flat assembler
Message board for the users of flat assembler.
![]() |
Author |
|
pete 03 Jun 2009, 05:48
You could improve it this way:
Code: mov si,buffer cmp byte [si+4],'e' jne err cmp byte [si+5],'x' jne err cmp byte [si+6],'e' jne err safeexec: ... Or you get rid of the byte-comparisons and do a word or dword-comparison. |
|||
![]() |
|
GhostXoPCorp 03 Jun 2009, 07:21
true, thanks
_________________ Oh that divide overflow. Just jumps out of the bushes every time to scare the day lights out of me. |
|||
![]() |
|
ManOfSteel 03 Jun 2009, 07:31
Or just use string operands instead?
Code: rep* cmps* jcc Or, at the very least, some inc/decrements and loops/jmps, along with your comparisons? Also, what if the file name is not 3 chars long? What if there's no extension? What if there's more than 1 extension? In this case, you should set your pointer to the end of your buffer and go backwards until you find a ".", and only THEN do the above comparison (forwards). |
|||
![]() |
|
GhostXoPCorp 03 Jun 2009, 08:26
i know, i just need this for my type of application, thanks for the tip though
![]() _________________ Oh that divide overflow. Just jumps out of the bushes every time to scare the day lights out of me. |
|||
![]() |
|
GhostXoPCorp 04 Jun 2009, 21:13
well, that didnt work
![]() _________________ Oh that divide overflow. Just jumps out of the bushes every time to scare the day lights out of me. |
|||
![]() |
|
pete 05 Jun 2009, 06:16
Post the bit of code that didn't work!
|
|||
![]() |
|
lamar 10 Jun 2009, 16:53
Code: format pe gui 4.0 entry start include 'include\win32a.inc' start: invoke lstrlen,filename cmp eax,3 jl fileisok mov eax,dword [filename+eax-3] ;Last 3 char of filename or eax,202020h ;To lower case cmp eax,'exe' je not_safe_file fileisok: invoke MessageBox,0,fileok,title,MB_OK or MB_ICONINFORMATION jmp exit not_safe_file: invoke MessageBox,0,notsafefile,title,MB_OK or MB_ICONWARNING exit: invoke ExitProcess,0 title db 'Information',0 notsafefile db 'File not safe!',0 fileok db 'File is ok!',0 filename db 'virus.eXE',0 data import library kernel32,'KERNEL32.DLL',user32,'USER32.DLL' include 'include\api\kernel32.inc' include 'include\api\user32.inc' end data That is simpla. and 16 bit version: Code: mov si,buffer or word[si],2020h cmp word[si],'xe' jne file_ok or byte[si+2],20h cmp byte[si+2],'e' jne file_ok jmp safe_exec ![]() |
|||
![]() |
|
< Last Thread | Next Thread > |
Forum Rules:
|
Copyright © 1999-2023, Tomasz Grysztar. Also on GitHub, YouTube.
Website powered by rwasa.