【类人猿】TC内联汇编库
本帖最后由 楚楚 于 2017-8-30 21:09 编辑TC可以直接内联汇编,这个库是本人初稿,新建个T文件辅助进去即可。此库给大家吃一颗定心丸。TC图色超强,内存一样无比强大。学TC一起放手干吧!
免费无私公开给大家拿去完善。{:4_86:}
function 远程注入数据(Hwnd,字节集)
字节集=字节集&" C3"
var size_Str=strlen(strreplace(字节集," ",""))+20
var addr= (申请指定窗口内存空间(Hwnd,size_Str))
//调试输出(strformat("%x", addr))
写data(Hwnd,addr,字节集)
var PID=根据窗口句柄获取进程pid(Hwnd)
var 进程句柄=dllcall("kernel32.dll","long","OpenProcess","int",2035711,"int",0,"int",PID)
var RetValue=dllcall("kernel32.dll","long","CreateRemoteThread","DWROD",进程句柄,"int",0,"int",0,"DWROD",addr,"DWROD",0,"DWROD",0,"DWROD",0)
end
function 申请指定窗口内存空间(Hwnd,size)
var PID=根据窗口句柄获取进程pid(Hwnd)
var 进程句柄=dllcall("kernel32.dll","long","OpenProcess","int",2035711,"int",0,"int",PID)
var Addr=dllcall("kernel32.dll","long","VirtualAllocEx","long",进程句柄,"int",0,"long",size,"long",4096,"int",64)
return Addr
end
function 写Unicode(Hwnd,addr,Str_Unicode)
var UnicodeStr=""
var len=strlen(Str_Unicode)
var StrValue
var AddValue=0
for(var i = 0; i < len; i++)
StrValue=strgetat(Str_Unicode,i)
写2byte(Hwnd,addr+AddValue,StrValue)
AddValue=AddValue+2
end
end
function 写Ascii(Hwnd,addr,Str_Ascii)
var AsciiCode=""
var len=strlen(Str_Ascii)
for(var i = 0; i < len; i++)
AsciiCode = AsciiCode &" "& strformat("%x",strgetat(Str_Ascii,i))
AsciiCode=strtrim(AsciiCode)//去掉两头空格
// 调试输出(AsciiCode)
写data(Hwnd,addr,AsciiCode)
end
end
function 写data(Hwnd,addr,ByteArray)
var Ret=0
var RetArray
var n = strsplit(ByteArray," ",RetArray) //RetArray是返回数组
var VarValue
var PID=information(Hwnd,5)
var 进程句柄
for(var i=0;i <n;i++)
VarValue=进制_十六转十(RetArray)
进程句柄=dllcall("kernel32.dll","long","OpenProcess","int",2035711,"int",0,"int",PID)
// 调试输出("进程句柄:"& 进程句柄)
Ret=dllcall("kernel32.dll","BOOL","WriteProcessMemory","HANDLE",进程句柄,"DWORD*",addr+i,"DWORD*",getvarpointer(VarValue)+8,"int",1,"int*",0)
// 调试输出("写入是否成功: "& Ret)
end
return Ret
//调试输出("坐标是的值是:"& Value)
end
function 写float(Hwnd,addr,value)
var Ret
var VarValue=floattohex(value)
if(value<=4294967295)
var PID=information(Hwnd,5)
var 进程句柄=dllcall("kernel32.dll","long","OpenProcess","int",2035711,"int",0,"int",PID)
traceprint("进程句柄:"& 进程句柄)
Ret=dllcall("kernel32.dll","BOOL","WriteProcessMemory","HANDLE",进程句柄,"DWORD*",addr,"DWORD*",getvarpointer(VarValue)+8,"int",4,"int*",0)
traceprint("写入是否成功: "& Ret)
return Ret
else
return 0
end
end
function 写4byte(Hwnd,addr,value)
var Ret
if(value<=4294967295)
var VarValue=value
var PID=information(Hwnd,5)
var 进程句柄=dllcall("kernel32.dll","long","OpenProcess","int",2035711,"int",0,"int",PID)
// 调试输出("进程句柄:"& 进程句柄)
Ret=dllcall("kernel32.dll","BOOL","WriteProcessMemory","HANDLE",进程句柄,"DWORD*",addr,"DWORD*",getvarpointer(VarValue)+8,"int",4,"int*",0)
// 调试输出("写入是否成功: "& Ret)
return Ret
else
return 0
end
//调试输出("坐标是的值是:"& Value)
end
function 写2byte(Hwnd,addr,value)
var Ret
if(value<=65535)
var VarValue=value
var PID=information(Hwnd,5)
var 进程句柄=dllcall("kernel32.dll","long","OpenProcess","int",2035711,"int",0,"int",PID)
// 调试输出("进程句柄:"& 进程句柄)
Ret=dllcall("kernel32.dll","BOOL","WriteProcessMemory","HANDLE",进程句柄,"DWORD*",addr,"DWORD*",getvarpointer(VarValue)+8,"int",2,"int*",0)
// 调试输出("写入是否成功: "& Ret)
return Ret
else
return 0
end
//调试输出("坐标是的值是:"& Value)
end
function 写byte(Hwnd,addr,value)
var Ret
if(value<=255)
var VarValue=value
var PID=information(Hwnd,5)
var 进程句柄=dllcall("kernel32.dll","long","OpenProcess","int",2035711,"int",0,"int",PID)
traceprint("进程句柄:"& 进程句柄)
Ret=dllcall("kernel32.dll","BOOL","WriteProcessMemory","HANDLE",进程句柄,"DWORD*",addr,"DWORD*",getvarpointer(VarValue)+8,"int",1,"int*",0)
traceprint("写入是否成功: "& Ret)
return Ret
else
return 0
end
//调试输出("坐标是的值是:"& Value)
end
function 读4dword(Hwnd,addr)
var VarValue=0//这个很重要哦,赋值表示他是一个整数型
var PID=information(Hwnd,5)
var 进程句柄=dllcall("kernel32.dll","long","OpenProcess","int",2035711,"int",0,"int",PID)
dllcall("kernel32.dll","BOOL","ReadProcessMemory","HANDLE",进程句柄,"DWORD*",addr,"DWORD*",getvarpointer(VarValue)+8,"int",4,"int*",0)
return VarValue
end
function 根据窗口句柄获取进程pid(窗口句柄)
var PID=information(窗口句柄,5)
return PID
end
function 申请本地内存空间(Size)
var 申请本地内存指针
申请本地内存指针=dllcall("kernel32.dll","DWROD","LocalAlloc","DWORD",0,"DWORD",Size)//第一个参数为0即可,第二个参数是4字节数
return 申请本地内存指针
end
function 获取本地内存指针大小(内存指针)
var Size
Size=dllcall("kernel32.dll","DWROD","LocalSize","DWORD",内存指针)//这个是读取内存空间的大小
return Size
end
function 释放本地内存指针(内存指针)//==============返回值是0的话就成功
var RetValue
RetValue=dllcall("kernel32.dll","DWROD","LocalFree","HLOCAL",内存指针)//第一个参数为0即可,第二个参数是4字节数
return RetValue
end
function 进制_十六转十(十六进制文本)//传进去的二进制必须为文本型
var i,数组文本,临时文本,计算结果
数组文本 = "0123456789ABCDEF"
临时文本 = struppercase(十六进制文本)
for(i = 0; i < strlen(十六进制文本); i++)
计算结果 = 计算结果 * 16 + strfind(数组文本,strsub(临时文本,i,i+1))
end
return 计算结果
end
function 进制_十转十六(十进制数值)
var 余数,计算结果
var 余数数组 = array("0", "1", "2", "3", "4", "5", "6", "7", "8", "9", "A", "B", "C", "D", "E", "F")
while(十进制数值 >= 0)
余数 = 十进制数值 % 16
计算结果 = 余数数组[余数] & 计算结果
十进制数值 = (十进制数值 - 余数) / 16
if(十进制数值 <= 0)
break
end
end
return (计算结果)
end
function 进制_十转二(十进制数值)
var 余数,计算结果
while(十进制数值 > 1)
余数 = 十进制数值 % 2
十进制数值 = cint(十进制数值 / 2)
计算结果 = cstring(余数) & 计算结果
end
计算结果 = cstring(十进制数值) & 计算结果
return 计算结果
end
function 进制_二转十(二进制文本数据)//传进去的二进制必须为文本型
var i,计算结果
for(i = 0; i < strlen(二进制文本数据); i++)
if(cint(strsub(二进制文本数据,i,i+1)) < 10)
计算结果 = 计算结果 + cint(strsub(二进制文本数据,i,i+1)) * mpow(2,strlen(二进制文本数据) - i - 1)
end
end
return 计算结果
end
功能 进制_双精度浮点转16(双精度数值)
变量 VarValue1=0 //初始化
变量 VarValue2=0 //初始化
变量 varrvalue=""
变量 双精度数值地址=获取变量地址(双精度数值)
// 消息框(字符串格式化( "%X",双精度数值地址))
动态库调用("kernel32.dll","VOID","RtlMoveMemory","DWORD*",获取变量指针(VarValue1)+8,"VOID*",双精度数值地址,"DWORD",4)
VarValue1=字符串格式化( "%X",VarValue1)
// 消息框(VarValue1)
动态库调用("kernel32.dll","VOID","RtlMoveMemory","DWORD*",获取变量指针(VarValue2)+8,"DWORD*",双精度数值地址+4 ,"DWORD",4)
VarValue2=字符串格式化( "%X",VarValue2)
// 消息框(VarValue2)
varrvalue=VarValue2 & VarValue1
// 消息框 (varrvalue)
如果 (字符串长度(varrvalue)==9)
varrvalue=varrvalue & "00000000"
返回 varrvalue
否则如果 (字符串长度(varrvalue)==16 )
返回 varrvalue
否则如果 (字符串长度(varrvalue)==2)
varrvalue="0"
返回 varrvalue
结束
结束
function W_GetCode()
W_GetCode = PublicCode
end
function W_HighAndLow(Value , n) //高低位互换,n的值为2/4/8
var tmp1 , tmp2 , i,LenStr
tmp1 = strright("0000000"& cstring(strformat("%x",Value)), n) //补位
LenStr=strlen(tmp1)
for(i = 0;i< LenStr / 2 ;i++)
tmp2 =tmp2 &strsub(tmp1, LenStr - 2 - 2 * i, LenStr -2 * i) //逆向排序
end//=======================================这里出错
returntmp2
end
function Leave()
PublicCode = PublicCode & "C9"
end
function Pushad()
PublicCode = PublicCode & "60"
end
function Popad()
PublicCode = PublicCode & "61"
end
function Nop()
PublicCode = PublicCode & "90"
end
function Ret()
PublicCode = PublicCode & "C3"
end
function Retn(i)//这个是新加的
PublicCode = PublicCode & "C2"& W_HighAndLow(i, 4)
end
function RetA(i )
PublicCode = PublicCode & W_HighAndLow(i, 4)
end
function IN_AL_DX()
PublicCode = PublicCode & "EC"
end
function TEST_EAX_EAX()
PublicCode = PublicCode & "85C0"
end
//'Add
//'&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&
function Add_EAX_EDX()
PublicCode = PublicCode & "03C2"
end
function Add_EBX_EAX()
PublicCode = PublicCode & "03D8"
end
function Add_EAX_DWORD_Ptr(i )
PublicCode = PublicCode & "0305" & W_HighAndLow(i, 8)
end
function Add_EBX_DWORD_Ptr(i )
PublicCode = PublicCode & "031D" & W_HighAndLow(i, 8)
end
function Add_EBP_DWORD_Ptr(i )
PublicCode = PublicCode & "032D" & W_HighAndLow(i, 8)
end
function Add_EAX(i )
PublicCode = PublicCode & "05" & W_HighAndLow(i, 8)
end
function Add_EBX(i )
PublicCode = PublicCode & "83C3" & W_HighAndLow(i, 8)
end
function Add_ECX(i )
PublicCode = PublicCode & "83C1" & W_HighAndLow(i, 8)
end
function Add_EDX(i )
PublicCode = PublicCode & "83C2" & W_HighAndLow(i, 8)
end
function Add_ESI(i )
PublicCode = PublicCode & "83C6" & W_HighAndLow(i, 8)
end
function Add_ESP(i )
PublicCode = PublicCode & "83C4" & W_HighAndLow(i, 8)
end
//'Call
//'&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&
function Call_EAX()
PublicCode = PublicCode & "FFD0"
end
function Call_EBX()
PublicCode = PublicCode & "FFD3"
end
function Call_ECX()
PublicCode = PublicCode & "FFD1"
end
function Call_EDX()
PublicCode = PublicCode & "FFD2"
end
function Call_ESI()
PublicCode = PublicCode & "FFD6"
end
function Call_ESP()
PublicCode = PublicCode & "FFD4"
end
function Call_EBP()
PublicCode = PublicCode & "FFD5"
end
function Call_EDI()
PublicCode = PublicCode & "FFD7"
end
function Call_DWORD_Ptr_Addr(i )
PublicCode = PublicCode & "FF15" & W_HighAndLow(i, 8)
end
//function Call_DWORD_Ptr_Value(i ) //这个是新加进去的,这个时候错误的
//PublicCode = PublicCode & "E8" & W_HighAndLow(i, 8)
//end
function Call_DWORD_Ptr_EAX()
PublicCode = PublicCode & "FF10"
end
function Call_DWORD_Ptr_EBX()
PublicCode = PublicCode & "FF13"
end
//'Cmp
//'&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&
function Cmp_EAX(i)
if((i<= 255) && (i >= 0))
PublicCode = PublicCode & "83F8" & W_HighAndLow(i, 2)
else
PublicCode = PublicCode & "3D" & W_HighAndLow(i, 8)
end
end
function Cmp_EAX_EDX()
PublicCode = PublicCode & "3BC2"
end
function Cmp_EAX_DWORD_Ptr(i )
PublicCode = PublicCode & "3B05" & W_HighAndLow(i, 8)
end
function Cmp_DWORD_Ptr_EAX(i )
PublicCode = PublicCode & "3905" & W_HighAndLow(i, 8)
end
//'DEC
//'&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&
function Dec_EAX()
PublicCode = PublicCode & "48"
end
function Dec_EBX()
PublicCode = PublicCode & "4B"
end
function Dec_ECX()
PublicCode = PublicCode & "49"
end
function Dec_EDX()
PublicCode = PublicCode & "4A"
end
//'Idiv
//'&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&
function Idiv_EAX()
PublicCode = PublicCode & "F7F8"
end
function Idiv_EBX()
PublicCode = PublicCode & "F7FB"
end
function Idiv_ECX()
PublicCode = PublicCode & "F7F9"
end
function Idiv_EDX()
PublicCode = PublicCode & "F7FA"
end
//'Imul
//'&&&&&&&
//&&&&&&&&&&&&&&&&&&&&&&&&&&&&
function Imul_EAX_EDX()
PublicCode = PublicCode & "0FAFC2"
end
function Imul_EAX(i )
PublicCode = PublicCode & "6BC0" & W_HighAndLow(i, 2)
end
function ImulB_EAX(i )
PublicCode = PublicCode & "69C0" & W_HighAndLow(i, 8)
end
//'INC
//'&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&
function Inc_EAX()
PublicCode = PublicCode & "40"
end
function Inc_EBX()
PublicCode = PublicCode & "43"
end
function Inc_ECX()
PublicCode = PublicCode & "41"
end
function Inc_EDX()
PublicCode = PublicCode & "42"
end
function Inc_EDI()
PublicCode = PublicCode & "47"
end
function Inc_ESI()
PublicCode = PublicCode & "46"
end
function Inc_DWORD_Ptr_EAX()
PublicCode = PublicCode & "FF00"
end
function Inc_DWORD_Ptr_EBX()
PublicCode = PublicCode & "FF03"
end
function Inc_DWORD_Ptr_ECX()
PublicCode = PublicCode & "FF01"
end
function Inc_DWORD_Ptr_EDX()
PublicCode = PublicCode & "FF02"
end
//'JMP/JE/JNE
//'&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&
function JMP_EAX()
PublicCode = PublicCode & "FFE0"
end
//'Mov
function Mov_DWORD_Ptr_Addr_EAX(i)
PublicCode = PublicCode & "A3" & W_HighAndLow(i, 8)
end
function Mov_DWORD_Ptr_Addr_AL(i)
PublicCode = PublicCode & "A2" & W_HighAndLow(i, 8)
end
function Mov_DWORD_Ptr_Addr_AH(i)
PublicCode = PublicCode & "8825" & W_HighAndLow(i, 8)
end
function Mov_EAX_Value(i )
PublicCode = PublicCode & "B8" & W_HighAndLow(i, 8)
end
function Mov_EBX_Value(i )
PublicCode = PublicCode & "BB" & W_HighAndLow(i, 8)
end
function Mov_ECX_Value(i )
PublicCode = PublicCode & "B9" & W_HighAndLow(i, 8)
end
function Mov_EDX_Value(i )
PublicCode = PublicCode & "BA" & W_HighAndLow(i, 8)
end
function Mov_ESI_Value(i )
PublicCode = PublicCode & "BE" & W_HighAndLow(i, 8)
end
function Mov_ESP_Value(i )
PublicCode = PublicCode & "BC" & W_HighAndLow(i, 8)
end
function Mov_EBP_Value(i )
PublicCode = PublicCode & "BD" & W_HighAndLow(i, 8)
end
function Mov_EDI_Value(i )
PublicCode = PublicCode & "BF" & W_HighAndLow(i, 8)
end
function Mov_EBX_DWORD_Ptr(i )
PublicCode = PublicCode & "8B1D" & W_HighAndLow(i, 8)
end
function Mov_ECX_DWORD_Ptr_Addr(i )
PublicCode = PublicCode & "8B0D" & W_HighAndLow(i, 8)
end
function Mov_EAX_DWORD_Ptr_Addr(i )
PublicCode = PublicCode & "A1" & W_HighAndLow(i, 8)
end
function Mov_EDX_DWORD_Ptr_Addr(i )
PublicCode = PublicCode & "8B15" & W_HighAndLow(i, 8)
end
function Mov_ESI_DWORD_Ptr_Addr(i )
PublicCode = PublicCode & "8B35" & W_HighAndLow(i, 8)
end
function Mov_ESP_DWORD_Ptr_Addr(i )
PublicCode = PublicCode & "8B25" & W_HighAndLow(i, 8)
end
function Mov_EBP_DWORD_Ptr_Addr(i )
PublicCode = PublicCode & "8B2D" & W_HighAndLow(i, 8)
end
function Mov_EAX_DWORD_Ptr_EAX()
PublicCode = PublicCode & "8B00"
end
function Mov_EAX_DWORD_Ptr_EBP()
PublicCode = PublicCode & "8B4500"
end
function Mov_EAX_DWORD_Ptr_EBX()
PublicCode = PublicCode & "8B03"
end
function Mov_EAX_DWORD_Ptr_ECX()
PublicCode = PublicCode & "8B01"
end
function Mov_EAX_DWORD_Ptr_EDX()
PublicCode = PublicCode & "8B02"
end
function Mov_EAX_DWORD_Ptr_EDI()
PublicCode = PublicCode & "8B07"
end
function Mov_EAX_DWORD_Ptr_ESP()
PublicCode = PublicCode & "8B0424"
end
function Mov_EAX_DWORD_Ptr_ESI()
PublicCode = PublicCode & "8B06"
end
function Mov_EAX_DWORD_Ptr_EAX_Add(i )
if ((i<= 255) && (i>= 0))
PublicCode = PublicCode & "8B40" & W_HighAndLow(i, 2)
else
PublicCode = PublicCode & "8B80" & W_HighAndLow(i, 8)
end
end
function Mov_EAX_DWORD_Ptr_ESP_Add(i )
if ((i<= 255) && (i>= 0))
PublicCode = PublicCode & "8B4424" & W_HighAndLow(i, 2)
else
PublicCode = PublicCode & "8B8424" & W_HighAndLow(i, 8)
end
end
function Mov_EAX_DWORD_Ptr_EBX_Add(i )
if ((i<= 255) && (i>= 0))
PublicCode = PublicCode & "8B43" & W_HighAndLow(i, 2)
else
PublicCode = PublicCode & "8B83" & W_HighAndLow(i, 8)
end
end
function Mov_EAX_DWORD_Ptr_ECX_Add(i )
if ((i<= 255) && (i>= 0))
PublicCode = PublicCode & "8B41" & W_HighAndLow(i, 2)
else
PublicCode = PublicCode & "8B81" & W_HighAndLow(i, 8)
end
end
function Mov_EAX_DWORD_Ptr_EDX_Add(i )
if ((i<= 255) && (i>= 0))
PublicCode = PublicCode & "8B42" & W_HighAndLow(i, 2)
else
PublicCode = PublicCode & "8B82" & W_HighAndLow(i, 8)
end
end
function Mov_EAX_DWORD_Ptr_EDI_Add(i )
if ((i<= 255) && (i>= 0))
PublicCode = PublicCode & "8B47" & W_HighAndLow(i, 2)
else
PublicCode = PublicCode & "8B87" & W_HighAndLow(i, 8)
end
end
function Mov_EAX_DWORD_Ptr_EBP_Add(i )
if ((i<= 255) && (i>= 0))
PublicCode = PublicCode & "8B45" & W_HighAndLow(i, 2)
else
PublicCode = PublicCode & "8B85" & W_HighAndLow(i, 8)
end
end
function Mov_EAX_DWORD_Ptr_ESI_Add(i )
if ((i<= 255) && (i>= 0))
PublicCode = PublicCode & "8B46" & W_HighAndLow(i, 2)
else
PublicCode = PublicCode & "8B86" & W_HighAndLow(i, 8)
end
end
function Mov_EBX_DWORD_Ptr_EAX_Add(i )
if ((i<= 255) && (i>= 0))
PublicCode = PublicCode & "8B58" & W_HighAndLow(i, 2)
else
PublicCode = PublicCode & "8B98" & W_HighAndLow(i, 8)
end
end
function Mov_EBX_DWORD_Ptr_ESP_Add(i )
if ((i<= 255) && (i>= 0))
PublicCode = PublicCode & "8B5C24" & W_HighAndLow(i, 2)
else
PublicCode = PublicCode & "8B9C24" & W_HighAndLow(i, 8)
end
end
function Mov_EBX_DWORD_Ptr_EBX_Add(i )
if ((i<= 255) && (i>= 0))
PublicCode = PublicCode & "8B5B" & W_HighAndLow(i, 2)
else
PublicCode = PublicCode & "8B9B" & W_HighAndLow(i, 8)
end
end
function Mov_EBX_DWORD_Ptr_ECX_Add(i )
if ((i<= 255) && (i>= 0))
PublicCode = PublicCode & "8B59" & W_HighAndLow(i, 2)
else
PublicCode = PublicCode & "8B99" & W_HighAndLow(i, 8)
end
end
function Mov_EBX_DWORD_Ptr_EDX_Add(i )
if ((i<= 255) && (i>= 0))
PublicCode = PublicCode & "8B5A" & W_HighAndLow(i, 2)
else
PublicCode = PublicCode & "8B9A" & W_HighAndLow(i, 8)
end
end
function Mov_EBX_DWORD_Ptr_EDI_Add(i )
if ((i<= 255) && (i>= 0))
PublicCode = PublicCode & "8B5F" & W_HighAndLow(i, 2)
else
PublicCode = PublicCode & "8B9F" & W_HighAndLow(i, 8)
end
end
function Mov_EBX_DWORD_Ptr_EBP_Add(i )
if ((i<= 255) && (i>= 0))
PublicCode = PublicCode & "8B5D" & W_HighAndLow(i, 2)
else
PublicCode = PublicCode & "8B9D" & W_HighAndLow(i, 8)
end
end
function Mov_EBX_DWORD_Ptr_ESI_Add(i )
if ((i<= 255) && (i>= 0))
PublicCode = PublicCode & "8B5E" & W_HighAndLow(i, 2)
else
PublicCode = PublicCode & "8B9E" & W_HighAndLow(i, 8)
end
end
function Mov_ECX_DWORD_Ptr_EAX_Add(i)//这里出错过
if ((i<= 255) && (i>= 0))
PublicCode = PublicCode & "8B48" & W_HighAndLow(i, 2)
else
PublicCode = PublicCode & "8B88" & W_HighAndLow(i, 8)
end
end
function Mov_ECX_DWORD_Ptr_ESP_Add(i )
if ((i<= 255) && (i>= 0))
PublicCode = PublicCode & "8B4C24" & W_HighAndLow(i, 2)
else
PublicCode = PublicCode & "8B8C24" & W_HighAndLow(i, 8)
end
end
function Mov_ECX_DWORD_Ptr_EBX_Add(i )
if ((i<= 255) && (i>= 0))
PublicCode = PublicCode & "8B4B" & W_HighAndLow(i, 2)
else
PublicCode = PublicCode & "8B8B" & W_HighAndLow(i, 8)
end
end
function Mov_ECX_DWORD_Ptr_ECX_Add(i )
if ((i<= 255) && (i>= 0))
PublicCode = PublicCode & "8B49" & W_HighAndLow(i, 2)
else
PublicCode = PublicCode & "8B89" & W_HighAndLow(i, 8)
end
end
function Mov_ECX_DWORD_Ptr_EDX_Add(i )
if ((i<= 255) && (i>= 0))
PublicCode = PublicCode & "8B4A" & W_HighAndLow(i, 2)
else
PublicCode = PublicCode & "8B8A" & W_HighAndLow(i, 8)
end
end
function Mov_ECX_DWORD_Ptr_EDI_Add(i )
if ((i<= 255) && (i>= 0))
PublicCode = PublicCode & "8B4F" & W_HighAndLow(i, 2)
else
PublicCode = PublicCode & "8B8F" & W_HighAndLow(i, 8)
end
end
function Mov_ECX_DWORD_Ptr_EBP_Add(i )
if ((i<= 255) && (i>= 0))
PublicCode = PublicCode & "8B4D" & W_HighAndLow(i, 2)
else
PublicCode = PublicCode & "8B8D" & W_HighAndLow(i, 8)
end
end
function Mov_ECX_DWORD_Ptr_ESI_Add(i )
if ((i<= 255) && (i>= 0))
PublicCode = PublicCode & "8B4E" & W_HighAndLow(i, 2)
else
PublicCode = PublicCode & "8B8E" & W_HighAndLow(i, 8)
end
end
function Mov_EDX_DWORD_Ptr_EAX_Add(i )
if ((i<= 255) && (i>= 0))
PublicCode = PublicCode & "8B50" & W_HighAndLow(i, 2)
else
PublicCode = PublicCode & "8B90" & W_HighAndLow(i, 8)
end
end
function Mov_EDX_DWORD_Ptr_ESP_Add(i )
if ((i<= 255) && (i>= 0))
PublicCode = PublicCode & "8B5424" & W_HighAndLow(i, 2)
else
PublicCode = PublicCode & "8B9424" & W_HighAndLow(i, 8)
end
end
function Mov_EDX_DWORD_Ptr_EBX_Add(i)
if ((i<= 255) && (i>= 0))
PublicCode = PublicCode & "8B53" & W_HighAndLow(i, 2)
else
PublicCode = PublicCode & "8B93" & W_HighAndLow(i, 8 ) //这里出错过
end
end
function Mov_EDX_DWORD_Ptr_ECX_Add(i )
if ((i<= 255) && (i>= 0))
PublicCode = PublicCode & "8B51" & W_HighAndLow(i, 2)
else
PublicCode = PublicCode & "8B91" & W_HighAndLow(i, 8)
end
end
function Mov_EDX_DWORD_Ptr_EDX_Add(i )
if ((i<= 255) && (i>= 0))
PublicCode = PublicCode & "8B52" & W_HighAndLow(i, 2)
else
PublicCode = PublicCode & "8B92" & W_HighAndLow(i, 8)
end
end
function Mov_EDX_DWORD_Ptr_EDI_Add(i )
if ((i<= 255) && (i>= 0))
PublicCode = PublicCode & "8B57" & W_HighAndLow(i, 2)
else
PublicCode = PublicCode & "8B97" & W_HighAndLow(i, 8)
end
end
function Mov_EDX_DWORD_Ptr_EBP_Add(i )
if ((i<= 255) && (i>= 0))
PublicCode = PublicCode & "8B55" & W_HighAndLow(i, 2)
else
PublicCode = PublicCode & "8B95" & W_HighAndLow(i, 8)
end
end
function Mov_EDX_DWORD_Ptr_ESI_Add(i )
if ((i<= 255) && (i>= 0))
PublicCode = PublicCode & "8B56" & W_HighAndLow(i, 2)
else
PublicCode = PublicCode & "8B96" & W_HighAndLow(i, 8)
end
end
function Mov_EBX_DWORD_Ptr_EAX()
PublicCode = PublicCode & "8B18"
end
function Mov_EBX_DWORD_Ptr_EBP()
PublicCode = PublicCode & "8B5D00"
end
function Mov_EBX_DWORD_Ptr_EBX()
PublicCode = PublicCode & "8B1B"
end
function Mov_EBX_DWORD_Ptr_ECX()
PublicCode = PublicCode & "8B19"
end
function Mov_EBX_DWORD_Ptr_EDX()
PublicCode = PublicCode & "8B1A"
end
function Mov_EBX_DWORD_Ptr_EDI()
PublicCode = PublicCode & "8B1F"
end
function Mov_EBX_DWORD_Ptr_ESP()
PublicCode = PublicCode & "8B1C24"
end
function Mov_EBX_DWORD_Ptr_ESI()
PublicCode = PublicCode & "8B1E"
end
function Mov_ECX_DWORD_Ptr_EAX()
PublicCode = PublicCode & "8B08"
end
function Mov_ECX_DWORD_Ptr_EBP()
PublicCode = PublicCode & "8B4D00"
end
function Mov_ECX_DWORD_Ptr_EBX()
PublicCode = PublicCode & "8B0B"
end
function Mov_ECX_DWORD_Ptr_ECX()
PublicCode = PublicCode & "8B09"
end
function Mov_ECX_DWORD_Ptr_EDX()
PublicCode = PublicCode & "8B0A"
end
function Mov_ECX_DWORD_Ptr_EDI()
PublicCode = PublicCode & "8B0F"
end
function Mov_ECX_DWORD_Ptr_ESP()
PublicCode = PublicCode & "8B0C24"
end
function Mov_ECX_DWORD_Ptr_ESI()
PublicCode = PublicCode & "8B0E"
end
function Mov_EDX_DWORD_Ptr_EAX()
PublicCode = PublicCode & "8B10"
end
function Mov_EDX_DWORD_Ptr_EBP()
PublicCode = PublicCode & "8B5500"
end
function Mov_EDX_DWORD_Ptr_EBX()
PublicCode = PublicCode & "8B13"
end
function Mov_EDX_DWORD_Ptr_ECX()
PublicCode = PublicCode & "8B11"
end
function Mov_EDX_DWORD_Ptr_EDX()
PublicCode = PublicCode & "8B12"
end
function Mov_EDX_DWORD_Ptr_EDI()
PublicCode = PublicCode & "8B17"
end
function Mov_EDX_DWORD_Ptr_ESI()
PublicCode = PublicCode & "8B16"
end
function Mov_EDX_DWORD_Ptr_ESP()
PublicCode = PublicCode & "8B1424"
end
function Mov_EAX_EBP()
PublicCode = PublicCode & "8BC5"
end
function Mov_EAX_EBX()
PublicCode = PublicCode & "8BC3"
end
function Mov_EAX_ECX()
PublicCode = PublicCode & "8BC1"
end
function Mov_EAX_EDI()
PublicCode = PublicCode & "8BC7"
end
function Mov_EAX_EDX()
PublicCode = PublicCode & "8BC2"
end
function Mov_EAX_ESI()
PublicCode = PublicCode & "8BC6"
end
function Mov_EAX_ESP()
PublicCode = PublicCode & "8BC4"
end
function Mov_EBX_EBP()
PublicCode = PublicCode & "8BDD"
end
function Mov_EBX_EAX()
PublicCode = PublicCode & "8BD8"
end
function Mov_EBX_ECX()
PublicCode = PublicCode & "8BD9"
end
function Mov_EBX_EDI()
PublicCode = PublicCode & "8BDF"
end
function Mov_EBX_EDX()
PublicCode = PublicCode & "8BDA"
end
function Mov_EBX_ESI()
PublicCode = PublicCode & "8BDE"
end
function Mov_EBX_ESP()
PublicCode = PublicCode & "8BDC"
end
function Mov_ECX_EBP()
PublicCode = PublicCode & "8BCD"
end
function Mov_ECX_EAX()
PublicCode = PublicCode & "8BC8"
end
function Mov_ECX_EBX()
PublicCode = PublicCode & "8BCB"
end
function Mov_ECX_EDI()
PublicCode = PublicCode & "8BCF"
end
function Mov_ECX_EDX()
PublicCode = PublicCode & "8BCA"
end
function Mov_ECX_ESI()
PublicCode = PublicCode & "8BCE"
end
function Mov_ECX_ESP()
PublicCode = PublicCode & "8BCC"
end
function Mov_EDX_EBP()
PublicCode = PublicCode & "8BD5"
end
function Mov_EDX_EBX()
PublicCode = PublicCode & "8BD3"
end
function Mov_EDX_ECX()
PublicCode = PublicCode & "8BD1"
end
function Mov_EDX_EDI()
PublicCode = PublicCode & "8BD7"
end
function Mov_EDX_EAX()
PublicCode = PublicCode & "8BD0"
end
function Mov_EDX_ESI()
PublicCode = PublicCode & "8BD6"
end
function Mov_EDX_ESP()
PublicCode = PublicCode & "8BD4"
end
function Mov_ESI_EBP()
PublicCode = PublicCode & "8BF5"
end
function Mov_ESI_EBX()
PublicCode = PublicCode & "8BF3"
end
function Mov_ESI_ECX()
PublicCode = PublicCode & "8BF1"
end
function Mov_ESI_EDI()
PublicCode = PublicCode & "8BF7"
end
function Mov_ESI_EAX()
PublicCode = PublicCode & "8BF0"
end
function Mov_ESI_EDX()
PublicCode = PublicCode & "8BF2"
end
function Mov_ESI_ESP()
PublicCode = PublicCode & "8BF4"
end
function Mov_ESP_EBP()
PublicCode = PublicCode & "8BE5"
end
function Mov_ESP_EBX()
PublicCode = PublicCode & "8BE3"
end
function Mov_ESP_ECX()
PublicCode = PublicCode & "8BE1"
end
function Mov_ESP_EDI()
PublicCode = PublicCode & "8BE7"
end
function Mov_ESP_EAX()
PublicCode = PublicCode & "8BE0"
end
function Mov_ESP_EDX()
PublicCode = PublicCode & "8BE2"
end
function Mov_ESP_ESI()
PublicCode = PublicCode & "8BE6"
end
function Mov_EDI_EBP()
PublicCode = PublicCode & "8BFD"
end
function Mov_EDI_EAX()
PublicCode = PublicCode & "8BF8"
end
function Mov_EDI_EBX()
PublicCode = PublicCode & "8BFB"
end
function Mov_EDI_ECX()
PublicCode = PublicCode & "8BF9"
end
function Mov_EDI_EDX()
PublicCode = PublicCode & "8BFA"
end
function Mov_EDI_ESI()
PublicCode = PublicCode & "8BFE"
end
function Mov_EDI_ESP()
PublicCode = PublicCode & "8BFC"
end
function Mov_EBP_EDI()
PublicCode = PublicCode & "8BDF"
end
function Mov_EBP_EAX()
PublicCode = PublicCode & "8BE8"
end
function Mov_EBP_EBX()
PublicCode = PublicCode & "8BEB"
end
function Mov_EBP_ECX()
PublicCode = PublicCode & "8BE9"
end
function Mov_EBP_EDX()
PublicCode = PublicCode & "8BEA"
end
function Mov_EBP_ESI()
PublicCode = PublicCode & "8BEE"
end
function Mov_EBP_ESP()
PublicCode = PublicCode & "8BEC"
end
//'Push
//'&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&
function Push(i)
if ((i<= 255) && (i>= 0))
PublicCode = PublicCode & "6A" & W_HighAndLow(i, 2)
else
PublicCode = PublicCode & "68" & W_HighAndLow(i, 8)
end
end
function Push_DWORD_Ptr_Addr(i )
PublicCode = PublicCode & "FF35" & W_HighAndLow(i, 8)
end
function Push_EAX()
PublicCode = PublicCode & "50"
end
function Push_ECX()
PublicCode = PublicCode & "51"
end
function Push_EDX()
PublicCode = PublicCode & "52"
end
function Push_EBX()
PublicCode = PublicCode & "53"
end
function Push_ESP()
PublicCode = PublicCode & "54"
end
function Push_EBP()
PublicCode = PublicCode & "55"
end
function Push_ESI()
PublicCode = PublicCode & "56"
end
function Push_EDI()
PublicCode = PublicCode & "57"
end
//'LEA
function Lea_EAX_DWORD_Ptr_EAX_Add(i )
if ((i<= 255) && (i>= 0))
PublicCode = PublicCode & "8D40" & W_HighAndLow(i, 2)
else
PublicCode = PublicCode & "8D80" & W_HighAndLow(i, 8)
end
end
function Lea_EAX_DWORD_Ptr_EBX_Add(i )
if ((i<= 255) && (i>= 0))
PublicCode = PublicCode & "8D43" & W_HighAndLow(i, 2)
else
PublicCode = PublicCode & "8D83" & W_HighAndLow(i, 8)
end
end
function Lea_EAX_DWORD_Ptr_ECX_Add(i )
if ((i<= 255) && (i>= 0))
PublicCode = PublicCode & "8D41" & W_HighAndLow(i, 2)
else
PublicCode = PublicCode & "8D81" & W_HighAndLow(i, 8)
end
end
function Lea_EAX_DWORD_Ptr_EDX_Add(i )
if ((i<= 255) && (i>= 0))
PublicCode = PublicCode & "8D42" & W_HighAndLow(i, 2)
else
PublicCode = PublicCode & "8D82" & W_HighAndLow(i, 8)
end
end
function Lea_EAX_DWORD_Ptr_ESI_Add(i )
if ((i<= 255) && (i>= 0))
PublicCode = PublicCode & "8D46" & W_HighAndLow(i, 2)
else
PublicCode = PublicCode & "8D86" & W_HighAndLow(i, 8)
end
end
function Lea_EAX_DWORD_Ptr_ESP_Add(i )
if ((i<= 255) && (i>= 0))
PublicCode = PublicCode & "8D40" & W_HighAndLow(i, 2)
else
PublicCode = PublicCode & "8D80" & W_HighAndLow(i, 8)
end
end
function Lea_EAX_DWORD_Ptr_EBP_Add(i )
if ((i<= 255) && (i>= 0))
PublicCode = PublicCode & "8D4424" & W_HighAndLow(i, 2)
else
PublicCode = PublicCode & "8D8424" & W_HighAndLow(i, 8)
end
end
function Lea_EAX_DWORD_Ptr_EDI_Add(i )
if ((i<= 255) && (i>= 0))
PublicCode = PublicCode & "8D47" & W_HighAndLow(i, 2)
else
PublicCode = PublicCode & "8D87" & W_HighAndLow(i, 8)
end
end
function Lea_EBX_DWORD_Ptr_EAX_Add(i )
if ((i<= 255) && (i>= 0))
PublicCode = PublicCode & "8D58" & W_HighAndLow(i, 2)
else
PublicCode = PublicCode & "8D98" & W_HighAndLow(i, 8)
end
end
function Lea_EBX_DWORD_Ptr_ESP_Add(i )
if ((i<= 255) && (i>= 0))
PublicCode = PublicCode & "8D5C24" & W_HighAndLow(i, 2)
else
PublicCode = PublicCode & "8D9C24" & W_HighAndLow(i, 8)
end
end
function Lea_EBX_DWORD_Ptr_EBX_Add(i )
if ((i<= 255) && (i>= 0))
PublicCode = PublicCode & "8D5B" & W_HighAndLow(i, 2)
else
PublicCode = PublicCode & "8D9B" & W_HighAndLow(i, 8)
end
end
function Lea_EBX_DWORD_Ptr_ECX_Add(i )
if ((i<= 255) && (i>= 0))
PublicCode = PublicCode & "8D59" & W_HighAndLow(i, 2)
else
PublicCode = PublicCode & "8D99" & W_HighAndLow(i, 8)
end
end
function Lea_EBX_DWORD_Ptr_EDX_Add(i )
if ((i<= 255) && (i>= 0))
PublicCode = PublicCode & "8D5A" & W_HighAndLow(i, 2)
else
PublicCode = PublicCode & "8D9A" & W_HighAndLow(i, 8)
end
end
function Lea_EBX_DWORD_Ptr_EDI_Add(i )
if ((i<= 255) && (i>= 0))
PublicCode = PublicCode & "8D5F" & W_HighAndLow(i, 2)
else
PublicCode = PublicCode & "8D9F" & W_HighAndLow(i, 8)
end
end
function Lea_EBX_DWORD_Ptr_EBP_Add(i )
if ((i<= 255) && (i>= 0))
PublicCode = PublicCode & "8D5D" & W_HighAndLow(i, 2)
else
PublicCode = PublicCode & "8D9D" & W_HighAndLow(i, 8)
end
end
function Lea_EBX_DWORD_Ptr_ESI_Add(i )
if ((i<= 255) && (i>= 0))
PublicCode = PublicCode & "8D5E" & W_HighAndLow(i, 2)
else
PublicCode = PublicCode & "8D9E" & W_HighAndLow(i, 8)
end
end
function Lea_ECX_DWORD_Ptr_EAX_Add(i )
if ((i<= 255) && (i>= 0))
PublicCode = PublicCode & "8D48" & W_HighAndLow(i, 2)
else
PublicCode = PublicCode & "8D88" & W_HighAndLow(i, 8)
end
end
function Lea_ECX_DWORD_Ptr_ESP_Add(i )
if ((i<= 255) && (i>= 0))
PublicCode = PublicCode & "8D4C24" & W_HighAndLow(i, 2)
else
PublicCode = PublicCode & "8D8C24" & W_HighAndLow(i, 8)
end
end
function Lea_ECX_DWORD_Ptr_EBX_Add(i )
if ((i<= 255) && (i>= 0))
PublicCode = PublicCode & "8D4B" & W_HighAndLow(i, 2)
else
PublicCode = PublicCode & "8D8B" & W_HighAndLow(i, 8)
end
end
function Lea_ECX_DWORD_Ptr_ECX_Add(i )
if ((i<= 255) && (i>= 0))
PublicCode = PublicCode & "8D49" & W_HighAndLow(i, 2)
else
PublicCode = PublicCode & "8D89" & W_HighAndLow(i, 8)
end
end
function Lea_ECX_DWORD_Ptr_EDX_Add(i )
if ((i<= 255) && (i>= 0))
PublicCode = PublicCode & "8D4A" & W_HighAndLow(i, 2)
else
PublicCode = PublicCode & "8D8A" & W_HighAndLow(i, 8)
end
end
function Lea_ECX_DWORD_Ptr_EDI_Add(i )
if ((i<= 255) && (i>= 0))
PublicCode = PublicCode & "8D4F" & W_HighAndLow(i, 2)
else
PublicCode = PublicCode & "8D8F" & W_HighAndLow(i, 8)
end
end
function Lea_ECX_DWORD_Ptr_EBP_Add(i )
if ((i<= 255) && (i>= 0))
PublicCode = PublicCode & "8D4D" & W_HighAndLow(i, 2)
else
PublicCode = PublicCode & "8D8D" & W_HighAndLow(i, 8)
end
end
function Lea_ECX_DWORD_Ptr_ESI_Add(i )
if ((i<= 255) && (i>= 0))
PublicCode = PublicCode & "8D4E" & W_HighAndLow(i, 2)
else
PublicCode = PublicCode & "8D8E" & W_HighAndLow(i, 8)
end
end
function Lea_EDX_DWORD_Ptr_EAX_Add(i )
if ((i<= 255) && (i>= 0))
PublicCode = PublicCode & "8D50" & W_HighAndLow(i, 2)
else
PublicCode = PublicCode & "8D90" & W_HighAndLow(i, 8)
end
end
function Lea_EDX_DWORD_Ptr_ESP_Add(i )
if ((i<= 255) && (i>= 0))
PublicCode = PublicCode & "8D5424" & W_HighAndLow(i, 2)
else
PublicCode = PublicCode & "8D9424" & W_HighAndLow(i, 8)
end
end
function Lea_EDX_DWORD_Ptr_EBX_Add(i )
if ((i<= 255) && (i>= 0))
PublicCode = PublicCode & "8D53" & W_HighAndLow(i, 2)
else
PublicCode = PublicCode & "8D93" & W_HighAndLow(i, 8)
end
end
function Lea_EDX_DWORD_Ptr_ECX_Add(i )
if ((i<= 255) && (i>= 0))
PublicCode = PublicCode & "8D51" & W_HighAndLow(i, 2)
else
PublicCode = PublicCode & "8D91" & W_HighAndLow(i, 8)
end
end
function Lea_EDX_DWORD_Ptr_EDX_Add(i )
if ((i<= 255) && (i>= 0))
PublicCode = PublicCode & "8D52" & W_HighAndLow(i, 2)
else
PublicCode = PublicCode & "8D92" & W_HighAndLow(i, 8)
end
end
function Lea_EDX_DWORD_Ptr_EDI_Add(i )
if ((i<= 255) && (i>= 0))
PublicCode = PublicCode & "8D57" & W_HighAndLow(i, 2)
else
PublicCode = PublicCode & "8D97" & W_HighAndLow(i, 8)
end
end
function Lea_EDX_DWORD_Ptr_EBP_Add(i )
if ((i<= 255) && (i>= 0))
PublicCode = PublicCode & "8D55" & W_HighAndLow(i, 2)
else
PublicCode = PublicCode & "8D95" & W_HighAndLow(i, 8)
end
end
function Lea_EDX_DWORD_Ptr_ESI_Add(i )
if ((i<= 255) && (i>= 0))
PublicCode = PublicCode & "8D56" & W_HighAndLow(i, 2)
else
PublicCode = PublicCode & "8D96" & W_HighAndLow(i, 8)
end
end
function Pop_EAX()
PublicCode = PublicCode & "58"
end
function Pop_EBX()
PublicCode = PublicCode & "5B"
end
function Pop_ECX()
PublicCode = PublicCode & "59"
end
function Pop_EDX()
PublicCode = PublicCode & "5A"
end
function Pop_ESI()
PublicCode = PublicCode & "5E"
end
function Pop_ESP()
PublicCode = PublicCode & "5C"
end
function Pop_EDI()
PublicCode = PublicCode & "5F"
end
function Pop_EBP()
PublicCode = PublicCode & "5D"
end
页:
[1]