📄 useful.inc
字号:
;
; Useful macroz, structurez and constantz
;
; by pker / CVC.GB
;
;
; Description
; -----------
;
; This include file contains some useful macroz and structurez needed to
; work with other include and source filez. It has sth. from 29A's zine
; and sth. from myself. This is for FASM ,which is my favorite compiler,
; only :P.
;
;
; Disclaimer
; ----------
;
; This file was built up by pker. The author is not responsible for any
; problemz caused due to use/misuse of this file.
;
;
; (c) 2004. No rightz reserved. Use without permission :P.
;
;
; push, push and push...
;
; usage:
; @pushx eax,ecx,edx,ebx
;
macro @pushx [sth2psh]
{
forward
push sth2psh
}
;
; pop, pop and pop...
;
; usage:
; @popx ebx,edx,ecx,eax
;
macro @popx [sth2psh]
{
forward
pop sth2psh
}
;
; PUSHA instruction extension macro
;
macro pusha
{
@pushx ax,cx,dx,bx,sp,bp,si,di
}
;
; POPA instruction extension macro
;
macro popa
{
@popx di,si,bp,sp,bx,dx,cx,ax
}
;
; useful structure for instruction PUSHAD, i assumed ESP as the ptr
; to this structure. it can be re-assumed at run-time. when modify-
; ing ESI between PUSHAD and POPAD, do it like this:
;
; mov [Pushad_ptr.Pushad_esi],xxxxxxxx
;
struc Pushad_struc
{
.Pushad_edi dd ?
.Pushad_esi dd ?
.Pushad_ebp dd ?
.Pushad_esp dd ?
.Pushad_ebx dd ?
.Pushad_edx dd ?
.Pushad_ecx dd ?
.Pushad_eax dd ?
}
virtual at esp
vPushad_ptr Pushad_struc
end virtual
;
; useful structure for instruction PUSHA, i assumed ESP as the ptr
; to this structure. it can be re-assumed at run-time. when modify-
; ing DI between PUSHA and POPA, do it like this:
;
; mov [Pusha_ptr.Pusha_di],xxxx
;
struc Pusha_struc
{
.Pusha_di dw ?
.Pusha_si dw ?
.Pusha_bp dw ?
.Pusha_sp dw ?
.Pusha_bx dw ?
.Pusha_dx dw ?
.Pusha_cx dw ?
.Pusha_ax dw ?
}
virtual at esp
vPusha_ptr Pusha_struc
end virtual
;
; push stringz...
;
; usage:
; @pushsz 'Hello, world!'
; or:
; @pushsz 'Hello, world!', 'Hello again :P'
;
macro @pushsz [str2psh]
{
local push_s
call push_s
db str2psh,0
push_s:
}
;
; push some stringz...
;
; usage:
; @pushs 'Hello, world!',0
;
macro @pushs [str2psh]
{
common
local push_s
call push_s
db str2psh
push_s:
}
;
; point to the end of a string (zero-ended) pointed by EDI
;
macro @endsz
{
xor ecx,ecx
dec ecx
xor al,al
repnz scasb
}
;
; copy the string (zero-ended) pointed by ESI to the buffer pointed by EDI
;
macro @copysz
{
local next_char
next_char:
lodsb
stosb
or al,al
jnz next_char
}
;
; section definationz...
;
.code equ section '.text' code readable executable
.coderwe equ section '.text' code readable writeable executable
.data equ section '.data' data readable writeable
.idata equ section '.idata' import data readable
.edata equ section '.edata' export data readable
.reloc equ section '.reloc' fixups discardable
macro .rsrc szRcFilename
{
section '.rsrc' data resource from szRcFilename readable
}
;
; import macroz...
;
;
; this macro defines the librariez to be loaded. e.g. importing user32.dll
; and kernel32.dll, we should:
;
; @imp_libz user,'user32.dll',\
; krnl,'kernel32.dll'
;
macro @imp_libz [thunk,name]
{
forward
local name_rva
dd 0,0,0,rva name_rva,rva thunk
common
dd 0,0,0,0,0
forward
name_rva db name,0
}
;
; this macro defines the apiz to be loaded. these two macroz must be used to-
; gether. e.g. now import MessageBoxA from user32.dll and ExitProcess from
; kernel32.dll, we should:
;
; @imp_apiz user,MessageBox,'MessageBoxA'
; @imp_apiz krnl,ExitProcess,'ExitProcess'
;
macro @imp_apiz thunk,[api,api_name]
{
common
thunk:
forward
local __imp_api
api dd rva __imp_api
common
dd 0
forward
__imp_api dw 0
db api_name,0
}
;
; after using the two macroz above to import the librariez and apiz, we can call
; our apiz like this:
;
; xor eax,eax
; push eax
; @pushsz 'test','A simple useful.inc test'
; push eax
; call [MessageBox]
; push 0
; call [ExitProcess]
;
;
; but why don't we do sth. even more simple :P, so let's make a invoke macro to
; make thingz more easier :D
;
macro @invoke api2call,[argv]
{
reverse
if argv eqtype ""
@pushsz argv
else
push argv
end if
common
call [api2call]
}
;
; and we don't want to push so much when calling our own proc, so...
;
macro @call api2call,[argv]
{
reverse
if argv eqtype ""
@pushsz argv
else
push argv
end if
common
call api2call
}
;
; win32 find data...
;
struc FILETIME
{
.FT_dwLowDataTime dd ?
.FT_dwHighDataTime dd ?
.size = $-.FT_dwLowDataTime
}
virtual at 0
vFileTime FILETIME
end virtual
struc WIN32_FIND_DATA
{
.WFD_dwFileAttributes dd ?
.WFD_ftCreationTime FILETIME
.WFD_ftLastAccessTime FILETIME
.WFD_ftLastWriteTime FILETIME
.WFD_nFileSizeHigh dd ?
.WFD_nFileSizeLow dd ?
.WFD_dwReserved0 dd ?
.WFD_dwReserved1 dd ?
.WFD_szFileName:
times 260 db ?
.WFD_szAlternateFileName:
times 13 db ?
times 3 db ?
.size = $-.WFD_dwFileAttributes
}
virtual at 0
vWin32FindData WIN32_FIND_DATA
end virtual
;
; the floating save area used in CONTEXT structure, don't tell me
; you don't know it :P
;
struc FLOAT_SAVE_AREA
{
.ControlWord dd ?
.StatusWord dd ?
.TagWord dd ?
.ErrorOffset dd ?
.ErrorSelector dd ?
.DataOffset dd ?
.DataSelector dd ?
.RegisterArea:
times 80 db ?
.Cr0NpxState dd ?
.size = $-.ControlWord
}
;
; the CONTEXT frame...
;
struc CONTEXT
{
.CONTEXT_ContextFlags dd ?
.CONTEXT_Dr0 dd ?
.CONTEXT_Dr1 dd ?
.CONTEXT_Dr2 dd ?
.CONTEXT_Dr3 dd ?
.CONTEXT_Dr6 dd ?
.CONTEXT_Dr7 dd ?
.CONTEXT_FloatSave:
times 128 db ?
.CONTEXT_SegGs dd ?
.CONTEXT_SegFs dd ?
.CONTEXT_SegEs dd ?
.CONTEXT_SegDs dd ?
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -