var TabNum var TypeDW var Count var Count2 var ActEip var ActPunt var VACTab var VATab var VATab1 //nano_addr.hex var VATab2 //nano_type.hex var VATab3 //nano_size.hex var VATab4 //nano_dest.hex var EipBytes dbh mov TypeDW, 0 eoe LABEL eob BABEL run BABEL: cob bphwc eip ask "VA base?" cmp $RESULT, 0 je NoVA mov VATab, $RESULT ask "Numero de pedazos? [HEX]" cmp $RESULT, 0 je NoTabNum mov TabNum, $RESULT shl TabNum, 2 msgyn "Nanotyes DWORD = SI || Nanotypes BYTE = NO" cmp $RESULT, 0 je NanTypB mov TypeDW, 1 NanTypB: sub eip, 20 mov ActEip, eip mov EipBytes, [eip] add eip, 20 exec pushad pushfd push {ActEip} push 40 push 40000 push {VATab} call VirtualProtect popfd popad ende mov [ActEip], EipBytes mov VACTab, VATab add VATab, TabNum add VATab, TabNum mov VATab1, VATab eval "VA de nano_addr.hex = {VATab1}" log $RESULT mov Count, 0 mov ActEip, eip add ActEip, 3 mov ActEip, [ActEip] Tab0: mov ActPunt, ActEip add ActPunt, Count mov ActPunt, [ActPunt] InTab1: mov EipBytes, [ActPunt] cmp EipBytes, ABABABAB je FinTab1 cmp EipBytes, BAADF00D je FinTab1 mov [VATab1], EipBytes add ActPunt, 4 add VATab1, 4 inc [VACTab] jmp InTab1 FinTab1: add VACTab, 4 add Count, 4 cmp Count, TabNum jne Tab0 mov VATab2, VATab1 sub VATab1, VATab dm VATab, VATab1, "C:\Documents and Settings\tenketsu\Escritorio\nano_addr.hex" sub VACTab, TabNum eob BABEL2 run jmp BABEL BABEL2: cob bphwc eip add VATab2, 40 eval "VA de nano_type.hex = {VATab2}" log $RESULT mov VATab, VATab2 mov Count, 0 mov ActEip, eip add ActEip, 3 mov ActEip, [ActEip] cmp TypeDW, 0 je Tab0_2B Tab0_2DW: mov Count2, 0 mov ActPunt, ActEip add ActPunt, Count mov ActPunt, [ActPunt] InTab2DW: mov EipBytes, [ActPunt] mov [VATab2], EipBytes add ActPunt, 4 add VATab2, 4 inc Count2 cmp [VACTab], Count2 je FinTab2DW jmp InTab2DW FinTab2DW: add VACTab, 4 add Count, 4 cmp Count, TabNum jne Tab0_2DW jmp Tab2Fin Tab0_2B: mov Count2, 0 mov ActPunt, ActEip add ActPunt, Count mov ActPunt, [ActPunt] InTab2B: mov EipBytes, [ActPunt] shl EipBytes, 18 shr EipBytes, 18 mov [VATab2], EipBytes add ActPunt, 1 add VATab2, 1 inc Count2 cmp [VACTab], Count2 je FinTab2B jmp InTab2B FinTab2B: add VACTab, 4 add Count, 4 cmp Count, TabNum jne Tab0_2B Tab2Fin: mov VATab3, VATab2 sub VATab2, VATab dm VATab, VATab2, "C:\Documents and Settings\tenketsu\Escritorio\nano_type.hex" sub VACTab, TabNum eob BABEL3 run jmp BABEL2 BABEL3: cob bphwc eip add VATab3, 40 eval "VA de nano_dest.hex = {VATab3}" log $RESULT mov VATab, VATab3 mov Count, 0 mov ActEip, eip add ActEip, 3 mov ActEip, [ActEip] Tab0_3: mov Count2, 0 mov ActPunt, ActEip add ActPunt, Count mov ActPunt, [ActPunt] InTab3: mov EipBytes, [ActPunt] mov [VATab3], EipBytes add ActPunt, 4 add VATab3, 4 inc Count2 cmp [VACTab], Count2 je FinTab3 jmp InTab3 FinTab3: add VACTab, 4 add Count, 4 cmp Count, TabNum jne Tab0_3 mov VATab4, VATab3 sub VATab3, VATab dm VATab, VATab3, "C:\Documents and Settings\tenketsu\Escritorio\nano_dest.hex" sub VACTab, TabNum eob BABEL4 run jmp BABEL3 BABEL4: cob bphwc eip add VATab4, 40 eval "VA de nano_size.hex = {VATab4}" log $RESULT mov VATab, VATab4 mov Count, 0 mov ActEip, eip add ActEip, 3 mov ActEip, [ActEip] Tab0_4: mov Count2, 0 mov ActPunt, ActEip add ActPunt, Count mov ActPunt, [ActPunt] InTab4: mov EipBytes, [ActPunt] shl EipBytes, 18 shr EipBytes, 18 mov [VATab4], EipBytes add ActPunt, 1 add VATab4, 1 inc Count2 cmp [VACTab], Count2 je FinTab4 jmp InTab4 FinTab4: add VACTab, 4 add Count, 4 cmp Count, TabNum jne Tab0_4 sub VATab4, VATab dm VATab, VATab4, "C:\Documents and Settings\tenketsu\Escritorio\nano_size.hex" msg "El dumpeo de las tablas ha terminado." ret LABEL: esto jmp LABEL NoVA: msg "No se ha especificado una VA base para las tablas, script terminado." ret NoTabNum: msg "No se ha especificado un numero de pedazos, script terminado." ret