This works actually:
include \masm32\include\masm32rt.inc
.code
RealProc proc p1:DWORD
print str$(p1), " was passed", 13, 10
ret
RealProc endp
FakeProc proc
LOCAL buffer[1024]:BYTE
LOCAL MyVar:DWORD
start::
mov MyVar, 123456
invoke RealProc, MyVar
inkey "That was cute...!"
exit
FakeProc endp
end start
It even exits with code 0, as foreseen. However, Olly leaves some doubt about the reliability of this code - check where the "LOCAL" MyVar sits... the add esp, -404 happens before the module entry point ::)
RealProc /$ 55 push ebp
00401001 |. 8BEC mov ebp, esp
00401003 |. 68 00304000 push offset ??0019
00401008 |. FF75 08 push dword ptr [ebp+8]
0040100B |. E8 60000000 call dwtoa
00401010 |. 68 00304000 push offset ??0019 ; /Arg1 = 00403000
00401015 |. E8 BE000000 call StdOut ; \StdOut
0040101A |. 68 14304000 push offset ??001B ; /Arg1 = 00403014 ASCII " was passed",CR,LF,""
0040101F |. E8 B4000000 call StdOut ; \StdOut
00401024 |. C9 leave
00401025 \. C2 0400 retn 4
FakeProc 55 push ebp
00401029 8BEC mov ebp, esp
0040102B 81C4 FCFBFFFF add esp, -404
<ModuleEn>/$ C785 FCFBFFFF 40E20100 mov dword ptr [ebp-404], 1E240
0040103B |. FFB5 FCFBFFFF push dword ptr [ebp-404]
00401041 |. E8 BAFFFFFF call RealProc
00401046 |. 68 22304000 push offset ??001C ; /Arg1 = 00403022 ASCII "That was cute...!"
0040104B |. E8 88000000 call StdOut ; \StdOut
00401050 |. E8 BB000000 call wait_key
00401055 |. 68 34304000 push offset ??001D ; /Arg1 = 00403034 ASCII CR,LF,""
0040105A |. E8 79000000 call StdOut ; \StdOut
0040105F |. 6A 00 push 0 ; /ExitCode = 0
00401061 \. E8 4C010000 call ExitProcess ; \ExitProcess
In this example FakeProc works like the Main.
Any idea when coding this way could be useful?
Frank
Quote from: jj2007 on November 17, 2010, 09:55:02 PM
This works actually:
include \masm32\include\masm32rt.inc
.code
RealProc proc p1:DWORD
print str$(p1), " was passed", 13, 10
ret
RealProc endp
FakeProc proc
LOCAL buffer[1024]:BYTE
LOCAL MyVar:DWORD
start::
mov MyVar, 123456
invoke RealProc, MyVar
inkey "That was cute...!"
exit
FakeProc endp
end start
It even exits with code 0, as foreseen. However, Olly leaves some doubt about the reliability of this code - check where the "LOCAL" MyVar sits... the add esp, -404 happens before the module entry point ::)
RealProc /$ 55 push ebp
00401001 |. 8BEC mov ebp, esp
00401003 |. 68 00304000 push offset ??0019
00401008 |. FF75 08 push dword ptr [ebp+8]
0040100B |. E8 60000000 call dwtoa
00401010 |. 68 00304000 push offset ??0019 ; /Arg1 = 00403000
00401015 |. E8 BE000000 call StdOut ; \StdOut
0040101A |. 68 14304000 push offset ??001B ; /Arg1 = 00403014 ASCII " was passed",CR,LF,""
0040101F |. E8 B4000000 call StdOut ; \StdOut
00401024 |. C9 leave
00401025 \. C2 0400 retn 4
FakeProc 55 push ebp
00401029 8BEC mov ebp, esp
0040102B 81C4 FCFBFFFF add esp, -404
<ModuleEn>/$ C785 FCFBFFFF 40E20100 mov dword ptr [ebp-404], 1E240
0040103B |. FFB5 FCFBFFFF push dword ptr [ebp-404]
00401041 |. E8 BAFFFFFF call RealProc
00401046 |. 68 22304000 push offset ??001C ; /Arg1 = 00403022 ASCII "That was cute...!"
0040104B |. E8 88000000 call StdOut ; \StdOut
00401050 |. E8 BB000000 call wait_key
00401055 |. 68 34304000 push offset ??001D ; /Arg1 = 00403034 ASCII CR,LF,""
0040105A |. E8 79000000 call StdOut ; \StdOut
0040105F |. 6A 00 push 0 ; /ExitCode = 0
00401061 \. E8 4C010000 call ExitProcess ; \ExitProcess
For which is needed such original code? Of course, reliability of this code is zero.
Program exits properly with code 0 because it is forced to exit by ExitProcess - it never return to the code which can use trashed stack data.
But fact that this program work on your system without crash don't say anything - on other system this can be (and will be 50/50) crashed.
For example, if EBP point to read-only place (FPO stack frame), or to place whith is not exist (not commited or in kernel range).
Alex
Indirect addressing adds tons of fun to those folks that want to play with your compiled binaries. make a global label "label::", store its offset in a lookup table then either jump to it or call that indirect address. Most disassemblers will not find the procedure you have at that address. It usually just looks like a jumbled pile of trash.
Quote from: hutch-- on November 18, 2010, 12:28:26 AM
Indirect addressing adds tons of fun to those folks that want to play with your compiled binaries. make a global label "label::", store its offset in a lookup table then either jump to it or call that indirect address. Most disassemblers will not find the procedure you have at that address. It usually just looks like a jumbled pile of trash.
I have some doubts that Jochen tries to hide something in his code.
Quote from: hutch-- on November 18, 2010, 12:28:26 AM
Indirect addressing adds tons of fun to those folks that want to play with your compiled binaries. make a global label "label::", store its offset in a lookup table then either jump to it or call that indirect address. Most disassemblers will not find the procedure you have at that address. It usually just looks like a jumbled pile of trash.
So it can be used to make some tricks for people who want to copy your ideas, for example?
Quote from: frktons on November 18, 2010, 12:33:46 AM
So it can be used to make some tricks for people who want to copy your ideas, for example?
If code is worth enought - then possibility of hiding of it is big discuss, and under big doubts. Frank, rules, rules of forum :P
Quote from: Antariy on November 18, 2010, 12:47:41 AM
If code is worth enought - then possibility of hiding of it is big discuss, and under big doubts. Frank, rules, rules of forum :P
Of course, some super secret agent could need to hide things, or critical software to manage billion dollars or to launch
nuclear bombs, or the like. But we are showing the sources here, so nothing is hidden.
Sometime I think that even MS guys could watch the Forum and get ideas from the code posted here and after sell it
and copyright it as well. How could you avoid that?
This is the technique at its simplest. Disassemble it and have a look. The stored OFFSET of the global label needs to be buried in a lookup table but you should get the idea.
IF 0 ; ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
Build this template with "CONSOLE ASSEMBLE AND LINK"
ENDIF ; ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
include \masm32\include\masm32rt.inc
.data?
pslen dd ?
.data
mytext db "This is a test",0
ptxt dd mytext
.code
start:
; ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
call main
inkey
exit
; ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
main proc
mov pslen, OFFSET slen
push ptxt
call pslen
print str$(eax),13,10
ret
main endp
; ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
pile_of_crap proc
push esi
push edi
mov edx, [esp+12]
slen:: ; the GLOBAL scope label
mov eax, [esp+4]
sub eax, 1
@@:
add eax, 1
cmp BYTE PTR [eax], 0
jne @B
sub eax, [esp+4]
ret 4
mov ecx, [esp+8]
sub ecx, 1
@@:
add ecx, 1
cmp BYTE PTR [ecx], 0
jne @B
sub ecx, [esp+4]
ret 4
pop edi
pop esi
ret 12
pile_of_crap endp
; ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
end start
Thanks Steve. Good example to learn. :U
Frank
Quote from: jj2007 on November 17, 2010, 09:55:02 PM
It even exits with code 0, as foreseen. However, Olly leaves some doubt about the reliability of this code - check where the "LOCAL" MyVar sits... the add esp, -404 happens before the module entry point ::)
The "code label" operator ':' or '::' triggers prologue creation and hence can't be used in this context.
OTOH, the LABEL directive won't trigger it:
.code
RealProc proc p1:DWORD
print str$(p1), " was passed", 13, 10
ret
RealProc endp
FakeProc proc
LOCAL buffer[1024]:BYTE
LOCAL MyVar:DWORD
start label near
mov MyVar, 123456
invoke RealProc, MyVar
inkey "That was cute...!"
exit
FakeProc endp
end start
Btw., all of this has absolutely nothing to do with
indirect addressing.
Quote
Sometime I think that even MS guys could watch the Forum and get ideas from the code posted here and after sell it
and copyright it as well. How could you avoid that?
:toothy
Frank,
This is a mod that has the look up table I mentioned. The code is simple enough but have a look at it disassembled and you will see why its no joy to find the code. This is a tiny simple example, put stuff like this in a big app and they will have tons of fun finding it.
IF 0 ; ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
Build this template with "CONSOLE ASSEMBLE AND LINK"
ENDIF ; ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
include \masm32\include\masm32rt.inc
.data
mytext db "This is a test",0
ptxt dd mytext
.code
start:
; ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
call main
inkey
exit
; ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
main proc
.data
lut dd mytext,slen,ptxt ; create a look up table
.code
mov eax, OFFSET lut ; get the address of the look up table
push eax ; push it onto the stack
nop
nop ; instruction inbetween
nop
nop
pop edx ; pop the address into EDX
push DWORD PTR [edx] ; push 1st value in lut
call DWORD PTR [edx+4] ; call the second value in lut
print str$(eax),13,10
ret
main endp
; ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
pile_of_crap proc
push esi
push edi
mov edx, [esp+12]
slen:: ; the GLOBAL scope label
mov eax, [esp+4]
sub eax, 1
@@:
add eax, 1
cmp BYTE PTR [eax], 0
jne @B
sub eax, [esp+4]
ret 4
mov ecx, [esp+8]
sub ecx, 1
@@:
add ecx, 1
cmp BYTE PTR [ecx], 0
jne @B
sub ecx, [esp+4]
ret 4
pop edi
pop esi
ret 12
pile_of_crap endp
; ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
end start
This is the Disassembly I get with the "QE Disassembly option" :
Imp Addr Hint Import Name from kernel32.dll - Not Bound
-------- ---- ---------------------------------------------------------------
000020B8 9B ExitProcess
000020BC 16A GetStdHandle
000020C0 2FB WriteFile
000020C4 C6 FlushConsoleInputBuffer
000020C8 2BB Sleep
Imp Addr Hint Import Name from msvcrt.dll - Not Bound
-------- ---- ---------------------------------------------------------------
000020D0 111 _kbhit
000020D4 CE _getch
IAT Entry
00000000: 000020DC 000020EA - 000020FA 00002106 - 00002120 00000000
00000018: 00002136 00002140 - 00000000
Disassembly
00401000 start:
00401000 E820000000 call fn_00401025
00401005 6813204000 push 402013h
0040100A E87D000000 call fn_0040108C
0040100F E8BC000000 call fn_004010D0
00401014 6831204000 push 402031h
00401019 E86E000000 call fn_0040108C
0040101E 6A00 push 0
00401020 E8BD010000 call fn_004011E2
00401025 fn_00401025:
00401025 B834204000 mov eax,402034h
0040102A 50 push eax
0040102B 90 nop
0040102C 90 nop
0040102D 90 nop
0040102E 90 nop
0040102F 5A pop edx
00401030 FF32 push dword ptr [edx]
00401032 FF5204 call dword ptr [edx+4]
00401035 6840204000 push 402040h
0040103A 50 push eax
0040103B E8C0000000 call fn_00401100
00401040 6840204000 push 402040h
00401045 E842000000 call fn_0040108C
0040104A 6854204000 push 402054h
0040104F E838000000 call fn_0040108C
00401054 C3 ret
00401055 56 push esi
00401056 57 push edi
00401057 8B54240C mov edx,[esp+0Ch]
0040105B 8B442404 mov eax,[esp+4]
0040105F 83E801 sub eax,1
00401062 loc_00401062:
00401062 83C001 add eax,1
00401065 803800 cmp byte ptr [eax],0
00401068 75F8 jnz loc_00401062
0040106A 2B442404 sub eax,[esp+4]
0040106E C20400 ret 4
00401071 8B4C2408 mov ecx,[esp+8]
00401075 83E901 sub ecx,1
00401078 loc_00401078:
00401078 83C101 add ecx,1
0040107B 803900 cmp byte ptr [ecx],0
0040107E 75F8 jnz loc_00401078
00401080 2B4C2404 sub ecx,[esp+4]
00401084 C20400 ret 4
00401087 5F pop edi
00401088 5E pop esi
00401089 C20C00 ret 0Ch
0040108C fn_0040108C:
0040108C 55 push ebp
0040108D 8BEC mov ebp,esp
0040108F 83C4F4 add esp,0FFFFFFF4h
00401092 6AF5 push 0FFFFFFF5h
00401094 E84F010000 call fn_004011E8
00401099 8945FC mov [ebp-4],eax
0040109C FF7508 push dword ptr [ebp+8]
0040109F E8CC000000 call fn_00401170
004010A4 8945F4 mov [ebp-0Ch],eax
004010A7 6A00 push 0
004010A9 8D45F8 lea eax,[ebp-8]
004010AC 50 push eax
004010AD FF75F4 push dword ptr [ebp-0Ch]
004010B0 FF7508 push dword ptr [ebp+8]
004010B3 FF75FC push dword ptr [ebp-4]
004010B6 E833010000 call fn_004011EE
004010BB 8B45F8 mov eax,[ebp-8]
004010BE C9 leave
004010BF C20400 ret 4
004010C2 CC int 3
004010C3 CC int 3
004010C4 CC int 3
004010C5 CC int 3
004010C6 CC int 3
004010C7 CC int 3
004010C8 CC int 3
004010C9 CC int 3
004010CA CC int 3
004010CB CC int 3
004010CC CC int 3
004010CD CC int 3
004010CE CC int 3
004010CF CC int 3
004010D0 fn_004010D0:
004010D0 6AF6 push 0FFFFFFF6h
004010D2 E811010000 call fn_004011E8
004010D7 50 push eax
004010D8 E817010000 call fn_004011F4
004010DD loc_004010DD:
004010DD 6A01 push 1
004010DF E816010000 call fn_004011FA
004010E4 FF15D0204000 call dword ptr [_kbhit]
004010EA 85C0 test eax,eax
004010EC 74EF jz loc_004010DD
004010EE FF15D4204000 call dword ptr [_getch]
004010F4 C3 ret
004010F5 CC int 3
004010F6 CC int 3
004010F7 CC int 3
004010F8 CC int 3
004010F9 CC int 3
004010FA CC int 3
004010FB CC int 3
004010FC CC int 3
004010FD CC int 3
004010FE CC int 3
004010FF CC int 3
00401100 fn_00401100:
00401100 55 push ebp
00401101 8BEC mov ebp,esp
00401103 53 push ebx
00401104 56 push esi
00401105 57 push edi
00401106 8B4508 mov eax,[ebp+8]
00401109 8B7D0C mov edi,[ebp+0Ch]
0040110C 85C0 test eax,eax
0040110E 7507 jnz loc_00401117
00401110 66C7073000 mov word ptr [edi],30h
00401115 EB47 jmp loc_0040115E
00401117 loc_00401117:
00401117 7908 jns loc_00401121
00401119 C6072D mov byte ptr [edi],2Dh
0040111C F7D8 neg eax
0040111E 83C701 add edi,1
00401121 loc_00401121:
00401121 B9CDCCCCCC mov ecx,0CCCCCCCDh
00401126 8BF7 mov esi,edi
00401128 EB18 jmp loc_00401142
0040112A loc_0040112A:
0040112A 8BD8 mov ebx,eax
0040112C F7E1 mul ecx
0040112E C1EA03 shr edx,3
00401131 8BC2 mov eax,edx
00401133 8D1492 lea edx,[edx+edx*4]
00401136 03D2 add edx,edx
00401138 2BDA sub ebx,edx
0040113A 80C330 add bl,30h
0040113D 881F mov [edi],bl
0040113F 83C701 add edi,1
00401142 loc_00401142:
00401142 83F800 cmp eax,0
00401145 77E3 ja loc_0040112A
00401147 C60700 mov byte ptr [edi],0
0040114A EB0E jmp loc_0040115A
0040114C loc_0040114C:
0040114C 83EF01 sub edi,1
0040114F 8A06 mov al,[esi]
00401151 8A27 mov ah,[edi]
00401153 8807 mov [edi],al
00401155 8826 mov [esi],ah
00401157 83C601 add esi,1
0040115A loc_0040115A:
0040115A 3BF7 cmp esi,edi
0040115C 72EE jb loc_0040114C
0040115E loc_0040115E:
0040115E 5F pop edi
0040115F 5E pop esi
00401160 5B pop ebx
00401161 C9 leave
00401162 C20800 ret 8
00401165 CC int 3
00401166 CC int 3
00401167 CC int 3
00401168 CC int 3
00401169 CC int 3
0040116A CC int 3
0040116B CC int 3
0040116C CC int 3
0040116D CC int 3
0040116E CC int 3
0040116F CC int 3
00401170 fn_00401170:
00401170 8B442404 mov eax,[esp+4]
00401174 8D5003 lea edx,[eax+3]
00401177 55 push ebp
00401178 57 push edi
00401179 BD80808080 mov ebp,80808080h
0040117E loc_0040117E:
0040117E 8B38 mov edi,[eax]
00401180 83C004 add eax,4
00401183 8D8FFFFEFEFE lea ecx,[edi-1010101h]
00401189 F7D7 not edi
0040118B 23CF and ecx,edi
0040118D 23CD and ecx,ebp
0040118F 7539 jnz loc_004011CA
00401191 8B38 mov edi,[eax]
00401193 83C004 add eax,4
00401196 8D8FFFFEFEFE lea ecx,[edi-1010101h]
0040119C F7D7 not edi
0040119E 23CF and ecx,edi
004011A0 23CD and ecx,ebp
004011A2 7526 jnz loc_004011CA
004011A4 8B38 mov edi,[eax]
004011A6 83C004 add eax,4
004011A9 8D8FFFFEFEFE lea ecx,[edi-1010101h]
004011AF F7D7 not edi
004011B1 23CF and ecx,edi
004011B3 23CD and ecx,ebp
004011B5 7513 jnz loc_004011CA
004011B7 8B38 mov edi,[eax]
004011B9 83C004 add eax,4
004011BC 8D8FFFFEFEFE lea ecx,[edi-1010101h]
004011C2 F7D7 not edi
004011C4 23CF and ecx,edi
004011C6 23CD and ecx,ebp
004011C8 74B4 jz loc_0040117E
004011CA loc_004011CA:
004011CA F7C180800000 test ecx,8080h
004011D0 7506 jnz loc_004011D8
004011D2 C1E910 shr ecx,10h
004011D5 83C002 add eax,2
004011D8 loc_004011D8:
004011D8 D0E1 shl cl,1
004011DA 1BC2 sbb eax,edx
004011DC 5F pop edi
004011DD 5D pop ebp
004011DE C20400 ret 4
004011E1 CC int 3
004011E2 fn_004011E2:
004011E2 FF25B8204000 jmp dword ptr [ExitProcess]
004011E8 fn_004011E8:
004011E8 FF25BC204000 jmp dword ptr [GetStdHandle]
004011EE fn_004011EE:
004011EE FF25C0204000 jmp dword ptr [WriteFile]
004011F4 fn_004011F4:
004011F4 FF25C4204000 jmp dword ptr [FlushConsoleInputBuffer]
004011FA fn_004011FA:
004011FA FF25C8204000 jmp dword ptr [Sleep]
Quite un-understandable for me and for somebody else I guess. :P
Quote from: frktons on November 18, 2010, 12:56:00 AM
Quote from: Antariy on November 18, 2010, 12:47:41 AM
If code is worth enought - then possibility of hiding of it is big discuss, and under big doubts. Frank, rules, rules of forum :P
Of course, some super secret agent could need to hide things, or critical software to manage billion dollars or to launch
nuclear bombs, or the like. But we are showing the sources here, so nothing is hidden.
Sometime I think that even MS guys could watch the Forum and get ideas from the code posted here and after sell it
and copyright it as well. How could you avoid that?
MS programmers don't want small code, at least for use at work. :U
Andy
Here is a variant that looks more legal, and it can actually save some bytes. However, as the name "Level1" indicates, you can use these variables only at the top level.
Quote.code
start: LEVEL1 a1d:DWORD, a2d, a3w:WORD, a4d, a5rc:RECT, a6r:RECT, a7q:QWORD, MyVar, wc1:WNDCLASSEX, wc2:WNDCLASSEX, wc3:WNDCLASSEX, wc4:WNDCLASSEX
mov wc1.style, 123456h ; 7 bytes
push wc1.style ; 3 bytes
pop wc2.style ; 3 bytes -> 13
mov wcGlobal.style, 123456h ; 10 bytes
push wcGlobal.style ; 6 bytes
pop wcGlobal.style ; 6 bytes -> 22
Full example attached.
What is the purpose of this?
OTOMH, If you want local variables at entrypoint :
.code
Entrypoint proc
LOCAL buffer[1024]:BYTE
LOCAL MyVar:DWORD
leave; not really needed
invoke Exitprocess,0
Entrypoint endp
end EntrypointI think "Entrypoint" is used as entrypoint but if it isn't use "/ENTRY:Entrypoint"
You are a genius, drizz :bg
include \masm32\include\masm32rt.inc
.code
start proc
LOCAL wc:WNDCLASSEX
LOCAL msg:MSG
LOCAL hwnd:HWND
m2m wc.cbSize, SIZEOF WNDCLASSEX
m2m wc.style, CS_HREDRAW or CS_VREDRAW
mov wc.lpfnWndProc, 5678h
; ...
leave; not really needed
invoke ExitProcess, 0
start endp
end start
P.S.: No important purpose. Just for the fun of testing new tricks and shaving off a few bytes here and there :wink
Quote from: drizz on November 18, 2010, 06:56:32 PM
I think "Entrypoint" is used as entrypoint but if it isn't use "/ENTRY:Entrypoint"
It is will used as entry point - assembler writes directive "/ENTRY:XXX" to the object file when find "end XXX".
Jochen, entry point is just a code which can have anything construction, with prologue, or without - have no meaning.
Personally I did not use format of template files as they is, and if you find some early my code posted here, you will find something like:
.code _TEXT
align 16
start proc uses ebx edi
invoke GetCurrentProcess
invoke SetPriorityClass,eax,REALTIME_PRIORITY_CLASS
invoke Sleep,0
...........
:P
uses ebx edi because further exiting is by ret, not by ExitProcess...
Alex