API tools faq
paste
can1456

Untitled

can1456
Dec 20th, 2015
36
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
ASM (NASM) 2.46 KB | None | 0 0
raw download clone embed print report
  1. LABEL Main
  2.     #check if being debugged
  3.     fastcall IsBeingDebugged
  4.     printf 'IsProcessDebugged --> %d|n', retval
  5.     mov b, retval           #retval = alias for a
  6.     getfs 0x30              # retval = &PEB
  7.     #typedef struct _PEB {
  8.     # BYTE                          Reserved1[2];
  9.     # BYTE                          BeingDebugged;
  10.     # ..
  11.     #}
  12.     add retval, 2
  13.     mov a8l, [retval]
  14.     movx a, a8l
  15.     printf 'FS:[0x30]+0x2 --> %d|n', a
  16.     or a, b
  17.     jcc e, ERR_DEBUG, a, 1 # on condition, a and b are => e=equal, jmp to ERR_DEBUG, [for other conditions google x86 intel JCC]
  18.  
  19.     #get 2 numbers from user
  20.    
  21.     fastcall AskForNumber, 1
  22.     movf b, retval        
  23.  
  24.     fastcall AskForNumber, 2
  25.     movf c, retval
  26.  
  27.     movf dst, b
  28.     add dst, c
  29.     printf '%d+%d=%d|n|n', b, c, dst
  30.     jmp endNormal
  31.    
  32.     LABEL ERR_DEBUG
  33.     printf 'Dont debug me :('
  34.     xor dst, dst
  35.  
  36.     LABEL endNormal
  37.     ret dst
  38. ENDLABEL
  39.  
  40. LABEL IsBeingDebugged
  41.     GetProcAddress KERNEL32, IsDebuggerPresent
  42.     jmp32 retval
  43. ENDLABEL
  44.  
  45. LABEL AskForNumber # DWORD AskForNumber(int NumberNo)
  46.     printf 'Number %d:', c
  47.     push 0x0            # push 0 to stack
  48.     movf a, stack           #a = pointer to current stack value (0x0)
  49.     scanf '%d', a
  50.     pop retval          #retval = value from stack & stack poped
  51.     ret             #we dont need to retfull X, since retval is already set by us
  52. ENDLABEL
  53.  
  54. # --- What This Code Demonstrates --- #
  55. #
  56. # nonvolatile registers, SRC, DST, BASE, STACK, B
  57. # volatile registers = A, C & D
  58. #
  59. # default way of calling Canthon functons is -->__fastcall
  60. # but it doesnt use stack so only the first 2 arguements
  61. # from left to right are passed in ECX(C) and EDX(D) registers;
  62. # all other arguments are IGNORED. fastcall function, ARG1, ARG2
  63. #
  64. # endlabel is not a real instruction, but Canthon ignores unknown commands
  65. #
  66. # you cant use STACK in default function calls since stack is used for saving registers
  67. # A (retval) on functions where its not useful(ex:printf), or BASE which is used for storing function pointers in extern calls.
  68. #
  69. # inline asm = _asm
  70. #
  71. # jmp, call, fastcall can be used on labels
  72. # jmp32, call32, fastcall32 can be used on registers and direct values.
  73.  
  74. # you can use "fastcall StdcallFunction thisptr, 0, Arg1, Arg2, Arg3"
  75. # to call a stdcall function
  76.  
  77. # or "fastcall CdeclFunction thisptr, 0, Arg1, Arg2, Arg3"
  78. # & "add stack, 0xC"
  79. # to call a cdecl function
  80.  
  81. # |n = new line (\n)
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!