VB 实现汇编的比较成熟的类 | 雨律在线

VB 实现汇编的比较成熟的类 2/25

使用此类不需要任何第三方软件支持,并且开源~~~
内带两个实例,一个是网游诛仙CALL的注入,还有一个是演示如何操作汇编指令
汇编基础类里基本包含了常用的汇编指令,如果用户觉得不够可以使用OD等有汇编
功能的软件提取机械吗添加类内..

对于那个 clsASM, 我只能说: 很好, 很强大~

使用示例:

Private Declare Sub CopyMemory Lib "kernel32" Alias "RtlMoveMemory" (Destination As Any, Source As Any, ByVal Length As Long)
Function Float2Int(Ans As Single) As Long '浮点转整形
CopyMemory Float2Int, Ans, 4
End Function

Sub Call_RunTO(dx As Single, dy As Single, dz As Single, dm As Long)
Dim asm As New clsASM '自动寻路
With asm ' asm
.Pushad ' pushad
.Mov_EAX_DWORD_Ptr &H90664C ' mov eax,[&H90664C]
.Mov_EAX_DWORD_Ptr_EAX_Add &H8 ' mov eax,[eax+&H8]
.Mov_EAX_DWORD_Ptr_EAX_Add &H88 ' mov eax,[eax+&H88]
.Push dm ' mov eax,[base]
.Mov_EAX Float2Int(dx) ' mov eax, x
.Mov_DWORD_Ptr_EAX &H908A88 ' mov [&H908a88], eax
.Mov_EAX Float2Int(dz) ' mov eax, z
.Mov_DWORD_Ptr_EAX &H908A8C ' mov [&H908a8c], eax
.Mov_EAX Float2Int(dy) ' mov eax, y
.Mov_DWORD_Ptr_EAX &H908A90 ' mov [&H908a90], eax
.Mov_EAX_DWORD_Ptr &H90664C ' mov eax, dword ptr [&H90664C]
.Mov_EAX_DWORD_Ptr_EAX_Add &H28 ' mov eax, dword ptr [eax+&H28]
.Lea_EAX_DWORD_EAX_Add &H3C ' lea eax, dword ptr [eax+&H3c]
.Push &H908A88 ' push &H908a88
.Push_EAX ' PUSH eax
.Mov_ECX &H902AF0 ' mov ecx, &H90664C
.Mov_EAX &H42ABF0 ' mov eax, &H42abf0
.Call_EAX ' Call eax
.Popad ' popad
.ret ' ret
End With ' end
asm.Run_ASM h
End Sub

Sub Call_TAB()
Dim asm As New clsASM 'TAB
With asm ' asm
.Pushad ' pushad
.Mov_EAX_DWORD_Ptr &H902B3C ' mov eax,dword ptr ds:[&H902b3c]
.Mov_EAX_DWORD_Ptr_EAX_Add &H1C ' mov eax,dword ptr ds:[eax+&H1c]
.Mov_EAX_DWORD_Ptr_EAX_Add &H28 ' mov eax,dword ptr ds:[eax+&H28]
.Mov_ECX_EAX ' mov ecx, eax;
.Push 0 ' push 0
.Mov_EBX &H45F590 ' mov ebx,&H45F59
.Call_EBX ' call EBX
.Popad ' popad
.Ret
End With ' end
asm.Run_ASM h
End Sub

Sub Call_Attack()
Dim asm As New clsASM '普通攻击
With asm ' asm
.Pushad ' pushad
.Mov_EAX &H5A1F70 ' Mov EAX,&H5A2170
.Call_EAX ' call pointer(eax)
.Popad ' popad
.Ret
End With ' end
asm.Run_ASM h
End Sub


以下为 clsASM.cls 内容:

Option Explicit
Private Decla
re Function CloseHandle Lib "kernel32" (ByVal hObject As Long) As Long
Private Declare Function WriteProcessMemory Lib "kernel32" (ByVal hProcess As Long, ByVal lpBaseAddress As Any, lpBuffer As Any, ByVal nSize As Long, lpNumberOfBytesWritten As Long) As Long
Private Declare Function CreateRemoteThread Lib "kernel32" (ByVal hProcess As Long, lpThreadAttributes As Any, ByVal dwStackSize As Long, lpStartAddress As Long, lpParameter As Any, ByVal dwCreationFlags As Long, lpThreadId As Long) As Long
Private Declare Function VirtualFreeEx Lib "kernel32" (ByVal hProcess As Long, lpAddress As Any, ByVal dwSize As Long, ByVal dwFreeType As Long) As Long
Private Declare Function VirtualAllocEx Lib "kernel32" (ByVal hProcess As Long, lpAddress As Any, ByVal dwSize As Long, ByVal flAllocationType As Long, ByVal flProtect As Long) As Long
Private Declare Function CallWindowProc Lib "user32" Alias "CallWindowProcA" (ByVal lpPrevWndFunc As Long, ByVal hWnd As Long, ByVal Msg As Long, ByVal wParam As Long, ByVal lParam As Long) As Long
Private Declare Function OpenProcess Lib "kernel32" (ByVal dwDesiredAccess As Long, ByVal bInheritHandle As Long, ByVal dwProcessId As Long) As Long

Const PAGE_EXECUTE_READWRITE = &H40
Const MEM_COMMIT = &H1000
Const MEM_RELEASE = &H8000
Const MEM_DECOMMIT = &H4000
Const PROCESS_ALL_ACCESS = &H1F0FFF
Dim OPcode As String

Function Get_Result() As String
Dim i As Long
ReDim AsmCode(Len(OPcode) / 2 - 1) As Byte
For i = 0 To UBound(AsmCode)
AsmCode(i) = CByte("&H" & Mid(OPcode, i * 2 + 1, 2))
Next
Get_Result = CallWindowProc(VarPtr(AsmCode(0)), 0, 0, 0, 0)
End Function

Function Get_Code() As String
Get_Code = OPcode
End Function

Function Run_ASM(pid As Long) As Long
Dim i As Long, tmp_Addr As Long, RThwnd As Long, h As Long
ReDim AsmCode(Len(OPcode) / 2 - 1) As Byte
For i = 0 To UBound(AsmCode)
AsmCode(i) = CByte("&H" & Mid(OPcode, i * 2 + 1, 2))
Next
h = OpenProcess(PROCESS_ALL_ACCESS, False, pid)
tmp_Addr = VirtualAllocEx(h, ByVal 0&, UBound(AsmCode) + 1, MEM_COMMIT, PAGE_EXECUTE_READWRITE)
WriteProcessMemory h, ByVal tmp_Addr, ByVal VarPtr(AsmCode(0)), UBound(AsmCode) + 1, ByVal 0&
RThwnd = CreateRemoteThread(h, ByVal 0&, 0, ByVal tmp_Addr, ByVal 0&, ByVal 0&, ByVal 0&)
VirtualFreeEx h, tmp_Addr, UBound(AsmCode) + 1, MEM_RELEASE
CloseHandle RThwnd
CloseHandle h

OPcode = ""
End Function

Function Int2Hex(Value As Long, n As Long) As String '高地位互换
Dim tmp1 As String, tmp2 As String, i As Long
tmp1 = Right("0000000" + Hex(Value), n)
For i = 0 To Len(tmp1) / 2 - 1
tmp2 = tmp2 + Mid(tmp1, Len(tmp1) - 1 - 2 * i, 2)
Next i
Int2Hex = tmp2
End Function

Function Leave() As Long
OPcode = OPcode + "C9"
End Function

Function Pushad() As Long
OPcode = OPcode + "60"
End Function

Function Popad() As Long
OPcode = OPcode + "61"
End Function

Function Nop() As Long
OPcode = OPcode + "90"
End Function

Function Ret() As Long
OPcode = OPcode + "C3"
End Function

Function RetA(i As Long) As Long
OPcode = OPcode + Int2Hex(i, 4)
End Function

Function IN_AL_DX() As Long
OPcode = OPcode + "EC"
End Function

Function TEST_EAX_EAX() As Long
OPcode = OPcode + "85C0"
End Function

'Add
'+++++++++++++++++++++++++++++++++++
Function Add_EAX_EDX() As Long
OPcode = OPcode + "03C2"
End Function

Function Add_EBX_EAX() As Long
OPcode = OPcode + "03D8"
End Function

Function Add_EAX_DWORD_Ptr(i As Long) As Long
OPcode = OPcode + "0305" + Int2Hex(i, 8)
End Function

Function Add_EBX_DWORD_Ptr(i As Long) As Long
OPcode = OPcode + "031D" + Int2Hex(i, 8)
End Function

Function Add_EBP_DWORD_Ptr(i As Long) As Long
OPcode = OPcode + "032D" + Int2Hex(i, 8)
End Function

Function Add_EAX(i As Long) As Long
OPcode = OPcode + "05" + Int2Hex(i, 8)
End Function

Function Add_EBX(i As Long) As Long
OPcode = OPcode + "83C3" + Int2Hex(i, 8)
End Function

Function Add_ECX(i As Long) As Long
OPcode = OPcode + "83C1" + Int2Hex(i, 8)
End Function

Function Add_EDX(i As Long) As Long
OPcode = OPcode + "83C2" + Int2Hex(i, 8)
End Function

Function Add_ESI(i As Long) As Long
OPcode = OPcode + "83C6" + Int2Hex(i, 8)
End Function

Function Add_ESP(i As Long) As Long
OPcode = OPcode + "83C4" + Int2Hex(i, 8)
End Function

'Call
'+++++++++++++++++++++++++++++++++++
Function Call_EAX() As Long
OPcode = OPcode + "FFD0"
End Function

Function Call_EBX() As Long
OPcode = OPcode + "FFD3"
End Function

Function Call_ECX() As Long
OPcode = OPcode + "FFD1"
End Function

Function Call_EDX() As Long
OPcode = OPcode + "FFD2"
End Function

Function Call_ESI() As Long
OPcode = OPcode + "FFD2"
End Function

Function Call_ESP() As Long
OPcode = OPcode + "FFD4"
End Function

Function Call_EBP() As Long
OPcode = OPcode + "FFD5"
End Function

Function Call_EDI() As Long
OPcode = OPcode + "FFD7"
End Function

Function Call_DWORD_Ptr(i As Long) As Long
OPcode = OPcode + "FF15" + Int2Hex(i, 8)
End Function

Function Call_DWORD_Ptr_EAX() As Long
OPcode = OPcode + "FF10"
End Function

Function Call_DWORD_Ptr_EBX() As Long
OPcode = OPcode + "FF13"
End Function

'Cmp
'+++++++++++++++++++++++++++++++++++
Function Cmp_EAX(i As Long) As Long
If i <= 255 Then
OPcode = OPcode + "83F8" + Int2Hex(i, 2)
Else
OPcode = OPcode + "3D" + Int2Hex(i, 8)
End If
End Function

Function Cmp_EAX_EDX() As Long
OPcode = OPcode + "3BC2"
End Function

Function Cmp_EAX_DWORD_Ptr(i As Long) As Long
OPcode = OPcode + "3B05" + Int2Hex(i, 8)
End Function

Function Cmp_DWORD_Ptr_EAX(i As Long) As Long
OPcode = OPcode + "3905" + Int2Hex(i, 8)
End Function

'DEC
'+++++++++++++++++++++++++++++++++++
Function Dec_EAX() As Long
OPcode = OPcode + "48"
End Function

Function Dec_EBX() As Long
OPcode = OPcode + "4B"
End Function

Function Dec_ECX() As Long
OPcode = OPcode + "49"
End Function

Function Dec_EDX() As Long
OPcode = OPcode + "4A"
End Function

'Idiv
'+++++++++++++++++++++++++++++++++++
Function Idiv_EAX() As Long
OPcode = OPcode + "F7F8"
End Function

Function Idiv_EBX() As Long
OPcode = OPcode + "F7FB"
End Function

Function Idiv_ECX() As Long
OPcode = OPcode + "F7F9"
End Function

Function Idiv_EDX() As Long
OPcode = OPcode + "F7FA"
End Function

'Imul
'+++++++
++++++++++++++++++++++++++++
Function Imul_EAX_EDX() As Long
OPcode = OPcode + "0FAFC2"
End Function

Function Imul_EAX(i As Long) As Long
OPcode = OPcode + "6BC0" + Int2Hex(i, 2)
End Function

Function ImulB_EAX(i As Long) As Long
OPcode = OPcode + "69C0" + Int2Hex(i, 8)
End Function

'INC
'+++++++++++++++++++++++++++++++++++
Function Inc_EAX() As Long
OPcode = OPcode + "40"
End Function

Function Inc_EBX() As Long
OPcode = OPcode + "43"
End Function

Function Inc_ECX() As Long
OPcode = OPcode + "41"
End Function

Function Inc_EDX() As Long
OPcode = OPcode + "42"
End Function

Function Inc_EDI() As Long
OPcode = OPcode + "47"
End Function

Function Inc_ESI() As Long
OPcode = OPcode + "46"
End Function

Function Inc_DWORD_Ptr_EAX() As Long
OPcode = OPcode + "FF00"
End Function

Function Inc_DWORD_Ptr_EBX() As Long
OPcode = OPcode + "FF03"
End Function

Function Inc_DWORD_Ptr_ECX() As Long
OPcode = OPcode + "FF01"
End Function

Function Inc_DWORD_Ptr_EDX() As Long
OPcode = OPcode + "FF02"
End Function

'JMP/JE/JNE
'+++++++++++++++++++++++++++++++++++
Function JMP_EAX() As Long
OPcode = OPcode + "FFE0"
End Function

'Mov
Function Mov_DWORD_Ptr_EAX(i As Long) As Long
OPcode = OPcode + "A3" + Int2Hex(i, 8)
End Function

Function Mov_EAX(i As Long) As Long
OPcode = OPcode + "B8" + Int2Hex(i, 8)
End Function

Function Mov_EBX(i As Long) As Long
OPcode = OPcode + "BB" + Int2Hex(i, 8)
End Function

Function Mov_ECX(i As Long) As Long
OPcode = OPcode + "B9" + Int2Hex(i, 8)
End Function

Function Mov_EDX(i As Long) As Long
OPcode = OPcode + "BA" + Int2Hex(i, 8)
End Function

Function Mov_ESI(i As Long) As Long
OPcode = OPcode + "BE" + Int2Hex(i, 8)
End Function

Function Mov_ESP(i As Long) As Long
OPcode = OPcode + "BC" + Int2Hex(i, 8)
End Function

Function Mov_EBP(i As Long) As Long
OPcode = OPcode + "BD" + Int2Hex(i, 8)
End Function

Function Mov_EDI(i As Long) As Long
OPcode = OPcode + "BF" + Int2Hex(i, 8)
End Function

Function Mov_EBX_DWORD_Ptr(i As Long) As Long
OPcode = OPcode + "8B1D" + Int2Hex(i, 8)
End Function

Function Mov_ECX_DWORD_Ptr(i As Long) As Long
OPcode = OPcode + "8B0D" + Int2Hex(i, 8)
End Function

Function Mov_EAX_DWORD_Ptr(i As Long) As Long
OPcode = OPcode + "A1" + Int2Hex(i, 8)
End Function

Function Mov_EDX_DWORD_Ptr(i As Long) As Long
OPcode = OPcode + "8B15" + Int2Hex(i, 8)
End Function

Function Mov_ESI_DWORD_Ptr(i As Long) As Long
OPcode = OPcode + "8B35" + Int2Hex(i, 8)
End Function

Function Mov_ESP_DWORD_Ptr(i As Long) As Long
OPcode = OPcode + "8B25" + Int2Hex(i, 8)
End Function

Function Mov_EBP_DWORD_Ptr(i As Long) As Long
OPcode = OPcode + "8B2D" + Int2Hex(i, 8)
End Function

Function Mov_EAX_DWORD_Ptr_EAX() As Long
OPcode = OPcode + "8B00"
End Function

Function Mov_EAX_DWORD_Ptr_EBP() As Long
OPcode = OPcode + "8B4500"
End Function

Function Mov_EAX_DWORD_Ptr_EBX() As Long
OPcode = OPcode + "8B03"
End Function

Function Mov_EAX_DWORD_Ptr_ECX() As Long
OPcode = OPcode + "8B01"
End Function

Function Mov_EAX_DWORD_Ptr_EDX() As Long
OPcode = OPcode + "8B02"
End Function

Function Mov_EAX_DWORD_Ptr_EDI() As Long
OPcode = OPcode + "8B07"
End Function

Function Mov_EAX_DWORD_Ptr_ESP() As Long
OPcode = OPcode + "8B0424"
End Function

Function Mov_EAX_DWORD_Ptr_ESI() As Long
OPcode = OPcode + "8B06"
End Function

Function Mov_EAX_DWORD_Ptr_EAX_Add(i As Long) As Long
If i <= 255 Then
OPcode = OPcode + "8B40" + Int2Hex(i, 2)
Else
OPcode = OPcode + "8B80" + Int2Hex(i, 8)
End If
End Function

Function Mov_EAX_DWORD_Ptr_ESP_Add(i As Long) As Long
If i <= 255 Then
OPcode = OPcode + "8B4424" + Int2Hex(i, 2)
Else
OPcode = OPcode + "8B8424" + Int2Hex(i, 8)
End If
End Function

Function Mov_EAX_DWORD_Ptr_EBX_Add(i As Long) As Long
If i <= 255 Then
OPcode = OPcode + "8B43" + Int2Hex(i, 2)
Else
OPcode = OPcode + "8B83" + Int2Hex(i, 8)
End If
End Function

Function Mov_EAX_DWORD_Ptr_ECX_Add(i As Long) As Long
If i <= 255 Then
OPcode = OPcode + "8B41" + Int2Hex(i, 2)
Else
OPcode = OPcode + "8B81" + Int2Hex(i, 8)
End If
End Function

Function Mov_EAX_DWORD_Ptr_EDX_Add(i As Long) As Long
If i <= 255 Then
OPcode = OPcode + "8B42" + Int2Hex(i, 2)
Else
OPcode = OPcode + "8B82" + Int2Hex(i, 8)
End If
End Function

Function Mov_EAX_DWORD_Ptr_EDI_Add(i As Long) As Long
If i <= 255 Then
OPcod
e = OPcode + "8B47" + Int2Hex(i, 2)
Else
OPcode = OPcode + "8B87" + Int2Hex(i, 8)
End If
End Function

Function Mov_EAX_DWORD_Ptr_EBP_Add(i As Long) As Long
If i <= 255 Then
OPcode = OPcode + "8B45" + Int2Hex(i, 2)
Else
OPcode = OPcode + "8B85" + Int2Hex(i, 8)
End If
End Function

Function Mov_EAX_DWORD_Ptr_ESI_Add(i As Long) As Long
If i <= 255 Then
OPcode = OPcode + "8B46" + Int2Hex(i, 2)
Else
OPcode = OPcode + "8B86" + Int2Hex(i, 8)
End If
End Function

Function Mov_EBX_DWORD_Ptr_EAX_Add(i As Long) As Long
If i <= 255 Then
OPcode = OPcode + "8B58" + Int2Hex(i, 2)
Else
OPcode = OPcode + "8B98" + Int2Hex(i, 8)
End If
End Function

Function Mov_EBX_DWORD_Ptr_ESP_Add(i As Long) As Long
If i <= 255 Then
OPcode = OPcode + "8B5C24" + Int2Hex(i, 2)
Else
OPcode = OPcode + "8B9C24" + Int2Hex(i, 8)
End If
End Function

Function Mov_EBX_DWORD_Ptr_EBX_Add(i As Long) As Long
If i <= 255 Then
OPcode = OPcode + "8B5B" + Int2Hex(i, 2)
Else
OPcode = OPcode + "8B9B" + Int2Hex(i, 8)
End If
End Function

Function Mov_EBX_DWORD_Ptr_ECX_Add(i As Long) As Long
If i <= 255 Then
OPcode = OPcode + "8B59" + Int2Hex(i, 2)
Else
OPcode = OPcode + "8B99" + Int2Hex(i, 8)
End If
End Function

Function Mov_EBX_DWORD_Ptr_EDX_Add(i As Long) As Long
If i <= 255 Then
OPcode = OPcode + "8B5A" + Int2Hex(i, 2)
Else
OPcode = OPcode + "8B9A" + Int2Hex(i, 8)
End If
End Function

Function Mov_EBX_DWORD_Ptr_EDI_Add(i As Long) As Long
If i <= 255 Then
OPcode = OPcode + "8B5F" + Int2Hex(i, 2)
Else
OPcode = OPcode + "8B9F" + Int2Hex(i, 8)
End If
End Function

Function Mov_EBX_DWORD_Ptr_EBP_Add(i As Long) As Long
If i <= 255 Then
OPcode = OPcode + "8B5D" + Int2Hex(i, 2)
Else
OPcode = OPcode + "8B9D" + Int2Hex(i, 8)
End If
End Function

Function Mov_EBX_DWORD_Ptr_ESI_Add(i As Long) As Long
If i <= 255 Then
OPcode = OPcode + "8B5E" + Int2Hex(i, 2)
Else
OPcode = OPcode + "8B9E" + Int2Hex(i, 8)
End If
End Function

Function Mov_ECX_DWORD_Ptr_EAX_Add(i As Long "#000000">) As Long
If i <= 255 Then
OPcode = OPcode + "8B48" + Int2Hex(i, 2)
Else
OPcode = OPcode + "8B88" + Int2Hex(i, 8)
End If
End Function

Function Mov_ECX_DWORD_Ptr_ESP_Add(i As Long) As Long
If i <= 255 Then
OPcode = OPcode + "8B4C24" + Int2Hex(i, 2)
Else
OPcode = OPcode + "8B8C24" + Int2Hex(i, 8)
End If
End Function

Function Mov_ECX_DWORD_Ptr_EBX_Add(i As Long) As Long
If i <= 255 Then
OPcode = OPcode + "8B4B" + Int2Hex(i, 2)
Else
OPcode = OPcode + "8B8B" + Int2Hex(i, 8)
End If
End Function

Function Mov_ECX_DWORD_Ptr_ECX_Add(i As Long) As Long
If i <= 255 Then
OPcode = OPcode + "8B49" + Int2Hex(i, 2)
Else
OPcode = OPcode + "8B89" + Int2Hex(i, 8)
End If
End Function

Function Mov_ECX_DWORD_Ptr_EDX_Add(i As Long) As Long
If i <= 255 Then
OPcode = OPcode + "8B4A" + Int2Hex(i, 2)
Else
OPcode = OPcode + "8B8A" + Int2Hex(i, 8)
End If
End Function

Function Mov_ECX_DWORD_Ptr_EDI_Add(i As Long) As Long
If i <= 255 Then
OPcode = OPcode + "8B4F" + Int2Hex(i, 2)
Else
OPcode = OPcode + "8B8F" + Int2Hex(i, 8)
End If
End Function

Function Mov_ECX_DWORD_Ptr_EBP_Add(i As Long) As Long
If i <= 255 Then
OPcode = OPcode + "8B4D" + Int2Hex(i, 2)
Else
OPcode = OPcode + "8B8D" + Int2Hex(i, 8)
End If
End Function

Function Mov_ECX_DWORD_Ptr_ESI_Add(i As Long) As Long
If i <= 255 Then
OPcode = OPcode + "8B4E" + Int2Hex(i, 2)
Else
OPcode = OPcode + "8B8E" + Int2Hex(i, 8)
End If
End Function

Function Mov_EDX_DWORD_Ptr_EAX_Add(i As Long) As Long
If i <= 255 Then
OPcode = OPcode + "8B50" + Int2Hex(i, 2)
Else
OPcode = OPcode + "8B90" + Int2Hex(i, 8)
End If
End Function

Function Mov_EDX_DWORD_Ptr_ESP_Add(i As Long) As Long
If i <= 255 Then
OPcode = OPcode + "8B5424" + Int2Hex(i, 2)
Else
OPcode = OPcode + "8B9424" + Int2Hex(i, 8)
End If
End Function

Function Mov_EDX_DWORD_Ptr_EBX_Add(i As Long) As Long
If i <= 255 Then
OPcode = OPcode + "8B53" + Int2Hex(i, 2)
Else
OPcode = OPcode + "8B93" + Int2Hex(i, 8 "#000000">)
End If
End Function

Function Mov_EDX_DWORD_Ptr_ECX_Add(i As Long) As Long
If i <= 255 Then
OPcode = OPcode + "8B51" + Int2Hex(i, 2)
Else
OPcode = OPcode + "8B91" + Int2Hex(i, 8)
End If
End Function

Function Mov_EDX_DWORD_Ptr_EDX_Add(i As Long) As Long
If i <= 255 Then
OPcode = OPcode + "8B52" + Int2Hex(i, 2)
Else
OPcode = OPcode + "8B92" + Int2Hex(i, 8)
End If
End Function

Function Mov_EDX_DWORD_Ptr_EDI_Add(i As Long) As Long
If i <= 255 Then
OPcode = OPcode + "8B57" + Int2Hex(i, 2)
Else
OPcode = OPcode + "8B97" + Int2Hex(i, 8)
End If
End Function

Function Mov_EDX_DWORD_Ptr_EBP_Add(i As Long) As Long
If i <= 255 Then
OPcode = OPcode + "8B55" + Int2Hex(i, 2)
Else
OPcode = OPcode + "8B95" + Int2Hex(i, 8)
End If
End Function

Function Mov_EDX_DWORD_Ptr_ESI_Add(i As Long) As Long
If i <= 255 Then
OPcode = OPcode + "8B56" + Int2Hex(i, 2)
Else
OPcode = OPcode + "8B96" + Int2Hex(i, 8)
End If
End Function

Function Mov_EBX_DWORD_Ptr_EAX() As Long
OPcode = OPcode + "8B18"
End Function

Function Mov_EBX_DWORD_Ptr_EBP() As Long
OPcode = OPcode + "8B5D00"
End Function

Function Mov_EBX_DWORD_Ptr_EBX() As Long
OPcode = OPcode + "8B1B"
End Function

Function Mov_EBX_DWORD_Ptr_ECX() As Long
OPcode = OPcode + "8B19"
End Function

Function Mov_EBX_DWORD_Ptr_EDX() As Long
OPcode = OPcode + "8B1A"
End Function

Function Mov_EBX_DWORD_Ptr_EDI() As Long
OPcode = OPcode + "8B1F"
End Function

Function Mov_EBX_DWORD_Ptr_ESP() As Long
OPcode = OPcode + "8B1C24"
End Function

Function Mov_EBX_DWORD_Ptr_ESI() As Long
OPcode = OPcode + "8B1E"
End Function
Function Mov_ECX_DWORD_Ptr_EAX() As Long
OPcode = OPcode + "8B08"
End Function

Function Mov_ECX_DWORD_Ptr_EBP() As Long
OPcode = OPcode + "8B4D00"
End Function

Function Mov_ECX_DWORD_Ptr_EBX() As Long
OPcode = OPcode + "8B0B"
End Function

Function Mov_ECX_DWORD_Ptr_ECX() As Long
OPcode = OPcode + "8B09"
End Function

Function Mov_ECX_DWORD_Ptr_EDX() As Long
OPcode = OPcode + "8B0A"
End Function

Function Mov_ECX_DWORD_Ptr_EDI() As Long
OPcode = OPcode + "8B0F"
End Function

Function Mov_ECX_DWORD_Ptr_ESP() As Long
OPcode = OPcode + "8B0C24"
End Function

Function Mov_ECX_DWORD_Ptr_ESI() As Long
OPcode = OPcode + "8B0E"
End Function

Function Mov_EDX_DWORD_Ptr_EAX() As Long
OPcode = OPcode + "8B10"
End Function

Function Mov_EDX_DWORD_Ptr_EBP() As Long
OPcode = OPcode + "8B5500"
 t color="#0000FF">End Function

Function Mov_EDX_DWORD_Ptr_EBX() As Long
OPcode = OPcode + "8B13"
End Function

Function Mov_EDX_DWORD_Ptr_ECX() As Long
OPcode = OPcode + "8B11"
End Function

Function Mov_EDX_DWORD_Ptr_EDX() As Long
OPcode = OPcode + "8B12"
End Function

Function Mov_EDX_DWORD_Ptr_EDI() As Long
OPcode = OPcode + "8B17"
End Function

Function Mov_EDX_DWORD_Ptr_ESI() As Long
OPcode = OPcode + "8B16"
End Function

Function Mov_EDX_DWORD_Ptr_ESP() As Long
OPcode = OPcode + "8B1424"
End Function

Function Mov_EAX_EBP() As Long
OPcode = OPcode + "8BC5"
End Function

Function Mov_EAX_EBX() As Long
OPcode = OPcode + "8BC3"
End Function

Function Mov_EAX_ECX() As Long
OPcode = OPcode + "8BC1"
End Function

Function Mov_EAX_EDI() As Long
OPcode = OPcode + "8BC7"
End Function

Function Mov_EAX_EDX() As Long
OPcode = OPcode + "8BC2"
End Function

Function Mov_EAX_ESI() As Long
OPcode = OPcode + "8BC6"
End Function

Function Mov_EAX_ESP() As Long
OPcode = OPcode + "8BC4"
End Function

Function Mov_EBX_EBP() As Long
OPcode = OPcode + "8BDD"
End Function

Function Mov_EBX_EAX() As Long
OPcode = OPcode + "8BD8"
End Function

Function Mov_EBX_ECX() As Long
OPcode = OPcode + "8BD9"
End Function

Function Mov_EBX_EDI() As Long
OPcode = OPcode + "8BDF"
End Function

Function Mov_EBX_EDX() As Long
OPcode = OPcode + "8BDA"
End Function

Function Mov_EBX_ESI() As Long
OPcode = OPcode + "8BDE"
End Function

Function Mov_EBX_ESP() As Long
OPcode = OPcode + "8BDC"
End Function

Function Mov_ECX_EBP() As Long
OPcode = OPcode + "8BCD"
End Function

Function Mov_ECX_EAX() As Long
OPcode = OPcode + "8BC8"
End Function

Function Mov_ECX_EBX() As Long
OPcode = OPcode + "8BCB"
End Function

Function Mov_ECX_EDI() As Long
OPcode = OPcode + "8BCF"
End Function

Function Mov_ECX_EDX() As Long
OPcode = OPcode + "8BCA"
End Function

Function Mov_ECX_ESI() As Long
OPcode = OPcode + "8BCE"
End Function

Function Mov_ECX_ESP() As Long
OPcode = OPcode + "8BCC"
End Function

Function Mov_EDX_EBP() As Long
OPcode = OPcode + "8BD5"
End Function

Function Mov_EDX_EBX() As Long
OPcode = OPcode + "8BD3"
End Function

Function Mov_EDX_ECX() As Long
OPcode = OPcode + "8BD1"
End Function

Function Mov_EDX_EDI() As Long
OPcode = OPcode + "8BD7"
End Function

Function Mov_EDX_EAX() As Long
OPcode = OPcode + "8BD0"
End Function

Function Mov_EDX_ESI() As Long
OPcode = OPcode + "8BD6"
End Function

Function Mov_EDX_ESP() As Long
OPcode = OPcode + "8BD4"
End Function

Function Mov_ESI_EBP() As Long
OPcode = OPcode + "8BF5"
End Function

Func
tion Mov_ESI_EBX() As Long
OPcode = OPcode + "8BF3"
End Function

Function Mov_ESI_ECX() As Long
OPcode = OPcode + "8BF1"
End Function

Function Mov_ESI_EDI() As Long
OPcode = OPcode + "8BF7"
End Function

Function Mov_ESI_EAX() As Long
OPcode = OPcode + "8BF0"
End Function

Function Mov_ESI_EDX() As Long
OPcode = OPcode + "8BF2"
End Function

Function Mov_ESI_ESP() As Long
OPcode = OPcode + "8BF4"
End Function

Function Mov_ESP_EBP() As Long
OPcode = OPcode + "8BE5"
End Function

Function Mov_ESP_EBX() As Long
OPcode = OPcode + "8BE3"
End Function

Function Mov_ESP_ECX() As Long
OPcode = OPcode + "8BE1"
End Function

Function Mov_ESP_EDI() As Long
OPcode = OPcode + "8BE7"
End Function

Function Mov_ESP_EAX() As Long
OPcode = OPcode + "8BE0"
End Function

Function Mov_ESP_EDX() As Long
OPcode = OPcode + "8BE2"
End Function

Function Mov_ESP_ESI() As Long
OPcode = OPcode + "8BE6"
End Function

Function Mov_EDI_EBP() As Long
OPcode = OPcode + "8BFD"
End Function

Function Mov_EDI_EAX() As Long
OPcode = OPcode + "8BF8"
End Function

Function Mov_EDI_EBX() As Long
OPcode = OPcode + "8BFB"
End Function

Function Mov_EDI_ECX() As Long
OPcode = OPcode + "8BF9"
End Function

Function Mov_EDI_EDX() As Long
OPcode = OPcode + "8BFA"
End Function

Function Mov_EDI_ESI() As Long
OPcode = OPcode + "8BFE"
End Function

Function Mov_EDI_ESP() As Long
OPcode = OPcode + "8BFC"
End Function
Function Mov_EBP_EDI() As Long
OPcode = OPcode + "8BDF"
End Function

Function Mov_EBP_EAX() As Long
OPcode = OPcode + "8BE8"
End Function

Function Mov_EBP_EBX() As Long
OPcode = OPcode + "8BEB"
End Function

Function Mov_EBP_ECX() As Long
OPcode = OPcode + "8BE9"
End Function

Function Mov_EBP_EDX() As Long
OPcode = OPcode + "8BEA"
End Function

Function Mov_EBP_ESI() As Long
OPcode = OPcode + "8BEE"
End Function

Function Mov_EBP_ESP() As Long
OPcode = OPcode + "8BEC"
End Function
'Push
'+++++++++++++++++++++++++++++++++++
Function Push(i As Long) As Long
'If i <= 255 Then
'OPcode = OPcode + "6A" + Int2Hex(i, 2)
'Else
OPcode = OPcode + "68" + Int2Hex(i, 8)
'End If
End Function

Function Push_DWORD_Ptr(i As Long) As Long
OPcode = OPcode + "FF35" + Int2Hex(i, 8)
End Function

Function Push_EAX() As Long
OPcode = OPcode + "50"
End Function

Function Push_ECX() As Long
OPcode = OPcode + "51"
End Function

Function Push_EDX() As Long
OPcode = OPcode + "52"
End Function

Function Push_EBX() As Long
OPcode = OPcode + "53"
End Function
Function ont color="#000000">Push_ESP() As Long
OPcode = OPcode + "54"
End Function

Function Push_EBP() As Long
OPcode = OPcode + "55"
End Function

Function Push_ESI() As Long
OPcode = OPcode + "56"
End Function

Function Push_EDI() As Long
OPcode = OPcode + "57"
End Function
'LEA
Function Lea_EAX_DWORD_Ptr_EAX_Add(i As Long) As Long
If i <= 255 Then
OPcode = OPcode + "8D40" + Int2Hex(i, 2)
Else
OPcode = OPcode + "8D80" + Int2Hex(i, 8)
End If
End Function

Function Lea_EAX_DWORD_Ptr_EBX_Add(i As Long) As Long
If i <= 255 Then
OPcode = OPcode + "8D43" + Int2Hex(i, 2)
Else
OPcode = OPcode + "8D83" + Int2Hex(i, 8)
End If
End Function

Function Lea_EAX_DWORD_Ptr_ECX_Add(i As Long) As Long
If i <= 255 Then
OPcode = OPcode + "8D41" + Int2Hex(i, 2)
Else
OPcode = OPcode + "8D81" + Int2Hex(i, 8)
End If
End Function

Function Lea_EAX_DWORD_Ptr_EDX_Add(i As Long) As Long
If i <= 255 Then
OPcode = OPcode + "8D42" + Int2Hex(i, 2)
Else
OPcode = OPcode + "8D82" + Int2Hex(i, 8)
End If
End Function

Function Lea_EAX_DWORD_Ptr_ESI_Add(i As Long) As Long
If i <= 255 Then
OPcode = OPcode + "8D46" + Int2Hex(i, 2)
Else
OPcode = OPcode + "8D86" + Int2Hex(i, 8)
End If
End Function

Function Lea_EAX_DWORD_Ptr_ESP_Add(i As Long) As Long
If i <= 255 Then
OPcode = OPcode + "8D40" + Int2Hex(i, 2)
Else
OPcode = OPcode + "8D80" + Int2Hex(i, 8)
End If
End Function

Function Lea_EAX_DWORD_Ptr_EBP_Add(i As Long) As Long
If i <= 255 Then
OPcode = OPcode + "8D4424" + Int2Hex(i, 2)
Else
OPcode = OPcode + "8D8424" + Int2Hex(i, 8)
End If
End Function

Function Lea_EAX_DWORD_Ptr_EDI_Add(i As Long) As Long
If i <= 255 Then
OPcode = OPcode + "8D47" + Int2Hex(i, 2)
Else
OPcode = OPcode + "8D87" + Int2Hex(i, 8)
End If
End Function

Function Lea_EBX_DWORD_Ptr_EAX_Add(i As Long) As Long
If i <= 255 Then
OPcode = OPcode + "8D58" + Int2Hex(i, 2)
Else
OPcode = OPcode + "8D98" + Int2Hex(i, 8)
End If
End Function

Function Lea_EBX_DWORD_Ptr_ESP_Add(i As Long) As Long
If i <= 255 Then
OPcode = OPcode + "8D5C24" olor="#000000">+ Int2Hex(i, 2)
Else
OPcode = OPcode + "8D9C24" + Int2Hex(i, 8)
End If
End Function

Function Lea_EBX_DWORD_Ptr_EBX_Add(i As Long) As Long
If i <= 255 Then
OPcode = OPcode + "8D5B" + Int2Hex(i, 2)
Else
OPcode = OPcode + "8D9B" + Int2Hex(i, 8)
End If
End Function

Function Lea_EBX_DWORD_Ptr_ECX_Add(i As Long) As Long
If i <= 255 Then
OPcode = OPcode + "8D59" + Int2Hex(i, 2)
Else
OPcode = OPcode + "8D99" + Int2Hex(i, 8)
End If
End Function

Function Lea_EBX_DWORD_Ptr_EDX_Add(i As Long) As Long
If i <= 255 Then
OPcode = OPcode + "8D5A" + Int2Hex(i, 2)
Else
OPcode = OPcode + "8D9A" + Int2Hex(i, 8)
End If
End Function

Function Lea_EBX_DWORD_Ptr_EDI_Add(i As Long) As Long
If i <= 255 Then
OPcode = OPcode + "8D5F" + Int2Hex(i, 2)
Else
OPcode = OPcode + "8D9F" + Int2Hex(i, 8)
End If
End Function

Function Lea_EBX_DWORD_Ptr_EBP_Add(i As Long) As Long
If i <= 255 Then
OPcode = OPcode + "8D5D" + Int2Hex(i, 2)
Else
OPcode = OPcode + "8D9D" + Int2Hex(i, 8)
End If
End Function

Function Lea_EBX_DWORD_Ptr_ESI_Add(i As Long) As Long
If i <= 255 Then
OPcode = OPcode + "8D5E" + Int2Hex(i, 2)
Else
OPcode = OPcode + "8D9E" + Int2Hex(i, 8)
End If
End Function

Function Lea_ECX_DWORD_Ptr_EAX_Add(i As Long) As Long
If i <= 255 Then
OPcode = OPcode + "8D48" + Int2Hex(i, 2)
Else
OPcode = OPcode + "8D88" + Int2Hex(i, 8)
End If
End Function

Function Lea_ECX_DWORD_Ptr_ESP_Add(i As Long) As Long
If i <= 255 Then
OPcode = OPcode + "8D4C24" + Int2Hex(i, 2)
Else
OPcode = OPcode + "8D8C24" + Int2Hex(i, 8)
End If
End Function

Function Lea_ECX_DWORD_Ptr_EBX_Add(i As Long) As Long
If i <= 255 Then
OPcode = OPcode + "8D4B" + Int2Hex(i, 2)
Else
OPcode = OPcode + "8D8B" + Int2Hex(i, 8)
End If
End Function

Function Lea_ECX_DWORD_Ptr_ECX_Add(i As Long) As Long
If i <= 255 Then
OPcode = OPcode + "8D49" + Int2Hex(i, 2)
Else
OPcode = OPcode + "8D89" + Int2Hex(i, 8)
End If
End Function

Function Lea_ECX_DWORD_Ptr_EDX_Add(i As Long) As Long
If t>i <= 255 Then
OPcode = OPcode + "8D4A" + Int2Hex(i, 2)
Else
OPcode = OPcode + "8D8A" + Int2Hex(i, 8)
End If
End Function

Function Lea_ECX_DWORD_Ptr_EDI_Add(i As Long) As Long
If i <= 255 Then
OPcode = OPcode + "8D4F" + Int2Hex(i, 2)
Else
OPcode = OPcode + "8D8F" + Int2Hex(i, 8)
End If
End Function

Function Lea_ECX_DWORD_Ptr_EBP_Add(i As Long) As Long
If i <= 255 Then
OPcode = OPcode + "8D4D" + Int2Hex(i, 2)
Else
OPcode = OPcode + "8D8D" + Int2Hex(i, 8)
End If
End Function

Function Lea_ECX_DWORD_Ptr_ESI_Add(i As Long) As Long
If i <= 255 Then
OPcode = OPcode + "8D4E" + Int2Hex(i, 2)
Else
OPcode = OPcode + "8D8E" + Int2Hex(i, 8)
End If
End Function

Function Lea_EDX_DWORD_Ptr_EAX_Add(i As Long) As Long
If i <= 255 Then
OPcode = OPcode + "8D50" + Int2Hex(i, 2)
Else
OPcode = OPcode + "8D90" + Int2Hex(i, 8)
End If
End Function

Function Lea_EDX_DWORD_Ptr_ESP_Add(i As Long) As Long
If i <= 255 Then
OPcode = OPcode + "8D5424" + Int2Hex(i, 2)
Else
OPcode = OPcode + "8D9424" + Int2Hex(i, 8)
End If
End Function

Function Lea_EDX_DWORD_Ptr_EBX_Add(i As Long) As Long
If i <= 255 Then
OPcode = OPcode + "8D53" + Int2Hex(i, 2)
Else
OPcode = OPcode + "8D93" + Int2Hex(i, 8)
End If
End Function

Function Lea_EDX_DWORD_Ptr_ECX_Add(i As Long) As Long
If i <= 255 Then
OPcode = OPcode + "8D51" + Int2Hex(i, 2)
Else
OPcode = OPcode + "8D91" + Int2Hex(i, 8)
End If
End Function

Function Lea_EDX_DWORD_Ptr_EDX_Add(i As Long) As Long
If i <= 255 Then
OPcode = OPcode + "8D52" + Int2Hex(i, 2)
Else
OPcode = OPcode + "8D92" + Int2Hex(i, 8)
End If
End Function

Function Lea_EDX_DWORD_Ptr_EDI_Add(i As Long) As Long
If i <= 255 Then
OPcode = OPcode + "8D57" + Int2Hex(i, 2)
Else
OPcode = OPcode + "8D97" + Int2Hex(i, 8)
End If
End Function

Function Lea_EDX_DWORD_Ptr_EBP_Add(i As Long) As Long
If i <= 255 Then
OPcode = OPcode + "8D55" + Int2Hex(i, 2)
Else
OPcode = OPcode + "8D95" + Int2Hex(i, 8)
End If
End Funct
ion

Function Lea_EDX_DWORD_Ptr_ESI_Add(i As Long) As Long
If i <= 255 Then
OPcode = OPcode + "8D56" + Int2Hex(i, 2)
Else
OPcode = OPcode + "8D96" + Int2Hex(i, 8)
End If
End Function

'POP
Function Pop_EAX() As Long
OPcode = OPcode + "58"
End Function

Function Pop_EBX() As Long
OPcode = OPcode + "5B"
End Function

Function Pop_ECX() As Long
OPcode = OPcode + "59"
End Function

Function Pop_EDX() As Long
OPcode = OPcode + "5A"
End Function

Function Pop_ESI() As Long
OPcode = OPcode + "5E"
End Function

Function Pop_ESP() As Long
OPcode = OPcode + "5C"
End Function

Function Pop_EDI() As Long
OPcode = OPcode + "5F"
End Function

Function Pop_EBP() As Long
OPcode = OPcode + "5D"
End Function


 
目前有0条回应
Comment
Trackback
清空内容粗体斜体下划线删除线链接字体颜色表情
icon_wink.gificon_neutral.gificon_mad.gificon_twisted.gificon_smile.gificon_eek.gificon_sad.gificon_rolleyes.gificon_razz.gificon_redface.gificon_surprised.gificon_mrgreen.gificon_lol.gificon_idea.gificon_biggrin.gificon_evil.gificon_cry.gificon_cool.gificon_arrow.gificon_confused.gificon_question.gificon_exclaim.gif
你目前的身份是游客,请输入昵称和电邮!