Page 1 of 1
*Start = AllocateExecutableMemory(Size.L)
Posted: Wed Sep 26, 2007 2:04 am
by Ollivier
It'd be cool executing this code
:
Code: Select all
*Start = AllocateExecutableMemory(1)
PokeB(*Start, $CB)
CallFunctionFast(*Start)
Posted: Wed Sep 26, 2007 7:36 am
by Rings
*stop=MakingTrojansForDummies(<Insert Nickname here>)
Posted: Sun Sep 30, 2007 10:23 pm
by Ollivier
Yes! It's right! It's shame too...
Posted: Mon Oct 01, 2007 9:45 am
by DoubleDutch
Maybe an optional flag to specify the type of memory or if it should be pre-cleared would be handy.
Posted: Sat Oct 06, 2007 8:04 am
by Ollivier
@Rings
A solution in order to prevent dummies from such an infection should be adding a warning input requester at the beginning of the execution.
Code: Select all
Caution ! This program could contain a virus : Are you sure you want to execute it ?
[Yes] [No] [Cancel]
A second solution : limit the size of such a memory area. The quantity too. I see two reason to have this functionnality :
1) protect the code by autoreferency enkryption. Thing I never saw actually.
2) use a new possibility of call of procedure.
In the past, in the old Basic compiler named Quick-Basic, there was a function named :
On Value Goto Label1, Label2, Label3, etc...
Maybe other users can find other functionnalities available with this options.
Posted: Sat Oct 06, 2007 8:50 am
by Rings
lol
Posted: Sat Oct 06, 2007 9:22 am
by DoubleDutch
Ollivier: You cannot be serious with this suggestion? Anyone who wanted to bypass your ideas would just use the API.
I think if these extensions were added then it would be great, but with no "nanny state" warning messages please.
Posted: Sat Oct 06, 2007 9:39 am
by Ollivier
Yes, yes! CallFunctionFast() Okay but not JumpFast, cause actually OOC... slow, slow... Lol ?
Code: Select all
Object1()
...
code
...
JMP {lea Object2() } << Poke!
Object2()
...
code
...
JMP {lea Object3() } << Poke!
Object3()
...
code
...
JMP {lea Object1() } << And Poke!
And when you've a picture to transform with ! REP MOVSD, it's cool to prepare registers
before the execution... not during the one, exactly like the code above.
>> Autoreferency enkrypton... What's that?
Maybe an expression with lots of error that a french try to translate!
Yes! It's only that... I just hope it's not a patent I'm able to execute with an old compiler I wanna forget!
Code: Select all
In this rectangle:
1) There is ... time(s) the figure 4
2) There is ... time(s) the figure 3
3) There is ... time(s) the figure 2
4) There is ... time(s) the figure 1
I think it's a good illustration of the autoreferency bordel.
So! Happy to discover your humour!
Posted: Sat Oct 06, 2007 9:43 am
by DoubleDutch
>> Autoreferency enkrypton... What's that?
Maybe an expression with lots of error that a french try to translate!
Who are you replying to? Has a post been deleted?
Posted: Sat Oct 06, 2007 9:49 am
by Ollivier
@DoubleDutch
If the PB team gives us this technic, he'll use to protect PBCompiler again hacking. Now, draw a message and input the keyboard, it's not only the API...
You give me an idea...
...
Posted: Sat Oct 06, 2007 9:52 am
by PB
> Who are you replying to? Has a post been deleted?
He's referring to the fifth post in this thread, where "autoreferency enkryption"
is first mentioned. I guess he used ">>" to point out that phrase, rather than
use it as quote marks (as some people, including myself, do).
Posted: Sat Oct 06, 2007 9:53 am
by Ollivier
@DD
no... no deleted post
Just the function AllocateExecutableMemory() allows us really to protect executable code.
Auto-reference resolution, it's simple: more it's false, more it's longer.
EDIT : Rings had right : lol
I seem like ET...
Posted: Sat Oct 06, 2007 5:24 pm
by DoubleDutch
ic...
I think that adding the extra flags to AllocateMemory, is the best way to go. It means no extra commands that are basically just mods of the other commands.
Eg:
address=AllocateMemory(4000,#PB_Memory_Code) ; default is #PB_Memory_Data
Posted: Thu Oct 11, 2007 2:06 pm
by Trond
This would be useful for a scripting language.
Posted: Tue Oct 16, 2007 1:53 pm
by Iron_Meiden
Special for Rings...
Code: Select all
\ Just for fun (Win32Forth v6.13.00)...
: Test CR S" Hi, I'm a trojan for all dummies !!1" TYPE CR ;
HERE CONSTANT TestEnd
' Test CONSTANT TestStart
TestEnd TestStart - Constant CodeSize
CodeSize Allocate Drop Value MEMORY
TestStart MEMORY CodeSize MOVE
MEMORY EXECUTE