flat assembler
Message board for the users of flat assembler.
Index
> Main > strange macro to me |
Author |
|
revolution 10 Sep 2012, 01:05
Well you didn't give us any context so we have guess where you are using this. So I would guess that you are using this in a stdcall function as a parameter push. Amirite?
BTW: If this code is in a loop, or called more than once, then each second time you will print the encrypted text. |
|||
10 Sep 2012, 01:05 |
|
yorath 10 Sep 2012, 01:07
revolution wrote: Well you didn't give us any context so we have guess where you are using this. So I would guess that you are using this in a stdcall function as a parameter push. Amirite? sorry, i use the macro like this: x_call 'kernel32' |
|||
10 Sep 2012, 01:07 |
|
revolution 10 Sep 2012, 02:30
If you gave the context then we could probably be much surer about what is happening, but it appears as though the call is used to push the address of the string onto the stack. And presumably a later stdcall or invoke is present to use that parameter and restore the stack upon return.
|
|||
10 Sep 2012, 02:30 |
|
yorath 10 Sep 2012, 02:53
This is the whole project: http://pastebin.com/GsQxy3Lh
The purpose is to hide these strings in case that anti-virus may mark it malicious if i use some sensitive api Is the information above enough? |
|||
10 Sep 2012, 02:53 |
|
revolution 10 Sep 2012, 03:08
So this is why:
Code: x_call 'kernel32' pop edx invoke LoadLibrary, edx yorath wrote: The purpose is to hide these strings in case that anti-virus may mark it malicious if i use some sensitive api I would suggest instead to not bother with these encrypting tricks, they won't help you avoid the AV triggers. Just write your code normally and there is a much better chance that the AV will let it pass without a problem. Using tricks like this is an excellent way to make the AV nervous and put your code in jail. |
|||
10 Sep 2012, 03:08 |
|
yorath 10 Sep 2012, 03:39
Thanks, but the code is not written by me. I couldn't understand how it works. Do you have any ideas? When will the codes between the call .s and the label .s be executed?
|
|||
10 Sep 2012, 03:39 |
|
revolution 10 Sep 2012, 03:59
yorath wrote: When will the codes between the call .s and the label .s be executed? |
|||
10 Sep 2012, 03:59 |
|
< Last Thread | Next Thread > |
Forum Rules:
|
Copyright © 1999-2024, Tomasz Grysztar. Also on GitHub, YouTube.
Website powered by rwasa.