-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathMyASM_Debug.asm
executable file
·79 lines (55 loc) · 2.93 KB
/
MyASM_Debug.asm
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
; «««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««
; Build this with the "Project" menu using
; "Console Assemble and Link"
comment * «««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««
Malware Analysis
««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««« *
.486 ; create 32 bit code
.model flat, stdcall ; 32 bit memory model
option casemap :none ; case sensitive
include \masm32\include\windows.inc ; always first
include \masm32\macros\macros.asm ; MASM support macros
; -----------------------------------------------------------------
; include files that have MASM format prototypes for function calls
; -----------------------------------------------------------------
include \masm32\include\masm32.inc
include \masm32\include\gdi32.inc
include \masm32\include\user32.inc
include \masm32\include\kernel32.inc
include \masm32\include\debug.inc
; ------------------------------------------------
; Library files that have definitions for function
; exports and tested reliable prebuilt code.
; ------------------------------------------------
includelib \masm32\lib\masm32.lib
includelib \masm32\lib\gdi32.lib
includelib \masm32\lib\user32.lib
includelib \masm32\lib\kernel32.lib
includelib \masm32\lib\debug.lib
.code ; Tell MASM where the code starts
; «««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««
start: ; The CODE entry point to the program
print chr$("Welcome to Malware Analysis - Basic Assembly Language Programming.", 13, 10)
PrintLine ; print a seperate line
PrintText "Debugging: Malware Analysis" ; debugging print text
mov eax, 100 ; set value of a variable as 100
PrintLine ; print a seperate line
PrintDec eax, "eax value"
mov ebx, 200 ; set value of b variable as 200
PrintLine ; print a seperate line
PrintDec ebx, "ebx value"
push eax
push ebx
mov ecx, [esp] ; indirect pointer takes the value of the top stack as the answer, in this case is 200
PrintLine ; print a seperate line
PrintDec ecx, "ecx value" ;
mov edx, [esp+32] ; takes the indirect value of the top stack then offset the bytes by 32
PrintLine ; print a seperate line
PrintDec edx, "edx value"
;solving bonus qn
mov edx, [esp+4] ; takes the indirect value of the top stack then offset the bytes by 4 (go down)
PrintLine ; print a seperate line
PrintDec edx, "edx value" ; the answer should be 100 which is eax
exit
; «««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««
end start ; Tell MASM where the program ends