ich hab was im netz gefunden... und wollt mal wissen was der code macht.
-
.586p .model flat, stdcall extrn ExitProcess:PROC, CreateFileA:PROC, WriteFile:PROC, \ CloseHandle:PROC, VirtualAlloc:PROC, GetModuleHandleA:PROC, \ GetProcAddress:PROC, GetCommandLineA:PROC publicdll _DllPatch ;------------------------------------------------------------------------ .data ; Äàííûå ;------------------------------------------------------------------------ DllName db 'protect.dll',0 FuncName db '_DllDispatch',0 CodePath db 'code.bin',0 TextPath db 'text.bin',0 FirstJump dd 0 _DllDispatch dd 0 _DllDispatchInExe dd 0 CodeSection dd 0 ; Ñìåùåíèå ñåêöèè êîäà Buf dd 0 ; Áóôåð ïîä ñåêöèþ êîäà FoundCode dd 0 ; Áóôåð äëÿ íàéäåííîãî êîäà IdCalls dd 0 ; Áóôåð äëÿ èäåíòèôèêàòîðîâ _edi dd 0 _ecx dd 0 Base dd 0 Base1 dd 0 SearchSize dd 0 SearchStep db 0 BufSize dd 300000h NewCodeSectionRVA dd 0 ; Àäðåñ íîâîé ñåêöèè IdCallsOffset dd 0 ; Ñìåùåíèå â ìàññèâå èäåíòèôèêàòîðîâ CodeOffset dd 0 ; Ñìåùåíèå â íàéäåííîì êîäå EntryPoint dd 0 ; Òî÷êà âõîäà int3 dd 0 ; Àäðåñ INT3 Address dq 0 ; Âðåìåííûå ïåðåìåííûå Temp dd 0 ;------------------------------------------------------------------------ .code ; Êîä ;------------------------------------------------------------------------ start: cmp dword ptr [esp+8],1 jne DontInit call VirtualAlloc, 0, BufSize, 1000h, 4 ; Ïàìÿòü ïîä áóôåðà mov Buf,eax call VirtualAlloc, 0, 10000h, 1000h, 4 mov FoundCode,eax call VirtualAlloc, 0, 100h, 1000h, 4 mov IdCalls,eax call GetModuleHandleA, offset DllName ; Íàñòðîéêà êîíñòàíò call GetProcAddress, eax, offset FuncName mov _DllDispatch,eax call GetCommandLineA inc eax push eax mov edi,eax mov ecx,100h mov eax,'"' repnz scasb dec edi xor eax,eax stosd call GetModuleHandleA mov NewCodeSectionRVA,eax mov edi,[eax+3Ch] ; PE-ñìåùåíèå add edi,eax mov edx,[edi+50h] add NewCodeSectionRVA,edx mov edx,[edi+2Ch] add edx,eax mov CodeSection,edx mov edx,[edi+28h] add edx,eax mov EntryPoint,edx mov eax,[edi+100h] shr eax,2 inc eax shl eax,2 mov BufSize,eax mov esi,offset codestart ; Èçìåíèòü êîä íà ñòàðòå mov edi,edx mov ecx,[edi+1] add ecx,edi add ecx,5 mov FirstJump,ecx mov ecx,offset codeend sub ecx,esi rep movsb DontInit: xor eax,eax inc eax ret 0Ch codestart: push offset Control+5 ; Íàø êîä íà ñòàðòå exe-øíèêà mov eax,FirstJump jmp eax codeend: ;------------------------------------------------------------------------ ; Ïðîöåäóðà, ïîëó÷àþùàÿ óïðàâëåíèå ïîñëå ïîëíîé ðàñïàêîâêè êîäà Control: mov eax,_DllDispatch ; Íàñòðîéêà êîíñòàíò mov edi,CodeSection xor ecx,ecx dec ecx _s: repnz scasd mov edx,[edi+4] shr edx,18h cmp dl,0BFh jne _s mov eax,edi sub eax,4 mov esi,CodeSection _s1: inc esi cmp eax,[esi] jne _s1 cmp word ptr [esi-2],25FFh jne _s1 lea eax,[esi-2] mov _DllDispatchInExe,eax mov ecx,BufSize ; Ñêîïèðîâàòü ñåêöèþ êîäà shr ecx,2 mov edx,ecx mov edi,Buf mov esi,CodeSection rep movsd mov ecx,edx ; Ñìåíèòü ñåêöèþ êîäà íà INT3 mov eax,0CCCCCCCCh mov edi,CodeSection rep stosd mov eax,offset Address ; Óñòàíîâèòü ñâîé îáðàáîò÷èê INT3 sidt [eax] mov edx,[eax+2] add edx,8*3 mov cx,[edx+6] shl ecx,10h mov cx,[edx] mov int3,ecx mov ebx,offset Int3Handler mov [edx],bx shr ebx,10h mov [edx+6],bx mov eax,Buf mov Base,eax mov eax,CodeSection mov Base1,eax mov eax,BufSize sub eax,4 mov SearchSize,eax GFind: mov ecx,SearchSize ; Èñêàòü 'call _DllDispatch' mov edi,Base mov _edi,edi mov _ecx,ecx Find: mov edi,_edi mov ecx,_ecx mov al,0E8h repnz scasb test ecx,ecx jne ConStep inc SearchStep ; Îáåñïå÷èòü äâà ïðîõîäà cmp SearchStep,2 je Exit mov eax,FoundCode mov Base,eax mov eax,NewCodeSectionRVA mov Base1,eax mov eax,CodeOffset mov SearchSize,eax jmp GFind ConStep: mov _edi,edi mov _ecx,ecx mov ebx,[edi] sub edi,Base add edi,Base1 add ebx,edi add ebx,4 cmp ebx,_DllDispatchInExe jne Find mov edi,_edi mov eax,[edi-5] ; Ïîëó÷èòü èäåíòèôèêàòîðû mov edi,IdCalls ; Íå äóáëèðîâàòüñÿ mov ecx,IdCallsOffset shr ecx,2 test edi,edi repnz scasd setz cl test cl,cl je Insert mov edx,[edi] jmp Begin Insert: stosd mov eax,CodeOffset stosd add IdCallsOffset,8 mov edx,CodeOffset Begin: mov edi,_edi ; Èñïðàâëåíèå âûçâàâøåãî call'à sub edi,6 mov eax,90909090h stosb mov esi,[edi] stosd inc edi mov eax,NewCodeSectionRVA add eax,edx sub eax,Base1 sub eax,edi add eax,Base sub eax,4 stosd sub dword ptr [edi+2],4 test cl,cl jne Continue push esi ; Âûçâàòü î÷åðåäíîé _DllDispatch call _DllDispatch Continue: jmp Find Exit: mov eax,offset Address ; Âîññòàíîâèòü IDT sidt [eax] mov edx,[eax+2] add edx,8*3 mov ebx,int3 mov [edx],bx shr ebx,10h mov [edx+6],bx call WriteResults call ExitProcess, 0 ;----------------------------------------------------- Int3Handler: ; Îáðàáîò÷èê INT3 ;----------------------------------------------------- pushfd pushad mov eax,offset Continue ; Âåðíóòüñÿ èç îáðàáîò÷èêà ê íàì mov [esp+24h],eax mov ax,8B55h ; Íàéòè î÷åðåäíîé call mov edi,[esp+30h] mov edi,[edi] mov ecx,1000h _loop1: cmp [edi],ax je l1 dec edi loop _loop1 l1: mov esi,edi mov ax,0C35Dh mov ecx,1000h _loop2: cmp [edi],ax je l2 inc edi loop _loop2 l2: mov ecx,edi ; Ïîïðàâèòü call'û â íàéäåííîì êîäå sub ecx,esi add ecx,2 mov edx,ecx mov edi,FoundCode add edi,CodeOffset _jmp: cmp byte ptr [esi],0E8h jne _move mov eax,[esi+1] add eax,esi cmp eax,600000h jg _move cmp eax,400000h jl _move mov eax,[esi+1] add eax,FoundCode add eax,esi sub eax,edi sub eax,NewCodeSectionRVA mov [esi+1],eax _move: movsb ; Ñêîïèðîâàòü î÷åðåäíîé call dec ecx jne _jmp add CodeOffset,edx popad popfd iretd ;------------------------------------------------------------------------ ; Çàïèñü ðåçóëüòàòîâ WriteResults: call CreateFileA, offset CodePath, 40000000h, 0, 0, 2, 80h, 0 call WriteFile, eax, FoundCode, CodeOffset, offset Temp, 0 call CloseHandle, eax call CreateFileA, offset TextPath, 40000000h, 0, 0, 2, 80h, 0 call WriteFile, eax, Buf, BufSize, offset Temp, 0 call CloseHandle, eax ret ;------------------------------------------------------------------------ ; Ýêñïîðòèðóåìàÿ ôóíêöèÿ äëÿ óäîáñòâà äîáàâëåíèÿ áèáëèîòåêè â EXE _DllPatch: ret ;------------------------------------------------------------------------ end start
-
also, eins vorweg... ich kenn mich nicht mit assembler aus.. wollt nur wissen wie man sowas dann zum laufen bringt?
geht sowas vielleicht mit nem c-compiler->das ist eher meinne welt
-
wo hast du das denn her? die kommentare sind gerade bei assembler wichtig, zumindest für mich, wie es bei anderen steht weiß ich nicht. aber die kommentare kann ich leider nicht entschlüssenln
-
Sieht vielleicht wie ein Debugger oder Disassembler aus.
Na egal - zum Laufen bringst du das, indem du das mit dem MASM assemblierst und dann linkst.
-
ich hab das auf ner russ oder korean etc seite, ich glaube das ging um den starforce kopierschutz, mich hat das irgendwie interssiert...