再次请教关于一句汇编代码在VB中的写法

这个问题困扰好久了，经过之前论坛一位好心人的指点，百度找了很多资料自己又测试了很多次还是不行。fstp    dword ptr [esp]的机器码是D91C24，我套进去总是出错，哪位好心的朋友告诉我该如何写？要套用的代码：[code] fstp    dword ptr [esp][/code]clsasm类模块：[code] Option Explicit
Private Declare Function CloseHandle Lib "kernel32" (ByVal hObject As Long) As Long
Private Declare Function WriteProcessMemory Lib "kernel32" (ByVal hProcess As Long, ByVal lpBaseAddress As Any, lpBuffer As Any, ByVal nSize As Long, lpNumberOfBytesWritten As Long) As Long
Private Declare Function CreateRemoteThread Lib "kernel32" (ByVal hProcess As Long, lpThreadAttributes As Any, ByVal dwStackSize As Long, lpStartAddress As Long, lpParameter As Any, ByVal dwCreationFlags As Long, lpThreadId As Long) As Long
Private Declare Function VirtualFreeEx Lib "kernel32" (ByVal hProcess As Long, lpAddress As Any, ByVal dwSize As Long, ByVal dwFreeType As Long) As Long
Private Declare Function VirtualAllocEx Lib "kernel32" (ByVal hProcess As Long, lpAddress As Any, ByVal dwSize As Long, ByVal flAllocationType As Long, ByVal flProtect As Long) As Long
Private Declare Function CallWindowProc Lib "user32" Alias "CallWindowProcA" (ByVal lpPrevWndFunc As Long, ByVal hwnd As Long, ByVal Msg As Long, ByVal wParam As Long, ByVal lParam As Long) As Long
Private Declare Function OpenProcess Lib "kernel32" (ByVal dwDesiredAccess As Long, ByVal bInheritHandle As Long, ByVal dwProcessId As Long) As Long
Private Declare Function WaitForSingleObject Lib "kernel32" (ByVal hHandle As Long, ByVal dwMilliseconds As Long) As LongConst PAGE_EXECUTE_READWRITE = &H40
Const MEM_COMMIT = &H1000
Const MEM_RELEASE = &H8000
Const MEM_DECOMMIT = &H4000
Const PROCESS_ALL_ACCESS = &H1F0FFF
Private Const WAIT_TIMEOUT = &H102
Dim OPcode As StringFunction Get_Result() As String
Dim i As Long
ReDim AsmCode(Len(OPcode) / 2 - 1) As Byte
For i = 0 To UBound(AsmCode)
  AsmCode(i) = CByte("&H" & Mid(OPcode, i * 2 + 1, 2))
Next
  Get_Result = CallWindowProc(VarPtr(AsmCode(0)), 0, 0, 0, 0)
End FunctionFunction Get_Code() As String
  Get_Code = OPcode
End Function
Function Run_ASM(pid As Long) As Long             '注入，远程线程运行
Dim i As Long, tmp_Addr As Long, RThwnd As Long, h As Long, Ret As Long
ReDim AsmCode(Len(OPcode) / 2 - 1) As Byte
For i = 0 To UBound(AsmCode)
  AsmCode(i) = CByte("&H" & Mid(OPcode, i * 2 + 1, 2))
Next
  h = OpenProcess(PROCESS_ALL_ACCESS, False, pid)
  tmp_Addr = VirtualAllocEx(h, ByVal 0&, UBound(AsmCode) + 1, MEM_COMMIT, PAGE_EXECUTE_READWRITE)
  WriteProcessMemory h, ByVal tmp_Addr, ByVal VarPtr(AsmCode(0)), UBound(AsmCode) + 1, ByVal 0&
'MsgBox Hex(tmp_Addr)
  RThwnd = CreateRemoteThread(h, ByVal 0&, 0, ByVal tmp_Addr, ByVal 0&, ByVal 0&, ByVal 0&)Do
  Ret = WaitForSingleObject(RThwnd, 100)
  DoEvents
Loop Until Ret <> WAIT_TIMEOUT
  VirtualFreeEx h, ByVal tmp_Addr, UBound(AsmCode) + 1, ByVal MEM_DECOMMIT
  VirtualFreeEx h, ByVal tmp_Addr, 0, ByVal MEM_RELEASE
  CloseHandle RThwnd
  CloseHandle h
  OPcode = ""
End FunctionFunction Int2Hex(Value As Long, n As Long) As String '高地位互换
Dim tmp1 As String, tmp2 As String, i As Long
  tmp1 = Right("0000000" + Hex(Value), n)
For i = 0 To Len(tmp1) / 2 - 1
  tmp2 = tmp2 + Mid(tmp1, Len(tmp1) - 1 - 2 * i, 2)
Next i
  Int2Hex = tmp2
End Function[/code]

解决方案 »

免费领取超大流量手机卡，每月29元包185G流量+100分钟通话, 中国电信官方发货

Function Lea_ECX_DWORD_Ptr_EDI_Add(i As Long) As Long
If i <= 127 And i >= -128 Then
OPcode = OPcode + "8D4F" + Int2Hex(i, 2)
Else
OPcode = OPcode + "8D8F" + Int2Hex(i, 8)
End If
End FunctionFunction Lea_ECX_DWORD_Ptr_EBP_Add(i As Long) As Long
If i <= 127 And i >= -128 Then
OPcode = OPcode + "8D4D" + Int2Hex(i, 2)
Else
OPcode = OPcode + "8D8D" + Int2Hex(i, 8)
End If
End FunctionFunction Lea_ECX_DWORD_Ptr_ESI_Add(i As Long) As Long
If i <= 127 And i >= -128 Then
OPcode = OPcode + "8D4E" + Int2Hex(i, 2)
Else
OPcode = OPcode + "8D8E" + Int2Hex(i, 8)
End If
End FunctionFunction Lea_EDX_DWORD_Ptr_EAX_Add(i As Long) As Long
If i <= 127 And i >= -128 Then
OPcode = OPcode + "8D50" + Int2Hex(i, 2)
Else
OPcode = OPcode + "8D90" + Int2Hex(i, 8)
End If
End FunctionFunction Lea_EDX_DWORD_Ptr_ESP_Add(i As Long) As Long
If i <= 127 And i >= -128 Then
OPcode = OPcode + "8D5424" + Int2Hex(i, 2)
Else
OPcode = OPcode + "8D9424" + Int2Hex(i, 8)
End If
End FunctionFunction Lea_EDX_DWORD_Ptr_EBX_Add(i As Long) As Long
If i <= 127 And i >= -128 Then
OPcode = OPcode + "8D53" + Int2Hex(i, 2)
Else
OPcode = OPcode + "8D93" + Int2Hex(i, 8)
End If
End FunctionFunction Lea_EDX_DWORD_Ptr_ECX_Add(i As Long) As Long
If i <= 127 And i >= -128 Then
OPcode = OPcode + "8D51" + Int2Hex(i, 2)
Else
OPcode = OPcode + "8D91" + Int2Hex(i, 8)
End If
End FunctionFunction Lea_EDX_DWORD_Ptr_EDX_Add(i As Long) As Long
If i <= 127 And i >= -128 Then
OPcode = OPcode + "8D52" + Int2Hex(i, 2)
Else
OPcode = OPcode + "8D92" + Int2Hex(i, 8)
End If
End FunctionFunction Lea_EDX_DWORD_Ptr_EDI_Add(i As Long) As Long
If i <= 127 And i >= -128 Then
OPcode = OPcode + "8D57" + Int2Hex(i, 2)
Else
OPcode = OPcode + "8D97" + Int2Hex(i, 8)
End If
End FunctionFunction Lea_EDX_DWORD_Ptr_EBP_Add(i As Long) As Long
If i <= 127 And i >= -128 Then
OPcode = OPcode + "8D55" + Int2Hex(i, 2)
Else
OPcode = OPcode + "8D95" + Int2Hex(i, 8)
End If
End FunctionFunction Lea_EDX_DWORD_Ptr_ESI_Add(i As Long) As Long
If i <= 127 And i >= -128 Then
OPcode = OPcode + "8D56" + Int2Hex(i, 2)
Else
OPcode = OPcode + "8D96" + Int2Hex(i, 8)
End If
End Function'POP
Function Pop_EAX() As Long
OPcode = OPcode + "58"
End FunctionFunction Pop_EBX() As Long
OPcode = OPcode + "5B"
End FunctionFunction Pop_ECX() As Long
OPcode = OPcode + "59"
End FunctionFunction Pop_EDX() As Long
OPcode = OPcode + "5A"
End FunctionFunction Pop_ESI() As Long
OPcode = OPcode + "5E"
End FunctionFunction Pop_ESP() As Long
OPcode = OPcode + "5C"
End FunctionFunction Pop_EDI() As Long
OPcode = OPcode + "5F"
End FunctionFunction Pop_EBP() As Long
OPcode = OPcode + "5D"
End FunctionFunction Mov_DWORD_Ptr_EAX_EAX() As Long                             'mov[eax],eax
OPcode = OPcode + "8900"
End FunctionFunction Mov_DWORD_Ptr_EAX_EBX() As Long                             'mov[eax],ebx
OPcode = OPcode + "8918"
End FunctionFunction Mov_DWORD_Ptr_EAX_ECX() As Long                             'mov[eax],ecx
OPcode = OPcode + "8908"
End FunctionFunction Mov_DWORD_Ptr_EAX_EDX() As Long                             'mov[eax],edx
OPcode = OPcode + "8910"
End Function
Function Mov_DWORD_Ptr_EBX_EAX() As Long                             'mov[ebx],eax
OPcode = OPcode + "8903"
End FunctionFunction Mov_DWORD_Ptr_EBX_EBX() As Long                             'mov[ebx],ebx
OPcode = OPcode + "891B"
End FunctionFunction Mov_DWORD_Ptr_EBX_ECX() As Long                             'mov[ebx],ecx
OPcode = OPcode + "890B"
End FunctionFunction Mov_DWORD_Ptr_EBX_EDX() As Long                             'mov[ebx],edx
OPcode = OPcode + "8913"
End Function
Function Mov_DWORD_Ptr_ECX_EAX() As Long                             'mov[ecx],eax
OPcode = OPcode + "8901"
End FunctionFunction Mov_DWORD_Ptr_ECX_EBX() As Long                             'mov[ecx],ebx
OPcode = OPcode + "8919"
End FunctionFunction Mov_DWORD_Ptr_ECX_ECX() As Long                             'mov[ecx],ecx
OPcode = OPcode + "8909"
End FunctionFunction Mov_DWORD_Ptr_ECX_EDX() As Long                             'mov[ecx],edx
OPcode = OPcode + "8911"
End Function
Function Mov_DWORD_Ptr_EDX_EAX() As Long                             'mov[edx],eax
OPcode = OPcode + "8902"
End FunctionFunction Mov_DWORD_Ptr_EDX_EBX() As Long                             'mov[edx],ebx
OPcode = OPcode + "891A"
End FunctionFunction Mov_DWORD_Ptr_EDX_ECX() As Long                             'mov[edx],ecx
OPcode = OPcode + "890A"
End FunctionFunction Mov_DWORD_Ptr_EDX_EDX() As Long                             'mov[edx],edx
OPcode = OPcode + "8912"
End Function
'Function Mov_DWORD_Ptr_EAX(i As Long) As Long                        'mov[xxx],eax
'OPcode = OPcode + "A3" + Int2Hex(i, 8)
'End Function
Function SUB_ESP(x As Long) As Long                                  'sub ESP,X
If x <= 127 And x >= -128 Then
  OPcode = OPcode + "83EC" + Int2Hex(x, 2)
Else
  OPcode = OPcode + "81EC" + Int2Hex(x, 8)
End If
End Function

Function Mov_DWORD_Ptr_ESP(x As Long) As Long                        'mov[ESP],X
OPcode = OPcode + "C70424" + Int2Hex(x, 8)
End FunctionFunction Mov_DWORD_Ptr_ESP_ADD_EAX(x As Long) As Long                'mov[ESP+X],EAX
If x <= 127 And x >= -128 Then
  OPcode = OPcode + "894424" + Int2Hex(x, 2)
Else
  OPcode = OPcode + "898424" + Int2Hex(x, 8)
End If
End FunctionFunction Mov_DWORD_Ptr_ESP_ADD(x As Long, y As Long) As Long         'mov[ESP+X],Y
If x <= 127 And x >= -128 Then
  OPcode = OPcode + "C74424" + Int2Hex(x, 2) + Int2Hex(y, 8)
Else
  OPcode = OPcode + "C78424" + Int2Hex(x, 8) + Int2Hex(y, 8)
End If
End FunctionFunction Mov_DWORD_Ptr_EAX_ADD(x As Long, y As Long) As Long         'mov[EAX+X],Y
If x <= 127 And x >= -128 Then
  OPcode = OPcode + "C740" + Int2Hex(x, 2) + Int2Hex(y, 8)
Else
  OPcode = OPcode + "C780" + Int2Hex(x, 8) + Int2Hex(y, 8)
End If
End FunctionFunction Mov_DWORD_Ptr_ECX_ADD_EAX(i As Long) As Long 'mov [ecx],eax
If i <= 127 Then
OPcode = OPcode + "8941" + Int2Hex(i, 2)
Else
OPcode = OPcode + "8981" + Int2Hex(i, 8)
End If
End FunctionFunction Mov_ESI_DWORD_Ptr_ESI_Add(i As Long) As Long
OPcode = OPcode + "8B76" + Int2Hex(i, 2)
End FunctionFunction Mov_EAX_EAX_Add(i As Long) As Long
OPcode = OPcode + "8B40" + Int2Hex(i, 2)
End FunctionFunction Mov_ESI_EAX_Add(i As Long) As Long
OPcode = OPcode + "8BB0" + Int2Hex(i, 2)
End Function