按键精灵ASM32内联汇编独立库原型（本人亲笔）

类人猿 · 发表于 2017-8-23 13:00:52

本帖最后由类人猿于 2017-8-23 13:05 编辑

Function RunAsmCode(ProcessId, AsmType)//核心代码
Dim i //==========================================================
dim AsmCode1
AsmCode1=""
ReDim AsmCode(Len(PublicCode) / 2 - 1)
For i = 0 To UBound(AsmCode)
AsmCode1 = AsmCode1 &(" " & Mid(PublicCode, i * 2 + 1, 2)) //======里是字符集转换空格隔开======
Next
PublicCode = LTrim(AsmCode1)
//TracePrint PublicCode
十六进制字节集=PublicCode //=========================================================
CodeSize = UBound(split(十六进制字节集, " "))+10 //加10避免空间不够用." "这个是十六进制字符分隔符
//TracePrint CodeSize
NewWriteCodeAddr = 申请指定进程空间(ProcessId, CodeSize)//申请空
//TracePrint NewWriteCodeAddr
call 写入字节集(ProcessId, NewWriteCodeAddr, 十六进制字节集)
Handle_Process = OpenProcess(2035711, False, ProcessId)
RThwnd = CreateRemoteThread(Handle_Process, 0, 0, NewWriteCodeAddr, 0, 0, 0)
End Function
Function 远程注入汇编代码(ProcessId, 十六进制字节集)
CodeSize = UBound(split(十六进制字节集, " "))+10 //加10避免空间不够用." "这个是十六进制字符分隔符
//MessageBox CodeSize
NewWriteCodeAddr = 申请指定进程空间(ProcessId, CodeSize)//申请空
call 写入字节集(ProcessId, NewWriteCodeAddr, 十六进制字节集)
Handle_Process = OpenProcess(2035711, False, ProcessId)
RThwnd = CreateRemoteThread(Handle_Process, 0, 0, NewWriteCodeAddr, 0, 0, 0)
End function
//Call 十六进制字节集转化成十进制字节集("55 8B EC A1 7C 24 2C 01 6A 00 8B 08 A1 78 3E 2C 01 8B C0 FF D0 5D C3")
Function 十六进制字节集转化成十进制字节集(HexByteStr)//这个功能是将十六进制字节集转化成十进制字符数组
HexByteStr=Replace(HexByteStr," ","")
Dim i
ReDim HexByteArr(Len(HexByteStr) / 2 - 1)
For i = 0 To UBound(HexByteArr)
HexByteArr(i) = CByte("&H" & Mid(HexByteStr, i * 2 + 1, 2))
十六进制字节集转化成十进制字节集=十六进制字节集转化成十进制字节集&" "& HexByteArr(i)
Next
//TracePrint 十六进制字节集转化成十进制字节集
//Get_Result = CallWindowProc(AsmCode(0), 0, 0, 0, 0)
//Get_Result = CallWindowProc(AsmCode(0),0,0,0,0)//=================================================================不懂这里为什么参数会出错
End Function
Function 获取函数地址API(Module, Name_Api)//这个是有缺陷的
//Name_Api=Name_Api &"0000"
Dim Module_Handle,String_Addr,Function_Addr
//Do
Module_Handle = GetModuleHandleA(Module)//获取句柄
// TracePrint "dll模块的地址="& Hex(Module_Handle)
String_Addr = 字符集ASCII变量指针(Name_Api)//获取名字指针变量
//TracePrint "函数名字变量指针（存数据）="&String_Addr
Function_Addr = GetProcAddress(Module_Handle, String_Addr)//第二个参数是指针变量
//Loop Until Function_Addr <> 0
获取函数地址API = Function_Addr
End Function
Function 远程注入dll(ProcessId, LoadLibraryA_Addr,dll路径字符串)
CodeSize = len(dll路径字符串)+10 //加10避免空间不够用
//TracePrint CodeSize
NewWriteCodeAddr = 申请指定进程空间(ProcessId, CodeSize)//申请空
CALL 写入字符集ASCII(ProcessId, NewWriteCodeAddr, dll路径字符串)
Handle_Process = OpenProcess(2035711, False, ProcessId)
RThwnd = CreateRemoteThread(Handle_Process, 0, 0, LoadLibraryA_Addr, NewWriteCodeAddr, 0, 0)
End Function
Function 申请指定进程空间(ProcessId,size)
Handle_Process = OpenProcess(2035711, False, ProcessId)
tmp_Addr = VirtualAllocEx(Handle_Process, 0, size, 4096, 64)
//TracePrint tmp_Addr
申请指定进程空间=tmp_Addr
End Function
Function 释放进程分配空间(ProcessId,Addr)
Handle_Process = OpenProcess(2035711, False, ProcessId)
tmp_Addr = VirtualFreeEx(Handle_Process, Addr, 0,32768) //第三个参数设置大小，直接用0，应该是全部清除
//TracePrint Hex(tmp_Addr)
End Function
Function 写入字符集ASCII(ProcessId, lpBaseAddress, 字符串)
i=1
For len(字符串)
// TracePrint mid(字符串, i, 1)
// TracePrint Asc(mid(字符串, i, 1))
字符代码数值 = Asc(mid(字符串, i, 1))
Call 写入单字符ASCII(ProcessId, (lpBaseAddress-1+i), 字符代码数值)
i=i+1
Next
End Function
Function 字符集ASCII变量指针(字符串)
Dim 内存大小
Dim NewAddr
Dim i
内存大小 = Len(字符串)
//TracePrint 内存大小
NewAddr = (LocalAlloc(0, 内存大小 + 2))//这个-1是为了适应下面的代码 /0是表示空字符00000000
// TracePrint NewAddr
//TracePrint "申请存放汇编字节集" & Hex(NewAddr)
i=1
For len(字符串)
// TracePrint mid(字符串, i, 1)
// TracePrint Asc(mid(字符串, i, 1))
字符代码数值 = Asc(mid(字符串, i, 1))
// TracePrint 字符代码数值
Call 写入单字符ASCII(GetCurrentProcessId(), (NewAddr - 1 + i), 字符代码数值)
// TracePrint NewAddr-1+i
i=i+1
Next
call 写入双字节内存整数(GetCurrentProcessId(),(NewAddr - 1 + i),0)
// TracePrint "最后一个整" & NewAddr-1+i
字符集ASCII变量指针=NewAddr
End Function
Function 写入单字符ASCII(ProcessId, lpBaseAddress, WriteValue)
Dim Handle_Process//进程句柄
Handle_Process = OpenProcess(2035711, false, ProcessId)//获取进程句柄
//TracePrint "Handle_Process=" & Handle_Process//要写入的地址
Addr_Low = chrw(WriteValue)/*由于写入内存又要传址，所以不能直接以Long型写入,将要写入的数值分割成低字和高字，以Unicode码形式分别存放在两个变量里，一个Uniclde字符能放两字节，两个才是4字节*/
Call WriteProcessMemory(Handle_Process, lpBaseAddress, Addr_Low, 1, 0) // lpBaseAddress是存放数据的地址
call CloseHandle (Handle_Process)//关闭进程对象句柄
End Function
Function 写入字节集(ProcessId, WriteAddr, 十六进制字节集)
NewAddr = WriteAddr //写入头地址
//TracePrint "申请存放汇编字节集地址" & Hex(NewAddr)
字节数组=Split(十六进制字节集," ")
i=0
For UBound(字节数组)+1
// TracePrint 字节数组(i)
call 写入单字节整数(ProcessId, NewAddr+i,"&H"&字节数组(i)) //这里我统一加上&H，可以进行运
i=i+1
Next
End Function
Function 字节集变量指针(十六进制字节集)
NewAddr = LocalAlloc(0, 200)
//TracePrint "申请存放汇编字节集" & Hex(NewAddr)
字节数组=Split(十六进制字节集," ")
i=0
For UBound(字节数组)+1
// TracePrint 字节数组(i)
call 写入单字节整数(GetCurrentProcessId(), NewAddr+i,int(字节数组(i)))
i=i+1
Next
字节集变量指针=NewAddr
End Function
Function 写入单字节整数(ProcessId, lpBaseAddress, WriteValue) //第二个是WriteAddr
Dim Handle_Process//进程句柄
Handle_Process = OpenProcess(2035711, false, ProcessId)//获取进程句柄
//TracePrint "Handle_Process=" & Handle_Process//要写入的地址
Addr_Low = chrw(WriteValue mod 256)/*由于写入内存又要传址，所以不能直接以Long型写入,将要写入的数值分割成低字和高字，以Unicode码形式分别存放在两个变量里，一个Uniclde字符能放两字节，两个才是4字节*/
//Addr_High = chrw(int(WriteValue / 65536))//读取WriteAddr原来的值//用这个测试的时候，我们检测下2字节的最大值和4字节的最大值，注意数据溢出
Call WriteProcessMemory(Handle_Process, lpBaseAddress, Addr_Low, 1, 0) // lpBaseAddress是存放数据的地址
//Call Write(Handle_Process, lpBaseAddress + 2, Addr_High, 2, 0)//读取WriteAddr现在的值
call CloseHandle (Handle_Process)//关闭进程对象句柄
End Function
Function 写入双字节内存整数(ProcessId, lpBaseAddress, WriteValue) //第二个是WriteAddr
Dim Handle_Process//进程句柄
Handle_Process = OpenProcess(2035711, false, ProcessId)//获取进程句柄
//TracePrint "Handle_Process=" & Handle_Process//要写入的地址
Addr_Low = Chrw(WriteValue)/*由于写入内存又要传址，所以不能直接以Long型写入,将要写入的数值分割成低字和高字，以Unicode码形式分别存放在两个变量里，一个Uniclde字符能放两字节，两个才是4字节*/
Call WriteProcessMemory(Handle_Process, lpBaseAddress, Addr_Low, 2, 0) // lpBaseAddress是存放数据的地址
call CloseHandle (Handle_Process)//关闭进程对象句柄
End Function
Function 双字节整数变量指针(WriteValue)//第二个是WriteAddr=======================
NewAddr = LocalAlloc(0, 2)
//TracePrint "申请存放汇编字节集" & Hex(NewAddr)
Dim Handle_Process//进程句柄
Handle_Process = OpenProcess(2035711, false, GetCurrentProcessId())//获取进程句柄
//TracePrint "Handle_Process=" & Handle_Process//要写入的地址
Addr_Low = Chrw(WriteValue)/*由于写入内存又要传址，所以不能直接以Long型写入,将要写入的数值分割成低字和高字，以Unicode码形式分别存放在两个变量里，一个Uniclde字符能放两字节，两个才是4字节*/
Call WriteProcessMemory(Handle_Process, NewAddr, Addr_Low, 2, 0) // lpBaseAddress是存放数据的地址
Call CloseHandle(Handle_Process)//关闭进程对象句柄
双字节整数变量指针=NewAddr
End Function
Function 写入四字节内存整数(ProcessId, lpBaseAddress, WriteValue) //第二个是WriteAddr
Dim Handle_Process//进程句柄
Handle_Process = OpenProcess(2035711, false, ProcessId)//获取进程句柄
//TracePrint "Handle_Process=" & Handle_Process//要写入的地址
Addr_Low = Chrw(WriteValue mod 65536)/*由于写入内存又要传址，所以不能直接以Long型写入,将要写入的数值分割成低字和高字，以Unicode码形式分别存放在两个变量里，一个Uniclde字符能放两字节，两个才是4字节*/
Addr_High = Chrw(int(WriteValue / 65536))//读取WriteAddr原来的值//用这个测试的时候，我们检测下2字节的最大值和4字节的最大值，注意数据溢出
Call WriteProcessMemory(Handle_Process, lpBaseAddress, Addr_Low, 2, 0) // lpBaseAddress是存放数据的地址
Call WriteProcessMemory(Handle_Process, lpBaseAddress + 2, Addr_High, 2, 0)//读取WriteAddr现在的值
call CloseHandle (Handle_Process)//关闭进程对象句柄
End Function
Function 四字节整数变量指针(WriteValue)//第二个是WriteAddr
NewAddr = LocalAlloc(0, 4)
//TracePrint "申请存放汇编字节集" & Hex(NewAddr)
Dim Handle_Process//进程句柄
Handle_Process = OpenProcess(2035711, false, GetCurrentProcessId())//获取进程句柄
//TracePrint "Handle_Process=" & Handle_Process//要写入的地址
Addr_Low = Chrw(WriteValue mod 65536)/*由于写入内存又要传址，所以不能直接以Long型写入,将要写入的数值分割成低字和高字，以Unicode码形式分别存放在两个变量里，一个Uniclde字符能放两字节，两个才是4字节*/
Addr_High = Chrw(int(WriteValue / 65536))//读取WriteAddr原来的值//用这个测试的时候，我们检测下2字节的最大值和4字节的最大值，注意数据溢出
Call WriteProcessMemory(Handle_Process, NewAddr, Addr_Low, 2, 0) // lpBaseAddress是存放数据的地址
Call WriteProcessMemory(Handle_Process, NewAddr + 2, Addr_High, 2, 0)//读取WriteAddr现在的值
call CloseHandle (Handle_Process)//关闭进程对象句柄
End Function
Function 获取变量数据类型(变量)
获取变量数据类型=TypeName(变量)
End Function
Function W_GetCode()
W_GetCode = PublicCode
End Function
Function W_HighAndLow(Value , n) '高低位互换
Dim tmp1 , tmp2 , i
tmp1 = Right("0000000" + Hex(Value), n)
For i = 0 To Len(tmp1) / 2 - 1
tmp2 = tmp2 + Mid(tmp1, Len(tmp1) - 1 - 2 * i, 2)
Next //=======================================这里出错
W_HighAndLow = tmp2
End Function
//Function W_HighAndLow(Value, n)'高低位互换，这个是更新版本,n是多余的参数，还有bug 0000
// If Value <255 and Value >16 Then
// W_HighAndLow = Hex(Value)
// ElseIf Value < 16 and Value >=0 Then
//
// W_HighAndLow = "0" + Hex(Value)
//
// Else
// W_HighAndLow = Hex(htonl(Value))
// End If
//End Function
Function Mov_EAX_ESP()
PublicCode = PublicCode + "8BC4"
End Function
Function Mov_EBX_EBP()
PublicCode = PublicCode + "8BDD"
End Function
Function Mov_EBX_EAX()
PublicCode = PublicCode + "8BD8"
End Function
Function Mov_EBX_ECX()
PublicCode = PublicCode + "8BD9"
End Function
Function Mov_EBX_EDI()
PublicCode = PublicCode + "8BDF"
End Function
Function Mov_EBX_EDX()
PublicCode = PublicCode + "8BDA"
End Function
Function Mov_EBX_ESI()
PublicCode = PublicCode + "8BDE"
End Function
Function Mov_EBX_ESP()
PublicCode = PublicCode + "8BDC"
End Function
Function Mov_ECX_EBP()
PublicCode = PublicCode + "8BCD"
End Function
Function Mov_ECX_EAX()
PublicCode = PublicCode + "8BC8"
End Function
Function Mov_ECX_EBX()
PublicCode = PublicCode + "8BCB"
End Function
Function Mov_ECX_EDI()
PublicCode = PublicCode + "8BCF"
End Function
Function Mov_ECX_EDX()
PublicCode = PublicCode + "8BCA"
End Function
Function Mov_ECX_ESI()
PublicCode = PublicCode + "8BCE"
End Function
Function Mov_ECX_ESP()
PublicCode = PublicCode + "8BCC"
End Function
Function Mov_EDX_EBP()
PublicCode = PublicCode + "8BD5"
End Function
Function Mov_EDX_EBX()
PublicCode = PublicCode + "8BD3"
End Function
Function Mov_EDX_ECX()
PublicCode = PublicCode + "8BD1"
End Function
Function Mov_EDX_EDI()
PublicCode = PublicCode + "8BD7"
End Function
Function Mov_EDX_EAX()
PublicCode = PublicCode + "8BD0"
End Function
Function Mov_EDX_ESI()
PublicCode = PublicCode + "8BD6"
End Function
Function Mov_EDX_ESP()
PublicCode = PublicCode + "8BD4"
End Function
Function Mov_ESI_EBP()
PublicCode = PublicCode + "8BF5"
End Function
Function Mov_ESI_EBX()
PublicCode = PublicCode + "8BF3"
End Function
Function Mov_ESI_ECX()
PublicCode = PublicCode + "8BF1"
End Function
Function Mov_ESI_EDI()
PublicCode = PublicCode + "8BF7"
End Function
Function Mov_ESI_EAX()
PublicCode = PublicCode + "8BF0"
End Function
Function Mov_ESI_EDX()
PublicCode = PublicCode + "8BF2"
End Function
Function Mov_ESI_ESP()
PublicCode = PublicCode + "8BF4"
End Function
Function Mov_ESP_EBP()
PublicCode = PublicCode + "8BE5"
End Function
Function Mov_ESP_EBX()
PublicCode = PublicCode + "8BE3"
End Function
Function Mov_ESP_ECX()
PublicCode = PublicCode + "8BE1"
End Function
Function Mov_ESP_EDI()
PublicCode = PublicCode + "8BE7"
End Function
Function Mov_ESP_EAX()
PublicCode = PublicCode + "8BE0"
End Function
Function Mov_ESP_EDX()
PublicCode = PublicCode + "8BE2"
End Function
Function Mov_ESP_ESI()
PublicCode = PublicCode + "8BE6"
End Function
Function Mov_EDI_EBP()
PublicCode = PublicCode + "8BFD"
End Function
Function Mov_EDI_EAX()
PublicCode = PublicCode + "8BF8"
End Function
Function Mov_EDI_EBX()
PublicCode = PublicCode + "8BFB"
End Function
Function Mov_EDI_ECX()
PublicCode = PublicCode + "8BF9"
End Function
Function Mov_EDI_EDX()
PublicCode = PublicCode + "8BFA"
End Function
Function Mov_EDI_ESI()
PublicCode = PublicCode + "8BFE"
End Function
Function Mov_EDI_ESP()
PublicCode = PublicCode + "8BFC"
End Function
Function Mov_EBP_EDI()
PublicCode = PublicCode + "8BDF"
End Function
Function Mov_EBP_EAX()
PublicCode = PublicCode + "8BE8"
End Function
Function Mov_EBP_EBX()
PublicCode = PublicCode + "8BEB"
End Function
Function Mov_EBP_ECX()
PublicCode = PublicCode + "8BE9"
End Function
Function Mov_EBP_EDX()
PublicCode = PublicCode + "8BEA"
End Function
Function Mov_EBP_ESI()
PublicCode = PublicCode + "8BEE"
End Function
Function Mov_EBP_ESP()
PublicCode = PublicCode + "8BEC"
End Function
'Push
'+++++++++++++++++++++++++++++++++++
Function Push(i)
If i <= 255 and i >= 0 Then
PublicCode = PublicCode + "6A" + W_HighAndLow(i, 2)
Else
PublicCode = PublicCode + "68" + W_HighAndLow(i, 8)
End If
End Function
Function Push_DWORD_Ptr_Addr(i )
PublicCode = PublicCode + "FF35" + W_HighAndLow(i, 8)
End Function
Function Push_EAX()
PublicCode = PublicCode + "50"
End Function
Function Push_ECX()
PublicCode = PublicCode + "51"
End Function
Function Push_EDX()
PublicCode = PublicCode + "52"
End Function
Function Push_EBX()
PublicCode = PublicCode + "53"
End Function
Function Push_ESP()
PublicCode = PublicCode + "54"
End Function
Function Push_EBP()
PublicCode = PublicCode + "55"
End Function
Function Push_ESI()
PublicCode = PublicCode + "56"
End Function
Function Push_EDI()
PublicCode = PublicCode + "57"
End Function
'LEA
Function Lea_EAX_DWORD_Ptr_EAX_Add(i )
If i <= 255 and i >= 0 Then
PublicCode = PublicCode + "8D40" + W_HighAndLow(i, 2)
Else
PublicCode = PublicCode + "8D80" + W_HighAndLow(i, 8)
End If
End Function
Function Lea_EAX_DWORD_Ptr_EBX_Add(i )
If i <= 255 and i >= 0 Then
PublicCode = PublicCode + "8D43" + W_HighAndLow(i, 2)
Else
PublicCode = PublicCode + "8D83" + W_HighAndLow(i, 8)
End If
End Function
Function Lea_EAX_DWORD_Ptr_ECX_Add(i )
If i <= 255 and i >= 0 Then
PublicCode = PublicCode + "8D41" + W_HighAndLow(i, 2)
Else
PublicCode = PublicCode + "8D81" + W_HighAndLow(i, 8)
End If
End Function
Function Lea_EAX_DWORD_Ptr_EDX_Add(i )
If i <= 255 and i >= 0 Then
PublicCode = PublicCode + "8D42" + W_HighAndLow(i, 2)
Else
PublicCode = PublicCode + "8D82" + W_HighAndLow(i, 8)
End If
End Function
Function Lea_EAX_DWORD_Ptr_ESI_Add(i )
If i <= 255 and i >= 0 Then
PublicCode = PublicCode + "8D46" + W_HighAndLow(i, 2)
Else
PublicCode = PublicCode + "8D86" + W_HighAndLow(i, 8)
End If
End Function
Function Lea_EAX_DWORD_Ptr_ESP_Add(i )
If i <= 255 and i >= 0 Then
PublicCode = PublicCode + "8D40" + W_HighAndLow(i, 2)
Else
PublicCode = PublicCode + "8D80" + W_HighAndLow(i, 8)
End If
End Function
Function Lea_EAX_DWORD_Ptr_EBP_Add(i )
If i <= 255 and i >= 0 Then
PublicCode = PublicCode + "8D4424" + W_HighAndLow(i, 2)
Else
PublicCode = PublicCode + "8D8424" + W_HighAndLow(i, 8)
End If
End Function
Function Lea_EAX_DWORD_Ptr_EDI_Add(i )
If i <= 255 and i >= 0 Then
PublicCode = PublicCode + "8D47" + W_HighAndLow(i, 2)
Else
PublicCode = PublicCode + "8D87" + W_HighAndLow(i, 8)
End If
End Function
Function Lea_EBX_DWORD_Ptr_EAX_Add(i )
If i <= 255 and i >= 0 Then
PublicCode = PublicCode + "8D58" + W_HighAndLow(i, 2)
Else
PublicCode = PublicCode + "8D98" + W_HighAndLow(i, 8)
End If
End Function
Function Lea_EBX_DWORD_Ptr_ESP_Add(i )
If i <= 255 and i >= 0 Then
PublicCode = PublicCode + "8D5C24" + W_HighAndLow(i, 2)
Else
PublicCode = PublicCode + "8D9C24" + W_HighAndLow(i, 8)
End If
End Function
Function Lea_EBX_DWORD_Ptr_EBX_Add(i )
If i <= 255 and i >= 0 Then
PublicCode = PublicCode + "8D5B" + W_HighAndLow(i, 2)
Else
PublicCode = PublicCode + "8D9B" + W_HighAndLow(i, 8)
End If
End Function
Function Lea_EBX_DWORD_Ptr_ECX_Add(i )
If i <= 255 and i >= 0 Then
PublicCode = PublicCode + "8D59" + W_HighAndLow(i, 2)
Else
PublicCode = PublicCode + "8D99" + W_HighAndLow(i, 8)
End If
End Function
Function Lea_EBX_DWORD_Ptr_EDX_Add(i )
If i <= 255 and i >= 0 Then
PublicCode = PublicCode + "8D5A" + W_HighAndLow(i, 2)
Else
PublicCode = PublicCode + "8D9A" + W_HighAndLow(i, 8)
End If
End Function
Function Lea_EBX_DWORD_Ptr_EDI_Add(i )
If i <= 255 and i >= 0 Then
PublicCode = PublicCode + "8D5F" + W_HighAndLow(i, 2)
Else
PublicCode = PublicCode + "8D9F" + W_HighAndLow(i, 8)
End If
End Function
Function Lea_EBX_DWORD_Ptr_EBP_Add(i )
If i <= 255 and i >= 0 Then
PublicCode = PublicCode + "8D5D" + W_HighAndLow(i, 2)
Else
PublicCode = PublicCode + "8D9D" + W_HighAndLow(i, 8)
End If
End Function
Function Lea_EBX_DWORD_Ptr_ESI_Add(i )
If i <= 255 and i >= 0 Then
PublicCode = PublicCode + "8D5E" + W_HighAndLow(i, 2)
Else
PublicCode = PublicCode + "8D9E" + W_HighAndLow(i, 8)
End If
End Function
Function Lea_ECX_DWORD_Ptr_EAX_Add(i )
If i <= 255 and i >= 0 Then
PublicCode = PublicCode + "8D48" + W_HighAndLow(i, 2)
Else
PublicCode = PublicCode + "8D88" + W_HighAndLow(i, 8)
End If
End Function
Function Lea_ECX_DWORD_Ptr_ESP_Add(i )
If i <= 255 and i >= 0 Then
PublicCode = PublicCode + "8D4C24" + W_HighAndLow(i, 2)
Else
PublicCode = PublicCode + "8D8C24" + W_HighAndLow(i, 8)
End If
End Function
Function Lea_ECX_DWORD_Ptr_EBX_Add(i )
If i <= 255 and i >= 0 Then
PublicCode = PublicCode + "8D4B" + W_HighAndLow(i, 2)
Else
PublicCode = PublicCode + "8D8B" + W_HighAndLow(i, 8)
End If
End Function
Function Lea_ECX_DWORD_Ptr_ECX_Add(i )
If i <= 255 and i >= 0 Then
PublicCode = PublicCode + "8D49" + W_HighAndLow(i, 2)
Else
PublicCode = PublicCode + "8D89" + W_HighAndLow(i, 8)
End If
End Function
Function Lea_ECX_DWORD_Ptr_EDX_Add(i )
If i <= 255 and i >= 0 Then
PublicCode = PublicCode + "8D4A" + W_HighAndLow(i, 2)
Else
PublicCode = PublicCode + "8D8A" + W_HighAndLow(i, 8)
End If
End Function
Function Lea_ECX_DWORD_Ptr_EDI_Add(i )
If i <= 255 and i >= 0 Then
PublicCode = PublicCode + "8D4F" + W_HighAndLow(i, 2)
Else
PublicCode = PublicCode + "8D8F" + W_HighAndLow(i, 8)
End If
End Function
Function Lea_ECX_DWORD_Ptr_EBP_Add(i )
If i <= 255 and i >= 0 Then
PublicCode = PublicCode + "8D4D" + W_HighAndLow(i, 2)
Else
PublicCode = PublicCode + "8D8D" + W_HighAndLow(i, 8)
End If
End Function
Function Lea_ECX_DWORD_Ptr_ESI_Add(i )
If i <= 255 and i >= 0 Then
PublicCode = PublicCode + "8D4E" + W_HighAndLow(i, 2)
Else
PublicCode = PublicCode + "8D8E" + W_HighAndLow(i, 8)
End If
End Function
Function Lea_EDX_DWORD_Ptr_EAX_Add(i )
If i <= 255 and i >= 0 Then
PublicCode = PublicCode + "8D50" + W_HighAndLow(i, 2)
Else
PublicCode = PublicCode + "8D90" + W_HighAndLow(i, 8)
End If
End Function
Function Lea_EDX_DWORD_Ptr_ESP_Add(i )
If i <= 255 and i >= 0 Then
PublicCode = PublicCode + "8D5424" + W_HighAndLow(i, 2)
Else
PublicCode = PublicCode + "8D9424" + W_HighAndLow(i, 8)
End If
End Function
Function Lea_EDX_DWORD_Ptr_EBX_Add(i )
If i <= 255 and i >= 0 Then
PublicCode = PublicCode + "8D53" + W_HighAndLow(i, 2)
Else
PublicCode = PublicCode + "8D93" + W_HighAndLow(i, 8)
End If
End Function
Function Lea_EDX_DWORD_Ptr_ECX_Add(i )
If i <= 255 and i >= 0 Then
PublicCode = PublicCode + "8D51" + W_HighAndLow(i, 2)
Else
PublicCode = PublicCode + "8D91" + W_HighAndLow(i, 8)
End If
End Function
Function Lea_EDX_DWORD_Ptr_EDX_Add(i )
If i <= 255 and i >= 0 Then
PublicCode = PublicCode + "8D52" + W_HighAndLow(i, 2)
Else
PublicCode = PublicCode + "8D92" + W_HighAndLow(i, 8)
End If
End Function
Function Lea_EDX_DWORD_Ptr_EDI_Add(i )
If i <= 255 and i >= 0 Then
PublicCode = PublicCode + "8D57" + W_HighAndLow(i, 2)
Else
PublicCode = PublicCode + "8D97" + W_HighAndLow(i, 8)
End If
End Function
Function Lea_EDX_DWORD_Ptr_EBP_Add(i )
If i <= 255 and i >= 0 Then
PublicCode = PublicCode + "8D55" + W_HighAndLow(i, 2)
Else
PublicCode = PublicCode + "8D95" + W_HighAndLow(i, 8)
End If
End Function
Function Lea_EDX_DWORD_Ptr_ESI_Add(i )
If i <= 255 and i >= 0 Then
PublicCode = PublicCode + "8D56" + W_HighAndLow(i, 2)
Else
PublicCode = PublicCode + "8D96" + W_HighAndLow(i, 8)
End If
End Function
Function Pop_EAX()
PublicCode = PublicCode + "58"
End Function
Function Pop_EBX()
PublicCode = PublicCode + "5B"
End Function
Function Pop_ECX()
PublicCode = PublicCode + "59"
End Function
Function Pop_EDX()
PublicCode = PublicCode + "5A"
End Function
Function Pop_ESI()
PublicCode = PublicCode + "5E"
End Function
Function Pop_ESP()
PublicCode = PublicCode + "5C"
End Function
Function Pop_EDI()
PublicCode = PublicCode + "5F"
End Function
Function Pop_EBP()
PublicCode = PublicCode + "5D"
End Function