_EBX_DWORD_Ptr_EBP_Add
Func Lea_EBX_DWORD_Ptr_ESI_Add($i)
If $i <= 255 Then
$OPcode = $OPcode + "8D5E" + Int2Hex($i, 2)
Else
$OPcode = $OPcode + "8D9E" + Int2Hex($i, 8)
EndIf
EndFunc ;==>Lea_EBX_DWORD_Ptr_ESI_Add
Func Lea_ECX_DWORD_Ptr_EAX_Add($i)
If $i <= 255 Then
$OPcode = $OPcode + "8D48" + Int2Hex($i, 2)
Else
$OPcode = $OPcode + "8D88" + Int2Hex($i, 8)
EndIf
EndFunc ;==>Lea_ECX_DWORD_Ptr_EAX_Add
Func Lea_ECX_DWORD_Ptr_ESP_Add($i)
If $i <= 255 Then
$OPcode = $OPcode + "8D4C24" + Int2Hex($i, 2)
Else
$OPcode = $OPcode + "8D8C24" + Int2Hex($i, 8)
EndIf
EndFunc ;==>Lea_ECX_DWORD_Ptr_ESP_Add
Func Lea_ECX_DWORD_Ptr_EBX_Add($i)
If $i <= 255 Then
$OPcode = $OPcode + "8D4B" + Int2Hex($i, 2)
Else
$OPcode = $OPcode + "8D8B" + Int2Hex($i, 8)
EndIf
EndFunc ;==>Lea_ECX_DWORD_Ptr_EBX_Add
Func Lea_ECX_DWORD_Ptr_ECX_Add($i)
If $i <= 255 Then
$OPcode = $OPcode + "8D49" + Int2Hex($i, 2)
Else
$OPcode = $OPcode + "8D89" + Int2Hex($i, 8)
EndIf
EndFunc ;==>Lea_ECX_DWORD_Ptr_ECX_Add
Func Lea_ECX_DWORD_Ptr_EDX_Add($i)
If $i <= 255 Then
$OPcode = $OPcode + "8D4A" + Int2Hex($i, 2)
Else
$OPcode = $OPcode + "8D8A" + Int2Hex($i, 8)
EndIf
EndFunc ;==>Lea_ECX_DWORD_Ptr_EDX_Add
Func Lea_ECX_DWORD_Ptr_EDI_Add($i)
If $i <= 255 Then
$OPcode = $OPcode + "8D4F" + Int2Hex($i, 2)
Else
$OPcode = $OPcode + "8D8F" + Int2Hex($i, 8)
EndIf
EndFunc ;==>Lea_ECX_DWORD_Ptr_EDI_Add
Func Lea_ECX_DWORD_Ptr_EBP_Add($i)
If $i <= 255 Then
$OPcode = $OPcode + "8D4D" + Int2Hex($i, 2)
Else
$OPcode = $OPcode + "8D8D" + Int2Hex($i, 8)
EndIf
EndFunc ;==>Lea_ECX_DWORD_Ptr_EBP_Add
Func Lea_ECX_DWORD_Ptr_ESI_Add($i)
If $i <= 255 Then
$OPcode = $OPcode + "8D4E" + Int2Hex($i, 2)
Else
$OPcode = $OPcode + "8D8E" + Int2Hex($i, 8)
EndIf
EndFunc ;==>Lea_ECX_DWORD_Ptr_ESI_Add
Func Lea_EDX_DWORD_Ptr_EAX_Add($i)
If $i <= 255 Then
$OPcode = $OPcode + "8D50" + Int2Hex($i, 2)
Else
$OPcode = $OPcode + "8D90" + Int2Hex($i, 8)
EndIf
EndFunc ;==>Lea_EDX_DWORD_Ptr_EAX_Add
Func Lea_EDX_DWORD_Ptr_ESP_Add($i)
If $i <= 255 Then
$OPcode = $OPcode + "8D5424" + Int2Hex($i, 2)
Else
$OPcode = $OPcode + "8D9424" + Int2Hex($i, 8)
EndIf
EndFunc ;==>Lea_EDX_DWORD_Ptr_ESP_Add
Func Lea_EDX_DWORD_Ptr_EBX_Add($i)
If $i <= 255 Then
$OPcode = $OPcode + "8D53" + Int2Hex($i, 2)
Else
$OPcode = $OPcode + "8D93" + Int2Hex($i, 8)
EndIf
EndFunc ;==>Lea_EDX_DWORD_Ptr_EBX_Add
Func Lea_EDX_DWORD_Ptr_ECX_Add($i)
If $i <= 255 Then
$OPcode = $OPcode + "8D51" + Int2Hex($i, 2)
Else
$OPcode = $OPcode + "8D91" + Int2Hex($i, 8)
EndIf
EndFunc ;==>Lea_EDX_DWORD_Ptr_ECX_Add
Func Lea_EDX_DWORD_Ptr_EDX_Add($i)
If $i <= 255 Then
$OPcode = $OPcode + "8D52" + Int2Hex($i, 2)
Else
$OPcode = $OPcode + "8D92" + Int2Hex($i, 8)
EndIf
EndFunc ;==>Lea_EDX_DWORD_Ptr_EDX_Add
Func Lea_EDX_DWORD_Ptr_EDI_Add($i)
If $i <= 255 Then
$OPcode = $OPcode + "8D57" + Int2Hex($i, 2)
Else
$OPcode = $OPcode + "8D97" + Int2Hex($i, 8)
EndIf
EndFunc ;==>Lea_EDX_DWORD_Ptr_EDI_Add
Func Lea_EDX_DWORD_Ptr_EBP_Add($i)
If $i <= 255 Then
$OPcode = $OPcode + "8D55" + Int2Hex($i, 2)
Else
$OPcode = $OPcode + "8D95" + Int2Hex($i, 8)
EndIf
EndFunc ;==>Lea_EDX_DWORD_Ptr_EBP_Add
Func Lea_EDX_DWORD_Ptr_ESI_Add($i)
If $i <= 255 Then
$OPcode = $OPcode + "8D56" + Int2Hex($i, 2)
Else
$OPcode = $OPcode + "8D96" + Int2Hex($i, 8)
EndIf
EndFunc ;==>Lea_EDX_DWORD_Ptr_ESI_Add
;POP
Func Pop_EAX()
$OPcode = $OPcode + "58"
EndFunc ;==>Pop_EAX
Func Pop_EBX()
$OPcode = $OPcode + "5B"
EndFunc ;==>Pop_EBX
Func Pop_ECX()
$OPcode = $OPcode + "59"
EndFunc ;==>Pop_ECX
Func Pop_EDX()
$OPcode = $OPcode + "5A"
EndFunc ;==>Pop_EDX
Func Pop_ESI()
$OPcode = $OPcode + "5E"
EndFunc ;==>Pop_ESI
Func Pop_ESP()
$OPcode = $OPcode + "5C"
EndFunc ;==>Pop_ESP
Func Pop_EDI()
$OPcode = $OPcode + "5F"
EndFunc ;==>Pop_EDI
Func Pop_EBP()
$OPcode = $OPcode + "5D"
EndFunc ;==>Pop_EBP
Func Ptr(ByRef $Add)
$Ptr = VarPtr($Add)
EndFunc ;==>Ptr
Func Float4Int($Ans) ;?????
Dim $AB, $a
CopyMemory($AB, $Ans, 4)
$Float4Int = $AB
EndFunc ;==>Float4Int
;Func Float8Int(ByRef Ans) ;?????
; Dim AB As Long
; CopyMemory AB, Ans, 8
; Float8Int = AB
;EndFunc
|
|
|
|
|
01/03/2009, 16:16
|
#3
|
elite*gold: 0
Join Date: Jan 2007
Posts: 1,753
Received Thanks: 443
|
|
|
|
|
|
01/03/2009, 16:24
|
#4
|
elite*gold: 0
Join Date: Aug 2006
Posts: 515
Received Thanks: 95
|
Hm cool 
|
|
|
|
|
01/03/2009, 22:08
|
#5
|
elite*gold: 0
Join Date: Jul 2008
Posts: 271
Received Thanks: 12
|
was hat man jetzt dadurch genau für vorteile kenne mich nicht genau mit dem assembler system aus^^
|
|
|
|
|
01/03/2009, 22:18
|
#6
|
elite*gold: 0
Join Date: Apr 2008
Posts: 1,874
Received Thanks: 213
|
Soweit ich weiss ist assambler vieeell schneller
|
|
|
|
|
01/03/2009, 22:54
|
#7
|
elite*gold: 0
Join Date: Aug 2006
Posts: 515
Received Thanks: 95
|
Naja wenn man das über Au3 benutzt nicht, jedoch hat man dann die Macht!
|
|
|
|
|
01/04/2009, 17:29
|
#8
|
elite*gold: 0
Join Date: Jul 2008
Posts: 271
Received Thanks: 12
|
Welche macht :-D woltle eig nur wissen was man dann so für vorteile hat :-D nicht was starwars mäsiges oder so *gg*
|
|
|
|
|
01/04/2009, 18:11
|
#9
|
elite*gold: 0
Join Date: Aug 2006
Posts: 515
Received Thanks: 95
|
Das ist auch nid Star Wars mäsig^^, mit Assembler kannst du alles am PC machen. Ein Assemblerbefehl entspricht einem Maschinenbefehl, deswegen ist es auch so schnell. Du kannst Sachen programieren ohne den Schlack mit rein zu packen  .
Hier ein Beispiel in MASM für Hello World
Code:
DATA SEGMENT ;- Beginn des Datensegments
Meldung db "Hello World" ;- Die Zeichenkette "Hello World"
db "$" ;- Endzeichen der Zeichenkette
DATA ENDS ;- Ende des Datensegment
CODE SEGMENT ;- Beginn des Codesegements
ASSUME CS:CODE,DS:DATA ;- Dem Assembler die Segmente mitteilen
Anfang: ;- Label für den Anfang des Programms
mov ax, DATA ;- das Daten...
mov ds, ax ; ...segment laden
mov dx, offset Meldung ;- den Text in das Datenregister laden
mov ah, 09h ;- dem Betriebssystem mitteilen, was wir wollen
int 21h ;- diesen Befehl ausführen (hier Ausgabe des Texts)
mov ax, 4C00h ;- dem Betriebssystem wieder mitteilen, was wir wollen
int 21h ;- diesen Befehl wieder ausführen (Programm beenden)
CODE ENDS ;- Ende des Codesegments
END Anfang ;- dem Assembler das Ende des Labels Anfang mitteilen
|
|
|
|
|
01/05/2009, 02:20
|
#10
|
elite*gold: 0
Join Date: Jun 2006
Posts: 239
Received Thanks: 31
|
Beim Botcoding mit AutoIt doch wohl eher für die Katz oder?
|
|
|
|
|
01/05/2009, 10:31
|
#11
|
elite*gold: 0
Join Date: Apr 2006
Posts: 1,722
Received Thanks: 476
|
Quote:
Originally Posted by Illuminatus
Beim Botcoding mit AutoIt doch wohl eher für die Katz oder?
|
Wenn du das so siehst 
|
|
|
|
|
01/05/2009, 13:36
|
#12
|
elite*gold: 0
Join Date: Jun 2006
Posts: 239
Received Thanks: 31
|
Quote:
Originally Posted by blauwiggle
Wenn du das so siehst |
Ist dem nicht so? Wenn der einzige Grund Geschwindigkeit ist (was bei einem Bot wohl eher irrelevant ist), kann man sich das umständliche asm doch schenken...
Und für alles, was tiefer geht als ControlSend(), (hooking, detouring usw.) würde ich auf c/c++ umsteigen...
Seh ich das falsch? Erweitere meinen horizont!
|
|
|
|
|
01/06/2009, 19:34
|
#13
|
elite*gold: 0
Join Date: Jan 2007
Posts: 1,753
Received Thanks: 443
|
Quote:
|
Und für alles, was tiefer geht als ControlSend(), (hooking, detouring usw.) würde ich auf c/c++ umsteigen...
|
wozu neue syntax lernen wenn der asm code immer asm code bleibt 
|
|
|
|
|
01/06/2009, 22:17
|
#14
|
elite*gold: 0
Join Date: Jun 2006
Posts: 239
Received Thanks: 31
|
Neuer Syntax? Also bitte... Soviel kommt da auch net dazu...
Nuja, ich seh den Sinn dahinter immernoch net :-)
|
|
|
|
|
01/07/2009, 20:55
|
#15
|
elite*gold: 0
Join Date: Jan 2007
Posts: 1,753
Received Thanks: 443
|
stell dir vor du hast nen umfangreichen bot in au3 geschrieben, brauchst aber ne funktion die nur über asm geht
warum dann nicht einfach die func in asm schreiben ?
statt umständlich in c ne exe oder dll ? die dann geladen werden muss ?
|
|
|
|
 |
|
Similar Threads
|
Assembler Befehle :D HELP ME!!!
05/18/2010 - General Coding - 12 Replies
Also wenn ich das jetzt richtig verstanden habe Startet der Patcher eines Spiels am Ende Das Anticheat system (wenn es eins beim spiel gibt) und für
diesen Start(vom Anticheat System) Gibt es ja Assembler Befehle die An Bestimmten Stellen in Hexadressen stehen so jetzt meine Fragen :D
1. Sind diese Befehle immer anders Anderer Prozess soll gestartet werden andere Adresse?
2. Wie heißt der Nop Assembler Befehl
3. Also ich stelle mir das so vor^^:Adressen zum starten von HackShield oder...
|
Assembler
04/19/2010 - General Coding - 9 Replies
Hallo und guten Morgen|Tag|Abend,
ich schreibe gerade an einen TeleportHack in CS:S.
So nun hab ich die Addressen die mithilfe von
WriteProcessMemory geändert werden.
Das Problem ist, das das spiel so schnell die werte ändert,
dass ich mich nur ca. 10ingame Meter bewege und dan sofort wieder zurück.
|
Assembler erlernen
03/17/2010 - General Coding - 23 Replies
Hey Leute,
ich bin neu hier=)
Ich würde gerne Assembler lernen.
Habe schon Erfahrung in C++.
Ich kann mich jedoch schon seit einer Woche nicht entscheiden welchen Assembler ich nehmen soll, auch weil ich bisher für keinen ein richtiges Anfängertutorial gefunden habe=(
Was würdet ihr mir empfehlen?
NASM, FASM? oder sonst was?
MASM wollt ich eg nicht, ist wieder so Microsoft spezifisch...:D
Ihr im Forum ist ja ein Tutorial verlinkt für TASM, wär das zu empfehlen?
Jedoch ist doch TASM...
|
Assembler
02/26/2010 - General Coding - 4 Replies
hey leute,
ich wollte gern Anfangen in Assembler (MASM) zu proggen (hab schon einbisschen Kenntnisse in C++ und Python) hab auch schon den MASM64 Assembler gedownloadet (hab einen 64bit).
ich hab auch ein kleines hello_wolrd! programm geschrieben, hab es dann
mit Notepad++ als hello_world.asm abgespeichert, aber jetzt weiß ich nicht mehr weiter^^, (wie "linke" ich die Datei???)
würde mich freuen, wenn mir jemand helfen könnte^^
*kennt jemand noch ein gutes MASM-Tutorial? (in Deutsch...
|
Assembler
08/04/2009 - General Coding - 9 Replies
Hallo,
kennt jemand ein gutes oder gute Tutorials über Assembler??
Bin kein Pro in Sachen Programmieren, also sollte es nicht so schwer sein.
(ich weiss, dass es nicht leicht ist ASM zu lernen)
Vielleicht kann mir jemand die Programme sagen, die ich brauche um ein ASM Programm zuschreiben??
Danke im Voraus!!!!!!
:handsdown::handsdown::confused:
|
All times are GMT +2. The time now is 17:58.
|
|
