按键精灵ASM32内联汇编独立库原型（本人亲笔）

1. Function RunAsmCode(ProcessId, AsmType)//核心代码
   
2.     Dim i                         //==========================================================
   
3.     dim AsmCode1
   
4.     AsmCode1=""
   
5.     ReDim AsmCode(Len(PublicCode) / 2 - 1)
   
6.     For i = 0 To UBound(AsmCode)
   
7.         AsmCode1 = AsmCode1 &(" " & Mid(PublicCode, i * 2 + 1, 2)) //======里是字符集转换空格隔开======
   
8.     Next
   
9.     PublicCode = LTrim(AsmCode1)
   
10.     //TracePrint PublicCode
    
11.     十六进制字节集=PublicCode           //=========================================================
    
12.     CodeSize = UBound(split(十六进制字节集, " "))+10 //加10避免空间不够用." "这个是十六进制字符分隔符
    
13.     //TracePrint  CodeSize
    
14.     NewWriteCodeAddr = 申请指定进程空间(ProcessId, CodeSize)//申请空
    
15.     //TracePrint NewWriteCodeAddr
    
16.     call 写入字节集(ProcessId, NewWriteCodeAddr, 十六进制字节集)
    
17.     Handle_Process = OpenProcess(2035711, False, ProcessId)
    
18.     RThwnd = CreateRemoteThread(Handle_Process, 0, 0, NewWriteCodeAddr, 0, 0, 0)
    
19. End Function
    
20. 
    
21. Function 远程注入汇编代码(ProcessId, 十六进制字节集)
    
22.     CodeSize = UBound(split(十六进制字节集, " "))+10 //加10避免空间不够用." "这个是十六进制字符分隔符
    
23.     //MessageBox   CodeSize
    
24.     NewWriteCodeAddr = 申请指定进程空间(ProcessId, CodeSize)//申请空
    
25.     call 写入字节集(ProcessId, NewWriteCodeAddr, 十六进制字节集)
    
26.     Handle_Process = OpenProcess(2035711, False, ProcessId)
    
27.     RThwnd = CreateRemoteThread(Handle_Process, 0, 0, NewWriteCodeAddr, 0, 0, 0)
    
28. End function
    
29. //Call 十六进制字节集转化成十进制字节集("55 8B EC A1 7C 24 2C 01 6A 00 8B 08 A1 78 3E 2C 01 8B C0 FF D0 5D C3")
    
30. Function 十六进制字节集转化成十进制字节集(HexByteStr)//这个功能是将十六进制字节集转化成十进制字符数组
    
31.     HexByteStr=Replace(HexByteStr," ","")
    
32.     Dim i
    
33.     ReDim HexByteArr(Len(HexByteStr) / 2 - 1)
    
34.     For i = 0 To UBound(HexByteArr)
    
35.         HexByteArr(i) = CByte("&H" & Mid(HexByteStr, i * 2 + 1, 2))
    
36. 
    
37.         十六进制字节集转化成十进制字节集=十六进制字节集转化成十进制字节集&" "& HexByteArr(i)
    
38.     Next
    
39.     //TracePrint 十六进制字节集转化成十进制字节集
    
40.     //Get_Result = CallWindowProc(AsmCode(0), 0, 0, 0, 0)
    
41.     //Get_Result = CallWindowProc(AsmCode(0),0,0,0,0)//=================================================================不懂这里为什么参数会出错
    
42. End Function
    
43. 
    
44. Function 获取函数地址API(Module, Name_Api)//这个是有缺陷的
    
45.     //Name_Api=Name_Api &"0000"
    
46.     Dim Module_Handle,String_Addr,Function_Addr
    
47.     //Do
    
48.     Module_Handle = GetModuleHandleA(Module)//获取句柄
    
49.     //    TracePrint "dll模块的地址="& Hex(Module_Handle)
    
50.     String_Addr = 字符集ASCII变量指针(Name_Api)//获取名字指针变量
    
51.     //TracePrint "函数名字变量指针（存数据）="&String_Addr
    
52.     Function_Addr = GetProcAddress(Module_Handle, String_Addr)//第二个参数是指针变量
    
53.     //Loop Until Function_Addr <> 0
    
54.     获取函数地址API = Function_Addr
    
55. End Function
    
56. 
    
57. Function 远程注入dll(ProcessId, LoadLibraryA_Addr,dll路径字符串)
    
58.     CodeSize = len(dll路径字符串)+10 //加10避免空间不够用
    
59.     //TracePrint  CodeSize
    
60.     NewWriteCodeAddr = 申请指定进程空间(ProcessId, CodeSize)//申请空
    
61.     CALL 写入字符集ASCII(ProcessId, NewWriteCodeAddr, dll路径字符串)
    
62.     Handle_Process = OpenProcess(2035711, False, ProcessId)
    
63.     RThwnd = CreateRemoteThread(Handle_Process, 0, 0, LoadLibraryA_Addr, NewWriteCodeAddr, 0, 0)        
    
64. End Function
    
65. 
    
66. Function 申请指定进程空间(ProcessId,size)
    
67.     Handle_Process = OpenProcess(2035711, False, ProcessId)
    
68.     tmp_Addr = VirtualAllocEx(Handle_Process, 0, size, 4096, 64)
    
69.     //TracePrint tmp_Addr
    
70.     申请指定进程空间=tmp_Addr
    
71. End Function
    
72. 
    
73. Function 释放进程分配空间(ProcessId,Addr)
    
74.     Handle_Process = OpenProcess(2035711, False, ProcessId)
    
75.     tmp_Addr = VirtualFreeEx(Handle_Process, Addr, 0,32768)  //第三个参数设置大小，直接用0，应该是全部清除
    
76.     //TracePrint Hex(tmp_Addr)
    
77. End Function
    
78. 
    
79. Function 写入字符集ASCII(ProcessId, lpBaseAddress, 字符串)
    
80.     i=1
    
81.     For len(字符串)
    
82.         //        TracePrint mid(字符串, i, 1)
    
83.         //        TracePrint Asc(mid(字符串, i, 1))
    
84.         字符代码数值 = Asc(mid(字符串, i, 1))
    
85.         Call 写入单字符ASCII(ProcessId, (lpBaseAddress-1+i), 字符代码数值)
    
86.         i=i+1
    
87.     Next
    
88. End Function
    
89. 
    
90. Function 字符集ASCII变量指针(字符串)
    
91.     Dim 内存大小
    
92.     Dim NewAddr
    
93.     Dim i
    
94.     内存大小 = Len(字符串)
    
95.     //TracePrint 内存大小
    
96.     NewAddr = (LocalAlloc(0, 内存大小 + 2))//这个-1是为了适应下面的代码  /0是表示空字符00000000
    
97.     //    TracePrint  NewAddr
    
98.     //TracePrint "申请存放汇编字节集" & Hex(NewAddr)
    
99.     i=1
    
100.     For len(字符串)
     
101.         //        TracePrint mid(字符串, i, 1)
     
102.         //        TracePrint Asc(mid(字符串, i, 1))
     
103.         字符代码数值 = Asc(mid(字符串, i, 1))
     
104.         //        TracePrint 字符代码数值
     
105.         Call 写入单字符ASCII(GetCurrentProcessId(), (NewAddr - 1 + i), 字符代码数值)
     
106.         //        TracePrint NewAddr-1+i
     
107.         i=i+1
     
108.     Next
     
109.     call 写入双字节内存整数(GetCurrentProcessId(),(NewAddr - 1 + i),0)
     
110.     //    TracePrint "最后一个整" & NewAddr-1+i
     
111.     字符集ASCII变量指针=NewAddr
     
112. End Function
     
113. 
     
114. Function 写入单字符ASCII(ProcessId, lpBaseAddress, WriteValue)
     
115.     Dim Handle_Process//进程句柄
     
116.     Handle_Process = OpenProcess(2035711, false, ProcessId)//获取进程句柄
     
117.     //TracePrint "Handle_Process=" & Handle_Process//要写入的地址
     
118.     Addr_Low = chrw(WriteValue)/*由于写入内存又要传址，所以不能直接以Long型写入,将要写入的数值分割成低字和高字，以Unicode码形式分别存放在两个变量里， 一个Uniclde字符能放两字节，两个才是4字节*/
     
119.     Call WriteProcessMemory(Handle_Process, lpBaseAddress, Addr_Low, 1, 0)  //  lpBaseAddress是存放数据的地址
     
120.     call  CloseHandle (Handle_Process)//关闭进程对象句柄               
     
121. End Function
     
122. 
     
123. 
     
124. Function 写入字节集(ProcessId, WriteAddr, 十六进制字节集)
     
125. 
     
126.     NewAddr = WriteAddr //写入头地址
     
127.     //TracePrint "申请存放汇编字节集地址" & Hex(NewAddr)
     
128.     字节数组=Split(十六进制字节集," ")
     
129.     i=0
     
130.     For UBound(字节数组)+1
     
131.         //        TracePrint 字节数组(i)
     
132.         call 写入单字节整数(ProcessId, NewAddr+i,"&H"&字节数组(i)) //这里我统一加上&H，可以进行运
     
133.         i=i+1
     
134.     Next
     
135. End Function
     
136.   
     
137. Function 字节集变量指针(十六进制字节集)
     
138.     NewAddr = LocalAlloc(0, 200)
     
139.     //TracePrint "申请存放汇编字节集" & Hex(NewAddr)
     
140.     字节数组=Split(十六进制字节集," ")
     
141.     i=0
     
142.     For UBound(字节数组)+1
     
143.         //        TracePrint 字节数组(i)
     
144.         call 写入单字节整数(GetCurrentProcessId(), NewAddr+i,int(字节数组(i)))
     
145.         i=i+1
     
146.     Next
     
147.     字节集变量指针=NewAddr
     
148. End Function
     
149. 
     
150. Function 写入单字节整数(ProcessId, lpBaseAddress, WriteValue) //第二个是WriteAddr
     
151.     Dim Handle_Process//进程句柄
     
152.     Handle_Process = OpenProcess(2035711, false, ProcessId)//获取进程句柄
     
153.     //TracePrint "Handle_Process=" & Handle_Process//要写入的地址
     
154.     Addr_Low = chrw(WriteValue mod 256)/*由于写入内存又要传址，所以不能直接以Long型写入,将要写入的数值分割成低字和高字，以Unicode码形式分别存放在两个变量里， 一个Uniclde字符能放两字节，两个才是4字节*/
     
155.     //Addr_High = chrw(int(WriteValue / 65536))//读取WriteAddr原来的值//用这个测试的时候，我们检测下2字节的最大值和4字节的最大值，注意数据溢出
     
156.     Call WriteProcessMemory(Handle_Process, lpBaseAddress, Addr_Low, 1, 0)  //  lpBaseAddress是存放数据的地址
     
157.     //Call Write(Handle_Process, lpBaseAddress + 2, Addr_High, 2, 0)//读取WriteAddr现在的值
     
158.     call  CloseHandle (Handle_Process)//关闭进程对象句柄        
     
159. End Function
     
160. 
     
161. Function 写入双字节内存整数(ProcessId, lpBaseAddress, WriteValue) //第二个是WriteAddr
     
162.     Dim Handle_Process//进程句柄
     
163.     Handle_Process = OpenProcess(2035711, false, ProcessId)//获取进程句柄
     
164.     //TracePrint "Handle_Process=" & Handle_Process//要写入的地址
     
165.     Addr_Low = Chrw(WriteValue)/*由于写入内存又要传址，所以不能直接以Long型写入,将要写入的数值分割成低字和高字，以Unicode码形式分别存放在两个变量里， 一个Uniclde字符能放两字节，两个才是4字节*/
     
166.     Call WriteProcessMemory(Handle_Process, lpBaseAddress, Addr_Low, 2, 0)  //  lpBaseAddress是存放数据的地址
     
167.     call  CloseHandle (Handle_Process)//关闭进程对象句柄        
     
168. End Function
     
169. 
     
170. Function 双字节整数变量指针(WriteValue)//第二个是WriteAddr=======================
     
171.     NewAddr = LocalAlloc(0, 2)
     
172.     //TracePrint "申请存放汇编字节集" & Hex(NewAddr)
     
173.     Dim Handle_Process//进程句柄
     
174.     Handle_Process = OpenProcess(2035711, false, GetCurrentProcessId())//获取进程句柄
     
175.     //TracePrint "Handle_Process=" & Handle_Process//要写入的地址
     
176.     Addr_Low = Chrw(WriteValue)/*由于写入内存又要传址，所以不能直接以Long型写入,将要写入的数值分割成低字和高字，以Unicode码形式分别存放在两个变量里， 一个Uniclde字符能放两字节，两个才是4字节*/
     
177.     Call WriteProcessMemory(Handle_Process, NewAddr, Addr_Low, 2, 0)  //  lpBaseAddress是存放数据的地址
     
178.     Call CloseHandle(Handle_Process)//关闭进程对象句柄        
     
179.     双字节整数变量指针=NewAddr
     
180. End Function
     
181. 
     
182. 
     
183. Function 写入四字节内存整数(ProcessId, lpBaseAddress, WriteValue) //第二个是WriteAddr
     
184.     Dim Handle_Process//进程句柄
     
185.     Handle_Process = OpenProcess(2035711, false, ProcessId)//获取进程句柄
     
186.     //TracePrint "Handle_Process=" & Handle_Process//要写入的地址
     
187.     Addr_Low = Chrw(WriteValue mod 65536)/*由于写入内存又要传址，所以不能直接以Long型写入,将要写入的数值分割成低字和高字，以Unicode码形式分别存放在两个变量里， 一个Uniclde字符能放两字节，两个才是4字节*/
     
188.     Addr_High = Chrw(int(WriteValue / 65536))//读取WriteAddr原来的值//用这个测试的时候，我们检测下2字节的最大值和4字节的最大值，注意数据溢出
     
189.     Call WriteProcessMemory(Handle_Process, lpBaseAddress, Addr_Low, 2, 0)  //  lpBaseAddress是存放数据的地址
     
190.     Call WriteProcessMemory(Handle_Process, lpBaseAddress + 2, Addr_High, 2, 0)//读取WriteAddr现在的值
     
191.     call  CloseHandle (Handle_Process)//关闭进程对象句柄        
     
192. End Function
     
193. 
     
194. Function 四字节整数变量指针(WriteValue)//第二个是WriteAddr
     
195.     NewAddr = LocalAlloc(0, 4)
     
196.     //TracePrint "申请存放汇编字节集" & Hex(NewAddr)
     
197.     Dim Handle_Process//进程句柄
     
198.     Handle_Process = OpenProcess(2035711, false, GetCurrentProcessId())//获取进程句柄
     
199.     //TracePrint "Handle_Process=" & Handle_Process//要写入的地址
     
200.     Addr_Low = Chrw(WriteValue mod 65536)/*由于写入内存又要传址，所以不能直接以Long型写入,将要写入的数值分割成低字和高字，以Unicode码形式分别存放在两个变量里， 一个Uniclde字符能放两字节，两个才是4字节*/
     
201.     Addr_High = Chrw(int(WriteValue / 65536))//读取WriteAddr原来的值//用这个测试的时候，我们检测下2字节的最大值和4字节的最大值，注意数据溢出
     
202.     Call WriteProcessMemory(Handle_Process, NewAddr, Addr_Low, 2, 0)  //  lpBaseAddress是存放数据的地址
     
203.     Call WriteProcessMemory(Handle_Process, NewAddr + 2, Addr_High, 2, 0)//读取WriteAddr现在的值
     
204.     call  CloseHandle (Handle_Process)//关闭进程对象句柄        
     
205. End Function
     
206. 
     
207. Function 获取变量数据类型(变量)
     
208.     获取变量数据类型=TypeName(变量)
     
209. End Function
     
210. Function W_GetCode()
     
211.     W_GetCode = PublicCode
     
212. End Function
     
213. 
     
214. Function W_HighAndLow(Value , n) '高低位互换
     
215.     Dim tmp1 , tmp2 , i
     
216.     tmp1 = Right("0000000" + Hex(Value), n)
     
217.     For i = 0 To Len(tmp1) / 2 - 1
     
218.         tmp2 = tmp2 + Mid(tmp1, Len(tmp1) - 1 - 2 * i, 2)
     
219.     Next    //=======================================这里出错
     
220.     W_HighAndLow = tmp2
     
221. End Function
     
222. 
     
223. 
     
224. //Function W_HighAndLow(Value, n)'高低位互换，这个是更新版本,n是多余的参数，还有bug 0000
     
225. //    If Value <255 and Value >16 Then
     
226. //        W_HighAndLow = Hex(Value)
     
227. //    ElseIf Value < 16 and Value >=0 Then
     
228. //      
     
229. //            W_HighAndLow = "0" + Hex(Value)
     
230. //        
     
231. //    Else
     
232. //        W_HighAndLow = Hex(htonl(Value))
     
233. //    End If
     
234. //End Function
     
235. 
     
236. Function Mov_EAX_ESP()
     
237.     PublicCode = PublicCode + "8BC4"
     
238. End Function
     
239. 
     
240. Function Mov_EBX_EBP()
     
241.     PublicCode = PublicCode + "8BDD"
     
242. End Function
     
243. 
     
244. Function Mov_EBX_EAX()
     
245.     PublicCode = PublicCode + "8BD8"
     
246. End Function
     
247. 
     
248. Function Mov_EBX_ECX()
     
249.     PublicCode = PublicCode + "8BD9"
     
250. End Function
     
251. 
     
252. Function Mov_EBX_EDI()
     
253.     PublicCode = PublicCode + "8BDF"
     
254. End Function
     
255. 
     
256. Function Mov_EBX_EDX()
     
257.     PublicCode = PublicCode + "8BDA"
     
258. End Function
     
259. 
     
260. Function Mov_EBX_ESI()
     
261.     PublicCode = PublicCode + "8BDE"
     
262. End Function
     
263. 
     
264. Function Mov_EBX_ESP()
     
265.     PublicCode = PublicCode + "8BDC"
     
266. End Function
     
267. 
     
268. Function Mov_ECX_EBP()
     
269.     PublicCode = PublicCode + "8BCD"
     
270. End Function
     
271. 
     
272. Function Mov_ECX_EAX()
     
273.     PublicCode = PublicCode + "8BC8"
     
274. End Function
     
275. 
     
276. Function Mov_ECX_EBX()
     
277.     PublicCode = PublicCode + "8BCB"
     
278. End Function
     
279. 
     
280. Function Mov_ECX_EDI()
     
281.     PublicCode = PublicCode + "8BCF"
     
282. End Function
     
283. 
     
284. Function Mov_ECX_EDX()
     
285.     PublicCode = PublicCode + "8BCA"
     
286. End Function
     
287. 
     
288. Function Mov_ECX_ESI()
     
289.     PublicCode = PublicCode + "8BCE"
     
290. End Function
     
291. 
     
292. Function Mov_ECX_ESP()
     
293.     PublicCode = PublicCode + "8BCC"
     
294. End Function
     
295. 
     
296. Function Mov_EDX_EBP()
     
297.     PublicCode = PublicCode + "8BD5"
     
298. End Function
     
299. 
     
300. Function Mov_EDX_EBX()
     
301.     PublicCode = PublicCode + "8BD3"
     
302. End Function
     
303. 
     
304. Function Mov_EDX_ECX()
     
305.     PublicCode = PublicCode + "8BD1"
     
306. End Function
     
307. 
     
308. Function Mov_EDX_EDI()
     
309.     PublicCode = PublicCode + "8BD7"
     
310. End Function
     
311. 
     
312. Function Mov_EDX_EAX()
     
313.     PublicCode = PublicCode + "8BD0"
     
314. End Function
     
315. 
     
316. Function Mov_EDX_ESI()
     
317.     PublicCode = PublicCode + "8BD6"
     
318. End Function
     
319. 
     
320. Function Mov_EDX_ESP()
     
321.     PublicCode = PublicCode + "8BD4"
     
322. End Function
     
323. 
     
324. Function Mov_ESI_EBP()
     
325.     PublicCode = PublicCode + "8BF5"
     
326. End Function
     
327. 
     
328. Function Mov_ESI_EBX()
     
329.     PublicCode = PublicCode + "8BF3"
     
330. End Function
     
331. 
     
332. Function Mov_ESI_ECX()
     
333.     PublicCode = PublicCode + "8BF1"
     
334. End Function
     
335. 
     
336. Function Mov_ESI_EDI()
     
337.     PublicCode = PublicCode + "8BF7"
     
338. End Function
     
339. 
     
340. Function Mov_ESI_EAX()
     
341.     PublicCode = PublicCode + "8BF0"
     
342. End Function
     
343. 
     
344. Function Mov_ESI_EDX()
     
345.     PublicCode = PublicCode + "8BF2"
     
346. End Function
     
347. 
     
348. Function Mov_ESI_ESP()
     
349.     PublicCode = PublicCode + "8BF4"
     
350. End Function
     
351. 
     
352. Function Mov_ESP_EBP()
     
353.     PublicCode = PublicCode + "8BE5"
     
354. End Function
     
355. 
     
356. Function Mov_ESP_EBX()
     
357.     PublicCode = PublicCode + "8BE3"
     
358. End Function
     
359. 
     
360. Function Mov_ESP_ECX()
     
361.     PublicCode = PublicCode + "8BE1"
     
362. End Function
     
363. 
     
364. Function Mov_ESP_EDI()
     
365.     PublicCode = PublicCode + "8BE7"
     
366. End Function
     
367. 
     
368. Function Mov_ESP_EAX()
     
369.     PublicCode = PublicCode + "8BE0"
     
370. End Function
     
371. 
     
372. Function Mov_ESP_EDX()
     
373.     PublicCode = PublicCode + "8BE2"
     
374. End Function
     
375. 
     
376. Function Mov_ESP_ESI()
     
377.     PublicCode = PublicCode + "8BE6"
     
378. End Function
     
379. 
     
380. Function Mov_EDI_EBP()
     
381.     PublicCode = PublicCode + "8BFD"
     
382. End Function
     
383. 
     
384. Function Mov_EDI_EAX()
     
385.     PublicCode = PublicCode + "8BF8"
     
386. End Function
     
387. 
     
388. Function Mov_EDI_EBX()
     
389.     PublicCode = PublicCode + "8BFB"
     
390. End Function
     
391. 
     
392. Function Mov_EDI_ECX()
     
393.     PublicCode = PublicCode + "8BF9"
     
394. End Function
     
395. 
     
396. Function Mov_EDI_EDX()
     
397.     PublicCode = PublicCode + "8BFA"
     
398. End Function
     
399. 
     
400. Function Mov_EDI_ESI()
     
401.     PublicCode = PublicCode + "8BFE"
     
402. End Function
     
403. 
     
404. Function Mov_EDI_ESP()
     
405.     PublicCode = PublicCode + "8BFC"
     
406. End Function
     
407. Function Mov_EBP_EDI()
     
408.     PublicCode = PublicCode + "8BDF"
     
409. End Function
     
410. 
     
411. Function Mov_EBP_EAX()
     
412.     PublicCode = PublicCode + "8BE8"
     
413. End Function
     
414. 
     
415. Function Mov_EBP_EBX()
     
416.     PublicCode = PublicCode + "8BEB"
     
417. End Function
     
418. 
     
419. Function Mov_EBP_ECX()
     
420.     PublicCode = PublicCode + "8BE9"
     
421. End Function
     
422. 
     
423. Function Mov_EBP_EDX()
     
424.     PublicCode = PublicCode + "8BEA"
     
425. End Function
     
426. 
     
427. Function Mov_EBP_ESI()
     
428.     PublicCode = PublicCode + "8BEE"
     
429. End Function
     
430. 
     
431. Function Mov_EBP_ESP()
     
432.     PublicCode = PublicCode + "8BEC"
     
433. End Function
     
434. 'Push
     
435. '+++++++++++++++++++++++++++++++++++
     
436. Function Push(i)
     
437.     If i <= 255  and i >= 0 Then
     
438.         PublicCode = PublicCode + "6A" + W_HighAndLow(i, 2)
     
439.     Else
     
440.         PublicCode = PublicCode + "68" + W_HighAndLow(i, 8)
     
441.     End If
     
442. End Function
     
443. 
     
444. Function Push_DWORD_Ptr_Addr(i )
     
445.     PublicCode = PublicCode + "FF35" + W_HighAndLow(i, 8)
     
446. End Function
     
447. 
     
448. Function Push_EAX()
     
449.     PublicCode = PublicCode + "50"
     
450. End Function
     
451. 
     
452. Function Push_ECX()
     
453.     PublicCode = PublicCode + "51"
     
454. End Function
     
455. 
     
456. Function Push_EDX()
     
457.     PublicCode = PublicCode + "52"
     
458. End Function
     
459. 
     
460. Function Push_EBX()
     
461.     PublicCode = PublicCode + "53"
     
462. End Function
     
463. Function Push_ESP()
     
464.     PublicCode = PublicCode + "54"
     
465. End Function
     
466. 
     
467. Function Push_EBP()
     
468.     PublicCode = PublicCode + "55"
     
469. End Function
     
470. 
     
471. Function Push_ESI()
     
472.     PublicCode = PublicCode + "56"
     
473. End Function
     
474. 
     
475. Function Push_EDI()
     
476.     PublicCode = PublicCode + "57"
     
477. End Function
     
478. 'LEA
     
479. Function Lea_EAX_DWORD_Ptr_EAX_Add(i )
     
480.     If i <= 255  and i >= 0 Then
     
481.         PublicCode = PublicCode + "8D40" + W_HighAndLow(i, 2)
     
482.     Else
     
483.         PublicCode = PublicCode + "8D80" + W_HighAndLow(i, 8)
     
484.     End If
     
485. End Function
     
486. 
     
487. Function Lea_EAX_DWORD_Ptr_EBX_Add(i )
     
488.     If i <= 255  and i >= 0 Then
     
489.         PublicCode = PublicCode + "8D43" + W_HighAndLow(i, 2)
     
490.     Else
     
491.         PublicCode = PublicCode + "8D83" + W_HighAndLow(i, 8)
     
492.     End If
     
493. End Function
     
494. 
     
495. Function Lea_EAX_DWORD_Ptr_ECX_Add(i )
     
496.     If i <= 255  and i >= 0 Then
     
497.         PublicCode = PublicCode + "8D41" + W_HighAndLow(i, 2)
     
498.     Else
     
499.         PublicCode = PublicCode + "8D81" + W_HighAndLow(i, 8)
     
500.     End If
     
501. End Function
     
502. 
     
503. Function Lea_EAX_DWORD_Ptr_EDX_Add(i )
     
504.     If i <= 255  and i >= 0 Then
     
505.         PublicCode = PublicCode + "8D42" + W_HighAndLow(i, 2)
     
506.     Else
     
507.         PublicCode = PublicCode + "8D82" + W_HighAndLow(i, 8)
     
508.     End If
     
509. End Function
     
510. 
     
511. Function Lea_EAX_DWORD_Ptr_ESI_Add(i )
     
512.     If i <= 255  and i >= 0 Then
     
513.         PublicCode = PublicCode + "8D46" + W_HighAndLow(i, 2)
     
514.     Else
     
515.         PublicCode = PublicCode + "8D86" + W_HighAndLow(i, 8)
     
516.     End If
     
517. End Function
     
518. 
     
519. Function Lea_EAX_DWORD_Ptr_ESP_Add(i )
     
520.     If i <= 255  and i >= 0 Then
     
521.         PublicCode = PublicCode + "8D40" + W_HighAndLow(i, 2)
     
522.     Else
     
523.         PublicCode = PublicCode + "8D80" + W_HighAndLow(i, 8)
     
524.     End If
     
525. End Function
     
526. 
     
527. Function Lea_EAX_DWORD_Ptr_EBP_Add(i )
     
528.     If i <= 255  and i >= 0 Then
     
529.         PublicCode = PublicCode + "8D4424" + W_HighAndLow(i, 2)
     
530.     Else
     
531.         PublicCode = PublicCode + "8D8424" + W_HighAndLow(i, 8)
     
532.     End If
     
533. End Function
     
534. 
     
535. Function Lea_EAX_DWORD_Ptr_EDI_Add(i )
     
536.     If i <= 255  and i >= 0 Then
     
537.         PublicCode = PublicCode + "8D47" + W_HighAndLow(i, 2)
     
538.     Else
     
539.         PublicCode = PublicCode + "8D87" + W_HighAndLow(i, 8)
     
540.     End If
     
541. End Function
     
542. 
     
543. Function Lea_EBX_DWORD_Ptr_EAX_Add(i )
     
544.     If i <= 255  and i >= 0 Then
     
545.         PublicCode = PublicCode + "8D58" + W_HighAndLow(i, 2)
     
546.     Else
     
547.         PublicCode = PublicCode + "8D98" + W_HighAndLow(i, 8)
     
548.     End If
     
549. End Function
     
550. 
     
551. Function Lea_EBX_DWORD_Ptr_ESP_Add(i )
     
552.     If i <= 255  and i >= 0 Then
     
553.         PublicCode = PublicCode + "8D5C24" + W_HighAndLow(i, 2)
     
554.     Else
     
555.         PublicCode = PublicCode + "8D9C24" + W_HighAndLow(i, 8)
     
556.     End If
     
557. End Function
     
558. 
     
559. Function Lea_EBX_DWORD_Ptr_EBX_Add(i )
     
560.     If i <= 255  and i >= 0 Then
     
561.         PublicCode = PublicCode + "8D5B" + W_HighAndLow(i, 2)
     
562.     Else
     
563.         PublicCode = PublicCode + "8D9B" + W_HighAndLow(i, 8)
     
564.     End If
     
565. End Function
     
566. 
     
567. Function Lea_EBX_DWORD_Ptr_ECX_Add(i )
     
568.     If i <= 255  and i >= 0 Then
     
569.         PublicCode = PublicCode + "8D59" + W_HighAndLow(i, 2)
     
570.     Else
     
571.         PublicCode = PublicCode + "8D99" + W_HighAndLow(i, 8)
     
572.     End If
     
573. End Function
     
574. 
     
575. Function Lea_EBX_DWORD_Ptr_EDX_Add(i )
     
576.     If i <= 255  and i >= 0 Then
     
577.         PublicCode = PublicCode + "8D5A" + W_HighAndLow(i, 2)
     
578.     Else
     
579.         PublicCode = PublicCode + "8D9A" + W_HighAndLow(i, 8)
     
580.     End If
     
581. End Function
     
582. 
     
583. Function Lea_EBX_DWORD_Ptr_EDI_Add(i )
     
584.     If i <= 255  and i >= 0 Then
     
585.         PublicCode = PublicCode + "8D5F" + W_HighAndLow(i, 2)
     
586.     Else
     
587.         PublicCode = PublicCode + "8D9F" + W_HighAndLow(i, 8)
     
588.     End If
     
589. End Function
     
590. 
     
591. Function Lea_EBX_DWORD_Ptr_EBP_Add(i )
     
592.     If i <= 255  and i >= 0 Then
     
593.         PublicCode = PublicCode + "8D5D" + W_HighAndLow(i, 2)
     
594.     Else
     
595.         PublicCode = PublicCode + "8D9D" + W_HighAndLow(i, 8)
     
596.     End If
     
597. End Function
     
598. 
     
599. Function Lea_EBX_DWORD_Ptr_ESI_Add(i )
     
600.     If i <= 255  and i >= 0 Then
     
601.         PublicCode = PublicCode + "8D5E" + W_HighAndLow(i, 2)
     
602.     Else
     
603.         PublicCode = PublicCode + "8D9E" + W_HighAndLow(i, 8)
     
604.     End If
     
605. End Function
     
606. 
     
607. Function Lea_ECX_DWORD_Ptr_EAX_Add(i )
     
608.     If i <= 255  and i >= 0 Then
     
609.         PublicCode = PublicCode + "8D48" + W_HighAndLow(i, 2)
     
610.     Else
     
611.         PublicCode = PublicCode + "8D88" + W_HighAndLow(i, 8)
     
612.     End If
     
613. End Function
     
614. 
     
615. Function Lea_ECX_DWORD_Ptr_ESP_Add(i )
     
616.     If i <= 255  and i >= 0 Then
     
617.         PublicCode = PublicCode + "8D4C24" + W_HighAndLow(i, 2)
     
618.     Else
     
619.         PublicCode = PublicCode + "8D8C24" + W_HighAndLow(i, 8)
     
620.     End If
     
621. End Function
     
622. 
     
623. Function Lea_ECX_DWORD_Ptr_EBX_Add(i )
     
624.     If i <= 255  and i >= 0 Then
     
625.         PublicCode = PublicCode + "8D4B" + W_HighAndLow(i, 2)
     
626.     Else
     
627.         PublicCode = PublicCode + "8D8B" + W_HighAndLow(i, 8)
     
628.     End If
     
629. End Function
     
630. 
     
631. Function Lea_ECX_DWORD_Ptr_ECX_Add(i )
     
632.     If i <= 255  and i >= 0 Then
     
633.         PublicCode = PublicCode + "8D49" + W_HighAndLow(i, 2)
     
634.     Else
     
635.         PublicCode = PublicCode + "8D89" + W_HighAndLow(i, 8)
     
636.     End If
     
637. End Function
     
638. 
     
639. Function Lea_ECX_DWORD_Ptr_EDX_Add(i )
     
640.     If i <= 255  and i >= 0 Then
     
641.         PublicCode = PublicCode + "8D4A" + W_HighAndLow(i, 2)
     
642.     Else
     
643.         PublicCode = PublicCode + "8D8A" + W_HighAndLow(i, 8)
     
644.     End If
     
645. End Function
     
646. 
     
647. Function Lea_ECX_DWORD_Ptr_EDI_Add(i )
     
648.     If i <= 255  and i >= 0 Then
     
649.         PublicCode = PublicCode + "8D4F" + W_HighAndLow(i, 2)
     
650.     Else
     
651.         PublicCode = PublicCode + "8D8F" + W_HighAndLow(i, 8)
     
652.     End If
     
653. End Function
     
654. 
     
655. Function Lea_ECX_DWORD_Ptr_EBP_Add(i )
     
656.     If i <= 255  and i >= 0 Then
     
657.         PublicCode = PublicCode + "8D4D" + W_HighAndLow(i, 2)
     
658.     Else
     
659.         PublicCode = PublicCode + "8D8D" + W_HighAndLow(i, 8)
     
660.     End If
     
661. End Function
     
662. 
     
663. Function Lea_ECX_DWORD_Ptr_ESI_Add(i )
     
664.     If i <= 255  and i >= 0 Then
     
665.         PublicCode = PublicCode + "8D4E" + W_HighAndLow(i, 2)
     
666.     Else
     
667.         PublicCode = PublicCode + "8D8E" + W_HighAndLow(i, 8)
     
668.     End If
     
669. End Function
     
670. 
     
671. Function Lea_EDX_DWORD_Ptr_EAX_Add(i )
     
672.     If i <= 255  and i >= 0 Then
     
673.         PublicCode = PublicCode + "8D50" + W_HighAndLow(i, 2)
     
674.     Else
     
675.         PublicCode = PublicCode + "8D90" + W_HighAndLow(i, 8)
     
676.     End If
     
677. End Function
     
678. 
     
679. Function Lea_EDX_DWORD_Ptr_ESP_Add(i )
     
680.     If i <= 255  and i >= 0 Then
     
681.         PublicCode = PublicCode + "8D5424" + W_HighAndLow(i, 2)
     
682.     Else
     
683.         PublicCode = PublicCode + "8D9424" + W_HighAndLow(i, 8)
     
684.     End If
     
685. End Function
     
686. 
     
687. Function Lea_EDX_DWORD_Ptr_EBX_Add(i )
     
688.     If i <= 255  and i >= 0 Then
     
689.         PublicCode = PublicCode + "8D53" + W_HighAndLow(i, 2)
     
690.     Else
     
691.         PublicCode = PublicCode + "8D93" + W_HighAndLow(i, 8)
     
692.     End If
     
693. End Function
     
694. 
     
695. Function Lea_EDX_DWORD_Ptr_ECX_Add(i )
     
696.     If i <= 255  and i >= 0 Then
     
697.         PublicCode = PublicCode + "8D51" + W_HighAndLow(i, 2)
     
698.     Else
     
699.         PublicCode = PublicCode + "8D91" + W_HighAndLow(i, 8)
     
700.     End If
     
701. End Function
     
702. 
     
703. Function Lea_EDX_DWORD_Ptr_EDX_Add(i )
     
704.     If i <= 255  and i >= 0 Then
     
705.         PublicCode = PublicCode + "8D52" + W_HighAndLow(i, 2)
     
706.     Else
     
707.         PublicCode = PublicCode + "8D92" + W_HighAndLow(i, 8)
     
708.     End If
     
709. End Function
     
710. 
     
711. Function Lea_EDX_DWORD_Ptr_EDI_Add(i )
     
712.     If i <= 255  and i >= 0 Then
     
713.         PublicCode = PublicCode + "8D57" + W_HighAndLow(i, 2)
     
714.     Else
     
715.         PublicCode = PublicCode + "8D97" + W_HighAndLow(i, 8)
     
716.     End If
     
717. End Function
     
718. 
     
719. Function Lea_EDX_DWORD_Ptr_EBP_Add(i )
     
720.     If i <= 255  and i >= 0 Then
     
721.         PublicCode = PublicCode + "8D55" + W_HighAndLow(i, 2)
     
722.     Else
     
723.         PublicCode = PublicCode + "8D95" + W_HighAndLow(i, 8)
     
724.     End If
     
725. End Function
     
726. 
     
727. Function Lea_EDX_DWORD_Ptr_ESI_Add(i )
     
728.     If i <= 255  and i >= 0 Then
     
729.         PublicCode = PublicCode + "8D56" + W_HighAndLow(i, 2)
     
730.     Else
     
731.         PublicCode = PublicCode + "8D96" + W_HighAndLow(i, 8)
     
732.     End If
     
733. End Function
     
734. 
     
735. 
     
736. Function Pop_EAX()
     
737.     PublicCode = PublicCode + "58"
     
738. End Function
     
739. 
     
740. Function Pop_EBX()
     
741.     PublicCode = PublicCode + "5B"
     
742. End Function
     
743. 
     
744. Function Pop_ECX()
     
745.     PublicCode = PublicCode + "59"
     
746. End Function
     
747. 
     
748. Function Pop_EDX()
     
749.     PublicCode = PublicCode + "5A"
     
750. End Function
     
751. 
     
752. Function Pop_ESI()
     
753.     PublicCode = PublicCode + "5E"
     
754. End Function
     
755. 
     
756. Function Pop_ESP()
     
757.     PublicCode = PublicCode + "5C"
     
758. End Function
     
759. 
     
760. Function Pop_EDI()
     
761.     PublicCode = PublicCode + "5F"
     
762. End Function
     
763. 
     
764. Function Pop_EBP()
     
765.     PublicCode = PublicCode + "5D"
     
766. End Function

复制代码

会玩

看不懂

看不懂