Jump to content

Sky Slate Blueberry Blackcurrant Watermelon Strawberry Orange Banana Apple Emerald Chocolate
Photo

Machine code functions: Bit Wizardry


  • Please log in to reply
144 replies to this topic
SKAN
  • Administrators
  • 9115 posts
  • Last active:
  • Joined: 26 Dec 2005
Azerty, Please take a look at my post :: Someone decompiled my passworded and protected script. :)

Laszlo
  • Moderators
  • 4713 posts
  • Last active: Mar 31 2012 03:17 AM
  • Joined: 14 Feb 2005
Azerty, For base64 conversion you can use the Windows crypto API, without much programming. See
here. I think, it was originally Titan’s idea (or SKAN’s?). The API functions are:
CryptBinaryToString and CryptStringToBinary. They are not very fast, but already installed with Windows. Why don’t you code ASCII85 instead? It was discussed in several places in the Forum, like here.

Azerty
  • Members
  • 72 posts
  • Last active: Jan 16 2009 10:08 AM
  • Joined: 19 Dec 2006

Azerty, Please take a look at my post :: Someone decompiled my passworded and protected script. :)


SKAN : Reply in topic.
Laszlo : I'll take a look at it. thx

SKAN
  • Administrators
  • 9115 posts
  • Last active:
  • Joined: 26 Dec 2005

I'm planning an ASM written base64 encoder/decoder for ahk to enable external dependancies to become inline coded in main script (I hate having 50 files in a subdir when one is enough :) ). I'll probably post it in this topic. So Stay tuned :wink:


Any news ? :). I tried base64.exe and it works at lightning speed.
Eager to see it as Machine code.

Regards, :)

Laszlo
  • Moderators
  • 4713 posts
  • Last active: Mar 31 2012 03:17 AM
  • Joined: 14 Feb 2005

I tried base64.exe and it works at lightning speed.

Have you compared its speed to the Windows crypto API version? Writing machine code functions only makes sense if the Windows version is too slow.

SKAN
  • Administrators
  • 9115 posts
  • Last active:
  • Joined: 26 Dec 2005

Windows crypto API version?


I remember trying it but I guess that will work only XP onwards :(
I do not mind about Win98SE anymore, but the function should atleast support Windows 2000.

:)

Laszlo
  • Moderators
  • 4713 posts
  • Last active: Mar 31 2012 03:17 AM
  • Joined: 14 Feb 2005

should atleast support Windows 2000.

You are right

Client Requires Windows Vista or Windows XP.
Server Requires Windows Server 2008 or Windows Server 2003.



Azerty
  • Members
  • 72 posts
  • Last active: Jan 16 2009 10:08 AM
  • Joined: 19 Dec 2006
Hi Skan

After Lazslo's comment, I looked at ascii85, and, for inlining binaries into AHK code, it suits better : base64 encodes 3 bytes into 4, ascii85 encodes 4 bytes into 5.
For instance, a 8 Ko binary would be encoded in 10923 bytes vs 10240 using ascii85 (CR/LF not counted).

Today : the full ASM binary encoder is ready, the decoder is in progress. I hope to publish them both from now until end of week with some sample code.

As for constraints : will be i486+ (using BSWAP for compactness), but code should even be Win95 compatible (though I won't test it, nor support it - I'm on W2K/WXP).

CU

SKAN
  • Administrators
  • 9115 posts
  • Last active:
  • Joined: 26 Dec 2005

the full ASM binary encoder is ready, the decoder is in progress. I hope to publish them both from now until end of week with some sample code.


Glad to hear it, and will eagerly await the release. :)

SKAN
  • Administrators
  • 9115 posts
  • Last active:
  • Joined: 26 Dec 2005
@Laszlo:

Sir, Sorry for the Dumb question:
Can a function like lstrcpy() be extracted out of kernel32.dll and reused ?

:)

Laszlo
  • Moderators
  • 4713 posts
  • Last active: Mar 31 2012 03:17 AM
  • Joined: 14 Feb 2005
With a disassembler, sure. But it is a 2 line C function, faster to compile.

SKAN
  • Administrators
  • 9115 posts
  • Last active:
  • Joined: 26 Dec 2005

But it is a 2 line C function


:O

Means we can call LstrCpy() from C and extract it
or C has a built in function in LIB ?

( excuse me for the ignorance )

Can you give me some mcode ?

Please. :)

Edit: Oops! Actually need want lstrcpyn()

Laszlo
  • Moderators
  • 4713 posts
  • Last active: Mar 31 2012 03:17 AM
  • Joined: 14 Feb 2005
The simplified C source is
scpy(char* dest, char* source) {
   while (*source!=0)*dest++ = *source++;
}
VCC compiles it to
000cf	8b 4c 24 08	 mov	 ecx, DWORD PTR _source$[esp-4]
  000d3	8a 01		 mov	 al, BYTE PTR [ecx]
  000d5	84 c0		 test	 al, al
  000d7	74 0e		 je	 SHORT [email protected]
  000d9	8b 54 24 04	 mov	 edx, DWORD PTR _dest$[esp-4]
[email protected]:
  000dd	88 02		 mov	 BYTE PTR [edx], al
  000df	42		 inc	 edx
  000e0	41		 inc	 ecx
  000e1	8a 01		 mov	 al, BYTE PTR [ecx]
  000e3	84 c0		 test	 al, al
  000e5	75 f6		 jne	 SHORT [email protected]
[email protected]:
; Line 43
  000e7	c3		 ret	 0
And the he machine code is the following 25 bytes
8b4c24088a0184c0740e8b542404880242418a0184c075f6c3


SKAN
  • Administrators
  • 9115 posts
  • Last active:
  • Joined: 26 Dec 2005
Sir.. Excuse me for being stupid. :(
I wrongly quoted lstrcpy() instead of lstrcpyn()
As a punishment, I will try it on my own.

Many thanks for the kind efforts. :)

Laszlo
  • Moderators
  • 4713 posts
  • Last active: Mar 31 2012 03:17 AM
  • Joined: 14 Feb 2005
The simplified C source for lstrcpyn is
scpyn(char* dest, char* source, int n) {
   while (--n)*dest++ = *source++;
   *dest = 0;
}
VCC compiles it to
000e8	55		 push	 ebp
  000e9	8b ec		 mov	 ebp, esp
; Line 46
  000eb	ff 4d 10	 dec	 DWORD PTR _n$[ebp]
  000ee	8b 45 08	 mov	 eax, DWORD PTR _dest$[ebp]
  000f1	74 0e		 je	 SHORT [email protected]
  000f3	8b 4d 0c	 mov	 ecx, DWORD PTR _source$[ebp]
[email protected]:
  000f6	8a 11		 mov	 dl, BYTE PTR [ecx]
  000f8	88 10		 mov	 BYTE PTR [eax], dl
  000fa	40		 inc	 eax
  000fb	41		 inc	 ecx
  000fc	ff 4d 10	 dec	 DWORD PTR _n$[ebp]
  000ff	75 f5		 jne	 SHORT [email protected]
[email protected]:
; Line 47
  00101	c6 00 00	 mov	 BYTE PTR [eax], 0
; Line 48
  00104	5d		 pop	 ebp
  00105	c3		 ret	 0
And the the machine code is the following 30 bytes
558becff4d108b4508740e8b4d0c8a1188104041ff4d1075f5c600005dc3