flat assembler
Message board for the users of flat assembler.
Index
> Main > Inserting assembly in an existing program. |
Author |
|
LocoDelAssembly 21 Sep 2010, 03:16
If that is the full source then yes, you missed "use32" part, fasm by default assembles 16-bit code unless otherwise specified (either with use* or by the format).
The other problem you have are the addresses, you are using the relative virtual addresses but them are not the actual addresses at run-time. In the case of the first MOV EBX, it is "MOV EBX, 401240h" what you probably need (if image base is 00400000). PS: BTW, I think you want "MOV AL, 4Ah" instead of "MOV EAX, 4Ah" and also "XOR [EBX], AL" instead of "XOR [EBX], EAX" |
|||
21 Sep 2010, 03:16 |
|
evanejk 21 Sep 2010, 03:40
LocoDelAssembly wrote: If that is the full source then yes, you missed "use32" part, fasm by default assembles 16-bit code unless otherwise specified (either with use* or by the format). Hmm. It still didn't work. I loaded the program into ollydbg and searched for one of the opcodes and nothing came up. I never really used olly before so I might be doing something wrong there. Any other ideas? |
|||
21 Sep 2010, 03:40 |
|
LocoDelAssembly 21 Sep 2010, 04:21
You don't need to search for the opcodes, if you correctly changed the entry point, then when you open the executable with olly, it should be pointing to "MOV ECX, 3CB31h" already (or "MOV CX, 0CB31h" followed by garbage if you are still forgetting to use "use32").
What error do you get? Access violation or invalid instruction or what? Could you show what you see in OllyDbg? |
|||
21 Sep 2010, 04:21 |
|
revolution 21 Sep 2010, 08:08
evanejk: Once you get your loop fixed up and working (it is broken as posted above) you will still have to account for the module base. The addresses you are using are relative, not absolute.
|
|||
21 Sep 2010, 08:08 |
|
guignol 21 Sep 2010, 08:48
Sorry, rev, but the search isn't very well in here, what are your works in code obfuscation?
|
|||
21 Sep 2010, 08:48 |
|
Tomasz Grysztar 21 Sep 2010, 09:39
guignol wrote: Sorry, rev, but the search isn't very well in here, what are your works in code obfuscation? |
|||
21 Sep 2010, 09:39 |
|
< Last Thread | Next Thread > |
Forum Rules:
|
Copyright © 1999-2024, Tomasz Grysztar. Also on GitHub, YouTube.
Website powered by rwasa.