Laszlo wrote:
I don't have VC++6, but I guess you did not export your function. Add to the linker command line options: /EXPORT:spyn. When you compile the program as a console application, the function name should appear in the assembler listing, so you can search for it.
I had thought that was neccessary only for a DLL.
Now I opted the wizard mode and created a simple Win32 Console application and added
scpyn in
exports.defCode:
// main.cpp : Defines the entry point for the console application.
//
#include "stdafx.h"
int main(int argc, char* argv[])
{
return 0;
}
void scpyn(char* dest, char* source, int n) {
while (--n)*dest++ = *source++;
*dest = 0;
}
The neccessary part of disasm dump:
Code:
DEBUG :: scpyn
=========
scpyn
=========
:00401010 56 push esi
:00401011 8B742410 mov esi, dword[esp+10]
:00401015 4E dec esi
:00401016 7416 je 0040102E
:00401018 8B4C240C mov ecx, dword[esp+0C]
:0040101C 8B442408 mov eax, dword[esp+08]
---------
:00401020 8A11 mov dl, byte[ecx]
:00401022 8810 mov byte[eax], dl
:00401024 40 inc eax
:00401025 41 inc ecx
:00401026 4E dec esi
:00401027 75F7 jne 00401020
:00401029 C60000 mov byte[eax], 00
:0040102C 5E pop esi
:0040102D C3 ret
---------
:0040102E 8B442408 mov eax, dword[esp+08]
:00401032 5E pop esi
:00401033 C60000 mov byte[eax], 00
:00401036 C3 ret
:00401037 90 90 90 90 90 90 90 90 90 .........
Derived hex :
568B7424104E74168B4C240C8B4424088A11881040414E75F7C600005EC3is different from yours :
558becff4d108b4508740e8b4d0c8a1188104041ff4d1075f5c600005dc3 .. though it seems to work:
Code:
MCode( Code, "568B7424104E74168B4C240C8B4424088A11881040414E75F7C600005EC38B4424085EC60000C3" )
OldStr := "The Quick Brown Fox Jumps Over The Lazy Dog"
VarSetCapacity( NewStr,15+1 )
DllCall( &Code, Str,NewStr, Str,OldStr, UInt,15+1, "cdecl" )
MsgBox, % "[" NewStr "]`n" Errorlevel
MCode(ByRef code, hex) { ; allocate memory and write Machine Code there
VarSetCapacity(code,StrLen(hex)//2)
Loop % StrLen(hex)//2
NumPut("0x" . SubStr(hex,2*A_Index-1,2), code, A_Index-1, "Char")
}
Quote:
You can extract the machine code from each non-comment line. It is between the first and second white space (tab). I copy the function code to the clipboard, where a simple AHK script removes the beginning and end of each line.
Thanks! I have it as follows, now:
Code:
Loop, Parse, Clipboard, `n, `r
Hex .= RegExReplace( SubStr(A_LoopField,11,20), "(^\s*|\s*$)")
Clipboard := Hex
MsgBox,0, % StrLen(Hex)//2, % Hex
Laszlo wrote:
There are, unfortunatelly exceptions. Sometimes a longer block of machine code is spread into 2 lines. I don't have an intelligent enough script, just process the bad code manually.
I was referring to a different problem. Would a function
GoTo to an another offset ? If that is the case, should I jump to the relevant part to extract the hex code ? Does these machine code functions always end with hex
C3 ?
Thanks for all the help Sir, but I am terribly confused.
Login
Register
FAQ
Search
. Thank you Sir.
