Needs some work

[Magnum]

don't laugh too hard.

It's causing an access violation.

push offset code_to_call

ret

This is what it's supposed to do.

What it does is changes a jump into a return. This code is equivalent to:

jump code_to_call

Code Select Expand


.code

start:


call Check


    fn MessageBox,0,str$(eax),"Title",MB_OK

Good_Boy:



invoke ExitProcess,0


Check proc


push (Good_Boy + 754841h)
mov eax,esp
sub eax,754841h
mov [esp],eax
ret
Check endp



[dedndave]

Code Select Expand

push (Good_Boy + 754841h)
mov eax,[esp]                          ;<-------------

[dedndave]

try this   :P
it's a console app - you have to open a console window
guess i could add inkey - lol

attachment removed

[Magnum]

Thanks.

[Magnum]

I liked your StackFun.

Where do put code that I want to run ?

Andy

[dedndave]

well - the idea was to set up the stack with all the stuff - then execute it
in that example, i had to exit to some inline code in order to store the standard output handle   
i made another one using MessageBox, but that function uses a lot of internal stack space

if you wanted to run other code, you could preserve the original stack pointer from ESP,
then restore it after you run the "pre-initialized stack" code

[Magnum]

Super Dave,

I will look up your info.

Terse is hard for me, I am very guilty of it.

Andy

[qWord]

great guys ... return based programming.
What will be the next malware technique we have to discuss with Magnum?

[dedndave]

i had no malicious intent when i wrote it, i assure you
i was just playing around
but, i'll remove the attachment - wouldn't want to give anyone ideas

[Magnum]

great guys ... return based programming.
What will be the next malware technique we have to discuss with Magnum?

My real name is Andy.

That is a real name, not an alias.

Denken Sie positiv.

The correct definition is anti reversing/anti disassembly.

I have been burned by malware writers.

I have been proactive.

pro·ac·tive or pro-ac·tive  audio  (pr-ktv) KEY

ADJECTIVE:

    Acting in advance to deal with an expected difficulty; anticipatory: proactive steps to prevent terrorism.

I have a good relationship with  those who work to mitigate harmful behavior.

They are less available than they used to be.  :t

[MichaelW]

The correct definition is anti reversing/anti disassembly.

Malware techniques are what they are, regardless of how you use them.

I have a good relationship with those who work to mitigate harmful behavior.

Which harmful behavior, the cracking of applications or the, much more harmful, coding of malware? Seeking help for this sort of thing on an open forum is irresponsible.

ir·re·spon·si·ble adj.
  1. not caring, not having or showing any care for the consequences of personal actions
  2. lacking a sense of responsibility

[Magnum]

None of the above.

It's a shame.

You seem to be an intelligent person who I think seeks the truth and knowledge.

I may be mistaken.

You seem to feel the need to defend others, but it may be misplaced.

I have had disagreements with others, but we have worked things out thru private messages.

I have made mistakes and been banned from forums, but I admitted my mistakes and things are going well in general.

Take care,

Andy

[qWord]

My real name is Andy.

That is a real name, not an alias.

I'm not interested in your real name. If you have a problem with being called "Magnum", there is no way around deleting your account.

Denken Sie positiv.

Dafür gibt es keine Veranlassung.

The correct definition is anti reversing/anti disassembly.
[...]
I have been proactive.

I've got the impression that you (beside script kiddie bomz) are trying to convert this forum into a reverse engineering / malware forum...


BTW, I'm curios what you did send people who respons to your "I can hide files on XP"-thread? - a rootkit?

[Magnum]

i had no malicious intent when i wrote it, i assure you
i was just playing around
but, i'll remove the attachment - wouldn't want to give anyone ideas

Dave, don't be intimated by a very miniscule amount of bullies.

We are doing nothing wrong.

Some people make a free choice to be miserable.

I don't.

It's a free world.

Take care.

Andy

Keep the greasy side down.

[MichaelW]

It's a free world.

There are always restrictions, and ways of forcing compliance.