Hi all!
In addition to useful Iczelion Tutorial I think it would be useful to publish a section in which small programs masm64 that might be helpful for others.
Simply Loader
OPTION DOTNAME
option casemap:none
include temphls.inc
include win64.inc
include kernel32.inc
includelib kernel32.lib
include user32.inc
includelib user32.lib
OPTION PROLOGUE:rbpFramePrologue
OPTION EPILOGUE:rbpFrameEpilogue
.code
WinMain proc
LOCAL TEMP:QWORD ;needed
invoke CreateProcess, ADDR process, NULL, NULL, NULL, NULL, CREATE_SUSPENDED, NULL, NULL, ADDR Startup, ADDR processinfo
cmp eax, 0
jne ProcessCreated
invoke MessageBox,0,offset ErrorMessage,offset ErrorTit,0
invoke ExitProcess,0
jmp endLoader
ProcessCreated:
invoke WriteProcessMemory, processinfo.hProcess, AddressToPatch1, ADDR ReplaceBy, ReplaceSize, byteswritten
invoke ResumeThread, processinfo.hThread
invoke ExitProcess,0
endLoader:
WinMain endp
.data
process db 'yourapp.exe',0
Startup STARTUPINFO <>
processinfo PROCESS_INFORMATION <>
ErrorTit db "Error:",0
ErrorMessage db "Process not loaded!",0
AddressToPatch1 qWORD 100XXXXXXh ;put your address
ReplaceBy db 090h,090h ;put your bytes
ReplaceSize qWORD 2
.data?
byteswritten qWORD ?
end
Hi, zugatolom!
Thank you! (http://www.cyberforum.ru/images/smilies/good3.gif)
Quote from: zugatolom on May 12, 2016, 08:53:11 PMsmall programs masm64 that might be helpful for others.
For which people is it helpful to patch programs in such way?
Hi zugatolom,
You can check the forum rules :
QuoteLegality of content
3. Legality of content is not a negotiable matter in the forum. Assembler programming is mainstream programming and is primarily used by professional programmers who require the performance in specialised areas. Low level coding is both allowed and encouraged but there will be no viral or trojan technology allowed including technical data under the guise of AV technology, no cracking and similar activities in the guise of "Reverse Engineering", no hacking techniques or related technology and no support or help with or reference to pirated software. There will also be no links to pages that support or display any of these or any other illegal areas of coding.
http://masm32.com/board/index.php?topic=4.0
Hmmmm,
A quick look at the code says its a static address in memory patcher which is not allowed in this forum but it escapes me why its posted in the 64 bit section when it looks like 32 bit code. I don't know what two of the include files are,
include temphls.inc
include win64.inc
Maybe for patching 64 bit code ?
QuoteI don't know what two of the include files are
Hi,
hutch--!
two of the include files from site
http://dsmhelp.narod.ru/environment.htm (http://dsmhelp.narod.ru/environment.htm) I have often referred to this website and is on this occasion there were no issues
Hi Mikl,
I downloaded the zip file with what looks like a full set of include files and libraries but I am none the wiser as to what you build the example with. It does not look like ML64 notation, is it some technique to bypass the limitations of the 32 bit version of ML.EXE or is it JWASM code ?
Hi,
hutch--!
there are include- and lib-files for ml64.exe
The library code written in 64-bit assembler MASM + RadASM
In masm64.zip/include archive has a header file with a set of macros temphls.inc. This is primarily invoke, .if, .elseif, .else, .endif, .while, .repeat and others.
Logical operator | | Meaning |
== | |equal |
{} Or ~ = | |Not equal |
} | |Greater |
} = Or =} | |Greater or equal |
{ | |less |
{= Or ={ | |less than or equal |
& | |Bits Testing |
| | |bit installation |
&& | |Logical AND |
|| | |logical OR |
CARRY? | |CF Flag Loan/transfer |
OVERFLOW? | |OV Overflow flag |
PARITY? | |PF flag is the parity bit |
SIGN? | |SF sign flag |
ZERO? | |ZF flag is equal to zero |
CARRY? | ZERO? | |flag combination |
~ZERO?&(SIGN?==OVERFLOW?) | |flag combination |
SIGN?==OVERFLOW? | |flag combination |
SIGN?{}OVERFLOW? | |flag combination |
ZERO?|(SIGN?{}OVERFLOW?) | |flag combination |
In
temphls.inc defined macro
invoke, which can handle up to 14 parameters. To call a function with more arguments, you can use a macro invoke14. invoke different from
invoke14, so he handles recurring settings for download options uses rbp or rsp register depending on the amount of memory allocated for local variables, using typed constants in size, and instead of addr boot pointers can be used an ampersand
Hi,
Thanks for that, an ML64 set of include files and libraries built with ML64.EXE