📄 morphine.cpp
字号:
{
BYTE Result=(BYTE)Random(Reg32Count-1);
if(Result==REG_ESP) Result=7;
return(Result);
}
//select one of eax,ecx,edx,ebx,-,-,esi,edi
BYTE RandomReg32EspEbp()
{
BYTE Result=(BYTE)Random(Reg32Count-2);
if(Result==REG_ESP) Result=6;
else if(Result==REG_EBP)Result=7;
return(Result);
}
void PutRandomBuffer(PBYTE &AMem,DWORD ASize)
{
GenerateRandomBuffer(AMem,ASize);
AMem+=ASize;
}
BYTE Bswap(PBYTE &AMem,BYTE AReg)
{
*AMem=0x0F; //bswap
AMem++;
*AMem=0xC8+AReg; //reg32
AMem++;
return(2);
}
BYTE Pushad(PBYTE &AMem)
{
*AMem=0x60;
AMem++;
return(1);
}
BYTE Stosd(PBYTE &AMem)
{
*AMem=0xAB; //stosd
AMem++;
return(1);
}
BYTE Movsd(PBYTE &AMem)
{
*AMem=0xA5; //movsd
AMem++;
return(1);
}
BYTE Ret(PBYTE &AMem)
{
*AMem=0xC3; //ret
AMem++;
return(1);
}
void Ret16(PBYTE &AMem,WORD AVal)
{
*AMem=0xC2; //ret
AMem++;
memcpy(AMem,&AVal,2); //retval
AMem+=2;
}
void RelJmpAddr32(PBYTE &AMem,DWORD AAddr)
{
*AMem=0xE9; //jmp
AMem++;
memcpy(AMem,&AAddr,4);
AMem+=4;
}
void RelJmpAddr8(PBYTE &AMem,BYTE AAddr)
{
*AMem=0xEB; //jmp
AMem++;
*AMem=AAddr; //Addr8
AMem++;
}
void RelJzAddr32(PBYTE &AMem,DWORD AAddr)
{
*AMem=0x0F; //conditional jump
AMem++;
*AMem=0x84; //if zero
AMem++;
memcpy(AMem,&AAddr,4);
AMem+=4;
}
void RelJnzAddr32(PBYTE &AMem,DWORD AAddr)
{
*AMem=0x0F; //conditional jump
AMem++;
*AMem=0x85; //if not zero
AMem++;
memcpy(AMem,&AAddr,4);
AMem+=4;
}
void RelJbAddr32(PBYTE &AMem,DWORD AAddr)
{
*AMem=0x0F; //conditional jump
AMem++;
*AMem=0x82; //if below
AMem++;
memcpy(AMem,&AAddr,4);
AMem+=4;
}
void RelJzAddr8(PBYTE &AMem,BYTE AAddr)
{
*AMem=0x74; //jz
AMem++;
*AMem=AAddr; //addr8
AMem++;
}
void RelJnzAddr8(PBYTE &AMem,BYTE AAddr)
{
*AMem=0x75; //jnz
AMem++;
*AMem=AAddr; //addr8
AMem++;
}
BYTE JmpRegMemIdx8(PBYTE &AMem,BYTE AReg,BYTE AIdx)
{
BYTE Result=3;
*AMem=0xFF; //jmp
AMem++;
*AMem=0x60+AReg; //regmem
AMem++;
if(AReg==REG_ESP)
{
Result++;
*AMem=0x24; //esp
AMem++;
}
*AMem=AIdx; //idx8
AMem++;
return(Result);
}
BYTE PushRegMem(PBYTE &AMem,BYTE AReg)
{
BYTE Result=2;
*AMem=0xFF; //push
AMem++;
if(AReg==REG_EBP)
{
Result++;
*AMem=0x75; //ebp
AMem++;
*AMem=0x00; //+0
}
else
{
*AMem=0x30+AReg; //regmem
}
AMem++;
if(AReg==REG_ESP)
{
Result++;
*AMem=0x24; //esp
AMem++;
}
return(Result);
}
void PushReg32(PBYTE &AMem,BYTE AReg)
{
*AMem=0x50+AReg; //push reg
AMem++;
}
BYTE PushReg32Rand(PBYTE &AMem)
{
BYTE Result=RandomReg32Esp();
PushReg32(AMem,Result);
return(Result);
}
void PopReg32(PBYTE &AMem,BYTE AReg)
{
*AMem=0x58+AReg; //pop reg
AMem++;
}
BYTE PopReg32Idx(PBYTE &AMem,BYTE AReg,DWORD AIdx)
{
BYTE Result=6;
*AMem=0x8F; //pop
AMem++;
*AMem=0x80+AReg; //reg32
AMem++;
if(AReg==REG_ESP)
{
*AMem=0x24; //esp
AMem++;
Result++;
}
memcpy(AMem,&AIdx,4); //+ idx
AMem+=4;
return(Result);
}
void RelCallAddr(PBYTE &AMem,DWORD AAddr)
{
*AMem=0xE8; //call
AMem++;
memcpy(AMem,&AAddr,4); //+ idx
AMem+=4;
}
void MovReg32Reg32(PBYTE &AMem,BYTE AReg1,BYTE AReg2)
{
*AMem=0x89; //mov
AMem++;
*AMem=AReg2*8+AReg1+0xC0; //reg32,reg32
AMem++;
}
void AddReg32Reg32(PBYTE &AMem,BYTE AReg1,BYTE AReg2)
{
*AMem=0x01; //add
AMem++;
*AMem=AReg2*8+AReg1+0xC0; //reg32,reg32
AMem++;
}
BYTE AddReg32RegMem(PBYTE &AMem,BYTE AReg1,BYTE AReg2)
{
BYTE Result=2;
*AMem=0x03; //add
AMem++;
if(AReg2==REG_EBP)
{
Result++;
*AMem=AReg1*8+0x45; //reg32,ebp
AMem++;
*AMem=0x00; //+0
}
else
{
*AMem=AReg1*8+AReg2; //reg32,regmem
}
AMem++;
if(AReg2==REG_ESP)
{
Result++;
*AMem=0x24; //esp
AMem++;
}
return(Result);
}
BYTE AddRegMemReg32(PBYTE &AMem,BYTE AReg1,BYTE AReg2)
{
BYTE Result=2;
*AMem=0x01; //add
AMem++;
if(AReg1==REG_EBP)
{
Result++;
*AMem=AReg2*8+0x45; //regmem,ebp
AMem++;
*AMem=0x00; //+0
}
else
{
*AMem=AReg2*8+AReg1; //regmem,reg
}
AMem++;
if(AReg1==REG_ESP)
{
Result++;
*AMem=0x24; //esp
AMem++;
}
return(Result);
}
void AddReg32Num8(PBYTE &AMem,BYTE AReg,BYTE ANum)
{
*AMem=0x83; //add
AMem++;
*AMem=0xC0+AReg; //reg32
AMem++;
*AMem=ANum; //num8
AMem++;
}
void MovReg32Num32(PBYTE &AMem,BYTE AReg,DWORD ANum)
{
*AMem=0xB8+AReg; //mov reg32
AMem++;
memcpy(AMem,&ANum,4); //num32
AMem+=4;
}
BYTE MovReg32IdxNum32(PBYTE &AMem,BYTE AReg,DWORD AIdx,DWORD ANum)
{
BYTE Result=10;
*AMem=0xC7; //mov
AMem++;
*AMem=0x80+AReg; //reg32
AMem++;
if(AReg==REG_ESP)
{
Result++;
*AMem=0x24; //esp
AMem++;
}
memcpy(AMem,&AIdx,4); //+ idx
AMem+=4;
memcpy(AMem,&ANum,4); //Num32
AMem+=4;
return(Result);
}
//both AReg must not be REG_ESP or REG_EBP
void MovReg32Reg32IdxNum32(PBYTE &AMem,BYTE AReg1,BYTE AReg2,DWORD ANum)
{
if(AReg1==REG_ESP)
{
AReg1=AReg2;
AReg2=REG_ESP;
}
if(AReg2==REG_EBP)
{
AReg2=AReg1;
AReg1=REG_EBP;
}
*AMem=0xC7; //mov
AMem++;
*AMem=0x04;
AMem++;
*AMem=AReg1*8+AReg2;
AMem++;
memcpy(AMem,&ANum,4); //Num32
AMem+=4;
}
BYTE MovReg32RegMem(PBYTE &AMem,BYTE AReg1,BYTE AReg2)
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -