flat assembler
Message board for the users of flat assembler.

Index > Windows > run code in resource table.

Author
Thread Post new topic Reply to topic
typedef



Joined: 25 Jul 2010
Posts: 2909
Location: 0x77760000
typedef 30 Jul 2011, 06:18
attached herewith are the files 'res.inc' the main file and the text resource file containing the extra code.
this program demos how to hide and run code in a resource table. the code can be encrypted also prior to compilation.

enjoy! xD


Description:
Download
Filename: MessageBoxA.txt
Filesize: 7 Bytes
Downloaded: 200 Time(s)

Description:
Download
Filename: RES.ASM
Filesize: 1.25 KB
Downloaded: 197 Time(s)

Post 30 Jul 2011, 06:18
View user's profile Send private message Reply with quote
typedef



Joined: 25 Jul 2010
Posts: 2909
Location: 0x77760000
typedef 30 Jul 2011, 06:26
oh. it says hello world from html because the resource file was an html file but i couldn't upload it here so i just changed it to a text file
Post 30 Jul 2011, 06:26
View user's profile Send private message Reply with quote
Enko



Joined: 03 Apr 2007
Posts: 676
Location: Mar del Plata
Enko 30 Jul 2011, 06:34
An interesting trick could be added so its looks more like a resource html file.

The firsts bytes of the html file should be '<!--' and then goes executable code (so the jmp should be eax + 4.
After the executable code, add '-->' and then some html page.

So if someone extracts the resource, and opens it with IE, Firefox, etc... it will look like a real html file, becouse the executable code will be as a html comment.

of course, if someone looks inside the html, its obvious.
Post 30 Jul 2011, 06:34
View user's profile Send private message Reply with quote
typedef



Joined: 25 Jul 2010
Posts: 2909
Location: 0x77760000
typedef 30 Jul 2011, 07:07
yeah
sounds cool..
but the drawback is once 1 byte is changed equals disaster. i guess one would have to use encryption then and use some kind of dynamic data checksum algo.
Post 30 Jul 2011, 07:07
View user's profile Send private message Reply with quote
sinsi



Joined: 10 Aug 2007
Posts: 789
Location: Adelaide
sinsi 30 Jul 2011, 07:26
Hard coding the address of MessageBox could be a problem, also with DEP enabled for all files does this pass?
Post 30 Jul 2011, 07:26
View user's profile Send private message Reply with quote
typedef



Joined: 25 Jul 2010
Posts: 2909
Location: 0x77760000
typedef 30 Jul 2011, 18:23
^on my XP H.E SP3 it works but i haven't tried vista and WIN7.
Post 30 Jul 2011, 18:23
View user's profile Send private message Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2024, Tomasz Grysztar. Also on GitHub, YouTube.

Website powered by rwasa.