[solved] How to make local data in a macro?

Index > Macroinstructions > [solved] How to make local data in a macro?

Author

Thread

zhak

Joined: 12 Apr 2005
Posts: 501
Location: Belarus

zhak 15 Mar 2021, 08:59

I created a macro to encrypt a block of data with RC4.

Code:

macro rc4 block_start, count {
    local K, S, i, j, Si, Sj, Ki, x, y

    K db 0x7c,0x4e,0x03,0x04,0x55,0x05,0x09,0x07,\
         0x2d,0x2c,0x7b,0x38,0x17,0x0d,0x17,0x11

    S rb 256
    repeat 256
        store byte %-1 at S + %-1
    end repeat

    j = 0
    repeat 256
        load Si byte from S + %-1
        load Ki byte from K + (%-1) mod 16
        j = (j + Si + Ki) mod 256
        load Sj byte from S + j
        store byte Si at S + j
        store byte Sj at S + %-1
    end repeat

    i = 0
    j = 0
    repeat count
        i = (i + 1) mod 256
        load Si byte from S + i
        j = (j + Si) mod 256
        load Sj byte from S + j
        store byte Si at S + j
        store byte Sj at S + i
        load y byte from S + (Si + Sj) mod 256
        load x byte from block_start + %-1
        store byte (x xor y) at block_start + %-1
    end repeat

    repeat 16
        store byte 0 at K + %-1
    end repeat
    repeat 256
        store byte 0 at S + %-1
    end repeat
}

    org 0
    
    ; some data
    rc4 $$, 512

Each time the macro executes, it adds 256+16 bytes to the file, which I then erase to zeros in the end. Is there a way to make all computations in memory, so that raw bytes are not added to the file when it executes?

15 Mar 2021, 08:59

revolution
When all else fails, read the source

Joined: 24 Aug 2004
Posts: 20628
Location: In your JS exploiting you and your system

revolution 15 Mar 2021, 09:02

Put the data into a virtual block.

Code:

virtual at 0
 my_data::
  db ...
end virtual
;...
load x from my_data:%-1
;...

15 Mar 2021, 09:02

zhak

Joined: 12 Apr 2005
Posts: 501
Location: Belarus

zhak 15 Mar 2021, 10:10

Worked like a charm! Thanks!

15 Mar 2021, 10:10

Roman

Joined: 21 Apr 2012
Posts: 1939

Roman 15 Mar 2021, 14:56

Code:

Start:
     sub  rsp,8
     virtual at 0
 my_data  dd 88
end virtual
    mov eax,[my_data]

IDA Pro 64 bit show:
sub rsp,8
mov eax,cs:0 !!!
But fasmw 1.73 compile fine.

15 Mar 2021, 14:56

revolution
When all else fails, read the source

Joined: 24 Aug 2004
Posts: 20628
Location: In your JS exploiting you and your system

revolution 15 Mar 2021, 15:15

Roman wrote:

Code:
Start:
     sub  rsp,8
     virtual at 0
 my_data  dd 88
end virtual
    mov eax,[my_data] 
    
IDA Pro 64 bit show:
sub rsp,8
mov eax,cs:0 !!!
But fasmw 1.73 compile fine.

Yes. RIP addressing is via CS.

Your code it the same as:

Code:

use64
sub rsp,8
mov eax,[0]

15 Mar 2021, 15:15

Roman

Joined: 21 Apr 2012
Posts: 1939

Roman 15 Mar 2021, 15:24

my_data dd 88

But how in my case get mov eax,[my_data] ?
And eax = 88

PS: I like virtual data because could write data in code ! Some time its very handfull.

15 Mar 2021, 15:24

revolution
When all else fails, read the source

Joined: 24 Aug 2004
Posts: 20628
Location: In your JS exploiting you and your system

revolution 15 Mar 2021, 16:47

You can't get virtual data at runtime. The data only exists in the assembler memory.

If you want the data to exist in the code then you just eliminate the virtual block:

Code:

use64
my_data dd 88 ; <--- real data put into the output
start:
 mov eax,[my_data]

15 Mar 2021, 16:47

< Last Thread | Next Thread >

Forum Rules:

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum