-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathasmfunc.asm
More file actions
190 lines (171 loc) · 2.43 KB
/
asmfunc.asm
File metadata and controls
190 lines (171 loc) · 2.43 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
MEMSEG segment READ WRITE 'STACK'
IFNDEF _WIN64
msize dd 7FF8h
mcapacity dd 0h
array1 byte 7FF8h DUP(00h)
ELSE
msize dq 7FF0h
mcapacity dq 0h
array1 byte 7FF0h DUP(00h)
ENDIF
MEMSEG ends
IFNDEF _WIN64
.686p
.XMM
.model flat, C
ENDIF
PUBLIC allocMem
PUBLIC getPeb
PUBLIC getLdrData
PUBLIC sicmp
PUBLIC getExeName
.code
IFDEF _WIN64
getPeb proc
mov rax, gs:[60h]
ret
getPeb endp
getLdrData proc
call GetPeb
mov rax, qword ptr [rax+18h]
ret
getLdrData endp
; getRip proc
; pop rax
; push rax
; ret
; getRip endp
sicmp proc
xor rax,rax
push rbx
beg:
push r8
movzx r8, byte ptr[rcx]
cmp r8b,0h
je fin
sub r8b, byte ptr[rdx]
mov rbx,r8
neg r8b
cmovl r8,rbx
xor rbx,rbx
cmp r8b,20h
cmove r8,rbx
test r8,r8
setne al
pop r8
jne fin_e
lea rcx, qword ptr[rcx+r8+1]
lea rdx, qword ptr[rdx+r8+1]
jmp beg
fin:
xor rbx,rbx
dec rbx
sub r8b,byte ptr[rdx]
cmovl rax,rbx
pop r8
fin_e:
pop rbx
ret
sicmp endp
getExeName proc
call getLdrData
mov rax,[rax+20h]
mov rax,[rax+50h]
ret
getExeName endp
allocMem proc
add rcx,8h
and rcx, qword -10h
mov rax,rcx
add rax,mcapacity
cmp rax,msize
jg oom
mov rcx,OFFSET array1
add rcx,mcapacity
mov mcapacity,rax
mov rax,rcx
jmp fin
oom:
xor rax,rax
fin:
ret
allocMem endp
ELSE
ASSUME FS:NOTHING
getPeb proc
mov eax, fs:[30h]
ret
getPeb endp
getLdrData proc
call GetPeb
mov eax, dword ptr [eax+0Ch]
ret
getLdrData endp
getExeName proc
call getLdrData
mov eax,[eax+14h]
mov eax,[eax+28h]
ret
getExeName endp
sicmp proc
xor eax,eax
push ebx
push ecx
push edx
push esi
mov esi, dword ptr[esp+14h]
mov edx, dword ptr[esp+18h]
mov ecx, dword ptr[esp+1Ch]
beg:
push ecx
movzx ecx, byte ptr[esi]
cmp cl,0h
je fin
sub cl, byte ptr[edx]
mov ebx,ecx
neg cl
cmovl ecx,ebx
xor ebx,ebx
cmp cl,20h
cmove ecx,ebx
test ecx,ecx
setne al
pop ecx
jne fin_e
lea esi, dword ptr[esi+ecx+1]
lea edx, dword ptr[edx+ecx+1]
jmp beg
fin:
xor ebx,ebx
dec ebx
sub cl,byte ptr[edx]
cmovl eax,ebx
pop ecx
fin_e:
pop esi
pop edx
pop ecx
pop ebx
ret
sicmp endp
allocMem proc
mov eax,dword ptr[esp+4h]
add eax,4h
and eax,dword -8h
push ecx
add eax,mcapacity
cmp eax,msize
jg oom
mov ecx,OFFSET array1
add ecx,mcapacity
mov mcapacity,eax
mov eax,ecx
jmp fin
oom:
xor eax,eax
fin:
pop ecx
ret
allocMem endp
ENDIF
end