I use .Data to store all my strings and such..
Is there a way to create strings on the fly??
for example the string OLLYDBG
mov eax , 1001100 1001100 1011001 1000100 1000010 1000111 ; binary representation.... I know this wont work
How can I move the binary represenation into a register??
Afterwards... Convert it to hex ( 4F4C4C59444247h ) then to ascii (79767689686671)... Then into string
aftwards just show it in a messagebox....
I just need some hints or whatnot to point me into the right direction... Im doing this so I dont have to have visible strings right away in Ollydbg or any debugger :)
Is there a way to create strings on the fly??
for example the string OLLYDBG
mov eax , 1001100 1001100 1011001 1000100 1000010 1000111 ; binary representation.... I know this wont work
How can I move the binary represenation into a register??
Afterwards... Convert it to hex ( 4F4C4C59444247h ) then to ascii (79767689686671)... Then into string
aftwards just show it in a messagebox....
I just need some hints or whatnot to point me into the right direction... Im doing this so I dont have to have visible strings right away in Ollydbg or any debugger :)
The extended registers are 32-bit registers.
The value 4F4C4C59444247h is greater than 32-bits
You'd need to transfer the data to a byte array.
Do some searching in the forum, I'm sure you'll find what you're looking for.
The value 4F4C4C59444247h is greater than 32-bits
You'd need to transfer the data to a byte array.
Do some searching in the forum, I'm sure you'll find what you're looking for.
mov eax, 010101010b
;)
;)
Try this:
You could avoid the "bswap" instructions by loading the EAX register with the characters in reverse order. However, your source code would not be as legible and prone to mistakes.
Raymond
.data
txtbuf db 32 dup(0)
.code
mov edi,offset txtbuf
mov eax,"OLLY" ;4 characters at a time
bswap eax
stosd
mov eax,"DBG " ;pad last characters with tailing spaces if necessary
bswap eax
stosd
xor eax,eax
stosb
invoke MessageBox,0,ADDR txtbuf,0,MB_OK
invoke ExitProcess
You could avoid the "bswap" instructions by loading the EAX register with the characters in reverse order. However, your source code would not be as legible and prone to mistakes.
Raymond
THAT Worked PERFECTLY!!! wow thanks alot :) but other than I was looking for byte arrays examples but couldn't find any.... Is there anyway you can point me to some examples ??
Also I before encrypted the strings with rc6fish....and To still be able to do that I would have to? encrypt the txtbuff at runtime then?
Then decrypt it after when I need to use it?
invoke FindWindow, ADDR txtbuf,NULL
? ? ? ? ? ? ? cmp eax,00000000h
? ?
? ?
? ?.if eax!= 0
? ?
invoke MessageBox,0,ADDR txtbuf,0,MB_OK
? ?
? ?.else
? invoke ExitProcess,0
? ?
? .endif
Ok problem is without the space next to "DBG" only the OLLY will be generated... BUt the classname is OLLYDBG no space.....
Also I before encrypted the strings with rc6fish....and To still be able to do that I would have to? encrypt the txtbuff at runtime then?
Then decrypt it after when I need to use it?
invoke FindWindow, ADDR txtbuf,NULL
? ? ? ? ? ? ? cmp eax,00000000h
? ?
? ?
? ?.if eax!= 0
? ?
invoke MessageBox,0,ADDR txtbuf,0,MB_OK
? ?
? ?.else
? invoke ExitProcess,0
? ?
? .endif
Ok problem is without the space next to "DBG" only the OLLY will be generated... BUt the classname is OLLYDBG no space.....
Functions dealing with strings "generally" expect the string to be null terminated, otherwise they have an argument specifying the length of the string.
Regards,
Darrel
Regards,
Darrel
When you use the Messagebox function it is supplied with a null terminated string:
DisplayString BYTE "This is displayed in MessageBox.",0? ? ? ? ?;32 Bytes not counting 0 termination
invoke MessageBox,0,ADDR DisplayString,0,MB_OK
using the WriteFile function:
invoke WriteFile,hFile,ADDR DisplayString,32,ADDR NumBytesWritten,NULL
other functions require either the length of the string or a -1 for a null terminated string I believe MultiByteToWideChar is an appropriate example
Regards,
Darrel
DisplayString BYTE "This is displayed in MessageBox.",0? ? ? ? ?;32 Bytes not counting 0 termination
invoke MessageBox,0,ADDR DisplayString,0,MB_OK
using the WriteFile function:
invoke WriteFile,hFile,ADDR DisplayString,32,ADDR NumBytesWritten,NULL
other functions require either the length of the string or a -1 for a null terminated string I believe MultiByteToWideChar is an appropriate example
Regards,
Darrel
Here is one way to embed txt in the .code section by placing it on the stack.
http://www.masmforum.com/simple/index.php?topic=2431.0
Ther are multiple postings in this thread so there is no point duplicating it here but it is a useful method.
http://www.masmforum.com/simple/index.php?topic=2431.0
Ther are multiple postings in this thread so there is no point duplicating it here but it is a useful method.
shism2, what's the point? But constructing the strings runtime, your program will be larger and slower. It might offer protection from people who have just learned to use a hex editor, but not people who have a little experience.
Ok problem is without the space next to "DBG" only the OLLY will be generated... BUt the classname is OLLYDBG no space.....
With an instruction such as mov eax,"DBG" (i.e. without the trailing space filler), it would load EAX with:
00444247h
With the bswap instruction, it would result in:
47424400h
When that is stored in memory in "little-endian" fashion, it would look like the following hex numbers at consecutive memory addresses:
00 44 42 47
and have the effect of inserting a terminating 0 immediately after the previous partial string.
(As an exercise to better understand the underlying principal, do the same as above with the space filler.)
If the trailing space filler(s) is a problem, adjust the pointer accordingly before inserting the terminating 0 separately.
;after storing your last partial string with space fillers
sub edi,X ;replace X with the number of space fillers
xor eax,eax
stosbRaymond
with macros one can do wonderful things!
.const
?RandcSeed = @CatStr(@SubStr(<%@Time>,1,2),@SubStr(<%@Time>,4,2),@SubStr(<%@Time>,7,2))
?Randc macro Range
local __Result
; Xn = (aXn-1 + b) mod m
?RandcSeed = ((?RandcSeed*54321)+12345) MOD 31337; am i 31337 or what :)
__Result textequ @CatStr(%(?RandcSeed mod Range))
exitm __Result
endm
; EAX=STRING, USES EDX,ECX
UnHideString macro qtext:req,buffreg:req
LOCAL i,k,xc,sym,txt,@dec
.data
sym label byte
i = @SizeStr(qtext)
i = i - 2
db i
xc = ?Randc(0FFh)
txt textequ @SubStr(qtext,2,i)
%FORC j, <txt>
db ("&j" xor xc)
endm
db 0
.code
mov eax,offset sym
movzx ecx,byte ptr
inc eax
mov ,ch
jmp @dec
.repeat
mov dl,
xor dl,xc
mov ,dl
@dec:
dec ecx
.until sign?
endm
.code
start:
sub esp,40h
mov edi,esp
UnHideString "OLLYDBG XORED",edi
invoke MessageBox,0,edi,0,0
xor eax,eax
mov ecx,40h/4
rep stosd
mov esp,edi
invoke ExitProcess,eax
end start