忆杰的博客

忆杰的博客

写自定位代码

我刚才其实已经写了一篇了, 然后不知怎么的不见了, 所以我不想说话了. 自己看源码

源码下载地址:
http://www.joenchen.com/JoenTools/LocateAddr.rar

	.586
	.model flat, stdcall
	option casemap:none
	Include Windows.inc
	Include kernel32.inc
	Includelib kernel32.lib
;===========================================================================
	.Code
REMOTE_CODE_START	equ this byte
	Include GetApiAddr.inc
	Include GetApiAddr.asm
;===========================================================================
;函数列表, 格式是前面一个是函数的字符串形式, 另外紧接着就是该
;函数的地址存放, 以后就可以这样使用	call  xxx
;===========================================================================
;C语言库函数使用方法printf   msvcrt!_cprintf
_Fun_msvcrt:
	_Function	_cprintf, realloc, malloc
_Fun_msvcrt_End:
;===========================================================================
_Fun_Kernel32:
	_Function	AllocConsole, ExitProcess
_Fun_Kernel32_End:

_User32:
	_Function	MessageBoxA
_User32_End:
;===========================================================================
_Szkernel32	byte	'kernel32', 0
_Szmsvcrt	byte	'msvcrt', 0
_SzUser32	byte	'user32', 0

_SzHello	byte	'这里是自定位的函数的输出', 13, 10, 0

_LocateAddr	Proc

	_Locate ebx		;自定位ebx的值就不能改变了
;===========================================================================
	;Kernel32函数
	lea	eax, [ebx+_Fun_Kernel32_End]
	lea	ecx, [ebx+_Fun_Kernel32]
	lea	edx, [ebx+_Szkernel32]
	Invoke	_FillFunction, edx, ecx, eax
;===========================================================================
	lea	eax, [ebx+_User32_End]
	lea	ecx, [ebx+_User32]
	lea	edx, [ebx+_SzUser32]
	Invoke	_FillFunction, edx, ecx, eax
;===========================================================================
	;C库函数
	lea	eax, [ebx+_Fun_msvcrt_End]
	lea	ecx, [ebx+_Fun_msvcrt]
	lea	edx, [ebx+_Szmsvcrt]
	Invoke	_FillFunction, edx, ecx, eax
;===========================================================================
	lea	eax, [ebx+_SzHello]
	_Invoke	[ebx+__cprintf], eax		;c语言的printf

	lea	eax, [ebx+_SzHello]		;Windows的MessageBox
	_Invoke	[ebx+_MessageBoxA], 0, eax, eax, 0

	_Invoke	[ebx+_ExitProcess], 0		;退出程序
;===========================================================================	

	ret
_LocateAddr 	Endp
;===========================================================================
REMOTE_CODE_END		equ this byte
REMOTE_CODE_LENGTH	equ offset REMOTE_CODE_END - offset REMOTE_CODE_START
REMOTE_CODE_ENTRY	equ offset _LocateAddr - REMOTE_CODE_START
;***************************************************************************
Jmain	Proc
	mov	eax, REMOTE_CODE_LENGTH
	Invoke	VirtualAlloc, NULL, eax, MEM_COMMIT, PAGE_EXECUTE_READWRITE
;====================================================================
	;将代码copy到堆里去执行
	pushad
	mov	esi, offset REMOTE_CODE_START
	mov	edi, eax

	mov	ecx, REMOTE_CODE_LENGTH
	cld
	rep	movsb
	popad
;====================================================================
	;将原来的代码全部填0, 以免干扰
	pushad
	mov	edi, offset REMOTE_CODE_START
	mov	eax, 0
	mov	ecx, REMOTE_CODE_LENGTH
	cld
	rep	stosb
	popad
;====================================================================
	add	eax, REMOTE_CODE_ENTRY	;入口
	jmp	eax
Jmain	Endp

End	Jmain

网友评论:

  1. Tisha Fafinski 说:

    For latest news you have to pay a visit world wide web and on world-wide-web I found this site as a finest website for newest updates.

  2. capture his heart and make him i'm gonna love you forever 说:

    Hello there, just became aware of your blog through Google, and found that it’s really informative. I’m going to watch out for brussels. I will appreciate if you continue this in future. Many people will be benefited from your writing. Cheers!

发表评论


Warning: Undefined variable $user_ID in /www/wwwroot/joenchen.com/wp-content/themes/agan/comments.php on line 66

您必须登录 才能进行评论。