Jump to content

Help with asm

Skitty

By Skitty,
in Developer General Discussion

 Share

Recommended Posts

Valik Universalist

Valik

Posted
Posted

BrewManNH is correct as far as I can see. You have exactly one person to blame for this: You. Instead of learning your lesson and looking into sandbox or virtual machine software your response is to make an ass of yourself on their forum? Someone explain to me why I shouldn't preemptively block this user now just so I don't have to later when they do something stupid and then decide to blame somebody from our forum for it?

Link to comment
Share on other sites
  • Replies 70
  • Created
  • Last Reply

Top Posters In This Topic

Top Posters In This Topic

Popular Posts

BrewManNH
BrewManNH

So, you downloaded a program, that you yourself stated you don't know what it does because you couldn't be bothered to read the source code. Then you ran it on your main computer rather than in a sand

jchd
jchd

That's a moot point: should it be called RemoveTrojan or PrepareGUI would you trust it more?

jchd
jchd

Granted, getting better is a nice goal. I look at attempts of achieving "top notch" optimization as now essentially useless. It was possible at some time to perform register coloring, loop unrolli

jaberwacky Universalist

jaberwacky

Posted
Posted

Even though I have no idea what in the **** this function 'posed t' do, I just don't even like the name.

BlindSucker    proc uses ebx
    LOCAL     lbrw:DWORD
    LOCAL     lBuff[256]:BYTE
    
    ; ------- seh installation ------- ;
    SehBegin     __bs
    
    call     GetTickCount
    invoke     nseed,eax
    
    ; ------- check for key ------- ;
    invoke     GetModuleHandle,reparg("user32.dll")
    .if     eax
        lea     edx,lBuff
        mov     dword ptr [edx],'AteG' ;"GetAsyncKeyState"
        mov     dword ptr [edx+4],'cnys'
        mov     dword ptr [edx+8],'SyeK'
        mov     dword ptr [edx+12],'etat'
        mov     byte ptr [edx+12+4],0
        invoke     GetProcAddress,eax,edx
        .if     !eax
            SehPop
            return_0
        .endif
    .endif
    scall     eax,VK_B
    .if     eax
        jmp     @blind
    .endif
    
    invoke     MyZeroMemory,ADDR lBuff,256
    mov     lbrw,0
    invoke     GetPrivateProfileString,ADDR  szAnsavName,ADDR szBlindCnt,ADDR lbrw,ADDR lBuff,256,ADDR szAnsavIniPath
    cmp     lBuff[0],0
    je        @writeit
    invoke     atodw,ADDR lBuff
    mov        ebx,eax
    add     ebx,5000
    call     GetTickCount
    .if     eax < ebx
        sub     ebx,5000*2
        cmp     eax,ebx
        jb        @writeit
@blind:
        ; ------- time for blind all sucker ------- ;
        invoke     Random,10
        add     eax,20 ; min
        invoke     MakeRandomString,ADDR szRandomString,eax
        invoke     MakeRandomString,ADDR szAppName,5
        mov     TimeForBlind,1
        jmp     @owrite
    .else
@writeit:
        mov     TimeForBlind,0
@owrite:
        ; set it last
        call     GetTickCount
        lea     ebx,lBuff
        invoke     wsprintf,ebx,ADDR szdTosF,eax
        invoke     WritePrivateProfileString,ADDR szAnsavName,ADDR szBlindCnt,ebx,ADDR szAnsavIniPath
        
    .endif
    
    ; ------- seh trapper ------- ;
    SehTrap     __bs
        ErrorDump     "BlindSucker",offset BlindSucker,offset szAnsavStuffasm
    SehEnd        __bs
    
    ret

BlindSucker endp

Helpful Posts and Websites: AutoIt3 Variables and Function Parameters MHz | AutoIt Wiki | Using the GUIToolTip UDF BrewManNH | Can't find what you're looking for on the Forum?

Link to comment
Share on other sites
BigDod Universalist

BigDod

Posted
Posted

Stupid is as stupid does


Time you enjoyed wasting is not wasted time ......T.S. Elliot
Suspense is worse than disappointment................Robert Burns
God help the man who won't help himself, because no-one else will...........My Grandmother

Link to comment
Share on other sites
Bowmore Universalist

Bowmore

Posted
Posted

Seeing this would start some alarm bells ringing for me.

; ------- time for blind sucker ------- ;
call BlindSucker

"Programming today is a race between software engineers striving to build bigger and better idiot-proof programs, and the universe trying to build bigger and better idiots. So far, the universe is winning."- Rick Cook

Link to comment
Share on other sites
jchd Universalist

jchd

Posted
Posted

Downloading and launching some random binary from a hackers' site outside of a serious VM or hardened sandbox quite often triggers a reinstall. Even visiting such sites without thick condoms is risky.

Can we say that looking at a small part of alledged accompanying source dated early 2008 is digital tourism?

This wonderful site allows debugging and testing regular expressions (many flavors available). An absolute must have in your bookmarks.
Another excellent RegExp tutorial. Don't forget downloading your copy of up-to-date pcretest.exe and pcregrep.exe here
RegExp tutorial: enough to get started
PCRE v8.33 regexp documentation latest available release and currently implemented in AutoIt beta.

SQLitespeed is another feature-rich premier SQLite manager (includes import/export). Well worth a try.
SQLite Expert (freeware Personal Edition or payware Pro version) is a very useful SQLite database manager.
An excellent eBook covering almost every aspect of SQLite3: a must-read for anyone doing serious work.
SQL tutorial (covers "generic" SQL, but most of it applies to SQLite as well)
A work-in-progress SQLite3 tutorial. Don't miss other LxyzTHW pages!
SQLite official website with full documentation (may be newer than the SQLite library that comes standard with AutoIt)

Link to comment
Share on other sites
MvGulik Universalist

MvGulik

Posted
Posted

Even visiting such sites without thick condoms is risky.

You think that helps. Seems to me the user got the stick instead of the site.

... open wide ...

"Straight_and_Crooked_Thinking" : A "classic guide to ferreting out untruths, half-truths, and other distortions of facts in political and social discussions."
"The Secrets of Quantum Physics" : New and excellent 2 part documentary on Quantum Physics by Jim Al-Khalili. (Dec 2014)

"Believing what you know ain't so" ...

Knock Knock ...
 

Link to comment
Share on other sites
Skitty Universalist

Skitty

Posted
  • Author
Posted (edited)

First and foremost, how do you guy's think I took a snapshot of the bios error? do you think I have some kind of software built into it that can enable screencap's? of course I was using a vm, but I still lost a bunch of udf's and other things I had accumulated over a period of 15 hours that I hadn't saved it.

Anyway, a moderator over there was nice enough to submit my complaint for me.

I sort of exaggerated the claim but still, it's a good warning to anyone else who might download it and unwittingly run the damn thing.

Edited by THAT1ANONYMOUSEDUDE
Link to comment
Share on other sites
MvGulik Universalist

MvGulik

Posted
Posted

"Camera" ... hehe

I knew Valik would say that. NO I really DID. TRUST me. REALLY ... (Kinda don't work. Bad timing might be one factor here.)

... BUT's: generally best used for sitting on ...

"Straight_and_Crooked_Thinking" : A "classic guide to ferreting out untruths, half-truths, and other distortions of facts in political and social discussions."
"The Secrets of Quantum Physics" : New and excellent 2 part documentary on Quantum Physics by Jim Al-Khalili. (Dec 2014)

"Believing what you know ain't so" ...

Knock Knock ...
 

Link to comment
Share on other sites
Skitty Universalist

Skitty

Posted
  • Author
Posted

Even though I have no idea what in the **** this function 'posed t' do, I just don't even like the name.

BlindSucker proc uses ebx
    LOCAL    lbrw:DWORD
    LOCAL    lBuff[256]:BYTE
    
    ; ------- seh installation ------- ;
    SehBegin     __bs
    
    call     GetTickCount
    invoke   nseed,eax
    
    ; ------- check for key ------- ;
    invoke   GetModuleHandle,reparg("user32.dll")
    .if  eax
        lea  edx,lBuff
        mov  dword ptr [edx],'AteG' ;"GetAsyncKeyState"
        mov  dword ptr [edx+4],'cnys'
        mov  dword ptr [edx+8],'SyeK'
        mov  dword ptr [edx+12],'etat'
        mov  byte ptr [edx+12+4],0
        invoke   GetProcAddress,eax,edx
        .if  !eax
            SehPop
            return_0
        .endif
    .endif
    scall    eax,VK_B
    .if  eax
        jmp  @blind
    .endif
    
    invoke   MyZeroMemory,ADDR lBuff,256
    mov  lbrw,0
    invoke   GetPrivateProfileString,ADDR  szAnsavName,ADDR szBlindCnt,ADDR lbrw,ADDR lBuff,256,ADDR szAnsavIniPath
    cmp  lBuff[0],0
    je      @writeit
    invoke   atodw,ADDR lBuff
    mov     ebx,eax
    add  ebx,5000
    call     GetTickCount
    .if  eax < ebx
        sub  ebx,5000*2
        cmp  eax,ebx
        jb      @writeit
@blind:
        ; ------- time for blind all sucker ------- ;
        invoke   Random,10
        add  eax,20 ; min
        invoke   MakeRandomString,ADDR szRandomString,eax
        invoke   MakeRandomString,ADDR szAppName,5
        mov  TimeForBlind,1
        jmp  @owrite
    .else
@writeit:
        mov  TimeForBlind,0
@owrite:
        ; set it last
        call     GetTickCount
        lea  ebx,lBuff
        invoke   wsprintf,ebx,ADDR szdTosF,eax
        invoke   WritePrivateProfileString,ADDR szAnsavName,ADDR szBlindCnt,ebx,ADDR szAnsavIniPath
        
    .endif
    
    ; ------- seh trapper ------- ;
    SehTrap  __bs
        ErrorDump    "BlindSucker",offset BlindSucker,offset szAnsavStuffasm
    SehEnd      __bs
    
    ret

BlindSucker endp

Wow, I hadn't seen that, If I would have noticed that I would have probably saved everything to my network share before running it after disabling the network, I'm just glad it didn't reach out to my network share and molest everything there too.
Link to comment
Share on other sites
jchd Universalist

jchd

Posted
Posted

That's a moot point: should it be called RemoveTrojan or PrepareGUI would you trust it more?

This wonderful site allows debugging and testing regular expressions (many flavors available). An absolute must have in your bookmarks.
Another excellent RegExp tutorial. Don't forget downloading your copy of up-to-date pcretest.exe and pcregrep.exe here
RegExp tutorial: enough to get started
PCRE v8.33 regexp documentation latest available release and currently implemented in AutoIt beta.

SQLitespeed is another feature-rich premier SQLite manager (includes import/export). Well worth a try.
SQLite Expert (freeware Personal Edition or payware Pro version) is a very useful SQLite database manager.
An excellent eBook covering almost every aspect of SQLite3: a must-read for anyone doing serious work.
SQL tutorial (covers "generic" SQL, but most of it applies to SQLite as well)
A work-in-progress SQLite3 tutorial. Don't miss other LxyzTHW pages!
SQLite official website with full documentation (may be newer than the SQLite library that comes standard with AutoIt)

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...