ewwink Posted September 10, 2013 Posted September 10, 2013 hi, I want to create loader and need to change BytesToRead to 0 but how to call readfile in asm code 0012F130 0132A275 /CALL to ReadFile 0012F134 0000015C |hFile = 0000015C (window) 0012F138 02724FF8 |Buffer = 02724FF8 0012F13C 000002F8 |BytesToRead = 2F8 (760.) 0012F140 0012F660 |pBytesRead = 0012F660 0012F144 00000000 \pOverlapped = NULLthanks
atom0s Posted September 10, 2013 Posted September 10, 2013 Like this:PUSH 0 ; pOverlapped PUSH EAX ; pBytesRead PUSH 0 ; BytesToRead LEA EAX, DWORD PTR SS:[BufferAddress] ; Buffer PUSH EDI ; hFile CALL DWORD PTR DS:[kernel32.ReadFile] 1
ewwink Posted September 10, 2013 Author Posted September 10, 2013 yes like that thank you. PUSH 0x0 ; /pOverlapped = NULL LEA EAX,DWORD PTR DS:[0x12F660] ; | PUSH EAX ; |pBytesRead MOV EAX,DWORD PTR DS:[EAX] ; |2F8 PUSH EAX ; |BytesToRead MOV EAX,DWORD PTR DS:[0x2724FF8] ; | PUSH EAX ; |Buffer MOV EAX,0x15C ; |15C PUSH EAX ; |hFile CALL kernel32.ReadFile ; \ReadFile
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now