/// <summary> /// Executes an x86 Instruction to call the specified Library/API Ordinal with the specified arguments /// </summary> /// <param name="apiOrdinal"></param> /// <param name="apiArguments"></param> protected void ExecuteApiTest(ushort apiOrdinal, IEnumerable <ushort> apiArguments) { mbbsEmuMemoryCore.AddSegment(STACK_SEGMENT); //Create a new CODE Segment with a //simple ASM call for CALL FAR librarySegment:apiOrdinal var apiTestCodeSegment = new Segment { Ordinal = CODE_SEGMENT, Data = new byte[] { 0x9A, (byte)(apiOrdinal & 0xFF), (byte)(apiOrdinal >> 8), (byte)(LIBRARY_SEGMENT & 0xFF), (byte)(LIBRARY_SEGMENT >> 8), }, Flag = (ushort)EnumSegmentFlags.Code }; mbbsEmuMemoryCore.AddSegment(apiTestCodeSegment); //Push Arguments to Stack foreach (var a in apiArguments.Reverse()) { mbbsEmuCpuCore.Push(a); } //Process Instruction, e.g. call the method mbbsEmuCpuCore.Tick(); }
/// <summary> /// Executes an x86 Instruction to call the specified Library/API Ordinal with the specified arguments /// </summary> /// <param name="exportedModuleSegment"></param> /// <param name="apiOrdinal"></param> /// <param name="apiArguments"></param> protected void ExecuteApiTest(ushort exportedModuleSegment, ushort apiOrdinal, IEnumerable <ushort> apiArguments) { if (!mbbsEmuMemoryCore.HasSegment(STACK_SEGMENT)) { mbbsEmuMemoryCore.AddSegment(STACK_SEGMENT); } if (mbbsEmuMemoryCore.HasSegment(CODE_SEGMENT)) { mbbsEmuMemoryCore.RemoveSegment(CODE_SEGMENT); } var apiTestCodeSegment = new Segment { Ordinal = CODE_SEGMENT, //Create a new CODE Segment with a //simple ASM call for CALL FAR librarySegment:apiOrdinal Data = new byte[] { 0x9A, (byte)(apiOrdinal & 0xFF), (byte)(apiOrdinal >> 8), (byte)(exportedModuleSegment & 0xFF), (byte)(exportedModuleSegment >> 8), }, Flag = (ushort)EnumSegmentFlags.Code }; mbbsEmuMemoryCore.AddSegment(apiTestCodeSegment); mbbsEmuCpuRegisters.CS = CODE_SEGMENT; mbbsEmuCpuRegisters.IP = 0; //Push Arguments to Stack foreach (var a in apiArguments.Reverse()) { mbbsEmuCpuCore.Push(a); } //Process Instruction, e.g. call the method mbbsEmuCpuCore.Tick(); if (isCdeclOrdinal(apiOrdinal)) { foreach (var a in apiArguments) { mbbsEmuCpuCore.Pop(); } } }