Posts: 19
Threads: 2
Joined: Jan 2025
01-27-2025, 08:18 PM
(This post was last modified: 01-27-2025, 08:57 PM by Pierre Bellisle.)
Calling opcode string discussion was started at https://forum.powerbasic.com/forum/user-...discussion
It is an answer To Anne on how to get and embed a function in a string and call it via "call dword"
This one show particularly how to find the end of the function code by inserting data near the end.
Code: 'follow up of https://forum.powerbasic.com/forum/user-to-user-discussions/programming/838669-calling-opcode-string-discussion
#compile exe '#Win 10.04 (D:\Dev\Pow\Bas\Jose Roca\Forum\Jose\Windows API Headers\3.1.07\uz)#
#dim all
'#register none
'%Unicode = 1
#include "Win32Api.inc"
#RESOURCE MANIFEST, 1, "XPTheme.xml"
global hDlg as dword
$AppName = "call dword"
%Static01 = 101
%Button01 = 201
declare function myfunction(byval var1 as long ,byval var2 as long) as long 'for call dword to use
'_____________________________________________________________________________
function HexView$(sString as string) as string 'HexString
local pByte as byte pointer
local sBuffer as string
local sChar16 as string
local Looper as long
pByte = strptr(sString)
do
if (Looper and 15) = 00 then 'Like MOD 16
sBuffer = sBuffer & hex$(Looper, 4) & ": " 'Line number:
elseif (Looper and 07) = 00 then 'Like MOD 8
sBuffer = sBuffer & "- " 'Middle dash
end if
if Looper < len(sString) then 'Add data
sBuffer = sBuffer & hex$(@pByte[Looper], 2) & $spc
else
#if %def(%pb_win32) 'A to F have bigger width
sBuffer = sBuffer & " " 'Windows: No more data, fill with five spaces
#else 'Use STDOUT in console
sBuffer = sBuffer & " " 'Console: No more data, fill with three spaces
#endif
end if
if (Looper and 15) = 15 then 'End of 16 bytes line
sChar16 = mid$(sString, Looper -14, 16) 'Next line replace non visible characters with dot
replace any chr$(0,1,7,9,10,13,27 to 31,127,129,140,141,143,144,152,157) with "..................." in sChar16
sBuffer = sBuffer & "; " & sChar16 & $crlf 'Add ascii string and CRLF
if Looper >= len(sString) - 1 then exit do 'Job done
end if
incr Looper
loop
function = "Binary data lenght is" & str$(len(sString)) & " bytes." & $crlf & sBuffer
end function
'____________________________________________________________________________
function Add2Numbers(byval var1 as long ,byval var2 as long) as long
function = var1 + var2
'function = var2
exit function
!DB &h12, &h34, &h56, &h78, &h9A, &hBC, &hDE, &hF0
end function
'_____________________________________________________________________________
callback function DlgProc
local sAsm as string
local sTerminator as string
local pcode as dword
local pString as dword
local RetVal as long
local byteVal as byte
select case cbmsg
case %wm_command
select case cbctl
case %Button01
if cbctlmsg = %bn_clicked or cbctlmsg = 1 then
'call original function
sTerminator = chr$(&h12, &h34, &h56, &h78, &h9A, &hBC, &hDE, &hF0)
pcode = codeptr(Add2Numbers)
RetVal = 0
call dword pcode using myfunction(2, 2) to RetVal
MessageBox(hDlg, "CALL DWORD pcode result =" & str$(RetVal), $AppName, 266240)
'-----------------------------------------------------------------------------
'call a copy of original function using myfunction()
sAsm = ""
do
sAsm &= peek$(pcode, 1) 'build sAsm byte by byte to be sure to not access out of bound memory
incr pcode
if instr(sAsm, sTerminator) then
sAsm &= peek$(pcode, 16) 'get the end of function
exit do
end if
loop
RetVal = 0
pString = strptr(sAsm)
call dword pString using myfunction(2, 3) to RetVal
MessageBox(hDlg, "CALL DWORD pString result =" & str$(RetVal), $AppName, 266240)
'-------------------------------------------------------------------------------------------------
'call a copy of original function without using myfunction()
pString = strptr(sAsm)
! push 4
! push 2
call dword pString 'Or you may use !call pcode
! mov RetVal, eax
MessageBox(hDlg, "CALL DWORD ASM result =" & str$(RetVal), $AppName, 266240)
'-------------------------------------------------------------------------------------------------
'show the copy and original function code side to side
MessageBox(hDlg, "pcode:" & $crlf & HexView$(peek$(codeptr(Add2Numbers), len(sAsm))) & $crlf & $crlf & $crlf & _
"pString:" & $crlf & HexView$(peek$(codeptr(Add2Numbers), len(sAsm))), $AppName, 266240)
end if
end select
end select
end function
'_____________________________________________________________________________
function pbmain()
dialog font "Segoe UI", 9
dialog new %hwnd_desktop, $AppName, , , 150, 50, _
%ws_caption or %ws_minimizebox or %ws_maximizebox or %ws_sizebox or %ws_sysmenu, %ws_ex_left to hDlg
control add label, hDlg, %Static01, "codeptr() and strptr() test", 5, 10, 140, 11, %ss_center
control add button, hDlg, %Button01, "test codeptr() and strptr()", 15, 25, 120, 15
dialog show modal hDlg call DlgProc
end function
'_____________________________________________________________________________
'
Posts: 11
Threads: 5
Joined: May 2024
01-29-2025, 05:17 PM
(This post was last modified: 01-29-2025, 05:52 PM by Anne Wilson.)
Thanks so much Pierre
I have created the following program "Obfuscator Maker.bas" to create
hex strings out of the Opcode string pointers to 3 functions, namely
Multiplication , Matrix Multiply and Addition.
These 3 functions hex strings are to be written out to 3 text files.
The hex strings can be subsequently used for deployment into another
new program without the need to declare these functions in this
new program.
Two of these functions work --> Multiplication of 2 numbers and Addition
of 3 numbers. Unfortunately the MatrixMultiply function fail and it GPF ?
Not sure why the MatrixMultiply function fail but it works well directly without
using the CALL DWORD opcode string
Code: ' Obfuscator Maker.bas
' Inspired by Pierre
' https://forum.powerbasic.com/forum/user-to-user-discussions/programming/838669-calling-opcode-string-discussion?p=838671#post838671
' http://pump.richheimer.de/showthread.php?tid=21&pid=78#pid78
' This program makes obfuscator hex strings of a given function
' and save this string into a txt file, which can then be deployed
' to other programs
' It is used to test out functions before deployment
#COMPILE EXE
#DIM ALL
#INCLUDE "Win32Api.inc"
GLOBAL hDlg AS DWORD
' pointers params for the Multiplication function
GLOBAL pStringMult , pcodeMult AS DWORD
GLOBAL sAsmMult AS STRING
' pointers params for the Matrix Multiply function
GLOBAL pStringMat , pcodeMat AS DWORD
GLOBAL sAsmMat AS STRING
' pointers params for the Addition function
GLOBAL pStringAdd , pcodeAdd AS DWORD
GLOBAL sAsmAdd AS STRING
$AppName = " Obfuscator Maker "
%Lab01 = 101
%ButtonMult = 201
%ButtonMat = 202
%ButtonAdd = 203
'for call dword usage -- for Masquerading the real functions
' for the multiplication function
DECLARE FUNCTION MasqueradeMt(BYVAL var1 AS LONG ,BYVAL var2 AS LONG) AS LONG
' Function declaration string
$DecFnStr1 = "DECLARE FUNCTION MasqueradeMt(BYVAL var1 AS LONG ,BYVAL var2 AS LONG) AS LONG"
DECLARE FUNCTION MasqueradeM( ) AS STRING
$DecFnStr2 = "DECLARE FUNCTION MasqueradeM( ) AS STRING "
' for the Add function
DECLARE FUNCTION MasqueradeA(BYVAL var1 AS LONG , _
BYVAL var2 AS LONG, BYVAL var3 AS LONG) AS LONG
' Function declaration string
$DecFnStr3 = "DECLARE FUNCTION MasqueradeA(BYVAL var1 AS LONG ," + _
" BYVAL var2 AS LONG, BYVAL var3 AS LONG) AS LONG"
' place your function here ********************
'===================================
' a simple multiplication function
FUNCTION Mult2Numbers(BYVAL var1 AS LONG , BYVAL var2 AS LONG) AS LONG
FUNCTION = var1 * var2
EXIT FUNCTION
' End of function marker to indicate the final end of function
' http://pump.richheimer.de/showthread.php?tid=21&pid=78#pid78
!DB &h12, &h34, &h56, &h78, &h9A, &hBC, &hDE, &hF0
END FUNCTION
'===================================
' a simple addition function
FUNCTION Add3Numbers(BYVAL var1 AS LONG , BYVAL var2 AS LONG ,_
BYVAL var3 AS LONG) AS LONG
FUNCTION = var1 + var2 + var3
EXIT FUNCTION
' End of function marker to indicate the final end of function
' http://pump.richheimer.de/showthread.php?tid=21&pid=78#pid78
!DB &h12, &h34, &h56, &h78, &h9A, &hBC, &hDE, &hF0
END FUNCTION
'=====================================
' a complex function
FUNCTION MatrixMultiply( ) AS STRING
' see the answers in
' https://www.mathsisfun.com/algebra/matrix-multiplying.html
'
LOCAL i, j, k AS LONG
LOCAL sum AS LONG
' Note that do NOT use global as cannot pass **************
' global arguments into a CALL DWORD function
' for the Matrix Multiply function
LOCAL MResult() AS LONG
LOCAL MatA() AS LONG
LOCAL MatB() AS LONG
' setup the matrices -- one time only
REDIM MatA(5) ' 2x3 matrix
REDIM MatB(5) ' 3x2 matrix
REDIM MResult(4) ' 2x2 matrix
' Assignments of values as in
' https://www.mathsisfun.com/algebra/matrix-multiplying.html
ARRAY ASSIGN MatA() = 1,2,3,4,5,6
ARRAY ASSIGN MatB() = 7,8,9,10,11,12
FOR i = 0 TO 1
FOR j = 0 TO 1
sum = 0
FOR k = 0 TO 2
sum = sum + MatA(i * 3 + k) * MatB(k * 2 + j)
NEXT k
MResult(i * 2 + j) = sum
NEXT j
NEXT i
'? " sum " + str$(sum)
' the result string
LOCAL ResStr AS STRING
LOCAL ResVal AS LONG
ResStr = ""
FOR i = 0 TO 1
FOR j = 0 TO 1
ResVal = MResult(i * 2 + j)
ResStr += " " + STR$(ResVal)
NEXT j
NEXT i
FUNCTION = ResStr
' End of function marker to indicate the final end of function
!DB &h12, &h34, &h56, &h78, &h9A, &hBC, &hDE, &hF0
END FUNCTION
'==================================
' Setup functions' parameters
SUB SetupFunParams
' Get ready with these function params
' for the Mult2Numbers function
pcodeMult = CODEPTR(Mult2Numbers)
' Obtain the pointer to the ASM string for the
' Mult2Numbers function
Obtain_PtrStringGen( pcodeMult , pStringMult , sAsmMult , 1 )
' for the Matrix Multiply function --> Fail ***************************
pcodeMat = CODEPTR(MatrixMultiply)
' Obtain the pointer to the ASM string for the
' Matrix Multiply function
Obtain_PtrStringGen( pcodeMat , pStringMat , sAsmMat , 2 )
' for the Addition function
pcodeAdd = CODEPTR(Add3Numbers)
' Obtain the pointer to the ASM string for the
' Addition function
Obtain_PtrStringGen( pcodeAdd , pStringAdd , sAsmAdd , 3 )
END SUB
'============================
FUNCTION PBMAIN()
#REGISTER NONE
' Setup functions' parameters
SetupFunParams
DIALOG FONT "Segoe UI", 9
DIALOG NEW %HWND_DESKTOP, $AppName, , , 200, 140, _
%WS_CAPTION OR %WS_MINIMIZEBOX OR %WS_MAXIMIZEBOX OR %WS_SIZEBOX _
OR %WS_SYSMENU, %WS_EX_LEFT TO hDlg
CONTROL ADD LABEL, hDlg, %Lab01 , "Obfuscate using String Pointers to functions",_
15, 10, 190, 11
CONTROL ADD BUTTON, hDlg, %ButtonMult , "Mult function strptr()",_
55, 35, 90, 15
CONTROL ADD BUTTON, hDlg, %ButtonMat, "Matix multiply function strptr()",_
55, 65, 120, 15
CONTROL ADD BUTTON, hDlg, %ButtonAdd , "Add function strptr()",_
55, 95, 90, 15
DIALOG SHOW MODAL hDlg CALL DlgProc
END FUNCTION
'====================================
CALLBACK FUNCTION DlgProc
LOCAL RetVal AS LONG
LOCAL dispst AS STRING
SELECT CASE CB.MSG
CASE %WM_INITDIALOG
CASE %WM_COMMAND
SELECT CASE CB.CTL
CASE %ButtonMult
' compute -- You need to TEST the function out
' so that it is accurate before deployment
IF CB.CTLMSG = %BN_CLICKED OR CB.CTLMSG = 1 THEN
RetVal = 0
' using string pointer to point to the Mult2Numbers function
CALL DWORD pStringMult USING MasqueradeMt(519, 23) TO RetVal
MessageBox(hDlg, "CALL DWORD pStringMult result of 519 and 23 =" & _
STR$(RetVal), "String Pointer to Mult function", 266240)
END IF
CASE %ButtonMat
' compute the
IF CB.CTLMSG = %BN_CLICKED OR CB.CTLMSG = 1 THEN
dispst = ""
' using string pointer to point to the MatrixMultiply function --> Fail ***************
CALL DWORD pStringMat USING MasqueradeM() TO dispst
' Call the real function as a test the function first
' to ensure correct computation --> this works
' dispst = MatrixMultiply()
MessageBox(hDlg, "CALL DWORD pStringMat with matrix result : " + $CRLF+ dispst , _
"String Pointer to Matrix Multiply function ", 266240)
END IF
CASE %ButtonAdd
' compute -- You need to TEST the function out
' so that it is accurate before deployment
IF CB.CTLMSG = %BN_CLICKED OR CB.CTLMSG = 1 THEN
RetVal = 0
' using string pointer to point to the Add3Numbers function
CALL DWORD pStringAdd USING MasqueradeA(19,325, 93) TO RetVal
MessageBox(hDlg, "CALL DWORD pStringAdd result of 19 , 325 and 93 =" & _
STR$(RetVal), "String Pointer to Add function", 266240)
END IF
END SELECT
END SELECT
END FUNCTION
'=========================
' Obtain the pointer to the ASM string
' for General usage.
' and creates the text file for the wsAsm string
' gpar = indicator for a specific function
SUB Obtain_PtrStringGen( BYVAL gpcode AS DWORD, _
BYREF WpString AS DWORD ,BYREF wsAsm AS STRING , gpar AS LONG )
LOCAL byteVal AS BYTE
LOCAL sTerminator AS STRING
sTerminator = CHR$(&h12, &h34, &h56, &h78, &h9A, &hBC, &hDE, &hF0 )
' clear off any prev values
WpString = 0
wsAsm = ""
' Assemble WsAsm byte by byte
' and looking for the end of function marker
DO
WsAsm &= PEEK$(gpcode, 1)
INCR gpcode
IF INSTR(WsAsm, sTerminator) THEN
'found the end of function marker
WsAsm &= PEEK$(gpcode, 16)
EXIT DO
END IF
LOOP
' Gets the pointer to the wanted function's ASM string
WpString = STRPTR(WsAsm)
' Convert to hex as it is printable
LOCAL HxStrAsm , OrigAsm AS STRING
HxStrAsm = HexDump(WsAsm)
SLEEP 10
OrigAsm = DeHex(HxStrAsm)
SLEEP 10
LOCAL filNamAsm , DecFn AS STRING
filNamAsm = "Output WsAsm " + STR$(gpar) + ".txt"
' gets the correct declaration function name
' according to gpar
SELECT CASE gpar
CASE 1
DecFn = $DecFnStr1
CASE 2
DecFn = $DecFnStr2
CASE 3
DecFn = $DecFnStr3
END SELECT
' clear off old file
KILL filNamAsm
' prints out the WsAsm string to a text file
LOCAL bf AS LONG
bf = FREEFILE
OPEN filNamAsm FOR OUTPUT AS #bf
PRINT #bf, WsAsm
PRINT #bf,
PRINT #bf,
PRINT #bf,HxStrAsm
PRINT #bf,
PRINT #bf,
PRINT #bf, OrigAsm
PRINT #bf,
PRINT #bf,
PRINT #bf, "Masquerade Function declaration string"
PRINT #bf, DecFn
CLOSE #bf
END SUB
'======================================
' Provide a string of Hex characters
' for a given string sgBuf
FUNCTION HexDump(sgBuf AS STRING) AS STRING
LOCAL sbh AS ISTRINGBUILDERA
sbh = CLASS "STRINGBUILDERA"
LOCAL ihd AS LONG
FOR ihd = 1 TO LEN(sgBuf)
sbh.add HEX$(ASC(MID$(sgBuf,ihd,1)),2)
NEXT
FUNCTION = sbh.string
END FUNCTION
'===================================================
FUNCTION DeHex(Inpt AS STRING) AS STRING
LOCAL i AS INTEGER
LOCAL Xdh AS STRING
FOR i = 1 TO LEN(Inpt) STEP 2
Xdh = Xdh & CHR$(VAL("&H" & MID$(Inpt, i, 2)))
NEXT i
DeHex = Xdh
END FUNCTION
Pierre
What's the purpose of this line of code
Code: !DB &h12, &h34, &h56, &h78, &h9A, &hBC, &hDE, &hF0
Is it a marker of some sort to mark the end of a function ?
how does it work ? does it do some action ?
Posts: 19
Threads: 2
Joined: Jan 2025
>Is it a marker of some sort to mark the end of a function ?
Exactly, sTerminator is the equivalent string that will be search for in the Button01 section.
Posts: 19
Threads: 2
Joined: Jan 2025
Anne, I've made some quick test.
Seems the problem is with a function that internally manipulate dynamic string.
More study to do
|
