flat assembler
Message board for the users of flat assembler.

Index > Windows > Help optimize this random remote procecess injector...

Author
Thread Post new topic Reply to topic
shism2



Joined: 14 Sep 2005
Posts: 248
shism2 18 Nov 2005, 00:01
Code:
jmp _T2



proc _T2  
                mov eax,PrE
                mov [PrE.dwSize],eax
        invoke CreateToolhelp32Snapshot,2,0
        mov [temp],eax
        invoke Process32First,[temp],PrE
        

        
        mov EAX,DWORD  [DS:7FFE0000h] < --- mini GetTickCount
        mov ebx,eax
        jmp T2
        
        ret

 endp


T3:
                mov eax,PrE
                mov [PrE.dwSize],eax
        invoke CreateToolhelp32Snapshot,2,0
        mov [temp],eax
        invoke Process32First,[temp],PrE
                mov [errorc],0
                sub ebx,20h

T2:


  
     
   .repeat
             cmp ebx,0
              jnz continuenow
        
                
             jmp remotecreate
  
            continuenow:
  
          invoke Process32Next,[temp],PrE
          @GetLastError
          mov [errorc],eax
          mov eax,[errorc]
          cmp eax ,12h
          invoke SetLastError,0
          je T3
  
          .endif
          dec ebx
  .until ebx,e,0
        
        invoke OpenProcess,PROCESS_ALL_ACCESS,TRUE,[PrE.th32ProcessID] 
                mov [handle1],eax    



Here it continues to the remote process injection

I was thinking of chaching the pid's and then randomly chosing one


Last edited by shism2 on 18 Nov 2005, 05:02; edited 2 times in total
Post 18 Nov 2005, 00:01
View user's profile Send private message Reply with quote
comrade



Joined: 16 Jun 2003
Posts: 1150
Location: Russian Federation
comrade 18 Nov 2005, 04:30
where is the problem

or do u expect people to read ur unindent code filled with tricks such as senseless GetTickCount substitution
Post 18 Nov 2005, 04:30
View user's profile Send private message Visit poster's website AIM Address Yahoo Messenger MSN Messenger ICQ Number Reply with quote
shism2



Joined: 14 Sep 2005
Posts: 248
shism2 18 Nov 2005, 05:00
Ok so youll read it if it's indentied? Senseless... To you it maybe... To me it isn't
Post 18 Nov 2005, 05:00
View user's profile Send private message Reply with quote
okasvi



Joined: 18 Aug 2005
Posts: 382
Location: Finland
okasvi 18 Nov 2005, 12:25
why do you want to choose the target app to be injected into randomly? is this somehow "educational" code you are working on?

_________________
When We Ride On Our Enemies
support reverse smileys |:
Post 18 Nov 2005, 12:25
View user's profile Send private message MSN Messenger Reply with quote
shism2



Joined: 14 Sep 2005
Posts: 248
shism2 19 Nov 2005, 00:23
sort of and it is also for fun
Post 19 Nov 2005, 00:23
View user's profile Send private message Reply with quote
RedGhost



Joined: 18 May 2005
Posts: 443
Location: BC, Canada
RedGhost 19 Nov 2005, 06:43
well you could increment each Process32, store the pid/etc in an array, then generate a random number from 0-#_of_processes, and then inject into the process whos info is stored in in the randomly chosen element of said array, or find the number of processes how ever...

but why would you want to inject randomly.. seems fishy

also could you give some info on ds:$7FFE0000, i tested and 100 units of it represent a second or so (only roughly tested) as opposed to 1000 with GetTickCount (milliseconds), what is it?

_________________
redghost.ca
Post 19 Nov 2005, 06:43
View user's profile Send private message AIM Address MSN Messenger Reply with quote
shism2



Joined: 14 Sep 2005
Posts: 248
shism2 19 Nov 2005, 08:33
its a semi GetTickcount, I only use part of the whole GetTickCount api.

Tommorrow I'll post the whole thing if you want it.

I'm not doing anything bad with this either so Wink
Post 19 Nov 2005, 08:33
View user's profile Send private message Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2024, Tomasz Grysztar. Also on GitHub, YouTube.

Website powered by rwasa.