flat assembler
Message board for the users of flat assembler.
![]() |
Author |
|
LocoDelAssembly 20 Sep 2010, 16:25
Code: mov edi, array mov esi, 16 @@: invoke ... stos dword [edi] dec esi jnz @b ; counting mov esi, array mov edi, 16 xor ecx, ecx @@: lods dword [esi] cmp eax, 1 adc ecx, 0 dec edi jnz @b |
|||
![]() |
|
Nameless 20 Sep 2010, 18:06
ty, im gonna try again now
![]() |
|||
![]() |
|
DJ Mauretto 20 Sep 2010, 18:55
Hello
![]() Code: n DD ? Inside_Sandbox: XOR ESI,ESI PUSH 1024*16 PUSH ESI CALL [GetProcessHeap] PUSH EAX CALL [HeapAlloc] MOV EDI,EAX ; EDI = hptr CMP EDI,ESI JNZ .1 XOR EAX,EAX ; Return 0 RET .1: PUSH 1024*16 PUSH 1024 PUSH HEAP_NO_SERIALIZE CALL [HeapCreate] MOV EBX,EAX ; EBX = H_Heap CMP EBX,ESI JNZ .2 XOR EAX,EAX ; Return 0 RET .2: PUSH 2048 PUSH HEAP_ZERO_MEMORY PUSH EBX ; H_Heap CALL [HeapAlloc] MOV [EDI+ESI*4],EAX INC ESI CMP ESI,16 JC .2 XOR ESI,ESI MOV [n],ESI .3: MOV EAX,[EDI+ESI*4] TEST EAX,EAX JNZ .4 INC [n] JMP .5 .4: PUSH EAX PUSH 0 PUSH EBX ; H_Heap CALL [HeapFree] .5: INC ESI CMP ESI,16 JC .3 MOV EAX,[n] TEST EAX,EAX MOV ESI,1 JZ .6 MOV ESI,0 .6: PUSH EBX ; H_Heap CALL [HeapDestroy] PUSH EDI ; hptr PUSH 0 CALL [GetProcessHeap] PUSH EAX CALL [HeapFree] MOV EAX,ESI ; Return 0 or 1 RET _________________ Nil Volentibus Arduum ![]() Last edited by DJ Mauretto on 20 Sep 2010, 19:45; edited 1 time in total |
|||
![]() |
|
windwakr 20 Sep 2010, 19:03
Exactly what type of sandboxing does this test for? When ran in Sandboxie, this doesn't detect it.
Although, detecting Sandboxie is as easy as just calling "GetModuleHandle('SbieDll.dll')" and seeing if a non-zero value was returned. |
|||
![]() |
|
Nameless 21 Sep 2010, 13:29
@windwakr: yea, this works on other ones, like anubis i guess, im trying to port all the anti sandbox codes i have to asm.
anything simple to code and learn from in asm (this one is from the hardest i tried to port) ![]() @DJ Mauretto: thanks alot, im gonna print this code and study it ![]() |
|||
![]() |
|
< Last Thread | Next Thread > |
Forum Rules:
|
Copyright © 1999-2025, Tomasz Grysztar. Also on GitHub, YouTube.
Website powered by rwasa.