[Source]ConquerLoader v1

Nullable · 07/22/2010, 11:24

Assembled using MASM32 assembler, not much fancy high-level alike stuff in there.

Code:

; ---------------ConquerLoader v1---------------
;|                                              |
;|Author: Nullable                              |
;|                                              |
; ----------------------------------------------

.486
.model flat, stdcall
option casemap: none
include \masm32\include\windows.inc
; «««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««

include \masm32\include\kernel32.inc
include \masm32\include\user32.inc
include \masm32\include\ws2_32.inc
; «««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««

includelib \masm32\lib\kernel32.lib
includelib \masm32\lib\user32.lib
includelib \masm32\lib\ws2_32.lib
; «««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««

.data
szBufferRead db 30 DUP(00)
ipaddr db ?
servdat db "ConquerS.dat", 0
inet db "inet_addr", 0
bn1 db " blacknull", 0
conqname db "Conquer.exe", 0
wsaname db "WS2_32.dll", 0
wsacode db 0B8h, 00h, 00h, 00h, 00h, 0C2h, 04h, 00h, 90h, 90h

;MOV EAX, 00000000h
;RETN 4 // __stdcall convention, clear the stack. 4 because inet_addr takes 1 argument (4 bytes)

txtfail db "Error occured", 0
txtfailconq db "Failed to load Conquer", 0
txtfailinj db "Failed to inject code", 0
txtfailopn db "Failed to open ConquerS.dat", 0
; «««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««

hInstance dd ?
starti STARTUPINFO <?>
pi PROCESS_INFORMATION <?>
ws WSADATA <?>
serverdat HANDLE ?
procaddr dd ?
rlprocaddr dd ?
ip dd ?
Bytes dd 0
; «««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««


.code
start:
    invoke GetModuleHandle, 0
    mov hInstance, eax
    
    invoke WSAStartup, 0101h, addr ws 
    invoke CreateProcess, addr conqname, addr bn1, 0, 0, 0, CREATE_DEFAULT_ERROR_MODE, 0, 0, addr starti, addr pi
    cmp eax, 0
    je @_1
    
    invoke GetModuleHandle, addr wsaname
    mov procaddr, eax

    invoke CreateFile, addr servdat, GENERIC_READ, FILE_SHARE_READ, 0, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, 0
    mov serverdat, eax
    
    cmp serverdat, INVALID_HANDLE_VALUE
    je @_3

    invoke ReadFile, serverdat, addr szBufferRead, 25, addr Bytes, 0
    
    cmp eax, 0
    je @_3

    invoke inet_addr, addr szBufferRead
    mov ip, eax

    mov eax, OFFSET wsacode

    mov edi, ip
    mov DWORD PTR [eax+1], edi
    
    invoke GetProcAddress, procaddr, addr inet
    mov rlprocaddr, eax
    
    invoke WaitForInputIdle, pi.hProcess, INFINITE
    invoke WriteProcessMemory, pi.hProcess, rlprocaddr, addr wsacode, sizeof wsacode, 0

    cmp eax, 0
    je @_2
    
@e:
    invoke WSACleanup
    invoke CloseHandle, serverdat
    invoke ExitProcess, 0
    
@_1:
    invoke MessageBox, 0, addr txtfailconq, addr txtfail, MB_OK
    jmp @e
    
@_2:
    invoke MessageBox, 0, addr txtfailinj, addr txtfail, MB_OK
    jmp @e
@_3:
    invoke MessageBox, 0, addr txtfailopn, addr txtfail, MB_OK
    jmp @e
    
end start

~~DeathByMoogles~~ · 07/23/2010, 05:28

Quote:

Originally Posted by Nullable

Assembled using MASM32 assembler, not much fancy high-level alike stuff in there.

Code:

; ---------------ConquerLoader v1---------------
;|                                              |
;|Author: Nullable                              |
;|                                              |
; ----------------------------------------------

.486
.model flat, stdcall
option casemap: none
include \masm32\include\windows.inc
; «««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««

include \masm32\include\kernel32.inc
include \masm32\include\user32.inc
include \masm32\include\ws2_32.inc
; «««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««

includelib \masm32\lib\kernel32.lib
includelib \masm32\lib\user32.lib
includelib \masm32\lib\ws2_32.lib
; «««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««

.data
szBufferRead db 30 DUP(00)
ipaddr db ?
servdat db "ConquerS.dat", 0
inet db "inet_addr", 0
bn1 db " blacknull", 0
conqname db "Conquer.exe", 0
wsaname db "WS2_32.dll", 0
wsacode db 0B8h, 00h, 00h, 00h, 00h, 0C2h, 04h, 00h, 90h, 90h

;MOV EAX, 00000000h
;RETN 4 // __stdcall convention, clear the stack. 4 because inet_addr takes 1 argument (4 bytes)

txtfail db "Error occured", 0
txtfailconq db "Failed to load Conquer", 0
txtfailinj db "Failed to inject code", 0
txtfailopn db "Failed to open ConquerS.dat", 0
; «««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««

hInstance dd ?
starti STARTUPINFO <?>
pi PROCESS_INFORMATION <?>
ws WSADATA <?>
serverdat HANDLE ?
procaddr dd ?
rlprocaddr dd ?
ip dd ?
Bytes dd 0
; «««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««


.code
start:
    invoke GetModuleHandle, 0
    mov hInstance, eax
    
    invoke WSAStartup, 0101h, addr ws 
    invoke CreateProcess, addr conqname, addr bn1, 0, 0, 0, CREATE_DEFAULT_ERROR_MODE, 0, 0, addr starti, addr pi
    cmp eax, 0
    je @_1
    
    invoke GetModuleHandle, addr wsaname
    mov procaddr, eax

    invoke CreateFile, addr servdat, GENERIC_READ, FILE_SHARE_READ, 0, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, 0
    mov serverdat, eax
    
    cmp serverdat, INVALID_HANDLE_VALUE
    je @_3

    invoke ReadFile, serverdat, addr szBufferRead, 25, addr Bytes, 0
    
    cmp eax, 0
    je @_3

    invoke inet_addr, addr szBufferRead
    mov ip, eax

    mov eax, OFFSET wsacode

    mov edi, ip
    mov DWORD PTR [eax+1], edi
    
    invoke GetProcAddress, procaddr, addr inet
    mov rlprocaddr, eax
    
    invoke WaitForInputIdle, pi.hProcess, INFINITE
    invoke WriteProcessMemory, pi.hProcess, rlprocaddr, addr wsacode, sizeof wsacode, 0

    cmp eax, 0
    je @_2
    
@e:
    invoke WSACleanup
    invoke CloseHandle, serverdat
    invoke ExitProcess, 0
    
@_1:
    invoke MessageBox, 0, addr txtfailconq, addr txtfail, MB_OK
    jmp @e
    
@_2:
    invoke MessageBox, 0, addr txtfailinj, addr txtfail, MB_OK
    jmp @e
@_3:
    invoke MessageBox, 0, addr txtfailopn, addr txtfail, MB_OK
    jmp @e
    
end start

wut?
I do not get it.

Ian* · 07/23/2010, 08:51

Quote:

Originally Posted by DeathByMoogles

wut?
I do not get it.

It's asm.

Check out masm, just google it

_DreadNought_ · 07/26/2010, 01:03

When I run I get an error

Quote:

C:\user\documents\blablabla\Test.exe
The NTVDM CPU has encountered an illegal instruction.
CS:0faf IP:0115 OP:64 63 61 6c 6c Choose 'Close' to terminate the application.
Close | Ignore

if I click Ingnore I get
[quote]
When I run I get an error

Quote:

C:\user\documents\blablabla\Test.exe
The NTVDM CPU has encountered an illegal instruction.
CS:0faf IP:0116 OP:64 63 61 6c 6c Choose 'Close' to terminate the application.
Close | Ignore

and the errors keep going.
the title of the errors are: 16 bit MS-DOS subsystem.

I am using your code just compiled in a masm 32