Hi,
i am expirimenting with some compressions/decomp.
For the first stage i have a function fill api buffer.
Then i copy x bytes from startpos+len only inside the function it BUGs by copying 4 buyes for example Mess instead of messageBox.
; ml /c /coff NoImport.asm
; Link /subsystem:windows NoImport.com
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
.386
.model flat,stdcall
option casemap:none
include d:\masm32\include\windows.inc
include d:\masm32\include\kernel32.inc
include d:\masm32\include\user32.inc
include d:\masm32\include\masm32.inc
includelib d:\masm32\lib\user32.lib
includelib d:\masm32\lib\kernel32.lib
includelib d:\masm32\lib\masm32.lib
;--------------=========== purpose ================-------------
; we got 1 buffer with apinames.
; After decompression that is.... (not used here yet... ;-) )
; IMAGINE that we could use 1 HUGE buffer that after its (decompressed) is
; FILLED with apinames...
;========================================================================
;
; ======== the algoritm ===========
;
; 1: asume this is a buffer : apinames db "api1Api2Api3Api4"
; 2: then we copy x bytes from decompressed buffer and use import module to call the api!
; 3: xstart and xend are known so we will have a VERRY small EXE.
; 4: this is great, it beats VC for me.
;
;
Fill_api_buffer Proto :DWORD
.data
;======= text output==========
BoxText db "string test",0
;----- compressed stuff ----------
; finished in other module
;------ TEXT FUNC COPY----------
Apinames db "MessageBoxAReadFileA",0
; =-insert ^^ db??
mblen equ 10d ; mbox=10
rflen equ 9d
; test buffers
;---------------------
bufferxx dw 41 dup(?)
bufferyy dw 41 dup(0)
.code
Fill_api_buffer Proc , OutBuffer4Api
;
bug here only copy`s 4 bytes not 10Decimal like its suposed todo.
invoke szMid,addr Apinames ,addr OutBuffer4Api,0,10d ; already 0 terminated!
mov eax, OutBuffer4Api
ret
Fill_api_buffer endp
start:
;====todo:=============
; decrypt buffer2buffer
; copy strings to buffers
; api doc....s
; 0=1st char, already zero terminated.
;-------- src,buffer,pos2read,numBytes2read
; messageBox (starts at 0 and its length= 10d)
;-------------------------------------
;invoke szMid,addr Apinames ,addr bufferyy,0,10d ; already 0 terminated!
this one ^^ works... but in func it doesn`t work
; readfilea (starts at 11d and its length=9d
;---------------------------------------------
;invoke szMid,addr Apinames ,addr bufferyy,11d,rflen ; already 0 terminated!
; moved above shit to function
;===============================
invoke Fill_api_buffer,addr bufferyy
MOV dword ptr [bufferxx],EAX
invoke MessageBox, NULL,addr bufferxx , addr BoxText, MB_OK
invoke ExitProcess, 0
end start
if it would work it would be my smallest noimport.exe test.
Hmm wonder if Atoi and itoa can be used to stuff in numbers and compress that too?
db rocks :-)
vc6 comes with source right?
It does copy 10 chars into bufferyy but you are displaying a different string, bufferxx, in the messagebox.
Apinames db "MessageBoxAReadFileA",0
bufferxx dw 41 dup(?) ; ""
bufferyy dw 41 dup(0) ; "",0
invoke Fill_api_buffer, addr bufferyy ; Copies first 10 chars from Apinames to bufferyy
Apinames db "MessageBoxAReadFileA",0
bufferxx dw 41 dup(?) ; ""
bufferyy dw 41 dup(0) ; "MessageBox",0
mov dword ptr [bufferxx], eax ; Copies first 4 chars from bufferyy, held in eax, to bufferxx
Apinames db "MessageBoxAReadFileA",0
bufferxx dw 41 dup(?) ; "Mess"
bufferyy dw 41 dup(0) ; "MessageBox",0
invoke MessageBox, NULL, addr bufferxx, addr BoxText, MB_OK
Just for reference:
db = byte = 8 bits
dw = word = 16 bits
dd = dword = 32 bits
Its not working except if i use messagebox inside the function.
i declared another type:
.data
outbuffer dword 41 dup(0)
BoxText db "string test",0
BoxTextfn db "inside function x:",0
Apinames db "MessageBoxAReadFileA",0
;lens
mblen equ 10d ; mbox=10
rflen equ 9d
.code
Fill_api_buffer Proc , OutBuffer4Api
;bug here only copy`s 4 bytes not 10Decimal like its suposed todo.
invoke szMid,addr Apinames ,addr OutBuffer4Api,0,10d ; already 0 terminated!
; works perfectly inside this function, displaying the WHOLE string, fails todo so outside the str
invoke MessageBox,0,addr OutBuffer4Api, addr BoxTextfn,0
ret
Fill_api_buffer endp
main:
invoke Fill_api_buffer,addr outbuffer ; fills outbuffer? maybe ret is buggy? i dont know
invoke MessageBox, NULL,addr outbuffer , addr BoxText, MB_OK
invoke ExitProcess, 0
end start
solved it!
Fill_api_buffer Proc , OutBuffer4Api
;removed addr operator
;invoke szMid,addr Apinames , addr OutBuffer4Api,0,10d ; already 0 terminated!
invoke szMid,addr Apinames , OutBuffer4Api,0,10d ; already 0 terminated!
invoke MessageBox,0,addr OutBuffer4Api, addr BoxTextfn,0
ret
Fill_api_buffer endp
;then i called it WITH the addr operator.
invoke Fill_api_buffer,addr outbuffer
invoke MessageBox, NULL,addr outbuffer , addr BoxText, MB_OK
invoke ExitProcess, 0
hmm the addr operator is really important.
I will remmeber that ;-)