using System;
using System.Collections.Generic;
using System.Text;
using System.Runtime.InteropServices;
namespace AsmClassLibrary
{
public class Class1
{
[DllImport("kernel32.dll", EntryPoint = "CloseHandle")]
public static extern int CloseHandle(int hObject);
[DllImport("kernel32.dll")]
public static extern Int32 WriteProcessMemory(
IntPtr hProcess,
IntPtr lpBaseAddress,
[In, Out] byte[] buffer,
int size,
out IntPtr lpNumberOfBytesWritten);
[DllImport("kernel32.dll")]
public static extern Int32 WriteProcessMemory(
int hProcess,
int lpBaseAddress,
byte[] buffer,
int size,
int lpNumberOfBytesWritten);
[DllImport("kernel32", EntryPoint = "CreateRemoteThread")]
public static extern int CreateRemoteThread(
int hProcess,
int lpThreadAttributes,
int dwStackSize,
int lpStartAddress,
int lpParameter,
int dwCreationFlags,
ref int lpThreadId
);
[DllImport("Kernel32.dll")]
public static extern System.Int32 VirtualAllocEx(
System.IntPtr hProcess,
System.Int32 lpAddress,
System.Int32 dwSize,
System.Int16 flAllocationType,
System.Int16 flProtect
);
[DllImport("Kernel32.dll")]
public static extern System.Int32 VirtualAllocEx(
int hProcess,
int lpAddress,
int dwSize,
int flAllocationType,
int flProtect
);
[DllImport("Kernel32.dll")]
public static extern System.Int32 VirtualFreeEx(
int hProcess,
int lpAddress,
int dwSize,
int flAllocationType
);
[DllImport("kernel32.dll", EntryPoint = "OpenProcess")]
public static extern int OpenProcess(
int dwDesiredAccess,
int bInheritHandle,
int dwProcessId
);
private const int PAGE_EXECUTE_READWRITE = 0x4;
private const int MEM_COMMIT = 4096;
private const int MEM_RELEASE = 0x8000;
private const int MEM_DECOMMIT = 0x4000;
private const int PROCESS_ALL_ACCESS = 0x1F0FFF;
private const int PROCESS_CREATE_THREAD = 0x2;
private const int PROCESS_VM_OPERATION = 0x8;
private const int PROCESS_VM_WRITE = 0x20;
public string Asmcode="";
private string hex(int address)
{
string str = address.ToString("X");
return str;
}
public string intTohex(int value, int num)
{
string str1;
string str2 = "";
str1 = "0000000" + this.hex(value);
str1 = str1.Substring(str1.Length - num,num);
for (int i = 0; i < str1.Length/2; i++)
{
str2 = str2 + str1.Substring(str1.Length - 2 - 2 * i, 2);
}
return str2;
}
public void SUB_ESP(int addre)
{
if ((addre <= 127) && (addre >= -128))
{
this.Asmcode = this.Asmcode + "83EC" + intTohex(addre, 2);
}
else
{
this.Asmcode = this.Asmcode + "81EC" + intTohex(addre, 8);
}
}
public void Nop()
{
this.Asmcode = this.Asmcode + "90";
}
public void RetA(int addre)
{
this.Asmcode = this.Asmcode + intTohex(addre, 4);
}
public void IN_AL_DX()
{
this.Asmcode = this.Asmcode + "EC";
}
public void TEST_EAX_EAX()
{
this.Asmcode = this.Asmcode + "85C0";
}
public void Leave()
{
this.Asmcode = this.Asmcode + "C9";
}
public void Pushad()
{
this.Asmcode = this.Asmcode + "60";
}
public void Popad()
{
this.Asmcode = this.Asmcode + "61";
}
public void Ret()
{
this.Asmcode = this.Asmcode + "C3";
}
#region ADD
public void Add_EAX_EDX()
{
this.Asmcode = this.Asmcode + "03C2";
}
public void Add_EBX_EAX()
{
this.Asmcode = this.Asmcode + "03D8";
}
public void Add_EAX_DWORD_Ptr(int addre)
{
this.Asmcode = this.Asmcode + "0305" + intTohex(addre, 8);
}
public void Add_EBX_DWORD_Ptr(int addre)
{
this.Asmcode = this.Asmcode + "031D" + intTohex(addre, 8);
}
public void Add_EBP_DWORD_Ptr(int addre)
{
this.Asmcode = this.Asmcode + "032D" + intTohex(addre, 8);
}
public void Add_EAX(int addre)
{
this.Asmcode = this.Asmcode + "05" + intTohex(addre, 8);
}
public void Add_EBX(int addre)
{
if ((addre <= 127) && (addre >= -128))
this.Asmcode = this.Asmcode + "83C3" + intTohex(addre, 2);
else
this.Asmcode = this.Asmcode + "81C3" + intTohex(addre, 8);
}
public void Add_ECX(int addre)
{
if ((addre <= 127) && (addre >= -128))
this.Asmcode = this.Asmcode + "83C1" + intTohex(addre, 2);
else
this.Asmcode = this.Asmcode + "81C1" + intTohex(addre, 8);
}
public void Add_EDX(int addre)
{
if ((addre <= 127) && (addre >= -128))
this.Asmcode = this.Asmcode + "83C2" + intTohex(addre, 2);
else
this.Asmcode = this.Asmcode + "81C2" + intTohex(addre, 8);
}
public void Add_ESI(int addre)
{
if ((addre <= 127) && (addre >= -128))
this.Asmcode = this.Asmcode + "83C6" + intTohex(addre, 2);
else
this.Asmcode = this.Asmcode + "81C6" + intTohex(addre, 8);
}
public void Add_ESP(int addre)
{
if ((addre <= 127) && (addre >= -128))
this.Asmcode = this.Asmcode + "83C4" + intTohex(addre, 2);
else
this.Asmcode = this.Asmcode + "81C4" + intTohex(addre, 8);
}
#endregion
#region mov
public void Mov_DWORD_Ptr_EAX_ADD(int addre, int addre1)
{
if ((addre <= 127) && (addre >= -128))
{
this.Asmcode = this.Asmcode + "C740" + intTohex(addre, 2) + intTohex(addre1, 8);
}
else
{
this.Asmcode = this.Asmcode + "C780" + intTohex(addre, 8) + intTohex(addre1, 8);
}
}
public void Mov_DWORD_Ptr_ESP_ADD(int addre,int addre1)
{
if ((addre <= 127) && (addre >= -128))
{
this.Asmcode = this.Asmcode + "C74424" + intTohex(addre, 2)+intTohex(addre1,8);
}
else
{
this.Asmcode = this.Asmcode + "C78424" + intTohex(addre, 8) + intTohex(addre1, 8);
}
}
public void Mov_DWORD_Ptr_ESP_ADD_EAX(int addre)
{
if ((addre <= 127) && (addre >= -128))
{
this.Asmcode = this.Asmcode + "894424" + intTohex(addre, 2);
}
else
{
this.Asmcode = this.Asmcode + "898424" + intTohex(addre, 8);
}
}
public void Mov_DWORD_Ptr_ESP(int addre)
{
this.Asmcode = this.Asmcode + "C70424" + intTohex(addre, 8);
}
public void Mov_DWORD_Ptr_EAX(int addre)
{
this.Asmcode = this.Asmcode + "A3" + intTohex(addre, 8);
}
public void Mov_EBX_DWORD_Ptr(int addre)
{
this.Asmcode = this.Asmcode + "8B1D" + intTohex(addre, 8);
}
public void Mov_ECX_DWORD_Ptr(int addre)
{
this.Asmcode = this.Asmcode + "8B0D" + intTohex(addre, 8);
}
public void Mov_EAX_DWORD_Ptr(int addre)
{
this.Asmcode = this.Asmcode + "A1" + intTohex(addre, 8);
}
public void Mov_EDX_DWORD_Ptr(int addre)
{
this.Asmcode = this.Asmcode + "8B15" + intTohex(addre, 8);
}
public void Mov_ESI_DWORD_Ptr(int addre)
{
this.Asmcode = this.Asmcode + "8B35" + intTohex(addre, 8);
}
public void Mov_ESP_DWORD_Ptr(int addre)
{
this.Asmcode = this.Asmcode + "8B25" + intTohex(addre, 8);
}
public void Mov_EBP_DWORD_Ptr(int addre)
{
this.Asmcode = this.Asmcode + "8B2D" + intTohex(addre, 8);
}
public void Mov_EAX_DWORD_Ptr_EAX(int addre)
{
this.Asmcode = this.Asmcode + "8B00";
}
public void Mov_EAX_DWORD_Ptr_EAX()
{
this.Asmcode = this.Asmcode + "8B00";
}
public void Mov_EAX_DWORD_Ptr_EBP()
{
this.Asmcode = this.Asmcode + "8B4500";
}
public void Mov_EAX_DWORD_Ptr_EBX()
{
this.Asmcode = this.Asmcode + "8B03";
}
public void Mov_EAX_DWORD_Ptr_ECX()
{
this.Asmcode = this.Asmcode + "8B01";
}
public void Mov_EAX_DWORD_Ptr_EDX()
{
this.Asmcode = this.Asmcode + "8B02";
}
public void Mov_EAX_DWORD_Ptr_EDI()
{
this.Asmcode = this.Asmcode + "8B07";
}
public void Mov_EAX_DWORD_Ptr_ESP()
{
this.Asmcode = this.Asmcode + "8B0424";
}
public void Mov_EAX_DWORD_Ptr_ESI()
{
this.Asmcode = this.Asmcode + "8B06";
}
public void Mov_EAX_DWORD_Ptr_EAX_Add(int addre)
{
if ((addre <= 127) && (addre >= -128))
{
this.Asmcode = this.Asmcode + "8B40" + intTohex(addre, 2);
}
else