Help Me About Plugin Importrec, And Converting Asm Source...

[Apakekdah]

hi, is there anyone will help me, how to

i was convert asm source...

original source :

; NTkrnl protector 0.1 plugin tracer for impREC
; bpx^2k7
format PE GUI 4.0 DLL
entry e
include 'c:fasm32includewin32a.inc'
section '.code' code readable executable
e:; DLL Entrypoint
xor eax,eax
inc eax
ret 12
Trace:
push ebp
mov ebp,esp
push ebx
push esi
invoke MapViewOfFile, dword [ebp+4+4] , FILE_MAP_READ or FILE_MAP_WRITE, 0, 0, 0
mov esi, eax; We put our found proc in this map
mov ebx, dword [ebp+16+4]
invoke IsBadReadPtr, ebx, 4; Is this a valid thunk we are tracing ?
test eax, eax
jz ptr_ok1
jmp end2
ptr_ok1:
cmp dword [ebx],0000E860h; Look for ntkrnl signature
je ptr_ok2
jmp end2
ptr_ok2:
mov word [ebx+35h],9090h; nop jmp eax
call ebx; call redirector proc [eax now contains real API!]
mov ebx, esi
mov dword [ebx], eax
end2:
invoke UnmapViewOfFile, esi; Write changes
invoke CloseHandle, dword [ebp+4+4]
pop esi
pop ebx
mov eax,200
leave
ret 20
section '.idata' import data readable writeable
library kernel,'KERNEL32.DLL'
import kernel,
MapViewOfFile,'MapViewOfFile',
UnmapViewOfFile,'UnmapViewOfFile',
CloseHandle,'CloseHandle',
IsBadReadPtr,'IsBadReadPtr'
section '.edata' export data readable
export 'nt_krnlprotect_0_1.dll',
Trace,'Trace'
section '.reloc' fixups data discardable

mysouce :

.486				   ; set processor model
.model flat, stdcall   ; default STDCALL calling convention
option casemap :none   ; always use the case sensitive optioninclude e:\masm32\include\windows.inc
include e:\masm32\include\kernel32.inc
include e:\masm32\macros\macros.asmincludelib e:\masm32\lib\kernel32.libTrace PROTO STDCALL :DWORD,:DWORD,:DWORD,:DWORD,:DWORD.data?
	hInstance dd ?.codeLibMain proc hInstDLL:DWORD, reason:DWORD, unused:DWORD 	xor eax, eax
	inc eax	ret LibMain endpTrace proc hFileMap:DWORD, dwSizeMap:DWORD, dwTimeOut:DWORD, dwToTrace:DWORD, dwExactCall:DWORD	invoke MapViewOfFile, hFileMap, FILE_MAP_ALL_ACCESS, 0, 0, dwSizeMap
	test eax, eax
	je error1
	mov esi, eax	mov ebx, dwToTrace
	invoke IsBadReadPtr, ebx, 4
	test eax, eax
	jne error2	mov esi, eax
	cmp dword ptr [ebx], 0E860h
	jne error3	mov word ptr [ebx+35h],9090h	call ebx	mov ebx, esi	
	mov dword ptr [ebx], eax	
	mov eax, 200
	jmp abiserror1:
	mov eax, 201
	jmp abiserror2:
	mov eax, 202
	jmp abiserror3:
	mov eax, 203
abis:
	invoke UnmapViewOfFile, hFileMap; Write changes
	invoke CloseHandle, hFileMap	ret
Trace endpend LibMain

the problem is, original code, can run (maybe, i'd never test it before, cause don't have that compiler ) and my code, always send an error...

i'm sure i was following that direction... where is my mistake ?

-

and how to debug ImportRec, when Trace function is called, so i can debug where i'm make a mistake ?

sorry for my bad english

[human]

where have you lost push ebx esi, but real problem is you dont think? mov eax,200 jmp abis? and then closehandle and unmapview that change eax. man think again