📄 compiler.cpp
字号:
case 4:
pmas->mas_compiled_code[count++] = 0x8B; // mov eax, dword ptr [eax]
pmas->mas_compiled_code[count++] = 0x00;
break;
case 2:
pmas->mas_compiled_code[count++] = 0x66; // mov ax, word ptr [eax]
pmas->mas_compiled_code[count++] = 0x8B;
pmas->mas_compiled_code[count++] = 0x00;
break;
case 1:
pmas->mas_compiled_code[count++] = 0x8A; // mov al, byte ptr [eax]
pmas->mas_compiled_code[count++] = 0x00;
}
pmas->mas_compiled_code[count++] = 0x8B; // mov edi, eax
pmas->mas_compiled_code[count++] = 0xF8;
if (pointer_level_sec > 1)
{
pmas->mas_compiled_code[count++] = 0xB9; // mov ecx, pointer_level
*(int *)(pmas->mas_compiled_code + count) = pointer_level_sec;
count += 4;
}
pmas->mas_compiled_code[count++] = 0x8B; // mov eax, [ebp + offset]
pmas->mas_compiled_code[count++] = 0x45;
pmas->mas_compiled_code[count++] = reg_offset_sec;
if (pointer_level_sec > 1)
{
pmas->mas_compiled_code[count++] = 0xEB; // jmp +2
pmas->mas_compiled_code[count++] = 0x02;
pmas->mas_compiled_code[count++] = 0x8B; // mov eax, dword ptr [eax]
pmas->mas_compiled_code[count++] = 0x00;
}
pmas->mas_compiled_code[count++] = 0x50; // push eax
pmas->mas_compiled_code[count++] = 0xFF; // call dword ptr [OffsetOfMakePageInFunction]
pmas->mas_compiled_code[count++] = 0x15;
*(int *)(pmas->mas_compiled_code + count) = (int)(&OffsetOfMakePageInFunction);
count += 4;
pmas->mas_compiled_code[count++] = 0x0B; // or eax, eax
pmas->mas_compiled_code[count++] = 0xC0;
pmas->mas_compiled_code[count++] = 0x75; // jne +5
pmas->mas_compiled_code[count++] = 0x05;
pmas->mas_compiled_code[count++] = 0xB4; // mov ah, byte_for_reverse_eflags
pmas->mas_compiled_code[count++] = byte_for_reverse_eflags;
pmas->mas_compiled_code[count++] = 0x9E; // sahf
tmp = 0;
switch (type_convertion_sec)
{
case 4:
(pointer_level_sec > 1) ? tmp = 0x1F : tmp = 0x1C;
break;
case 2:
(pointer_level_sec > 1) ? tmp = 0x2B : tmp = 0x1E;
break;
case 1:
(pointer_level_sec > 1) ? tmp = 0x24 : tmp = 0x06;
}
pmas->mas_compiled_code[count++] = 0xEB; // jmp +1E
pmas->mas_compiled_code[count++] = (UCHAR)tmp;
if (type_convertion_sec != 1 || pointer_level_sec > 1)
{
pmas->mas_compiled_code[count++] = 0x8B; // mov ebx, eax
pmas->mas_compiled_code[count++] = 0xD8;
pmas->mas_compiled_code[count++] = 0x8B; // mov edx, eax
pmas->mas_compiled_code[count++] = 0xD0;
if ((type_convertion_sec == 2 || type_convertion_sec == 1) && pointer_level_sec > 1)
{
pmas->mas_compiled_code[count++] = 0x83; // cmp ecx, 1
pmas->mas_compiled_code[count++] = 0xF9;
pmas->mas_compiled_code[count++] = 0x01;
if (type_convertion_sec == 2)
{
pmas->mas_compiled_code[count++] = 0x75; // jnz +5
pmas->mas_compiled_code[count++] = 0x05;
pmas->mas_compiled_code[count++] = 0x83; // add edx, 1
pmas->mas_compiled_code[count++] = 0xC2;
pmas->mas_compiled_code[count++] = 0x01;
pmas->mas_compiled_code[count++] = 0xEB; // jmp +3h
pmas->mas_compiled_code[count++] = 0x03;
}
else
{
pmas->mas_compiled_code[count++] = 0x74; // jz +0F
pmas->mas_compiled_code[count++] = 0x12;
}
}
if (type_convertion_sec == 2 && pointer_level_sec == 1)
{
pmas->mas_compiled_code[count++] = 0x83; // add edx, 1
pmas->mas_compiled_code[count++] = 0xC2;
pmas->mas_compiled_code[count++] = 0x01;
}
else
{
pmas->mas_compiled_code[count++] = 0x83; // add edx, 3
pmas->mas_compiled_code[count++] = 0xC2;
pmas->mas_compiled_code[count++] = 0x03;
}
pmas->mas_compiled_code[count++] = 0x76; // jna +0Dh
pmas->mas_compiled_code[count++] = 0x0D;
pmas->mas_compiled_code[count++] = 0x52; // push edx
pmas->mas_compiled_code[count++] = 0xFF; // call dword ptr [OffsetOfMakePageInFunction]
pmas->mas_compiled_code[count++] = 0x15;
*(int *)(pmas->mas_compiled_code + count) = (int)(&OffsetOfMakePageInFunction);
count += 4;
pmas->mas_compiled_code[count++] = 0x0B; // or eax, eax
pmas->mas_compiled_code[count++] = 0xC0;
if (pointer_level_sec > 1)
{
switch (type_convertion_sec)
{
case 4:
pmas->mas_compiled_code[count++] = 0x74; // jz -E7
pmas->mas_compiled_code[count++] = 0xE7;
break;
case 2:
pmas->mas_compiled_code[count++] = 0x74; // jz -DD
pmas->mas_compiled_code[count++] = 0xDD;
break;
case 1:
pmas->mas_compiled_code[count++] = 0x74; // jz -E2
pmas->mas_compiled_code[count++] = 0xE2;
}
}
else
{
pmas->mas_compiled_code[count++] = 0x74; // jz -E7
pmas->mas_compiled_code[count++] = 0xE7;
}
pmas->mas_compiled_code[count++] = 0x8B; // mov eax, ebx
pmas->mas_compiled_code[count++] = 0xC3;
if (pointer_level_sec > 1)
{
switch (type_convertion_sec)
{
case 4:
pmas->mas_compiled_code[count++] = 0x49; // dec ecx
pmas->mas_compiled_code[count++] = 0x75; // jnz -D5
pmas->mas_compiled_code[count++] = 0xD5;
break;
case 2:
pmas->mas_compiled_code[count++] = 0x49; // dec ecx
pmas->mas_compiled_code[count++] = 0x75; // jnz -CB
pmas->mas_compiled_code[count++] = 0xCB;
break;
case 1:
pmas->mas_compiled_code[count++] = 0x49; // dec ecx
pmas->mas_compiled_code[count++] = 0x75; // jnz -D0
pmas->mas_compiled_code[count++] = 0xD0;
}
}
}
switch (type_convertion_sec)
{
case 4:
pmas->mas_compiled_code[count++] = 0x8B; // mov eax, dword ptr [eax]
pmas->mas_compiled_code[count++] = 0x00;
break;
case 2:
pmas->mas_compiled_code[count++] = 0x66; // mov ax, word ptr [eax]
pmas->mas_compiled_code[count++] = 0x8B;
pmas->mas_compiled_code[count++] = 0x00;
break;
case 1:
pmas->mas_compiled_code[count++] = 0x8A; // mov al, byte ptr [eax]
pmas->mas_compiled_code[count++] = 0x00;
}
pmas->mas_compiled_code[count++] = 0x8B; // mov ebx, edi
pmas->mas_compiled_code[count++] = 0xDF;
switch (type_convertion_fir)
{
case 1:
pmas->mas_compiled_code[count++] = 0x3A; // cmp al, bl
pmas->mas_compiled_code[count++] = 0xC3;
break;
case 2:
pmas->mas_compiled_code[count++] = 0x66;
pmas->mas_compiled_code[count++] = 0x3B; // cmp ax, bx
pmas->mas_compiled_code[count++] = 0xC3;
break;
case 4:
pmas->mas_compiled_code[count++] = 0x3B; // cmp eax, ebx
pmas->mas_compiled_code[count++] = 0xC3;
}
break;
/////////////////////////////////////////////////////////////////////////////////
// in case *eax == 0x00400000 or *eax == 'some_string'
/////////////////////////////////////////////////////////////////////////////////
case 0x1101001:
if (out_type_sec)
{
if (type_convertion_fir || reg_size_fir != 4)
return false;
if (condition_opcode != 0x74 && condition_opcode != 0x75)
return false;
memset(mas_for_cmps, 0, sizeof(mas_for_cmps));
memcpy(mas_for_cmps, mas_sec, out_size_sec);
if (pointer_level_fir > 1)
{
pmas->mas_compiled_code[count++] = 0xB9; // mov ecx, pointer_level
*(int *)(pmas->mas_compiled_code + count) = pointer_level_fir;
count += 4;
}
pmas->mas_compiled_code[count++] = 0x8B; // mov eax, [ebp + offset]
pmas->mas_compiled_code[count++] = 0x45;
pmas->mas_compiled_code[count++] = reg_offset_fir;
if (pointer_level_fir > 1)
{
pmas->mas_compiled_code[count++] = 0xEB; // jmp +2
pmas->mas_compiled_code[count++] = 0x02;
pmas->mas_compiled_code[count++] = 0x8B; // mov eax, dword ptr [eax]
pmas->mas_compiled_code[count++] = 0x00;
}
pmas->mas_compiled_code[count++] = 0x50; // push eax
pmas->mas_compiled_code[count++] = 0xFF; // call dword ptr [OffsetOfMakePageInFunction]
pmas->mas_compiled_code[count++] = 0x15;
*(int *)(pmas->mas_compiled_code + count) = (int)(&OffsetOfMakePageInFunction);
count += 4;
pmas->mas_compiled_code[count++] = 0x0B; // or eax, eax
pmas->mas_compiled_code[count++] = 0xC0;
pmas->mas_compiled_code[count++] = 0x75; // jne +5
pmas->mas_compiled_code[count++] = 0x05;
pmas->mas_compiled_code[count++] = 0xB4; // mov ah, byte_for_reverse_eflags
pmas->mas_compiled_code[count++] = byte_for_reverse_eflags;
pmas->mas_compiled_code[count++] = 0x9E; // sahf
(pointer_level_fir > 1) ? tmp = 0x34 : tmp = 0x27;
if ((ULONG)out_size_sec > 0x7F) tmp += 0x3;
pmas->mas_compiled_code[count++] = 0xEB; // jmp +tmp
pmas->mas_compiled_code[count++] = (UCHAR)tmp;
pmas->mas_compiled_code[count++] = 0x8B; // mov ebx, eax
pmas->mas_compiled_code[count++] = 0xD8;
pmas->mas_compiled_code[count++] = 0x8B; // mov edx, eax
pmas->mas_compiled_code[count++] = 0xD0;
if (pointer_level_fir > 1)
{
pmas->mas_compiled_code[count++] = 0x83; // cmp ecx, 1
pmas->mas_compiled_code[count++] = 0xF9;
pmas->mas_compiled_code[count++] = 0x01;
if ((ULONG)out_size_sec < 0x80)
{
pmas->mas_compiled_code[count++] = 0x75; // jnz +5
pmas->mas_compiled_code[count++] = 0x05;
pmas->mas_compiled_code[count++] = 0x83; // add edx, out_size_sec - 1
pmas->mas_compiled_code[count++] = 0xC2;
pmas->mas_compiled_code[count++] = (UCHAR)out_size_sec - 1;
}
else
{
pmas->mas_compiled_code[count++] = 0x75; // jnz +8
pmas->mas_compiled_code[count++] = 0x08;
pmas->mas_compiled_code[count++] = 0x81; // add edx, out_size_sec - 1
pmas->mas_compiled_code[count++] = 0xC2;
*(ULONG *)(pmas->mas_compiled_code + count) = (ULONG)out_size_sec - 1;
count += 4;
}
pmas->mas_compiled_code[count++] = 0xEB; // jmp +3h
pmas->mas_compiled_code[count++] = 0x03;
pmas->mas_compiled_code[count++] = 0x83; // add edx, 3
pmas->mas_compiled_code[count++] = 0xC2;
pmas->mas_compiled_code[count++] = 0x03;
}
else
{
if ((ULONG)out_size_sec < 0x80)
{
pmas->mas_compiled_code[count++] = 0x83; // add edx, out_size_sec - 1
pmas->mas_compiled_code[count++] = 0xC2;
pmas->mas_compiled_code[count++] = (UCHAR)out_size_sec - 1;
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -