Created
September 1, 2015 17:53
-
-
Save jixunmoe/3c87546e3ddabb2506e7 to your computer and use it in GitHub Desktop.
NT88 library in assembly.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
format PE GUI 4.0 DLL | |
entry DllMain | |
include 'win32ax.inc' | |
section '.text' code readable executable | |
; 入口函数 | |
proc DllMain hinstDLL,fdwReason,lpvReserved | |
mov al, 1 | |
ret | |
endp | |
; 读取狗数据 | |
; int NTRead(int address, int endAddress, char* pDataBuffer); | |
proc NTRead address,endAddress,pDataBuffer | |
local oldProtect:DWORD | |
push esi | |
push edi | |
mov ecx, [endAddress] | |
mov esi, [address] | |
sub ecx, esi | |
push ecx | |
mov edi, [pDataBuffer] | |
lea eax, [oldProtect] | |
push eax ; OldProtect | |
push PAGE_READWRITE ; New Protect | |
push ecx ; Size | |
push edi ; Source Address | |
call [VirtualProtect] | |
; 回写数据 | |
mov ecx, [esp] ; pop ecx & push ecx | |
mov esi, _dogData ; 指向模拟狗的数据 | |
add esi, [address] | |
cld | |
rep movsb | |
pop ecx | |
lea eax, [oldProtect] | |
push eax ; OldProtect | |
push [oldProtect] ; New Protect | |
push ecx ; Size | |
sub edi, ecx ; edi 会增加, 所以改回去 | |
push edi ; Source Address | |
call [VirtualProtect] | |
pop edi | |
pop esi | |
xor eax, eax | |
ret | |
endp | |
; 填充用函数 - 3 参数 | |
proc NT3Arg a1, a2, a3 | |
xor eax, eax | |
ret | |
endp | |
; 填充用函数 - 1 参数 | |
proc NT1Arg a1 | |
xor eax, eax | |
ret | |
endp | |
; 填充用函数 - 0 参数 | |
proc NT0Arg | |
xor eax, eax | |
retn | |
endp | |
; 狗数据 | |
section '.data' data readable writeable | |
_dogData db 'azmap09.........-1' | |
; 导入表 | |
section '.idata' import data readable writeable | |
library kernel,'KERNEL32.DLL' | |
import kernel,\ | |
VirtualProtect, 'VirtualProtect' | |
; 导出表 | |
section '.edata' export data readable | |
export 'NT88.DLL',\ | |
NT3Arg,'NT3DESCBCDecrypt',\ | |
NT3Arg,'NT3DESCBCEncrypt',\ | |
NT1Arg,'NTCheckLicense',\ | |
NT1Arg,'NTFindFirst',\ | |
NT1Arg,'NTGetHardwareID',\ | |
NT1Arg,'NTLogin',\ | |
NT0Arg,'NTLogout',\ | |
NTRead,'NTRead',\ | |
NT3Arg,'NTWrite' | |
section '.reloc' fixups data readable discardable |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment