hossa,

i found a source made by zombie to scan for a registry key.
ok i dont understand the function but i like to use it ,dont know if its lame if i like to use something i dont know how it works.
what i know is that i realy like to see this function in my tool ,its much faster then windows regedit scan.

also im shure if i spend more time on this i would understand it ,but i learn asm in my free time and im unable to learn all i like in this short time.

so im "crying" for help :-)
i like to use the source without dosbox and like to insert the search result in a listbox ,thats not so hard.
my problem is that i dont know what happend to the searched keyname when the tool executes.

you must start it like : regscan NAMETOSEARCH

so the name comes from the comandline and i dont understand in what form....edi ,esi....???

lets say i have a editfield and in this i like to insert the name of the key to search for ,i try to use this value as edi ,esi but i never get a result.

what happend to the name here :

getcmdline: pusha

callW GetCommandLineA
xchg esi, eax <-- for this i thing its esi but.....

mov argc, 0

lea edx, argv0
call getargv
lea edx, argv1
call getargv
lea edx, argv2
call getargv
lea edx, argv3 <------- whats this all ??
call getargv <------- whats this all ??

popa
retn

getargv: mov edi, edx

__1: lodsb
cmp al, 0
je __2
cmp al, 32
je __1
cmp al, 9
je __1
__2: dec esi

__3: lodsb
stosb
cmp al, 32
je __4
cmp al, 9
je __4
cmp al, 0
jne __3
__4: dec esi

sub , al

cmp byte ptr , 0
setne al
movzx eax, al
add argc, eax

retn

i attched the source code for tasm.

if you think im not worth to help because i coded a trojan ,think about this :
1. the trojan never worked as real trojan ,only demonstration
2.if i never code this i would never know how a trojan work and how i can protect myself.
3.i can speak about what i code and have no problem to say that i coded a trojan ,whats better someone who say this public or somone who code trojans and dont say it.
all i actual know is in my security tool...i asked months ago if someone like to code with me on the security tool and i post a preversion of it ,so im telling the true !
and its not finished because im a newbie :-)

so be a nice coder and help a lazy newbie ,thanks
Posted on 2002-03-02 01:58:27 by Max
From the code I have seen from zombie, it is not beginer code - maybe you should try to understand something less convoluted first and then work your way to zombie's code. All this assuming you must find a way to use/understand his code.
Posted on 2002-03-02 02:25:26 by bitRAKE
hossa

thanks for the answer :)
i understand the way the source works ,but im unable to read all correct because i dont know all or better say enough about asm.

i think after calling the exe the function i dont understand create the name to search for.
so i think first it "copy" the user input to a buffer...esi
but when i get the string from the editfield and make lstrcpy esi,offset buffer
i got endless search.

so i ask if some can explain me what happend in the function exactly - i dont want that you code it for me :)
Posted on 2002-03-02 05:45:36 by Max
Hi Max,

Because zombie is a "non standard" Russian master of the size optimized and SMC code my advice is:

- get a good debugger (as SI or TRW2000)
- play with code in the low level
- try to understand and rewrite his code with your non optimized code
Posted on 2002-03-03 00:33:38 by buliaNaza
hossa,

thanks for the answer :)
i start yesterday coding the function with was i know.
today the function is much bigger ,slower and at last im not finish with all keys.

when i see first the source i think im on the wrong place !

if i can learn coding like this ,i dont want code other ways.
im shure its hard and a long way to learn it.
buts very interresting to see.

most masm source i have uses as example:

.if eax==

.else

.endif

and so on.....

if i look in tasm the coder used:

cmp eax,0
je = if equal
jnz ......

what makes the same but need not much chars and if u look at the source its maybe not so easy to read for a beginner.....because all know "if" "and" "or" "else" from basic :-)

do you or another reader know more about :
size optimized and SMC code ????

i mean examples ,tutorials ,help .....
any text about this would help :)

and why are most russian coders top asm coders ?
is it because in europe and usa they have much money and then they shop delphi or stuff like it and in russia they have not much and start with asm ?

i wounder why most asm coders ,i know from homepages ,are from russia ,bulgaria ,romania .......

i know its off toppic but i like to ask :-)
Posted on 2002-03-03 02:04:32 by Max
I do not know why TASM coders do NOT use "standard" MASM HLL constructs, they sure can do, i use:
.IF .ELSEIF .ELSE .ENDIF
or PROC STDCALL , ARG, LOCALS etc
quite a lot in the logical parts of my programs... i mean where optimization is not very important but clarity is but it looks like i am a "rara avis"

I guess TASM is still mostly used by advanced VX coders a lot and they do not care for readabilty (esp for beginners as advanced users can still read their code with ease) but they care for size and speed more...

However there are some (like me) that use TASM for big applications because its speed at compiling... definitivelt TASM is for advanced old guys, i suggest you try and find MASM sourcecode for your examples if you are a beginner :)

Size optimization is not quite as fast today, scalar micro processors like many simple operations better than a single (small) one because they can break and manage the many ones much better and each internal unit can eventually execute each opcode at the same time making code faster (but not allways smaller)

I am from Romania but i gues Hutch, Hiro,Iczelion and many others are not.

Old eastern countrys have had a comunist system allmost until 10 yerars before so we naturally have something against "systems" we natively try to go underground, i guess things will change as (if ever) we get to trust systems again.

I guess we have PCs that are a little slower that the ones you (western ppl) use so we try to make the best out of them... also we have much smaller money available to buy Delphi/VStudio/etc licences...

IMHO whatever PC one has he should try to get each drop of computing power out of it.

Do not get me wrong here (Romania i mean) are many HLL programmers as well using C++/MFC or VB of Acces or .NET or VisualFoxPro... but we use that for our jobs where we are forced to do so by the market trend and not by our inner belief...

My soul is with ASM forever :)
Posted on 2002-03-03 02:49:28 by BogdanOntanu