Hi
I have found a fasm source an have a problem with add this file to my project
_Lib file 'test.dat'
_libproc1 = _Lib + 9158h
Must i add this file as hex?
Looks like the equivalent of GetProcAddress. Can you load it into memory, point a reg to the offset, and see through Olly what happens if you do a jmp eax?
Hi
No This crash in my masm source after compile
Here is a dissa.. code from this
push 185C8h ;---------- _size
push offset dword_40A270 ;-----------My_file
push GetProcAddress
push GetModuleHandleA
call sub_40A158 ;-----------_libproc1
I Understand not correct this source
Here is the fasm source
push _size My_file [GetProcAddress][GetModuleHandle]
call _libproc1
Quote from: ragdog on April 11, 2010, 08:57:28 PM
Hi
No This crash in my masm source after compile
Here is a dissa.. code from this
push 185C8h ;---------- _size
push offset dword_40A270 ;-----------My_file
push GetProcAddress
push GetModuleHandleA
call sub_40A158 ;-----------_libproc1
I Understand not correct this source
Here is the fasm source
push _size My_file [GetProcAddress][GetModuleHandle]
call _libproc1
Is this for API hooking or code injection ? It looks like it anyway, passing the addresses to those 2 particular functions and the base and size of a PE file (since it obviously has exports it must be a PE) is a bit suspect. Anyway it looks suspicious to me...
Edgar
QuoteIs this for API hooking or code injection ?
No!!
'test.dat' is a memory dump of a dll
The snippets your are showing make no sense - give us more code
apparently, test.dat is a ".LIB" file ???
at offset 9158h in that file is a proc ?
does the proc have a name ?
Ok i have it solved with a other way dll2lib tool
Thanks
Now have i a other with this macro to encrypt
macro encrypt dstart,dsize {
local ..char,..key,..shift
..key = 0FFh
repeat dsize
load ..char from dstart+%-1
..char = ..char xor ..key
store ..char at dstart+%-1
..shift = ..char and 03h
..key = ((..key shr ..shift) and 0FFh) + ((..key shl (08-..shift)) and 0FFh)
..key = ..key xor 0AAh
..shift = (..char shr 4) and 03h
..key = ((..key shr ..shift) and 0FFh) + ((..key shl (08-..shift)) and 0FFh)
..key = (..key + ..char) and 0FFh
end repeat
}
Can any translate it please to masm32 ?
Memory dll's, code encryption... Very dangerous questions on this board...
HR,
Ghandi
Quote from: ragdog on April 25, 2010, 11:57:14 AM
Can any translate it please to masm32 ?
no, there is no equivalent to fasm's
load and
store directives in masm. You must use an external tool for encrypting your code/data.
No Ghandi ::)
This if not for dll encyption or anything.
use an external tool for encrypting your code/data.?
No this fasm source works without any external tool
This looks suspiciouse indeed and the OP failed to answer two questions about the purpose of this code.
Locked.