Visual Basic

Assembler Language

Assembler language is a lower level language close to machine language. Assembler language is a link between higher level languages such as Visual Basic and Java to machine language in 0's and 1's.

Sample code:

NASM=nasm -w+orphan-labels -f elf
LD=ld -s
STRIP=strip --remove-section .note --remove-section .comment
RM=rm -f

.PHONY: all  clean

all: self_mod_code

self_mod_code: self_mod_code.nasm
	${NASM} self_mod_code.nasm
	${LD} self_mod_code.o -o self_mod_code
	${STRIP} self_mod_code

clean:
	${RM} *.bak *~ *.o self_mod_code core

-----------------------------------------------------------------------------
;****************************************************************************
;****************************************************************************
;*
;* SELF MODIFYING CODE UNDER LINUX
;*
;* written by Karsten Scheibler, 2000-MAR-28
;*
;****************************************************************************
;****************************************************************************





;****************************************************************************
;* some assign's ************************************************************
;****************************************************************************
%assign SYS_EXIT		1
%assign SYS_WRITE		4
%assign SYS_MPROTECT		125

%assign PROT_READ		1
%assign PROT_WRITE		2
%assign PROT_EXEC		4

;needed for the linker to make this code startable
global _start



;****************************************************************************
;* the code itself **********************************************************
;****************************************************************************
section .text
_start:
			;----------------------------------------------
			;calculate the address in section .bss, it must
			;lie on a page boundary (x86: 4KB = 01000h)
			;normally obsolete because each segment should
			;be aligned to a page boundary
			;----------------------------------------------

			mov	dword ebp, (modified_code + 01000h)
			and	dword ebp, 0fffff000h

			;-----------------------------------------
			;now change the flags of this page to
			;read + write + executable, if that fails
			;exit immediatly. On x86 Architecture
			;this call is obsolete, because for
			;section .bss PROT_READ and PROT_WRITE are
			;already set. PROT_EXEC is on x86 also set
			;if PROT_READ is set, this results in
			;read/write/execute for this segment
			;-----------------------------------------

			mov	dword eax, SYS_MPROTECT
			mov	dword ebx, ebp
			mov	dword ecx, 01000h
			mov	dword edx, (PROT_READ | PROT_WRITE | PROT_EXEC)
			int	byte  080h
			test	dword eax, eax
			js	near  exit

			;-------------------------------------
			;now execute the unmodified code first
			;-------------------------------------

code1_start:		mov	dword eax, SYS_WRITE
			mov	dword ebx, 1
			mov	dword ecx, hello_world_1
code1_mark_1:		mov	dword edx, (hello_world_2 - hello_world_1)
code1_mark_2:		int	byte  080h
code1_end:

			;---------------------------------------
			;copy the code snippet from above to our
			;page (address is still in ebp)
			;---------------------------------------

			mov	dword ecx, (code1_end - code1_start)
			mov	dword esi, code1_start
			mov	dword edi, ebp
			cld
			rep movsb

			;-----------------------------------------
			;append the 
 opcode to it, so that we
			;can do a call to it
			;-----------------------------------------

			mov	byte  al, [return]
			stosb

			;-------------------------------------------
			;ok time to change some values in the copied
			;code ;-), i change the start address of the
			;text and its length
			;-------------------------------------------

			mov	dword eax, hello_world_2
			mov	dword ebx, (code1_mark_1 - code1_start)
			mov	dword [ebx + ebp - 4], eax
			mov	dword eax, (hello_world_3 - hello_world_2)
			mov	dword ebx, (code1_mark_2 - code1_start)
			mov	dword [ebx + ebp - 4], eax

			;-----------------------
			;and finally call it ;-)
			;-----------------------

			call	dword ebp

			;------------------------------
			;copy the second self modifying
			;example
			;------------------------------

			mov	dword ecx, (code2_end - code2_start)
			mov	dword esi, code2_start
			mov	dword edi, ebp
			rep movsb

			;--------------------------------------------
			;do some real nasty ;-) load edi with
			;a value pointing right after the 

			;instruction, so this will really modify
			;itself ;-)
			;--------------------------------------------

			mov	dword edi, ebp
			add	dword edi, (code2_mark - code2_start)
			call	dword ebp

			;--------
			;exit ...
			;--------

exit:			mov	dword eax, SYS_EXIT
			xor	dword ebx, ebx
			int	byte  080h



;****************************************************************************
;* code2 ********************************************************************
;****************************************************************************
			;------------------------------------
			;this is the ret opcode we copy above
			;and the nop opcode needed by code2
			;------------------------------------

return:			ret
no_operation:		nop

			;--------------------------------------------
			;here some real selfmodifying code, if copied
			;to .bss and edi correctly loaded ebx should
			;contain 04h instead of 08h
			;--------------------------------------------

code2_start:		mov	byte  al, [no_operation]
			xor	dword ebx, ebx
			mov	dword ecx, 004h
			rep stosb
code2_mark:		inc	dword ebx
			inc	dword ebx
			inc	dword ebx
			inc	dword ebx
			inc	dword ebx
			inc	dword ebx
			inc	dword ebx
			inc	dword ebx
			call	dword [function_pointer]
			ret
code2_end:
			align 4
function_pointer:	dd	write_hex



;****************************************************************************
;* put a hex number on screen ***********************************************
;****************************************************************************
write_hex:
			mov	byte  bh, bl
			shr	byte  bl, 4
			add	byte  bl, 030h
			cmp	byte  bl, 03ah
			jb	.number_1
			add	byte  bl, 007h
.number_1:		mov	byte  [hex_number], bl
			and	byte  bh, 00fh
			add	byte  bh, 030h
			cmp	byte  bh, 03ah
			jb	.number_2
			add	byte  bh, 007h
.number_2:		mov	byte  [hex_number + 1], bh
			mov	dword eax, SYS_WRITE
			mov	dword ebx, 1
			mov	dword ecx, hex_number
			mov	dword edx, 4
			int	byte  080h
			ret

section .data
hex_number:		db	"00h", 10



;****************************************************************************
;* some text ****************************************************************
;****************************************************************************
hello_world_1:		db	"Hello World!", 10
hello_world_2:		db	"This code was modified!", 10
hello_world_3:



;****************************************************************************
;* page for modified code ***************************************************
;****************************************************************************
section .bss
			;---------------------------------------------
			;why allocate 8KB if a page on x86 is 4KB ?
			;For safety reasons look at the code right
			;after _start:
			;NOTE: Under normal conditions the .bss
			;section is already page aligned so allocating
			;4KB and skipping the first 2 lines of code
			;after _start: should be ok.
			;---------------------------------------------

			alignb 4
modified_code:		resb	02000h
;********************************************* karsten.scheibler@bigfoot.de *


        ----------------------------from another program------------------------------
	stack-param:     file format elf32-i386
	stack-param
	architecture: i386, flags 0x00000112:
	EXEC_P, HAS_SYMS, D_PAGED
	start address 0x08048074
	
	Program Header:
	    LOAD off    0x00000000 vaddr 0x08048000 paddr 0x08048000 align 2**12
		 filesz 0x000000be memsz 0x000000be flags r-x
	    LOAD off    0x000000c0 vaddr 0x080490c0 paddr 0x080490c0 align 2**12
		 filesz 0x00000001 memsz 0x00000004 flags rw-
	
	Sections:
	Idx Name          Size      VMA       LMA       File off  Algn
	  0 .text         0000004a  08048074  08048074  00000074  2**2
			  CONTENTS, ALLOC, LOAD, READONLY, CODE
	  1 .data         00000001  080490c0  080490c0  000000c0  2**2
			  CONTENTS, ALLOC, LOAD, DATA
	  2 .bss          00000000  080490c4  080490c4  000000c4  2**2
			  ALLOC
	SYMBOL TABLE:
	08048074 l    d  .text	00000000 
	080490c0 l    d  .data	00000000 
	080490c4 l    d  .bss	00000000 
	00000000 l    d  *ABS*	00000000 
	00000000 l    d  *ABS*	00000000 
	00000000 l    d  *ABS*	00000000 
	080490c0 l       .data	00000000 new_line_char
	08048076 l       .text	00000000 again
	08048087 l       .text	00000000 end_again
	0804808e l       .text	00000000 putstring
	08048096 l       .text	00000000 count_chars
	080480a0 l       .text	00000000 done_count_chars
	00000000       F *UND*	00000000 
	080480be g     O *ABS*	00000000 _etext
	08048074 g       .text	00000000 _start
	080490c1 g     O *ABS*	00000000 __bss_start
	080490c1 g     O *ABS*	00000000 _edata
	080490c4 g     O *ABS*	00000000 _end

	----------------------------------------------------------------