-
Notifications
You must be signed in to change notification settings - Fork 3
/
DynamicCode.asm
79 lines (64 loc) · 2.41 KB
/
DynamicCode.asm
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
%include "io.inc"
extern _GetLastError@0
extern _VirtualAlloc@16
extern _VirtualProtect@16
MEM_RESERVE equ 0x00002000
MEM_COMMIT equ 0x00001000
PAGE_READWRITE equ 0x04
PAGE_EXECUTE equ 0x10
struc DATA
.flProtect: resb 4
.functionAddr: resb 4
.var1: resb 4
.var2: resb 4
.size:
endstruc
section .text
global CMAIN
CMAIN:
mov ebp, esp ; for correct debugging
push ebp ; save old ebp
sub esp, DATA.size ; allocate local variables
mov ebp, esp ; set ebp for variable indexing
;LPVOID WINAPI VirtualAlloc(
; _In_opt_ LPVOID lpAddress,
; _In_ SIZE_T dwSize,
; _In_ DWORD flAllocationType,
; _In_ DWORD flProtect);
mov eax, dword PAGE_READWRITE
mov [ebp + DATA.flProtect], eax
push eax ; flProtect
push dword MEM_COMMIT ; flAllocationType
push dword 4096 ; dwSize
push dword 0 ; lpAddress
call _VirtualAlloc@16
mov [ebp + DATA.functionAddr], eax ; save pointer
; copy the code
mov esi, function ; source
mov edi, [ebp + DATA.functionAddr] ; destination
mov ecx, functionSize ; size
rep movsb ; copy the bytes
;BOOL WINAPI VirtualProtect(
; _In_ LPVOID lpAddress,
; _In_ SIZE_T dwSize,
; _In_ DWORD flNewProtect,
; _Out_ PDWORD lpflOldProtect
push ebp + DATA.flProtect ; lpflOldProtect
push dword PAGE_EXECUTE ; flNewProtect
push 4096 ; dwSize
mov eax, [ebp + DATA.functionAddr]
push eax ; lpAddress
call _VirtualProtect@16
mov [ebp + DATA.var1], dword 0x99999999
mov [ebp + DATA.var2], dword 0x55555555
call [ebp + DATA.functionAddr] ; call the functon!
add esp, DATA.size ; de-allocate local variables
pop ebp ; restore stack
ret
function:
mov eax, [ebp + DATA.var1]
mov ebx, [ebp + DATA.var2]
add eax, ebx
ret
endf:
functionSize equ (endf - function)