Move common assembly into a separate file

2023-06-25 02:19:24 +03:00 · 2023-06-25 02:19:24 +03:00 · 55fd21feef
commit 55fd21feef
parent 22a7fb2a60
6 changed files with 78 additions and 124 deletions
--- a/injector/include/gpa.inc
+++ b/injector/include/gpa.inc
@ -0,0 +1,62 @@
 BITS 64
 ; https://dennisbabkin.com/blog/?t=how-to-implement-getprocaddress-in-shellcode
 GetKernel32ModuleHandle:
    mov rax, gs:[60h]
    mov rax, [rax + 18h]
    mov rax, [rax + 20h]
    mov rax, [rax]
    mov rax, [rax]
    mov rax, [rax + 20h]
    ret
 GetAddressOf_GetProcAddress:
    mov eax, [rcx + 3ch]
    add rax, rcx
    lea rax, [rax + 88h]
    mov edx, [rax]
    lea rax, [rcx + rdx]
    mov edx, [rax + 18h]
    mov r8d, [rax + 20h]
    lea r8, [rcx + r8]
    mov r10, 41636f7250746547h ; "GetProcA"
    mov r11, 0073736572646441h ; "Address\0"
 .1:
    mov r9d, [r8]
    lea r9, [rcx + r9]
    ; Function name comparision
    cmp r10, [r9]
    jnz .2
    cmp r11, [r9 + 7]
    jnz .2
    ; Found GetProcAddress
    neg rdx
    mov r10d, [rax + 18h]
    lea rdx, [r10 + rdx]
    mov r10d, [rax + 24h]
    lea r10, [rcx + r10]
    movzx rdx, word [r10 + rdx * 2]
    mov r10d, [rax + 1ch]
    lea r10, [rcx + r10]
    mov r10d, [r10 + rdx * 4]
    lea rax, [rcx + r10] ; Function address
    jmp .end
 .2:
    add r8, 4
    dec rdx
    jnz .1
 .end:
    ret
--- a/injector/launcher_payload/meson.build
+++ b/injector/launcher_payload/meson.build
@ -1,5 +1,8 @@
 # Assemble the payload that will be injected into the game
-l_payload_bin = asm_gen.process('src/payload.asm')
+l_payload_bin = asm_gen.process(
    'src/payload.asm',
    extra_args: [ str_include_dir ]
 )
 # Embed it into the library
 l_res_files = custom_target(
@ -13,6 +16,6 @@ shared_library(
    'launcher_payload',
    'src/dll.c',
    l_res_files,
-    include_directories: '../include',
+    include_directories: include_dir,
    name_prefix: ''
 )
--- a/injector/launcher_payload/src/payload.asm
+++ b/injector/launcher_payload/src/payload.asm
@ -63,66 +63,7 @@ main: ; Replacement entry point
    ret
-; https://dennisbabkin.com/blog/?t=how-to-implement-getprocaddress-in-shellcode
+%include "gpa.inc"
 GetKernel32ModuleHandle:
    mov rax, gs:[60h]
    mov rax, [rax + 18h]
    mov rax, [rax + 20h]
    mov rax, [rax]
    mov rax, [rax]
    mov rax, [rax + 20h]
    ret
 GetAddressOf_GetProcAddress:
    mov eax, [rcx + 3ch]
    add rax, rcx
    lea rax, [rax + 88h]
    mov edx, [rax]
    lea rax, [rcx + rdx]
    mov edx, [rax + 18h]
    mov r8d, [rax + 20h]
    lea r8, [rcx + r8]
    mov r10, 41636f7250746547h ; "GetProcA"
    mov r11, 0073736572646441h ; "Address\0"
 .1:
    mov r9d, [r8]
    lea r9, [rcx + r9]
    ; Function name comparision
    cmp r10, [r9]
    jnz .2
    cmp r11, [r9 + 7]
    jnz .2
    ; Found GetProcAddress
    neg rdx
    mov r10d, [rax + 18h]
    lea rdx, [r10 + rdx]
    mov r10d, [rax + 24h]
    lea r10, [rcx + r10]
    movzx rdx, word [r10 + rdx * 2]
    mov r10d, [rax + 1ch]
    lea r10, [rcx + r10]
    mov r10d, [r10 + rdx * 4]
    lea rax, [rcx + r10] ; Function address
    jmp .end
 .2:
    add r8, 4
    dec rdx
    jnz .1
 .end:
    ret
 ; Strings
--- a/injector/meson.build
+++ b/injector/meson.build
@ -1,5 +1,11 @@
 include_dir = include_directories('include')
 str_include_dir = join_paths(meson.current_source_dir(), 'include')
 # Assemble the payload that will be injected into the launcher
-inj_payload_bin = asm_gen.process('src/payload.asm')
+inj_payload_bin = asm_gen.process(
    'src/payload.asm', 
    extra_args: [ str_include_dir ]
 )
 # Embed it into the library
 inj_res_files = custom_target(
@ -14,7 +20,7 @@ executable(
    'jadeite',
    'src/injector.c',
    inj_res_files,
-    include_directories: 'include',
+    include_directories: include_dir,
    name_prefix: ''
 )
--- a/injector/src/payload.asm
+++ b/injector/src/payload.asm
@ -28,66 +28,7 @@ main: ; Replacement entry point
    ret
-; https://dennisbabkin.com/blog/?t=how-to-implement-getprocaddress-in-shellcode
+%include "gpa.inc"
 GetKernel32ModuleHandle:
    mov rax, gs:[60h]
    mov rax, [rax + 18h]
    mov rax, [rax + 20h]
    mov rax, [rax]
    mov rax, [rax]
    mov rax, [rax + 20h]
    ret
 GetAddressOf_GetProcAddress:
    mov eax, [rcx + 3ch]
    add rax, rcx
    lea rax, [rax + 88h]
    mov edx, [rax]
    lea rax, [rcx + rdx]
    mov edx, [rax + 18h]
    mov r8d, [rax + 20h]
    lea r8, [rcx + r8]
    mov r10, 41636f7250746547h ; "GetProcA"
    mov r11, 0073736572646441h ; "Address\0"
 .1:
    mov r9d, [r8]
    lea r9, [rcx + r9]
    ; Function name comparision
    cmp r10, [r9]
    jnz .2
    cmp r11, [r9 + 7]
    jnz .2
    ; Found GetProcAddress
    neg rdx
    mov r10d, [rax + 18h]
    lea rdx, [r10 + rdx]
    mov r10d, [rax + 24h]
    lea r10, [rcx + r10]
    movzx rdx, word [r10 + rdx * 2]
    mov r10d, [rax + 1ch]
    lea r10, [rcx + r10]
    mov r10d, [r10 + rdx * 4]
    lea rax, [rcx + r10] ; Function address
    jmp .end
 .2:
    add r8, 4
    dec rdx
    jnz .1
 .end:
    ret
 ; Strings
--- a/meson.build
+++ b/meson.build
@ -8,6 +8,7 @@ asm_gen = generator(
    nasm,
    output: '@BASENAME@.bin',
    arguments: [
        '-i', '@EXTRA_ARGS@',
        '-f', 'bin',
        '@INPUT@',
        '-o', '@OUTPUT@'