TC官方合作论坛
标题:
【类人猿】 ASM32 TC内联汇编支持库
[打印本页]
作者:
类人猿
时间:
2017-8-29 23:08
标题:
【类人猿】 ASM32 TC内联汇编支持库
本帖最后由 类人猿 于 2017-8-30 00:25 编辑
TC可以直接内联汇编,这个库是本人初稿。此库给大家吃一颗定心丸。TC图色超强,内存一样无比强大。Q:578052137 Q群:128262077一起放手干吧!
function 远程注入数据(Hwnd,字节集)
字节集=字节集&" C3"
var size_Str=strlen(strreplace(字节集," ",""))+20
var addr= (申请指定窗口内存空间(Hwnd,size_Str))
//调试输出(strformat("%x", addr))
写data(Hwnd,addr,字节集)
var PID=根据窗口句柄获取进程pid(Hwnd)
var 进程句柄=dllcall("kernel32.dll","long","OpenProcess","int",2035711,"int",0,"int",PID)
var RetValue=dllcall("kernel32.dll","long","CreateRemoteThread","DWROD",进程句柄,"int",0,"int",0,"DWROD",addr,"DWROD",0,"DWROD",0,"DWROD",0)
end
function W_GetCode()
W_GetCode = PublicCode
end
function W_HighAndLow(Value , n) //高低位互换,n的值为2/4/8
var tmp1 , tmp2 , i,LenStr
tmp1 = strright("0000000"& cstring(strformat("%x",Value)), n) //补位
LenStr=strlen(tmp1)
for(i = 0; i< LenStr / 2 ;i++)
tmp2 = tmp2 &strsub(tmp1, LenStr - 2 - 2 * i, LenStr -2 * i) //逆向排序
end//=======================================这里出错
return tmp2
end
function Leave()
PublicCode = PublicCode & "C9"
end
function Pushad()
PublicCode = PublicCode & "60"
end
function Popad()
PublicCode = PublicCode & "61"
end
function Nop()
PublicCode = PublicCode & "90"
end
function Ret()
PublicCode = PublicCode & "C3"
end
function Retn(i) //这个是新加的
PublicCode = PublicCode & "C2"& W_HighAndLow(i, 4)
end
function RetA(i )
PublicCode = PublicCode & W_HighAndLow(i, 4)
end
function IN_AL_DX()
PublicCode = PublicCode & "EC"
end
function TEST_EAX_EAX()
PublicCode = PublicCode & "85C0"
end
//'Add
//'&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&
function Add_EAX_EDX()
PublicCode = PublicCode & "03C2"
end
function Add_EBX_EAX()
PublicCode = PublicCode & "03D8"
end
function Add_EAX_DWORD_Ptr(i )
PublicCode = PublicCode & "0305" & W_HighAndLow(i, 8)
end
function Add_EBX_DWORD_Ptr(i )
PublicCode = PublicCode & "031D" & W_HighAndLow(i, 8)
end
function Add_EBP_DWORD_Ptr(i )
PublicCode = PublicCode & "032D" & W_HighAndLow(i, 8)
end
function Add_EAX(i )
PublicCode = PublicCode & "05" & W_HighAndLow(i, 8)
end
function Add_EBX(i )
PublicCode = PublicCode & "83C3" & W_HighAndLow(i, 8)
end
function Add_ECX(i )
PublicCode = PublicCode & "83C1" & W_HighAndLow(i, 8)
end
function Add_EDX(i )
PublicCode = PublicCode & "83C2" & W_HighAndLow(i, 8)
end
function Add_ESI(i )
PublicCode = PublicCode & "83C6" & W_HighAndLow(i, 8)
end
function Add_ESP(i )
PublicCode = PublicCode & "83C4" & W_HighAndLow(i, 8)
end
//'Call
//'&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&
function Call_EAX()
PublicCode = PublicCode & "FFD0"
end
function Call_EBX()
PublicCode = PublicCode & "FFD3"
end
function Call_ECX()
PublicCode = PublicCode & "FFD1"
end
function Call_EDX()
PublicCode = PublicCode & "FFD2"
end
function Call_ESI()
PublicCode = PublicCode & "FFD6"
end
function Call_ESP()
PublicCode = PublicCode & "FFD4"
end
function Call_EBP()
PublicCode = PublicCode & "FFD5"
end
function Call_EDI()
PublicCode = PublicCode & "FFD7"
end
function Call_DWORD_Ptr_Addr(i )
PublicCode = PublicCode & "FF15" & W_HighAndLow(i, 8)
end
//function Call_DWORD_Ptr_Value(i ) //这个是新加进去的,这个时候错误的
//PublicCode = PublicCode & "E8" & W_HighAndLow(i, 8)
//end
function Call_DWORD_Ptr_EAX()
PublicCode = PublicCode & "FF10"
end
function Call_DWORD_Ptr_EBX()
PublicCode = PublicCode & "FF13"
end
//'Cmp
//'&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&
function Cmp_EAX(i)
if ((i<= 255) && (i >= 0))
PublicCode = PublicCode & "83F8" & W_HighAndLow(i, 2)
else
PublicCode = PublicCode & "3D" & W_HighAndLow(i, 8)
end
end
function Cmp_EAX_EDX()
PublicCode = PublicCode & "3BC2"
end
function Cmp_EAX_DWORD_Ptr(i )
PublicCode = PublicCode & "3B05" & W_HighAndLow(i, 8)
end
function Cmp_DWORD_Ptr_EAX(i )
PublicCode = PublicCode & "3905" & W_HighAndLow(i, 8)
end
//'DEC
//'&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&
function Dec_EAX()
PublicCode = PublicCode & "48"
end
function Dec_EBX()
PublicCode = PublicCode & "4B"
end
function Dec_ECX()
PublicCode = PublicCode & "49"
end
function Dec_EDX()
PublicCode = PublicCode & "4A"
end
//'Idiv
//'&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&
function Idiv_EAX()
PublicCode = PublicCode & "F7F8"
end
function Idiv_EBX()
PublicCode = PublicCode & "F7FB"
end
function Idiv_ECX()
PublicCode = PublicCode & "F7F9"
end
function Idiv_EDX()
PublicCode = PublicCode & "F7FA"
end
//'Imul
//'&&&&&&&
//&&&&&&&&&&&&&&&&&&&&&&&&&&&&
function Imul_EAX_EDX()
PublicCode = PublicCode & "0FAFC2"
end
function Imul_EAX(i )
PublicCode = PublicCode & "6BC0" & W_HighAndLow(i, 2)
end
function ImulB_EAX(i )
PublicCode = PublicCode & "69C0" & W_HighAndLow(i, 8)
end
//'INC
//'&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&
function Inc_EAX()
PublicCode = PublicCode & "40"
end
function Inc_EBX()
PublicCode = PublicCode & "43"
end
function Inc_ECX()
PublicCode = PublicCode & "41"
end
function Inc_EDX()
PublicCode = PublicCode & "42"
end
function Inc_EDI()
PublicCode = PublicCode & "47"
end
function Inc_ESI()
PublicCode = PublicCode & "46"
end
function Inc_DWORD_Ptr_EAX()
PublicCode = PublicCode & "FF00"
end
function Inc_DWORD_Ptr_EBX()
PublicCode = PublicCode & "FF03"
end
function Inc_DWORD_Ptr_ECX()
PublicCode = PublicCode & "FF01"
end
function Inc_DWORD_Ptr_EDX()
PublicCode = PublicCode & "FF02"
end
//'JMP/JE/JNE
//'&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&
function JMP_EAX()
PublicCode = PublicCode & "FFE0"
end
//'Mov
function Mov_DWORD_Ptr_Addr_EAX(i)
PublicCode = PublicCode & "A3" & W_HighAndLow(i, 8)
end
function Mov_DWORD_Ptr_Addr_AL(i)
PublicCode = PublicCode & "A2" & W_HighAndLow(i, 8)
end
function Mov_DWORD_Ptr_Addr_AH(i)
PublicCode = PublicCode & "8825" & W_HighAndLow(i, 8)
end
function Mov_EAX_Value(i )
PublicCode = PublicCode & "B8" & W_HighAndLow(i, 8)
end
function Mov_EBX_Value(i )
PublicCode = PublicCode & "BB" & W_HighAndLow(i, 8)
end
function Mov_ECX_Value(i )
PublicCode = PublicCode & "B9" & W_HighAndLow(i, 8)
end
function Mov_EDX_Value(i )
PublicCode = PublicCode & "BA" & W_HighAndLow(i, 8)
end
function Mov_ESI_Value(i )
PublicCode = PublicCode & "BE" & W_HighAndLow(i, 8)
end
function Mov_ESP_Value(i )
PublicCode = PublicCode & "BC" & W_HighAndLow(i, 8)
end
function Mov_EBP_Value(i )
PublicCode = PublicCode & "BD" & W_HighAndLow(i, 8)
end
function Mov_EDI_Value(i )
PublicCode = PublicCode & "BF" & W_HighAndLow(i, 8)
end
function Mov_EBX_DWORD_Ptr(i )
PublicCode = PublicCode & "8B1D" & W_HighAndLow(i, 8)
end
function Mov_ECX_DWORD_Ptr_Addr(i )
PublicCode = PublicCode & "8B0D" & W_HighAndLow(i, 8)
end
function Mov_EAX_DWORD_Ptr_Addr(i )
PublicCode = PublicCode & "A1" & W_HighAndLow(i, 8)
end
function Mov_EDX_DWORD_Ptr_Addr(i )
PublicCode = PublicCode & "8B15" & W_HighAndLow(i, 8)
end
function Mov_ESI_DWORD_Ptr_Addr(i )
PublicCode = PublicCode & "8B35" & W_HighAndLow(i, 8)
end
function Mov_ESP_DWORD_Ptr_Addr(i )
PublicCode = PublicCode & "8B25" & W_HighAndLow(i, 8)
end
function Mov_EBP_DWORD_Ptr_Addr(i )
PublicCode = PublicCode & "8B2D" & W_HighAndLow(i, 8)
end
function Mov_EAX_DWORD_Ptr_EAX()
PublicCode = PublicCode & "8B00"
end
function Mov_EAX_DWORD_Ptr_EBP()
PublicCode = PublicCode & "8B4500"
end
function Mov_EAX_DWORD_Ptr_EBX()
PublicCode = PublicCode & "8B03"
end
function Mov_EAX_DWORD_Ptr_ECX()
PublicCode = PublicCode & "8B01"
end
function Mov_EAX_DWORD_Ptr_EDX()
PublicCode = PublicCode & "8B02"
end
function Mov_EAX_DWORD_Ptr_EDI()
PublicCode = PublicCode & "8B07"
end
function Mov_EAX_DWORD_Ptr_ESP()
PublicCode = PublicCode & "8B0424"
end
function Mov_EAX_DWORD_Ptr_ESI()
PublicCode = PublicCode & "8B06"
end
function Mov_EAX_DWORD_Ptr_EAX_Add(i )
if ((i<= 255) && (i>= 0))
PublicCode = PublicCode & "8B40" & W_HighAndLow(i, 2)
else
PublicCode = PublicCode & "8B80" & W_HighAndLow(i, 8)
end
end
function Mov_EAX_DWORD_Ptr_ESP_Add(i )
if ((i<= 255) && (i>= 0))
PublicCode = PublicCode & "8B4424" & W_HighAndLow(i, 2)
else
PublicCode = PublicCode & "8B8424" & W_HighAndLow(i, 8)
end
end
function Mov_EAX_DWORD_Ptr_EBX_Add(i )
if ((i<= 255) && (i>= 0))
PublicCode = PublicCode & "8B43" & W_HighAndLow(i, 2)
else
PublicCode = PublicCode & "8B83" & W_HighAndLow(i, 8)
end
end
function Mov_EAX_DWORD_Ptr_ECX_Add(i )
if ((i<= 255) && (i>= 0))
PublicCode = PublicCode & "8B41" & W_HighAndLow(i, 2)
else
PublicCode = PublicCode & "8B81" & W_HighAndLow(i, 8)
end
end
function Mov_EAX_DWORD_Ptr_EDX_Add(i )
if ((i<= 255) && (i>= 0))
PublicCode = PublicCode & "8B42" & W_HighAndLow(i, 2)
else
PublicCode = PublicCode & "8B82" & W_HighAndLow(i, 8)
end
end
function Mov_EAX_DWORD_Ptr_EDI_Add(i )
if ((i<= 255) && (i>= 0))
PublicCode = PublicCode & "8B47" & W_HighAndLow(i, 2)
else
PublicCode = PublicCode & "8B87" & W_HighAndLow(i, 8)
end
end
function Mov_EAX_DWORD_Ptr_EBP_Add(i )
if ((i<= 255) && (i>= 0))
PublicCode = PublicCode & "8B45" & W_HighAndLow(i, 2)
else
PublicCode = PublicCode & "8B85" & W_HighAndLow(i, 8)
end
end
function Mov_EAX_DWORD_Ptr_ESI_Add(i )
if ((i<= 255) && (i>= 0))
PublicCode = PublicCode & "8B46" & W_HighAndLow(i, 2)
else
PublicCode = PublicCode & "8B86" & W_HighAndLow(i, 8)
end
end
function Mov_EBX_DWORD_Ptr_EAX_Add(i )
if ((i<= 255) && (i>= 0))
PublicCode = PublicCode & "8B58" & W_HighAndLow(i, 2)
else
PublicCode = PublicCode & "8B98" & W_HighAndLow(i, 8)
end
end
function Mov_EBX_DWORD_Ptr_ESP_Add(i )
if ((i<= 255) && (i>= 0))
PublicCode = PublicCode & "8B5C24" & W_HighAndLow(i, 2)
else
PublicCode = PublicCode & "8B9C24" & W_HighAndLow(i, 8)
end
end
function Mov_EBX_DWORD_Ptr_EBX_Add(i )
if ((i<= 255) && (i>= 0))
PublicCode = PublicCode & "8B5B" & W_HighAndLow(i, 2)
else
PublicCode = PublicCode & "8B9B" & W_HighAndLow(i, 8)
end
end
function Mov_EBX_DWORD_Ptr_ECX_Add(i )
if ((i<= 255) && (i>= 0))
PublicCode = PublicCode & "8B59" & W_HighAndLow(i, 2)
else
PublicCode = PublicCode & "8B99" & W_HighAndLow(i, 8)
end
end
function Mov_EBX_DWORD_Ptr_EDX_Add(i )
if ((i<= 255) && (i>= 0))
PublicCode = PublicCode & "8B5A" & W_HighAndLow(i, 2)
else
PublicCode = PublicCode & "8B9A" & W_HighAndLow(i, 8)
end
end
function Mov_EBX_DWORD_Ptr_EDI_Add(i )
if ((i<= 255) && (i>= 0))
PublicCode = PublicCode & "8B5F" & W_HighAndLow(i, 2)
else
PublicCode = PublicCode & "8B9F" & W_HighAndLow(i, 8)
end
end
function Mov_EBX_DWORD_Ptr_EBP_Add(i )
if ((i<= 255) && (i>= 0))
PublicCode = PublicCode & "8B5D" & W_HighAndLow(i, 2)
else
PublicCode = PublicCode & "8B9D" & W_HighAndLow(i, 8)
end
end
function Mov_EBX_DWORD_Ptr_ESI_Add(i )
if ((i<= 255) && (i>= 0))
PublicCode = PublicCode & "8B5E" & W_HighAndLow(i, 2)
else
PublicCode = PublicCode & "8B9E" & W_HighAndLow(i, 8)
end
end
function Mov_ECX_DWORD_Ptr_EAX_Add(i) //这里出错过
if ((i<= 255) && (i>= 0))
PublicCode = PublicCode & "8B48" & W_HighAndLow(i, 2)
else
PublicCode = PublicCode & "8B88" & W_HighAndLow(i, 8)
end
end
function Mov_ECX_DWORD_Ptr_ESP_Add(i )
if ((i<= 255) && (i>= 0))
PublicCode = PublicCode & "8B4C24" & W_HighAndLow(i, 2)
else
PublicCode = PublicCode & "8B8C24" & W_HighAndLow(i, 8)
end
end
function Mov_ECX_DWORD_Ptr_EBX_Add(i )
if ((i<= 255) && (i>= 0))
PublicCode = PublicCode & "8B4B" & W_HighAndLow(i, 2)
else
PublicCode = PublicCode & "8B8B" & W_HighAndLow(i, 8)
end
end
function Mov_ECX_DWORD_Ptr_ECX_Add(i )
if ((i<= 255) && (i>= 0))
PublicCode = PublicCode & "8B49" & W_HighAndLow(i, 2)
else
PublicCode = PublicCode & "8B89" & W_HighAndLow(i, 8)
end
end
function Mov_ECX_DWORD_Ptr_EDX_Add(i )
if ((i<= 255) && (i>= 0))
PublicCode = PublicCode & "8B4A" & W_HighAndLow(i, 2)
else
PublicCode = PublicCode & "8B8A" & W_HighAndLow(i, 8)
end
end
function Mov_ECX_DWORD_Ptr_EDI_Add(i )
if ((i<= 255) && (i>= 0))
PublicCode = PublicCode & "8B4F" & W_HighAndLow(i, 2)
else
PublicCode = PublicCode & "8B8F" & W_HighAndLow(i, 8)
end
end
function Mov_ECX_DWORD_Ptr_EBP_Add(i )
if ((i<= 255) && (i>= 0))
PublicCode = PublicCode & "8B4D" & W_HighAndLow(i, 2)
else
PublicCode = PublicCode & "8B8D" & W_HighAndLow(i, 8)
end
end
function Mov_ECX_DWORD_Ptr_ESI_Add(i )
if ((i<= 255) && (i>= 0))
PublicCode = PublicCode & "8B4E" & W_HighAndLow(i, 2)
else
PublicCode = PublicCode & "8B8E" & W_HighAndLow(i, 8)
end
end
function Mov_EDX_DWORD_Ptr_EAX_Add(i )
if ((i<= 255) && (i>= 0))
PublicCode = PublicCode & "8B50" & W_HighAndLow(i, 2)
else
PublicCode = PublicCode & "8B90" & W_HighAndLow(i, 8)
end
end
function Mov_EDX_DWORD_Ptr_ESP_Add(i )
if ((i<= 255) && (i>= 0))
PublicCode = PublicCode & "8B5424" & W_HighAndLow(i, 2)
else
PublicCode = PublicCode & "8B9424" & W_HighAndLow(i, 8)
end
end
function Mov_EDX_DWORD_Ptr_EBX_Add(i)
if ((i<= 255) && (i>= 0))
PublicCode = PublicCode & "8B53" & W_HighAndLow(i, 2)
else
PublicCode = PublicCode & "8B93" & W_HighAndLow(i, 8 ) //这里出错过
end
end
function Mov_EDX_DWORD_Ptr_ECX_Add(i )
if ((i<= 255) && (i>= 0))
PublicCode = PublicCode & "8B51" & W_HighAndLow(i, 2)
else
PublicCode = PublicCode & "8B91" & W_HighAndLow(i, 8)
end
end
function Mov_EDX_DWORD_Ptr_EDX_Add(i )
if ((i<= 255) && (i>= 0))
PublicCode = PublicCode & "8B52" & W_HighAndLow(i, 2)
else
PublicCode = PublicCode & "8B92" & W_HighAndLow(i, 8)
end
end
function Mov_EDX_DWORD_Ptr_EDI_Add(i )
if ((i<= 255) && (i>= 0))
PublicCode = PublicCode & "8B57" & W_HighAndLow(i, 2)
else
PublicCode = PublicCode & "8B97" & W_HighAndLow(i, 8)
end
end
function Mov_EDX_DWORD_Ptr_EBP_Add(i )
if ((i<= 255) && (i>= 0))
PublicCode = PublicCode & "8B55" & W_HighAndLow(i, 2)
else
PublicCode = PublicCode & "8B95" & W_HighAndLow(i, 8)
end
end
function Mov_EDX_DWORD_Ptr_ESI_Add(i )
if ((i<= 255) && (i>= 0))
PublicCode = PublicCode & "8B56" & W_HighAndLow(i, 2)
else
PublicCode = PublicCode & "8B96" & W_HighAndLow(i, 8)
end
end
function Mov_EBX_DWORD_Ptr_EAX()
PublicCode = PublicCode & "8B18"
end
function Mov_EBX_DWORD_Ptr_EBP()
PublicCode = PublicCode & "8B5D00"
end
function Mov_EBX_DWORD_Ptr_EBX()
PublicCode = PublicCode & "8B1B"
end
function Mov_EBX_DWORD_Ptr_ECX()
PublicCode = PublicCode & "8B19"
end
function Mov_EBX_DWORD_Ptr_EDX()
PublicCode = PublicCode & "8B1A"
end
function Mov_EBX_DWORD_Ptr_EDI()
PublicCode = PublicCode & "8B1F"
end
function Mov_EBX_DWORD_Ptr_ESP()
PublicCode = PublicCode & "8B1C24"
end
function Mov_EBX_DWORD_Ptr_ESI()
PublicCode = PublicCode & "8B1E"
end
function Mov_ECX_DWORD_Ptr_EAX()
PublicCode = PublicCode & "8B08"
end
function Mov_ECX_DWORD_Ptr_EBP()
PublicCode = PublicCode & "8B4D00"
end
function Mov_ECX_DWORD_Ptr_EBX()
PublicCode = PublicCode & "8B0B"
end
function Mov_ECX_DWORD_Ptr_ECX()
PublicCode = PublicCode & "8B09"
end
function Mov_ECX_DWORD_Ptr_EDX()
PublicCode = PublicCode & "8B0A"
end
function Mov_ECX_DWORD_Ptr_EDI()
PublicCode = PublicCode & "8B0F"
end
function Mov_ECX_DWORD_Ptr_ESP()
PublicCode = PublicCode & "8B0C24"
end
function Mov_ECX_DWORD_Ptr_ESI()
PublicCode = PublicCode & "8B0E"
end
function Mov_EDX_DWORD_Ptr_EAX()
PublicCode = PublicCode & "8B10"
end
function Mov_EDX_DWORD_Ptr_EBP()
PublicCode = PublicCode & "8B5500"
end
function Mov_EDX_DWORD_Ptr_EBX()
PublicCode = PublicCode & "8B13"
end
function Mov_EDX_DWORD_Ptr_ECX()
PublicCode = PublicCode & "8B11"
end
function Mov_EDX_DWORD_Ptr_EDX()
PublicCode = PublicCode & "8B12"
end
function Mov_EDX_DWORD_Ptr_EDI()
PublicCode = PublicCode & "8B17"
end
function Mov_EDX_DWORD_Ptr_ESI()
PublicCode = PublicCode & "8B16"
end
function Mov_EDX_DWORD_Ptr_ESP()
PublicCode = PublicCode & "8B1424"
end
function Mov_EAX_EBP()
PublicCode = PublicCode & "8BC5"
end
function Mov_EAX_EBX()
PublicCode = PublicCode & "8BC3"
end
function Mov_EAX_ECX()
PublicCode = PublicCode & "8BC1"
end
function Mov_EAX_EDI()
PublicCode = PublicCode & "8BC7"
end
function Mov_EAX_EDX()
PublicCode = PublicCode & "8BC2"
end
function Mov_EAX_ESI()
PublicCode = PublicCode & "8BC6"
end
function Mov_EAX_ESP()
PublicCode = PublicCode & "8BC4"
end
function Mov_EBX_EBP()
PublicCode = PublicCode & "8BDD"
end
function Mov_EBX_EAX()
PublicCode = PublicCode & "8BD8"
end
function Mov_EBX_ECX()
PublicCode = PublicCode & "8BD9"
end
function Mov_EBX_EDI()
PublicCode = PublicCode & "8BDF"
end
function Mov_EBX_EDX()
PublicCode = PublicCode & "8BDA"
end
function Mov_EBX_ESI()
PublicCode = PublicCode & "8BDE"
end
function Mov_EBX_ESP()
PublicCode = PublicCode & "8BDC"
end
function Mov_ECX_EBP()
PublicCode = PublicCode & "8BCD"
end
function Mov_ECX_EAX()
PublicCode = PublicCode & "8BC8"
end
function Mov_ECX_EBX()
PublicCode = PublicCode & "8BCB"
end
function Mov_ECX_EDI()
PublicCode = PublicCode & "8BCF"
end
function Mov_ECX_EDX()
PublicCode = PublicCode & "8BCA"
end
function Mov_ECX_ESI()
PublicCode = PublicCode & "8BCE"
end
function Mov_ECX_ESP()
PublicCode = PublicCode & "8BCC"
end
function Mov_EDX_EBP()
PublicCode = PublicCode & "8BD5"
end
function Mov_EDX_EBX()
PublicCode = PublicCode & "8BD3"
end
function Mov_EDX_ECX()
PublicCode = PublicCode & "8BD1"
end
function Mov_EDX_EDI()
PublicCode = PublicCode & "8BD7"
end
function Mov_EDX_EAX()
PublicCode = PublicCode & "8BD0"
end
function Mov_EDX_ESI()
PublicCode = PublicCode & "8BD6"
end
function Mov_EDX_ESP()
PublicCode = PublicCode & "8BD4"
end
function Mov_ESI_EBP()
PublicCode = PublicCode & "8BF5"
end
function Mov_ESI_EBX()
PublicCode = PublicCode & "8BF3"
end
function Mov_ESI_ECX()
PublicCode = PublicCode & "8BF1"
end
function Mov_ESI_EDI()
PublicCode = PublicCode & "8BF7"
end
function Mov_ESI_EAX()
PublicCode = PublicCode & "8BF0"
end
function Mov_ESI_EDX()
PublicCode = PublicCode & "8BF2"
end
function Mov_ESI_ESP()
PublicCode = PublicCode & "8BF4"
end
function Mov_ESP_EBP()
PublicCode = PublicCode & "8BE5"
end
function Mov_ESP_EBX()
PublicCode = PublicCode & "8BE3"
end
function Mov_ESP_ECX()
PublicCode = PublicCode & "8BE1"
end
function Mov_ESP_EDI()
PublicCode = PublicCode & "8BE7"
end
function Mov_ESP_EAX()
PublicCode = PublicCode & "8BE0"
end
function Mov_ESP_EDX()
PublicCode = PublicCode & "8BE2"
end
function Mov_ESP_ESI()
PublicCode = PublicCode & "8BE6"
end
function Mov_EDI_EBP()
PublicCode = PublicCode & "8BFD"
end
function Mov_EDI_EAX()
PublicCode = PublicCode & "8BF8"
end
function Mov_EDI_EBX()
PublicCode = PublicCode & "8BFB"
end
function Mov_EDI_ECX()
PublicCode = PublicCode & "8BF9"
end
function Mov_EDI_EDX()
PublicCode = PublicCode & "8BFA"
end
function Mov_EDI_ESI()
PublicCode = PublicCode & "8BFE"
end
function Mov_EDI_ESP()
PublicCode = PublicCode & "8BFC"
end
function Mov_EBP_EDI()
PublicCode = PublicCode & "8BDF"
end
function Mov_EBP_EAX()
PublicCode = PublicCode & "8BE8"
end
function Mov_EBP_EBX()
PublicCode = PublicCode & "8BEB"
end
function Mov_EBP_ECX()
PublicCode = PublicCode & "8BE9"
end
function Mov_EBP_EDX()
PublicCode = PublicCode & "8BEA"
end
function Mov_EBP_ESI()
PublicCode = PublicCode & "8BEE"
end
function Mov_EBP_ESP()
PublicCode = PublicCode & "8BEC"
end
//'Push
//'&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&
function Push(i)
if ((i<= 255) && (i>= 0))
PublicCode = PublicCode & "6A" & W_HighAndLow(i, 2)
else
PublicCode = PublicCode & "68" & W_HighAndLow(i, 8)
end
end
function Push_DWORD_Ptr_Addr(i )
PublicCode = PublicCode & "FF35" & W_HighAndLow(i, 8)
end
function Push_EAX()
PublicCode = PublicCode & "50"
end
function Push_ECX()
PublicCode = PublicCode & "51"
end
function Push_EDX()
PublicCode = PublicCode & "52"
end
function Push_EBX()
PublicCode = PublicCode & "53"
end
function Push_ESP()
PublicCode = PublicCode & "54"
end
function Push_EBP()
PublicCode = PublicCode & "55"
end
function Push_ESI()
PublicCode = PublicCode & "56"
end
function Push_EDI()
PublicCode = PublicCode & "57"
end
//'LEA
function Lea_EAX_DWORD_Ptr_EAX_Add(i )
if ((i<= 255) && (i>= 0))
PublicCode = PublicCode & "8D40" & W_HighAndLow(i, 2)
else
PublicCode = PublicCode & "8D80" & W_HighAndLow(i, 8)
end
end
function Lea_EAX_DWORD_Ptr_EBX_Add(i )
if ((i<= 255) && (i>= 0))
PublicCode = PublicCode & "8D43" & W_HighAndLow(i, 2)
else
PublicCode = PublicCode & "8D83" & W_HighAndLow(i, 8)
end
end
function Lea_EAX_DWORD_Ptr_ECX_Add(i )
if ((i<= 255) && (i>= 0))
PublicCode = PublicCode & "8D41" & W_HighAndLow(i, 2)
else
PublicCode = PublicCode & "8D81" & W_HighAndLow(i, 8)
end
end
function Lea_EAX_DWORD_Ptr_EDX_Add(i )
if ((i<= 255) && (i>= 0))
PublicCode = PublicCode & "8D42" & W_HighAndLow(i, 2)
else
PublicCode = PublicCode & "8D82" & W_HighAndLow(i, 8)
end
end
function Lea_EAX_DWORD_Ptr_ESI_Add(i )
if ((i<= 255) && (i>= 0))
PublicCode = PublicCode & "8D46" & W_HighAndLow(i, 2)
else
PublicCode = PublicCode & "8D86" & W_HighAndLow(i, 8)
end
end
function Lea_EAX_DWORD_Ptr_ESP_Add(i )
if ((i<= 255) && (i>= 0))
PublicCode = PublicCode & "8D40" & W_HighAndLow(i, 2)
else
PublicCode = PublicCode & "8D80" & W_HighAndLow(i, 8)
end
end
function Lea_EAX_DWORD_Ptr_EBP_Add(i )
if ((i<= 255) && (i>= 0))
PublicCode = PublicCode & "8D4424" & W_HighAndLow(i, 2)
else
PublicCode = PublicCode & "8D8424" & W_HighAndLow(i, 8)
end
end
function Lea_EAX_DWORD_Ptr_EDI_Add(i )
if ((i<= 255) && (i>= 0))
PublicCode = PublicCode & "8D47" & W_HighAndLow(i, 2)
else
PublicCode = PublicCode & "8D87" & W_HighAndLow(i, 8)
end
end
function Lea_EBX_DWORD_Ptr_EAX_Add(i )
if ((i<= 255) && (i>= 0))
PublicCode = PublicCode & "8D58" & W_HighAndLow(i, 2)
else
PublicCode = PublicCode & "8D98" & W_HighAndLow(i, 8)
end
end
function Lea_EBX_DWORD_Ptr_ESP_Add(i )
if ((i<= 255) && (i>= 0))
PublicCode = PublicCode & "8D5C24" & W_HighAndLow(i, 2)
else
PublicCode = PublicCode & "8D9C24" & W_HighAndLow(i, 8)
end
end
function Lea_EBX_DWORD_Ptr_EBX_Add(i )
if ((i<= 255) && (i>= 0))
PublicCode = PublicCode & "8D5B" & W_HighAndLow(i, 2)
else
PublicCode = PublicCode & "8D9B" & W_HighAndLow(i, 8)
end
end
function Lea_EBX_DWORD_Ptr_ECX_Add(i )
if ((i<= 255) && (i>= 0))
PublicCode = PublicCode & "8D59" & W_HighAndLow(i, 2)
else
PublicCode = PublicCode & "8D99" & W_HighAndLow(i, 8)
end
end
function Lea_EBX_DWORD_Ptr_EDX_Add(i )
if ((i<= 255) && (i>= 0))
PublicCode = PublicCode & "8D5A" & W_HighAndLow(i, 2)
else
PublicCode = PublicCode & "8D9A" & W_HighAndLow(i, 8)
end
end
function Lea_EBX_DWORD_Ptr_EDI_Add(i )
if ((i<= 255) && (i>= 0))
PublicCode = PublicCode & "8D5F" & W_HighAndLow(i, 2)
else
PublicCode = PublicCode & "8D9F" & W_HighAndLow(i, 8)
end
end
function Lea_EBX_DWORD_Ptr_EBP_Add(i )
if ((i<= 255) && (i>= 0))
PublicCode = PublicCode & "8D5D" & W_HighAndLow(i, 2)
else
PublicCode = PublicCode & "8D9D" & W_HighAndLow(i, 8)
end
end
function Lea_EBX_DWORD_Ptr_ESI_Add(i )
if ((i<= 255) && (i>= 0))
PublicCode = PublicCode & "8D5E" & W_HighAndLow(i, 2)
else
PublicCode = PublicCode & "8D9E" & W_HighAndLow(i, 8)
end
end
function Lea_ECX_DWORD_Ptr_EAX_Add(i )
if ((i<= 255) && (i>= 0))
PublicCode = PublicCode & "8D48" & W_HighAndLow(i, 2)
else
PublicCode = PublicCode & "8D88" & W_HighAndLow(i, 8)
end
end
function Lea_ECX_DWORD_Ptr_ESP_Add(i )
if ((i<= 255) && (i>= 0))
PublicCode = PublicCode & "8D4C24" & W_HighAndLow(i, 2)
else
PublicCode = PublicCode & "8D8C24" & W_HighAndLow(i, 8)
end
end
function Lea_ECX_DWORD_Ptr_EBX_Add(i )
if ((i<= 255) && (i>= 0))
PublicCode = PublicCode & "8D4B" & W_HighAndLow(i, 2)
else
PublicCode = PublicCode & "8D8B" & W_HighAndLow(i, 8)
end
end
function Lea_ECX_DWORD_Ptr_ECX_Add(i )
if ((i<= 255) && (i>= 0))
PublicCode = PublicCode & "8D49" & W_HighAndLow(i, 2)
else
PublicCode = PublicCode & "8D89" & W_HighAndLow(i, 8)
end
end
function Lea_ECX_DWORD_Ptr_EDX_Add(i )
if ((i<= 255) && (i>= 0))
PublicCode = PublicCode & "8D4A" & W_HighAndLow(i, 2)
else
PublicCode = PublicCode & "8D8A" & W_HighAndLow(i, 8)
end
end
function Lea_ECX_DWORD_Ptr_EDI_Add(i )
if ((i<= 255) && (i>= 0))
PublicCode = PublicCode & "8D4F" & W_HighAndLow(i, 2)
else
PublicCode = PublicCode & "8D8F" & W_HighAndLow(i, 8)
end
end
function Lea_ECX_DWORD_Ptr_EBP_Add(i )
if ((i<= 255) && (i>= 0))
PublicCode = PublicCode & "8D4D" & W_HighAndLow(i, 2)
else
PublicCode = PublicCode & "8D8D" & W_HighAndLow(i, 8)
end
end
function Lea_ECX_DWORD_Ptr_ESI_Add(i )
if ((i<= 255) && (i>= 0))
PublicCode = PublicCode & "8D4E" & W_HighAndLow(i, 2)
else
PublicCode = PublicCode & "8D8E" & W_HighAndLow(i, 8)
end
end
function Lea_EDX_DWORD_Ptr_EAX_Add(i )
if ((i<= 255) && (i>= 0))
PublicCode = PublicCode & "8D50" & W_HighAndLow(i, 2)
else
PublicCode = PublicCode & "8D90" & W_HighAndLow(i, 8)
end
end
function Lea_EDX_DWORD_Ptr_ESP_Add(i )
if ((i<= 255) && (i>= 0))
PublicCode = PublicCode & "8D5424" & W_HighAndLow(i, 2)
else
PublicCode = PublicCode & "8D9424" & W_HighAndLow(i, 8)
end
end
function Lea_EDX_DWORD_Ptr_EBX_Add(i )
if ((i<= 255) && (i>= 0))
PublicCode = PublicCode & "8D53" & W_HighAndLow(i, 2)
else
PublicCode = PublicCode & "8D93" & W_HighAndLow(i, 8)
end
end
function Lea_EDX_DWORD_Ptr_ECX_Add(i )
if ((i<= 255) && (i>= 0))
PublicCode = PublicCode & "8D51" & W_HighAndLow(i, 2)
else
PublicCode = PublicCode & "8D91" & W_HighAndLow(i, 8)
end
end
function Lea_EDX_DWORD_Ptr_EDX_Add(i )
if ((i<= 255) && (i>= 0))
PublicCode = PublicCode & "8D52" & W_HighAndLow(i, 2)
else
PublicCode = PublicCode & "8D92" & W_HighAndLow(i, 8)
end
end
function Lea_EDX_DWORD_Ptr_EDI_Add(i )
if ((i<= 255) && (i>= 0))
PublicCode = PublicCode & "8D57" & W_HighAndLow(i, 2)
else
PublicCode = PublicCode & "8D97" & W_HighAndLow(i, 8)
end
end
function Lea_EDX_DWORD_Ptr_EBP_Add(i )
if ((i<= 255) && (i>= 0))
PublicCode = PublicCode & "8D55" & W_HighAndLow(i, 2)
else
PublicCode = PublicCode & "8D95" & W_HighAndLow(i, 8)
end
end
function Lea_EDX_DWORD_Ptr_ESI_Add(i )
if ((i<= 255) && (i>= 0))
PublicCode = PublicCode & "8D56" & W_HighAndLow(i, 2)
else
PublicCode = PublicCode & "8D96" & W_HighAndLow(i, 8)
end
end
function Pop_EAX()
PublicCode = PublicCode & "58"
end
function Pop_EBX()
PublicCode = PublicCode & "5B"
end
function Pop_ECX()
PublicCode = PublicCode & "59"
end
function Pop_EDX()
PublicCode = PublicCode & "5A"
end
function Pop_ESI()
PublicCode = PublicCode & "5E"
end
function Pop_ESP()
PublicCode = PublicCode & "5C"
end
function Pop_EDI()
PublicCode = PublicCode & "5F"
end
function Pop_EBP()
PublicCode = PublicCode & "5D"
end
复制代码
作者:
剑仙十号
时间:
2017-8-30 11:06
把全部的汇编命令,都写出来,确实不易。
C++有反汇编引擎,百度搜索“反汇编引擎”,
直接把字符串格式的汇编代码,变成可执行的汇编代码,这样会轻松很多。
作者:
剑仙十号
时间:
2017-8-30 11:07
这个贴子还是很赞。值得学习。
作者:
爱上老公
时间:
2017-8-30 12:50
这个要顶
作者:
luxinwen
时间:
2017-9-3 00:00
必须支持,非常感谢
欢迎光临 TC官方合作论坛 (http://bbs.52tc.co/)
Powered by Discuz! X3.1