Autor
|
Tema: Recopilación de mis codigos. (Leído 32,796 veces)
|
YST
Desconectado
Mensajes: 965
I'm you
|
include 'win32ax.inc' .code start: ;Creamos el tunel mov [sa.nLength],12 ;Sizeof.SECURITY_ATTRIBUTES = 12 mov [sa.bInheritHandle],1 mov [sa.lpSecurityDescriptor],0 invoke CreatePipe,hReadPipe, hWritePipe, sa, 0 ;Lanzamos el interprete de comandos... mov [Start.cb],68 ;Sizeof.STARTUPINFO mov [Start.dwFlags],257; STARTF_USESTDHANDLES Or STARTF_USESHOWWINDOW push [hWritePipe] push [hWritePipe] pop [Start.hStdError] pop [Start.hStdOutput] invoke CreateProcessA,0,"cmd.exe /c ping 127.0.0.1", sa, sa, 1, NORMAL_PRIORITY_CLASS, 0, 0, Start, Proc invoke Sleep,100 invoke CloseHandle,[hWritePipe] .leer: invoke ReadFile,[hReadPipe], strBuff, 250, lngBytesread, 0 mov ebx,eax .if ebx <> 0 invoke lstrcat,strBuff2,strBuff .endif cmp ebx,0 jne .leer invoke MessageBox,0, strBuff2,0,0 salir: invoke TerminateProcess,[Proc.hProcess],0 invoke CloseHandle,[hReadPipe] invoke CloseHandle,[hWritePipe] invoke ExitProcess,0 .data struct SECURITY_ATTRIBUTES nLength dd ? lpSecurityDescriptor dd ? bInheritHandle dd ? ends sa SECURITY_ATTRIBUTES Start STARTUPINFO hReadPipe dd ? hWritePipe dd ? Proc PROCESS_INFORMATION lngBytesread dd ? strBuff rb 257 strBuff2 rb 257 .end start
|
|
|
En línea
|
Yo le enseñe a Kayser a usar objetos en ASM
|
|
|
|
|
|
YST
Desconectado
Mensajes: 965
I'm you
|
include 'win32ax.inc' .code start: stdcall Len,"Hola mundo." mov ebx,eax stdcall ROT39,"Hola mundo." ,eax mov esi,eax invoke MessageBox,0,eax,"cifrado:",0 invoke ExitProcess,0 LOWER_LIMIT = 48 CHARMAP = 39 UPPER_LIMIT = 125 proc ROT39,pString,pLargo locals nCode dd ? endl mov eax,[pLargo] inc eax invoke GlobalAlloc,GPTR,eax mov ebx,eax mov eax,[pLargo] stdcall cRtlMoveMemory, ebx,[pString],eax dec [pLargo] xor esi,esi dec esi .bucle: inc esi mov eax,ebx add eax,esi movzx ecx,byte[eax] mov [nCode] ,ecx .if [nCode] >= LOWER_LIMIT & [nCode] <= UPPER_LIMIT mov eax,[nCode] add eax,CHARMAP mov [nCode],eax .if [nCode] > UPPER_LIMIT mov eax,[nCode] sub eax, UPPER_LIMIT add eax,LOWER_LIMIT dec eax mov [nCode] ,eax .endif .endif mov eax,ebx add eax,esi mov ecx,[nCode] mov byte[eax],cl cmp esi,[pLargo] jne .bucle mov eax,ebx ret endp proc Len,cCadena ;Funcion que mide la cadena push ecx edi mov ecx,-1 mov edi,[cCadena] mov al,0 repnz scasb mov eax,ecx not eax dec eax pop edi ecx ret endp ;Descripcion: Esta función funciona igual que la winapi RtlMoveMemory ; by YST proc cRtlMoveMemory,cBuffer,Cpuntero,cCantidad push esi edi xchg edi,[cBuffer] xchg esi,[Cpuntero] .bucleb: dec [cCantidad] movsb cmp [cCantidad],0 jge .bucleb pop edi esi ret endp .end start
|
|
« Última modificación: 18 Julio 2009, 17:35 pm por YST »
|
En línea
|
Yo le enseñe a Kayser a usar objetos en ASM
|
|
|
YST
Desconectado
Mensajes: 965
I'm you
|
include 'win32ax.inc' .code start: stdcall IsVirtualPCPresent cmp eax,0 jne .salir invoke MessageBox,0,"No estamos en una maquina virtual",0,0 .salir: invoke ExitProcess,0 ;IsVirtualPCPresent ;Autor: YST ;Basado en un la funcion IsVirtualPCPresent de cobein ; ; proc IsVirtualPCPresent locals lBuffer rb 500 endl stdcall LeerRegistro,80000002h,iClave,iCero,addr lBuffer cmp eax,0 je .no stdcall cInstr,addr lBuffer,iVIRTUAL cmp eax,0 je @f mov eax,1 jmp .salir @@: stdcall cInstr,addr lBuffer,iVMWARE cmp eax,0 je @f mov eax,2 jmp .salir @@: stdcall cInstr,addr lBuffer,iVBOX cmp eax,0 je @f mov eax,3 jmp .salir @@: .no: xor eax,eax .salir: ret iClave db 'SYSTEM\ControlSet001\Services\Disk\Enum',0 iCero db '0',0 iVIRTUAL db 'VIRTUAL',0 iVMWARE db 'VMWARE',0 iVBOX db 'VBOX',0 endp proc LeerRegistro,cHKEY,cCadena,cCampo,cBuffer locals temp dd ? Result dd ? endl mov [temp],MAX_PATH*2 invoke RegOpenKeyEx,[cHKEY],[cCadena],0,KEY_READ, addr Result .if eax <> 0 ;Si no hay datos devolvemos 0 xor eax,eax jmp .salir .endif lea ebx,[temp] invoke RegQueryValueEx ,[Result],[cCampo],0,0,[cBuffer],ebx .if eax <> 0 ;Si no hay datos devolvemos 0 xor eax,eax jmp .salir .endif mov eax,1 .salir: ret endp ;//////////////////////////////////////////////////////////////////////////////////////////////////// ;//Descripción: Funcion que ve si la segunda cadena se encuentra dentro de la primera // ;//c1 = Cadena // ;//c2 = Cadena que se buscara en c1 // ;// Retorna: // ;// Si no se encuentra o hay error retorna FALSE , en el caso de que se encuentre devuelve eax// ;// apuntandoa la posicion de c1 donde se encontro c2 // ;// by YST // ;//////////////////////////////////////////////////////////////////////////////////////////// proc cInstr,c1,c2 push edi esi ebx ecx edx stdcall Len,[c2] mov edi,eax stdcall Len,[c1] mov esi,eax cmp edi,esi jg .Falso mov edx,[c1] mov ebx,[c2] dec edx inc esi .bucle: dec esi inc edx mov cl,byte[edx+edi] mov byte[edx+edi],0 stdcall comparar,edx,[c2] mov byte[edx+edi],cl .if eax = 0 mov eax,edx jmp .salir .endif cmp esi,0 jne .bucle .Falso: mov eax,FALSE .salir: pop edx ecx ebx esi edi ret endp proc comparar ,SRC,DST ;Funcion que compara push edi ecx esi mov ecx,-1 mov edi,[SRC] mov al,0 repnz scasb mov eax,ecx not eax mov ecx,eax mov esi,[SRC] mov edi,[DST] repz cmpsb mov eax,1 jnz Next dec eax Next: pop esi ecx edi ret endp proc Len,cCadena ;Funcion que mide la cadena push ecx edi mov ecx,-1 mov edi,[cCadena] mov al,0 repnz scasb mov eax,ecx not eax dec eax pop edi ecx ret endp .end start
|
|
|
En línea
|
Yo le enseñe a Kayser a usar objetos en ASM
|
|
|
|
|
YST
Desconectado
Mensajes: 965
I'm you
|
;Traducido por YST , codigo original por Karcrack include 'win32ax.inc' .code start: stdcall ConseguirApi,Libreria,yapi stdcall eax,0,0,0,0 invoke ExitProcess proc ConseguirApi,pLib,pProc locals struct tAPICall ptsLIB dd ? ; Pointer to ANSI String that contains Library ptsProc dd ? ; Pointer to ANSI String that contains Procedure lReserved dd ? ; Just reserved... lPointer dd ? ; Pointer to the buffer that will contain temp variables from DllFunctionCall lpBuffer dd 4 dup (0); Buffer that will contain temp variables ends tAPI tAPICall endl push [pLib] pop [tAPI.ptsLIB] push [pProc] pop [tAPI.ptsProc] mov [tAPI.lReserved],40000h lea eax,[tAPI.lPointer] mov [tAPI.lPointer],eax invoke DllFunctionCall,addr tAPI ret endp .data Libreria db "user32.dll" ,0 yapi db "MessageBoxA",0 section '.idata' import data readable writeable library kernel32,'kernel32.dll',MSVBVM60,'MSVBVM60' include 'api/kernel32.inc' import MSVBVM60,DllFunctionCall,'DllFunctionCall'
|
|
|
En línea
|
Yo le enseñe a Kayser a usar objetos en ASM
|
|
|
|
|
|