Personal Masm64 working code examples

[zugatolom]

Hi all!
In addition to useful Iczelion Tutorial I think it would be useful to publish a section in which small programs masm64 that might be helpful for others.

Simply Loader

Code: [Select]


OPTION DOTNAME

option casemap:none
include temphls.inc
include win64.inc
include kernel32.inc
includelib kernel32.lib
include user32.inc
includelib user32.lib
OPTION PROLOGUE:rbpFramePrologue
OPTION EPILOGUE:rbpFrameEpilogue

.code
WinMain proc
LOCAL TEMP:QWORD ;needed
    invoke CreateProcess, ADDR process, NULL, NULL, NULL, NULL, CREATE_SUSPENDED, NULL, NULL, ADDR Startup, ADDR processinfo
cmp eax, 0
    jne ProcessCreated
invoke MessageBox,0,offset ErrorMessage,offset ErrorTit,0
invoke ExitProcess,0
jmp endLoader

ProcessCreated:

    invoke WriteProcessMemory, processinfo.hProcess, AddressToPatch1, ADDR ReplaceBy, ReplaceSize, byteswritten
invoke ResumeThread, processinfo.hThread
invoke ExitProcess,0
endLoader:
WinMain endp


.data
process db 'yourapp.exe',0
Startup STARTUPINFO <>
processinfo PROCESS_INFORMATION <>
    ErrorTit db "Error:",0
    ErrorMessage db "Process not loaded!",0

AddressToPatch1 qWORD 100XXXXXXh  ;put your address
ReplaceBy db 090h,090h  ;put  your bytes
ReplaceSize qWORD 2

.data?
  byteswritten qWORD ?
end


[Mikl__]

Hi, zugatolom!
Thank you!

[qWord]

small programs masm64 that might be helpful for others.

For which people is it helpful to patch programs in such way?

[Vortex]

Hi zugatolom,

You can check the forum rules :

Legality of content

3. Legality of content is not a negotiable matter in the forum. Assembler programming is mainstream programming and is primarily used by professional programmers who require the performance in specialised areas. Low level coding is both allowed and encouraged but there will be no viral or trojan technology allowed including technical data under the guise of AV technology, no cracking and similar activities in the guise of "Reverse Engineering", no hacking techniques or related technology and no support or help with or reference to pirated software. There will also be no links to pages that support or display any of these or any other illegal areas of coding.

http://masm32.com/board/index.php?topic=4.0

[hutch--]

Hmmmm,

A quick look at the code says its a static address in memory patcher which is not allowed in this forum but it escapes me why its posted in the 64 bit section when it looks like 32 bit code. I don't know what two of the include files are,

Code: [Select]

include temphls.inc
include win64.inc

Maybe for patching 64 bit code ?

[Mikl__]

I don't know what two of the include files are

Hi, hutch--!
two of the include files from site http://dsmhelp.narod.ru/environment.htm I have often referred to this website and is on this occasion there were no issues

[hutch--]

Hi Mikl,

I downloaded the zip file with what looks like a full set of include files and libraries but I am none the wiser as to what you build the example with. It does not look like ML64 notation, is it some technique to bypass the limitations of the 32 bit version of ML.EXE  or is it JWASM code ?

[Mikl__]

Hi, hutch--!
there are include- and lib-files for ml64.exe
The library code written in 64-bit assembler MASM + RadASM
In masm64.zip/include archive has a header file with a set of macros temphls.inc. This is primarily invoke, .if, .elseif, .else, .endif, .while, .repeat and others.

Logical operator	| Meaning
==	|equal
{} Or ~ =	|Not equal
}	|Greater
} = Or =}	|Greater or equal
{	|less
{= Or ={	|less than or equal
&	|Bits Testing
|	|bit installation
&&	|Logical AND
||	|logical OR
CARRY?	|CF Flag Loan/transfer
OVERFLOW?	|OV Overflow flag
PARITY?	|PF flag is the parity bit
SIGN?	|SF sign flag
ZERO?	|ZF flag is equal to zero
CARRY? | ZERO?	|flag combination
~ZERO?&(SIGN?==OVERFLOW?)	|flag combination
SIGN?==OVERFLOW?	|flag combination
SIGN?{}OVERFLOW?	|flag combination
ZERO?|(SIGN?{}OVERFLOW?)	|flag combination

In temphls.inc defined macro invoke, which can handle up to 14 parameters. To call a function with more arguments, you can use a macro invoke14. invoke different from invoke14, so he handles recurring settings for download options uses rbp or rsp register depending on the amount of memory allocated for local variables, using typed constants in size, and instead of addr boot pointers can be used an ampersand

[hutch--]

Hi,


Thanks for that, an ML64 set of include files and libraries built with ML64.EXE