Hi friends,
I just started programming (or trying to) in assembler. Could anyone give me an example of how to do the following?
Let's say I have a file called 'john.exe' and I need to look for the following hex string inside it: '3E FF 00 2A'.
How can I do that? I guess I have to open the file first (perhaps with an invoke CreateFile), but then WHAT?
Any help will be much appreciated.
Thanks in advance,
-Peter
I just started programming (or trying to) in assembler. Could anyone give me an example of how to do the following?
Let's say I have a file called 'john.exe' and I need to look for the following hex string inside it: '3E FF 00 2A'.
How can I do that? I guess I have to open the file first (perhaps with an invoke CreateFile), but then WHAT?
Any help will be much appreciated.
Thanks in advance,
-Peter
Read the file using ReadFile. Scan for the hex string you are searching for.
Hi roticv,
Thanks for the answer. The question is, how do I scan for the string?
Thanks once more,
-Peter
Thanks for the answer. The question is, how do I scan for the string?
Thanks once more,
-Peter
You can use the BM search functions in m32lib. I think it is documented in the help file.
The question is, how do I scan for the string?
Read or map the file to memory, load the starting offset of the memory image to EDI and file size to ECX.
Then set ESI to the offset of scanned pattern, e.g. 0x3EFF002A, load the first byte using LODSB and scan the entire file using REPNE SCASB.
When found (ZF=1), temporary save PUSH EAX,ECX,ESI,EDI,
load ECX with pattern size minus one (4-1) and
compare the rest of pattern using REPE CMPSB.
Restore POP EDI,ESI,ECX,EAX and then, if pattern didn't match,
go back to scanning with REPNE SCASB.
Thanks a lot vit$oft, I'll try that.
Greetings,
-Peter
Greetings,
-Peter