Ksbunker
Advanced Cheater
![]() Reputation: 0
Joined: 18 Oct 2006
Posts: 88
|
 Posted: Thu Aug 23, 2007 1:52 am Post subject: [MASM] Self-Modifying Code Eg. |
 |
|
| Code: | .386
.model flat, stdcall
option casemap :none
include \masm32\include\windows.inc
include \masm32\include\kernel32.inc
includelib \masm32\lib\kernel32.lib
.code
start:
jmp @skip
db "clear out eax", 0
@skip:
xor eax, eax
@target:
push 00
@@:
inc al
mov byte ptr [@target+1], al
cmp byte ptr [@target+1], 10h
je @F
jmp @B
@@:
Invoke ExitProcess, 0
end start |
It will assemble and link perfectly, but during execution it will error. This is because the line:
| Code: | | mov byte ptr [@target+1], al |
Does not have sufficient privelidges to make such an operation. Hence we must activate the write flag for .CODE section.
One cannot modify the write flag during linking whilst using MASM. This flag must be enabled manually via modifying the PE Header so that the .CODE section can become writable.
There are numerous ways to modify the Section Characteristics, but the the purpose of this we'll just use LordPE.
Open LordPE > PE Editor > Sections > Select .text section, right-click "edit section header..." > Flags Label, select the "..." button > Click the "Writable" tick-box. Save changes and Violia!
To see the affect of the change, open the program in ollydbg and step through the loop and you will notice actual code changing "push 00 > push 01 > push 02" etc... during the loop.
Why would anyone want the .CODE section to be writable? It opens the door for self-modifying code, from what i've read can be used for numerous things (cheifly when it comes to protection and security, but also virii and shit). Anyway, I hope someone finds this useful, perhaps a crackme? (hint).
Cheers! (Credits to x0r, thanks for the tip, virtualprotect was annoying)
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
