-
-
Notifications
You must be signed in to change notification settings - Fork 198
/
Copy pathmemshared-ld.asm
131 lines (103 loc) · 2.41 KB
/
memshared-ld.asm
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
; MEMSHARED dll loader
; Ange Albertini, BSD LICENCE 2013
%include 'consts.inc'
%include 'headers.inc'
%include 'dd_imports.inc'
%include 'section_1fa.inc'
LIMIT equ 3
EntryPoint:
push memshared
call [__imp__LoadLibraryA]
add eax, SECTIONALIGN ; it's at the start of 1st section
mov dword [lpValue], eax
_
mov eax, dword [eax]
push eax
sub dword [esp], LIMIT
neg dword [esp]
push eax
_
push Msg
call [__imp__printf]
add esp, 3 * 4
_
mov eax, dword [lpValue]
inc dword [eax]
mov ebx, dword [eax]
cmp ebx, 1 ; first launch?
jg noloop
_
loop_: ; waiting for other launches
_
; push eax ; careful with infinite loops and deadlocks:p
; push 0
; push 0
; push 0
; push memsharedld
; push 0
; push 0
; call [__imp__shellexecute]
; pop eax
mov ebx, dword [eax]
cmp ebx, LIMIT + 1
jnz loop_
_
noloop:
push 0
call [__imp__ExitProcess]
_c
lpValue dd 0
memshared db 'memshared.dll', 0
;memsharedld db 'memshared-ld.exe', 0
_d
Msg db ' * current value stored in MEM_SHARED section: %i (launch me %i more times to make me exit)', 0dh, 0ah, 0
_d
Import_Descriptor: ;************************************************************
_import_descriptor kernel32.dll
_import_descriptor msvcrt.dll
;_import_descriptor shell32.dll
istruc IMAGE_IMPORT_DESCRIPTOR
iend
_d
kernel32.dll_hintnames:
dd hnExitProcess - IMAGEBASE
dd hnLoadLibraryA - IMAGEBASE
dd 0
_d
kernel32.dll_iat:
__imp__ExitProcess:
dd hnExitProcess - IMAGEBASE
__imp__LoadLibraryA:
dd hnLoadLibraryA - IMAGEBASE
dd 0
_d
hnExitProcess _IMAGE_IMPORT_BY_NAME 'ExitProcess'
hnLoadLibraryA _IMAGE_IMPORT_BY_NAME 'LoadLibraryA'
_d
msvcrt.dll_hintnames:
dd hnprintf - IMAGEBASE
dd 0
msvcrt.dll_iat:
__imp__printf:
dd hnprintf - IMAGEBASE
dd 0
_d
hnprintf _IMAGE_IMPORT_BY_NAME 'printf'
_d
kernel32.dll db 'kernel32.dll', 0
msvcrt.dll db 'msvcrt.dll', 0
_d
;shell32.dll_hintnames:
; dd hnshellexecute - IMAGEBASE
; dd 0
;
;shell32.dll_iat:
;__imp__shellexecute:
; dd hnshellexecute - IMAGEBASE
; dd 0
;_d
;
;shell32.dll db 'shell32.dll', 0
;hnshellexecute _IMAGE_IMPORT_BY_NAME 'ShellExecuteA'
align FILEALIGN, db 0
;*******************************************************************************