Auto Assembler - Example 1
Let's look at that the following example.
define(someValue, (int)100) alloc(someMemory, 512) label(someCode) label(someData) registerSymbol(someMemory) registerSymbol(someData) someMemory: someCode: mov eax,[00400000] mov [someData],eax mov [someData+4],123 mov [someData+8],$123 mov [someData+C],#123 mov [someData+10],(int)123 mov [someData+14],(float)123 mov [someData+18],someValue mov [someData+1C],'Hey!' mov byte ptr [someData+20],0 ret someData: createThread(someCode) // End of script
So let's brack this script down.
define(someValue, (int)100)
- define
- This allows use to define a constant of sorts.
- someValue
- This will be the name or symbol, so any where this name is used it will be replaced with the value.
- (int)100
- This is the value, here tell it that the value is 100 in decimal (base 10) format (by default all numbers are hexadecimal).
alloc(someMemory, 512)
- alloc
- This allocates memory in the attached process.
- someMemory
- This will be the name or symbol, it can be used as an address.
- 512
- This is the number of bytes to be allocated in decimal format, so we are allocating 512 bytes, this is one of the few places that a number is seen as decimal by default.
label(someCode)
- label
- This allows us to declare a label of a location, but we will still need to place the label to assign it to an address in memory.
- someCode
- This will be the name or symbol of the label.
- label(someData)
- Same as before just with the symbol 'someData'.
registerSymbol(someMemory)
- registerSymbol
- This allow use to register (add a symbol to the user defined symbols list), this will allow use to use the symbol in other scripts and in the address list.
- someMemory
- This is the symbol to be registered.
- registerSymbol(someData)
- Same as before just with the symbol 'someData'.
- someMemory:
- This tells auto assembler to start assembling at where 'someMemory' was allocated.
- someCode:
- This is how we place the label (assign it's address), here we place it at the start of the assembled memory. This is not needed, 'someMemory' will be the same address as 'someCode'.
mov eax,[00400000]
- mov
- This is assembly, it allows use to move or assign a value to anther location. Here we are moving the value at the address of '00400000'.
- eax
- This is the destination operand, this is where the value will be moved to, here we are moving the value to the EAX register.
- [00400000]
- This is the source operand, this is where the value will come from, here we are moving the value at the address of '00400000'. The square brackets ('[', ']') designates that we want to use the value of an address.
- mov [someData+4],123
- Same as before except that we are moving the value '123' in hex to the address of 'someData+4'.
- mov [someData+8],$123
- Same as before except that we are moving the value '123' in hex, denoted by the '$', to the address of 'someData+8'.
- mov [someData+C],#123
- Same as before except that we are moving the value '123' in decimal, denoted by the '#', to the address of 'someData+C'.
- mov [someData+10],(int)123
- Same as before except that we are moving the value '123' in decimal, denoted by '(int)', to the address of 'someData+10'.
- mov [someData+14],(float)123
- Same as before except that we are moving the value '123' as a float, denoted by '(float)', to the address of 'someData+14'.
- mov [someData+18],someValue
- Same as before except that we are moving the value of the symbol 'someValue' to the address of 'someData+18'.
- mov [someData+1C],'Hey!'
- Same as before except that we are moving the value of a string 'Hey!', denoted by the quotations (both single and double work), to the address of 'someData+20'.
- mov byte ptr [someData+20],0
- Same as before except that we are moving a single byte of zero, denoted by 'byte ptr', to the address of 'someData+20'. This is to add a null character to the end of the string.
- someData:
- This is how we place the label (assign it's address), and here we place it at the end of the assembled memory.
createThread(someCode)
- createThread
- This allows us to create a thread in the attached process, and CALLs the given address or symbol. A ret is required to release the thread.
- someCode
- This is the address or symbol to call with the created thread.
- // End of script
- This is a comment, denoted by the '//', they are not interpreted or executed.
This is how the script is assembled in the process's memory.
someMemory - A1 00004000 - mov eax,[00400000] : [00905A4D] 00200005 - A3 5B002000 - mov [someData],eax : [77] 0020000A - C7 05 5F002000 23010000 - mov [0020005F],00000123 : [35] 00200014 - C7 05 63002000 23010000 - mov [00200063],00000123 : [35] 0020001E - C7 05 67002000 7B000000 - mov [00200067],0000007B : [123] 00200028 - C7 05 6B002000 7B000000 - mov [0020006B],0000007B : [123] 00200032 - C7 05 6F002000 0000F642 - mov [0020006F],42F60000 : [0] 0020003C - C7 05 73002000 64000000 - mov [00200073],00000064 : [100] 00200046 - C7 05 77002000 48657921 - mov [00200077],21796548 : ["Hey!"] 00200050 - C7 05 7B002000 00000000 - mov [0020007B],00000000 : [0] 0020005A - C3 - ret someData - 4D 5A 90 00 someData+4 - 23 01 00 00 someData+8 - 23 01 00 00 someData+C - 7B 00 00 00 someData+10 - 7B 00 00 00 someData+14 - 00 00 F6 42 someData+18 - 64 00 00 00 someData+1C - 48 65 79 21 someData+20 - 00 00 00 00
You can add the addresses for someData manually, see How to add addresses to the address list for details.
Or you can just copy the XML code below and paste it in the address list of a table to add the addresses for 'someData'.
<?xml version="1.0" encoding="utf-8"?> <CheatTable> <CheatEntries> <CheatEntry> <ID>0</ID> <Description>"someMemory"</Description> <LastState Value="" RealAddress="00000000"/> <VariableType>Array of byte</VariableType> <ByteLength>0</ByteLength> <Address>someMemory</Address> </CheatEntry> <CheatEntry> <ID>1</ID> <Description>"someData"</Description> <ShowAsHex>1</ShowAsHex> <VariableType>Array of byte</VariableType> <ByteLength>4</ByteLength> <Address>someData</Address> </CheatEntry> <CheatEntry> <ID>5</ID> <Description>"someData+4"</Description> <VariableType>4 Bytes</VariableType> <Address>someData+4</Address> </CheatEntry> <CheatEntry> <ID>4</ID> <Description>"someData+8"</Description> <VariableType>4 Bytes</VariableType> <Address>someData+8</Address> </CheatEntry> <CheatEntry> <ID>3</ID> <Description>"someData+C"</Description> <VariableType>4 Bytes</VariableType> <Address>someData+C</Address> </CheatEntry> <CheatEntry> <ID>2</ID> <Description>"someData+10"</Description> <VariableType>4 Bytes</VariableType> <Address>someData+10</Address> </CheatEntry> <CheatEntry> <ID>6</ID> <Description>"someData+14"</Description> <VariableType>Float</VariableType> <Address>someData+14</Address> </CheatEntry> <CheatEntry> <ID>7</ID> <Description>"someData+18"</Description> <VariableType>4 Bytes</VariableType> <Address>someData+18</Address> </CheatEntry> <CheatEntry> <ID>8</ID> <Description>"someData+1C"</Description> <VariableType>String</VariableType> <Length>60</Length> <Unicode>0</Unicode> <ZeroTerminate>1</ZeroTerminate> <Address>someData+1C</Address> </CheatEntry> </CheatEntries> </CheatTable>
If you execute the script and add the address to the address list, you should see some thing like this.
See also
- Assembler
- Assembler Commands
- Auto Assembler
- Auto Assembler Templates
- Code Injection Basic
- Code Injection Full