VC++内襄汇编的问题

答案:3 悬赏:0 手机版

解决时间 2021-08-21 15:32

提问者网友：你独家记忆
2021-08-20 21:02

就是我想搞个汇编插件，但是不知道该如何将获得的代码

转换为汇编代码的呢？

谢谢说说思路，给个方法！！

最佳答案

五星知识达人网友：野味小生
2021-08-20 21:56

反汇编

全部回答

1楼网友：大漠
2021-08-20 22:54

楼上的都说了反汇编，我就只说注入。

看你的意思是想直接注入代码，基本思路是先把代码写进目标进程，同时要把那块写入代码的内存属性改为可读和可执行，最后想办法使代码运行就完成了。

至于你写进的代码最好使用汇编写，并且直接转成机器码，并注意堆栈平衡。

提醒一下，这东西做起来也简单，关键是PE文件的理解

2楼网友：北城痞子
2021-08-20 22:05

楼上的误人啊。windows的debug反汇编dos程序还差不多。windows的程序要用IDA（静态反汇编）。OD（动态调试）这样的工具来得到汇编代码的。而且还要提醒楼主一下，自己写反汇编程序不是那么容易的。我先给你贴上一部分代码，你看你能看懂多少。如果看不懂就放弃吧。

#define BYTES_TO_DECODE 16

const char *Regs[3][9] = { {"al", "cl", "dl", "bl", "ah", "ch", "dh", "bh"}, {"ax", "cx", "dx", "bx", "sp", "bp", "si", "di"}, {"eax","ecx","edx","ebx","esp","ebp","esi","edi"} };

const char *RegSize[4] = {"Qword","Dword","Word","Byte"}; const char *Segs[8] = {"ES","CS","SS","DS","FS","GS","SEG?","SEG?"};

void Decode(DISASSEMBLY *Disasm,char *Opcode,DWORD *Index) { DWORD dwMem=0,dwOp=0; int i=*Index,RegRepeat=0,LockRepeat=0,SegRepeat=0,RepRepeat=0,AddrRepeat=0; int RM=REG32,SEG=SEG_DS,ADDRM=REG32; int PrefixesSize=0,PrefixesRSize=0; WORD wMem=0,wOp=0; bool RegPrefix=0,LockPrefix=0,SegPrefix=0,RepPrefix=0,AddrPrefix=0; BYTE Bit_D=0, Bit_W=0; char menemonic[256]=""; char RSize[10]="Dword"; BYTE Op=(BYTE)Opcode[i];

while( (Op==0x66) || (Op==0x0F0)|| (Op==0x2E) || (Op==0x36) || (Op==0x3E) || (Op==0x26) || (Op==0x64) || (Op==0x65) || (Op==0xF2) || (Op==0xF3) || (Op==0x67) ) { switch(Op) { case 0x66: { RM=REG16; RegPrefix=1; BYTE temp; wsprintf(RSize,"%s",RegSize[2]); lstrcat(Disasm->Opcode,"66:"); i++; ++(*Index); Op=(BYTE)Opcode[i]; temp=(BYTE)Opcode[i+1]; RegRepeat++; if(RegRepeat>1) { strcpy(Disasm->Opcode,"66:"); strcpy(Disasm->Remarks,"Prefix DataSize:"); Disasm->OpcodeSize=1; Disasm->PrefixSize=0; (*Index)-=RegRepeat; return; } } break;

case 0x67: { ADDRM=REG16; AddrPrefix=1; BYTE temp; lstrcat(Disasm->Opcode,"67:"); i++; ++(*Index); Op=(BYTE)Opcode[i]; temp=(BYTE)Opcode[i+1]; AddrRepeat++; if(AddrRepeat>1) { strcpy(Disasm->Opcode,"67:"); strcpy(Disasm->Remarks,"Prefix AddrSize:"); Disasm->OpcodeSize=1; Disasm->PrefixSize=0; (*Index)-=AddrRepeat; return; } } break;

case 0x0F0: { //BYTE temp; LockPrefix=1; //RegPrefix=0; lstrcat(Disasm->Opcode,"F0:"); strcpy(Disasm->Assembly,"lock "); i++; ++(*Index); Op=(BYTE)Opcode[i]; //temp=(BYTE)Opcode[i+1]; LockRepeat++; if(LockRepeat>1) { strcpy(Disasm->Assembly,""); strcpy(Disasm->Opcode,"F0:"); strcpy(Disasm->Remarks,"Prefix LOCK:"); Disasm->OpcodeSize=1; Disasm->PrefixSize=0; (*Index)-=LockRepeat; return; } } break;

case 0xF2: case 0xF3: { BYTE NextOp=(BYTE)Opcode[i+1]; BYTE NextOp2=(BYTE)Opcode[i+2]; RepPrefix=1; wsprintf(menemonic,"%02X:",Op); lstrcat(Disasm->Opcode,menemonic); switch(Op) { case 0xF2:wsprintf(menemonic,"repne ");break; case 0xF3:wsprintf(menemonic,"repe ");break; } lstrcat(Disasm->Assembly,menemonic); i++; ++(*Index); Op=(BYTE)Opcode[i]; RepRepeat++; if(!( (Op>=0xA4 && Op<=0xA7) || (Op>=0xAA && Op<=0xAF) || (NextOp==0x0F && NextOp2==0x2A) || (NextOp==0x0F && NextOp2==0x10) || (NextOp==0x0F && NextOp2==0x11) || (NextOp==0x0F && NextOp2==0x2C) || (NextOp==0x0F && NextOp2==0x2D) || (NextOp==0x0F && NextOp2==0x51) || (NextOp==0x0F && NextOp2==0x52) || (NextOp==0x0F && NextOp2==0x53) || (NextOp==0x0F && NextOp2==0x58) || (NextOp==0x0F && NextOp2==0x59) || (NextOp==0x0F && NextOp2==0x5C) || (NextOp==0x0F && NextOp2==0x5D) || (NextOp==0x0F && NextOp2==0x5E) || (NextOp==0x0F && NextOp2==0x5F) || (NextOp==0x0F && NextOp2==0xC2) ) ) { strcpy(Disasm->Assembly,""); strcpy(Disasm->Remarks,"Prefix REP:"); Disasm->OpcodeSize=1; Disasm->PrefixSize=0; (*Index)-=RepRepeat; return; } } break;

case 0x2E: case 0x36: case 0x3E: case 0x26: case 0x64: case 0x65: { BYTE temp; switch(Op) { case 0x2E: SEG = SEG_CS; break; case 0x36: SEG = SEG_SS; break; case 0x3E: SEG = SEG_DS; break; case 0x26: SEG = SEG_ES; break; case 0x64: SEG = SEG_FS; break; case 0x65: SEG = SEG_GS; break; }

SegPrefix=1; wsprintf(menemonic,"%02X:",Op); lstrcat(Disasm->Opcode,menemonic); i++; ++(*Index); Op=(BYTE)Opcode[i]; temp=(BYTE)Opcode[i-2]; SegRepeat++;

if(SegRepeat>1) { BYTE opc=(BYTE)Opcode[i-1];

if( temp==0x2E || temp==0x36 || temp==0x3E || temp==0x26 || temp==0x64 || temp==0x65 || temp==0x66 || temp==0xF0 || temp==0x67 ) { if(temp==0x66 || temp==0xF0 || temp==0x67) { opc=(BYTE)Opcode[i-3]; SegRepeat++; } else opc=(BYTE)Opcode[i-2];

switch(opc) { case 0x2E: SEG = SEG_CS; break; // Segment CS case 0x36: SEG = SEG_SS; break; case 0x3E: SEG = SEG_DS; break; case 0x26: SEG = SEG_ES; break; case 0x64: SEG = SEG_FS; break; case 0x65: SEG = SEG_GS; break; }

strcpy(Disasm->Assembly,""); wsprintf(menemonic,"%02X:",opc); strcpy(Disasm->Opcode,menemonic); wsprintf(menemonic,"Prefix %s:",Segs[SEG]); strcpy(Disasm->Remarks,menemonic); Disasm->OpcodeSize=0; Disasm->PrefixSize=1; (*Index)-=SegRepeat; } return; } } break; default: { LockRepeat=0; RegRepeat=0; SegRepeat=0; RegPrefix=0; LockPrefix=0; SegPrefix=0; strcpy(RSize,RegSize[1]); } break; } }

我要举报

如以上问答信息为低俗、色情、不良、暴力、侵权、涉及违法等信息，可以点下面链接进行举报！