📄 capcon.asm
字号:
;@GOTO -)
.586P
.MODEL FLAT
INCLUDE WINDOWS.inc
UNICODE=0
INCLUDE APIMACRO.mac
INCLUDE APIHOOKS.inc
INCLUDELIB iKERNEL32
INCLUDELIB iUSER32
INCLUDELIB iApiHooks
.DATA?
DllName SIGN PROCESSENTRY32 DUP (?)
.CODE
TEXTA Ask, <*** Console Saver for Win9x ***/n>
TEXTA Ask1,<Do you want to save bytes written to console output/n>
TEXTA Ask2,<or to standard error output? Yes//No//Quit [y//n//Enter] /) >
TEXT ShortDllName, <CapCon.dll/0>
TEXT CaptureSwitch, <CaptureSwitch/0>
PrimaryThread:
MOV EAX, DS
TEST AL, 100B
JE Exit ;NT? -> exit
oLEA ESI, DllName
ASSUME ESI :PTR PROCESSENTRY32
MOV [ESI].dwSize, PROCESSENTRY32
iWin32 CreateToolhelp32Snapshot, TH32CS_SNAPPROCESS, NULL
MOV EBX, EAX
iWin32 Process32First, EBX, ESI
iWin32 CloseHandle, EBX
MOV EDI, [ESI].th32ProcessID
ASSUME ESI :NOTHING
iWin32i GetModuleFileName, NULL, ESI, MAX_PATH
MOV DWORD PTR [ESI+EAX-4], "LLD."
iWin32 _lwrite, STD_OUTPUT_HANDLE, sAsk, LAsk+LAsk1+LAsk2
PUSH EAX
MOV ECX, ESP
iWin32 _lread, STD_INPUT_HANDLE, ECX, 1
POP EBX
OR BL, ' '
CMP BL, 'y'
JE @F
CMP BL, 'n'
JNE Exit
@@:
;check if there is CapCon.dll in KERNEL32.DLL process already
iWin32i IsModuleLoaded, NULL, sShortDllName, EDI, 60000
TEST EAX, EAX
JE DoEAH
CMP EAX, ErrorAHMin
JAE Exit
MOV ESI, sShortDllName
JMP Attach
;it is not there
DoEAH:
iWin32i EstablishApiHooks, NULL, ESI, EDI, 60000
CMP EAX, ErrorAWSuccess
JNE Exit
Attach:
XOR ECX, ECX
CMP BL, 'y'
SETE CL
PUSH ECX
iWin32i LoadAndCall, NULL, ESI, EDI, 60000, 1, sCaptureSwitch, 1, ESP
POP ECX
Exit:
iWin32 ExitProcess, EAX
END PrimaryThread
:-)
@ECHO OFF
ML /c /coff /Gz /Cp /nologo CapCon.bat
eLINK CapCon /nologo /SUBSYSTEM:CONSOLE /MERGE:.idata=.text /IGNORE:4108,4078
DEL CapCon.obj
PAUSE
CLS⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -