public override void Dispose() { ProcessHandle.Dispose(); ProcessHandle = null; SafeMemoryHandle.CloseHandle(ThreadHandle); if (Asm != null) { Asm.Clear(); } Asm = null; base.Dispose(); }
public void ObjectMnemonics() { // Arrange var fasm = new FasmNet(); // Act fasm.AddLine("push eax"); fasm.AddLine("retn"); // Assert Assert.AreEqual(String.Format("push eax{0}retn{0}", Environment.NewLine), fasm.Mnemonics); }
internal static IntPtr InjectAsm(string[] parInstructions, string parPatchName) { if (Asm == null) { Asm = new FasmNet(); } Asm.Clear(); Asm.AddLine("use32"); foreach (var x in parInstructions) { Asm.AddLine(x); } var byteCode = new byte[0]; try { byteCode = Asm.Assemble(); } catch (FasmAssemblerException ex) { MessageBox.Show( $"Error definition: {ex.ErrorCode}; Error code: {(int) ex.ErrorCode}; Error line: {ex.ErrorLine}; Error offset: {ex.ErrorOffset}; Mnemonics: {ex.Mnemonics}"); } var start = Reader.Alloc(byteCode.Length); Asm.Clear(); Asm.AddLine("use32"); foreach (var x in parInstructions) { Asm.AddLine(x); } byteCode = Asm.Assemble(start); HookWardenMemScan.RemoveHack(start); HookWardenMemScan.RemoveHack(parPatchName); var originalBytes = Reader.ReadBytes(start, byteCode.Length); if (parPatchName != "") { var parHack = new Hack(start, byteCode, originalBytes, parPatchName); HookWardenMemScan.AddHack(parHack); parHack.Apply(); } else { Reader.WriteBytes(start, byteCode); } return(start); }
public void ObjectAssembleWithOrigin() { // Arrange var fasm = new FasmNet(); // Act fasm.AddLine("use32"); fasm.AddLine("jmp {0}", 0x2000); var asm = fasm.Assemble(new IntPtr(0x1000)); // Assert CollectionAssert.AreEqual(new byte[] { 0xE9, 0xfb, 0x0f, 0x00, 0x00 }, asm); }
private void AsmExecute(string asm) { // Assemble once to determine size byte[] bytes = FasmNet.Assemble("use32\norg 0x0\n" + asm); IntPtr insertPtr = Allocate((uint)bytes.Length); // Then rebase and inject // Note: you can't use String.Format here because IntPtr is not IFormattable bytes = FasmNet.Assemble("use32\norg 0x" + insertPtr.ToString("X") + "\n" + asm); Kernel32.WriteBytes(Handle, insertPtr, bytes); Execute(insertPtr); Free(insertPtr); }
public byte[] Assemble(string asm, IntPtr baseAddress) { if (!attach) { asm = $"use32\norg {baseAddress}\n" + asm; } else { // Call mono_thread_attach first asm = $"use32\norg {baseAddress}\npush {rootDomain}\ncall {threadAttach}\nadd esp, 4\n" + asm; } return(FasmNet.Assemble(asm)); }
/// <summary> /// Initializes a new instance of the <see cref="ExternalProcessReader"/> class. /// </summary> /// <param name="proc">The proc.</param> /// <remarks>Created 2012-04-24</remarks> public ExternalProcessReader(Process proc) : base(proc) { if (IsProcessOpen) { ThreadHandle = Imports.OpenThread(0x0001F03FF, false, (uint)proc.Threads[0].Id); WindowHandle = Process.MainWindowHandle; Asm = new FasmNet(); } else { throw new Exception("ProcessHandle is invalid or closed, are you sure you did everything right?"); } }
public byte[] Compile(params object[] statements) { var asm = new FasmNet(100000, 100); if (framework == TargetFramework.x86) { asm.AddLine("use32"); } else { asm.AddLine("use64"); } if (statements.Length == 0) { foreach (object op in operations) { if (op.GetType() == typeof(Operation)) { asm.AddLine(((Operation)op).op); } else if (op.GetType() == typeof(string)) { asm.AddLine((string)op); } else { throw new InvalidOperationException("Unsupported object in Compile"); } } return(asm.Assemble(Address)); } foreach (object op in statements) { if (op.GetType() == typeof(Operation)) { asm.AddLine(((Operation)op).op); } else if (op.GetType() == typeof(string)) { asm.AddLine((string)op); } else { throw new InvalidOperationException("Unsupported object in Compile"); } } return(asm.Assemble(Address)); }
public void ObjectAddAndInsertLines() { // Arrange var fasm = new FasmNet(); // Act fasm.AddLine("push eax"); fasm.AddLine("pop {0}", "eax"); fasm.InsertLine(0, "use32"); var asm = fasm.Assemble(); // Assert CollectionAssert.AreEqual(new byte[] { 0x50, 0x58 }, asm); }
public virtual int GenerateStub(WindowsAssembly pE, ProtectionOptions options) { try { FasmNet fasmNet = new FasmNet(memorySize, 10); // if compilcation fails increase memorySize parameter fasmNet.AddLine(Code); generatedStub = fasmNet.Assemble(NextSectionRVA(pE.NtHeaders.OptionalHeader.SectionAlignment, pE.SectionHeaders.Last()) + (uint)pE.NtHeaders.OptionalHeader.ImageBase); return(generatedStub.Length); } catch { } return(-1); }
public static void Jump(IntPtr from, IntPtr to) { byte[] hook = FasmNet.Assemble(new[] { "use32", "org " + from, "jmp " + to }); uint dwOldProtection; Kernel32.VirtualProtect(from, 5, 0x40, out dwOldProtection); Marshal.Copy(hook, 0, from, 5); Kernel32.VirtualProtect(from, 5, dwOldProtection, out dwOldProtection); }
public void Assemble64BitWithArray() { // Arrange var mnemonics = new[] { "use64", "push rax" }; // Act var asm = FasmNet.Assemble(mnemonics); // Assert Assert.AreEqual(0x50, asm[0]); }
/// <summary> /// Makes use of FASM.NET in order to compile the supplied mnemonics. /// </summary> public static void Compile_X86_Mnemonics(byte[] Mnemonics, Socket SocketX) { // Deserialize X86 Mnemonics string[] Mnemonics_X = Client_Functions.Deserialize_x86_ASM_Mnemonics(Mnemonics); try { SocketX.Send(FasmNet.Assemble(Mnemonics_X)); // Try sending assembled data. } catch { SocketX.Send(new byte[1] { (byte)0x90 }); // If assembly was unsuccessful, reply with NOP } }
public Byte[] Assemble(Boolean isProcess32Bit, String assembly, UInt64 baseAddress, out String message, out String innerMessage) { message = "Starting instruction assembly" + Environment.NewLine; innerMessage = String.Empty; if (assembly == null) { message += "No assembly code given" + Environment.NewLine; return(null); } // Add header information about process if (isProcess32Bit) { assembly = String.Format("use32\n" + "org 0x{0:X8}\n", baseAddress) + assembly; } else { assembly = String.Format("use64\n" + "org 0x{0:X16}\n", baseAddress) + assembly; } message += assembly + Environment.NewLine; Byte[] result; try { // Call C++ FASM wrapper which will call the 32-bit FASM library which can assemble all x86/x64 instructions result = FasmNet.Assemble(assembly); message += "Assembled byte results:" + Environment.NewLine; foreach (Byte next in result) { message += next.ToString("X") + " "; } message += Environment.NewLine; } catch (Exception ex) { innerMessage = "Error:" + ex.ToString() + Environment.NewLine; result = null; } return(result); }
internal static IntPtr MakeCodeCave(string[] v) { IntPtr codeCave = Marshal.AllocHGlobal(128); var preamble = new string[] { "use32", "org " + codeCave }; var asm = preamble.Concat(v).ToArray(); byte[] code = FasmNet.Assemble(asm); Marshal.Copy(code, 0, codeCave, code.Length); // Make executable uint dwOldProtection; Kernel32.VirtualProtect(codeCave, (uint)code.Length, 0x40, out dwOldProtection); return(codeCave); }
internal static void Install(HookType hook) { var hookLocation1 = new IntPtr(0x005D53B1); var hookLocation = new IntPtr(0x005D5590); IntPtr codeCave2 = Marshal.AllocHGlobal(4); IntPtr codeCave1 = Marshal.AllocHGlobal(128); byte[] code1 = FasmNet.Assemble(new[] { "use32", "org " + codeCave1, "push esi", "push edi", "mov esi, dword[ebx+0x10]", "mov dword[" + codeCave2 + "],esi", "lea esi, dword[ebx+0x78]", "jmp " + (hookLocation1 + 5) }); Marshal.Copy(code1, 0, codeCave1, code1.Length); HookHelper.Jump(hookLocation1, codeCave1); IntPtr codeCave = Marshal.AllocHGlobal(128); byte[] code = FasmNet.Assemble(new[] { "use32", "org " + codeCave, "push dword [ebp+0x8]", "push dword [" + codeCave2 + "]", "call " + Marshal.GetFunctionPointerForDelegate(hook), "pop edi", "pop esi", "pop ebx", "leave", "retn 8" }); Marshal.Copy(code, 0, codeCave, code.Length); HookHelper.Jump(hookLocation, codeCave); }
public void AssembleFile() { // Arrange const string path = "file.asm"; // Act using (var file = File.CreateText(path)) { file.WriteLine("use32"); file.WriteLine("push eax"); } var asm = FasmNet.AssembleFile(path); File.Delete(path); // Assert Assert.AreEqual(0x50, asm[0]); }
public void Hook() { IntPtr taskPtr = Marshal.AllocCoTaskMem(1024); // var hookedFuncBytes = FasmNet.Assemble(new[] { "use32", "pushad", $"call {this.CallbackAddress - (int)taskPtr}", "popad", "call dword [edx+12]", "pop ebp", "ret 12" }); WinAPI.VirtualProtect(taskPtr, hookedFuncBytes.Length, (int)WinAPI.Protection.PAGE_EXECUTE_READWRITE, out int x); Memory.WriteBytes(taskPtr, hookedFuncBytes); SetJump(taskPtr); }
internal static void Install(HookType hook) { var hookLocation = new IntPtr(0x0A2B2E8); IntPtr codeCave = Marshal.AllocHGlobal(128); byte[] code = FasmNet.Assemble(new[] { "use32", "org " + codeCave, "pushad", "call " + Marshal.GetFunctionPointerForDelegate(hook), "popad", "retn" }); Marshal.Copy(code, 0, codeCave, code.Length); Marshal.WriteIntPtr(hookLocation, codeCave); }
public void AssembleWithError() { // Arrange const string mnemonics = "use32\nretnj"; // Act try { FasmNet.Assemble(mnemonics); Assert.Fail("The above line must throw an error."); } catch (FasmAssemblerException ex) { // Assert Assert.AreEqual(2, ex.ErrorLine, "The error does not indicate the correct line."); Assert.AreEqual(6, ex.ErrorOffset, "The error does not indicate the correct offset."); Assert.AreEqual(FasmErrors.IllegalInstruction, ex.ErrorCode, "The kind of the error was not found."); Assert.AreEqual(mnemonics, ex.Mnemonics); } }
internal static void Install(HookType hook) { var hookLocation = new IntPtr(0x004078E1); IntPtr codeCave = Marshal.AllocHGlobal(128); byte[] code = FasmNet.Assemble(new[] { "use32", "org " + codeCave, "pushad", "push edx", "call " + Marshal.GetFunctionPointerForDelegate(hook), "popad", "call 0x00409880", "jmp " + (hookLocation + 5) }); Marshal.Copy(code, 0, codeCave, code.Length); HookHelper.Jump(hookLocation, codeCave); }
internal static void Install(HookType hook) { var hookLocation = new IntPtr(0x007B25F6); IntPtr codeCave = Marshal.AllocHGlobal(128); byte[] code = FasmNet.Assemble(new[] { "use32", "org " + codeCave, "mov dword[esi+0x88],ecx", "pushad", "push dword[esi+0x2C]", "call " + Marshal.GetFunctionPointerForDelegate(hook), "popad", "jmp " + (hookLocation + 6) }); Marshal.Copy(code, 0, codeCave, code.Length); HookHelper.Jump(hookLocation, codeCave); }
internal static void Install() { var hookLocation = new IntPtr(0x005D2EF1); IntPtr codeCave = Marshal.AllocHGlobal(128); _speedModifierLocation = Marshal.AllocHGlobal(4); byte[] code = FasmNet.Assemble(new[] { "use32", "org " + codeCave, "mov ebx, dword[ecx*0x4+eax]", "mov dword[" + _speedModifierLocation + "], ebx", "test ebx, ebx", "jmp " + (hookLocation + 5) }); Marshal.Copy(code, 0, codeCave, code.Length); HookHelper.Jump(hookLocation, codeCave); }
/// <summary> /// Assembles the received request and sends back information to the client. /// </summary> /// <param name="mnemonics">The assembly code to be assembled.</param> /// <param name="clientSocket">The socket used for communication with the client. which sent the request.</param> private static void Assemble(string[] mnemonics, ReloadedSocket clientSocket) { // Send back empty message struct Message.MessageStruct messageStruct = new Message.MessageStruct { // Client will likely ignore this anyway (but shouldn't). MessageType = ( ushort )MessageTypes.Assemble }; // Try Assembly // Assemble the bytes try { messageStruct.Data = FasmNet.Assemble(mnemonics); } // Failed to Assemble // Return nop on failure. catch { messageStruct.Data = new byte[1] { 0x90 }; } // Return back. clientSocket.SendData(messageStruct, false); }
public void ObjectClear() { // Arrange var fasm = new FasmNet(); // Act fasm.AddLine("retn"); fasm.Clear(); fasm.AddLine("push eax"); fasm.AddLine("pop {0}", "eax"); fasm.InsertLine(0, "use32"); var asm = fasm.Assemble(); // Assert CollectionAssert.AreEqual(new byte[] { 0x50, 0x58 }, asm); }
private byte[] Assemble(string mnemonic, IntPtr baseAddress) { mnemonic = $"use32\norg 0x{(object)baseAddress.ToInt64():X8}\n" + mnemonic; return(FasmNet.Assemble(mnemonic)); }
private static byte[] FasmNETAssemble(string[] source) { return(FasmNet.Assemble(source)); }