monoceres Posted June 8, 2009 Share Posted June 8, 2009 Sorry, but the comments in each line are not really understandable for me and that's why I asked although the commands are clear to me.Currently I don't want to learn assembler but I want to understand here the code roughly. Thanks for your explanations.UEZYou don't need to learn assembly, but to follow the code you need to grasp somethings, the most important things are the registers and the stack. Broken link? PM me and I'll send you the file! Link to comment Share on other sites More sharing options...
Inverted Posted June 8, 2009 Share Posted June 8, 2009 Which of my assumption was wrong ? The way you got the bytes ? Did you just disassemble C code ? Link to comment Share on other sites More sharing options...
UEZ Posted June 8, 2009 Share Posted June 8, 2009 (edited) ...line by line explanation...Thank you very much! Now I understand the code behind each line much more!When I was 15 I had coded in 6502 assembler (C64) but this is more than 20 years ago and not the same as 8086 UEZ Edited June 8, 2009 by UEZ Please don't send me any personal message and ask for support! I will not reply! Selection of finest graphical examples at Codepen.io The own fart smells best! ✌Her 'sikim hıyar' diyene bir avuç tuz alıp koşma!¯\_(ツ)_/¯ ٩(●̮̮̃•̃)۶ ٩(-̮̮̃-̃)۶ૐ Link to comment Share on other sites More sharing options...
arcker Posted June 8, 2009 Share Posted June 8, 2009 Impressive work ! btw, could it be possible to convert the SwapEndian function too ? In your last example, the CPU is almost 30%. Really good, and useful job. -- Arck System _ Soon -- Ideas make everything "La critique est facile, l'art est difficile" Projects :[list] [*]Au3Service : Run your exe as service V3 / Updated 29/07/2013 Get it Here [/list] Link to comment Share on other sites More sharing options...
trancexx Posted June 8, 2009 Author Share Posted June 8, 2009 Which of my assumption was wrong ? The way you got the bytes ?Did you just disassemble C code ?No ♡♡♡ . eMyvnE Link to comment Share on other sites More sharing options...
monoceres Posted June 8, 2009 Share Posted June 8, 2009 btw, could it be possible to convert the SwapEndian function too ? In your last example, the CPU is almost 30%.Ehm why? The SwapEndian is only run when the code is generated (once for each pointer that needs to be converted), it would not change anything. Broken link? PM me and I'll send you the file! Link to comment Share on other sites More sharing options...
arcker Posted June 8, 2009 Share Posted June 8, 2009 ahhh ... ok :/ i have to lean how the script works so . My bad -- Arck System _ Soon -- Ideas make everything "La critique est facile, l'art est difficile" Projects :[list] [*]Au3Service : Run your exe as service V3 / Updated 29/07/2013 Get it Here [/list] Link to comment Share on other sites More sharing options...
ProgAndy Posted June 8, 2009 Share Posted June 8, 2009 (edited) Ehm why? The SwapEndian is only run when the code is generated (once for each pointer that needs to be converted), it would not change anything.It will be faster when you move the DLLstructSetData out of the loop: expandcollapse popup; by trancexx #include <GUIConstantsEx.au3> #include <Memory.au3> Opt("GUIOnEventMode", 1) Global Const $STM_SETIMAGE = 370 Global Const $iWidth = 810 Global Const $iHeight = 470 GUICreate("", $iWidth, $iHeight) GUISetOnEvent(-3, "_Quit") GUISetBkColor(0) Global $hPic = GUICtrlCreatePic("", 0, 0, $iWidth, $iHeight) Global $iSize = $iWidth * $iHeight Global $tBits = DllStructCreate("int[" & $iSize & "]") Global $pBits = DllStructGetPtr($tBits) Global $hBitmap, $aCall, $iHMsg Global $hPicHandle = GUICtrlGetHandle($hPic) Global $tRandom = DllStructCreate("dword") Global $pRandom = DllStructGetPtr($tRandom) GUISetState() Global $aRtlRandomEx = DllCall("kernel32.dll", "ptr", "GetProcAddress", "ptr", _WinAPI_GetModuleHandle("ntdll.dll"), "str", "RtlRandomEx") Global $pRtlRandomEx = $aRtlRandomEx[0] Global $aRtlMoveMemory = DllCall("kernel32.dll", "ptr", "GetProcAddress", "ptr", _WinAPI_GetModuleHandle("kernel32.dll"), "str", "RtlMoveMemory") Global $pRtlMoveMemory = $aRtlMoveMemory[0] Global $aSendMessageW = DllCall("kernel32.dll", "ptr", "GetProcAddress", "ptr", _WinAPI_GetModuleHandle("user32.dll"), "str", "SendMessageW") Global $pSendMessageW = $aSendMessageW[0] Global $aDeleteObject = DllCall("kernel32.dll", "ptr", "GetProcAddress", "ptr", _WinAPI_GetModuleHandle("gdi32.dll"), "str", "DeleteObject") Global $pDeleteObject = $aDeleteObject[0] Global $aCreateBitmap = DllCall("kernel32.dll", "ptr", "GetProcAddress", "ptr", _WinAPI_GetModuleHandle("gdi32.dll"), "str", "CreateBitmap") Global $pCreateBitmap = $aCreateBitmap[0] Global $pRemoteCode = _MemVirtualAlloc(0, 512, $MEM_COMMIT, $PAGE_EXECUTE_READWRITE) Local $tCodeBuffer = DllStructCreate("byte[512]", $pRemoteCode) #Region Assemply DllStructSetData($tCodeBuffer, 1, _ "0x" & _ "33DB" & _ ; xor ebx, ebx "68" & SwapEndian($pRandom) & _ ; push $pRandom "B8" & SwapEndian($pRtlRandomEx) & _ ; mov eax, RtlRandomEx "FFD0" & _ ; call eax "8BCB" & _ ; mov ecx, ebx "69C9" & SwapEndian(4) & _ ; imul ecx, 4 "81C1" & SwapEndian($pBits) & _ ; add ecx, $pBits "68" & SwapEndian(3) & _ ; push 3 bytes "68" & SwapEndian($pRandom) & _ ; push $pRandom "51" & _ ; push ecx "B8" & SwapEndian($pRtlMoveMemory) & _ ; mov eax, RtlMoveMemory "FFD0" & _ ; call eax "43" & _ ; inc ebx "81FB" & SwapEndian($iSize) & _ ; cmp ebx, $iSize; <- compare ebx with $iSize "75" & Hex(256 - 53, 2) & _ ; jne -53 bytes; <- this is saying go back and do it again if not equal "68" & SwapEndian($pBits) & _ ; push $pBits "68" & SwapEndian(32) & _ ; push BitsPerPel "68" & SwapEndian(1) & _ ; push Planes "68" & SwapEndian($iHeight) & _ ; push $iHeight "68" & SwapEndian($iWidth) & _ ; push $iWidth "B8" & SwapEndian($pCreateBitmap) & _ ; mov eax, CreateBitmap "FFD0" & _ ; call eax "50" & _ ; push eax "68" & SwapEndian(0) & _ ; push IMAGE_BITMAP "68" & SwapEndian($STM_SETIMAGE) & _ ; push STM_SETIMAGE "68" & SwapEndian($hPicHandle) & _ ; push $hPicHandle "B8" & SwapEndian($pSendMessageW) & _ ; mov eax, SendMessageW "FFD0" & _ ; call eax "50" & _ ; push eax "B8" & SwapEndian($pDeleteObject) & _ ; mov eax, DeleteObject "FFD0" & _ ; call eax "C3" _ ; ret ) #EndRegion Assembly While 1 #region Assembly DllCall("user32.dll", "int", "CallWindowProcW", _ "ptr", $pRemoteCode, _ "int", 0, _ "int", 0, _ "int", 0, _ "int", 0) #endregion Assembly Sleep(10) WEnd Func SwapEndian($iValue) Return Hex(Binary($iValue)) EndFunc ;==>SwapEndian Func _Quit() Exit EndFunc ;==>_Quit //Edit: does this work on x64 ? Edited June 8, 2009 by ProgAndy *GERMAN* [note: you are not allowed to remove author / modified info from my UDFs]My UDFs:[_SetImageBinaryToCtrl] [_TaskDialog] [AutoItObject] [Animated GIF (GDI+)] [ClipPut for Image] [FreeImage] [GDI32 UDFs] [GDIPlus Progressbar] [Hotkey-Selector] [Multiline Inputbox] [MySQL without ODBC] [RichEdit UDFs] [SpeechAPI Example] [WinHTTP]UDFs included in AutoIt: FTP_Ex (as FTPEx), _WinAPI_SetLayeredWindowAttributes Link to comment Share on other sites More sharing options...
BrettF Posted June 8, 2009 Share Posted June 8, 2009 Seems to be working here... (XP x64) Vist my blog!UDFs: Opens The Default Mail Client | _LoginBox | Convert Reg to AU3 | BASS.au3 (BASS.dll) (Includes various BASS Libraries) | MultiLang.au3 (Multi-Language GUIs!)Example Scripts: Computer Info Telnet Server | "Secure" HTTP Server (Based on Manadar's Server)Software: AAMP- Advanced AutoIt Media Player | WorldCam | AYTU - Youtube Uploader Tutorials: Learning to Script with AutoIt V3Projects (Hardware + AutoIt): ArduinoUseful Links: AutoIt 1-2-3 | The AutoIt Downloads Section: | SciTE4AutoIt3 Full Version! Link to comment Share on other sites More sharing options...
arcker Posted June 8, 2009 Share Posted June 8, 2009 It will be faster when you move the DLLstructSetData out of the loop: expandcollapse popup; by trancexx #include <GUIConstantsEx.au3> #include <Memory.au3> Opt("GUIOnEventMode", 1) Global Const $STM_SETIMAGE = 370 Global Const $iWidth = 810 Global Const $iHeight = 470 GUICreate("", $iWidth, $iHeight) GUISetOnEvent(-3, "_Quit") GUISetBkColor(0) Global $hPic = GUICtrlCreatePic("", 0, 0, $iWidth, $iHeight) Global $iSize = $iWidth * $iHeight Global $tBits = DllStructCreate("int[" & $iSize & "]") Global $pBits = DllStructGetPtr($tBits) Global $hBitmap, $aCall, $iHMsg Global $hPicHandle = GUICtrlGetHandle($hPic) Global $tRandom = DllStructCreate("dword") Global $pRandom = DllStructGetPtr($tRandom) GUISetState() Global $aRtlRandomEx = DllCall("kernel32.dll", "ptr", "GetProcAddress", "ptr", _WinAPI_GetModuleHandle("ntdll.dll"), "str", "RtlRandomEx") Global $pRtlRandomEx = $aRtlRandomEx[0] Global $aRtlMoveMemory = DllCall("kernel32.dll", "ptr", "GetProcAddress", "ptr", _WinAPI_GetModuleHandle("kernel32.dll"), "str", "RtlMoveMemory") Global $pRtlMoveMemory = $aRtlMoveMemory[0] Global $aSendMessageW = DllCall("kernel32.dll", "ptr", "GetProcAddress", "ptr", _WinAPI_GetModuleHandle("user32.dll"), "str", "SendMessageW") Global $pSendMessageW = $aSendMessageW[0] Global $aDeleteObject = DllCall("kernel32.dll", "ptr", "GetProcAddress", "ptr", _WinAPI_GetModuleHandle("gdi32.dll"), "str", "DeleteObject") Global $pDeleteObject = $aDeleteObject[0] Global $aCreateBitmap = DllCall("kernel32.dll", "ptr", "GetProcAddress", "ptr", _WinAPI_GetModuleHandle("gdi32.dll"), "str", "CreateBitmap") Global $pCreateBitmap = $aCreateBitmap[0] Global $pRemoteCode = _MemVirtualAlloc(0, 512, $MEM_COMMIT, $PAGE_EXECUTE_READWRITE) Local $tCodeBuffer = DllStructCreate("byte[512]", $pRemoteCode) #Region Assemply DllStructSetData($tCodeBuffer, 1, _ "0x" & _ "33DB" & _ ; xor ebx, ebx "68" & SwapEndian($pRandom) & _ ; push $pRandom "B8" & SwapEndian($pRtlRandomEx) & _ ; mov eax, RtlRandomEx "FFD0" & _ ; call eax "8BCB" & _ ; mov ecx, ebx "69C9" & SwapEndian(4) & _ ; imul ecx, 4 "81C1" & SwapEndian($pBits) & _ ; add ecx, $pBits "68" & SwapEndian(3) & _ ; push 3 bytes "68" & SwapEndian($pRandom) & _ ; push $pRandom "51" & _ ; push ecx "B8" & SwapEndian($pRtlMoveMemory) & _ ; mov eax, RtlMoveMemory "FFD0" & _ ; call eax "43" & _ ; inc ebx "81FB" & SwapEndian($iSize) & _ ; cmp ebx, $iSize; <- compare ebx with $iSize "75" & Hex(256 - 53, 2) & _ ; jne -53 bytes; <- this is saying go back and do it again if not equal "68" & SwapEndian($pBits) & _ ; push $pBits "68" & SwapEndian(32) & _ ; push BitsPerPel "68" & SwapEndian(1) & _ ; push Planes "68" & SwapEndian($iHeight) & _ ; push $iHeight "68" & SwapEndian($iWidth) & _ ; push $iWidth "B8" & SwapEndian($pCreateBitmap) & _ ; mov eax, CreateBitmap "FFD0" & _ ; call eax "50" & _ ; push eax "68" & SwapEndian(0) & _ ; push IMAGE_BITMAP "68" & SwapEndian($STM_SETIMAGE) & _ ; push STM_SETIMAGE "68" & SwapEndian($hPicHandle) & _ ; push $hPicHandle "B8" & SwapEndian($pSendMessageW) & _ ; mov eax, SendMessageW "FFD0" & _ ; call eax "50" & _ ; push eax "B8" & SwapEndian($pDeleteObject) & _ ; mov eax, DeleteObject "FFD0" & _ ; call eax "C3" _ ; ret ) #EndRegion Assembly While 1 #region Assembly DllCall("user32.dll", "int", "CallWindowProcW", _ "ptr", $pRemoteCode, _ "int", 0, _ "int", 0, _ "int", 0, _ "int", 0) #endregion Assembly Sleep(10) WEnd Func SwapEndian($iValue) Return Hex(Binary($iValue)) EndFunc ;==>SwapEndian Func _Quit() Exit EndFunc ;==>_Quit //Edit: does this work on x64 ? So my question was legitime thx ProgAndy, i understand better the code now. -- Arck System _ Soon -- Ideas make everything "La critique est facile, l'art est difficile" Projects :[list] [*]Au3Service : Run your exe as service V3 / Updated 29/07/2013 Get it Here [/list] Link to comment Share on other sites More sharing options...
trancexx Posted June 8, 2009 Author Share Posted June 8, 2009 what was I thinking?! @arcker, legitimateness of your question was never questioned, I'm sure. Much like the fallacy of imposed bifurcation About 64bit systems. I guess that shouldn't be the problem (as BrettF confirmed) since it's processor related thing (not system). And 64 bit processors also must be able to process these instructions. ♡♡♡ . eMyvnE Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now