📄 morph.dpr
字号:
library morph;
{****************************************************************************}
{ }
{ This is a polymorphic engine of Morphine v2.7 by Holy_Father && Ratter/29A }
{ }
{****************************************************************************}
const
REG_EAX = 0;
REG_ECX = 1;
REG_EDX = 2;
REG_EBX = 3;
REG_ESP = 4;
REG_EBP = 5;
REG_ESI = 6;
REG_EDI = 7;
REG_NON = 255;
Reg8Count = 8;
Reg16Count = 8;
Reg32Count = 8;
type
PByte = ^Byte;
PWord = ^Word;
PCardinal = ^Cardinal;
procedure GenerateRandomBuffer(ABuf: PByte; ASize: Cardinal);
var
LI: Integer;
begin
for LI := 0 to ASize - 1 do
begin
ABuf^ := Random($FE) + 1;
Inc(ABuf);
end;
end;
procedure PutRandomBuffer(var AMem: PByte; ASize: Cardinal);
begin
GenerateRandomBuffer(AMem, ASize);
Inc(AMem, ASize);
end;
function RandomReg32All: Byte;
begin
Result := Random(Reg32Count);
end;
function RandomReg16All: Byte;
begin
Result := Random(Reg16Count);
end;
function RandomReg8ABCD: Byte;
begin
Result := Random(Reg8Count);
end;
function RandomReg32Esp: Byte;
begin
Result := Random(Reg32Count - 1);
if Result = REG_ESP then Result := 7;
end;
function RandomReg32EspEbp: Byte;
begin
Result := Random(Reg32Count - 2);
if Result = REG_ESP then
Result := 6
else
if Result = REG_EBP then Result := 7;
end;
procedure ThrowTheDice(var ADice: Cardinal; ASides: Cardinal = 6); overload;
begin
ADice := Random(ASides) + 1;
end;
procedure ThrowTheDice(var ADice: Word; ASides: Word = 6); overload;
begin
ADice := Random(ASides) + 1;
end;
procedure ThrowTheDice(var ADice: Byte; ASides: Byte = 6); overload;
begin
ADice := Random(ASides) + 1;
end;
function Bswap(var AMem: PByte; AReg: Byte): Byte;
begin
Result := 2;
AMem^ := $0F;
Inc(AMem);
AMem^ := $C8 + AReg;
Inc(AMem);
end;
function Pushad(var AMem: PByte): Byte;
begin
Result := 1;
AMem^ := $60;
Inc(AMem);
end;
function Stosd(var AMem: PByte): Byte;
begin
Result := 1;
AMem^ := $AB;
Inc(AMem);
end;
function Movsd(var AMem:PByte): Byte;
begin
Result := 1;
AMem^ := $A5;
Inc(AMem);
end;
function Ret(var AMem: PByte): Byte;
begin
Result := 1;
AMem^ := $C3;
Inc(AMem);
end;
procedure Ret16(var AMem: PByte; AVal: Word);
begin
AMem^ := $C2;
Inc(AMem);
PWord(AMem)^ := AVal;
Inc(AMem,2);
end;
procedure RelJmpAddr32(var AMem: PByte; AAddr: Cardinal);
begin
AMem^ := $E9;
Inc(AMem);
PCardinal(AMem)^ := AAddr;
Inc(AMem,4);
end;
procedure RelJmpAddr8(var AMem: PByte; AAddr: Byte);
begin
AMem^ := $EB;
Inc(AMem);
AMem^ := AAddr;
Inc(AMem);
end;
procedure RelJzAddr32(var AMem: PByte; AAddr: Cardinal);
begin
AMem^ := $0F;
Inc(AMem);
AMem^ := $84;
Inc(AMem);
PCardinal(AMem)^ := AAddr;
Inc(AMem,4);
end;
procedure RelJnzAddr32(var AMem: PByte; AAddr: Cardinal);
begin
AMem^ := $0F;
Inc(AMem);
AMem^ := $85;
Inc(AMem);
PCardinal(AMem)^ := AAddr;
Inc(AMem,4);
end;
procedure RelJbAddr32(var AMem: PByte; AAddr: Cardinal);
begin
AMem^ := $0F;
Inc(AMem);
AMem^ := $82;
Inc(AMem);
PCardinal(AMem)^ := AAddr;
Inc(AMem,4);
end;
procedure RelJzAddr8(var AMem: PByte; AAddr: Byte);
begin
AMem^ := $74;
Inc(AMem);
AMem^ := AAddr;
Inc(AMem);
end;
procedure RelJnzAddr8(var AMem: PByte; AAddr: Byte);
begin
AMem^ := $75;
Inc(AMem);
AMem^ := AAddr;
Inc(AMem);
end;
function JmpRegMemIdx8(var AMem: PByte; AReg, AIdx: Byte): Byte;
begin
Result := 3;
AMem^ := $FF;
Inc(AMem);
AMem^ := $60 + AReg;
InC(AMem);
if AReg = REG_ESP then
begin
Inc(Result);
AMem^ := $24;
Inc(AMem);
end;
AMem^ := AIdx;
Inc(AMem);
end;
function PushRegMem(var AMem: PByte; AReg: Byte): Byte;
begin
Result := 2;
AMem^ := $FF;
Inc(AMem);
if AReg = REG_EBP then
begin
Inc(Result);
AMem^ := $75;
Inc(AMem);
AMem^ := $00;
end else
AMem^ := $30 + AReg;
Inc(AMem);
if AReg = REG_ESP then
begin
Inc(Result);
AMem^ := $24;
Inc(AMem);
end;
end;
procedure PushReg32(var AMem: PByte; AReg: Byte);
begin
AMem^ := $50 + AReg;
Inc(AMem);
end;
function PushReg32Rand(var AMem: PByte): Byte;
begin
Result := RandomReg32Esp;
PushReg32(AMem, Result);
end;
procedure PopReg32(var AMem: PByte; AReg: Byte);
begin
AMem^ := $58 + AReg;
Inc(AMem);
end;
function PopReg32Idx(var AMem: PByte; AReg: Byte; AIdx: Cardinal): Byte;
begin
Result := 6;
AMem^ := $8F;
Inc(AMem);
AMem^ := $80 + AReg;
Inc(AMem);
if AReg = REG_ESP then
begin
AMem^ := $24;
Inc(AMem);
Inc(Result);
end;
PCardinal(AMem)^ := AIdx;
InC(AMem,4);
end;
procedure RelCallAddr(var AMem: PByte; AAddr: Cardinal);
begin
AMem^ := $E8;
Inc(AMem);
PCardinal(AMem)^ := AAddr;
Inc(AMem,4);
end;
procedure MovReg32Reg32(var AMem: PByte; AReg1, AReg2: Byte);
begin
AMem^ := $89;
Inc(AMem);
AMem^ := AReg2 * 8 + AReg1 + $C0;
Inc(AMem);
end;
procedure AddReg32Reg32(var AMem: PByte; AReg1, AReg2: Byte);
begin
AMem^ := $01;
Inc(AMem);
AMem^ := AReg2*8 + AReg1 + $C0;
Inc(AMem);
end;
function AddReg32RegMem(var AMem: PByte; AReg1, AReg2: Byte): Byte;
begin
Result := 2;
AMem^ := $03;
Inc(AMem);
if AReg2 = REG_EBP then
begin
Inc(Result);
AMem^ := AReg1 * 8 + $45;
Inc(AMem);
AMem^ := $00;
end else
AMem^ := AReg1 * 8 + AReg2;
Inc(AMem);
if AReg2 = REG_ESP then
begin
Inc(Result);
AMem^ := $24;
Inc(AMem);
end;
end;
function AddRegMemReg32(var AMem: PByte; AReg1, AReg2: Byte): Byte;
begin
Result := 2;
AMem^ := $01;
Inc(AMem);
if AReg1 = REG_EBP then
begin
Inc(Result);
AMem^ := AReg2 * 8 + $45;
Inc(AMem);
AMem^ := $00;
end else
AMem^ := AReg2 * 8 + AReg1;
Inc(AMem);
if AReg1 = REG_ESP then
begin
Inc(Result);
AMem^ := $24;
Inc(AMem);
end;
end;
procedure AddReg32Num8(var AMem: PByte; AReg, ANum: Byte);
begin
AMem^ := $83;
Inc(AMem);
AMem^ := $C0 + AReg;
Inc(AMem);
AMem^ := ANum;
Inc(AMem);
end;
procedure MovReg32Num32(var AMem: PByte; AReg: Byte; ANum: Cardinal);
begin
AMem^ := $B8 + AReg;
Inc(AMem);
PCardinal(AMem)^ := ANum;
Inc(AMem,4);
end;
function MovReg32IdxNum32(var AMem: PByte; AReg: Byte; AIdx, ANum: Cardinal): Byte;
begin
Result := 10;
AMem^ := $C7;
Inc(AMem);
AMem^ := $80 + AReg;
Inc(AMem);
if AReg = REG_ESP then
begin
Inc(Result);
AMem^ := $24;
Inc(AMem);
end;
PCardinal(AMem)^ := AIdx;
Inc(AMem,4);
PCardinal(AMem)^ := ANum;
Inc(AMem,4);
end;
procedure MovReg32Reg32IdxNum32(var AMem: PByte; AReg1, AReg2: Byte; ANum: Cardinal);
begin
if AReg1 = REG_ESP then
begin
AReg1 := AReg2;
AReg2 := REG_ESP;
end;
if AReg2 = REG_EBP then
begin
AReg2 := AReg1;
AReg1 := REG_EBP;
end;
AMem^ := $C7;
Inc(AMem);
AMem^ := $04;
Inc(AMem);
AMem^ := AReg1 * 8 + AReg2;
Inc(AMem);
PCardinal(AMem)^ := ANum;
Inc(AMem,4);
end;
function MovReg32RegMem(var AMem: PByte; AReg1, AReg2: Byte): Byte;
begin
Result := 2;
AMem^ := $8B;
Inc(AMem);
if AReg2 = REG_EBP then
begin
Inc(Result);
AMem^ := AReg1 * 8 + $45;
Inc(AMem);
AMem^ := $00;
end else
AMem^ := AReg1 * 8 + AReg2;
Inc(AMem);
if AReg2 = REG_ESP then
begin
Inc(Result);
AMem^ := $24;
Inc(AMem);
end;
end;
function MovRegMemReg32(var AMem: PByte; AReg1, AReg2: Byte): Byte;
begin
Result := 2;
AMem^ := $89;
Inc(AMem);
if AReg1 = REG_EBP then
begin
Inc(Result);
AMem^ := AReg2 * 8 + $45;
Inc(AMem);
AMem^ := $00;
end else
AMem^ := AReg2 * 8 + AReg1;
Inc(AMem);
if AReg1 = REG_ESP then
begin
Inc(Result);
AMem^ := $24;
Inc(AMem);
end;
end;
function MovReg32RegMemIdx8(var AMem: PByte; AReg1, AReg2, AIdx: Byte): Byte;
begin
Result := 3;
AMem^ := $8B;
Inc(AMem);
AMem^ := AReg1 * 8 + AReg2 + $40;
Inc(AMem);
if AReg2 = REG_ESP then
begin
Inc(Result);
AMem^ := $24;
Inc(AMem);
end;
AMem^ := AIdx;
Inc(AMem);
end;
procedure PushNum32(var AMem: PByte; ANum: Cardinal);
begin
AMem^ := $68;
Inc(AMem);
PCardinal(AMem)^ := ANum;
Inc(AMem,4);
end;
procedure JmpReg32(var AMem: PByte; AReg: Byte);
begin
AMem^ := $FF;
Inc(AMem);
AMem^ := $E0 + AReg;
Inc(AMem);
end;
procedure CallReg32(var AMem: PByte; AReg: Byte);
begin
AMem^ := $FF;
Inc(AMem);
AMem^ := $D0 + AReg;
Inc(AMem);
end;
procedure Cld(var AMem: PByte);
begin
AMem^ := $FC;
Inc(AMem);
end;
procedure Std(var AMem: PByte);
begin
AMem^ := $FD;
Inc(AMem);
end;
procedure Nop(var AMem: PByte);
begin
AMem^ := $90;
Inc(AMem);
end;
procedure Stc(var AMem: PByte);
begin
AMem^ := $F9;
Inc(AMem);
end;
procedure Clc(var AMem: PByte);
begin
AMem^ := $F8;
Inc(AMem);
end;
procedure Cmc(var AMem: PByte);
begin
AMem^ := $F5;
Inc(AMem);
end;
procedure XchgReg32Rand(var AMem: PByte);
begin
AMem^ := $87;
Inc(AMem);
AMem^ := $C0 + RandomReg32All * 9;
Inc(AMem);
end;
function XchgReg32Reg32(var AMem: PByte; AReg1, AReg2: Byte): Byte;
begin
if AReg2 = REG_EAX then
begin
AReg2 := AReg1;
AReg1 := REG_EAX;
end;
if AReg1 = REG_EAX then
ThrowTheDice(Result, 2)
else
Result := 2;
if Result = 2 then
begin
AMem^ := $87;
Inc(AMem);
AMem^ := $C0 + AReg2 * 8 + AReg1;
end else
AMem^ := $90 + AReg2;
Inc(AMem);
end;
procedure MovReg32Rand(var AMem: PByte);
begin
AMem^ := $8B;
Inc(AMem);
AMem^ := $C0 + RandomReg32All * 9;
Inc(AMem);
end;
procedure IncReg32(var AMem: PByte; AReg: Byte);
begin
AMem^ := $40 + AReg;
Inc(AMem);
end;
procedure DecReg32(var AMem: PByte; AReg: Byte);
begin
AMem^ := $48 + AReg;
Inc(AMem);
end;
function IncReg32Rand(var AMem: PByte): Byte;
begin
Result := RandomReg32All;
IncReg32(AMem, Result);
end;
function DecReg32Rand(var AMem: PByte): Byte;
begin
Result := RandomReg32All;
DecReg32(AMem, Result);
end;
function LeaReg32Reg32(var AMem: PByte; AReg1, AReg2: Byte): Byte;
begin
Result := 2;
AMem^ := $8D;
Inc(AMem);
if AReg2 = REG_EBP then
begin
Inc(Result);
AMem^ := AReg1 * 8 + $45;
Inc(AMem);
AMem^ := $00;
end else
AMem^ := AReg1 * 8 + AReg2;
Inc(AMem);
if AReg2 = REG_ESP then
begin
Inc(Result);
AMem^ := $24;
Inc(AMem);
end;
end;
function LeaReg32Reg32MemIdx8(var AMem: PByte; AReg1, AReg2, AIdx: Byte): Byte;
begin
Result := 3;
AMem^ := $8D;
Inc(AMem);
AMem^ := $40 + AReg1 * 8 + AReg2;
Inc(AMem);
if AReg2 = REG_ESP then
begin
Inc(Result);
AMem^ := $24;
Inc(AMem);
end;
AMem^ := AIdx;
Inc(AMem);
end;
procedure LeaReg32Rand(var AMem: PByte);
begin
AMem^ := $8D;
Inc(AMem);
AMem^ := $00 + RandomReg32EspEbp * 9;
Inc(AMem);
end;
procedure LeaReg32Addr32(var AMem: PByte; AReg, AAddr: Cardinal);
begin
AMem^ := $8D;
Inc(AMem);
AMem^ := $05 + AReg * 8;
Inc(AMem);
PCardinal(AMem)^ := AAddr;
Inc(AMem, 4);
end;
procedure TestReg32Rand(var AMem: PByte);
begin
AMem^ := $85;
Inc(AMem);
AMem^ := $C0 + RandomReg32All * 9;
Inc(AMem);
end;
procedure OrReg32Rand(var AMem: PByte);
begin
AMem^ := $0B;
Inc(AMem);
AMem^ := $C0 + RandomReg32All * 9;
Inc(AMem);
end;
procedure AndReg32Rand(var AMem: PByte);
begin
AMem^ := $23;
Inc(AMem);
AMem^ := $C0 + RandomReg32All * 9;
Inc(AMem);
end;
procedure TestReg8Rand(var AMem: PByte);
var
LReg8: Byte;
begin
LReg8 := RandomReg8ABCD;
AMem^ := $84;
Inc(AMem);
AMem^ := $C0 + LReg8 * 9;
Inc(AMem);
end;
procedure OrReg8Rand(var AMem: PByte);
var
LReg8: Byte;
begin
LReg8 := RandomReg8ABCD;
AMem^ := $0A;
Inc(AMem);
AMem^ := $C0 + LReg8 * 9;
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -