flat assembler
Message board for the users of flat assembler.

Index > Macroinstructions > Who can write this? Copy target .exe resdata...

Author
Thread Post new topic Reply to topic
dead_body



Joined: 21 Sep 2005
Posts: 187
Location: Ukraine,Kharkov
dead_body
Need macros something like this:

CopyResData 'target.exe'

It will copies target *.ico and versioninfo. So in properties of exe, they look equal. Think this macro will be very useful. Smile
Who can write such?
Post 12 Aug 2007, 21:18
View user's profile Send private message Reply with quote
vid
Verbosity in development


Joined: 05 Sep 2003
Posts: 7105
Location: Slovakia
vid
very useful? for what?

i wouldn't use macro for this, i would use separate tool. i know, that is not very FASMy way, but at least you don't have to write EVERYTHING from scratch (like these macros)
Post 12 Aug 2007, 22:52
View user's profile Send private message Visit poster's website AIM Address MSN Messenger ICQ Number Reply with quote
dead_body



Joined: 21 Sep 2005
Posts: 187
Location: Ukraine,Kharkov
dead_body
simply, i writes a trojan. It holds in body another exe. And runs it from memory. I am too lazy to change evety time version strings and with hands get *.ico and put into my program. I would like that fasm do it. Smile

If nobody wish to write, please give documents about PE. Then I will write it and put here. Need tutors about ".rsrc" section. In which format and etc.
Post 13 Aug 2007, 00:49
View user's profile Send private message Reply with quote
f0dder



Joined: 19 Feb 2004
Posts: 3170
Location: Denmark
f0dder
Idiot.
Post 13 Aug 2007, 08:28
View user's profile Send private message Visit poster's website Reply with quote
vid
Verbosity in development


Joined: 05 Sep 2003
Posts: 7105
Location: Slovakia
vid
writing trojans is not really the best way to make this world better place Wink

about PE: I think microsoft has official PE documentation somewhere on MSDN. Look for it.
Post 13 Aug 2007, 10:21
View user's profile Send private message Visit poster's website AIM Address MSN Messenger ICQ Number Reply with quote
Madis731



Joined: 25 Sep 2003
Posts: 2141
Location: Estonia
Madis731
Hasn't PE already been discussed on these board. I think there are many topics. PE from scratch, PE format, blah....
Post 13 Aug 2007, 11:12
View user's profile Send private message Visit poster's website Yahoo Messenger MSN Messenger Reply with quote
dead_body



Joined: 21 Sep 2005
Posts: 187
Location: Ukraine,Kharkov
dead_body
documentation found. Today in evening\tommorow will post macros.
Post 13 Aug 2007, 11:59
View user's profile Send private message Reply with quote
dead_body



Joined: 21 Sep 2005
Posts: 187
Location: Ukraine,Kharkov
dead_body
Ouh... i don't know how to copy *.ico data from virtual directive to my code.
In cycle store\load?
But there can be many icons in section. For example I have:
Code:
virtual at 0
 ...
 b = ico_data_offset
 c = ico_data_size
end virtual
here_needs_that_data:
    


how can I store to label "here_needs_that_data" data from "virtual"?
Post 13 Aug 2007, 17:39
View user's profile Send private message Reply with quote
vid
Verbosity in development


Joined: 05 Sep 2003
Posts: 7105
Location: Slovakia
vid
dead_body: no way to do it just with assembly-time features.
Post 13 Aug 2007, 17:55
View user's profile Send private message Visit poster's website AIM Address MSN Messenger ICQ Number Reply with quote
MichaelH



Joined: 03 May 2005
Posts: 402
MichaelH
Quote:

dead_body: no way to do it just with assembly-time features


Fasm's assembly-time features are all powerful, anything can be achieved ..... however they lack the ability to electrocute trojan writer Sad
Post 13 Aug 2007, 21:34
View user's profile Send private message Reply with quote
MHajduk



Joined: 30 Mar 2006
Posts: 6034
Location: Poland
MHajduk
dead_body wrote:
Ouh... i don't know how to copy *.ico data from virtual directive to my code.
In cycle store\load?
But there can be many icons in section. For example I have:
Code:
virtual at 0
 ...
 b = ico_data_offset
 c = ico_data_size
end virtual
here_needs_that_data:
    


how can I store to label "here_needs_that_data" data from "virtual"?
This code makes what you want:
Code:
format PE GUI 4.0
entry start

section '.code' readable executable

        start:

                virtual at 0

                        ;
                        ; Compiled code begin.
                        ;

                        inc eax
                        inc ebx

                        ;
                        ; Compiled code end.
                        ;

                        db 100-$ dup (90h)        ; Padding to 100 bytes.

                        ; Definition of 100 constants a1, a2, ..., a100
                        ; which contain bytes of previously compiled code.
                        ;
                        rept 100 counter
                        {
                                load a#counter byte from counter-1
                        }

                        ; Definition of macro 'CopyBlock' which pastes
                        ; every bytes of code compiled in 'virtual'.
                        ;
                        macro CopyBlock
                        {
                                rept 100 counter
                                \{
                                        db a\#counter
                                \}
                        }

                end virtual

        here_needs_that_data:

                ; Include compiled code fragment.
                ;
                CopyBlock

                ret

section '.data' readable writeable

        ; Include compiled code fragment as data.
        ;
        CopyBlock    
Maybe there are simplier and more elegant ways to do that, but now I don't see them. Smile
Post 14 Aug 2007, 13:25
View user's profile Send private message Visit poster's website Reply with quote
dead_body



Joined: 21 Sep 2005
Posts: 187
Location: Ukraine,Kharkov
dead_body
thanks...

i think about this way. With such way, macro code will be very large. One *.exe can hold many icons with different size. Maro becomes not "easy"...
Post 14 Aug 2007, 18:49
View user's profile Send private message Reply with quote
Blid



Joined: 19 Apr 2007
Posts: 31
Location: Russia, Novorossysk
Blid
dead_body,if you want "It holds in body another exe", try usual infection of PE
format. Why not ?
Post 18 Aug 2007, 17:02
View user's profile Send private message Reply with quote
dead_body



Joined: 21 Sep 2005
Posts: 187
Location: Ukraine,Kharkov
dead_body
antiviruses... i am writing not virus. A trojan Wink
It must be invisible. So i use "Run File From Memory" method. Infects *.exe it is an old method. And i don't want to fight with antiviruses.
Post 20 Aug 2007, 09:24
View user's profile Send private message Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2020, Tomasz Grysztar.

Powered by rwasa.