OpenRCE_Saphex
December 19th, 2007, 03:31
Hi,
I was reading some of deroko work on his home page when I stumbled upon Nanomites.w32. After reading the source and understanding what Nanomites were all about (wont explain it) I decided to implement a newer version with some minor changes. The following is the new macro.
Just need to change the exception handler to verify if the exception was generated by the Nanomites code checking the first byte after the exception eip.
Best regards,
saphex
References:
Deroko Home Page ("http://deroko.phearless.org/")
https://www.openrce.org/blog/view/999/Nanomites_by_Deroko
I was reading some of deroko work on his home page when I stumbled upon Nanomites.w32. After reading the source and understanding what Nanomites were all about (wont explain it) I decided to implement a newer version with some minor changes. The following is the new macro.
Code:
EXCEP_INT3 equ 010h
EXCEP_DIV0 equ 011h
EXCEP_PRIV equ 012h
EXCEP_ILLE equ 013h
EXCEP_ACCE equ 014h
nanomite_m macro i_ExcepType, i_JumpType, i_Address
local @nano
@nano:
if i_ExcepType eq EXCEPT_INT3
int 03h
elif i_ExcepType eq EXCEP_DIV0
xor ebx, ebx
xor edx, edx
mov eax, 02h
div ebx
elif i_ExcepType eq EXCEP_ACCE
xor eax, eax
xchg dword ptr [eax], eax
elif i_ExcepType eq EXCEP_PRIV
; TODO: Add code to generate this exception
elif i_ExcepType eq EXCEP_ILLE
; TODO: Add code to generate this exception
endif
db i_ExcepType
db i_JumpType
dd offset i_Address - offset @nano
endm
Just need to change the exception handler to verify if the exception was generated by the Nanomites code checking the first byte after the exception eip.
Best regards,
saphex
References:
Deroko Home Page ("http://deroko.phearless.org/")
https://www.openrce.org/blog/view/999/Nanomites_by_Deroko