TA的每日心情 | 衰 2018-6-1 15:26 |
---|
签到天数: 18 天 [LV.4]偶尔看看III
中级会员
- 积分
- 320
|
//================================类人猿按键精灵X版本独立内存汇编库:QQ:578052137 按键精灵的内存汇编技术学习Q群:526897608 =============================================
// 手稿版本为:1.00
//================================希望喜欢按键的朋友继续传递下去,继续更新===================================================
//按键也可以独立做内存和汇编,不用依赖其他语言。代码发现bug问题请及时反馈给我,谢谢!
dim PublicCode=""
Dim Handle_Process=0//进程句
Function GetHandlePro(HandlePro)
Handle_Process=HandlePro
End Function
Declare Function OpenProcess Lib "kernel32" Alias "OpenProcess" (ByVal dwDesiredAccess As Long, ByVal bInheritHandle As Long, ByVal dwProcessId As Long) As Long
Declare Function ReadProcessMemory Lib "kernel32" Alias "ReadProcessMemory" (ByVal hProcess As Long,ByVal lpBaseAddress As Long, ByRef lpBuffer As Long, ByVal nSize As Long, lpNumberOfBytesWritten As Long) As Long
Declare Function WriteProcessMemory Lib "kernel32" (ByVal hProcess As Long, ByVal lpBaseAddress As Long, ByRef lpBuffer As Long, ByVal nSize As Long, lpNumberOfBytesWritten As Long) As Long
Declare Function GetCurrentProcessId Lib "kernel32" Alias "GetCurrentProcessId" () As Long
Declare Function htonl Lib "Wsock32.dll" (ByVal hostlong As Long) As Long //4字节高低位互转 //32位有符号整数 不支持无符号整数 FFFF FFFF ,这个还需要调试兼容
Declare Function htons Lib "Wsock32.dll" (ByVal hostshort As Long) As Long //2字节
Declare Function VirtualFreeEx Lib "kernel32" (ByVal hProcess As Long, ByVal lpAddress As long, ByVal dwSize As Long, ByVal dwFreeType As Long) As Long //
Declare Function VirtualAllocEx Lib "kernel32" (ByVal hProcess As Long, lpAddress As long, ByVal dwSize As Long, ByVal flAllocationType As Long, ByVal flProtect As Long) As Long
Declare Function GetLastError Lib "kernel32" Alias "GetLastError" () As Long
Declare Function VirtualProtectEx Lib "kernel32 " (ByVal hProcess As Integer, ByVal lpAddress As Integer, ByVal dwSize As Integer, ByVal flNewProtect As Integer, ByRef lpflOldProtect As Integer) As Integer
Declare Function LoadLibraryA Lib "kernel32.dll" Alias "LoadLibraryA"(ByVal lpLibFileName As String) As Long
Declare Function FreeLibrary Lib "kernel32" Alias "FreeLibrary" (ByVal hLibModule As Long) As Long
Declare Function GetModuleHandleA Lib "kernel32" Alias "GetModuleHandleA" (ByVal lpModuleName As String) As Long
Declare Function GetProcAddress Lib "kernel32.dll" Alias "GetProcAddress"(ByVal 模块句柄 As Long,ByVal 进程名称 As String) As Long
Declare Function GetWindowThreadProcessId Lib "user32" Alias "GetWindowThreadProcessId" (ByVal hwnd As Long, ByRef lpdwProcessId As Long) As Long
Declare Function CallWindowProcA Lib "user32" Alias "CallWindowProcA" (ByVal lpPrevWndFunc As Long, ByVal hWnd As Long, ByVal Msg As long, ByVal wParam As Long, ByVal lParam As Long) As Long
Declare Function GetCurrentThreadId Lib "kernel32" Alias "GetCurrentThreadId" () As Long
Declare Function CreateRemoteThread Lib "kernel32" (ByVal hProcess As Long, ByVal lpThreadAttributes As long, ByVal dwStackSize As Long, ByVal lpStartAddress As Long, ByVal lpParameter As long, ByVal dwCreationFlags As Long, lpThreadId As Long) As Long
Declare Function SetWindowsHookExW Lib "user32" Alias "SetWindowsHookExW" (ByVal idHook As Long, ByVal lpfn As Long, ByVal hmod As Long, ByVal dwThreadId As Long) As Long
Declare Function CallNextHookEx Lib "user32" Alias "CallNextHookEx" (ByVal hHook As Long, ByVal ncode As Long,ByVal wParam As Long,byval lParam As long) As Long
Declare Function VirtualAlloc Lib "kernel32" (ByVal lpAddress As Long, ByVal dwSize As Long, ByVal flAllocationType As Long, ByVal flProtect As Long) As Long
Declare Function VirtualFree Lib "kernel32" (ByVal lpAddress As Long, ByVal dwSize As Long, ByVal dwFreeType As Long) As Long
Declare Function WaitForSingleObject Lib "kernel32" (ByVal hHandle As Long, ByVal dwMilliseconds As Long) As Long
Declare Function CreateProcessA Lib "kernel32" Alias "CreateProcessA" ( lpApplicationName As String, ByVal lpCommandLine As String, ByVal lpProcessAttributes As Long,ByVal lpThreadAttributes As Long, ByVal bInheritHandles As Long, ByVal dwCreationFlags As Long, lpEnvironment As Any, ByVal lpCurrentDriectory As String,ByVal lpStartupInfo As long, ByVal lpProcessInformation As long) As Long
Declare Function ReadProcessMemoryB Lib "kernel32" Alias "ReadProcessMemory" (ByVal hProcess As Long,ByVal lpBaseAddress As Long, ByVal lpBuffer As Long, ByVal nSize As Long, lpNumberOfBytesWritten As Long) As Long
Function 进制_单字节集转十(ByteValue)
Dim Hex_Read=""
If ByteValue < 16 Then
Hex_Read = "0" & Hex(ByteValue)
Else
Hex_Read=Hex(ByteValue)
End If
Return Hex_Read
End Function
Function 内存搜索特征码S(BeginAddr, EndAddr, FeatureCode)//暂时最快速度,十六进制字节集
Dim Struct = StructPack("BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB",0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0)
Dim Addr_Sturct=addrof(Struct)
dim X1,X2,X3,X4,X5,X6,X7,X8,X9,X10,X11,X12,X13,X14,X15,X16,X17,X18,X19,X20,X21,X22,X23,X24,X25,X26,X27,X28,X29,X30,X31,X32 //这里其实可以根据自己情况,步长位8
FeatureCode = 进制_十六字节集转十字节集(FeatureCode)//这里要进行转换,下面是十进制字节集比较
Dim CurAddr=0
Dim dwSize=(1024+Len(FeatureCode)+32)/32
Dim Array_ReadVale()
Dim Pos_Addr=0
Dim n=0
Dim str_code=""
Dim LeftCut_Str=""
dim arrar_cut
For CurAddr = BeginAddr To EndAddr Step 1024
n=0
For int(dwSize)
ReadProcessMemoryB(Handle_Process,CurAddr+n*32, Addr_Sturct, 32, 0)
X1,X2,X3,X4,X5,X6,X7,X8,X9,X10,X11,X12,X13,X14,X15,X16,X17,X18,X19,X20,X21,X22,X23,X24,X25,X26,X27,X28,X29,X30,X31,X32 = StructUnPack("BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB", Struct)
Array_ReadVale(n+1) = X1&"," & X2&"," & X3&"," & X4&"," & X5&"," & X6&"," & X7&"," & X8&"," & X9&"," & X10&"," & X11&"," & X12&"," & X13&"," & X14&"," & X15&"," & X16&"," &X17&","&X18&","&X19&","&X20&","&X21&","_
&X22&","&X23&","&X24&","&X25&","&X26&","&X27&","&X28&","&X29&","&X30&","&X31 &","&X32&","
n = n + 1
Next
str_code=Join(Array_ReadVale, "")
Pos_Addr = Instr(str_code, FeatureCode, 1)
If Pos_Addr <> 0 Then
LeftCut_Str = Left(str_code, Pos_Addr)
arrar_cut=split(LeftCut_Str,",")
// TracePrint arrar_cut
TracePrint ("哥哥!终于找到了。"& Hex(CurAddr+ubound(arrar_cut)-1))
Exit For
End If
Next
Struct = Null
return CurAddr+ubound(arrar_cut)-1
End Function
Function 内存搜索特征码A(BeginAddr, EndAddr, FeatureCode)//暂时最快速度,完美解决
Dim Struct = StructPack("BBBBBBBBBBBBBBBB",0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0)
Dim Addr_Sturct=addrof(Struct)
dim X1,X2,X3,X4,X5,X6,X7,X8,X9,X10,X11,X12,X13,X14,X15,X16 //这里其实可以根据自己情况,步长位8
FeatureCode = replace(FeatureCode, " ", "")
Dim dwSize=(1024+Len(FeatureCode)+16)/16
Dim Array_ReadVale()
Dim Pos_Addr=0
Dim n=0
Dim CurAddr=0
For CurAddr = BeginAddr To EndAddr Step 1024
n=0
For dwSize-1
ReadProcessMemoryB(Handle_Process,CurAddr+n*16, Addr_Sturct, 16, 0)
X1,X2,X3,X4,X5,X6,X7,X8,X9,X10,X11,X12,X13,X14,X15,X16 = StructUnPack("BBBBBBBBBBBBBBBB", Struct)
Array_ReadVale(n+1) =进制_单字节集转十(X1) &进制_单字节集转十(X2) &进制_单字节集转十(X3) &进制_单字节集转十(X4) &进制_单字节集转十(X5) &进制_单字节集转十(X6) &进制_单字节集转十(X7) &进制_单字节集转十(X8) &进制_单字节集转十(X9) &_
进制_单字节集转十(X10) &进制_单字节集转十(X11) &进制_单字节集转十(X12) &进制_单字节集转十(X13) &进制_单字节集转十(X14) &进制_单字节集转十(X15) &进制_单字节集转十(X16)
n = n + 1
Next
Pos_Addr = Instr(Join(Array_ReadVale, ""), FeatureCode, 1)
If Pos_Addr <> 0 Then
// TracePrint ("哥哥!终于找到了。"& Hex(CurAddr+(Pos_Addr+1)/2-1))
Exit For
End If
CurAddr=CurAddr+1024
Next
Struct = Null
return CurAddr+(Pos_Addr+1)/2-1
End Function
Function 创建进程S(PathfileName,path)
Dim struct9=申请_本地内存(500)
Dim struct10=申请_本地内存(20)
CreateProcessA(0,PathfileName,0,0,0,0,0,path,struct9,struct10)
释放_本地内存 (struct9)
释放_本地内存 (struct10)
End function
Function 远程_获取模块函数名(Str_module,Str_Funciton)
Dim RetAddr=申请_进程内存空间(256) //申请储存返回值4字节和字符串
Dim PHandle=GetModuleHandleA("kernel32.dll")
dim FunAddr= GetProcAddress(PHandle, "GetModuleHandleA")
dim addr_GetProcAddress= GetProcAddress(PHandle, "GetProcAddress")
TracePrint addr_GetProcAddress
Dim addr_module=RetAddr+4
写入_ASCII字符(addr_module,str_module)
Dim addrFun =RetAddr+256//函数名字
写入_ASCII字符(addrFun,Str_Funciton)
AsmClear()
Push(addr_module)
Mov_EAX_(FunAddr)
Call_EAX
Mov_Ptr_Addr_EAX (RetAddr)
Mov_EAX_Ptr_(RetAddr)
Push(addrFun)//函数
Push_EAX //模块
Mov_EDX_(addr_GetProcAddress)
Call_EDX()
Mov_Ptr_Addr_EAX (RetAddr)
AsmCodeCall (0)
dim addr_func=读取_4字节整数(RetAddr)
释放_进程内存空间(RetAddr)
Return addr_func
End Function
Function 远程_获取模块句柄(str_module)
Dim RetAddr=申请_进程内存空间(256) //申请储存返回值4字节和字符串
Dim PHandle=GetModuleHandleA("kernel32.dll")
dim FunAddr= GetProcAddress(PHandle, "GetModuleHandleA")
//TracePrint FunAddr
Dim addr =RetAddr+4//
写入_ASCII字符(addr,str_module)
AsmClear()
Push(addr)
Mov_EAX_(FunAddr)
Call_EAX
Mov_Ptr_Addr_EAX(RetAddr)
AsmCodeCall (0)
dim Handle_Module=读取_4字节整数(RetAddr)
释放_进程内存空间(RetAddr)
Return Handle_Module
End Function
Function BindHandlePro(ProcessId)//汇编执行绑定指定进程id获取进程句柄,每次执行的时候要执行一次
Handle_Process = OpenProcess(2035711, false, ProcessId)//获取进程句柄
Return Handle_Process
End Function
Function AsmCodeCall(AsmType)//核心代码
PublicCode = PublicCode & "C3"
PublicCode = 十六进制字节集标准化(PublicCode)
// TracePrint PublicCode
dim NewWriteCodeAddr =0
Dim size=0
size = Len(PublicCode) + 10
NewWriteCodeAddr = 申请_进程内存空间(size)//申请空
// TracePrint "注入函数地址:"& Hex(NewWriteCodeAddr)
call 写入_字节集( NewWriteCodeAddr, PublicCode)
dim RThwnd = CreateRemoteThread(Handle_Process, 0, 0, NewWriteCodeAddr, 0, 0, 0)
WaitForSingleObject(RThwnd,&HFFFFFFFF)
释放_进程内存空间(NewWriteCodeAddr)
End Function
Function 远程_调用进程函数(Addr)
Dim RThwnd = CreateRemoteThread(Handle_Process, 0, 0, Addr, 0, 0, 0)
WaitForSingleObject(RThwnd,&HFFFFFFFF)
return RThwnd
End Function
Function 远程_注入dll( dll路径字符串)
Dim LoadLibraryA_Addr=动态库dll函数地址获取("kernel32.dll","LoadLibraryA")
dim CodeSize = len(dll路径字符串)+100 //加10避免空间不够用
TracePrint Hex(LoadLibraryA_Addr)
dim NewWriteCodeAddr = 申请_进程内存空间(CodeSize)//申请空间
TracePrint Hex(NewWriteCodeAddr)
CALL 写入_ASCII字符(NewWriteCodeAddr, dll路径字符串)
Dim RThwnd=CreateRemoteThread(Handle_Process, 0, 0, LoadLibraryA_Addr, NewWriteCodeAddr, 0, 0)
WaitForSingleObject(RThwnd,&HFFFFFFFF)
释放_进程内存空间 (NewWriteCodeAddr)
return RThwnd
End Function
Function 写入_ASCII字符(lpBaseAddress, 字符串)
dim i=1
Dim bytestr
For len(字符串)
bytestr = Asc(mid(字符串, i, 1))
// TracePrint bytestr
写入_整数(lpBaseAddress - 1 + i, bytestr,1)
i=i+1
Next
End Function
Function 写入_字节集( WriteAddr, Byte字节集)
Dim ByteArr
ByteArr=Split(Byte字节集," ")
dim i=0
For UBound(ByteArr)
// TracePrint 字节数组(i+1)
call 写入_整数(WriteAddr+i,"&H"&ByteArr(i+1),1) //这里我统一加上&H,可以进行运
i=i+1
Next
Return WriteAddr
End Function
Function 十六进制字节集标准化(十六字节集)
Dim i
dim PublicCode_1 =""
For i = 0 To Len(十六字节集) / 2 - 1
PublicCode_1 = PublicCode_1 &(" " & Mid(十六字节集, i * 2 + 1, 2)) //======里是字符集转换空格隔开======
Next
PublicCode_1 = LTrim(PublicCode_1," ")//重新赋值
return PublicCode_1
End Function
Function 内存_属性修改(Addr,AddrSize)
Dim oldVal=0
return VirtualProtectEx(Handle_Process, Addr, AddrSize, 64, oldVal) //是否需要原来属性,这个还有待测试,是否获取原来属性也可以的。
End Function
Function 线程ID_当前()
Return GetCurrentThreadId()
End Function
Function 线程ID_窗口获取(Hwnd) //窗口线程,也就是窗口创建者ID
return GetWindowThreadProcessId(Hwnd,null)
End Function
Function 进程ID_窗口获取(Hwnd)
Dim lpdwProcessId=0
GetWindowThreadProcessId(Hwnd,lpdwProcessId)
End Function
Function 动态库dll载入(PathFileName)
Return LoadLibraryA(PathFileName)
End Function
Function 动态库dll卸载(PathFileName)
dim hMoule=GetModuleHandleA(PathFileName) //获取模块名
Return FreeLibrary(hMoule)
End Function
Function 动态库dll函数地址获取(FileName,FuncName)//大小写字符敏感
dim hMoule=GetModuleHandleA(FileName) //获取模块名
return GetProcAddress(hMoule,FuncName)
End Function
Function 动态库dll模块句柄获取(FileName)
return GetModuleHandleA(FileName)
End Function
Function 获取内存最后错误()
Return GetLastError()
End Function
Function 申请_进程内存空间(size)
dim tmp_Addr=0
tmp_Addr= VirtualAllocEx(Handle_Process, 0, size, 4096, 64)
Return tmp_Addr
End Function
Function 释放_进程内存空间(addr)
return VirtualFreeEx(Handle_Process, Addr, 0,32768)
End Function
Function 申请_本地内存(size)
return VirtualAlloc(0,size,&H1000,&H40)//第二个参数注意下
End Function
Function 释放_本地内存(addr)
return VirtualFree(addr,0,&H4000)
End Function
Function 进制_十六字节集转十字节集(StrHexCode)//TracePrint 进制_十六字节集转十字节集("E8 67 56 71 00 8B 86 A8 24 00 00 8D")
Dim CodeArray=split(StrHexCode," ")
Dim StrCode=""
Dim m=1 //按键x版本数值从0开始
For UBound(CodeArray)
StrCode=StrCode &","& 进制_十六转十(CodeArray[m])
m=m+1
Next
Return LTrim(StrCode,",")
End Function
Function 进制_十字节集转十六字节集(StrHexCode)//TracePrint 进制_十字节集转十六字节集("232,103,86,113,0,139,134,168,36,0,0,141")
Dim CodeArray=split(StrHexCode,",")
Dim StrCode=""
Dim m=1 //按键x版本数值从0开始
For UBound(CodeArray)
StrCode=StrCode &" "& Hex(CodeArray[m])
m=m+1
Next
Return LTrim(StrCode," ")
End Function
Function 进制_单字节转二进制字节(Value)//只支持无符号整数,最大数值不能超过255
Dim ByteArr=""
Dim LenVal=0
Dim BuWei=""
If Value<16 then
ByteArr = "0" & Hex(value)
ElseIf Value <=255 and Value>=16 Then
ByteArr = Hex(value)
ElseIf Value > 255 Then
TracePrint "单字节类型数据溢出!"
ByteArr = Hex(value)
End If
return ByteArr
End Function
Function 进制_双字节整数转二进制字节(Value, ValType)
Dim ByteArr=""
Dim LenVal=0
Dim BuWei=""
If Value<=65535 and Value>=0 then
ByteArr=Hex(htons(Value)) //调用网络2字节API
LenVal = Len(ByteArr)
TracePrint ByteArr
BuWei=""
For (4-LenVal)
BuWei=BuWei&"0"
Next
ByteArr = BuWei & ByteArr
return ByteArr
Else
TracePrint "数据溢出!"
End if
End Function
Function 进制_四字节整数转二进制字节(Value,ValueType)
Dim addr=0
Dim bufaddr=0
Dim Struct
If ValueType=0 then
Struct = StructPack("L", Value)// 无符号整数
ElseIf ValueType = 1 Then
Struct = StructPack("l", Value)// 有符号整数
End if
addr = addrof(Struct)
TracePrint Hex(addr)
Dim n=0
Dim str=""
For 4
ReadProcessMemory(获取本地进程句柄(),addr+n, bufaddr, 1, 0)//读取每个字节的值// lpBaseAddress是存放数据的地址
TracePrint hEX(bufaddr)
If bufaddr = 0 Then
str=str &"00"
ElseIf Len(Hex(bufaddr)) = 1 Then
str=str &"0" & Hex(bufaddr)
Else
str=str & Hex(bufaddr)
End If
n = n + 1
Next
Struct=null//释放内存
Return str
End Function
Function 进制_八字节整数转二进制字节(Value, ValueType)//64位或者长整数
Dim addr=0
Dim bufaddr=0
Dim Struct
If ValueType=0 then
Struct = StructPack("J", Value)// 无符号64整数
ElseIf ValueType = 1 Then
Struct = StructPack("j", Value)// 有符号64整数
End if
addr = addrof(Struct)
TracePrint Hex(addr)
Dim n=0
Dim str=""
For 8
ReadProcessMemory(获取本地进程句柄(),addr+n, bufaddr, 1, 0)//读取每个字节的值// lpBaseAddress是存放数据的地址
TracePrint hEX(bufaddr)
If bufaddr = 0 Then
str=str &"00"
ElseIf Len(Hex(bufaddr)) = 1 Then
str=str &"0" & Hex(bufaddr)
Else
str=str & Hex(bufaddr)
End If
n = n + 1
Next
Struct=null//释放内存
Return str
End Function
Function 进制_浮点转二进制字节(Value)
Dim addr=0
Dim bufaddr=0
Dim Struct = StructPack("f",Value) //结构体竟然不会自己释放的。
addr = addrof(Struct)
TracePrint Hex(addr)
Dim n=0
Dim str=""
For 4
ReadProcessMemory(获取本地进程句柄(),addr+n, bufaddr, 1, 0)//读取每个字节的值// lpBaseAddress是存放数据的地址
str=str & Hex(bufaddr)
n=n+1
Next
Struct=null//释放内存
Return str
End Function
Function 进制_双浮点转二进制字节(Value)
Dim addr=0
Dim bufaddr=0
Dim Struct = StructPack("d",Value) //结构体竟然不会自己释放的。
addr = addrof(Struct)
TracePrint Hex(addr)
Dim n=0
Dim str=""
For 8
ReadProcessMemory(获取本地进程句柄(),addr+n, bufaddr, 1, 0)//读取每个字节的值// lpBaseAddress是存放数据的地址
str=str & Hex(bufaddr)
n=n+1
Next
Struct=null//释放内存
Return str
End Function
Function 进制_十六转十(十六进制字符串)
//例子:Msgbox lib.算法.十六进制转十进制("FFFFFF")
Dim D,H,i,Ia
D = 0
H = UCase(十六进制字符串)
For i = 1 To Len(H)
Ia = Asc(Mid(H, i, 1)) - 48
If Ia > 9 Then Ia = Ia - 7
D = D * 16 + Ia
Next
return D
End Function
Function 进制_浮点数转十六(Value)
Dim x1, addr=0
Dim bufaddr=0
Dim Struct = StructPack("f",Value) //结构体竟然不会自己释放的。
x1= StructUnPack("f", Struct)
addr = addrof(Struct)
ReadProcessMemory(获取本地进程句柄(),addr, bufaddr, 4, 0)//读取每个字节的值// lpBaseAddress是存放数据的地址
Struct=null//释放内存
Return Hex(bufaddr)
End Function
Function 获取本地进程句柄()
dim pid=GetCurrentProcessId()
Return OpenProcess(2035711, false, pid)//获取进程句柄
End Function
Function 写入_单精度浮点数(lpBaseAddress, WriteValue)// 4字节 2字节 1字节
Return WriteProcessMemory(Handle_Process, lpBaseAddress, WriteValue, 4, 0)// lpBaseAddress是存放数据的地址
End Function
Function 写入_整数(lpBaseAddress, WriteValue,size)// 4字节 2字节 1字节
Return WriteProcessMemory(Handle_Process, lpBaseAddress, WriteValue, size, 0)// lpBaseAddress是存放数据的地址
End Function
Function 写入_4字节整数(lpBaseAddress, WriteValue)// 4字节 2字节 1字节
Return WriteProcessMemory(Handle_Process, lpBaseAddress, WriteValue, 4, 0)// lpBaseAddress是存放数据的地址
End Function
Function 写入_八字节长整数(Addr, Value,TypeVal)
Dim Struct
If TypeVal=0 then
Struct = StructPack("J",Value)//无符号
ElseIf TypeVal = 1 Then
Struct = StructPack("j",Value)//有符号
End If
Dim Value1 =0
dim Value2 =0 //这里要注意初始化
Value1,Value2 =StructUnPack("ll",Struct)
Struct=null//释放内存
WriteProcessMemory(Handle_Process, addr, Value1, 4, 0)
return WriteProcessMemory(Handle_Process, addr+4, Value2, 4, 0)
End Function
Function 写入_双浮点数(Addr,Value)
Dim Struct = StructPack("d",Value)
Dim Value1 =0
dim Value2 =0 //这里要注意初始化
Value1,Value2 =StructUnPack("ll",Struct)
Struct=null//释放内存
WriteProcessMemory(Handle_Process, addr, Value1, 4, 0)
return WriteProcessMemory(Handle_Process, addr+4, Value2, 4, 0)
End Function
//=============================================================读取数据
Function 读取_整数(lpBaseAddress,size)// 4字节 2字节 1字节
Dim ReadValue=0
Return ReadProcessMemory(Handle_Process,lpBaseAddress, ReadValue, size, 0)//读取每个字节的值// lpBaseAddress是存放数据的地址
End Function
Function 读取_4字节整数(lpBaseAddress)// 4字节 2字节 1字节
Dim ReadValue=0
ReadProcessMemory(Handle_Process,lpBaseAddress, ReadValue, 4, 0)//读取每个字节的值// lpBaseAddress是存放数据的地址
Return ReadValue
End Function
Function 读取_浮点数(lpBaseAddress)// 4字节 2字节 1字节
Dim ReadValue=0.02
If lpBaseAddress>=3.4*10^-38 and lpBaseAddress<=3.4*10^38 then
ReadProcessMemory(Handle_Process,lpBaseAddress, ReadValue, 4, 0)//读取每个字节的值// lpBaseAddress是存放数据的地址
End if
Return ReadValue
End Function
Function 读取_双浮点数(addr)
Dim bufaddr1=0
Dim bufaddr2=0
ReadProcessMemory(Handle_Process, addr, bufaddr1, 4, 0) //先分别读写数值的前4位后四位
ReadProcessMemory(Handle_Process, addr+4, bufaddr2, 4, 0)
Dim Struct = StructPack("ll",bufaddr1,bufaddr2) //结构体竟然不会自己释放的。 浮点数这里要用ll不要用LL
dim StructAddr = addrof(Struct)
Dim DbValue=0.0
DbValue= StructUnPack("d",Struct)
Struct = null//释放内存
Return DbValue
End Function
Function 读取_ASCII字符串(lpBaseAddress, size)// 4字节 2字节 1字节
Dim srt=""
dim n=0
Dim ReadValue
For size
ReadProcessMemory(Handle_Process,lpBaseAddress+n, ReadValue, 1, 0)//读取每个字节的值// lpBaseAddress是存放数据的地址
srt = srt & chr(ReadValue)
// TracePrint chr(ReadValue)
n=n+1
Next
Return srt
End Function
//=======================================================================================常用命令
Function W_ShellCode()
Dim shell_code=""
shell_code=PublicCode
Return shell_code
End Function
Function W_HighAndLow(Value , n) '高低位互换
Dim tmp1=""
dim tmp2=""
dim i
tmp1 = Right("0000000"& Hex(Value), n)
For i = 0 To Len(tmp1) / 2 - 1
tmp2 = tmp2 & Mid(tmp1, Len(tmp1) - 1 - 2 * i, 2)
Next //=======================================这里出错
Return tmp2
End Function
//Function W_HighAndLow(Value, n)'高低位互换,这个是更新版本,n是多余的参数,还有bug 0000
// If Value <255 and Value >16 Then
// W_HighAndLow = Hex(Value)
// ElseIf Value < 16 and Value >=0 Then
//
// W_HighAndLow = "0" & Hex(Value)
//
// Else
// W_HighAndLow = Hex(htonl(Value))
// End If
//End Function
//================================类人猿按键精灵X版本独立内存汇编库:QQ:578052137 按键精灵的内存汇编技术学习Q群:526897608 =============================================
// 手稿版本为:1.00
//================================希望喜欢按键的朋友继续传递下去,继续更新===================================================
//按键也可以独立做内存和汇编,不用依赖其他语言。代码发现bug问题请及时反馈给我,谢谢!
Function AsmClear()
PublicCode=""
End Function
Function Leave()
PublicCode = PublicCode & "C9"
End Function
Function Pushad()
PublicCode = PublicCode & "60"
End Function
Function Popad()
PublicCode = PublicCode & "61"
End Function
Function Nop()
PublicCode = PublicCode & "90"
End Function
Function Ret()
PublicCode = PublicCode & "C3"
End Function
Function Retn(i) //这个是新加的
PublicCode = PublicCode & "C2"& W_HighAndLow(i, 4)
End Function
Function Retf()
PublicCode = PublicCode & "C8"
End Function
Function IN_AL_DX()
PublicCode = PublicCode & "EC"
End Function
Function TEST_EBX_EDX()
PublicCode = PublicCode & "85D3"
End Function
Function TEST_EAX_ECX()
PublicCode = PublicCode & "85C1"
End Function
'Add
'&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&
Function Add_EAX_EDX()
PublicCode = PublicCode & "03C2"
End Function
Function Add_EBX_EAX()
PublicCode = PublicCode & "03D8"
End Function
Function Add_EAX_Ptr_(i)
PublicCode = PublicCode & "0305" & W_HighAndLow(i, 8)
End Function
Function Add_EBX_Ptr_(i)
PublicCode = PublicCode & "031D" & W_HighAndLow(i, 8)
End Function
Function Add_EBP_Ptr_(i)
PublicCode = PublicCode & "032D" & W_HighAndLow(i, 8)
End Function
Function Add_EAX_(i)
PublicCode = PublicCode & "05" & W_HighAndLow(i, 8)
End Function
Function Add_EBX_(i)
PublicCode = PublicCode & "83C3" & W_HighAndLow(i, 8)
End Function
Function Add_ECX_(i)
PublicCode = PublicCode & "83C1" & W_HighAndLow(i, 8)
End Function
Function Add_EDX_(i)
PublicCode = PublicCode & "83C2" & W_HighAndLow(i, 8)
End Function
Function Add_ESI_(i)
PublicCode = PublicCode & "83C6" & W_HighAndLow(i, 8)
End Function
Function Add_ESP_(i)
PublicCode = PublicCode & "83C4" & W_HighAndLow(i, 8)
End Function
'Sub
'&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&
Function Sub_EAX_ECX()
PublicCode = PublicCode & "2BC1"
End Function
Function Sub_ECX_EAX()
PublicCode = PublicCode & "2BC8"
End Function
Function Sub_EAX_(i)
If i <= 127 and i >= 0 Then
PublicCode = PublicCode & "83E8" & W_HighAndLow(i, 2)
Else
PublicCode = PublicCode & "2D" & W_HighAndLow(i, 8)
End If
End Function
Function Sub_ECX_(i)
If i <= 127 and i >= 0 Then
PublicCode = PublicCode & "83E9" & W_HighAndLow(i, 2)
Else
PublicCode = PublicCode & "81E9" & W_HighAndLow(i, 8)
End If
End Function
Function Sub_EDX_(i)
If i <= 127 and i >= 0 Then
PublicCode = PublicCode & "83EA" & W_HighAndLow(i, 2)
Else
PublicCode = PublicCode & "81EA" & W_HighAndLow(i, 8)
End If
End Function
Function Sub_EBX_(i)
If i <= 127 and i >= 0 Then
PublicCode = PublicCode & "83EB" & W_HighAndLow(i, 2)
Else
PublicCode = PublicCode & "81EB" & W_HighAndLow(i, 8)
End If
End Function
Function Sub_ESP_(i)
If i <= 127 and i >= 0 Then
PublicCode = PublicCode & "83EC" & W_HighAndLow(i, 2)
Else
PublicCode = PublicCode & "81EC" & W_HighAndLow(i, 8)
End If
End Function
Function Sub_EBP_(i)
If i <= 127 and i >= 0 Then
PublicCode = PublicCode & "83ED" & W_HighAndLow(i, 2)
Else
PublicCode = PublicCode & "81ED" & W_HighAndLow(i, 8)
End If
End Function
Function Sub_ESI_(i)
If i <= 127 and i >= 0 Then
PublicCode = PublicCode & "83EE" & W_HighAndLow(i, 2)
Else
PublicCode = PublicCode & "81EE" & W_HighAndLow(i, 8)
End If
End Function
Function Sub_EDI_(i)
If i <= 127 and i >= 0 Then
PublicCode = PublicCode & "83EF" & W_HighAndLow(i, 2)
Else
PublicCode = PublicCode & "81EF" & W_HighAndLow(i, 8)
End If
End Function
'Call
'&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&
Function Call_EAX()
PublicCode = PublicCode & "FFD0"
End Function
Function Call_EBX()
PublicCode = PublicCode & "FFD3"
End Function
Function Call_ECX()
PublicCode = PublicCode & "FFD1"
End Function
Function Call_EDX()
PublicCode = PublicCode & "FFD2"
End Function
Function Call_ESI()
PublicCode = PublicCode & "FFD6"
End Function
Function Call_ESP()
PublicCode = PublicCode & "FFD4"
End Function
Function Call_EBP()
PublicCode = PublicCode & "FFD5"
End Function
Function Call_EDI()
PublicCode = PublicCode & "FFD7"
End Function
Function Call_Ptr_(i )
PublicCode = PublicCode & "FF15" & W_HighAndLow(i, 8)
End Function
//Function Call_Ptr_Value(i ) //这个是新加进去的,这个时候错误的
//PublicCode = PublicCode & "E8" & W_HighAndLow(i, 8)
//End Function
Function Call_Ptr_EAX()
PublicCode = PublicCode & "FF10"
End Function
Function Call_Ptr_EBX()
PublicCode = PublicCode & "FF13"
End Function
'Cmp
'&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&
Function Cmp_EAX_(i)
If i <= 255 and i >= 0 Then
PublicCode = PublicCode & "83F8" & W_HighAndLow(i, 2)
Else
PublicCode = PublicCode & "3D" & W_HighAndLow(i, 8)
End If
End Function
Function Cmp_EAX_EDX()
PublicCode = PublicCode & "3BC2"
End Function
Function Cmp_EAX_Ptr_(i)
PublicCode = PublicCode & "3B05" & W_HighAndLow(i, 8)
End Function
Function Cmp_Ptr_Addr_EAX(i) //这个可以用作规范
PublicCode = PublicCode & "3905" & W_HighAndLow(i, 8)
End Function
'DEC
'&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&
Function Dec_EAX()
PublicCode = PublicCode & "48"
End Function
Function Dec_EBX()
PublicCode = PublicCode & "4B"
End Function
Function Dec_ECX()
PublicCode = PublicCode & "49"
End Function
Function Dec_EDX()
PublicCode = PublicCode & "4A"
End Function
'Idiv
'&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&
Function Idiv_EAX()
PublicCode = PublicCode & "F7F8"
End Function
Function Idiv_EBX()
PublicCode = PublicCode & "F7FB"
End Function
Function Idiv_ECX()
PublicCode = PublicCode & "F7F9"
End Function
Function Idiv_EDX()
PublicCode = PublicCode & "F7FA"
End Function
'Imul
'&&&&&&&
//&&&&&&&&&&&&&&&&&&&&&&&&&&&&
Function Imul_EAX_EDX()
PublicCode = PublicCode & "0FAFC2"
End Function
Function Imul_EAX_(i)
PublicCode = PublicCode & "6BC0" & W_HighAndLow(i, 2)
End Function
Function ImulB_EAX_(i )
PublicCode = PublicCode & "69C0" & W_HighAndLow(i, 8)
End Function
'INC
'&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&
Function Inc_EAX()
PublicCode = PublicCode & "40"
End Function
Function Inc_EBX()
PublicCode = PublicCode & "43"
End Function
Function Inc_ECX()
PublicCode = PublicCode & "41"
End Function
Function Inc_EDX()
PublicCode = PublicCode & "42"
End Function
Function Inc_EDI()
PublicCode = PublicCode & "47"
End Function
Function Inc_ESI()
PublicCode = PublicCode & "46"
End Function
Function Inc_Ptr_EAX()
PublicCode = PublicCode & "FF00"
End Function
Function Inc_Ptr_EBX()
PublicCode = PublicCode & "FF03"
End Function
Function Inc_Ptr_ECX()
PublicCode = PublicCode & "FF01"
End Function
Function Inc_Ptr_EDX()
PublicCode = PublicCode & "FF02"
End Function
'JMP/JE/JNE
'&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&
Function JMP_EAX()
PublicCode = PublicCode & "FFE0"
End Function
'Mov
Function Mov_Ptr_Addr_EAX(i)
PublicCode = PublicCode & "A3" & W_HighAndLow(i, 8)
End Function
Function Mov_Ptr_Addr_AL(i)
PublicCode = PublicCode & "A2" & W_HighAndLow(i, 8)
End Function
Function Mov_Ptr_Addr_AH(i)
PublicCode = PublicCode & "8825" & W_HighAndLow(i, 8)
End Function
Function Mov_EAX_(i )
PublicCode = PublicCode & "B8" & W_HighAndLow(i, 8)
End Function
Function Mov_EBX_(i )
PublicCode = PublicCode & "BB" & W_HighAndLow(i, 8)
End Function
Function Mov_ECX_(i )
PublicCode = PublicCode & "B9" & W_HighAndLow(i, 8)
End Function
Function Mov_EDX_(i )
PublicCode = PublicCode & "BA" & W_HighAndLow(i, 8)
End Function
Function Mov_ESI_(i )
PublicCode = PublicCode & "BE" & W_HighAndLow(i, 8)
End Function
Function Mov_ESP_(i )
PublicCode = PublicCode & "BC" & W_HighAndLow(i, 8)
End Function
Function Mov_EBP_(i )
PublicCode = PublicCode & "BD" & W_HighAndLow(i, 8)
End Function
Function Mov_EDI_(i )
PublicCode = PublicCode & "BF" & W_HighAndLow(i, 8)
End Function
Function Mov_EBX_Ptr_(i)
PublicCode = PublicCode & "8B1D" & W_HighAndLow(i, 8)
End Function
Function Mov_ECX_Ptr_(i )
PublicCode = PublicCode & "8B0D" & W_HighAndLow(i, 8)
End Function
Function Mov_EAX_Ptr_(i)
PublicCode = PublicCode & "A1" & W_HighAndLow(i, 8)
End Function
Function Mov_EDX_Ptr_(i )
PublicCode = PublicCode & "8B15" & W_HighAndLow(i, 8)
End Function
Function Mov_ESI_Ptr_(i )
PublicCode = PublicCode & "8B35" & W_HighAndLow(i, 8)
End Function
Function Mov_ESP_Ptr_(i )
PublicCode = PublicCode & "8B25" & W_HighAndLow(i, 8)
End Function
Function Mov_EBP_Ptr_(i )
PublicCode = PublicCode & "8B2D" & W_HighAndLow(i, 8)
End Function
Function Mov_EAX_Ptr_EAX()
PublicCode = PublicCode & "8B00"
End Function
Function Mov_EAX_Ptr_EBP()
PublicCode = PublicCode & "8B4500"
End Function
Function Mov_EAX_Ptr_EBX()
PublicCode = PublicCode & "8B03"
End Function
Function Mov_EAX_Ptr_ECX()
PublicCode = PublicCode & "8B01"
End Function
Function Mov_EAX_Ptr_EDX()
PublicCode = PublicCode & "8B02"
End Function
Function Mov_EAX_Ptr_EDI()
PublicCode = PublicCode & "8B07"
End Function
Function Mov_EAX_Ptr_ESP()
PublicCode = PublicCode & "8B0424"
End Function
Function Mov_EAX_Ptr_ESI()
PublicCode = PublicCode & "8B06"
End Function
Function Mov_EAX_Ptr_EAX_OffSet(i )
If i <= 255 and i >= 0 Then
PublicCode = PublicCode & "8B40" & W_HighAndLow(i, 2)
Else
PublicCode = PublicCode & "8B80" & W_HighAndLow(i, 8)
End If
End Function
Function Mov_EAX_Ptr_ESP_OffSet(i )
If i <= 255 and i >= 0 Then
PublicCode = PublicCode & "8B4424" & W_HighAndLow(i, 2)
Else
PublicCode = PublicCode & "8B8424" & W_HighAndLow(i, 8)
End If
End Function
Function Mov_EAX_Ptr_EBX_OffSet(i )
If i <= 255 and i >= 0 Then
PublicCode = PublicCode & "8B43" & W_HighAndLow(i, 2)
Else
PublicCode = PublicCode & "8B83" & W_HighAndLow(i, 8)
End If
End Function
Function Mov_EAX_Ptr_ECX_OffSet(i )
If i <= 255 and i >= 0 Then
PublicCode = PublicCode & "8B41" & W_HighAndLow(i, 2)
Else
PublicCode = PublicCode & "8B81" & W_HighAndLow(i, 8)
End If
End Function
Function Mov_EAX_Ptr_EDX_OffSet(i )
If i <= 255 and i >= 0 Then
PublicCode = PublicCode & "8B42" & W_HighAndLow(i, 2)
Else
PublicCode = PublicCode & "8B82" & W_HighAndLow(i, 8)
End If
End Function
Function Mov_EAX_Ptr_EDI_OffSet(i )
If i <= 255 and i >= 0 Then
PublicCode = PublicCode & "8B47" & W_HighAndLow(i, 2)
Else
PublicCode = PublicCode & "8B87" & W_HighAndLow(i, 8)
End If
End Function
Function Mov_EAX_Ptr_EBP_OffSet(i )
If i <= 255 and i >= 0 Then
PublicCode = PublicCode & "8B45" & W_HighAndLow(i, 2)
Else
PublicCode = PublicCode & "8B85" & W_HighAndLow(i, 8)
End If
End Function
Function Mov_EAX_Ptr_ESI_OffSet(i )
If i <= 255 and i >= 0 Then
PublicCode = PublicCode & "8B46" & W_HighAndLow(i, 2)
Else
PublicCode = PublicCode & "8B86" & W_HighAndLow(i, 8)
End If
End Function
Function Mov_EBX_Ptr_EAX_OffSet(i )
If i <= 255 and i >= 0 Then
PublicCode = PublicCode & "8B58" & W_HighAndLow(i, 2)
Else
PublicCode = PublicCode & "8B98" & W_HighAndLow(i, 8)
End If
End Function
Function Mov_EBX_Ptr_ESP_OffSet(i )
If i <= 255 and i >= 0 Then
PublicCode = PublicCode & "8B5C24" & W_HighAndLow(i, 2)
Else
PublicCode = PublicCode & "8B9C24" & W_HighAndLow(i, 8)
End If
End Function
Function Mov_EBX_Ptr_EBX_OffSet(i )
If i <= 255 and i >= 0 Then
PublicCode = PublicCode & "8B5B" & W_HighAndLow(i, 2)
Else
PublicCode = PublicCode & "8B9B" & W_HighAndLow(i, 8)
End If
End Function
Function Mov_EBX_Ptr_ECX_OffSet(i )
If i <= 255 and i >= 0 Then
PublicCode = PublicCode & "8B59" & W_HighAndLow(i, 2)
Else
PublicCode = PublicCode & "8B99" & W_HighAndLow(i, 8)
End If
End Function
Function Mov_EBX_Ptr_EDX_OffSet(i )
If i <= 255 and i >= 0 Then
PublicCode = PublicCode & "8B5A" & W_HighAndLow(i, 2)
Else
PublicCode = PublicCode & "8B9A" & W_HighAndLow(i, 8)
End If
End Function
Function Mov_EBX_Ptr_EDI_OffSet(i )
If i <= 255 and i >= 0 Then
PublicCode = PublicCode & "8B5F" & W_HighAndLow(i, 2)
Else
PublicCode = PublicCode & "8B9F" & W_HighAndLow(i, 8)
End If
End Function
Function Mov_EBX_Ptr_EBP_OffSet(i )
If i <= 255 and i >= 0 Then
PublicCode = PublicCode & "8B5D" & W_HighAndLow(i, 2)
Else
PublicCode = PublicCode & "8B9D" & W_HighAndLow(i, 8)
End If
End Function
Function Mov_EBX_Ptr_ESI_OffSet(i )
If i <= 255 and i >= 0 Then
PublicCode = PublicCode & "8B5E" & W_HighAndLow(i, 2)
Else
PublicCode = PublicCode & "8B9E" & W_HighAndLow(i, 8)
End If
End Function
Function Mov_ECX_Ptr_EAX_OffSet(i) //这里出错过
If i <= 255 and i >= 0 Then
PublicCode = PublicCode & "8B48" & W_HighAndLow(i, 2)
Else
PublicCode = PublicCode & "8B88" & W_HighAndLow(i, 8)
End If
End Function
Function Mov_ECX_Ptr_ESP_OffSet(i )
If i <= 255 and i >= 0 Then
PublicCode = PublicCode & "8B4C24" & W_HighAndLow(i, 2)
Else
PublicCode = PublicCode & "8B8C24" & W_HighAndLow(i, 8)
End If
End Function
Function Mov_ECX_Ptr_EBX_OffSet(i )
If i <= 255 and i >= 0 Then
PublicCode = PublicCode & "8B4B" & W_HighAndLow(i, 2)
Else
PublicCode = PublicCode & "8B8B" & W_HighAndLow(i, 8)
End If
End Function
Function Mov_ECX_Ptr_ECX_OffSet(i )
If i <= 255 and i >= 0 Then
PublicCode = PublicCode & "8B49" & W_HighAndLow(i, 2)
Else
PublicCode = PublicCode & "8B89" & W_HighAndLow(i, 8)
End If
End Function
Function Mov_ECX_Ptr_EDX_OffSet(i )
If i <= 255 and i >= 0 Then
PublicCode = PublicCode & "8B4A" & W_HighAndLow(i, 2)
Else
PublicCode = PublicCode & "8B8A" & W_HighAndLow(i, 8)
End If
End Function
Function Mov_ECX_Ptr_EDI_OffSet(i )
If i <= 255 and i >= 0 Then
PublicCode = PublicCode & "8B4F" & W_HighAndLow(i, 2)
Else
PublicCode = PublicCode & "8B8F" & W_HighAndLow(i, 8)
End If
End Function
Function Mov_ECX_Ptr_EBP_OffSet(i )
If i <= 255 and i >= 0 Then
PublicCode = PublicCode & "8B4D" & W_HighAndLow(i, 2)
Else
PublicCode = PublicCode & "8B8D" & W_HighAndLow(i, 8)
End If
End Function
Function Mov_ECX_Ptr_ESI_OffSet(i )
If i <= 255 and i >= 0 Then
PublicCode = PublicCode & "8B4E" & W_HighAndLow(i, 2)
Else
PublicCode = PublicCode & "8B8E" & W_HighAndLow(i, 8)
End If
End Function
Function Mov_EDX_Ptr_EAX_OffSet(i )
If i <= 255 and i >= 0 Then
PublicCode = PublicCode & "8B50" & W_HighAndLow(i, 2)
Else
PublicCode = PublicCode & "8B90" & W_HighAndLow(i, 8)
End If
End Function
Function Mov_EDX_Ptr_ESP_OffSet(i )
If i <= 255 and i >= 0 Then
PublicCode = PublicCode & "8B5424" & W_HighAndLow(i, 2)
Else
PublicCode = PublicCode & "8B9424" & W_HighAndLow(i, 8)
End If
End Function
Function Mov_EDX_Ptr_EBX_OffSet(i)
If i <= 255 and i >= 0 Then
PublicCode = PublicCode & "8B53" & W_HighAndLow(i, 2)
Else
PublicCode = PublicCode & "8B93" & W_HighAndLow(i, 8 ) //这里出错过
End If
End Function
Function Mov_EDX_Ptr_ECX_OffSet(i )
If i <= 255 and i >= 0 Then
PublicCode = PublicCode & "8B51" & W_HighAndLow(i, 2)
Else
PublicCode = PublicCode & "8B91" & W_HighAndLow(i, 8)
End If
End Function
Function Mov_EDX_Ptr_EDX_OffSet(i )
If i <= 255 and i >= 0 Then
PublicCode = PublicCode & "8B52" & W_HighAndLow(i, 2)
Else
PublicCode = PublicCode & "8B92" & W_HighAndLow(i, 8)
End If
End Function
Function Mov_EDX_Ptr_EDI_OffSet(i )
If i <= 255 and i >= 0 Then
PublicCode = PublicCode & "8B57" & W_HighAndLow(i, 2)
Else
PublicCode = PublicCode & "8B97" & W_HighAndLow(i, 8)
End If
End Function
Function Mov_EDX_Ptr_EBP_OffSet(i )
If i <= 255 and i >= 0 Then
PublicCode = PublicCode & "8B55" & W_HighAndLow(i, 2)
Else
PublicCode = PublicCode & "8B95" & W_HighAndLow(i, 8)
End If
End Function
Function Mov_EDX_Ptr_ESI_OffSet(i )
If i <= 255 and i >= 0 Then
PublicCode = PublicCode & "8B56" & W_HighAndLow(i, 2)
Else
PublicCode = PublicCode & "8B96" & W_HighAndLow(i, 8)
End If
End Function
Function Mov_EBX_Ptr_EAX()
PublicCode = PublicCode & "8B18"
End Function
Function Mov_EBX_Ptr_EBP()
PublicCode = PublicCode & "8B5D00"
End Function
Function Mov_EBX_Ptr_EBX()
PublicCode = PublicCode & "8B1B"
End Function
Function Mov_EBX_Ptr_ECX()
PublicCode = PublicCode & "8B19"
End Function
Function Mov_EBX_Ptr_EDX()
PublicCode = PublicCode & "8B1A"
End Function
Function Mov_EBX_Ptr_EDI()
PublicCode = PublicCode & "8B1F"
End Function
Function Mov_EBX_Ptr_ESP()
PublicCode = PublicCode & "8B1C24"
End Function
Function Mov_EBX_Ptr_ESI()
PublicCode = PublicCode & "8B1E"
End Function
Function Mov_ECX_Ptr_EAX()
PublicCode = PublicCode & "8B08"
End Function
Function Mov_ECX_Ptr_EBP()
PublicCode = PublicCode & "8B4D00"
End Function
Function Mov_ECX_Ptr_EBX()
PublicCode = PublicCode & "8B0B"
End Function
Function Mov_ECX_Ptr_ECX()
PublicCode = PublicCode & "8B09"
End Function
Function Mov_ECX_Ptr_EDX()
PublicCode = PublicCode & "8B0A"
End Function
Function Mov_ECX_Ptr_EDI()
PublicCode = PublicCode & "8B0F"
End Function
Function Mov_ECX_Ptr_ESP()
PublicCode = PublicCode & "8B0C24"
End Function
Function Mov_ECX_Ptr_ESI()
PublicCode = PublicCode & "8B0E"
End Function
Function Mov_EDX_Ptr_EAX()
PublicCode = PublicCode & "8B10"
End Function
Function Mov_EDX_Ptr_EBP()
PublicCode = PublicCode & "8B5500"
End Function
Function Mov_EDX_Ptr_EBX()
PublicCode = PublicCode & "8B13"
End Function
Function Mov_EDX_Ptr_ECX()
PublicCode = PublicCode & "8B11"
End Function
Function Mov_EDX_Ptr_EDX()
PublicCode = PublicCode & "8B12"
End Function
Function Mov_EDX_Ptr_EDI()
PublicCode = PublicCode & "8B17"
End Function
Function Mov_EDX_Ptr_ESI()
PublicCode = PublicCode & "8B16"
End Function
Function Mov_EDX_Ptr_ESP()
PublicCode = PublicCode & "8B1424"
End Function
Function Mov_EAX_EBP()
PublicCode = PublicCode & "8BC5"
End Function
Function Mov_EAX_EBX()
PublicCode = PublicCode & "8BC3"
End Function
Function Mov_EAX_ECX()
PublicCode = PublicCode & "8BC1"
End Function
Function Mov_EAX_EDI()
PublicCode = PublicCode & "8BC7"
End Function
Function Mov_EAX_EDX()
PublicCode = PublicCode & "8BC2"
End Function
Function Mov_EAX_ESI()
PublicCode = PublicCode & "8BC6"
End Function
Function Mov_EAX_ESP()
PublicCode = PublicCode & "8BC4"
End Function
Function Mov_EBX_EBP()
PublicCode = PublicCode & "8BDD"
End Function
Function Mov_EBX_EAX()
PublicCode = PublicCode & "8BD8"
End Function
Function Mov_EBX_ECX()
PublicCode = PublicCode & "8BD9"
End Function
Function Mov_EBX_EDI()
PublicCode = PublicCode & "8BDF"
End Function
Function Mov_EBX_EDX()
PublicCode = PublicCode & "8BDA"
End Function
Function Mov_EBX_ESI()
PublicCode = PublicCode & "8BDE"
End Function
Function Mov_EBX_ESP()
PublicCode = PublicCode & "8BDC"
End Function
Function Mov_ECX_EBP()
PublicCode = PublicCode & "8BCD"
End Function
Function Mov_ECX_EAX()
PublicCode = PublicCode & "8BC8"
End Function
Function Mov_ECX_EBX()
PublicCode = PublicCode & "8BCB"
End Function
Function Mov_ECX_EDI()
PublicCode = PublicCode & "8BCF"
End Function
Function Mov_ECX_EDX()
PublicCode = PublicCode & "8BCA"
End Function
Function Mov_ECX_ESI()
PublicCode = PublicCode & "8BCE"
End Function
Function Mov_ECX_ESP()
PublicCode = PublicCode & "8BCC"
End Function
Function Mov_EDX_EBP()
PublicCode = PublicCode & "8BD5"
End Function
Function Mov_EDX_EBX()
PublicCode = PublicCode & "8BD3"
End Function
Function Mov_EDX_ECX()
PublicCode = PublicCode & "8BD1"
End Function
Function Mov_EDX_EDI()
PublicCode = PublicCode & "8BD7"
End Function
Function Mov_EDX_EAX()
PublicCode = PublicCode & "8BD0"
End Function
Function Mov_EDX_ESI()
PublicCode = PublicCode & "8BD6"
End Function
Function Mov_EDX_ESP()
PublicCode = PublicCode & "8BD4"
End Function
Function Mov_ESI_EBP()
PublicCode = PublicCode & "8BF5"
End Function
Function Mov_ESI_EBX()
PublicCode = PublicCode & "8BF3"
End Function
Function Mov_ESI_ECX()
PublicCode = PublicCode & "8BF1"
End Function
Function Mov_ESI_EDI()
PublicCode = PublicCode & "8BF7"
End Function
Function Mov_ESI_EAX()
PublicCode = PublicCode & "8BF0"
End Function
Function Mov_ESI_EDX()
PublicCode = PublicCode & "8BF2"
End Function
Function Mov_ESI_ESP()
PublicCode = PublicCode & "8BF4"
End Function
Function Mov_ESP_EBP()
PublicCode = PublicCode & "8BE5"
End Function
Function Mov_ESP_EBX()
PublicCode = PublicCode & "8BE3"
End Function
Function Mov_ESP_ECX()
PublicCode = PublicCode & "8BE1"
End Function
Function Mov_ESP_EDI()
PublicCode = PublicCode & "8BE7"
End Function
Function Mov_ESP_EAX()
PublicCode = PublicCode & "8BE0"
End Function
Function Mov_ESP_EDX()
PublicCode = PublicCode & "8BE2"
End Function
Function Mov_ESP_ESI()
PublicCode = PublicCode & "8BE6"
End Function
Function Mov_EDI_EBP()
PublicCode = PublicCode & "8BFD"
End Function
Function Mov_EDI_EAX()
PublicCode = PublicCode & "8BF8"
End Function
Function Mov_EDI_EBX()
PublicCode = PublicCode & "8BFB"
End Function
Function Mov_EDI_ECX()
PublicCode = PublicCode & "8BF9"
End Function
Function Mov_EDI_EDX()
PublicCode = PublicCode & "8BFA"
End Function
Function Mov_EDI_ESI()
PublicCode = PublicCode & "8BFE"
End Function
Function Mov_EDI_ESP()
PublicCode = PublicCode & "8BFC"
End Function
Function Mov_EBP_EDI()
PublicCode = PublicCode & "8BDF"
End Function
Function Mov_EBP_EAX()
PublicCode = PublicCode & "8BE8"
End Function
Function Mov_EBP_EBX()
PublicCode = PublicCode & "8BEB"
End Function
Function Mov_EBP_ECX()
PublicCode = PublicCode & "8BE9"
End Function
Function Mov_EBP_EDX()
PublicCode = PublicCode & "8BEA"
End Function
Function Mov_EBP_ESI()
PublicCode = PublicCode & "8BEE"
End Function
Function Mov_EBP_ESP()
PublicCode = PublicCode & "8BEC"
End Function
'Push
'&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&
Function Push(i)
If i <= 127 and i >= 0 Then
PublicCode = PublicCode & "6A" & W_HighAndLow(i, 2)
Else
PublicCode = PublicCode & "68" & W_HighAndLow(i, 8)
End If
End Function
Function Push_Ptr_(i )
PublicCode = PublicCode & "FF35" & W_HighAndLow(i, 8)
End Function
Function Push_EAX()
PublicCode = PublicCode & "50"
End Function
Function Push_ECX()
PublicCode = PublicCode & "51"
End Function
Function Push_EDX()
PublicCode = PublicCode & "52"
End Function
Function Push_EBX()
PublicCode = PublicCode & "53"
End Function
Function Push_ESP()
PublicCode = PublicCode & "54"
End Function
Function Push_EBP()
PublicCode = PublicCode & "55"
End Function
Function Push_ESI()
PublicCode = PublicCode & "56"
End Function
Function Push_EDI()
PublicCode = PublicCode & "57"
End Function
'Lea
'&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&
Function Lea_EAX_Ptr_EAX_OffSet(i )
If i <= 255 and i >= 0 Then
PublicCode = PublicCode & "8D40" & W_HighAndLow(i, 2)
Else
PublicCode = PublicCode & "8D80" & W_HighAndLow(i, 8)
End If
End Function
Function Lea_EAX_Ptr_EBX_OffSet(i )
If i <= 255 and i >= 0 Then
PublicCode = PublicCode & "8D43" & W_HighAndLow(i, 2)
Else
PublicCode = PublicCode & "8D83" & W_HighAndLow(i, 8)
End If
End Function
Function Lea_EAX_Ptr_ECX_OffSet(i )
If i <= 255 and i >= 0 Then
PublicCode = PublicCode & "8D41" & W_HighAndLow(i, 2)
Else
PublicCode = PublicCode & "8D81" & W_HighAndLow(i, 8)
End If
End Function
Function Lea_EAX_Ptr_EDX_OffSet(i )
If i <= 255 and i >= 0 Then
PublicCode = PublicCode & "8D42" & W_HighAndLow(i, 2)
Else
PublicCode = PublicCode & "8D82" & W_HighAndLow(i, 8)
End If
End Function
Function Lea_EAX_Ptr_ESI_OffSet(i )
If i <= 255 and i >= 0 Then
PublicCode = PublicCode & "8D46" & W_HighAndLow(i, 2)
Else
PublicCode = PublicCode & "8D86" & W_HighAndLow(i, 8)
End If
End Function
Function Lea_EAX_Ptr_ESP_OffSet(i )
If i <= 255 and i >= 0 Then
PublicCode = PublicCode & "8D40" & W_HighAndLow(i, 2)
Else
PublicCode = PublicCode & "8D80" & W_HighAndLow(i, 8)
End If
End Function
Function Lea_EAX_Ptr_EBP_OffSet(i )
If i <= 255 and i >= 0 Then
PublicCode = PublicCode & "8D4424" & W_HighAndLow(i, 2)
Else
PublicCode = PublicCode & "8D8424" & W_HighAndLow(i, 8)
End If
End Function
Function Lea_EAX_Ptr_EDI_OffSet(i )
If i <= 255 and i >= 0 Then
PublicCode = PublicCode & "8D47" & W_HighAndLow(i, 2)
Else
PublicCode = PublicCode & "8D87" & W_HighAndLow(i, 8)
End If
End Function
Function Lea_EBX_Ptr_EAX_OffSet(i )
If i <= 255 and i >= 0 Then
PublicCode = PublicCode & "8D58" & W_HighAndLow(i, 2)
Else
PublicCode = PublicCode & "8D98" & W_HighAndLow(i, 8)
End If
End Function
Function Lea_EBX_Ptr_ESP_OffSet(i )
If i <= 255 and i >= 0 Then
PublicCode = PublicCode & "8D5C24" & W_HighAndLow(i, 2)
Else
PublicCode = PublicCode & "8D9C24" & W_HighAndLow(i, 8)
End If
End Function
Function Lea_EBX_Ptr_EBX_OffSet(i )
If i <= 255 and i >= 0 Then
PublicCode = PublicCode & "8D5B" & W_HighAndLow(i, 2)
Else
PublicCode = PublicCode & "8D9B" & W_HighAndLow(i, 8)
End If
End Function
Function Lea_EBX_Ptr_ECX_OffSet(i )
If i <= 255 and i >= 0 Then
PublicCode = PublicCode & "8D59" & W_HighAndLow(i, 2)
Else
PublicCode = PublicCode & "8D99" & W_HighAndLow(i, 8)
End If
End Function
Function Lea_EBX_Ptr_EDX_OffSet(i )
If i <= 255 and i >= 0 Then
PublicCode = PublicCode & "8D5A" & W_HighAndLow(i, 2)
Else
PublicCode = PublicCode & "8D9A" & W_HighAndLow(i, 8)
End If
End Function
Function Lea_EBX_Ptr_EDI_OffSet(i )
If i <= 255 and i >= 0 Then
PublicCode = PublicCode & "8D5F" & W_HighAndLow(i, 2)
Else
PublicCode = PublicCode & "8D9F" & W_HighAndLow(i, 8)
End If
End Function
Function Lea_EBX_Ptr_EBP_OffSet(i )
If i <= 255 and i >= 0 Then
PublicCode = PublicCode & "8D5D" & W_HighAndLow(i, 2)
Else
PublicCode = PublicCode & "8D9D" & W_HighAndLow(i, 8)
End If
End Function
Function Lea_EBX_Ptr_ESI_OffSet(i )
If i <= 255 and i >= 0 Then
PublicCode = PublicCode & "8D5E" & W_HighAndLow(i, 2)
Else
PublicCode = PublicCode & "8D9E" & W_HighAndLow(i, 8)
End If
End Function
Function Lea_ECX_Ptr_EAX_OffSet(i )
If i <= 255 and i >= 0 Then
PublicCode = PublicCode & "8D48" & W_HighAndLow(i, 2)
Else
PublicCode = PublicCode & "8D88" & W_HighAndLow(i, 8)
End If
End Function
Function Lea_ECX_Ptr_ESP_OffSet(i )
If i <= 255 and i >= 0 Then
PublicCode = PublicCode & "8D4C24" & W_HighAndLow(i, 2)
Else
PublicCode = PublicCode & "8D8C24" & W_HighAndLow(i, 8)
End If
End Function
Function Lea_ECX_Ptr_EBX_OffSet(i )
If i <= 255 and i >= 0 Then
PublicCode = PublicCode & "8D4B" & W_HighAndLow(i, 2)
Else
PublicCode = PublicCode & "8D8B" & W_HighAndLow(i, 8)
End If
End Function
Function Lea_ECX_Ptr_ECX_OffSet(i )
If i <= 255 and i >= 0 Then
PublicCode = PublicCode & "8D49" & W_HighAndLow(i, 2)
Else
PublicCode = PublicCode & "8D89" & W_HighAndLow(i, 8)
End If
End Function
Function Lea_ECX_Ptr_EDX_OffSet(i )
If i <= 255 and i >= 0 Then
PublicCode = PublicCode & "8D4A" & W_HighAndLow(i, 2)
Else
PublicCode = PublicCode & "8D8A" & W_HighAndLow(i, 8)
End If
End Function
Function Lea_ECX_Ptr_EDI_OffSet(i )
If i <= 255 and i >= 0 Then
PublicCode = PublicCode & "8D4F" & W_HighAndLow(i, 2)
Else
PublicCode = PublicCode & "8D8F" & W_HighAndLow(i, 8)
End If
End Function
Function Lea_ECX_Ptr_EBP_OffSet(i )
If i <= 255 and i >= 0 Then
PublicCode = PublicCode & "8D4D" & W_HighAndLow(i, 2)
Else
PublicCode = PublicCode & "8D8D" & W_HighAndLow(i, 8)
End If
End Function
Function Lea_ECX_Ptr_ESI_OffSet(i )
If i <= 255 and i >= 0 Then
PublicCode = PublicCode & "8D4E" & W_HighAndLow(i, 2)
Else
PublicCode = PublicCode & "8D8E" & W_HighAndLow(i, 8)
End If
End Function
Function Lea_EDX_Ptr_EAX_OffSet(i )
If i <= 255 and i >= 0 Then
PublicCode = PublicCode & "8D50" & W_HighAndLow(i, 2)
Else
PublicCode = PublicCode & "8D90" & W_HighAndLow(i, 8)
End If
End Function
Function Lea_EDX_Ptr_ESP_OffSet(i )
If i <= 255 and i >= 0 Then
PublicCode = PublicCode & "8D5424" & W_HighAndLow(i, 2)
Else
PublicCode = PublicCode & "8D9424" & W_HighAndLow(i, 8)
End If
End Function
Function Lea_EDX_Ptr_EBX_OffSet(i )
If i <= 255 and i >= 0 Then
PublicCode = PublicCode & "8D53" & W_HighAndLow(i, 2)
Else
PublicCode = PublicCode & "8D93" & W_HighAndLow(i, 8)
End If
End Function
Function Lea_EDX_Ptr_ECX_OffSet(i )
If i <= 255 and i >= 0 Then
PublicCode = PublicCode & "8D51" & W_HighAndLow(i, 2)
Else
PublicCode = PublicCode & "8D91" & W_HighAndLow(i, 8)
End If
End Function
Function Lea_EDX_Ptr_EDX_OffSet(i )
If i <= 255 and i >= 0 Then
PublicCode = PublicCode & "8D52" & W_HighAndLow(i, 2)
Else
PublicCode = PublicCode & "8D92" & W_HighAndLow(i, 8)
End If
End Function
Function Lea_EDX_Ptr_EDI_OffSet(i )
If i <= 255 and i >= 0 Then
PublicCode = PublicCode & "8D57" & W_HighAndLow(i, 2)
Else
PublicCode = PublicCode & "8D97" & W_HighAndLow(i, 8)
End If
End Function
Function Lea_EDX_Ptr_EBP_OffSet(i )
If i <= 255 and i >= 0 Then
PublicCode = PublicCode & "8D55" & W_HighAndLow(i, 2)
Else
PublicCode = PublicCode & "8D95" & W_HighAndLow(i, 8)
End If
End Function
Function Lea_EDX_Ptr_ESI_OffSet(i )
If i <= 255 and i >= 0 Then
PublicCode = PublicCode & "8D56" & W_HighAndLow(i, 2)
Else
PublicCode = PublicCode & "8D96" & W_HighAndLow(i, 8)
End If
End Function
'pop
'&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&
Function Pop_EAX()
PublicCode = PublicCode & "58"
End Function
Function Pop_EBX()
PublicCode = PublicCode & "5B"
End Function
Function Pop_ECX()
PublicCode = PublicCode & "59"
End Function
Function Pop_EDX()
PublicCode = PublicCode & "5A"
End Function
Function Pop_ESI()
PublicCode = PublicCode & "5E"
End Function
Function Pop_ESP()
PublicCode = PublicCode & "5C"
End Function
Function Pop_EDI()
PublicCode = PublicCode & "5F"
End Function
Function Pop_EBP()
PublicCode = PublicCode & "5D"
End Function
'XOR加密
'&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&新加的
Function Xor_ECX_EAX()
PublicCode = PublicCode & "33C8"
End Function
Function Xor_EAX_ECX()
PublicCode = PublicCode & "33C1"
End Function
'SHL SHR加密
'&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&
Function Shl_EAX_(i)
If i = 0 Then
PublicCode = PublicCode & "D1E0"
ElseIf i <= 255 and i >= 0 Then
PublicCode = PublicCode & "C1E0" & W_HighAndLow(i, 2)
Else
TracePrint "命令书写错误!"
End If
End Function
Function Shl_ECX_(i)
If i = 0 Then
PublicCode = PublicCode & "D1E1"
ElseIf i <= 255 and i >= 0 Then
PublicCode = PublicCode & "C1E1" & W_HighAndLow(i, 2)
Else
TracePrint "命令书写错误!"
End If
End Function
Function Shr_EAX_(i)
If i = 0 Then
PublicCode = PublicCode & "D1E8"
ElseIf i <= 255 and i >= 0 Then
PublicCode = PublicCode & "C1E8" & W_HighAndLow(i, 2)
Else
TracePrint "命令书写错误!"
End If
End Function
Function Shr_ECX_(i)
If i = 0 Then
PublicCode = PublicCode & "D1E9"
ElseIf i <= 255 and i >= 0 Then
PublicCode = PublicCode & "C1E9" & W_HighAndLow(i, 2)
Else
TracePrint "命令书写错误!"
End If
End Function
//AND
Function And_EAX_(i)
If i <= 127 and i >= 0 Then
PublicCode = PublicCode & "83C0" & W_HighAndLow(i, 2)
Else
PublicCode = PublicCode & "05" & W_HighAndLow(i, 8)
End If
End Function
Function And_ECX_(i)
If i <= 127 and i >= 0 Then
PublicCode = PublicCode & "83E1" & W_HighAndLow(i, 2)
Else
PublicCode = PublicCode & "25" & W_HighAndLow(i, 8)
End If
End Function
Function And_EAX_ECX()
PublicCode = PublicCode & "21C8"
End Function
Function And_EBX_EDX()
PublicCode = PublicCode & "21D3"
End Function
// OR
Function Or_EAX_ECX()
PublicCode = PublicCode & "33C1"
End Function
Function Or_EBX_EDX()
PublicCode = PublicCode & "09D3"
End Function
//not
Function Not_EAX()
PublicCode = PublicCode & "F7D0"
End Function
Function Not_ECX()
PublicCode = PublicCode & "F7D1"
End Function
Function ABC按键X_类人猿技术群_526897608() //这个功能是将字节集转化成空格形式55 8B EC A1 7C 24
TracePrint "技术联系类人猿Q: 578052137"
End Function
Function ABC按键X_技术QQ_578052137() //这个功能是将字节集转化成空格形式55 8B EC A1 7C 24
TracePrint "技术联系类人猿Q: 578052137"
End Function
Function ABC按键X_测试版本_支持按键X版本内存汇编//这个功能是将字节集转化成空格形式55 8B EC A1 7C 24
TracePrint "技术联系类人猿Q: 578052137"
End Function
//================================类人猿按键精灵X版本独立内存汇编库:QQ:578052137 按键精灵的内存汇编技术学习Q群:526897608 =============================================
// 手稿版本为:1.00
//================================希望喜欢按键的朋友继续传递下去,继续更新===================================================
//按键也可以独立做内存和汇编,不用依赖其他语言。代码发现bug问题请及时反馈给我,谢谢!
|
|