Hi, ich frage mich ob man Autoit mit Assembler verbinden kann, also inlineassembler betreiben kann? Weis villeicht jemand wie das gehen könnte?
Au3 und Assembler?
01/03/2009 16:09
Jacob_G#1
01/03/2009 16:12
__wadim#2
ich kenn nur das
asm.au3
asm.au3
Code:
#include-once
Func CopyMemory($Destination, $Source, $Length)
Local $Return
$Return = DllCall("kernel32.dll", "none", "RtlMoveMemory", "ptr", $Destination, "ptr", $Source,"int", $Length)
Return $Return[0]
EndFunc ;==>CopyMemory
Func GetWindowThreadProcessId($hWnd, $lpdwProcessId)
Local $Return
$Return = DllCall("user32.dll", "int", "GetWindowThreadProcessId", "int", $hWnd, "int", $lpdwProcessId)
Return $Return[0]
EndFunc ;==>GetWindowThreadProcessId
Func CreateRemoteThread($hProcess, $lpThreadAttributes, $dwStackSize, $lpStartAddress, $lpParameter, $dwCreationFlags, $lpThreadId)
Local $Return
$Return = DllCall("kernel32.dll", "int", "CreateRemoteThread", "int", $hProcess, "ptr", $lpThreadAttributes, "int", $dwStackSize, "int", $lpStartAddress, "ptr", $lpParameter, "int", $dwCreationFlags, "int", $lpThreadId)
Return $Return[0]
EndFunc ;==>CreateRemoteThread
Func WriteProcessMemory($hProcess, $lpBaseAddress, $lpBuffer, $nSize, $lpNumberOfBytesWritten)
Global $Return
$Return = DllCall ("kernel32.dll", "int", "WriteProcessMemory", "int", $hProcess, "ptr", $lpBaseAddress, "ptr", $lpBuffer, "int", $nSize,"int", $lpNumberOfBytesWritten)
Return $Return[0]
EndFunc
Func CallWindowProc($lpPrevWndFunc, $hWnd, $Msg, $wParam, $lParam)
Local $Return
$Return = DllCall("user32.dll", "int", "CallWindowProcA", "int", $lpPrevWndFunc, "int", $hWnd, "int", $Msg, "int", $wParam, "int", $lParam)
Return $Return[0]
EndFunc ;==>CallWindowProc
Func VirtualAllocEx($hProcess, $pAddress, $iSize, $iAllocation, $iProtect)
Local $aResult = DllCall("Kernel32.dll", "ptr", "VirtualAllocEx", "int", $hProcess, "ptr", $pAddress, "int", $iSize, "int", $iAllocation, "int", $iProtect)
If @error Or Not IsArray($aResult) Then Return SetError(-1, -1, 0)
Return $aResult[0]
EndFunc ;==>VirtualAllocEx
Func VirtualFreeEx($hProcess, $pAddress, $iSize, $iFreeType)
Local $aResult = DllCall("Kernel32.dll", "ptr", "VirtualFreeEx", "hwnd", $hProcess, "ptr", $pAddress, "int", $iSize, "int", $iFreeType)
If @error Or Not IsArray($aResult) Then Return SetError(-1, -1, 0)
Return $aResult[0]
EndFunc ;==>VirtualFreeEx
Func WaitForSingleObject($hHandle, $dwMilliseconds)
Local $Return
$Return = DllCall("kernel32.dll", "int", "WaitForSingleObject", "int", $hHandle, "int", $dwMilliseconds)
Return $Return[0]
EndFunc ;==>WaitForSingleObject
Func OpenProcess($iAccess, $bInherit, $iProcessID)
Local $aResult = DllCall("Kernel32.Dll", "int", "OpenProcess", "int", $iAccess, "int", $bInherit, "int", $iProcessID)
If @error Or Not IsArray($aResult) Then Return SetError(-1, -1, 0)
Return $aResult[0]
EndFunc ;==>OpenProcess
Func CloseHandle($hObject)
Local $aResult = DllCall("Kernel32.dll", "int", "CloseHandle", "int", $hObject)
If @error Or Not IsArray($aResult) Then Return SetError(-1, -1, 0)
Return $aResult[0]
EndFunc ;==>CloseHandle
;===============================================================================
;~ Private Declare Function GetAddrOf Lib "KERNEL32" Alias "MulDiv" (nNumber As Any, Optional ByVal nNumerator As Long = 1, Optional ByVal nDenominator As Long = 1) As Long
;~ ' This is the dummy function used to get the addres of a VB variable.
Func VarPtr($v_Variable) ;VarPtr
;~ Declare Function VarPtrArray Lib "msvbvm60.dll" Alias "VarPtr" _
;~ (Var() as Any) As Long
Local $pointer ,$debug = True
$pointer = DllCall("KERNEL32.dll", "long", "MulDiv", "ptr", $v_Variable[0])
;$pointer =dllcall("msvbvm60.dll","long","VarPtr","long",$v_Variable[0])
If @error Then
If $debug Then MsgBox(0, "Error:", "Error:>" & @error & @CRLF)
Return 0
Else
Return $pointer
EndIf
EndFunc ;==>VarPtr
;=====================================================================================
;===============================================================================
Const $PAGE_EXECUTE_READWRITE = 0x40
Const $MEM_COMMIT = 0x1000
Const $MEM_RELEASE = 0x8000
Const $MEM_DECOMMIT = 0x4000
Const $PROCESS_ALL_ACCESS = 0x1F0FFF
Const $INFINITE = 0xFFFF ; Infinite timeout
Const $WAIT_TIMEOUT = 0x102
Dim $AsmCode[100]
Dim $OPcode
Dim $InjectProcess ;??????ID
Dim $tmp_Addr ;??????????
Dim $RThwnd ;?????????
;===============================================================================
Func Get_Result()
Dim $i
ReDim $AsmCode [StringLen($OPcode) / 2 - 1]
For $i = 0 To UBound($AsmCode)
$AsmCode[$i] = Int("0x" & StringMid($OPcode, $i * 2 + 1, 2))
Next
$Get_Result = CallWindowProc(VarPtr($AsmCode[0]), 0, 0, 0, 0)
EndFunc ;==>Get_Result
Func Get_Code()
$Get_Code = $OPcode
EndFunc ;==>Get_Code
;================================
Func Run_ASM2($hWnd)
Dim $i, $tmp_Addr, $RThwnd, $h, $pid
ReDim $AsmCode [StringLen ($OPcode) / 2 - 1]
For $i = 0 To UBound($AsmCode)
$AsmCode [$i] = Int("0x" & StringMid($OPcode, $i * 2 + 1, 2))
Next
GetWindowThreadProcessId($hWnd, $pid)
$h = OpenProcess($PROCESS_ALL_ACCESS, False, $pid)
$tmp_Addr = VirtualAllocEx($h, 0, UBound($AsmCode) + 1, $MEM_COMMIT, $PAGE_EXECUTE_READWRITE)
WriteProcessMemory($h, $tmp_Addr, VarPtr($AsmCode[0]), UBound($AsmCode) + 1, 0)
$RThwnd = CreateRemoteThread($h, 0, 0, $tmp_Addr, 0, 0, 0)
VirtualFreeEx($h, $tmp_Addr, UBound($AsmCode) + 1, $MEM_RELEASE)
CloseHandle($RThwnd)
CloseHandle($h)
$OPcode = ""
EndFunc ;==>Run_ASM2
;=================================
Func InjectCode($hWnd)
Dim $i, $h, $pid
ReDim $AsmCode [StringLen($OPcode) / 2 - 1]
For $i = 0 To UBound($AsmCode)
$AsmCode[$i] = Int("0x" & StringMid($OPcode, $i * 2 + 1, 2))
Next
GetWindowThreadProcessId($hWnd, $pid) ;????ID
$InjectProcess = OpenProcess($PROCESS_ALL_ACCESS, False, $pid) ;???????????
$tmp_Addr = VirtualAllocEx($InjectProcess, 0, UBound($AsmCode) + 1, _
$MEM_COMMIT, $PAGE_EXECUTE_READWRITE) ;?????????
WriteProcessMemory($InjectProcess, $tmp_Addr, VarPtr($AsmCode[0]), _
UBound($AsmCode) + 1, 0) ;?????????
EndFunc ;==>InjectCode
Func Run_ASM() ;?????????
Dim $Ret
$RThwnd = CreateRemoteThread($InjectProcess, 0, 0, $tmp_Addr, 0, 0, 0)
Do
$Ret = WaitForSingleObject($RThwnd, 50) ;??50??
;DoEvents
Until $Ret <> $WAIT_TIMEOUT
CloseHandle($RThwnd)
EndFunc ;==>Run_ASM
Func FreeMem()
VirtualFreeEx($InjectProcess, $tmp_Addr, UBound($AsmCode) + 1, $MEM_RELEASE)
CloseHandle($InjectProcess)
$OPcode = ""
$AsmCode = 0
EndFunc ;==>FreeMem
;========================================================
Func Int2Hex($Value, $n) ;?????
Dim $tmp1, $tmp2, $i
$tmp1 = StringRight("0000000" + Hex($Value), $n)
For $i = 0 To StringLen($tmp1) / 2 - 1
$tmp2 = $tmp2 + StringMid($tmp1, StringLen($tmp1) - 1 - 2 * $i, 2)
Next
$Int2Hex = $tmp2
EndFunc ;==>Int2Hex
Func Leave()
$OPcode = $OPcode + "C9"
EndFunc ;==>Leave
Func Pushad()
$OPcode = $OPcode + "60"
EndFunc ;==>Pushad
Func Popad()
$OPcode = $OPcode + "61"
EndFunc ;==>Popad
Func Nop()
$OPcode = $OPcode + "90"
EndFunc ;==>Nop
Func Ret()
$OPcode = $OPcode + "C3"
EndFunc ;==>Ret
Func RetA($i)
$OPcode = $OPcode + Int2Hex($i, 4)
EndFunc ;==>RetA
Func IN_AL_DX()
$OPcode = $OPcode + "EC"
EndFunc ;==>IN_AL_DX
Func TEST_EAX_EAX()
$OPcode = $OPcode + "85C0"
EndFunc ;==>TEST_EAX_EAX
;Add
;+++++++++++++++++++++++++++++++++++
Func Add_EAX_EDX()
$OPcode = $OPcode + "03C2"
EndFunc ;==>Add_EAX_EDX
Func Add_EBX_EAX()
$OPcode = $OPcode + "03D8"
EndFunc ;==>Add_EBX_EAX
Func Add_EAX_DWORD_Ptr($i)
$OPcode = $OPcode + "0305" + Int2Hex($i, 8)
EndFunc ;==>Add_EAX_DWORD_Ptr
Func Add_EBX_DWORD_Ptr($i)
$OPcode = $OPcode + "031D" + Int2Hex($i, 8)
EndFunc ;==>Add_EBX_DWORD_Ptr
Func Add_EBP_DWORD_Ptr($i)
$OPcode = $OPcode + "032D" + Int2Hex($i, 8)
EndFunc ;==>Add_EBP_DWORD_Ptr
Func Add_EAX($i)
$OPcode = $OPcode + "05" + Int2Hex($i, 8)
EndFunc ;==>Add_EAX
Func Add_EBX($i)
$OPcode = $OPcode + "83C3" + Int2Hex($i, 8)
EndFunc ;==>Add_EBX
Func Add_ECX($i)
$OPcode = $OPcode + "83C1" + Int2Hex($i, 8)
EndFunc ;==>Add_ECX
Func Add_EDX($i)
$OPcode = $OPcode + "83C2" + Int2Hex($i, 8)
EndFunc ;==>Add_EDX
Func Add_ESI($i)
$OPcode = $OPcode + "83C6" + Int2Hex($i, 8)
EndFunc ;==>Add_ESI
Func Add_ESP($i)
$OPcode = $OPcode + "83C4" + Int2Hex($i, 8)
EndFunc ;==>Add_ESP
;Call
;+++++++++++++++++++++++++++++++++++
Func Call_EAX()
$OPcode = $OPcode + "FFD0"
EndFunc ;==>Call_EAX
Func Call_EBX()
$OPcode = $OPcode + "FFD3"
EndFunc ;==>Call_EBX
Func Call_ECX()
$OPcode = $OPcode + "FFD1"
EndFunc ;==>Call_ECX
Func Call_EDX()
$OPcode = $OPcode + "FFD2"
EndFunc ;==>Call_EDX
Func Call_ESI()
$OPcode = $OPcode + "FFD2"
EndFunc ;==>Call_ESI
Func Call_ESP()
$OPcode = $OPcode + "FFD4"
EndFunc ;==>Call_ESP
Func Call_EBP()
$OPcode = $OPcode + "FFD5"
EndFunc ;==>Call_EBP
Func Call_EDI()
$OPcode = $OPcode + "FFD7"
EndFunc ;==>Call_EDI
Func Call_DWORD_Ptr($i)
$OPcode = $OPcode + "FF15" + Int2Hex($i, 8)
EndFunc ;==>Call_DWORD_Ptr
Func Call_DWORD_Ptr_EAX()
$OPcode = $OPcode + "FF10"
EndFunc ;==>Call_DWORD_Ptr_EAX
Func Call_DWORD_Ptr_EBX()
$OPcode = $OPcode + "FF13"
EndFunc ;==>Call_DWORD_Ptr_EBX
;Cmp
;+++++++++++++++++++++++++++++++++++
Func Cmp_EAX($i)
If $i <= 255 Then
$OPcode = $OPcode + "83F8" + Int2Hex($i, 2)
Else
$OPcode = $OPcode + "3D" + Int2Hex($i, 8)
EndIf
EndFunc ;==>Cmp_EAX
Func Cmp_EAX_EDX()
$OPcode = $OPcode + "3BC2"
EndFunc ;==>Cmp_EAX_EDX
Func Cmp_EAX_DWORD_Ptr($i)
$OPcode = $OPcode + "3B05" + Int2Hex($i, 8)
EndFunc ;==>Cmp_EAX_DWORD_Ptr
Func Cmp_DWORD_Ptr_EAX($i)
$OPcode = $OPcode + "3905" + Int2Hex($i, 8)
EndFunc ;==>Cmp_DWORD_Ptr_EAX
;DEC
;+++++++++++++++++++++++++++++++++++
Func Dec_EAX()
$OPcode = $OPcode + "48"
EndFunc ;==>Dec_EAX
Func Dec_EBX()
$OPcode = $OPcode + "4B"
EndFunc ;==>Dec_EBX
Func Dec_ECX()
$OPcode = $OPcode + "49"
EndFunc ;==>Dec_ECX
Func Dec_EDX()
$OPcode = $OPcode + "4A"
EndFunc ;==>Dec_EDX
;Idiv
;+++++++++++++++++++++++++++++++++++
Func Idiv_EAX()
$OPcode = $OPcode + "F7F8"
EndFunc ;==>Idiv_EAX
Func Idiv_EBX()
$OPcode = $OPcode + "F7FB"
EndFunc ;==>Idiv_EBX
Func Idiv_ECX()
$OPcode = $OPcode + "F7F9"
EndFunc ;==>Idiv_ECX
Func Idiv_EDX()
$OPcode = $OPcode + "F7FA"
EndFunc ;==>Idiv_EDX
;Imul
;+++++++++++++++++++++++++++++++++++
Func Imul_EAX_EDX()
$OPcode = $OPcode + "0FAFC2"
EndFunc ;==>Imul_EAX_EDX
Func Imul_EAX($i)
$OPcode = $OPcode + "6BC0" + Int2Hex($i, 2)
EndFunc ;==>Imul_EAX
Func ImulB_EAX($i)
$OPcode = $OPcode + "69C0" + Int2Hex($i, 8)
EndFunc ;==>ImulB_EAX
;INC
;+++++++++++++++++++++++++++++++++++
Func Inc_EAX()
$OPcode = $OPcode + "40"
EndFunc ;==>Inc_EAX
Func Inc_EBX()
$OPcode = $OPcode + "43"
EndFunc ;==>Inc_EBX
Func Inc_ECX()
$OPcode = $OPcode + "41"
EndFunc ;==>Inc_ECX
Func Inc_EDX()
$OPcode = $OPcode + "42"
EndFunc ;==>Inc_EDX
Func Inc_EDI()
$OPcode = $OPcode + "47"
EndFunc ;==>Inc_EDI
Func Inc_ESI()
$OPcode = $OPcode + "46"
EndFunc ;==>Inc_ESI
Func Inc_DWORD_Ptr_EAX()
$OPcode = $OPcode + "FF00"
EndFunc ;==>Inc_DWORD_Ptr_EAX
Func Inc_DWORD_Ptr_EBX()
$OPcode = $OPcode + "FF03"
EndFunc ;==>Inc_DWORD_Ptr_EBX
Func Inc_DWORD_Ptr_ECX()
$OPcode = $OPcode + "FF01"
EndFunc ;==>Inc_DWORD_Ptr_ECX
Func Inc_DWORD_Ptr_EDX()
$OPcode = $OPcode + "FF02"
EndFunc ;==>Inc_DWORD_Ptr_EDX
;JMP/JE/JNE
;+++++++++++++++++++++++++++++++++++
Func JMP_EAX()
$OPcode = $OPcode + "FFE0"
EndFunc ;==>JMP_EAX
;Mov
Func Mov_DWORD_Ptr_EAX($i)
$OPcode = $OPcode + "A3" + Int2Hex($i, 8)
EndFunc ;==>Mov_DWORD_Ptr_EAX
Func Mov_EAX($i)
$OPcode = $OPcode + "B8" + Int2Hex($i, 8)
EndFunc ;==>Mov_EAX
Func Mov_EBX($i)
$OPcode = $OPcode + "BB" + Int2Hex($i, 8)
EndFunc ;==>Mov_EBX
Func Mov_ECX($i)
$OPcode = $OPcode + "B9" + Int2Hex($i, 8)
EndFunc ;==>Mov_ECX
Func Mov_EDX($i)
$OPcode = $OPcode + "BA" + Int2Hex($i, 8)
EndFunc ;==>Mov_EDX
Func Mov_ESI($i)
$OPcode = $OPcode + "BE" + Int2Hex($i, 8)
EndFunc ;==>Mov_ESI
Func Mov_ESP($i)
$OPcode = $OPcode + "BC" + Int2Hex($i, 8)
EndFunc ;==>Mov_ESP
Func Mov_EBP($i)
$OPcode = $OPcode + "BD" + Int2Hex($i, 8)
EndFunc ;==>Mov_EBP
Func Mov_EDI($i)
$OPcode = $OPcode + "BF" + Int2Hex($i, 8)
EndFunc ;==>Mov_EDI
Func Mov_EBX_DWORD_Ptr($i)
$OPcode = $OPcode + "8B1D" + Int2Hex($i, 8)
EndFunc ;==>Mov_EBX_DWORD_Ptr
Func Mov_ECX_DWORD_Ptr($i)
$OPcode = $OPcode + "8B0D" + Int2Hex($i, 8)
EndFunc ;==>Mov_ECX_DWORD_Ptr
Func Mov_EAX_DWORD_Ptr($i)
$OPcode = $OPcode + "A1" + Int2Hex($i, 8)
EndFunc ;==>Mov_EAX_DWORD_Ptr
Func Mov_EDX_DWORD_Ptr($i)
$OPcode = $OPcode + "8B15" + Int2Hex($i, 8)
EndFunc ;==>Mov_EDX_DWORD_Ptr
Func Mov_ESI_DWORD_Ptr($i)
$OPcode = $OPcode + "8B35" + Int2Hex($i, 8)
EndFunc ;==>Mov_ESI_DWORD_Ptr
Func Mov_ESP_DWORD_Ptr($i)
$OPcode = $OPcode + "8B25" + Int2Hex($i, 8)
EndFunc ;==>Mov_ESP_DWORD_Ptr
Func Mov_EBP_DWORD_Ptr($i)
$OPcode = $OPcode + "8B2D" + Int2Hex($i, 8)
EndFunc ;==>Mov_EBP_DWORD_Ptr
Func Mov_EAX_DWORD_Ptr_EAX()
$OPcode = $OPcode + "8B00"
EndFunc ;==>Mov_EAX_DWORD_Ptr_EAX
Func Mov_EAX_DWORD_Ptr_EBP()
$OPcode = $OPcode + "8B4500"
EndFunc ;==>Mov_EAX_DWORD_Ptr_EBP
Func Mov_EAX_DWORD_Ptr_EBX()
$OPcode = $OPcode + "8B03"
EndFunc ;==>Mov_EAX_DWORD_Ptr_EBX
Func Mov_EAX_DWORD_Ptr_ECX()
$OPcode = $OPcode + "8B01"
EndFunc ;==>Mov_EAX_DWORD_Ptr_ECX
Func Mov_EAX_DWORD_Ptr_EDX()
$OPcode = $OPcode + "8B02"
EndFunc ;==>Mov_EAX_DWORD_Ptr_EDX
Func Mov_EAX_DWORD_Ptr_EDI()
$OPcode = $OPcode + "8B07"
EndFunc ;==>Mov_EAX_DWORD_Ptr_EDI
Func Mov_EAX_DWORD_Ptr_ESP()
$OPcode = $OPcode + "8B0424"
EndFunc ;==>Mov_EAX_DWORD_Ptr_ESP
Func Mov_EAX_DWORD_Ptr_ESI()
$OPcode = $OPcode + "8B06"
EndFunc ;==>Mov_EAX_DWORD_Ptr_ESI
Func Mov_EAX_DWORD_Ptr_EAX_Add($i)
If $i <= 255 Then
$OPcode = $OPcode + "8B40" + Int2Hex($i, 2)
Else
$OPcode = $OPcode + "8B80" + Int2Hex($i, 8)
EndIf
EndFunc ;==>Mov_EAX_DWORD_Ptr_EAX_Add
Func Mov_EAX_DWORD_Ptr_ESP_Add($i)
If $i <= 255 Then
$OPcode = $OPcode + "8B4424" + Int2Hex($i, 2)
Else
$OPcode = $OPcode + "8B8424" + Int2Hex($i, 8)
EndIf
EndFunc ;==>Mov_EAX_DWORD_Ptr_ESP_Add
Func Mov_EAX_DWORD_Ptr_EBX_Add($i)
If $i <= 255 Then
$OPcode = $OPcode + "8B43" + Int2Hex($i, 2)
Else
$OPcode = $OPcode + "8B83" + Int2Hex($i, 8)
EndIf
EndFunc ;==>Mov_EAX_DWORD_Ptr_EBX_Add
Func Mov_EAX_DWORD_Ptr_ECX_Add($i)
If $i <= 255 Then
$OPcode = $OPcode + "8B41" + Int2Hex($i, 2)
Else
$OPcode = $OPcode + "8B81" + Int2Hex($i, 8)
EndIf
EndFunc ;==>Mov_EAX_DWORD_Ptr_ECX_Add
Func Mov_EAX_DWORD_Ptr_EDX_Add($i)
If $i <= 255 Then
$OPcode = $OPcode + "8B42" + Int2Hex($i, 2)
Else
$OPcode = $OPcode + "8B82" + Int2Hex($i, 8)
EndIf
EndFunc ;==>Mov_EAX_DWORD_Ptr_EDX_Add
Func Mov_EAX_DWORD_Ptr_EDI_Add($i)
If $i <= 255 Then
$OPcode = $OPcode + "8B47" + Int2Hex($i, 2)
Else
$OPcode = $OPcode + "8B87" + Int2Hex($i, 8)
EndIf
EndFunc ;==>Mov_EAX_DWORD_Ptr_EDI_Add
Func Mov_EAX_DWORD_Ptr_EBP_Add($i)
If $i <= 255 Then
$OPcode = $OPcode + "8B45" + Int2Hex($i, 2)
Else
$OPcode = $OPcode + "8B85" + Int2Hex($i, 8)
EndIf
EndFunc ;==>Mov_EAX_DWORD_Ptr_EBP_Add
Func Mov_EAX_DWORD_Ptr_ESI_Add($i)
If $i <= 255 Then
$OPcode = $OPcode + "8B46" + Int2Hex($i, 2)
Else
$OPcode = $OPcode + "8B86" + Int2Hex($i, 8)
EndIf
EndFunc ;==>Mov_EAX_DWORD_Ptr_ESI_Add
Func Mov_EBX_DWORD_Ptr_EAX_Add($i)
If $i <= 255 Then
$OPcode = $OPcode + "8B58" + Int2Hex($i, 2)
Else
$OPcode = $OPcode + "8B98" + Int2Hex($i, 8)
EndIf
EndFunc ;==>Mov_EBX_DWORD_Ptr_EAX_Add
Func Mov_EBX_DWORD_Ptr_ESP_Add($i)
If $i <= 255 Then
$OPcode = $OPcode + "8B5C24" + Int2Hex($i, 2)
Else
$OPcode = $OPcode + "8B9C24" + Int2Hex($i, 8)
EndIf
EndFunc ;==>Mov_EBX_DWORD_Ptr_ESP_Add
Func Mov_EBX_DWORD_Ptr_EBX_Add($i)
If $i <= 255 Then
$OPcode = $OPcode + "8B5B" + Int2Hex($i, 2)
Else
$OPcode = $OPcode + "8B9B" + Int2Hex($i, 8)
EndIf
EndFunc ;==>Mov_EBX_DWORD_Ptr_EBX_Add
Func Mov_EBX_DWORD_Ptr_ECX_Add($i)
If $i <= 255 Then
$OPcode = $OPcode + "8B59" + Int2Hex($i, 2)
Else
$OPcode = $OPcode + "8B99" + Int2Hex($i, 8)
EndIf
EndFunc ;==>Mov_EBX_DWORD_Ptr_ECX_Add
Func Mov_EBX_DWORD_Ptr_EDX_Add($i)
If $i <= 255 Then
$OPcode = $OPcode + "8B5A" + Int2Hex($i, 2)
Else
$OPcode = $OPcode + "8B9A" + Int2Hex($i, 8)
EndIf
EndFunc ;==>Mov_EBX_DWORD_Ptr_EDX_Add
Func Mov_EBX_DWORD_Ptr_EDI_Add($i)
If $i <= 255 Then
$OPcode = $OPcode + "8B5F" + Int2Hex($i, 2)
Else
$OPcode = $OPcode + "8B9F" + Int2Hex($i, 8)
EndIf
EndFunc ;==>Mov_EBX_DWORD_Ptr_EDI_Add
Func Mov_EBX_DWORD_Ptr_EBP_Add($i)
If $i <= 255 Then
$OPcode = $OPcode + "8B5D" + Int2Hex($i, 2)
Else
$OPcode = $OPcode + "8B9D" + Int2Hex($i, 8)
EndIf
EndFunc ;==>Mov_EBX_DWORD_Ptr_EBP_Add
Func Mov_EBX_DWORD_Ptr_ESI_Add($i)
If $i <= 255 Then
$OPcode = $OPcode + "8B5E" + Int2Hex($i, 2)
Else
$OPcode = $OPcode + "8B9E" + Int2Hex($i, 8)
EndIf
EndFunc ;==>Mov_EBX_DWORD_Ptr_ESI_Add
Func Mov_ECX_DWORD_Ptr_EAX_Add($i)
If $i <= 255 Then
$OPcode = $OPcode + "8B48" + Int2Hex($i, 2)
Else
$OPcode = $OPcode + "8B88" + Int2Hex($i, 8)
EndIf
EndFunc ;==>Mov_ECX_DWORD_Ptr_EAX_Add
Func Mov_ECX_DWORD_Ptr_ESP_Add($i)
If $i <= 255 Then
$OPcode = $OPcode + "8B4C24" + Int2Hex($i, 2)
Else
$OPcode = $OPcode + "8B8C24" + Int2Hex($i, 8)
EndIf
EndFunc ;==>Mov_ECX_DWORD_Ptr_ESP_Add
Func Mov_ECX_DWORD_Ptr_EBX_Add($i)
If $i <= 255 Then
$OPcode = $OPcode + "8B4B" + Int2Hex($i, 2)
Else
$OPcode = $OPcode + "8B8B" + Int2Hex($i, 8)
EndIf
EndFunc ;==>Mov_ECX_DWORD_Ptr_EBX_Add
Func Mov_ECX_DWORD_Ptr_ECX_Add($i)
If $i <= 255 Then
$OPcode = $OPcode + "8B49" + Int2Hex($i, 2)
Else
$OPcode = $OPcode + "8B89" + Int2Hex($i, 8)
EndIf
EndFunc ;==>Mov_ECX_DWORD_Ptr_ECX_Add
Func Mov_ECX_DWORD_Ptr_EDX_Add($i)
If $i <= 255 Then
$OPcode = $OPcode + "8B4A" + Int2Hex($i, 2)
Else
$OPcode = $OPcode + "8B8A" + Int2Hex($i, 8)
EndIf
EndFunc ;==>Mov_ECX_DWORD_Ptr_EDX_Add
Func Mov_ECX_DWORD_Ptr_EDI_Add($i)
If $i <= 255 Then
$OPcode = $OPcode + "8B4F" + Int2Hex($i, 2)
Else
$OPcode = $OPcode + "8B8F" + Int2Hex($i, 8)
EndIf
EndFunc ;==>Mov_ECX_DWORD_Ptr_EDI_Add
Func Mov_ECX_DWORD_Ptr_EBP_Add($i)
If $i <= 255 Then
$OPcode = $OPcode + "8B4D" + Int2Hex($i, 2)
Else
$OPcode = $OPcode + "8B8D" + Int2Hex($i, 8)
EndIf
EndFunc ;==>Mov_ECX_DWORD_Ptr_EBP_Add
Func Mov_ECX_DWORD_Ptr_ESI_Add($i)
If $i <= 255 Then
$OPcode = $OPcode + "8B4E" + Int2Hex($i, 2)
Else
$OPcode = $OPcode + "8B8E" + Int2Hex($i, 8)
EndIf
EndFunc ;==>Mov_ECX_DWORD_Ptr_ESI_Add
Func Mov_EDX_DWORD_Ptr_EAX_Add($i)
If $i <= 255 Then
$OPcode = $OPcode + "8B50" + Int2Hex($i, 2)
Else
$OPcode = $OPcode + "8B90" + Int2Hex($i, 8)
EndIf
EndFunc ;==>Mov_EDX_DWORD_Ptr_EAX_Add
Func Mov_EDX_DWORD_Ptr_ESP_Add($i)
If $i <= 255 Then
$OPcode = $OPcode + "8B5424" + Int2Hex($i, 2)
Else
$OPcode = $OPcode + "8B9424" + Int2Hex($i, 8)
EndIf
EndFunc ;==>Mov_EDX_DWORD_Ptr_ESP_Add
Func Mov_EDX_DWORD_Ptr_EBX_Add($i)
If $i <= 255 Then
$OPcode = $OPcode + "8B53" + Int2Hex($i, 2)
Else
$OPcode = $OPcode + "8B93" + Int2Hex($i, 8)
EndIf
EndFunc ;==>Mov_EDX_DWORD_Ptr_EBX_Add
Func Mov_EDX_DWORD_Ptr_ECX_Add($i)
If $i <= 255 Then
$OPcode = $OPcode + "8B51" + Int2Hex($i, 2)
Else
$OPcode = $OPcode + "8B91" + Int2Hex($i, 8)
EndIf
EndFunc ;==>Mov_EDX_DWORD_Ptr_ECX_Add
Func Mov_EDX_DWORD_Ptr_EDX_Add($i)
If $i <= 255 Then
$OPcode = $OPcode + "8B52" + Int2Hex($i, 2)
Else
$OPcode = $OPcode + "8B92" + Int2Hex($i, 8)
EndIf
EndFunc ;==>Mov_EDX_DWORD_Ptr_EDX_Add
Func Mov_EDX_DWORD_Ptr_EDI_Add($i)
If $i <= 255 Then
$OPcode = $OPcode + "8B57" + Int2Hex($i, 2)
Else
$OPcode = $OPcode + "8B97" + Int2Hex($i, 8)
EndIf
EndFunc ;==>Mov_EDX_DWORD_Ptr_EDI_Add
Func Mov_EDX_DWORD_Ptr_EBP_Add($i)
If $i <= 255 Then
$OPcode = $OPcode + "8B55" + Int2Hex($i, 2)
Else
$OPcode = $OPcode + "8B95" + Int2Hex($i, 8)
EndIf
EndFunc ;==>Mov_EDX_DWORD_Ptr_EBP_Add
Func Mov_EDX_DWORD_Ptr_ESI_Add($i)
If $i <= 255 Then
$OPcode = $OPcode + "8B56" + Int2Hex($i, 2)
Else
$OPcode = $OPcode + "8B96" + Int2Hex($i, 8)
EndIf
EndFunc ;==>Mov_EDX_DWORD_Ptr_ESI_Add
Func Mov_EBX_DWORD_Ptr_EAX()
$OPcode = $OPcode + "8B18"
EndFunc ;==>Mov_EBX_DWORD_Ptr_EAX
Func Mov_EBX_DWORD_Ptr_EBP()
$OPcode = $OPcode + "8B5D00"
EndFunc ;==>Mov_EBX_DWORD_Ptr_EBP
Func Mov_EBX_DWORD_Ptr_EBX()
$OPcode = $OPcode + "8B1B"
EndFunc ;==>Mov_EBX_DWORD_Ptr_EBX
Func Mov_EBX_DWORD_Ptr_ECX()
$OPcode = $OPcode + "8B19"
EndFunc ;==>Mov_EBX_DWORD_Ptr_ECX
Func Mov_EBX_DWORD_Ptr_EDX()
$OPcode = $OPcode + "8B1A"
EndFunc ;==>Mov_EBX_DWORD_Ptr_EDX
Func Mov_EBX_DWORD_Ptr_EDI()
$OPcode = $OPcode + "8B1F"
EndFunc ;==>Mov_EBX_DWORD_Ptr_EDI
Func Mov_EBX_DWORD_Ptr_ESP()
$OPcode = $OPcode + "8B1C24"
EndFunc ;==>Mov_EBX_DWORD_Ptr_ESP
Func Mov_EBX_DWORD_Ptr_ESI()
$OPcode = $OPcode + "8B1E"
EndFunc ;==>Mov_EBX_DWORD_Ptr_ESI
Func Mov_ECX_DWORD_Ptr_EAX()
$OPcode = $OPcode + "8B08"
EndFunc ;==>Mov_ECX_DWORD_Ptr_EAX
Func Mov_ECX_DWORD_Ptr_EBP()
$OPcode = $OPcode + "8B4D00"
EndFunc ;==>Mov_ECX_DWORD_Ptr_EBP
Func Mov_ECX_DWORD_Ptr_EBX()
$OPcode = $OPcode + "8B0B"
EndFunc ;==>Mov_ECX_DWORD_Ptr_EBX
Func Mov_ECX_DWORD_Ptr_ECX()
$OPcode = $OPcode + "8B09"
EndFunc ;==>Mov_ECX_DWORD_Ptr_ECX
Func Mov_ECX_DWORD_Ptr_EDX()
$OPcode = $OPcode + "8B0A"
EndFunc ;==>Mov_ECX_DWORD_Ptr_EDX
Func Mov_ECX_DWORD_Ptr_EDI()
$OPcode = $OPcode + "8B0F"
EndFunc ;==>Mov_ECX_DWORD_Ptr_EDI
Func Mov_ECX_DWORD_Ptr_ESP()
$OPcode = $OPcode + "8B0C24"
EndFunc ;==>Mov_ECX_DWORD_Ptr_ESP
Func Mov_ECX_DWORD_Ptr_ESI()
$OPcode = $OPcode + "8B0E"
EndFunc ;==>Mov_ECX_DWORD_Ptr_ESI
Func Mov_EDX_DWORD_Ptr_EAX()
$OPcode = $OPcode + "8B10"
EndFunc ;==>Mov_EDX_DWORD_Ptr_EAX
Func Mov_EDX_DWORD_Ptr_EBP()
$OPcode = $OPcode + "8B5500"
EndFunc ;==>Mov_EDX_DWORD_Ptr_EBP
Func Mov_EDX_DWORD_Ptr_EBX()
$OPcode = $OPcode + "8B13"
EndFunc ;==>Mov_EDX_DWORD_Ptr_EBX
Func Mov_EDX_DWORD_Ptr_ECX()
$OPcode = $OPcode + "8B11"
EndFunc ;==>Mov_EDX_DWORD_Ptr_ECX
Func Mov_EDX_DWORD_Ptr_EDX()
$OPcode = $OPcode + "8B12"
EndFunc ;==>Mov_EDX_DWORD_Ptr_EDX
Func Mov_EDX_DWORD_Ptr_EDI()
$OPcode = $OPcode + "8B17"
EndFunc ;==>Mov_EDX_DWORD_Ptr_EDI
Func Mov_EDX_DWORD_Ptr_ESI()
$OPcode = $OPcode + "8B16"
EndFunc ;==>Mov_EDX_DWORD_Ptr_ESI
Func Mov_EDX_DWORD_Ptr_ESP()
$OPcode = $OPcode + "8B1424"
EndFunc ;==>Mov_EDX_DWORD_Ptr_ESP
Func Mov_EAX_EBP()
$OPcode = $OPcode + "8BC5"
EndFunc ;==>Mov_EAX_EBP
Func Mov_EAX_EBX()
$OPcode = $OPcode + "8BC3"
EndFunc ;==>Mov_EAX_EBX
Func Mov_EAX_ECX()
$OPcode = $OPcode + "8BC1"
EndFunc ;==>Mov_EAX_ECX
Func Mov_EAX_EDI()
$OPcode = $OPcode + "8BC7"
EndFunc ;==>Mov_EAX_EDI
Func Mov_EAX_EDX()
$OPcode = $OPcode + "8BC2"
EndFunc ;==>Mov_EAX_EDX
Func Mov_EAX_ESI()
$OPcode = $OPcode + "8BC6"
EndFunc ;==>Mov_EAX_ESI
Func Mov_EAX_ESP()
$OPcode = $OPcode + "8BC4"
EndFunc ;==>Mov_EAX_ESP
Func Mov_EBX_EBP()
$OPcode = $OPcode + "8BDD"
EndFunc ;==>Mov_EBX_EBP
Func Mov_EBX_EAX()
$OPcode = $OPcode + "8BD8"
EndFunc ;==>Mov_EBX_EAX
Func Mov_EBX_ECX()
$OPcode = $OPcode + "8BD9"
EndFunc ;==>Mov_EBX_ECX
Func Mov_EBX_EDI()
$OPcode = $OPcode + "8BDF"
EndFunc ;==>Mov_EBX_EDI
Func Mov_EBX_EDX()
$OPcode = $OPcode + "8BDA"
EndFunc ;==>Mov_EBX_EDX
Func Mov_EBX_ESI()
$OPcode = $OPcode + "8BDE"
EndFunc ;==>Mov_EBX_ESI
Func Mov_EBX_ESP()
$OPcode = $OPcode + "8BDC"
EndFunc ;==>Mov_EBX_ESP
Func Mov_ECX_EBP()
$OPcode = $OPcode + "8BCD"
EndFunc ;==>Mov_ECX_EBP
Func Mov_ECX_EAX()
$OPcode = $OPcode + "8BC8"
EndFunc ;==>Mov_ECX_EAX
Func Mov_ECX_EBX()
$OPcode = $OPcode + "8BCB"
EndFunc ;==>Mov_ECX_EBX
Func Mov_ECX_EDI()
$OPcode = $OPcode + "8BCF"
EndFunc ;==>Mov_ECX_EDI
Func Mov_ECX_EDX()
$OPcode = $OPcode + "8BCA"
EndFunc ;==>Mov_ECX_EDX
Func Mov_ECX_ESI()
$OPcode = $OPcode + "8BCE"
EndFunc ;==>Mov_ECX_ESI
Func Mov_ECX_ESP()
$OPcode = $OPcode + "8BCC"
EndFunc ;==>Mov_ECX_ESP
Func Mov_EDX_EBP()
$OPcode = $OPcode + "8BD5"
EndFunc ;==>Mov_EDX_EBP
Func Mov_EDX_EBX()
$OPcode = $OPcode + "8BD3"
EndFunc ;==>Mov_EDX_EBX
Func Mov_EDX_ECX()
$OPcode = $OPcode + "8BD1"
EndFunc ;==>Mov_EDX_ECX
Func Mov_EDX_EDI()
$OPcode = $OPcode + "8BD7"
EndFunc ;==>Mov_EDX_EDI
Func Mov_EDX_EAX()
$OPcode = $OPcode + "8BD0"
EndFunc ;==>Mov_EDX_EAX
Func Mov_EDX_ESI()
$OPcode = $OPcode + "8BD6"
EndFunc ;==>Mov_EDX_ESI
Func Mov_EDX_ESP()
$OPcode = $OPcode + "8BD4"
EndFunc ;==>Mov_EDX_ESP
Func Mov_ESI_EBP()
$OPcode = $OPcode + "8BF5"
EndFunc ;==>Mov_ESI_EBP
Func Mov_ESI_EBX()
$OPcode = $OPcode + "8BF3"
EndFunc ;==>Mov_ESI_EBX
Func Mov_ESI_ECX()
$OPcode = $OPcode + "8BF1"
EndFunc ;==>Mov_ESI_ECX
Func Mov_ESI_EDI()
$OPcode = $OPcode + "8BF7"
EndFunc ;==>Mov_ESI_EDI
Func Mov_ESI_EAX()
$OPcode = $OPcode + "8BF0"
EndFunc ;==>Mov_ESI_EAX
Func Mov_ESI_EDX()
$OPcode = $OPcode + "8BF2"
EndFunc ;==>Mov_ESI_EDX
Func Mov_ESI_ESP()
$OPcode = $OPcode + "8BF4"
EndFunc ;==>Mov_ESI_ESP
Func Mov_ESP_EBP()
$OPcode = $OPcode + "8BE5"
EndFunc ;==>Mov_ESP_EBP
Func Mov_ESP_EBX()
$OPcode = $OPcode + "8BE3"
EndFunc ;==>Mov_ESP_EBX
Func Mov_ESP_ECX()
$OPcode = $OPcode + "8BE1"
EndFunc ;==>Mov_ESP_ECX
Func Mov_ESP_EDI()
$OPcode = $OPcode + "8BE7"
EndFunc ;==>Mov_ESP_EDI
Func Mov_ESP_EAX()
$OPcode = $OPcode + "8BE0"
EndFunc ;==>Mov_ESP_EAX
Func Mov_ESP_EDX()
$OPcode = $OPcode + "8BE2"
EndFunc ;==>Mov_ESP_EDX
Func Mov_ESP_ESI()
$OPcode = $OPcode + "8BE6"
EndFunc ;==>Mov_ESP_ESI
Func Mov_EDI_EBP()
$OPcode = $OPcode + "8BFD"
EndFunc ;==>Mov_EDI_EBP
Func Mov_EDI_EAX()
$OPcode = $OPcode + "8BF8"
EndFunc ;==>Mov_EDI_EAX
Func Mov_EDI_EBX()
$OPcode = $OPcode + "8BFB"
EndFunc ;==>Mov_EDI_EBX
Func Mov_EDI_ECX()
$OPcode = $OPcode + "8BF9"
EndFunc ;==>Mov_EDI_ECX
Func Mov_EDI_EDX()
$OPcode = $OPcode + "8BFA"
EndFunc ;==>Mov_EDI_EDX
Func Mov_EDI_ESI()
$OPcode = $OPcode + "8BFE"
EndFunc ;==>Mov_EDI_ESI
Func Mov_EDI_ESP()
$OPcode = $OPcode + "8BFC"
EndFunc ;==>Mov_EDI_ESP
Func Mov_EBP_EDI()
$OPcode = $OPcode + "8BDF"
EndFunc ;==>Mov_EBP_EDI
Func Mov_EBP_EAX()
$OPcode = $OPcode + "8BE8"
EndFunc ;==>Mov_EBP_EAX
Func Mov_EBP_EBX()
$OPcode = $OPcode + "8BEB"
EndFunc ;==>Mov_EBP_EBX
Func Mov_EBP_ECX()
$OPcode = $OPcode + "8BE9"
EndFunc ;==>Mov_EBP_ECX
Func Mov_EBP_EDX()
$OPcode = $OPcode + "8BEA"
EndFunc ;==>Mov_EBP_EDX
Func Mov_EBP_ESI()
$OPcode = $OPcode + "8BEE"
EndFunc ;==>Mov_EBP_ESI
Func Mov_EBP_ESP()
$OPcode = $OPcode + "8BEC"
EndFunc ;==>Mov_EBP_ESP
;Push
;+++++++++++++++++++++++++++++++++++
Func Push($i)
;If $i <= 255 Then
;$OPcode = $OPcode + "6A" + Int2Hex($i, 2)
;Else
$OPcode = $OPcode + "68" + Int2Hex($i, 8)
;EndIf
EndFunc ;==>Push
Func Push_DWORD_Ptr($i)
$OPcode = $OPcode + "FF35" + Int2Hex($i, 8)
EndFunc ;==>Push_DWORD_Ptr
Func Push_EAX()
$OPcode = $OPcode + "50"
EndFunc ;==>Push_EAX
Func Push_ECX()
$OPcode = $OPcode + "51"
EndFunc ;==>Push_ECX
Func Push_EDX()
$OPcode = $OPcode + "52"
EndFunc ;==>Push_EDX
Func Push_EBX()
$OPcode = $OPcode + "53"
EndFunc ;==>Push_EBX
Func Push_ESP()
$OPcode = $OPcode + "54"
EndFunc ;==>Push_ESP
Func Push_EBP()
$OPcode = $OPcode + "55"
EndFunc ;==>Push_EBP
Func Push_ESI()
$OPcode = $OPcode + "56"
EndFunc ;==>Push_ESI
Func Push_EDI()
$OPcode = $OPcode + "57"
EndFunc ;==>Push_EDI
;LEA
Func Lea_EAX_DWORD_Ptr_EAX_Add($i)
If $i <= 255 Then
$OPcode = $OPcode + "8D40" + Int2Hex($i, 2)
Else
$OPcode = $OPcode + "8D80" + Int2Hex($i, 8)
EndIf
EndFunc ;==>Lea_EAX_DWORD_Ptr_EAX_Add
Func Lea_EAX_DWORD_Ptr_EBX_Add($i)
If $i <= 255 Then
$OPcode = $OPcode + "8D43" + Int2Hex($i, 2)
Else
$OPcode = $OPcode + "8D83" + Int2Hex($i, 8)
EndIf
EndFunc ;==>Lea_EAX_DWORD_Ptr_EBX_Add
Func Lea_EAX_DWORD_Ptr_ECX_Add($i)
If $i <= 255 Then
$OPcode = $OPcode + "8D41" + Int2Hex($i, 2)
Else
$OPcode = $OPcode + "8D81" + Int2Hex($i, 8)
EndIf
EndFunc ;==>Lea_EAX_DWORD_Ptr_ECX_Add
Func Lea_EAX_DWORD_Ptr_EDX_Add($i)
If $i <= 255 Then
$OPcode = $OPcode + "8D42" + Int2Hex($i, 2)
Else
$OPcode = $OPcode + "8D82" + Int2Hex($i, 8)
EndIf
EndFunc ;==>Lea_EAX_DWORD_Ptr_EDX_Add
Func Lea_EAX_DWORD_Ptr_ESI_Add($i)
If $i <= 255 Then
$OPcode = $OPcode + "8D46" + Int2Hex($i, 2)
Else
$OPcode = $OPcode + "8D86" + Int2Hex($i, 8)
EndIf
EndFunc ;==>Lea_EAX_DWORD_Ptr_ESI_Add
Func Lea_EAX_DWORD_Ptr_ESP_Add($i)
If $i <= 255 Then
$OPcode = $OPcode + "8D40" + Int2Hex($i, 2)
Else
$OPcode = $OPcode + "8D80" + Int2Hex($i, 8)
EndIf
EndFunc ;==>Lea_EAX_DWORD_Ptr_ESP_Add
Func Lea_EAX_DWORD_Ptr_EBP_Add($i)
If $i <= 255 Then
$OPcode = $OPcode + "8D4424" + Int2Hex($i, 2)
Else
$OPcode = $OPcode + "8D8424" + Int2Hex($i, 8)
EndIf
EndFunc ;==>Lea_EAX_DWORD_Ptr_EBP_Add
Func Lea_EAX_DWORD_Ptr_EDI_Add($i)
If $i <= 255 Then
$OPcode = $OPcode + "8D47" + Int2Hex($i, 2)
Else
$OPcode = $OPcode + "8D87" + Int2Hex($i, 8)
EndIf
EndFunc ;==>Lea_EAX_DWORD_Ptr_EDI_Add
Func Lea_EBX_DWORD_Ptr_EAX_Add($i)
If $i <= 255 Then
$OPcode = $OPcode + "8D58" + Int2Hex($i, 2)
Else
$OPcode = $OPcode + "8D98" + Int2Hex($i, 8)
EndIf
EndFunc ;==>Lea_EBX_DWORD_Ptr_EAX_Add
Func Lea_EBX_DWORD_Ptr_ESP_Add($i)
If $i <= 255 Then
$OPcode = $OPcode + "8D5C24" + Int2Hex($i, 2)
Else
$OPcode = $OPcode + "8D9C24" + Int2Hex($i, 8)
EndIf
EndFunc ;==>Lea_EBX_DWORD_Ptr_ESP_Add
Func Lea_EBX_DWORD_Ptr_EBX_Add($i)
If $i <= 255 Then
$OPcode = $OPcode + "8D5B" + Int2Hex($i, 2)
Else
$OPcode = $OPcode + "8D9B" + Int2Hex($i, 8)
EndIf
EndFunc ;==>Lea_EBX_DWORD_Ptr_EBX_Add
Func Lea_EBX_DWORD_Ptr_ECX_Add($i)
If $i <= 255 Then
$OPcode = $OPcode + "8D59" + Int2Hex($i, 2)
Else
$OPcode = $OPcode + "8D99" + Int2Hex($i, 8)
EndIf
EndFunc ;==>Lea_EBX_DWORD_Ptr_ECX_Add
Func Lea_EBX_DWORD_Ptr_EDX_Add($i)
If $i <= 255 Then
$OPcode = $OPcode + "8D5A" + Int2Hex($i, 2)
Else
$OPcode = $OPcode + "8D9A" + Int2Hex($i, 8)
EndIf
EndFunc ;==>Lea_EBX_DWORD_Ptr_EDX_Add
Func Lea_EBX_DWORD_Ptr_EDI_Add($i)
If $i <= 255 Then
$OPcode = $OPcode + "8D5F" + Int2Hex($i, 2)
Else
$OPcode = $OPcode + "8D9F" + Int2Hex($i, 8)
EndIf
EndFunc ;==>Lea_EBX_DWORD_Ptr_EDI_Add
Func Lea_EBX_DWORD_Ptr_EBP_Add($i)
If $i <= 255 Then
$OPcode = $OPcode + "8D5D" + Int2Hex($i, 2)
Else
$OPcode = $OPcode + "8D9D" + Int2Hex($i, 8)
EndIf
EndFunc ;==>Lea_EBX_DWORD_Ptr_EBP_Add
Func Lea_EBX_DWORD_Ptr_ESI_Add($i)
If $i <= 255 Then
$OPcode = $OPcode + "8D5E" + Int2Hex($i, 2)
Else
$OPcode = $OPcode + "8D9E" + Int2Hex($i, 8)
EndIf
EndFunc ;==>Lea_EBX_DWORD_Ptr_ESI_Add
Func Lea_ECX_DWORD_Ptr_EAX_Add($i)
If $i <= 255 Then
$OPcode = $OPcode + "8D48" + Int2Hex($i, 2)
Else
$OPcode = $OPcode + "8D88" + Int2Hex($i, 8)
EndIf
EndFunc ;==>Lea_ECX_DWORD_Ptr_EAX_Add
Func Lea_ECX_DWORD_Ptr_ESP_Add($i)
If $i <= 255 Then
$OPcode = $OPcode + "8D4C24" + Int2Hex($i, 2)
Else
$OPcode = $OPcode + "8D8C24" + Int2Hex($i, 8)
EndIf
EndFunc ;==>Lea_ECX_DWORD_Ptr_ESP_Add
Func Lea_ECX_DWORD_Ptr_EBX_Add($i)
If $i <= 255 Then
$OPcode = $OPcode + "8D4B" + Int2Hex($i, 2)
Else
$OPcode = $OPcode + "8D8B" + Int2Hex($i, 8)
EndIf
EndFunc ;==>Lea_ECX_DWORD_Ptr_EBX_Add
Func Lea_ECX_DWORD_Ptr_ECX_Add($i)
If $i <= 255 Then
$OPcode = $OPcode + "8D49" + Int2Hex($i, 2)
Else
$OPcode = $OPcode + "8D89" + Int2Hex($i, 8)
EndIf
EndFunc ;==>Lea_ECX_DWORD_Ptr_ECX_Add
Func Lea_ECX_DWORD_Ptr_EDX_Add($i)
If $i <= 255 Then
$OPcode = $OPcode + "8D4A" + Int2Hex($i, 2)
Else
$OPcode = $OPcode + "8D8A" + Int2Hex($i, 8)
EndIf
EndFunc ;==>Lea_ECX_DWORD_Ptr_EDX_Add
Func Lea_ECX_DWORD_Ptr_EDI_Add($i)
If $i <= 255 Then
$OPcode = $OPcode + "8D4F" + Int2Hex($i, 2)
Else
$OPcode = $OPcode + "8D8F" + Int2Hex($i, 8)
EndIf
EndFunc ;==>Lea_ECX_DWORD_Ptr_EDI_Add
Func Lea_ECX_DWORD_Ptr_EBP_Add($i)
If $i <= 255 Then
$OPcode = $OPcode + "8D4D" + Int2Hex($i, 2)
Else
$OPcode = $OPcode + "8D8D" + Int2Hex($i, 8)
EndIf
EndFunc ;==>Lea_ECX_DWORD_Ptr_EBP_Add
Func Lea_ECX_DWORD_Ptr_ESI_Add($i)
If $i <= 255 Then
$OPcode = $OPcode + "8D4E" + Int2Hex($i, 2)
Else
$OPcode = $OPcode + "8D8E" + Int2Hex($i, 8)
EndIf
EndFunc ;==>Lea_ECX_DWORD_Ptr_ESI_Add
Func Lea_EDX_DWORD_Ptr_EAX_Add($i)
If $i <= 255 Then
$OPcode = $OPcode + "8D50" + Int2Hex($i, 2)
Else
$OPcode = $OPcode + "8D90" + Int2Hex($i, 8)
EndIf
EndFunc ;==>Lea_EDX_DWORD_Ptr_EAX_Add
Func Lea_EDX_DWORD_Ptr_ESP_Add($i)
If $i <= 255 Then
$OPcode = $OPcode + "8D5424" + Int2Hex($i, 2)
Else
$OPcode = $OPcode + "8D9424" + Int2Hex($i, 8)
EndIf
EndFunc ;==>Lea_EDX_DWORD_Ptr_ESP_Add
Func Lea_EDX_DWORD_Ptr_EBX_Add($i)
If $i <= 255 Then
$OPcode = $OPcode + "8D53" + Int2Hex($i, 2)
Else
$OPcode = $OPcode + "8D93" + Int2Hex($i, 8)
EndIf
EndFunc ;==>Lea_EDX_DWORD_Ptr_EBX_Add
Func Lea_EDX_DWORD_Ptr_ECX_Add($i)
If $i <= 255 Then
$OPcode = $OPcode + "8D51" + Int2Hex($i, 2)
Else
$OPcode = $OPcode + "8D91" + Int2Hex($i, 8)
EndIf
EndFunc ;==>Lea_EDX_DWORD_Ptr_ECX_Add
Func Lea_EDX_DWORD_Ptr_EDX_Add($i)
If $i <= 255 Then
$OPcode = $OPcode + "8D52" + Int2Hex($i, 2)
Else
$OPcode = $OPcode + "8D92" + Int2Hex($i, 8)
EndIf
EndFunc ;==>Lea_EDX_DWORD_Ptr_EDX_Add
Func Lea_EDX_DWORD_Ptr_EDI_Add($i)
If $i <= 255 Then
$OPcode = $OPcode + "8D57" + Int2Hex($i, 2)
Else
$OPcode = $OPcode + "8D97" + Int2Hex($i, 8)
EndIf
EndFunc ;==>Lea_EDX_DWORD_Ptr_EDI_Add
Func Lea_EDX_DWORD_Ptr_EBP_Add($i)
If $i <= 255 Then
$OPcode = $OPcode + "8D55" + Int2Hex($i, 2)
Else
$OPcode = $OPcode + "8D95" + Int2Hex($i, 8)
EndIf
EndFunc ;==>Lea_EDX_DWORD_Ptr_EBP_Add
Func Lea_EDX_DWORD_Ptr_ESI_Add($i)
If $i <= 255 Then
$OPcode = $OPcode + "8D56" + Int2Hex($i, 2)
Else
$OPcode = $OPcode + "8D96" + Int2Hex($i, 8)
EndIf
EndFunc ;==>Lea_EDX_DWORD_Ptr_ESI_Add
;POP
Func Pop_EAX()
$OPcode = $OPcode + "58"
EndFunc ;==>Pop_EAX
Func Pop_EBX()
$OPcode = $OPcode + "5B"
EndFunc ;==>Pop_EBX
Func Pop_ECX()
$OPcode = $OPcode + "59"
EndFunc ;==>Pop_ECX
Func Pop_EDX()
$OPcode = $OPcode + "5A"
EndFunc ;==>Pop_EDX
Func Pop_ESI()
$OPcode = $OPcode + "5E"
EndFunc ;==>Pop_ESI
Func Pop_ESP()
$OPcode = $OPcode + "5C"
EndFunc ;==>Pop_ESP
Func Pop_EDI()
$OPcode = $OPcode + "5F"
EndFunc ;==>Pop_EDI
Func Pop_EBP()
$OPcode = $OPcode + "5D"
EndFunc ;==>Pop_EBP
Func Ptr(ByRef $Add)
$Ptr = VarPtr($Add)
EndFunc ;==>Ptr
Func Float4Int($Ans) ;?????
Dim $AB, $a
CopyMemory($AB, $Ans, 4)
$Float4Int = $AB
EndFunc ;==>Float4Int
;Func Float8Int(ByRef Ans) ;?????
; Dim AB As Long
; CopyMemory AB, Ans, 8
; Float8Int = AB
;EndFunc
01/03/2009 16:16
Azunai#3
[Only registered and activated users can see links. Click Here To Register...]
01/03/2009 16:24
Jacob_G#4
Hm cool :D
01/03/2009 22:08
darthwitch#5
was hat man jetzt dadurch genau für vorteile kenne mich nicht genau mit dem assembler system aus^^
01/03/2009 22:18
NBA#6
Soweit ich weiss ist assambler vieeell schneller
01/03/2009 22:54
Jacob_G#7
Naja wenn man das über Au3 benutzt nicht, jedoch hat man dann die Macht! :D
01/04/2009 17:29
darthwitch#8
Welche macht :-D woltle eig nur wissen was man dann so für vorteile hat :-D nicht was starwars mäsiges oder so *gg*
01/04/2009 18:11
Jacob_G#9
Das ist auch nid Star Wars mäsig^^, mit Assembler kannst du alles am PC machen. Ein Assemblerbefehl entspricht einem Maschinenbefehl, deswegen ist es auch so schnell. Du kannst Sachen programieren ohne den Schlack mit rein zu packen :).
Hier ein Beispiel in MASM für Hello World
Hier ein Beispiel in MASM für Hello World
Code:
DATA SEGMENT ;- Beginn des Datensegments
Meldung db "Hello World" ;- Die Zeichenkette "Hello World"
db "$" ;- Endzeichen der Zeichenkette
DATA ENDS ;- Ende des Datensegment
CODE SEGMENT ;- Beginn des Codesegements
ASSUME CS:CODE,DS:DATA ;- Dem Assembler die Segmente mitteilen
Anfang: ;- Label für den Anfang des Programms
mov ax, DATA ;- das Daten...
mov ds, ax ; ...segment laden
mov dx, offset Meldung ;- den Text in das Datenregister laden
mov ah, 09h ;- dem Betriebssystem mitteilen, was wir wollen
int 21h ;- diesen Befehl ausführen (hier Ausgabe des Texts)
mov ax, 4C00h ;- dem Betriebssystem wieder mitteilen, was wir wollen
int 21h ;- diesen Befehl wieder ausführen (Programm beenden)
CODE ENDS ;- Ende des Codesegments
END Anfang ;- dem Assembler das Ende des Labels Anfang mitteilen
01/05/2009 02:20
Illuminatus#10
Beim Botcoding mit AutoIt doch wohl eher für die Katz oder?
01/05/2009 10:31
blauwiggle#11
Wenn du das so siehst :rolleyes:Quote:
Beim Botcoding mit AutoIt doch wohl eher für die Katz oder?
01/05/2009 13:36
Illuminatus#12
Ist dem nicht so? Wenn der einzige Grund Geschwindigkeit ist (was bei einem Bot wohl eher irrelevant ist), kann man sich das umständliche asm doch schenken...Quote:
Und für alles, was tiefer geht als ControlSend(), (hooking, detouring usw.) würde ich auf c/c++ umsteigen...
Seh ich das falsch? Erweitere meinen horizont! :)
01/06/2009 19:34
Azunai#13
wozu neue syntax lernen wenn der asm code immer asm code bleibt ;)Quote:
Und für alles, was tiefer geht als ControlSend(), (hooking, detouring usw.) würde ich auf c/c++ umsteigen...
01/06/2009 22:17
Illuminatus#14
Neuer Syntax? Also bitte... Soviel kommt da auch net dazu...
Nuja, ich seh den Sinn dahinter immernoch net :-)
Nuja, ich seh den Sinn dahinter immernoch net :-)
01/07/2009 20:55
Azunai#15
stell dir vor du hast nen umfangreichen bot in au3 geschrieben, brauchst aber ne funktion die nur über asm geht
warum dann nicht einfach die func in asm schreiben ?
statt umständlich in c ne exe oder dll ? die dann geladen werden muss ?
warum dann nicht einfach die func in asm schreiben ?
statt umständlich in c ne exe oder dll ? die dann geladen werden muss ?