don't laugh too hard.
It's causing an access violation.
push offset code_to_call
ret
This is what it's supposed to do.
What it does is changes a jump into a return. This code is equivalent to:
jump code_to_call
.code
start:
call Check
fn MessageBox,0,str$(eax),"Title",MB_OK
Good_Boy:
invoke ExitProcess,0
Check proc
push (Good_Boy + 754841h)
mov eax,esp
sub eax,754841h
mov [esp],eax
ret
Check endp
push (Good_Boy + 754841h)
mov eax,[esp] ;<-------------
try this :P
it's a console app - you have to open a console window
guess i could add inkey - lol
attachment removed
Thanks.
I liked your StackFun.
Where do put code that I want to run ?
Andy
well - the idea was to set up the stack with all the stuff - then execute it
in that example, i had to exit to some inline code in order to store the standard output handle :biggrin:
i made another one using MessageBox, but that function uses a lot of internal stack space
if you wanted to run other code, you could preserve the original stack pointer from ESP,
then restore it after you run the "pre-initialized stack" code
Super Dave,
I will look up your info.
Terse is hard for me, I am very guilty of it.
Andy
great guys ... return based programming.
What will be the next malware technique we have to discuss with Magnum?
i had no malicious intent when i wrote it, i assure you
i was just playing around
but, i'll remove the attachment - wouldn't want to give anyone ideas
Quote from: qWord on February 25, 2013, 11:20:58 AM
great guys ... return based programming.
What will be the next malware technique we have to discuss with Magnum?
My real name is Andy.
That is a real name, not an alias.
Denken Sie positiv.
The correct definition is anti reversing/anti disassembly.
I have been burned by malware writers.
I have been proactive.
pro·ac·tive or pro-ac·tive audio (pr-ktv) KEY
ADJECTIVE:
Acting in advance to deal with an expected difficulty; anticipatory: proactive steps to prevent terrorism.
I have a good relationship with those who work to mitigate harmful behavior.
They are less available than they used to be. :t
Quote from: Magnum on February 25, 2013, 12:03:32 PM
The correct definition is anti reversing/anti disassembly.
Malware techniques are what they are, regardless of how you use them.
QuoteI have a good relationship with those who work to mitigate harmful behavior.
Which harmful behavior, the cracking of applications or the, much more harmful, coding of malware? Seeking help for this sort of thing on an open forum is irresponsible.
ir·re·spon·si·ble adj.
1. not caring, not having or showing any care for the consequences of personal actions
2. lacking a sense of responsibility
None of the above.
It's a shame.
You seem to be an intelligent person who I think seeks the truth and knowledge.
I may be mistaken.
You seem to feel the need to defend others, but it may be misplaced.
I have had disagreements with others, but we have worked things out thru private messages.
I have made mistakes and been banned from forums, but I admitted my mistakes and things are going well in general.
Take care,
Andy
Quote from: Magnum on February 25, 2013, 12:03:32 PMMy real name is Andy.
That is a real name, not an alias.
I'm not interested in your real name. If you have a problem with being called "Magnum", there is no way around deleting your account.
Quote from: Magnum on February 25, 2013, 12:03:32 PMDenken Sie positiv.
Dafür gibt es keine Veranlassung.
Quote from: Magnum on February 25, 2013, 12:03:32 PMThe correct definition is anti reversing/anti disassembly.
[...]
I have been proactive.
I've got the impression that you (beside script kiddie bomz) are trying to convert this forum into a reverse engineering / malware forum...
BTW, I'm curios what you did send people who respons to your "I can hide files on XP"-thread? - a rootkit?
Quote from: dedndave on February 25, 2013, 11:32:32 AM
i had no malicious intent when i wrote it, i assure you
i was just playing around
but, i'll remove the attachment - wouldn't want to give anyone ideas
Dave, don't be intimated by a very miniscule amount of bullies.
We are doing nothing wrong.
Some people make a free choice to be miserable.
I don't.
It's a free world.
Take care.
Andy
Keep the greasy side down.
Quote from: Magnum on February 26, 2013, 02:37:05 AM
It's a free world.
There are always restrictions, and ways of forcing compliance.
Quote from: MichaelW on February 26, 2013, 07:43:03 AM
Quote from: Magnum on February 26, 2013, 02:37:05 AM
It's a free world.
There are always restrictions, and ways of forcing compliance.
I choose to ignore your threat.
Best regards,
Andy