News:

Masm32 SDK description, downloads and other helpful links
Message to All Guests
NB: Posting URL's See here: Posted URL Change

Main Menu

Nano

Started by Magnum, March 29, 2013, 10:48:16 AM

Previous topic - Next topic

Magnum

I am trying to figure out what is going on.

Osama


nanojmp macro  jmp_t, __xxx                      ;
       local nano                                ;
nano:  int 3h                                    ; set int 3h
       db jmp_t                                  ; jmp type (see nano.inc)
       dd offset __xxx - offset nano             ; relative displacement added to EIP
endm   

jmp_jz          equ     1
jmp_jnz         equ     2
jmp_jb          equ     3
jmp_jnb         equ     4   
jmp_jmp         equ     5

nanojmp jmp_jz, terminate_process

terminate_process:                               ;
       xor eax, eax                              ;
       push eax                                  ;
       dec eax                                   ;
       push eax                                  ;
       call TerminateProcess   
Take care,
                   Andy

Ubuntu-mate-18.04-desktop-amd64

http://www.goodnewsnetwork.org

dedndave

seems like they need to add 70h to the opcodes   :P

dedndave

i think i get it
there must be an exception handler in the INC file that fixes the opcode for a NEAR branch
they can also use the INT 3 byte to create the branch

Magnum

Super Dave,

The code is some kind of Anti_Reverse_Engineering stuff.

Andy

I post this stuff to slow down the butt_h*ads.

:t

Take care,
                   Andy

Ubuntu-mate-18.04-desktop-amd64

http://www.goodnewsnetwork.org