flat assembler
Message board for the users of flat assembler.
 Home   FAQ   Search   Register 
 Profile   Log in to check your private messages   Log in 
flat assembler > Windows > Metamorphic Pseudo Assembler

Author
Thread Post new topic Reply to topic
samlaren



Joined: 19 Dec 2016
Posts: 5
Metamorphic Pseudo Assembler
I am releasing first version of my pseudo metamorphic assembler.

This very assembler reads own created instructions and mutates them differently to memory.

All instructions:

Code:

pushm == push [mem]  
pushr == push reg                 or        sub esp4 | mov [esp], reg
popm == pop [mem]
popr == pop reg                   or        mov reg, [esp] | add esp4
movm == mov reg, [mem]
movr == mov regreg2          or        push reg | pop reg2
movi == mov regimm          or        push imm | pop reg
@ret == ret
xorr == xor regreg2
jmp == jmp
je == je
jz == jz
cmpi == cmp regimm
cmpr == cmp regreg2
incr == inc reg                      or        add reg1
jne == jne
jnz == jnz
addi == add regimm             or        add reg, (imm+rand) | sub regrand
xori == xor regimm
@label == label:
subi == sub regimm             or         sub reg, (imm+rand) | add regrand
mov_ptr_reg == mov [reg], reg2     (does not work with esp or ebp in ptr position)
mov_reg_ptr == mov reg, [reg2]     (does not work with esp or ebp in ptr position)
testr == test regreg2            or         (or regreg)      or      (and regreg)
pushi == push imm
decr == dec reg
@call == call
@pushad == pushad
@popad == popad



If a mutation ends with a pseudo assembly instruction it can be added by the assembler and that way recursively mutate instructions.
The generated instructions are not garbage and are needed to execute the program.
Example of recursive metamorphism:

Code:
add eax1 -> add eax1+rand | sub eaxrand+rand2 | add eaxrand2+rand3 | sub eaxrand3rand4


As you can see it can continue and do this even for mov reg, reg2 and expand the code and morph it.

I had a simple solution for adapting the jumps to the code expansion.
The code first morphs it from the instructions and adds the neceasary labels.
It then takes the labels address from the data section and adds it to the all jumps.
The problem with this is that it the first jump will be assigned with the first label as destination, the second jump with the second labels address as destination and so on. The labels needs to be placed after each other in the data section because the jump fixer iterates through it by adding 4 to the first label address.

Example of jump implementation:

Code:
section '.code' readable writeable executable
main:

        movi REGEAX1
        testr REGEAXREGEAX    ; test eax, eax
        jz                      ; jz label1

        movi REGEAX0x20
        jmp                     ; jmp label2

@label1
        movi REGEAX0x10

@label2
        @ret

        call buffert
        invoke Sleep, -1


section '.data' readable writeable
label1          dd 0
label2          dd 0
pseudo          INSTR
bufferSize      dd 0
buffert dd ? 



To use it you have to allocate memory or use the data section in the example above.
As you can see it also needs a instruction struct named pseudo for use.
Add to pseudoAssembler.asm for own use:

Code:
buff            equ (your startaddress of buffer)
decryptorSize   equ (just a doubleword for counting the length and aligning)


This assembler is perfect for polymorphic crypters and polymorphic stubs aswell as code morphing.

Source:

Code:
;*******************************************
;*             (X) SamLaren 2016           *
;*******************************************
;*   Metamorphic Pseudo Assembler          *
;*                                         *
;* release v1.0             20/12-2016     *
;*                                         *
;*******************************************


buff            equ buffert
decryptorSize   equ bufferSize


include 'pseudo_assembler.inc'


fixAAjmps:
buff_size               equ [ebp+8]
buff_addr               equ [ebp+12]
label_arr_address       equ [ebp+16]

        push ebp
        mov ebpesp
        pushad


        xor ecxecx
        mov eaxbuff_addr
        mov ebxlabel_arr_address

_@lop1:
        cmp ecxbuff_size
        je end_lop1

        movzx edxbyte[eax+ecx]
        cmp dl0xE9
        je fix_jmp

        cmp dl0x74
        je fix_je_jmp

        cmp dl0x75
        je fix_jne_jmp


ret_to_lop:
        inc ecx
        jmp _@lop1


end_lop1:
        popad
        mov espebp
        pop ebp
ret

fix_jne_jmp:
        push edx
        mov edx, [ebx]
        sub edxbuff_addr
        sub edxecx
        sub edx2
        mov byte[eax+ecx+1], dl
        pop edx
        add ebx4
        jmp ret_to_lop

fix_je_jmp:
        push edx
        mov edx, [ebx]
        sub edxbuff_addr
        sub edxecx
        sub edx2
        mov byte[eax+ecx+1], dl
        pop edx
        add ebx4
        jmp ret_to_lop

fix_jmp:
        push edx
        mov edx, [ebx]
        sub edxbuff_addr
        sub edxecx
        sub edx5
        mov dword[eax+ecx+1], edx
        pop edx
        add ebx4
        jmp ret_to_lop



assembler:
buff_address            equ [ebp+8]
store_address           equ [ebp+12]
        push ebp
        mov ebpesp
        pushad

        xor eaxeax
        xor edxedx

        cmp [pseudo.type], TYPEPUSHAD
        je @ps_pushad

        cmp [pseudo.type], TYPEPOPAD
        je @ps_popad

        cmp [pseudo.type], TYPECALL
        je @ps_call

        cmp [pseudo.type], TYPEDECR
        je @decr

        cmp [pseudo.type], TYPEPUSHI
        je @pushi

        cmp [pseudo.type], TYPEPUSHM
        je @pushi

        cmp [pseudo.type], TYPETESTR
        je @testr

        cmp [pseudo.type], TYPEMOVREGPTR
        je @mov_reg_ptr

        cmp [pseudo.type], TYPEMOVPTRREG
        je @mov_ptr_reg

        cmp [pseudo.type], TYPESUBI
        je @subi

        cmp [pseudo.type], TYPELABEL
        je _label

        cmp [pseudo.type], TYPEXORI
        je @xori

        cmp [pseudo.type], TYPEADDI
        je @addi

        cmp [pseudo.type], TYPEJNE
        je @jnejump

        cmp [pseudo.type], TYPEINCR
        je @incr

        cmp [pseudo.type], TYPECMPR
        je @cmpr

        cmp [pseudo.type], TYPECMPI
        je @cmpi

        cmp [pseudo.type], TYPEJE
        je @jejump

        cmp [pseudo.type], TYPEJMP
        je @jump

        cmp [pseudo.type], TYPEXORR
        je @xorr

        cmp [pseudo.type], TYPEPUSHR
        je @pushr

        cmp [pseudo.type], TYPEPOPR
        je @popr

        cmp [pseudo.type], TYPEMOVI
        je @movi

        cmp [pseudo.type], TYPEMOVR
        je @movr

        cmp [pseudo.type], TYPERET
        je retfunc

_@exit:
        popad
        mov espebp
        pop ebp
        ret

@ps_popad:
        mov [pseudo.len], 0x1
        mov edibuff_address
        add edi, [decryptorSize]       ; Get next spot for instruction
        movzx eax, [pseudo.len]
        add [decryptorSize], eax       ; update decryptor size
        mov al0x61
        stosb
        jmp _@exit

@ps_pushad:
        mov [pseudo.len], 0x1
        mov edibuff_address
        add edi, [decryptorSize]       ; Get next spot for instruction
        movzx eax, [pseudo.len]
        add [decryptorSize], eax       ; update decryptor size
        mov al0x60
        stosb
        jmp _@exit

@ps_call:
        mov [pseudo.len], 0x6
        mov edibuff_address
        add edi, [decryptorSize]       ; Get next spot for instruction
        movzx eax, [pseudo.len]
        add [decryptorSize], eax       ; update decryptor size
        mov al0xFF
        stosb
        mov al0x15
        stosb
        mov eax, [pseudo.dst]
        stosd
        jmp _@exit


@decr:
        mov [pseudo.len], 0x1          ; size = 1
        mov edibuff_address
        add edi, [decryptorSize]       ; Get next spot for instruction
        movzx eax, [pseudo.len]
        add [decryptorSize], eax       ; update decryptor size
        mov al0x48
        add albyte[pseudo.dst]
        stosb
        jmp _@exit

@pushi:
        mov edx, [pseudo.src]
        cmp edx127
        ja large_i

        xor edxedx
        mov [pseudo.len], 0x2
        mov edibuff_address
        add edi, [decryptorSize]       ; Get next spot for instruction
        movzx eax, [pseudo.len]
        add [decryptorSize], eax       ; update decryptor size
        mov al0x6A
        stosb
        mov albyte[pseudo.src]
        stosb
        jmp _@exit


large_i:
        xor edxedx
        mov [pseudo.len], 0x5
        mov edibuff_address
        add edi, [decryptorSize]       ; Get next spot for instruction
        movzx eax, [pseudo.len]
        add [decryptorSize], eax       ; update decryptor size
        mov al0x68
        stosb
        mov eax, [pseudo.src]
        stosd
        xor eaxeax
        jmp _@exit



@testr:
        call Rand
        cmp eax6
        jae testr_mut_1
        cmp eax3
        jae testr_mut_1

        mov [pseudo.len], 0x2
        mov edibuff_address
        add edi, [decryptorSize]       ; Get next spot for instruction
        movzx eax, [pseudo.len]
        add [decryptorSize], eax       ; update decryptor size
        mov al0x85
        stosb
        mov albyte[pseudo.src]
        mov dl0x8
        mul dl
        add al0xC0
        add albyte[pseudo.dst]
        stosb
        jmp _@exit

        testr_mut_1:                            ; or reg, reg
                mov [pseudo.len], 0x2
                mov edibuff_address
                add edi, [decryptorSize]       ; Get next spot for instruction
                movzx eax, [pseudo.len]
                add [decryptorSize], eax       ; update decryptor size
                mov al0x09
                stosb
                mov albyte[pseudo.src]
                mov dl0x8
                mul dl
                add al0xC0
                add albyte[pseudo.dst]
                stosb
                jmp _@exit

        testr_mut_2:                            ; and reg, reg
                mov [pseudo.len], 0x2
                mov edibuff_address
                add edi, [decryptorSize]       ; Get next spot for instruction
                movzx eax, [pseudo.len]
                add [decryptorSize], eax       ; update decryptor size
                mov al0x21
                stosb
                mov albyte[pseudo.src]
                mov dl0x8
                mul dl
                add al0xC0
                add albyte[pseudo.dst]
                stosb
                jmp _@exit


@mov_reg_ptr:
        mov [pseudo.len], 0x2
        mov edibuff_address
        add edi, [decryptorSize]       ; Get next spot for instruction
        movzx eax, [pseudo.len]
        add [decryptorSize], eax       ; update decryptor size
        mov al0x8B
        stosb
        mov albyte[pseudo.dst]
        mov dl0x8
        mul dl
        add albyte[pseudo.src]
        stosb
        jmp _@exit


@mov_ptr_reg:
        mov [pseudo.len], 0x2
        mov edibuff_address
        add edi, [decryptorSize]       ; Get next spot for instruction
        movzx eax, [pseudo.len]
        add [decryptorSize], eax       ; update decryptor size
        mov al0x89
        stosb
        mov albyte[pseudo.src]
        mov dl0x8
        mul dl
        add albyte[pseudo.dst]
        stosb
        jmp _@exit

@subi:
        call Rand
        cmp eax4
        jae subi_mut_1

        mov [pseudo.len], 0x3          ; size = 3
        mov edibuff_address
        add edi, [decryptorSize]       ; Get next spot for instruction
        movzx eax, [pseudo.len]
        add [decryptorSize], eax       ; update decryptor size
        mov al0x83
        stosb
        mov al0xE8
        add albyte[pseudo.dst]
        stosb
        mov albyte[pseudo.src]
        stosb
        jmp _@exit

        subi_mut_1:                           ; sub reg, (imm+rand) | add reg, rand
                mov [pseudo.len], 0x3
                mov edibuff_address
                add edi, [decryptorSize]       ; Get next spot for instruction
                movzx eax, [pseudo.len]
                add [decryptorSize], eax       ; update decryptor size
                call Rand
                mov dlal
                mov al0x83
                stosb
                mov al0xE8
                add albyte[pseudo.dst]
                stosb
                mov albyte[pseudo.src]
                add aldl
                stosb
                mov byte[pseudo.src], dl
                jmp @addi


_label:
        mov eaxbuff_address
        add eax, [decryptorSize]
        mov edx, [ebp+12]
        mov [edx], eax
        jmp _@exit


@xori:
        mov [pseudo.len], 0x3          ; size = 3
        mov edibuff_address
        add edi, [decryptorSize]       ; Get next spot for instruction
        movzx eax, [pseudo.len]
        add [decryptorSize], eax       ; update decryptor size
        mov al0x83
        stosb
        mov al0xF0
        add albyte[pseudo.dst]
        stosb
        mov albyte[pseudo.src]
        stosb
        jmp _@exit

@addi:
        call Rand
        cmp eax4
        jae addi_mut_1


        mov [pseudo.len], 0x3          ; size = 3
        mov edibuff_address
        add edi, [decryptorSize]       ; Get next spot for instruction
        movzx eax, [pseudo.len]
        add [decryptorSize], eax       ; update decryptor size
        mov al0x83
        stosb
        mov al0xC0
        add albyte[pseudo.dst]
        stosb
        mov albyte[pseudo.src]
        stosb
        jmp _@exit

        addi_mut_1:                            ; add reg, (imm+rand) | sub reg, rand
                mov [pseudo.len], 0x3
                mov edibuff_address
                add edi, [decryptorSize]       ; Get next spot for instruction
                movzx eax, [pseudo.len]
                add [decryptorSize], eax       ; update decryptor size
                call Rand
                mov dlal
                mov al0x83
                stosb
                mov albyte[pseudo.dst]
                add al0xC0
                stosb
                mov albyte[pseudo.src]
                add aldl
                stosb
                mov byte[pseudo.src], dl
                jmp @subi



@jnejump:
        mov [pseudo.len], 0x2          ; size = 2
        mov edibuff_address
        add edi, [decryptorSize]       ; Get next spot for instruction
        movzx eax, [pseudo.len]
        add [decryptorSize], eax       ; update decryptor size
        mov al0x75
        stosb
        ;mov al, byte[pseudo.dst]
        ;stosb
        mov al0
        stosb
        jmp _@exit


@incr:
        call Rand
        cmp eax5
        jae add_1

        mov [pseudo.len], 0x1          ; size = 1
        mov edibuff_address
        add edi, [decryptorSize]       ; Get next spot for instruction
        movzx eax, [pseudo.len]
        add [decryptorSize], eax       ; update decryptor size
        mov al0x40
        add albyte[pseudo.dst]
        stosb
        jmp _@exit

        add_1:                         ; add reg, 1
                mov [pseudo.src], 1
                jmp @addi



@cmpr:
        mov [pseudo.len], 0x2          ; size = 2
        mov edibuff_address
        add edi, [decryptorSize]       ; Get next spot for instruction
        movzx eax, [pseudo.len]
        add [decryptorSize], eax       ; update decryptor size
        mov al0x39
        stosb
        mov albyte[pseudo.src]
        mov dl8
        mul dl
        add al0xC0
        add albyte[pseudo.dst]
        stosb
        jmp _@exit


@cmpi:
        mov [pseudo.len], 0x3          ; size = 3
        mov edibuff_address
        add edi, [decryptorSize]       ; Get next spot for instruction
        movzx eax, [pseudo.len]
        add [decryptorSize], eax       ; update decryptor size
        mov al0x83
        stosb
        mov al0xF8
        add albyte[pseudo.dst]
        stosb
        mov albyte[pseudo.src]
        stosb
        jmp _@exit

@jejump:
        mov [pseudo.len], 0x2          ; size = 2
        mov edibuff_address
        add edi, [decryptorSize]       ; Get next spot for instruction
        movzx eax, [pseudo.len]
        add [decryptorSize], eax       ; update decryptor size
        mov al0x74
        stosb
        ;mov al, byte[pseudo.dst]
        ;stosb
        mov al0
        stosb
        jmp _@exit

@jump:
        mov eaxbuff
        add eax, [decryptorSize]
        mov [pseudo.src], eax          ; save src location, vill aldrig hoppa från något annat ställe
        xor eaxeax

        mov [pseudo.len], 0x5          ; size = 5
        mov edibuff_address
        add edi, [decryptorSize]       ; Get next spot for instruction
        movzx eax, [pseudo.len]
        add [decryptorSize], eax       ; update decryptor size
        mov al0xE9
        stosb

        mov eax0
        stosd
        jmp _@exit

@xorr:
        mov [pseudo.len], 0x2          ; size = 2
        mov edibuff_address
        add edi, [decryptorSize]       ; Get next spot for instruction
        movzx eax, [pseudo.len]
        add [decryptorSize], eax       ; update decryptor size
        mov al0x31
        stosb
        mov albyte[pseudo.src]
        mov dl8
        mul dl
        add al0xC0
        add albyte[pseudo.dst]
        stosb
        jmp _@exit

retfunc:
        mov [pseudo.len], 0x1          ; size = 1
        mov edibuff_address
        add edi, [decryptorSize]       ; Get next spot for instruction
        movzx eax, [pseudo.len]
        add [decryptorSize], eax       ; update decryptor size
        mov al0xC3
        stosb
        jmp _@exit

@movi:
        call Rand
        cmp eax4
        jae movi_mut_1

        mov [pseudo.len], 0x5          ; size = 1
        mov edibuff_address
        add edi, [decryptorSize]       ; Get next spot for instruction
        movzx eax, [pseudo.len]
        add [decryptorSize], eax       ; update decryptor size
        mov al0xB8
        add albyte[pseudo.dst]
        stosb
        mov eax, [pseudo.src]
        stosd
        jmp _@exit

        movi_mut_1:                     ; push imm | pop reg
                mov [pseudo.len], 0x5
                mov edibuff_address
                add edi, [decryptorSize]       ; Get next spot for instruction
                movzx eax, [pseudo.len]
                add [decryptorSize], eax       ; update decryptor size
                mov al0x68
                stosb
                mov eax, [pseudo.src]
                stosd
                xor eaxeax
                jmp @popr


@popr:
        call Rand
        cmp eax5
        jae popr_mut_1

        mov [pseudo.len], 0x1          ; size = 1
        mov edibuff_address
        add edi, [decryptorSize]       ; Get next spot for instruction
        movzx eax, [pseudo.len]
        add [decryptorSize], eax       ; update decryptor size
        mov al0x58
        add albyte[pseudo.dst]
        stosb
        jmp _@exit

        popr_mut_1:                   ; mov reg, [esp] | add esp, 4
                mov [pseudo.len], 0x3
                mov edibuff_address
                add edi, [decryptorSize]       ; Get next spot for instruction
                movzx eax, [pseudo.len]
                add [decryptorSize], eax       ; update decryptor size
                mov al0x8B
                stosb
                mov albyte[pseudo.dst]
                mov dl8
                mul dl
                add al0x4
                stosb
                mov al0x24
                stosb
                mov [pseudo.dst], REGESP
                mov [pseudo.src], 0x4
                jmp @addi

@pushr:
        call Rand
        cmp eax5
        jae push_mut_1

        mov [pseudo.len], 0x1          ; size = 1
        mov edibuff_address
        add edi, [decryptorSize]       ; Get next spot for instruction
        movzx eax, [pseudo.len]
        add [decryptorSize], eax       ; update decryptor size
        mov al0x50
        add albyte[pseudo.src]
        stosb
        jmp _@exit

        push_mut_1:                       ; sub esp, 4 | mov [esp], reg
                mov [pseudo.len], 0x6
                mov edibuff_address
                add edi, [decryptorSize]       ; Get next spot for instruction
                movzx eax, [pseudo.len]
                add [decryptorSize], eax       ; update decryptor size
                mov al0x83
                stosb
                mov al0xEC
                stosb
                mov al0x4
                stosb
                mov al0x89
                stosb
                mov albyte[pseudo.src]
                mov dl8
                mul dl
                add al0x4
                stosb
                mov al0x24
                stosb
                jmp _@exit


@movr:
        call Rand
        cmp eax5
        jae movr_mut_1

        mov [pseudo.len], 0x2          ; size = 2
        mov edibuff_address
        add edi, [decryptorSize]       ; Get next spot for instruction
        movzx eax, [pseudo.len]
        add [decryptorSize], eax       ; update decryptor size
        mov al0x89
        stosb
        mov albyte[pseudo.src]
        mov dl0x8
        mul dl
        add al0xC0
        add albyte[pseudo.dst]
        stosb
        jmp _@exit

        movr_mut_1:                       ; push reg | pop reg2
                mov [pseudo.len], 0x1
                mov edibuff_address
                add edi, [decryptorSize]       ; Get next spot for instruction
                movzx eax, [pseudo.len]
                add [decryptorSize], eax       ; update decryptor size
                mov al0x50
                add albyte[pseudo.src]
                stosb
                jmp @popr



Rand:                     ; Random number between 0 and 10
        ;push ebp
        ;mov ebp, esp
        push edx
        push ecx
        xor eaxeax
        rdtsc
        xor edxedx
        mov ecx10
        div ecx
        mov eaxedx
        pop ecx
        pop edx
        ;mov esp, ebp
        ;pop ebp
ret                           

pseudoAssembler.inc

Code:

struct INSTR
        type      db ?
        src       dd ?
        dst       dd ?
        len       db ?
ends

macro store
{
        push buff
        call assembler
}

macro store_label arg1
{
        push arg1
        push buff
        call assembler
}

macro fix_jmps
{
        push label1
        push buff
        push [decryptorSize]
        call fixAAjmps
}

macro pushr src
{
        mov [pseudo.type], TYPEPUSHR
        mov [pseudo.src], src
        store
}

macro popr dst
{
        mov [pseudo.type], TYPEPOPR
        mov [pseudo.dst], dst
        store
}

macro movr dstsrc
{
        mov [pseudo.type], TYPEMOVR
        mov [pseudo.dst], dst
        mov [pseudo.src], src
        store
}

macro movi dstsrc
{
        mov [pseudo.type], TYPEMOVI
        mov [pseudo.dst], dst
        push eax
        mov eaxsrc
        mov [pseudo.src], eax
        pop eax
        store
}

macro movm dstsrc
{
        mov [pseudo.type], TYPEMOVI
        mov [pseudo.dst], dst
        push eax
        mov eaxsrc
        mov [pseudo.src], eax
        pop eax
        store
}

macro @ret
{
        mov [pseudo.type], TYPERET
        store
}

macro xorr dstsrc
{
        mov [pseudo.type], TYPEXORR
        mov [pseudo.src], src
        mov [pseudo.dst], dst
        store
}

macro jump
{
        mov [pseudo.type], TYPEJMP
        mov [pseudo.dst], 0
        store
}

macro jejump
{
        mov [pseudo.type], TYPEJE
        mov [pseudo.dst], 0
        store
}

macro jzjump
{
        mov [pseudo.type], TYPEJZ
        mov [pseudo.dst], 0
        store
}

macro cmpi dstsrc
{
        mov [pseudo.type], TYPECMPI
        mov [pseudo.dst], dst
        push eax
        mov eaxsrc
        mov [pseudo.src], src
        pop eax
        store
}

macro cmpm dstsrc
{
        mov [pseudo.type], TYPECMPI
        mov [pseudo.dst], dst
        push eax
        mov eaxsrc
        mov [pseudo.src], src
        pop eax
        store
}

macro cmpr dstsrc
{
        mov [pseudo.type], TYPECMPR
        mov [pseudo.dst], dst
        mov [pseudo.src], src
        store
}

macro incr dst
{
        mov [pseudo.type], TYPEINCR
        mov [pseudo.dst], dst
        store
}

macro jnejump
{
        mov [pseudo.type], TYPEJNE
        mov [pseudo.dst], 0
        store
}

macro jnzjump
{
        mov [pseudo.type], TYPEJNZ
        mov [pseudo.dst], 0
        store
}

macro addi dstsrc
{
        mov [pseudo.type], TYPEADDI
        mov [pseudo.dst], dst
        push eax
        mov eaxsrc
        mov [pseudo.src], eax
        pop eax
        store
}

macro addm dstsrc
{
        mov [pseudo.type], TYPEADDI
        mov [pseudo.dst], dst
        push eax
        mov eaxsrc
        mov [pseudo.src], eax
        pop eax
        store
}

macro xori dstsrc
{
        mov [pseudo.type], TYPEXORI
        push eax
        mov eaxsrc
        mov [pseudo.src], eax
        pop eax
        mov [pseudo.dst], dst
        store
}

macro xorm dstsrc
{
        mov [pseudo.type], TYPEXORI
        push eax
        mov eaxsrc
        mov [pseudo.src], eax
        pop eax
        mov [pseudo.dst], dst
        store
}

macro @label arg1
{
        mov [pseudo.type], TYPELABEL
        store_label arg1
}

macro subi dstsrc
{
        mov [pseudo.type], TYPESUBI
        push eax
        mov eaxsrc
        mov [pseudo.src], eax
        pop eax
        mov [pseudo.dst], dst
        store
}

macro subm dstsrc
{
        mov [pseudo.type], TYPESUBI
        push eax
        mov eaxsrc
        mov [pseudo.src], eax
        pop eax
        mov [pseudo.dst], dst
        store
}

macro mov_ptr_reg dstsrc
{
        mov [pseudo.type], TYPEMOVPTRREG
        mov [pseudo.dst], dst
        mov [pseudo.src], src
        store
}

macro mov_reg_ptr dstsrc
{
        mov [pseudo.type], TYPEMOVREGPTR
        mov [pseudo.dst], dst
        mov [pseudo.src], src
        store
}

macro testr dstsrc
{
        mov [pseudo.type], TYPETESTR
        mov [pseudo.dst], dst
        mov [pseudo.src], src
        store
}

macro pushi src
{
        mov [pseudo.type], TYPEPUSHI
        push eax
        mov eaxsrc
        mov [pseudo.src], eax
        pop eax
        store
}

macro pushm src
{
        mov [pseudo.type], TYPEPUSHI
        push eax
        mov eaxsrc
        mov [pseudo.src], eax
        pop eax
        store
}

macro decr dst
{
        mov [pseudo.type], TYPEDECR
        mov [pseudo.dst], dst
        store
}

macro @call dst
{
        mov [pseudo.type], TYPECALL
        mov [pseudo.dst], dst
        store
}

macro @pushad
{
        mov [pseudo.type], TYPEPUSHAD
        store
}

macro @popad
{
        mov [pseudo.type], TYPEPOPAD
        store
}

TYPEPUSHM       equ 0x16    ; push [mem]
TYPEPUSHR       equ 0x1     ; push reg
TYPEPOPM        equ 0x2     ; pop [mem]
TYPEPOPR        equ 0x3     ; pop reg
TYPEMOVM        equ 0x6     ; mov reg, [mem]
TYPEMOVR        equ 0x5     ; mov reg, reg2
TYPEMOVI        equ 0x6     ; mov reg, imm  / mov reg, [mem]
TYPERET         equ 0x7     ; ret
TYPEXORR        equ 0x8     ; xor reg, reg2
TYPEJMP         equ 0x9     ; jmp
TYPEJE          equ 0xA     ; je
TYPEJZ          equ 0xA     ; jz
TYPECMPI        equ 0xB     ; cmp reg, imm  / cmp reg, [mem]
TYPECMPR        equ 0xC     ; cmp reg, reg2
TYPEINCR        equ 0xD     ; inc reg
TYPEJNE         equ 0xE     ; jne
TYPEJNZ         equ 0xE     ; jnz
TYPEADDI        equ 0xF     ; add reg, imm  / add reg, [mem]
TYPEXORI        equ 0x10    ; xor reg, imm  / xor reg, [mem]
TYPELABEL       equ 0x11    ; label:
TYPESUBI        equ 0x12    ; sub reg, imm  / sub reg, [mem]
TYPEMOVPTRREG   equ 0x13    ; mov [reg], reg2         does not work with esp or ebp in ptr postition
TYPEMOVREGPTR   equ 0x14    ; mov reg, [reg2]         does not work with esp or ebp in ptr postition
TYPETESTR       equ 0x15    ; test reg, reg2
TYPEPUSHI       equ 0x16    ; push imm      / push [mem]
TYPEDECR        equ 0x17    ; dec reg
TYPECALL        equ 0x18    ; call
TYPEPUSHAD      equ 0x19    ; pushad
TYPEPOPAD       equ 0x1A    ; popad

REGEAX          equ 0x0
REGECX          equ 0x1
REGEDX          equ 0x2
REGEBX          equ 0x3
REGESP          equ 0x4
REGEBP          equ 0x5
REGESI          equ 0x6
REGEDI          equ 0x7



Use this as you want and contribute if you want. Hope it can come in use.
// SamLaren
Post 19 Dec 2016, 23:42
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 15156
Location: GW170817
Note that addi and subi do not leave the FLAGS in the same state as the original instruction would.
Post 20 Dec 2016, 07:57
View user's profile Send private message Visit poster's website Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >

Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2005 phpBB Group.

Main index   Download   Documentation   Examples   Message board
Copyright © 2004-2016, Tomasz Grysztar.