A bem ga... inlajn asmZelja:u inline asm-u nakucat kod koji ce izbacit messagebox i pri tom upozorit korisnika da ce kreirat novi fajl, zatim kreirat novi fajlt, i onda ga otvorit i u njega stavit text poruku... jedine 2 adrese od kojih pocimam da ih imam su adresa od LoadLibarary-a i GetProcAddress-a, a onda preko njih dobavljam adrese ostalih... uglavnom sve radi uspjesno do kreiranja fajla (znaci to izvrsno obavi) i onda se sjebe nesto, puko sam vise!!
Ako ima ko strpljenja da proceljsa ovo i da nadje gdje sta treba od'ebat da bi dovrsio to s*****
Code:
int main(int argc, char* argv[])
{
asm{mov ebx, esp
sub ebx,4
sub ebx,4
sub ebx,4
push 0x00006C6C
push 0x642E3233
push 0x72657375
//ebx sadrzi string 'user32.dll'
mov esi, 0x77e7a5fd
mov edi,esi
//esi,edi sadrzi adresu GetProcAddress fje
mov edx, 0x77e805d8
//edx sadrzi adresu LoadLibraryA fje
push ebx //kernel32.dll
call edx //LoadLibraryA
//eax sad sadrzi handle od user32.dll-a
mov ebx, esp
sub ebx,4
sub ebx,4
sub ebx,4
push 0x0041786F
push 0x42656761
push 0x7373654D
//ebx sadrzi string 'MessageBoxA'
push ebx //string 'MessageBoxA'
push eax //handle od user32.dll-a
call esi //pozivamo GetProcAddress
mov ebx,esp
mov ecx, 4
imul ecx,13
sub ebx, ecx
xor ecx,ecx
push 0x00000000
push 0x293A2021
push 0x21212074
push 0x78742E65
push 0x67615373
push 0x654D5F6B
push 0x4361485C
push 0x3A63206C
push 0x6A616620
push 0x74617269
push 0x65726B20
push 0x6F6D6563
push 0x20646153 //obavijest korisniku
//s kim ima posla :D
mov ecx,esp
mov edx,4
imul edx,5
sub ecx,edx
mov edx,0 //xor edx,edx
push 0x00002E2E
push 0x2E747365
push 0x6A697661
push 0x626F2072
push 0x6F786148 //Naslov obavijesti
push 0
push ecx
push ebx
push 0
call eax //MessageBox
mov edx,esp
sub edx,4
sub edx,4
sub edx,4
sub edx,4
push 0x00000000
push 0x6C6C642E
push 0x32336C65
push 0x6E72656B
//edx sadrzi string 'kernel32.dll'
mov edi, 0x77e805d8
//edi sadrzi adresu LoadLibraryA fje
push edx
call edi //LoadLibraryA
mov ecx,esp
sub ecx,4
sub ecx,4
sub ecx,4
push 0x0041656C
push 0x69466574
push 0x61657243
//ecx=string 'CreateFileA'
mov esi, 0x77e7a5fd
//esi sadrzi adresu GetProcAddress fje
push ecx //'CreateFileA'
push eax //handle od kernel32.dll-a
call esi //GetProcAddress
//eax sadrzi sada adresu CreateFileA fje :))
//idemo dalje, nije da mi se da vise ali ono :D
mov ecx,esp
mov edx,4
imul edx,6
sub ecx,edx
push 0x00000074
push 0x78742E65
push 0x67617373
push 0x656D5F72
push 0x6F786168
push 0x5C5C3A43 //putanja fajla; c:\haxor_message.txt
//idemo sad kreirat fajl C:\\haxor_message.txt
push 0 //hTemplateFile
push 0 //dwFlagsAndAttributes
push 1 //dwCreationDisposition->create new
push 0 //lpSecurityAttributes
push 0 //dwShareMode
push 0x40000000 //dwDesiredAccess->write access
push ecx //C:\\haxor_message.txt
call eax //CreateFileA
mov ebx,eax // da sacuvamo handle :) ... ipak ne :D
//jer EAX dobije FFFFFFFF ... hmmm, uradit
//cemo poslije radje OpenFile pa na miru spavat
//hajde da otvorimo fajl ...
//znaci idemo polako po OpenFile koja je u kernel32.dll-u
mov edx,esp
sub edx,4
sub edx,4
sub edx,4
sub edx,4
push 0x00000000
push 0x6C6C642E
push 0x32336C65
push 0x6E72656B
//edx sadrzi string 'kernel32.dll'
mov edi, 0x77e805d8
//edi sadrzi adresu LoadLibraryA fje
push edx
call edi //LoadLibararyA
mov ecx,esp
mov edx,4
imul edx,3
sub ecx,edx
push 0x00000000
push 0x656C6946
push 0x6E65704F //string 'OpenFile'
mov esi, 0x77e7a5fd
//esi sadrzi adresu GetProcAddress fje
push ecx
push eax
call esi //GetProcAddress
mov esi,esp
mov edi,4
imul edi,6
sub esi,edi
push 0x00000074
push 0x78742E65
push 0x67617373
push 0x656D5F72
push 0x6F786168
push 0x5C5C3A43 //putanja fajla; c:\\haxor_message.txt
push 0x00000001 //stajl :D .. write :)
push 0 //lpReOpenBuff
push esi //putanja do fajla
call eax //kernel32.OpenFile
mov ebx, eax //savuvamo hFile govnara
//=======ajde da napokon nesto upisemo u fajl
mov edx,esp
sub edx,4
sub edx,4
sub edx,4
sub edx,4
push 0x00000000
push 0x6C6C642E
push 0x32336C65
push 0x6E72656B
//edx sadrzi string 'kernel32.dll'
mov edi, 0x77e805d8
//edi sadrzi adresu LoadLibraryA fje
push edx
call edi //LoadLibararyA
mov ecx,esp
mov edx,4
imul edx,3
sub ecx,edx
push 0x00000065
push 0x6C694665
push 0x74697257 //string 'WriteFile'
mov esi, 0x77e7a5fd
//esi sadrzi adresu GetProcAddress fje
push ecx
push eax
call esi //GetProcAddress
mov ecx,esp
mov edx,4
imul edx,5
sub ecx,edx
mov edx,0 //xor edx,edx
push 0x00002E2E
push 0x2E747365
push 0x6A697661
push 0x626F2072
push 0x6F786148 //Naslov obavijesti
push 0 //lpOverlapped
push ecx //lpNumberOfBytesWritten
push 0x09 //NumberOfBytesToWrite
push ecx //lpBuffer
push ebx //hFile
call eax //WriteFile
/* probni MessageBox
push 0
push ebx //'kernel32.dll'
push ebx //isto
push 0
mov eax,0x77d6add7
call eax
*/
//ciscenje stack-a
pop ebx
pop ebx
pop ebx
pop ebx
pop ebx
pop ebx
pop ebx
pop ebx
pop ebx
pop ebx
pop ebx
pop ebx
pop ebx
pop ebx
pop ebx
pop ebx
pop ebx
pop ebx
pop ebx
pop ebx
pop ebx
pop ebx
pop ebx
pop ebx
pop ebx
pop ebx
pop ebx
pop ebx
pop ebx
pop ebx
pop ebx
pop ebx
pop ebx
pop ebx
pop ebx
pop ebx
pop ebx
pop ebx
pop ebx
pop ebx
pop ebx
pop ebx
pop ebx
pop ebx
pop ebx
pop ebx
pop ebx
pop ebx
pop ebx
pop ebx
pop ebx
pop ebx
pop ebx
pop ebx
pop ebx
pop ebx
pop ebx
pop ebx
pop ebx
pop ebx
}
return 0;
}
int main(int argc, char* argv[])
{
asm{mov ebx, esp
sub ebx,4
sub ebx,4
sub ebx,4
push 0x00006C6C
push 0x642E3233
push 0x72657375
//ebx sadrzi string 'user32.dll'
mov esi, 0x77e7a5fd
mov edi,esi
//esi,edi sadrzi adresu GetProcAddress fje
mov edx, 0x77e805d8
//edx sadrzi adresu LoadLibraryA fje
push ebx //kernel32.dll
call edx //LoadLibraryA
//eax sad sadrzi handle od user32.dll-a
mov ebx, esp
sub ebx,4
sub ebx,4
sub ebx,4
push 0x0041786F
push 0x42656761
push 0x7373654D
//ebx sadrzi string 'MessageBoxA'
push ebx //string 'MessageBoxA'
push eax //handle od user32.dll-a
call esi //pozivamo GetProcAddress
mov ebx,esp
mov ecx, 4
imul ecx,13
sub ebx, ecx
xor ecx,ecx
push 0x00000000
push 0x293A2021
push 0x21212074
push 0x78742E65
push 0x67615373
push 0x654D5F6B
push 0x4361485C
push 0x3A63206C
push 0x6A616620
push 0x74617269
push 0x65726B20
push 0x6F6D6563
push 0x20646153 //obavijest korisniku
//s kim ima posla :D
mov ecx,esp
mov edx,4
imul edx,5
sub ecx,edx
mov edx,0 //xor edx,edx
push 0x00002E2E
push 0x2E747365
push 0x6A697661
push 0x626F2072
push 0x6F786148 //Naslov obavijesti
push 0
push ecx
push ebx
push 0
call eax //MessageBox
mov edx,esp
sub edx,4
sub edx,4
sub edx,4
sub edx,4
push 0x00000000
push 0x6C6C642E
push 0x32336C65
push 0x6E72656B
//edx sadrzi string 'kernel32.dll'
mov edi, 0x77e805d8
//edi sadrzi adresu LoadLibraryA fje
push edx
call edi //LoadLibraryA
mov ecx,esp
sub ecx,4
sub ecx,4
sub ecx,4
push 0x0041656C
push 0x69466574
push 0x61657243
//ecx=string 'CreateFileA'
mov esi, 0x77e7a5fd
//esi sadrzi adresu GetProcAddress fje
push ecx //'CreateFileA'
push eax //handle od kernel32.dll-a
call esi //GetProcAddress
//eax sadrzi sada adresu CreateFileA fje :))
//idemo dalje, nije da mi se da vise ali ono :D
mov ecx,esp
mov edx,4
imul edx,6
sub ecx,edx
push 0x00000074
push 0x78742E65
push 0x67617373
push 0x656D5F72
push 0x6F786168
push 0x5C5C3A43 //putanja fajla; c:\haxor_message.txt
//idemo sad kreirat fajl C:\\haxor_message.txt
push 0 //hTemplateFile
push 0 //dwFlagsAndAttributes
push 1 //dwCreationDisposition->create new
push 0 //lpSecurityAttributes
push 0 //dwShareMode
push 0x40000000 //dwDesiredAccess->write access
push ecx //C:\\haxor_message.txt
call eax //CreateFileA
mov ebx,eax // da sacuvamo handle :) ... ipak ne :D
//jer EAX dobije FFFFFFFF ... hmmm, uradit
//cemo poslije radje OpenFile pa na miru spavat
//hajde da otvorimo fajl ...
//znaci idemo polako po OpenFile koja je u kernel32.dll-u
mov edx,esp
sub edx,4
sub edx,4
sub edx,4
sub edx,4
push 0x00000000
push 0x6C6C642E
push 0x32336C65
push 0x6E72656B
//edx sadrzi string 'kernel32.dll'
mov edi, 0x77e805d8
//edi sadrzi adresu LoadLibraryA fje
push edx
call edi //LoadLibararyA
mov ecx,esp
mov edx,4
imul edx,3
sub ecx,edx
push 0x00000000
push 0x656C6946
push 0x6E65704F //string 'OpenFile'
mov esi, 0x77e7a5fd
//esi sadrzi adresu GetProcAddress fje
push ecx
push eax
call esi //GetProcAddress
mov esi,esp
mov edi,4
imul edi,6
sub esi,edi
push 0x00000074
push 0x78742E65
push 0x67617373
push 0x656D5F72
push 0x6F786168
push 0x5C5C3A43 //putanja fajla; c:\\haxor_message.txt
push 0x00000001 //stajl :D .. write :)
push 0 //lpReOpenBuff
push esi //putanja do fajla
call eax //kernel32.OpenFile
mov ebx, eax //savuvamo hFile govnara
//=======ajde da napokon nesto upisemo u fajl
mov edx,esp
sub edx,4
sub edx,4
sub edx,4
sub edx,4
push 0x00000000
push 0x6C6C642E
push 0x32336C65
push 0x6E72656B
//edx sadrzi string 'kernel32.dll'
mov edi, 0x77e805d8
//edi sadrzi adresu LoadLibraryA fje
push edx
call edi //LoadLibararyA
mov ecx,esp
mov edx,4
imul edx,3
sub ecx,edx
push 0x00000065
push 0x6C694665
push 0x74697257 //string 'WriteFile'
mov esi, 0x77e7a5fd
//esi sadrzi adresu GetProcAddress fje
push ecx
push eax
call esi //GetProcAddress
mov ecx,esp
mov edx,4
imul edx,5
sub ecx,edx
mov edx,0 //xor edx,edx
push 0x00002E2E
push 0x2E747365
push 0x6A697661
push 0x626F2072
push 0x6F786148 //Naslov obavijesti
push 0 //lpOverlapped
push ecx //lpNumberOfBytesWritten
push 0x09 //NumberOfBytesToWrite
push ecx //lpBuffer
push ebx //hFile
call eax //WriteFile
/* probni MessageBox
push 0
push ebx //'kernel32.dll'
push ebx //isto
push 0
mov eax,0x77d6add7
call eax
*/
//ciscenje stack-a
pop ebx
pop ebx
pop ebx
pop ebx
pop ebx
pop ebx
pop ebx
pop ebx
pop ebx
pop ebx
pop ebx
pop ebx
pop ebx
pop ebx
pop ebx
pop ebx
pop ebx
pop ebx
pop ebx
pop ebx
pop ebx
pop ebx
pop ebx
pop ebx
pop ebx
pop ebx
pop ebx
pop ebx
pop ebx
pop ebx
pop ebx
pop ebx
pop ebx
pop ebx
pop ebx
pop ebx
pop ebx
pop ebx
pop ebx
pop ebx
pop ebx
pop ebx
pop ebx
pop ebx
pop ebx
pop ebx
pop ebx
pop ebx
pop ebx
pop ebx
pop ebx
pop ebx
pop ebx
pop ebx
pop ebx
pop ebx
pop ebx
pop ebx
pop ebx
pop ebx
}
return 0;
}
E da, ovo za popovanje EBX-a imam u planu na kraju samo ubacit u jedan loop koji ce to obavit!!
pozz i thx unaprijed, nadam se da ima neki "ludjak" koji ce pomoc
z
