-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathutils.inc
96 lines (75 loc) · 1.71 KB
/
utils.inc
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
extern ExitProcess:PROC
extern GetModuleHandleA:PROC
extern LoadLibraryA:PROC
extern GetProcAddress:PROC
extern OpenProcess:PROC
extern VirtualAllocEx:PROC
extern WriteProcessMemory:PROC
extern CreateRemoteThread:PROC
extern WaitForSingleObject:PROC
extern CloseHandle:PROC
.data
Kernel32Str db "kernel32.dll",0
LoadLibraryStr db "LoadLibraryA",0
HandleProcess QWORD ?
HandleThread QWORD ?
RemoteBuffer QWORD ?
LoadLibraryAddress QWORD ?
Kernel32Address QWORD ?
.code
; /*
; This function checks the result of a function call and handles errors. Also it can copy the result to a buffer.
;
; * Parameters:
; * rcx - The result of the function call (QWORD)
; * rdx - The address of the buffer to store the result (QWORD) (OPTIONAL)
; */
CheckFunctionResult PROC
mov r10,rcx
mov r11,rdx
cmp r10,0
jz GotoExit
cmp r11,0
jz ReturnToMain
CopyBuffer:
; Copy the result to the buffer
mov [r11],r10
jmp ReturnToMain
GotoExit:
mov rdx,HandleThread
mov rcx,HandleProcess
jmp ExitProgram
ReturnToMain:
ret
CheckFunctionResult ENDP
; /*
; This function closes the handles and exits the program.
;
; * Parameters:
; * rcx - Thread's handle (QWORD)
; * rdx - Process's handle (QWORD)
; */
ExitProgram PROC
sub rsp,38h
; Save Params
mov r13,rcx
mov r14,rdx
CheckHandleThread:
cmp r13,0
jz CheckHandleProcess
jmp CloseThreadHandle
CheckHandleProcess:
cmp r14,0
jz ExitTheProgram
jmp CloseProcessHandle
CloseThreadHandle:
mov rcx,r13
call CloseHandle
jmp CheckHandleProcess
CloseProcessHandle:
mov rcx,r14
call CloseHandle
ExitTheProgram:
xor rcx,rcx
call ExitProcess
ExitProgram ENDP