📄 compiler.cpp
字号:
if (count)
return false;
return true;
}
//++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
bool CompileOneCondition(char *&buffer, pcompiled_condition pmas)
{
char *buf = buffer;
ULONG value = 0;
char condition_opcode = 0;
short count = 0;
int i;
int type_convertion_fir = 0;
int pointer_level_fir = 0;
char reg_offset_fir = 0;
char reg_size_fir = 0;
int out_type_fir = 0;
int out_size_fir = 0;
char mas_fir[0x100];
int type_convertion_sec = 0;
int pointer_level_sec = 0;
char reg_offset_sec = 0;
char reg_size_sec = 0;
int out_type_sec = 0;
int out_size_sec = 0;
char mas_sec[0x100];
for (i = 0; i <= 0x100; i++)
mas_fir[i] = mas_sec[i] = 0;
int n1 = (int)FindPointerCondition(buf, pointer_level_fir, type_convertion_fir);
int n2 = (int)FindRegister(buf, reg_offset_fir, reg_size_fir);
int n3 = (int)FindBinaryCondition(buf, out_type_fir, out_size_fir, mas_fir);
int n4 = (int)FindEqualCondition(buf, condition_opcode);
int n5 = (int)FindPointerCondition(buf, pointer_level_sec, type_convertion_sec);
int n6 = (int)FindRegister(buf, reg_offset_sec, reg_size_sec);
int n7 = (int)FindBinaryCondition(buf, out_type_sec, out_size_sec, mas_sec);
switch (condition_opcode)
{
case 0x74: case 0x72: case 0x76:
byte_for_reverse_eflags = 0x00;
break;
case 0x75:
byte_for_reverse_eflags = 0x40;
break;
case 0x73:
byte_for_reverse_eflags = 0x01;
break;
case 0x77:
byte_for_reverse_eflags = 0x41;
}
//DbgPrint("%X, %X, %X\n", condition_opcode, byte_for_reverse_eflags, &byte_for_reverse_eflags);
int res = (n1 << 6*4) + (n2 << 5*4) + (n3 << 4*4) + (n4 << 3*4) + (n5 << 2*4) + (n6 << 1*4) + (n7 << 0*4);
switch (res)
{
/////////////////////////////////////////////////////////////////////////////////
// in case eax == edx
/////////////////////////////////////////////////////////////////////////////////
case 0x0101010:
if (reg_size_fir < reg_size_sec)
return false;
switch (reg_size_sec)
{
case 4:
{
pmas->mas_compiled_code[count++] = 0x8B;
pmas->mas_compiled_code[count++] = 0x45;
pmas->mas_compiled_code[count++] = reg_offset_fir;
pmas->mas_compiled_code[count++] = 0x3B;
pmas->mas_compiled_code[count++] = 0x45;
pmas->mas_compiled_code[count++] = reg_offset_sec;
break;
}
case 2:
{
pmas->mas_compiled_code[count++] = 0x66;
pmas->mas_compiled_code[count++] = 0x8B;
pmas->mas_compiled_code[count++] = 0x45;
pmas->mas_compiled_code[count++] = reg_offset_fir;
pmas->mas_compiled_code[count++] = 0x66;
pmas->mas_compiled_code[count++] = 0x3B;
pmas->mas_compiled_code[count++] = 0x45;
pmas->mas_compiled_code[count++] = reg_offset_sec;
break;
}
case 1:
{
pmas->mas_compiled_code[count++] = 0x8A;
pmas->mas_compiled_code[count++] = 0x45;
pmas->mas_compiled_code[count++] = reg_offset_fir;
pmas->mas_compiled_code[count++] = 0x3A;
pmas->mas_compiled_code[count++] = 0x45;
pmas->mas_compiled_code[count++] = reg_offset_sec;
}
}
break;
/////////////////////////////////////////////////////////////////////////////////
// in case eax == 0x00400000
/////////////////////////////////////////////////////////////////////////////////
case 0x0101001:
if (out_type_sec) return false;
value = *(PULONG)mas_sec;
switch (reg_size_fir)
{
case 4: //if register = dword
{
if (value == 0 || value == -1)
{
pmas->mas_compiled_code[count++] = 0x83;
pmas->mas_compiled_code[count++] = 0x7D;
pmas->mas_compiled_code[count++] = reg_offset_fir;
pmas->mas_compiled_code[count++] = (char)value;
}
else
{
pmas->mas_compiled_code[count++] = 0x81;
pmas->mas_compiled_code[count++] = 0x7D;
pmas->mas_compiled_code[count++] = reg_offset_fir;
*(int *)(pmas->mas_compiled_code + count) = value;
count += sizeof(int);
}
break;
}
case 2: //if register = word
{
if ((value & 0xFFFF) == 0 || (value & 0xFFFF) == -1)
{
pmas->mas_compiled_code[count++] = 0x66;
pmas->mas_compiled_code[count++] = 0x83;
pmas->mas_compiled_code[count++] = 0x7D;
pmas->mas_compiled_code[count++] = reg_offset_fir;
pmas->mas_compiled_code[count++] = (char)value;
}
else
{
pmas->mas_compiled_code[count++] = 0x66;
pmas->mas_compiled_code[count++] = 0x81;
pmas->mas_compiled_code[count++] = 0x7D;
pmas->mas_compiled_code[count++] = reg_offset_fir;
*(short *)(pmas->mas_compiled_code + count) = (short)value;
count += sizeof(short);
}
break;
}
case 1: //if register = byte
{
pmas->mas_compiled_code[count++] = 0x80;
pmas->mas_compiled_code[count++] = 0x7D;
pmas->mas_compiled_code[count++] = reg_offset_fir;
pmas->mas_compiled_code[count++] = (char)value;
}
}
break;
/////////////////////////////////////////////////////////////////////////////////
// in case eax == *edx or *eax == edx
/////////////////////////////////////////////////////////////////////////////////
case 0x0101110: case 0x1101010:
char offset_fir;
char offset_sec;
char size_fir;
char size_sec;
int type_conv;
int level;
int cmp_exit;
int tmp;
if (res & 0x1000000)
{
level = pointer_level_fir;
type_conv = type_convertion_fir;
offset_fir = reg_offset_fir;
offset_sec = reg_offset_sec;
size_fir = reg_size_fir;
size_sec = reg_size_sec;
}
else
{
level = pointer_level_sec;
type_conv = type_convertion_sec;
offset_fir = reg_offset_sec;
offset_sec = reg_offset_fir;
size_fir = reg_size_sec;
size_sec = reg_size_fir;
}
if ( (size_fir != 4) || (type_conv == 1 && size_sec > 1) || (type_conv == 2 && size_sec > 2) )
return false;
if (type_conv == 3 || type_conv == 0)
type_conv = 4;
cmp_exit = 5; // if *byte == byte
if (type_conv == 4)
{
if (size_sec == 4) cmp_exit = 0; // if *dword == dword
else if (size_sec == 2) cmp_exit = 1; // if *dword == word
else if (size_sec == 1) cmp_exit = 2; // if *dword == byte
}
else if (type_conv == 2)
{
if (size_sec == 2) cmp_exit = 3; // if *word == word
else if (size_sec == 1) cmp_exit = 4; // if *word == byte
}
if (level > 1)
{
pmas->mas_compiled_code[count++] = 0xB9; // mov ecx, pointer_level
*(int *)(pmas->mas_compiled_code + count) = level;
count += 4;
}
pmas->mas_compiled_code[count++] = 0x8B; // mov eax, [ebp + offset]
pmas->mas_compiled_code[count++] = 0x45;
pmas->mas_compiled_code[count++] = offset_fir;
if (level > 1)
{
pmas->mas_compiled_code[count++] = 0xEB; // jmp +2
pmas->mas_compiled_code[count++] = 0x02;
pmas->mas_compiled_code[count++] = 0x8B; // mov eax, dword ptr [eax]
pmas->mas_compiled_code[count++] = 0x00;
}
pmas->mas_compiled_code[count++] = 0x50; // push eax
pmas->mas_compiled_code[count++] = 0xFF; // call dword ptr [OffsetOfMakePageInFunction]
pmas->mas_compiled_code[count++] = 0x15;
*(int *)(pmas->mas_compiled_code + count) = (int)(&OffsetOfMakePageInFunction);
count += 4;
pmas->mas_compiled_code[count++] = 0x0B; // or eax, eax
pmas->mas_compiled_code[count++] = 0xC0;
pmas->mas_compiled_code[count++] = 0x75; // jnz +5
pmas->mas_compiled_code[count++] = 0x05;
pmas->mas_compiled_code[count++] = 0xB4; // mov ah, byte_for_reverse_eflags
pmas->mas_compiled_code[count++] = byte_for_reverse_eflags;
pmas->mas_compiled_code[count++] = 0x9E; // sahf
if (level > 1 || cmp_exit != 5)
{
pmas->mas_compiled_code[count++] = 0xEB; // jmp +1E
if ((type_conv == 2 || type_conv == 1) && level > 1)
{
if (type_conv == 2)
tmp = 0xD;
else
tmp = 0x5;
}
else if (level > 1)
tmp = 0x3;
else
tmp = 0x0;
if (cmp_exit == 0)
pmas->mas_compiled_code[count++] = 0x16 + 0x05 + (UCHAR)tmp;
else if (cmp_exit == 1)
pmas->mas_compiled_code[count++] = 0x16 + 0x0A + (UCHAR)tmp;
else if (cmp_exit == 2)
pmas->mas_compiled_code[count++] = 0x16 + 0x09 + (UCHAR)tmp;
else if (cmp_exit == 3)
pmas->mas_compiled_code[count++] = 0x16 + 0x07 + (UCHAR)tmp;
else if (cmp_exit == 4)
pmas->mas_compiled_code[count++] = 0x16 + 0x0B + (UCHAR)tmp;
else
pmas->mas_compiled_code[count++] = 0x16 + 0x08 + (UCHAR)tmp;
pmas->mas_compiled_code[count++] = 0x8B; // mov ebx, eax
pmas->mas_compiled_code[count++] = 0xD8;
pmas->mas_compiled_code[count++] = 0x8B; // mov edx, eax
pmas->mas_compiled_code[count++] = 0xD0;
if ((type_conv == 2 || type_conv == 1) && level > 1)
{
pmas->mas_compiled_code[count++] = 0x83; // cmp ecx, 1
pmas->mas_compiled_code[count++] = 0xF9;
pmas->mas_compiled_code[count++] = 0x01;
if (type_conv == 2)
{
pmas->mas_compiled_code[count++] = 0x75; // jnz +5
pmas->mas_compiled_code[count++] = 0x05;
pmas->mas_compiled_code[count++] = 0x83; // add edx, 1
pmas->mas_compiled_code[count++] = 0xC2;
pmas->mas_compiled_code[count++] = 0x01;
pmas->mas_compiled_code[count++] = 0xEB; // jmp +3h
pmas->mas_compiled_code[count++] = 0x03;
}
else
{
pmas->mas_compiled_code[count++] = 0x74; // jz +0F
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -