Code:
.586
.model flat, stdcall
locals
jumps
null equ 0
MB_OK equ 0
@ansi2unicode macro
xor eax, eax
lodsb
stosw
test al, al
jnz $-5
endm
UNICODE_STRING STRUCT
len dw ?
maxlen dw ?
buff dd ?
UNICODE_STRING ENDS
ANSI_STRING STRUCT
len dw ?
mxalen dw ?
buff dd ?
ANSI_STRING ENDS
extrn ExitProcess:proc
extrn RtlInitUnicodeString:proc
extrn RtlInitAnsiString:proc
extrn LdrLoadDll:proc
extrn LdrGetProcedureAddress:proc
.data
ansiDll db "user32.dll",0
unicodeDll db ($-ansiDll)*2 dup (0)
hDll dd ?
ahUnicode UNICODE_STRING <>
ahAnsi ANSI_STRING <>
mBox db "MessageBoxA",0
pMessageBoxA dd ?
mText db "LdrLoadDll sucks big time",10, 13
db "LdrGetProcedureAddress tooooooo",0
mTitle db "LdrLoadDll",0
.code
start:
mov esi, offset ansiDll
mov edi, offset unicodeDll
@ansi2unicode
call RtlInitUnicodeString, offset ahUnicode, offset unicodeDll
call LdrLoadDll, null, null, offset ahUnicode, offset hDll
call RtlInitAnsiString, offset ahAnsi, offset mBox
call LdrGetProcedureAddress, hDll, offset ahAnsi, null, offset pMessageBoxA
call pMessageBoxA, null, offset mText, offset mTitle, MB_OK
call ExitProcess, null
end start
.586
.model flat, stdcall
locals
jumps
null equ 0
MB_OK equ 0
@ansi2unicode macro
xor eax, eax
lodsb
stosw
test al, al
jnz $-5
endm
UNICODE_STRING STRUCT
len dw ?
maxlen dw ?
buff dd ?
UNICODE_STRING ENDS
ANSI_STRING STRUCT
len dw ?
mxalen dw ?
buff dd ?
ANSI_STRING ENDS
extrn ExitProcess:proc
extrn RtlInitUnicodeString:proc
extrn RtlInitAnsiString:proc
extrn LdrLoadDll:proc
extrn LdrGetProcedureAddress:proc
.data
ansiDll db "user32.dll",0
unicodeDll db ($-ansiDll)*2 dup (0)
hDll dd ?
ahUnicode UNICODE_STRING <>
ahAnsi ANSI_STRING <>
mBox db "MessageBoxA",0
pMessageBoxA dd ?
mText db "LdrLoadDll sucks big time",10, 13
db "LdrGetProcedureAddress tooooooo",0
mTitle db "LdrLoadDll",0
.code
start:
mov esi, offset ansiDll
mov edi, offset unicodeDll
@ansi2unicode
call RtlInitUnicodeString, offset ahUnicode, offset unicodeDll
call LdrLoadDll, null, null, offset ahUnicode, offset hDll
call RtlInitAnsiString, offset ahAnsi, offset mBox
call LdrGetProcedureAddress, hDll, offset ahAnsi, null, offset pMessageBoxA
call pMessageBoxA, null, offset mText, offset mTitle, MB_OK
call ExitProcess, null
end start
I ajde 2 sata mi je trebalo da provalim da ove dve API iz ntdll nece samo "unicode" nego hoce UNICODE_STRING i ANSI_STRING strukture, e boze, boze, da mi je da zadavim obog Bill Gejtsa, samo lagano da stegnem ruke oko njegovog vrata...