Jump to content

Recommended Posts

Posted

Sorry, but the comments in each line are not really understandable for me and that's why I asked although the commands are clear to me.

Currently I don't want to learn assembler but I want to understand here the code roughly. Thanks for your explanations.

UEZ

You don't need to learn assembly, but to follow the code you need to grasp somethings, the most important things are the registers and the stack.

Broken link? PM me and I'll send you the file!

Posted (edited)

...line by line explanation...

Thank you very much! Now I understand the code behind each line much more!

When I was 15 I had coded in 6502 assembler (C64) but this is more than 20 years ago and not the same as 8086 :D

UEZ

Edited by UEZ

Please don't send me any personal message and ask for support! I will not reply!

Selection of finest graphical examples at Codepen.io

The own fart smells best!
Her 'sikim hıyar' diyene bir avuç tuz alıp koşma!
¯\_(ツ)_/¯  ٩(●̮̮̃•̃)۶ ٩(-̮̮̃-̃)۶ૐ

Posted

Impressive work !

btw, could it be possible to convert the SwapEndian function too ? In your last example, the CPU is almost 30%.

Really good, and useful job.

-- Arck System _ Soon -- Ideas make everything

"La critique est facile, l'art est difficile"

Projects :

[list] [*]Au3Service : Run your exe as service V3 / Updated 29/07/2013 Get it Here [/list]
Posted

btw, could it be possible to convert the SwapEndian function too ? In your last example, the CPU is almost 30%.

Ehm why? The SwapEndian is only run when the code is generated (once for each pointer that needs to be converted), it would not change anything.

Broken link? PM me and I'll send you the file!

Posted

ahhh ... ok :/

i have to lean how the script works so .

My bad :D

-- Arck System _ Soon -- Ideas make everything

"La critique est facile, l'art est difficile"

Projects :

[list] [*]Au3Service : Run your exe as service V3 / Updated 29/07/2013 Get it Here [/list]
Posted (edited)

Ehm why? The SwapEndian is only run when the code is generated (once for each pointer that needs to be converted), it would not change anything.

It will be faster when you move the DLLstructSetData out of the loop:

; by trancexx
#include <GUIConstantsEx.au3>
#include <Memory.au3>

Opt("GUIOnEventMode", 1)

Global Const $STM_SETIMAGE = 370

Global Const $iWidth = 810
Global Const $iHeight = 470

GUICreate("", $iWidth, $iHeight)
GUISetOnEvent(-3, "_Quit")
GUISetBkColor(0)

Global $hPic = GUICtrlCreatePic("", 0, 0, $iWidth, $iHeight)

Global $iSize = $iWidth * $iHeight
Global $tBits = DllStructCreate("int[" & $iSize & "]")
Global $pBits = DllStructGetPtr($tBits)


Global $hBitmap, $aCall, $iHMsg
Global $hPicHandle = GUICtrlGetHandle($hPic)

Global $tRandom = DllStructCreate("dword")
Global $pRandom = DllStructGetPtr($tRandom)

GUISetState()


Global $aRtlRandomEx = DllCall("kernel32.dll", "ptr", "GetProcAddress", "ptr", _WinAPI_GetModuleHandle("ntdll.dll"), "str", "RtlRandomEx")
Global $pRtlRandomEx = $aRtlRandomEx[0]

Global $aRtlMoveMemory = DllCall("kernel32.dll", "ptr", "GetProcAddress", "ptr", _WinAPI_GetModuleHandle("kernel32.dll"), "str", "RtlMoveMemory")
Global $pRtlMoveMemory = $aRtlMoveMemory[0]

Global $aSendMessageW = DllCall("kernel32.dll", "ptr", "GetProcAddress", "ptr", _WinAPI_GetModuleHandle("user32.dll"), "str", "SendMessageW")
Global $pSendMessageW = $aSendMessageW[0]

Global $aDeleteObject = DllCall("kernel32.dll", "ptr", "GetProcAddress", "ptr", _WinAPI_GetModuleHandle("gdi32.dll"), "str", "DeleteObject")
Global $pDeleteObject = $aDeleteObject[0]

Global $aCreateBitmap = DllCall("kernel32.dll", "ptr", "GetProcAddress", "ptr", _WinAPI_GetModuleHandle("gdi32.dll"), "str", "CreateBitmap")
Global $pCreateBitmap = $aCreateBitmap[0]

Global $pRemoteCode = _MemVirtualAlloc(0, 512, $MEM_COMMIT, $PAGE_EXECUTE_READWRITE)

Local $tCodeBuffer = DllStructCreate("byte[512]", $pRemoteCode)

#Region Assemply
 DllStructSetData($tCodeBuffer, 1, _
            "0x" & _
            "33DB" & _                                            ; xor ebx, ebx
            "68" & SwapEndian($pRandom) & _                          ; push $pRandom
            "B8" & SwapEndian($pRtlRandomEx) & _                     ; mov eax, RtlRandomEx
            "FFD0" & _                                            ; call eax
            "8BCB" & _                                            ; mov ecx, ebx
            "69C9" & SwapEndian(4) & _                            ; imul ecx, 4
            "81C1" & SwapEndian($pBits) & _                          ; add ecx, $pBits
            "68" & SwapEndian(3) & _                                 ; push 3 bytes
            "68" & SwapEndian($pRandom) & _                          ; push $pRandom
            "51" & _                                                 ; push ecx
            "B8" & SwapEndian($pRtlMoveMemory) & _                ; mov eax, RtlMoveMemory
            "FFD0" & _                                            ; call eax
            "43" & _                                                 ; inc ebx
            "81FB" & SwapEndian($iSize) & _                          ; cmp ebx, $iSize; <- compare ebx with $iSize
            "75" & Hex(256 - 53, 2) & _                              ; jne -53 bytes; <- this is saying go back and do it again if not equal
            "68" & SwapEndian($pBits) & _                            ; push $pBits
            "68" & SwapEndian(32) & _                                ; push BitsPerPel
            "68" & SwapEndian(1) & _                                 ; push Planes
            "68" & SwapEndian($iHeight) & _                          ; push $iHeight
            "68" & SwapEndian($iWidth) & _                        ; push $iWidth
            "B8" & SwapEndian($pCreateBitmap) & _                    ; mov eax, CreateBitmap
            "FFD0" & _                                            ; call eax
            "50" & _                                                 ; push eax
            "68" & SwapEndian(0) & _                                 ; push IMAGE_BITMAP
            "68" & SwapEndian($STM_SETIMAGE) & _                     ; push STM_SETIMAGE
            "68" & SwapEndian($hPicHandle) & _                    ; push $hPicHandle
            "B8" & SwapEndian($pSendMessageW) & _                    ; mov eax, SendMessageW
            "FFD0" & _                                            ; call eax
            "50" & _                                                 ; push eax
            "B8" & SwapEndian($pDeleteObject) & _                    ; mov eax, DeleteObject
            "FFD0" & _                                            ; call eax
            "C3" _                                                ; ret
            )
#EndRegion Assembly

While 1

    #region Assembly

   

    DllCall("user32.dll", "int", "CallWindowProcW", _
            "ptr", $pRemoteCode, _
            "int", 0, _
            "int", 0, _
            "int", 0, _
            "int", 0)

    #endregion Assembly

    Sleep(10)

WEnd



Func SwapEndian($iValue)
    Return Hex(Binary($iValue))
EndFunc ;==>SwapEndian


Func _Quit()
    Exit
EndFunc ;==>_Quit

//Edit: does this work on x64 ?

Edited by ProgAndy

*GERMAN* [note: you are not allowed to remove author / modified info from my UDFs]My UDFs:[_SetImageBinaryToCtrl] [_TaskDialog] [AutoItObject] [Animated GIF (GDI+)] [ClipPut for Image] [FreeImage] [GDI32 UDFs] [GDIPlus Progressbar] [Hotkey-Selector] [Multiline Inputbox] [MySQL without ODBC] [RichEdit UDFs] [SpeechAPI Example] [WinHTTP]UDFs included in AutoIt: FTP_Ex (as FTPEx), _WinAPI_SetLayeredWindowAttributes

Posted

It will be faster when you move the DLLstructSetData out of the loop:

; by trancexx
#include <GUIConstantsEx.au3>
#include <Memory.au3>

Opt("GUIOnEventMode", 1)

Global Const $STM_SETIMAGE = 370

Global Const $iWidth = 810
Global Const $iHeight = 470

GUICreate("", $iWidth, $iHeight)
GUISetOnEvent(-3, "_Quit")
GUISetBkColor(0)

Global $hPic = GUICtrlCreatePic("", 0, 0, $iWidth, $iHeight)

Global $iSize = $iWidth * $iHeight
Global $tBits = DllStructCreate("int[" & $iSize & "]")
Global $pBits = DllStructGetPtr($tBits)


Global $hBitmap, $aCall, $iHMsg
Global $hPicHandle = GUICtrlGetHandle($hPic)

Global $tRandom = DllStructCreate("dword")
Global $pRandom = DllStructGetPtr($tRandom)

GUISetState()


Global $aRtlRandomEx = DllCall("kernel32.dll", "ptr", "GetProcAddress", "ptr", _WinAPI_GetModuleHandle("ntdll.dll"), "str", "RtlRandomEx")
Global $pRtlRandomEx = $aRtlRandomEx[0]

Global $aRtlMoveMemory = DllCall("kernel32.dll", "ptr", "GetProcAddress", "ptr", _WinAPI_GetModuleHandle("kernel32.dll"), "str", "RtlMoveMemory")
Global $pRtlMoveMemory = $aRtlMoveMemory[0]

Global $aSendMessageW = DllCall("kernel32.dll", "ptr", "GetProcAddress", "ptr", _WinAPI_GetModuleHandle("user32.dll"), "str", "SendMessageW")
Global $pSendMessageW = $aSendMessageW[0]

Global $aDeleteObject = DllCall("kernel32.dll", "ptr", "GetProcAddress", "ptr", _WinAPI_GetModuleHandle("gdi32.dll"), "str", "DeleteObject")
Global $pDeleteObject = $aDeleteObject[0]

Global $aCreateBitmap = DllCall("kernel32.dll", "ptr", "GetProcAddress", "ptr", _WinAPI_GetModuleHandle("gdi32.dll"), "str", "CreateBitmap")
Global $pCreateBitmap = $aCreateBitmap[0]

Global $pRemoteCode = _MemVirtualAlloc(0, 512, $MEM_COMMIT, $PAGE_EXECUTE_READWRITE)

Local $tCodeBuffer = DllStructCreate("byte[512]", $pRemoteCode)

#Region Assemply
 DllStructSetData($tCodeBuffer, 1, _
            "0x" & _
            "33DB" & _                                            ; xor ebx, ebx
            "68" & SwapEndian($pRandom) & _                          ; push $pRandom
            "B8" & SwapEndian($pRtlRandomEx) & _                     ; mov eax, RtlRandomEx
            "FFD0" & _                                            ; call eax
            "8BCB" & _                                            ; mov ecx, ebx
            "69C9" & SwapEndian(4) & _                            ; imul ecx, 4
            "81C1" & SwapEndian($pBits) & _                          ; add ecx, $pBits
            "68" & SwapEndian(3) & _                                 ; push 3 bytes
            "68" & SwapEndian($pRandom) & _                          ; push $pRandom
            "51" & _                                                 ; push ecx
            "B8" & SwapEndian($pRtlMoveMemory) & _                ; mov eax, RtlMoveMemory
            "FFD0" & _                                            ; call eax
            "43" & _                                                 ; inc ebx
            "81FB" & SwapEndian($iSize) & _                          ; cmp ebx, $iSize; <- compare ebx with $iSize
            "75" & Hex(256 - 53, 2) & _                              ; jne -53 bytes; <- this is saying go back and do it again if not equal
            "68" & SwapEndian($pBits) & _                            ; push $pBits
            "68" & SwapEndian(32) & _                                ; push BitsPerPel
            "68" & SwapEndian(1) & _                                 ; push Planes
            "68" & SwapEndian($iHeight) & _                          ; push $iHeight
            "68" & SwapEndian($iWidth) & _                        ; push $iWidth
            "B8" & SwapEndian($pCreateBitmap) & _                    ; mov eax, CreateBitmap
            "FFD0" & _                                            ; call eax
            "50" & _                                                 ; push eax
            "68" & SwapEndian(0) & _                                 ; push IMAGE_BITMAP
            "68" & SwapEndian($STM_SETIMAGE) & _                     ; push STM_SETIMAGE
            "68" & SwapEndian($hPicHandle) & _                    ; push $hPicHandle
            "B8" & SwapEndian($pSendMessageW) & _                    ; mov eax, SendMessageW
            "FFD0" & _                                            ; call eax
            "50" & _                                                 ; push eax
            "B8" & SwapEndian($pDeleteObject) & _                    ; mov eax, DeleteObject
            "FFD0" & _                                            ; call eax
            "C3" _                                                ; ret
            )
#EndRegion Assembly

While 1

    #region Assembly

   

    DllCall("user32.dll", "int", "CallWindowProcW", _
            "ptr", $pRemoteCode, _
            "int", 0, _
            "int", 0, _
            "int", 0, _
            "int", 0)

    #endregion Assembly

    Sleep(10)

WEnd



Func SwapEndian($iValue)
    Return Hex(Binary($iValue))
EndFunc ;==>SwapEndian


Func _Quit()
    Exit
EndFunc ;==>_Quit

//Edit: does this work on x64 ?

So my question was legitime :D

thx ProgAndy, i understand better the code now.

-- Arck System _ Soon -- Ideas make everything

"La critique est facile, l'art est difficile"

Projects :

[list] [*]Au3Service : Run your exe as service V3 / Updated 29/07/2013 Get it Here [/list]
Posted

:D what was I thinking?!

@arcker, legitimateness of your question was never questioned, I'm sure. Much like the fallacy of imposed bifurcation :D

About 64bit systems. I guess that shouldn't be the problem (as BrettF confirmed) since it's processor related thing (not system). And 64 bit processors also must be able to process these instructions.

♡♡♡

.

eMyvnE

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...