虫虫联盟

 找回密码
 立即注册

扫一扫,访问微社区

QQ登录

只需一步,快速开始

新浪微博登陆

只需一步, 快速开始

查看: 1033|回复: 3

[安卓内存基础] 按键精灵ASM32内联汇编独立库原型(本人亲笔)

[复制链接]
  • TA的每日心情

    2018-6-1 15:26
  • 签到天数: 18 天

    [LV.4]偶尔看看III

    13

    主题

    33

    帖子

    300

    积分

    中级会员

    Rank: 3Rank: 3

    积分
    300
    QQ
    类人猿 发表于 2017-8-23 13:00:52 | 显示全部楼层 |阅读模式
    本帖最后由 类人猿 于 2017-8-23 13:05 编辑
    1. Function RunAsmCode(ProcessId, AsmType)//核心代码
    2.     Dim i                         //==========================================================
    3.     dim AsmCode1
    4.     AsmCode1=""
    5.     ReDim AsmCode(Len(PublicCode) / 2 - 1)
    6.     For i = 0 To UBound(AsmCode)
    7.         AsmCode1 = AsmCode1 &(" " & Mid(PublicCode, i * 2 + 1, 2)) //======里是字符集转换空格隔开======
    8.     Next
    9.     PublicCode = LTrim(AsmCode1)
    10.     //TracePrint PublicCode
    11.     十六进制字节集=PublicCode           //=========================================================
    12.     CodeSize = UBound(split(十六进制字节集, " "))+10 //加10避免空间不够用." "这个是十六进制字符分隔符
    13.     //TracePrint  CodeSize
    14.     NewWriteCodeAddr = 申请指定进程空间(ProcessId, CodeSize)//申请空
    15.     //TracePrint NewWriteCodeAddr
    16.     call 写入字节集(ProcessId, NewWriteCodeAddr, 十六进制字节集)
    17.     Handle_Process = OpenProcess(2035711, False, ProcessId)
    18.     RThwnd = CreateRemoteThread(Handle_Process, 0, 0, NewWriteCodeAddr, 0, 0, 0)
    19. End Function

    20. Function 远程注入汇编代码(ProcessId, 十六进制字节集)
    21.     CodeSize = UBound(split(十六进制字节集, " "))+10 //加10避免空间不够用." "这个是十六进制字符分隔符
    22.     //MessageBox   CodeSize
    23.     NewWriteCodeAddr = 申请指定进程空间(ProcessId, CodeSize)//申请空
    24.     call 写入字节集(ProcessId, NewWriteCodeAddr, 十六进制字节集)
    25.     Handle_Process = OpenProcess(2035711, False, ProcessId)
    26.     RThwnd = CreateRemoteThread(Handle_Process, 0, 0, NewWriteCodeAddr, 0, 0, 0)
    27. End function
    28. //Call 十六进制字节集转化成十进制字节集("55 8B EC A1 7C 24 2C 01 6A 00 8B 08 A1 78 3E 2C 01 8B C0 FF D0 5D C3")
    29. Function 十六进制字节集转化成十进制字节集(HexByteStr)//这个功能是将十六进制字节集转化成十进制字符数组
    30.     HexByteStr=Replace(HexByteStr," ","")
    31.     Dim i
    32.     ReDim HexByteArr(Len(HexByteStr) / 2 - 1)
    33.     For i = 0 To UBound(HexByteArr)
    34.         HexByteArr(i) = CByte("&H" & Mid(HexByteStr, i * 2 + 1, 2))

    35.         十六进制字节集转化成十进制字节集=十六进制字节集转化成十进制字节集&" "& HexByteArr(i)
    36.     Next
    37.     //TracePrint 十六进制字节集转化成十进制字节集
    38.     //Get_Result = CallWindowProc(AsmCode(0), 0, 0, 0, 0)
    39.     //Get_Result = CallWindowProc(AsmCode(0),0,0,0,0)//=================================================================不懂这里为什么参数会出错
    40. End Function

    41. Function 获取函数地址API(Module, Name_Api)//这个是有缺陷的
    42.     //Name_Api=Name_Api &"0000"
    43.     Dim Module_Handle,String_Addr,Function_Addr
    44.     //Do
    45.     Module_Handle = GetModuleHandleA(Module)//获取句柄
    46.     //    TracePrint "dll模块的地址="& Hex(Module_Handle)
    47.     String_Addr = 字符集ASCII变量指针(Name_Api)//获取名字指针变量
    48.     //TracePrint "函数名字变量指针(存数据)="&String_Addr
    49.     Function_Addr = GetProcAddress(Module_Handle, String_Addr)//第二个参数是指针变量
    50.     //Loop Until Function_Addr <> 0
    51.     获取函数地址API = Function_Addr
    52. End Function

    53. Function 远程注入dll(ProcessId, LoadLibraryA_Addr,dll路径字符串)
    54.     CodeSize = len(dll路径字符串)+10 //加10避免空间不够用
    55.     //TracePrint  CodeSize
    56.     NewWriteCodeAddr = 申请指定进程空间(ProcessId, CodeSize)//申请空
    57.     CALL 写入字符集ASCII(ProcessId, NewWriteCodeAddr, dll路径字符串)
    58.     Handle_Process = OpenProcess(2035711, False, ProcessId)
    59.     RThwnd = CreateRemoteThread(Handle_Process, 0, 0, LoadLibraryA_Addr, NewWriteCodeAddr, 0, 0)        
    60. End Function

    61. Function 申请指定进程空间(ProcessId,size)
    62.     Handle_Process = OpenProcess(2035711, False, ProcessId)
    63.     tmp_Addr = VirtualAllocEx(Handle_Process, 0, size, 4096, 64)
    64.     //TracePrint tmp_Addr
    65.     申请指定进程空间=tmp_Addr
    66. End Function

    67. Function 释放进程分配空间(ProcessId,Addr)
    68.     Handle_Process = OpenProcess(2035711, False, ProcessId)
    69.     tmp_Addr = VirtualFreeEx(Handle_Process, Addr, 0,32768)  //第三个参数设置大小,直接用0,应该是全部清除
    70.     //TracePrint Hex(tmp_Addr)
    71. End Function

    72. Function 写入字符集ASCII(ProcessId, lpBaseAddress, 字符串)
    73.     i=1
    74.     For len(字符串)
    75.         //        TracePrint mid(字符串, i, 1)
    76.         //        TracePrint Asc(mid(字符串, i, 1))
    77.         字符代码数值 = Asc(mid(字符串, i, 1))
    78.         Call 写入单字符ASCII(ProcessId, (lpBaseAddress-1+i), 字符代码数值)
    79.         i=i+1
    80.     Next
    81. End Function

    82. Function 字符集ASCII变量指针(字符串)
    83.     Dim 内存大小
    84.     Dim NewAddr
    85.     Dim i
    86.     内存大小 = Len(字符串)
    87.     //TracePrint 内存大小
    88.     NewAddr = (LocalAlloc(0, 内存大小 + 2))//这个-1是为了适应下面的代码  /0是表示空字符00000000
    89.     //    TracePrint  NewAddr
    90.     //TracePrint "申请存放汇编字节集" & Hex(NewAddr)
    91.     i=1
    92.     For len(字符串)
    93.         //        TracePrint mid(字符串, i, 1)
    94.         //        TracePrint Asc(mid(字符串, i, 1))
    95.         字符代码数值 = Asc(mid(字符串, i, 1))
    96.         //        TracePrint 字符代码数值
    97.         Call 写入单字符ASCII(GetCurrentProcessId(), (NewAddr - 1 + i), 字符代码数值)
    98.         //        TracePrint NewAddr-1+i
    99.         i=i+1
    100.     Next
    101.     call 写入双字节内存整数(GetCurrentProcessId(),(NewAddr - 1 + i),0)
    102.     //    TracePrint "最后一个整" & NewAddr-1+i
    103.     字符集ASCII变量指针=NewAddr
    104. End Function

    105. Function 写入单字符ASCII(ProcessId, lpBaseAddress, WriteValue)
    106.     Dim Handle_Process//进程句柄
    107.     Handle_Process = OpenProcess(2035711, false, ProcessId)//获取进程句柄
    108.     //TracePrint "Handle_Process=" & Handle_Process//要写入的地址
    109.     Addr_Low = chrw(WriteValue)/*由于写入内存又要传址,所以不能直接以Long型写入,将要写入的数值分割成低字和高字,以Unicode码形式分别存放在两个变量里, 一个Uniclde字符能放两字节,两个才是4字节*/
    110.     Call WriteProcessMemory(Handle_Process, lpBaseAddress, Addr_Low, 1, 0)  //  lpBaseAddress是存放数据的地址
    111.     call  CloseHandle (Handle_Process)//关闭进程对象句柄               
    112. End Function


    113. Function 写入字节集(ProcessId, WriteAddr, 十六进制字节集)

    114.     NewAddr = WriteAddr //写入头地址
    115.     //TracePrint "申请存放汇编字节集地址" & Hex(NewAddr)
    116.     字节数组=Split(十六进制字节集," ")
    117.     i=0
    118.     For UBound(字节数组)+1
    119.         //        TracePrint 字节数组(i)
    120.         call 写入单字节整数(ProcessId, NewAddr+i,"&H"&字节数组(i)) //这里我统一加上&H,可以进行运
    121.         i=i+1
    122.     Next
    123. End Function
    124.   
    125. Function 字节集变量指针(十六进制字节集)
    126.     NewAddr = LocalAlloc(0, 200)
    127.     //TracePrint "申请存放汇编字节集" & Hex(NewAddr)
    128.     字节数组=Split(十六进制字节集," ")
    129.     i=0
    130.     For UBound(字节数组)+1
    131.         //        TracePrint 字节数组(i)
    132.         call 写入单字节整数(GetCurrentProcessId(), NewAddr+i,int(字节数组(i)))
    133.         i=i+1
    134.     Next
    135.     字节集变量指针=NewAddr
    136. End Function

    137. Function 写入单字节整数(ProcessId, lpBaseAddress, WriteValue) //第二个是WriteAddr
    138.     Dim Handle_Process//进程句柄
    139.     Handle_Process = OpenProcess(2035711, false, ProcessId)//获取进程句柄
    140.     //TracePrint "Handle_Process=" & Handle_Process//要写入的地址
    141.     Addr_Low = chrw(WriteValue mod 256)/*由于写入内存又要传址,所以不能直接以Long型写入,将要写入的数值分割成低字和高字,以Unicode码形式分别存放在两个变量里, 一个Uniclde字符能放两字节,两个才是4字节*/
    142.     //Addr_High = chrw(int(WriteValue / 65536))//读取WriteAddr原来的值//用这个测试的时候,我们检测下2字节的最大值和4字节的最大值,注意数据溢出
    143.     Call WriteProcessMemory(Handle_Process, lpBaseAddress, Addr_Low, 1, 0)  //  lpBaseAddress是存放数据的地址
    144.     //Call Write(Handle_Process, lpBaseAddress + 2, Addr_High, 2, 0)//读取WriteAddr现在的值
    145.     call  CloseHandle (Handle_Process)//关闭进程对象句柄        
    146. End Function

    147. Function 写入双字节内存整数(ProcessId, lpBaseAddress, WriteValue) //第二个是WriteAddr
    148.     Dim Handle_Process//进程句柄
    149.     Handle_Process = OpenProcess(2035711, false, ProcessId)//获取进程句柄
    150.     //TracePrint "Handle_Process=" & Handle_Process//要写入的地址
    151.     Addr_Low = Chrw(WriteValue)/*由于写入内存又要传址,所以不能直接以Long型写入,将要写入的数值分割成低字和高字,以Unicode码形式分别存放在两个变量里, 一个Uniclde字符能放两字节,两个才是4字节*/
    152.     Call WriteProcessMemory(Handle_Process, lpBaseAddress, Addr_Low, 2, 0)  //  lpBaseAddress是存放数据的地址
    153.     call  CloseHandle (Handle_Process)//关闭进程对象句柄        
    154. End Function

    155. Function 双字节整数变量指针(WriteValue)//第二个是WriteAddr=======================
    156.     NewAddr = LocalAlloc(0, 2)
    157.     //TracePrint "申请存放汇编字节集" & Hex(NewAddr)
    158.     Dim Handle_Process//进程句柄
    159.     Handle_Process = OpenProcess(2035711, false, GetCurrentProcessId())//获取进程句柄
    160.     //TracePrint "Handle_Process=" & Handle_Process//要写入的地址
    161.     Addr_Low = Chrw(WriteValue)/*由于写入内存又要传址,所以不能直接以Long型写入,将要写入的数值分割成低字和高字,以Unicode码形式分别存放在两个变量里, 一个Uniclde字符能放两字节,两个才是4字节*/
    162.     Call WriteProcessMemory(Handle_Process, NewAddr, Addr_Low, 2, 0)  //  lpBaseAddress是存放数据的地址
    163.     Call CloseHandle(Handle_Process)//关闭进程对象句柄        
    164.     双字节整数变量指针=NewAddr
    165. End Function


    166. Function 写入四字节内存整数(ProcessId, lpBaseAddress, WriteValue) //第二个是WriteAddr
    167.     Dim Handle_Process//进程句柄
    168.     Handle_Process = OpenProcess(2035711, false, ProcessId)//获取进程句柄
    169.     //TracePrint "Handle_Process=" & Handle_Process//要写入的地址
    170.     Addr_Low = Chrw(WriteValue mod 65536)/*由于写入内存又要传址,所以不能直接以Long型写入,将要写入的数值分割成低字和高字,以Unicode码形式分别存放在两个变量里, 一个Uniclde字符能放两字节,两个才是4字节*/
    171.     Addr_High = Chrw(int(WriteValue / 65536))//读取WriteAddr原来的值//用这个测试的时候,我们检测下2字节的最大值和4字节的最大值,注意数据溢出
    172.     Call WriteProcessMemory(Handle_Process, lpBaseAddress, Addr_Low, 2, 0)  //  lpBaseAddress是存放数据的地址
    173.     Call WriteProcessMemory(Handle_Process, lpBaseAddress + 2, Addr_High, 2, 0)//读取WriteAddr现在的值
    174.     call  CloseHandle (Handle_Process)//关闭进程对象句柄        
    175. End Function

    176. Function 四字节整数变量指针(WriteValue)//第二个是WriteAddr
    177.     NewAddr = LocalAlloc(0, 4)
    178.     //TracePrint "申请存放汇编字节集" & Hex(NewAddr)
    179.     Dim Handle_Process//进程句柄
    180.     Handle_Process = OpenProcess(2035711, false, GetCurrentProcessId())//获取进程句柄
    181.     //TracePrint "Handle_Process=" & Handle_Process//要写入的地址
    182.     Addr_Low = Chrw(WriteValue mod 65536)/*由于写入内存又要传址,所以不能直接以Long型写入,将要写入的数值分割成低字和高字,以Unicode码形式分别存放在两个变量里, 一个Uniclde字符能放两字节,两个才是4字节*/
    183.     Addr_High = Chrw(int(WriteValue / 65536))//读取WriteAddr原来的值//用这个测试的时候,我们检测下2字节的最大值和4字节的最大值,注意数据溢出
    184.     Call WriteProcessMemory(Handle_Process, NewAddr, Addr_Low, 2, 0)  //  lpBaseAddress是存放数据的地址
    185.     Call WriteProcessMemory(Handle_Process, NewAddr + 2, Addr_High, 2, 0)//读取WriteAddr现在的值
    186.     call  CloseHandle (Handle_Process)//关闭进程对象句柄        
    187. End Function

    188. Function 获取变量数据类型(变量)
    189.     获取变量数据类型=TypeName(变量)
    190. End Function
    191. Function W_GetCode()
    192.     W_GetCode = PublicCode
    193. End Function

    194. Function W_HighAndLow(Value , n) '高低位互换
    195.     Dim tmp1 , tmp2 , i
    196.     tmp1 = Right("0000000" + Hex(Value), n)
    197.     For i = 0 To Len(tmp1) / 2 - 1
    198.         tmp2 = tmp2 + Mid(tmp1, Len(tmp1) - 1 - 2 * i, 2)
    199.     Next    //=======================================这里出错
    200.     W_HighAndLow = tmp2
    201. End Function


    202. //Function W_HighAndLow(Value, n)'高低位互换,这个是更新版本,n是多余的参数,还有bug 0000
    203. //    If Value <255 and Value >16 Then
    204. //        W_HighAndLow = Hex(Value)
    205. //    ElseIf Value < 16 and Value >=0 Then
    206. //      
    207. //            W_HighAndLow = "0" + Hex(Value)
    208. //        
    209. //    Else
    210. //        W_HighAndLow = Hex(htonl(Value))
    211. //    End If
    212. //End Function

    213. Function Mov_EAX_ESP()
    214.     PublicCode = PublicCode + "8BC4"
    215. End Function

    216. Function Mov_EBX_EBP()
    217.     PublicCode = PublicCode + "8BDD"
    218. End Function

    219. Function Mov_EBX_EAX()
    220.     PublicCode = PublicCode + "8BD8"
    221. End Function

    222. Function Mov_EBX_ECX()
    223.     PublicCode = PublicCode + "8BD9"
    224. End Function

    225. Function Mov_EBX_EDI()
    226.     PublicCode = PublicCode + "8BDF"
    227. End Function

    228. Function Mov_EBX_EDX()
    229.     PublicCode = PublicCode + "8BDA"
    230. End Function

    231. Function Mov_EBX_ESI()
    232.     PublicCode = PublicCode + "8BDE"
    233. End Function

    234. Function Mov_EBX_ESP()
    235.     PublicCode = PublicCode + "8BDC"
    236. End Function

    237. Function Mov_ECX_EBP()
    238.     PublicCode = PublicCode + "8BCD"
    239. End Function

    240. Function Mov_ECX_EAX()
    241.     PublicCode = PublicCode + "8BC8"
    242. End Function

    243. Function Mov_ECX_EBX()
    244.     PublicCode = PublicCode + "8BCB"
    245. End Function

    246. Function Mov_ECX_EDI()
    247.     PublicCode = PublicCode + "8BCF"
    248. End Function

    249. Function Mov_ECX_EDX()
    250.     PublicCode = PublicCode + "8BCA"
    251. End Function

    252. Function Mov_ECX_ESI()
    253.     PublicCode = PublicCode + "8BCE"
    254. End Function

    255. Function Mov_ECX_ESP()
    256.     PublicCode = PublicCode + "8BCC"
    257. End Function

    258. Function Mov_EDX_EBP()
    259.     PublicCode = PublicCode + "8BD5"
    260. End Function

    261. Function Mov_EDX_EBX()
    262.     PublicCode = PublicCode + "8BD3"
    263. End Function

    264. Function Mov_EDX_ECX()
    265.     PublicCode = PublicCode + "8BD1"
    266. End Function

    267. Function Mov_EDX_EDI()
    268.     PublicCode = PublicCode + "8BD7"
    269. End Function

    270. Function Mov_EDX_EAX()
    271.     PublicCode = PublicCode + "8BD0"
    272. End Function

    273. Function Mov_EDX_ESI()
    274.     PublicCode = PublicCode + "8BD6"
    275. End Function

    276. Function Mov_EDX_ESP()
    277.     PublicCode = PublicCode + "8BD4"
    278. End Function

    279. Function Mov_ESI_EBP()
    280.     PublicCode = PublicCode + "8BF5"
    281. End Function

    282. Function Mov_ESI_EBX()
    283.     PublicCode = PublicCode + "8BF3"
    284. End Function

    285. Function Mov_ESI_ECX()
    286.     PublicCode = PublicCode + "8BF1"
    287. End Function

    288. Function Mov_ESI_EDI()
    289.     PublicCode = PublicCode + "8BF7"
    290. End Function

    291. Function Mov_ESI_EAX()
    292.     PublicCode = PublicCode + "8BF0"
    293. End Function

    294. Function Mov_ESI_EDX()
    295.     PublicCode = PublicCode + "8BF2"
    296. End Function

    297. Function Mov_ESI_ESP()
    298.     PublicCode = PublicCode + "8BF4"
    299. End Function

    300. Function Mov_ESP_EBP()
    301.     PublicCode = PublicCode + "8BE5"
    302. End Function

    303. Function Mov_ESP_EBX()
    304.     PublicCode = PublicCode + "8BE3"
    305. End Function

    306. Function Mov_ESP_ECX()
    307.     PublicCode = PublicCode + "8BE1"
    308. End Function

    309. Function Mov_ESP_EDI()
    310.     PublicCode = PublicCode + "8BE7"
    311. End Function

    312. Function Mov_ESP_EAX()
    313.     PublicCode = PublicCode + "8BE0"
    314. End Function

    315. Function Mov_ESP_EDX()
    316.     PublicCode = PublicCode + "8BE2"
    317. End Function

    318. Function Mov_ESP_ESI()
    319.     PublicCode = PublicCode + "8BE6"
    320. End Function

    321. Function Mov_EDI_EBP()
    322.     PublicCode = PublicCode + "8BFD"
    323. End Function

    324. Function Mov_EDI_EAX()
    325.     PublicCode = PublicCode + "8BF8"
    326. End Function

    327. Function Mov_EDI_EBX()
    328.     PublicCode = PublicCode + "8BFB"
    329. End Function

    330. Function Mov_EDI_ECX()
    331.     PublicCode = PublicCode + "8BF9"
    332. End Function

    333. Function Mov_EDI_EDX()
    334.     PublicCode = PublicCode + "8BFA"
    335. End Function

    336. Function Mov_EDI_ESI()
    337.     PublicCode = PublicCode + "8BFE"
    338. End Function

    339. Function Mov_EDI_ESP()
    340.     PublicCode = PublicCode + "8BFC"
    341. End Function
    342. Function Mov_EBP_EDI()
    343.     PublicCode = PublicCode + "8BDF"
    344. End Function

    345. Function Mov_EBP_EAX()
    346.     PublicCode = PublicCode + "8BE8"
    347. End Function

    348. Function Mov_EBP_EBX()
    349.     PublicCode = PublicCode + "8BEB"
    350. End Function

    351. Function Mov_EBP_ECX()
    352.     PublicCode = PublicCode + "8BE9"
    353. End Function

    354. Function Mov_EBP_EDX()
    355.     PublicCode = PublicCode + "8BEA"
    356. End Function

    357. Function Mov_EBP_ESI()
    358.     PublicCode = PublicCode + "8BEE"
    359. End Function

    360. Function Mov_EBP_ESP()
    361.     PublicCode = PublicCode + "8BEC"
    362. End Function
    363. 'Push
    364. '+++++++++++++++++++++++++++++++++++
    365. Function Push(i)
    366.     If i <= 255  and i >= 0 Then
    367.         PublicCode = PublicCode + "6A" + W_HighAndLow(i, 2)
    368.     Else
    369.         PublicCode = PublicCode + "68" + W_HighAndLow(i, 8)
    370.     End If
    371. End Function

    372. Function Push_DWORD_Ptr_Addr(i )
    373.     PublicCode = PublicCode + "FF35" + W_HighAndLow(i, 8)
    374. End Function

    375. Function Push_EAX()
    376.     PublicCode = PublicCode + "50"
    377. End Function

    378. Function Push_ECX()
    379.     PublicCode = PublicCode + "51"
    380. End Function

    381. Function Push_EDX()
    382.     PublicCode = PublicCode + "52"
    383. End Function

    384. Function Push_EBX()
    385.     PublicCode = PublicCode + "53"
    386. End Function
    387. Function Push_ESP()
    388.     PublicCode = PublicCode + "54"
    389. End Function

    390. Function Push_EBP()
    391.     PublicCode = PublicCode + "55"
    392. End Function

    393. Function Push_ESI()
    394.     PublicCode = PublicCode + "56"
    395. End Function

    396. Function Push_EDI()
    397.     PublicCode = PublicCode + "57"
    398. End Function
    399. 'LEA
    400. Function Lea_EAX_DWORD_Ptr_EAX_Add(i )
    401.     If i <= 255  and i >= 0 Then
    402.         PublicCode = PublicCode + "8D40" + W_HighAndLow(i, 2)
    403.     Else
    404.         PublicCode = PublicCode + "8D80" + W_HighAndLow(i, 8)
    405.     End If
    406. End Function

    407. Function Lea_EAX_DWORD_Ptr_EBX_Add(i )
    408.     If i <= 255  and i >= 0 Then
    409.         PublicCode = PublicCode + "8D43" + W_HighAndLow(i, 2)
    410.     Else
    411.         PublicCode = PublicCode + "8D83" + W_HighAndLow(i, 8)
    412.     End If
    413. End Function

    414. Function Lea_EAX_DWORD_Ptr_ECX_Add(i )
    415.     If i <= 255  and i >= 0 Then
    416.         PublicCode = PublicCode + "8D41" + W_HighAndLow(i, 2)
    417.     Else
    418.         PublicCode = PublicCode + "8D81" + W_HighAndLow(i, 8)
    419.     End If
    420. End Function

    421. Function Lea_EAX_DWORD_Ptr_EDX_Add(i )
    422.     If i <= 255  and i >= 0 Then
    423.         PublicCode = PublicCode + "8D42" + W_HighAndLow(i, 2)
    424.     Else
    425.         PublicCode = PublicCode + "8D82" + W_HighAndLow(i, 8)
    426.     End If
    427. End Function

    428. Function Lea_EAX_DWORD_Ptr_ESI_Add(i )
    429.     If i <= 255  and i >= 0 Then
    430.         PublicCode = PublicCode + "8D46" + W_HighAndLow(i, 2)
    431.     Else
    432.         PublicCode = PublicCode + "8D86" + W_HighAndLow(i, 8)
    433.     End If
    434. End Function

    435. Function Lea_EAX_DWORD_Ptr_ESP_Add(i )
    436.     If i <= 255  and i >= 0 Then
    437.         PublicCode = PublicCode + "8D40" + W_HighAndLow(i, 2)
    438.     Else
    439.         PublicCode = PublicCode + "8D80" + W_HighAndLow(i, 8)
    440.     End If
    441. End Function

    442. Function Lea_EAX_DWORD_Ptr_EBP_Add(i )
    443.     If i <= 255  and i >= 0 Then
    444.         PublicCode = PublicCode + "8D4424" + W_HighAndLow(i, 2)
    445.     Else
    446.         PublicCode = PublicCode + "8D8424" + W_HighAndLow(i, 8)
    447.     End If
    448. End Function

    449. Function Lea_EAX_DWORD_Ptr_EDI_Add(i )
    450.     If i <= 255  and i >= 0 Then
    451.         PublicCode = PublicCode + "8D47" + W_HighAndLow(i, 2)
    452.     Else
    453.         PublicCode = PublicCode + "8D87" + W_HighAndLow(i, 8)
    454.     End If
    455. End Function

    456. Function Lea_EBX_DWORD_Ptr_EAX_Add(i )
    457.     If i <= 255  and i >= 0 Then
    458.         PublicCode = PublicCode + "8D58" + W_HighAndLow(i, 2)
    459.     Else
    460.         PublicCode = PublicCode + "8D98" + W_HighAndLow(i, 8)
    461.     End If
    462. End Function

    463. Function Lea_EBX_DWORD_Ptr_ESP_Add(i )
    464.     If i <= 255  and i >= 0 Then
    465.         PublicCode = PublicCode + "8D5C24" + W_HighAndLow(i, 2)
    466.     Else
    467.         PublicCode = PublicCode + "8D9C24" + W_HighAndLow(i, 8)
    468.     End If
    469. End Function

    470. Function Lea_EBX_DWORD_Ptr_EBX_Add(i )
    471.     If i <= 255  and i >= 0 Then
    472.         PublicCode = PublicCode + "8D5B" + W_HighAndLow(i, 2)
    473.     Else
    474.         PublicCode = PublicCode + "8D9B" + W_HighAndLow(i, 8)
    475.     End If
    476. End Function

    477. Function Lea_EBX_DWORD_Ptr_ECX_Add(i )
    478.     If i <= 255  and i >= 0 Then
    479.         PublicCode = PublicCode + "8D59" + W_HighAndLow(i, 2)
    480.     Else
    481.         PublicCode = PublicCode + "8D99" + W_HighAndLow(i, 8)
    482.     End If
    483. End Function

    484. Function Lea_EBX_DWORD_Ptr_EDX_Add(i )
    485.     If i <= 255  and i >= 0 Then
    486.         PublicCode = PublicCode + "8D5A" + W_HighAndLow(i, 2)
    487.     Else
    488.         PublicCode = PublicCode + "8D9A" + W_HighAndLow(i, 8)
    489.     End If
    490. End Function

    491. Function Lea_EBX_DWORD_Ptr_EDI_Add(i )
    492.     If i <= 255  and i >= 0 Then
    493.         PublicCode = PublicCode + "8D5F" + W_HighAndLow(i, 2)
    494.     Else
    495.         PublicCode = PublicCode + "8D9F" + W_HighAndLow(i, 8)
    496.     End If
    497. End Function

    498. Function Lea_EBX_DWORD_Ptr_EBP_Add(i )
    499.     If i <= 255  and i >= 0 Then
    500.         PublicCode = PublicCode + "8D5D" + W_HighAndLow(i, 2)
    501.     Else
    502.         PublicCode = PublicCode + "8D9D" + W_HighAndLow(i, 8)
    503.     End If
    504. End Function

    505. Function Lea_EBX_DWORD_Ptr_ESI_Add(i )
    506.     If i <= 255  and i >= 0 Then
    507.         PublicCode = PublicCode + "8D5E" + W_HighAndLow(i, 2)
    508.     Else
    509.         PublicCode = PublicCode + "8D9E" + W_HighAndLow(i, 8)
    510.     End If
    511. End Function

    512. Function Lea_ECX_DWORD_Ptr_EAX_Add(i )
    513.     If i <= 255  and i >= 0 Then
    514.         PublicCode = PublicCode + "8D48" + W_HighAndLow(i, 2)
    515.     Else
    516.         PublicCode = PublicCode + "8D88" + W_HighAndLow(i, 8)
    517.     End If
    518. End Function

    519. Function Lea_ECX_DWORD_Ptr_ESP_Add(i )
    520.     If i <= 255  and i >= 0 Then
    521.         PublicCode = PublicCode + "8D4C24" + W_HighAndLow(i, 2)
    522.     Else
    523.         PublicCode = PublicCode + "8D8C24" + W_HighAndLow(i, 8)
    524.     End If
    525. End Function

    526. Function Lea_ECX_DWORD_Ptr_EBX_Add(i )
    527.     If i <= 255  and i >= 0 Then
    528.         PublicCode = PublicCode + "8D4B" + W_HighAndLow(i, 2)
    529.     Else
    530.         PublicCode = PublicCode + "8D8B" + W_HighAndLow(i, 8)
    531.     End If
    532. End Function

    533. Function Lea_ECX_DWORD_Ptr_ECX_Add(i )
    534.     If i <= 255  and i >= 0 Then
    535.         PublicCode = PublicCode + "8D49" + W_HighAndLow(i, 2)
    536.     Else
    537.         PublicCode = PublicCode + "8D89" + W_HighAndLow(i, 8)
    538.     End If
    539. End Function

    540. Function Lea_ECX_DWORD_Ptr_EDX_Add(i )
    541.     If i <= 255  and i >= 0 Then
    542.         PublicCode = PublicCode + "8D4A" + W_HighAndLow(i, 2)
    543.     Else
    544.         PublicCode = PublicCode + "8D8A" + W_HighAndLow(i, 8)
    545.     End If
    546. End Function

    547. Function Lea_ECX_DWORD_Ptr_EDI_Add(i )
    548.     If i <= 255  and i >= 0 Then
    549.         PublicCode = PublicCode + "8D4F" + W_HighAndLow(i, 2)
    550.     Else
    551.         PublicCode = PublicCode + "8D8F" + W_HighAndLow(i, 8)
    552.     End If
    553. End Function

    554. Function Lea_ECX_DWORD_Ptr_EBP_Add(i )
    555.     If i <= 255  and i >= 0 Then
    556.         PublicCode = PublicCode + "8D4D" + W_HighAndLow(i, 2)
    557.     Else
    558.         PublicCode = PublicCode + "8D8D" + W_HighAndLow(i, 8)
    559.     End If
    560. End Function

    561. Function Lea_ECX_DWORD_Ptr_ESI_Add(i )
    562.     If i <= 255  and i >= 0 Then
    563.         PublicCode = PublicCode + "8D4E" + W_HighAndLow(i, 2)
    564.     Else
    565.         PublicCode = PublicCode + "8D8E" + W_HighAndLow(i, 8)
    566.     End If
    567. End Function

    568. Function Lea_EDX_DWORD_Ptr_EAX_Add(i )
    569.     If i <= 255  and i >= 0 Then
    570.         PublicCode = PublicCode + "8D50" + W_HighAndLow(i, 2)
    571.     Else
    572.         PublicCode = PublicCode + "8D90" + W_HighAndLow(i, 8)
    573.     End If
    574. End Function

    575. Function Lea_EDX_DWORD_Ptr_ESP_Add(i )
    576.     If i <= 255  and i >= 0 Then
    577.         PublicCode = PublicCode + "8D5424" + W_HighAndLow(i, 2)
    578.     Else
    579.         PublicCode = PublicCode + "8D9424" + W_HighAndLow(i, 8)
    580.     End If
    581. End Function

    582. Function Lea_EDX_DWORD_Ptr_EBX_Add(i )
    583.     If i <= 255  and i >= 0 Then
    584.         PublicCode = PublicCode + "8D53" + W_HighAndLow(i, 2)
    585.     Else
    586.         PublicCode = PublicCode + "8D93" + W_HighAndLow(i, 8)
    587.     End If
    588. End Function

    589. Function Lea_EDX_DWORD_Ptr_ECX_Add(i )
    590.     If i <= 255  and i >= 0 Then
    591.         PublicCode = PublicCode + "8D51" + W_HighAndLow(i, 2)
    592.     Else
    593.         PublicCode = PublicCode + "8D91" + W_HighAndLow(i, 8)
    594.     End If
    595. End Function

    596. Function Lea_EDX_DWORD_Ptr_EDX_Add(i )
    597.     If i <= 255  and i >= 0 Then
    598.         PublicCode = PublicCode + "8D52" + W_HighAndLow(i, 2)
    599.     Else
    600.         PublicCode = PublicCode + "8D92" + W_HighAndLow(i, 8)
    601.     End If
    602. End Function

    603. Function Lea_EDX_DWORD_Ptr_EDI_Add(i )
    604.     If i <= 255  and i >= 0 Then
    605.         PublicCode = PublicCode + "8D57" + W_HighAndLow(i, 2)
    606.     Else
    607.         PublicCode = PublicCode + "8D97" + W_HighAndLow(i, 8)
    608.     End If
    609. End Function

    610. Function Lea_EDX_DWORD_Ptr_EBP_Add(i )
    611.     If i <= 255  and i >= 0 Then
    612.         PublicCode = PublicCode + "8D55" + W_HighAndLow(i, 2)
    613.     Else
    614.         PublicCode = PublicCode + "8D95" + W_HighAndLow(i, 8)
    615.     End If
    616. End Function

    617. Function Lea_EDX_DWORD_Ptr_ESI_Add(i )
    618.     If i <= 255  and i >= 0 Then
    619.         PublicCode = PublicCode + "8D56" + W_HighAndLow(i, 2)
    620.     Else
    621.         PublicCode = PublicCode + "8D96" + W_HighAndLow(i, 8)
    622.     End If
    623. End Function


    624. Function Pop_EAX()
    625.     PublicCode = PublicCode + "58"
    626. End Function

    627. Function Pop_EBX()
    628.     PublicCode = PublicCode + "5B"
    629. End Function

    630. Function Pop_ECX()
    631.     PublicCode = PublicCode + "59"
    632. End Function

    633. Function Pop_EDX()
    634.     PublicCode = PublicCode + "5A"
    635. End Function

    636. Function Pop_ESI()
    637.     PublicCode = PublicCode + "5E"
    638. End Function

    639. Function Pop_ESP()
    640.     PublicCode = PublicCode + "5C"
    641. End Function

    642. Function Pop_EDI()
    643.     PublicCode = PublicCode + "5F"
    644. End Function

    645. Function Pop_EBP()
    646.     PublicCode = PublicCode + "5D"
    647. End Function
    复制代码

  • TA的每日心情
    开心
    2020-6-19 12:27
  • 签到天数: 818 天

    [LV.10]以坛为家III

    817

    主题

    1918

    帖子

    1万

    积分

    管理员

    Rank: 9Rank: 9Rank: 9

    积分
    15281

    射手座猴年

    admin实名认证 发表于 2017-8-23 20:35:48 | 显示全部楼层
    会玩
    回复

    使用道具 举报

  • TA的每日心情
    开心
    2019-8-28 13:10
  • 签到天数: 67 天

    [LV.6]常住居民II

    27

    主题

    115

    帖子

    6676

    积分

    版主

    Rank: 7Rank: 7Rank: 7

    积分
    6676

    天蝎座猴年

    QQ
    -暗-实名认证 发表于 2017-8-24 00:39:07 | 显示全部楼层
    看不懂
    回复

    使用道具 举报

  • TA的每日心情
    慵懒
    2017-11-21 10:33
  • 签到天数: 10 天

    [LV.3]偶尔看看II

    1

    主题

    22

    帖子

    109

    积分

    注册会员

    Rank: 2

    积分
    109
    306785188 发表于 2017-9-19 09:31:48 | 显示全部楼层
    看不懂
    回复

    使用道具 举报

    您需要登录后才可以回帖 登录 | 立即注册 新浪微博登陆

    本版积分规则

    QQ|手机版|小黑屋|虫虫联盟 ( 备案号:蜀ICP备15018121号-1 )

    GMT+8, 2020-9-27 13:49 , Processed in 0.551573 second(s), 34 queries .

    Powered by Discuz! X3.4 Licensed

    © 2001-2017 Comsenz Inc.

    快速回复 返回顶部 返回列表