OpenSC - Security Research and Development Forum -

User Tag List

Page 1 of 2 12 LastLast
Results 1 to 10 of 14
  1. Post #1
    #1
    I know a lot more than you think
    Join Date
    Jun 2008
    Location
    0x40000
    Posts
    1,565
    Like (Stats)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quoted
    0 Post(s)

    Zeromem Replacement (x86-x64)

    This function zero's dwLen starting at pPointer. This is used as replacement for API versions in my shellcode projects.
    Code:
    Procedure ZeroMem(pPointer : Pointer; dwLen : DWORD);stdcall;
    //Zeroes Pointer -> Pointer+dwLen
    var
    i : DWORD;
    begin
    for i := 0 to dwLen -1 do
    begin
         pByte(tHandle(pPointer)+i)^ := 0;
    end;
    end;

  2. Post #2
    #2
    Junior Member
    Join Date
    Oct 2012
    Posts
    16
    Like (Stats)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quoted
    0 Post(s)
    Nice !
    But I did one also a few days ago in ASM :

    Code:
    procedure ZeroMemoryASM(where : pointer; size : cardinal);
    begin
      ASM
       PUSH EAX
       PUSH EBX
       PUSH ECX
       NOP
       MOV EAX,where
       XOR EBX,EBX
       MOV ECX,size
    
       @Loopzy:
       MOV [EAX + ECX],BX
       DEC ECX
       CMP ECX,-1
       JNE @Loopzy
       NOP
       POP ECX
       POP EBX
       POP EAX
      END;
    end;
    What's up ?

  3. Post #3
    #3
    Banned
    Join Date
    Nov 2011
    Posts
    213
    Like (Stats)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quoted
    0 Post(s)
    hate copy pasta code.
    Code:
    push eax
    push ecx
    push edi
    mov edi,[pointer]
    mov ecx,[size]
    rep stosb
    pop edi
    pop ecx
    pop eax

  4. Post #4
    #4
    Junior Member
    Join Date
    Oct 2012
    Posts
    16
    Like (Stats)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quoted
    0 Post(s)
    Quote Originally Posted by Overflowz View Post
    hate copy pasta code.
    Code:
    push eax
    push ecx
    push edi
    mov edi,[pointer]
    mov ecx,[size]
    rep stosb
    pop edi
    pop ecx
    pop eax
    You are telling that i copy/pasted this snippet ?
    If it is : no I didn't !
    But I prefer your version because it is smaller than mine !
    What's up ?

  5. Post #5
    #5
    Banned
    Join Date
    Nov 2011
    Posts
    213
    Like (Stats)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quoted
    0 Post(s)
    It's not about small code, it's about how fast it is. Take a look here.
    Code:
       PUSH EAX
       PUSH EBX
       PUSH ECX
       NOP ;<-- bullshit.
       MOV EAX,where
       XOR EBX,EBX
       MOV ECX,size
    
       @Loopzy:
       MOV [EAX + ECX],BX
       DEC ECX
       CMP ECX,-1 ;bullshit, DEC instruction is already affecting OF, SF, ZF, AF, PF. At this point, you need JNS @Loopzy (or you can add size 1 and JNZ @Loopzy, whatever.)
       JNE @Loopzy
       NOP ;another bullshit.
       POP ECX
       POP EBX
       POP EAX
    p.s if you don't care speed and want small code, you can also use PUSHAD and POPAD instead of PUSH EAX EBX ECX and POP ECX EBX EAX

  6. Post #6
    #6
    Junior Member
    Join Date
    Oct 2012
    Posts
    16
    Like (Stats)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quoted
    0 Post(s)
    Hello Overflow.
    Yes the NOP were there just for me to show the separate with "init" code :-)
    Using a blank line would be the same ... sorry didn't deleted before posting.
    I didn't tried different possibilities for the jump also but as I do a reversed loop starting at the end of the memory to zero (I agree that for such purpose it wasn't useful but I used an another code of mine for memcopy +xor encryption step as reference and didn't really looked on another loop / conditional jump testing).
    It was a 2 minutes made code so yes I was aware of the fact that it could be really improved ... and you did it two times :-)
    Thanks a lot for that dude !
    What's up ?

  7. Post #7
    #7
    Junior Member DelphiCodez's Avatar
    Join Date
    Oct 2012
    Posts
    17
    Like (Stats)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quoted
    0 Post(s)
    Quote Originally Posted by Overflowz View Post
    It's not about small code, it's about how fast it is. Take a look here.
    Code:
       PUSH EAX
       PUSH EBX
       PUSH ECX
       NOP ;<-- bullshit.
       MOV EAX,where
       XOR EBX,EBX
       MOV ECX,size
    
       @Loopzy:
       MOV [EAX + ECX],BX
       DEC ECX
       CMP ECX,-1 ;bullshit, DEC instruction is already affecting OF, SF, ZF, AF, PF. At this point, you need JNS @Loopzy (or you can add size 1 and JNZ @Loopzy, whatever.)
       JNE @Loopzy
       NOP ;another bullshit.
       POP ECX
       POP EBX
       POP EAX
    p.s if you don't care speed and want small code, you can also use PUSHAD and POPAD instead of PUSH EAX EBX ECX and POP ECX EBX EAX
    Actually, I would hope the end result would be about all around efficiency, and not "speed" or "code size".
    Custom Coding Services - Delphi, C++, ASM, PHP, HTML, VB, C# - PM Me

  8. Post #8
    #8
    Banned
    Join Date
    Nov 2011
    Posts
    213
    Like (Stats)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quoted
    0 Post(s)
    tty666
    I was on worst mood when I wrote that post, apologies.
    DelphiCodez
    Another bullshit post. What efficiency should give you ZeroMemory except for zeroing number of bytes ?

  9. Post #9
    #9
    Junior Member DelphiCodez's Avatar
    Join Date
    Oct 2012
    Posts
    17
    Like (Stats)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quoted
    0 Post(s)
    Quote Originally Posted by Overflowz View Post
    tty666
    I was on worst mood when I wrote that post, apologies.
    DelphiCodez
    Another bullshit post. What efficiency should give you ZeroMemory except for zeroing number of bytes ?
    I am sorry, maybe I should have been more clear for you.

    Your statement:
    "It's not about small code, it's about how fast it is."

    My response:
    "Actually, I would hope the end result would be about all around efficiency, and not 'speed' or 'code size'."

    From this we can clearly see that I was in no way shape or form even commenting on, well I would say your code but who are we kidding here (we all know you did not code it), anyways, .......in no way shape or form even commenting on "the code" you provided.

    I was simply responding to your ignorant words before the copy and pasted code that you provided.

    Is it clear for you now?
    Custom Coding Services - Delphi, C++, ASM, PHP, HTML, VB, C# - PM Me

  10. Post #10
    #10
    Banned
    Join Date
    Nov 2011
    Posts
    213
    Like (Stats)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quoted
    0 Post(s)
    I'm mainly ASM programmer more than 5 years.. You think I just C&P'ed it?
    That's why I want to someone delete my profile here, too much bullshit people here.

Page 1 of 2 12 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. [VB6] CopyMemory shellcode / rtlmovemem replacement
    By limited in forum VB Snippets
    Replies: 0
    Last Post: 12-10-2012, 04:45
  2. GetProcAddress Api Replacement Using Inline ASM
    By counterstrikewi in forum Delphi Snippets
    Replies: 11
    Last Post: 27-12-2011, 11:15
  3. StrToInt(SysUtils) Replacement
    By Hellhound in forum Delphi Help
    Replies: 3
    Last Post: 19-06-2011, 06:26
  4. lightweight copy of an SysUtils replacement
    By Dutch-XL in forum General Programming Help
    Replies: 4
    Last Post: 01-07-2007, 17:21
  5. Looking for TStringList replacement
    By Dutch-XL in forum General Programming Help
    Replies: 6
    Last Post: 29-06-2007, 13:26

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •