*DELETED*

Post Python examples to help other users.
Sam
Senior Member
Posts: 100
Joined: Tue Jul 03, 2018 3:00 pm
Location: *DELETED*
Contact:

[DEV/ASM/(Windows)] How to run assembler opcodes.

Postby Sam » Sat Jul 18, 2020 12:47 pm

Syntax: Select all

import ctypes
import types
import platform

MEM_COMMIT = 0x00001000
MEM_RESERVE = 0x00002000
PAGE_EXECUTE_READWRITE = 0x40

if platform.architecture()[0] == '32bit':
VirtualAlloc = ctypes.windll.kernel32.VirtualAlloc
VirtualAlloc.argtypes = (ctypes.c_int32, ctypes.c_int32, ctypes.c_int32, ctypes.c_int32)
VirtualAlloc.restype = ctypes.c_void_p
RtlMoveMemory = ctypes.windll.kernel32.RtlMoveMemory
RtlMoveMemory.argtypes = (ctypes.c_void_p, ctypes.c_void_p, ctypes.c_int32)
elif platform.architecture()[0] == '64bit':
VirtualAlloc = ctypes.windll.kernel32.VirtualAlloc
VirtualAlloc.argtypes = (ctypes.c_int64, ctypes.c_int64, ctypes.c_int64, ctypes.c_int64)
VirtualAlloc.restype = ctypes.c_void_p
RtlMoveMemory = ctypes.windll.kernel32.RtlMoveMemory
RtlMoveMemory.argtypes = (ctypes.c_void_p, ctypes.c_void_p, ctypes.c_int64)
else:
print('Lol. Are you running python at 16 or 128 bits?')
exit(1)

def MakeFunction(opcodes:bytes, restype, *argstypes) -> types.FunctionType:
buf = bytearray(opcodes)
buf_ptr = VirtualAlloc(0, len(buf), MEM_COMMIT | MEM_RESERVE, PAGE_EXECUTE_READWRITE)
mov_buf = (ctypes.c_char * len(buf)).from_buffer(buf)
RtlMoveMemory(buf_ptr, mov_buf, len(buf))
func = ctypes.CFUNCTYPE(restype, *argstypes)(buf_ptr)
return func

if platform.architecture()[0] == '32bit':
f = MakeFunction(b'\x55\x89\xE5\x8B\x45\x08\x03\x45\x0C\x5D\xC3', ctypes.c_int32, ctypes.c_int32, ctypes.c_int32)
'''
push ebp
mov ebp, esp
mov eax, [ebp+0x8]
add eax, [ebp+0xC]
pop ebp
ret
'''
print(f'F(10, 30) = {f(10, 30)} (32bit)')
elif platform.architecture()[0] == '64bit':
f = MakeFunction(b'\x89\x54\x24\x08\x89\x4C\x24\x10\x8B\x44\x24\x10\x8B\x4C\x24\x08\x01\xC1\x89\xC8\xC3', ctypes.c_int64, ctypes.c_int64, ctypes.c_int64)
''' x64
mov [rsp+0x8], edx
mov [rsp+0x10], ecx
mov eax, [rsp+0x10]
mov ecx, [rsp+0x8]
add ecx, eax
mov eax, ecx
ret
'''
print(f'F(10, 30) = {f(10, 30)} (64bit)')


Enjoy :P
Last edited by Sam on Sat Jul 18, 2020 1:07 pm, edited 1 time in total.
User avatar
Ayuto
Project Leader
Posts: 2212
Joined: Sat Jul 07, 2012 8:17 am
Location: Germany

Re: [DEV/ASM/(Windows)] How to run assembler opcodes.

Postby Ayuto » Sun Jul 19, 2020 4:23 pm

Nice! Though, it's a little bit easier in with the Source.Python modules (plus it's compatible with Linux):
Sam
Senior Member
Posts: 100
Joined: Tue Jul 03, 2018 3:00 pm
Location: *DELETED*
Contact:

Re: [DEV/ASM/(Windows)] How to run assembler opcodes.

Postby Sam » Sun Jul 19, 2020 5:27 pm

Not bad either, but what if develop it?
For example:

Syntax: Select all

A = b"Hewwo"
f = MakeFunc(argstypes=[DataType.INT, DataType.INT], rettype=DataType.INT,
[
push(ebp),
mov(ebp, esp),
mov(eax, ebp+0x08),
add(eax, ebp+0x0C),
jmp(0xDEEDBEEF),
push(offset(A))
call(0xBEEFDEED),
ret(),
])
Last edited by Sam on Sun Jul 19, 2020 5:27 pm, edited 1 time in total.
Reason: Original post version
User avatar
Ayuto
Project Leader
Posts: 2212
Joined: Sat Jul 07, 2012 8:17 am
Location: Germany

Re: [DEV/ASM/(Windows)] How to run assembler opcodes.

Postby Ayuto » Sun Jul 19, 2020 5:48 pm

That was actually one of my thoughts as well when I created that snippet. But I refused that idea, because it would mean a lot work and I had no need for this at that point. It would just be a great exercise!

Return to “Code examples / Cookbook”

Who is online

Users browsing this forum: No registered users and 27 guests