我一定是瘋了,搞了一整天XD 順便練習看c++組譯後的code,還蠻有趣的
1st、2nd的地方要自己變更 可惜Define在Disable的地方不能用,不然可以少改一次
我只匯出eax、ebx、ecx、edx、esi、edi、esp、ebp這8個的值 stack的部分應該再多加個迴圈讀就好了,不過寫累了,有空再加~
- [Enable]
- Alloc(Hook,256)
- Alloc(MyOpenFile,64)
- Alloc(HFILE,4)
- Alloc(MyFileName,64)
- Alloc(lpReOpenBuff,64)
- Alloc(uStyle,4)
- Alloc(OF_CREATE,4)
- Alloc(OF_WRITE,4)
- Alloc(MyWriteFile,64)
- Alloc(lpBuffer,32)
- Alloc(nNumberOfBytesToWrite,4)
- Alloc(lpNumberOfBytesWritten,4)
- Alloc(MyCloseFile,32)
- Alloc(MyHexToStr,128)
- Label(number)
- Label(MyLoop)
- Alloc(MyRegWrite,64)
- Alloc(MyFunction,1024)
- OF_CREATE:
- DD 00001000
- OF_WRITE:
- DD 00000001
- //1st
- ///////////////////////////////////////////////
- Define(HookAddr,004EC3C0)
- Define(RetAddr,004EC3C6)
- Define(OpcodeCode1,mov eax,[esi+2C])
- Define(OpcodeCode2,mov [ebp-10],eax)
- MyFileName:
- DB 'C:\Users\Administrator\Desktop\Reg.txt'
- ///////////////////////////////////////////////
- HookAddr:
- jmp Hook
- Hook:
- call MyFunction
- OpcodeCode1
- OpcodeCode2
- jmp RetAddr
- MyHexToStr:
- push eax
- push ebx
- push ecx
- mov ebx,8
- xor ecx,ecx
- MyLoop:
- dec ebx
- mov eax,[esp+10]
- shr eax,cl
- and eax,0000000F
- cmp al,0A
- jb number
- add al,07
- number:
- add al,30
- mov [lpBuffer+ebx],al
- add ecx,4
- cmp ecx,20
- jne MyLoop
- mov [lpBuffer+8],0A0D
- pop ecx
- pop ebx
- pop eax
- ret 0004
- MyOpenFile:
- push eax
- mov eax,[OF_CREATE]
- or eax,[OF_WRITE]
- mov [uStyle],eax
- pop eax
- push [uStyle]
- push lpReOpenBuff
- push MyFileName
- call OpenFile
- mov [HFILE],eax
- ret
- MyWriteFile:
- pushad
- push 00
- push lpNumberOfBytesWritten
- push [nNumberOfBytesToWrite]
- push lpBuffer
- push [HFILE]
- call WriteFile
- popad
- ret
- MyCloseFile:
- push [HFILE]
- call CloseHandle
- ret
- MyRegWrite:
- push eax
- mov eax,[esp+0C]
- mov [lpBuffer],eax
- pop eax
- mov [lpBuffer+3],09
- mov [nNumberOfBytesToWrite],04
- call MyWriteFile
- mov [nNumberOfBytesToWrite],0A
- push [esp+04]
- call MyHexToStr
- call MyWriteFile
- ret 0008
- MyFunction:
- pushad
- call MyOpenFile
- popad
- push 'eax'
- push eax
- call MyRegWrite
- push 'ebx'
- push ebx
- call MyRegWrite
- push 'ecx'
- push ecx
- call MyRegWrite
- push 'edx'
- push edx
- call MyRegWrite
- push 'esi'
- push esi
- call MyRegWrite
- push 'edi'
- push edi
- call MyRegWrite
- push 'esp'
- push esp
- call MyRegWrite
- push 'ebp'
- push ebp
- call MyRegWrite
- call MyCloseFile
- ret
- [Disable]
- //2nd
- ///////////////////////////////////////////////
- 004EC3C0:
- mov eax,[esi+2C]
- mov [ebp-10],eax
- ///////////////////////////////////////////////
- DeAlloc(Hook)
- DeAlloc(MyOpenFile)
- DeAlloc(HFILE)
- DeAlloc(MyFileName)
- DeAlloc(lpReOpenBuff)
- DeAlloc(uStyle)
- DeAlloc(OF_CREATE)
- DeAlloc(OF_WRITE)
- DeAlloc(MyWriteFile)
- DeAlloc(lpBuffer)
- DeAlloc(nNumberOfBytesToWrite)
- DeAlloc(lpNumberOfBytesWritten)
- DeAlloc(MyCloseFile)
- DeAlloc(MyHexToStr)
- DeAlloc(MyRegWrite)
- DeAlloc(MyFunction)
複製代碼
|
留言
張貼留言