|
|
|
Windows 可执行模块安全自删除技术
可以先提升自身进程的优先级再执行WinExec(szCMD,0);可大大提高成功率. MoveFileEx的方法可能会把不想删除的文件删掉,例如卸载一个软件设定重启删除,然后重新安装该软件,结果重启后刚安装的文件被删掉了. |
|
[原创]Upack0.399.GUI
没有特殊要求还是用WinUpack0.39吧. |
|
|
|
[讨论]windows下一代操作系统会废弃现有的API接口吗?
这个不敢保证,如果考虑编程的兼容性,程序内核尽量用标准库,而不是Win32API. 不过除非彻底系统换代(如纯64位系统),否则不会轻易废弃Win32API的. |
|
[ZT]Complete Instruction Set Table by anorganix
LAHF 9F Load Status Flags into AH LAR r32,r/m32 0F 02 /r Load Access Rights Byte LDS r32,m16:32 C5 /r Load DS:r32 with far ptr LEA r32,m 8D /r Load effective address LEAVE C9 Set ESP to EBP, then pop EBP LES r32,m16:32 C4 /r Load ES:r32 with far ptr LFS r32,m16:32 0F B4 /r Load FS:r32 with far ptr LGS r32,m16:32 0F B5 /r Load GS:r32 with far ptr LGDT m16&32 0F 01 /2 Load m into GDTR LIDT m16&32 0F 01 /3 Load m into IDTR LLDT r/m16 0F 00 /2 Load segment selector r/m16 into LDTR LMSW r/m16 0F 01 /6 Load r/m16 in machine status word of CR0 LOCK F0 Asserts LOCK signal for duration .. LODS m8 AC Load byte at address DS:(E)SI into AL LODS m32 AD Load dword at address DS:(E)SI into EAX LOOP rel8 E2 cb Dec count;jump if count # 0 LOOPE rel8 E1 cb Dec count;jump if count # 0 and ZF=1 LOOPZ rel8 E1 cb Dec count;jump if count # 0 and ZF=1 LOOPNE rel8 E0 cb Dec count;jump if count # 0 and ZF=0 LOOPNZ rel8 E0 cb Dec count;jump if count # 0 and ZF=0 LSL r16,r/m16 0F 03 /r Load Segment Limit LSL r32,r/m32 0F 03 /r Load Segment Limit LSS r32,m16:32 0F B2 /r Load SS:r32 with far ptr LTR r/m16 0F 00 /3 Load Task Register MOV r/m8,r8 88 /r Move MOV r/m32,r32 89 /r Move MOV r8,r/m8 8A /r Move MOV r32,r/m32 8B /r Move MOV r/m16,Sreg** 8C /r Move segment register to r/m16 MOV Sreg,r/m16** 8E /r Move r/m16 to segment register MOV AL, moffs8* A0 Move byte at ( seg:offset) to AL MOV AX, moffs16* A1 Move word at ( seg:offset) to AX MOV EAX, moffs32* A1 Move dword at ( seg:offset) to EAX MOV moffs8*,AL A2 Move AL to ( seg:offset) MOV moffs16*,AX A3 Move AX to ( seg:offset) MOV moffs32*,EAX A3 Move EAX to ( seg:offset) MOV r8,imm8 B0+rb Move imm8 to r8 MOV r32,imm32 B8+rd Move imm32 to r32 MOV r/m8,imm8 C6 /0 ib Move imm8 to r/m8 MOV r/m32,imm32 C7 /0 id Move imm32 to r/m32 MOV CR0, r32 0F 22 /r Move r32 to CR0 MOV CR2, r32 0F 22 /r Move r32 to CR2 MOV CR3, r32 0F 22 /r Move r32 to CR3 MOV CR4, r32 0F 22 /r Move r32 to CR4 MOV r32,CR0 0F 20 /r Move CR0 to r32 MOV r32,CR2 0F 20 /r Move CR2 to r32 MOV r32,CR3 0F 20 /r Move CR3 to r32 MOV r32,CR4 0F 20 /r Move CR4 to r32 MOV r32,DR0-DR7 0F 21 /r Move debug register to r32 MOV DR0-DR7,r32 0F 23 /r Move r32 to debug register MOVD mm,r/m32 0F 6E /r Move doubleword from r/m32 to mm MOVD r/m32,mm 0F 7E /r Move doubleword from mm to r/m32 MOVQ mm,mm/m64 0F 6F /r Move quadword from mm/m64 to mm MOVQ mm/m64,mm 0F 7F /r Move quadword from mm to mm/m64 MOVS m8,m8 A4 Move byte at DS:(E)SI to ES:(E)DI MOVS m32,m32 A5 Move dword at DS:(E)SI to ES:(E)DI MOVSX r32,r/m8 0F BE /r Move byte to doubleword, sign-extension MOVSX r32,r/m16 0F BF /r Move word to doubleword, sign-extension MOVZX r32,r/m8 0F B6 /r Move byte to doubleword, zero-extension MOVZX r32,r/m16 0F B7 /r Move word to doubleword, zero-extension MUL r/m8 F6 /4 Unsigned multiply MUL r/m32 F7 /4 Unsigned multiply NEG r/m8 F6 /3 Two's complement negate r/m8 NEG r/m32 F7 /3 Two's complement negate r/m32 NOP 90 No operation NOT r/m8 F6 /2 Reverse each bit of r/m8 NOT r/m32 F7 /2 Reverse each bit of r/m32 OR AL,imm8 0C ib OR OR EAX,imm32 0D id OR OR r/m8,imm8 80 /1 ib OR OR r/m32,imm32 81 /1 id OR OR r/m32,imm8 83 /1 ib OR OR r/m8,r8 08 /r OR OR r/m32,r32 09 /r OR OR r8,r/m8 0A /r OR OR r32,r/m32 0B /r OR OUT imm8,AL E6 ib Output byte in AL to I/O(imm8) OUT imm8,EAX E7 ib Output dword in EAX to I/O(imm8) OUT DX,AL EE Output byte in AL to I/O(DX) OUT DX,EAX EF Output dword in EAX to I/O(DX) OUTS DX,m8 6E Output byte from DS:(E)SI to I/O(DX) OUTS DX,m32 6F Output dword from DS:(E)SI to I/O (DX) PACKSSWB mm,mm/m64 0F 63 /r Pack with Signed Saturation PACKSSDW mm,mm/m64 0F 6B /r Pack with Signed Saturation PACKUSWB mm,mm/m64 0F 67 /r Pack with Unsigned Saturation PADDB mm,mm/m64 0F FC /r Add packed bytes PADDW mm,mm/m64 0F FD /r Add packed words PADDD mm,mm/m64 0F FE /r Add packed dwords PADDSB mm,mm/m64 0F EC /r Add signed packed bytes PADDSW mm,mm/m64 0F ED /r Add signed packed words PADDUSB mm,mm/m64 0F DC /r Add unsigned pkd bytes PADDUSW mm,mm/m64 0F DD /r Add unsigned pkd words PAND mm,mm/m64 0F DB /r AND quadword from .. to .. PANDN mm,mm/m64 0F DF /r And qword from .. to NOT qw in mm PCMPEQB mm,mm/m64 0F 74 /r Packed Compare for Equal PCMPEQW mm,mm/m64 0F 75 /r Packed Compare for Equal PCMPEQD mm,mm/m64 0F 76 /r Packed Compare for Equal PCMPGTB mm,mm/m64 0F 64 /r Packed Compare for GT PCMPGTW mm,mm/m64 0F 65 /r Packed Compare for GT PCMPGTD mm,mm/m64 0F 66 /r Packed Compare for GT PMADDWD mm,mm/m64 0F F5 /r Packed Multiply and Add PMULHW mm,mm/m64 0F E5 /r Packed Multiply High PMULLW mm,mm/m64 0F D5 /r Packed Multiply Low POP m32 8F /0 Pop m32 POP r32 58+rd Pop r32 POP DS 1F Pop DS POP ES 07 Pop ES POP SS 17 Pop SS POP FS 0F A1 Pop FS POP GS 0F A9 Pop GS POPAD 61 Pop EDI,... and EAX POPFD 9D Pop Stack into EFLAGS Register POR mm,mm/m64 0F EB /r OR qword from .. to mm PSLLW mm,mm/m64 0F F1 /r Packed Shift Left Logical PSLLW mm,imm8 0F 71 /6 ib Packed Shift Left Logical PSLLD mm,mm/m64 0F F2 /r Packed Shift Left Logical PSLLD mm,imm8 0F 72 /6 ib Packed Shift Left Logical PSLLQ mm,mm/m64 0F F3 /r Packed Shift Left Logical PSLLQ mm,imm8 0F 73 /6 ib Packed Shift Left Logical PSRAW mm,mm/m64 0F E1 /r Packed Shift Right Arithmetic PSRAW mm,imm8 0F 71 /4 ib Packed Shift Right Arithmetic PSRAD mm,mm/m64 0F E2 /r Packed Shift Right Arithmetic PSRAD mm,imm8 0F 72 /4 ib Packed Shift Right Arithmetic PSRLW mm,mm/m64 0F D1 /r Packed Shift Right Logical PSRLW mm,imm8 0F 71 /2 ib Packed Shift Right Logical PSRLD mm,mm/m64 0F D2 /r Packed Shift Right Logical PSRLD mm,imm8 0F 72 /2 ib Packed Shift Right Logical PSRLQ mm,mm/m64 0F D3 /r Packed Shift Right Logical PSRLQ mm,imm8 0F 73 /2 ib Packed Shift Right Logical PSUBB mm,mm/m64 0F F8 /r Packed Subtract PSUBW mm,mm/m64 0F F9 /r Packed Subtract PSUBD mm,mm/m64 0F FA /r Packed Subtract PSUBSB mm,mm/m64 0F E8 /r Packed Subtract with Saturation PSUBSW mm,mm/m64 0F E9 /r Packed Subtract with Saturation PSUBUSB mm,mm/m64 0F D8 /r Packed Subtract Unsigned with S. PSUBUSW mm,mm/m64 0F D9 /r Packed Subtract Unsigned with S. PUNPCKHBW mm,mm/m64 0F 68 /r Unpack High Packed Data PUNPCKHWD mm,mm/m64 0F 69 /r Unpack High Packed Data PUNPCKHDQ mm,mm/m64 0F 6A /r Unpack High Packed Data PUNPCKLBW mm,mm/m32 0F 60 /r Unpack Low Packed Data PUNPCKLWD mm,mm/m32 0F 61 /r Unpack Low Packed Data PUNPCKLDQ mm,mm/m32 0F 62 /r Unpack Low Packed Data PUSH r/m32 FF /6 Push r/m32 PUSH r32 50+rd Push r32 PUSH imm8 6A ib Push imm8 PUSH imm32 68 id Push imm32 PUSH CS 0E Push CS PUSH SS 16 Push SS PUSH DS 1E Push DS PUSH ES 06 Push ES PUSH FS 0F A0 Push FS PUSH GS 0F A8 Push GS PUSHAD 60 Push All g-regs PUSHFD 9C Push EFLAGS PXOR mm,mm/m64 0F EF /r XOR qword RCL r/m8,1 D0 /2 Rotate 9 bits left once RCL r/m8,CL D2 /2 Rotate 9 bits left CL times RCL r/m8,imm8 C0 /2 ib Rotate 9 bits left imm8 times RCL r/m32,1 D1 /2 Rotate 33 bits left once RCL r/m32,CL D3 /2 Rotate 33 bits left CL times RCL r/m32,imm8 C1 /2 ib Rotate 33 bits left imm8 times RCR r/m8,1 D0 /3 Rotate 9 bits right once RCR r/m8,CL D2 /3 Rotate 9 bits right CL times RCR r/m8,imm8 C0 /3 ib Rotate 9 bits right imm8 times RCR r/m32,1 D1 /3 Rotate 33 bits right once RCR r/m32,CL D3 /3 Rotate 33 bits right CL times RCR r/m32,imm8 C1 /3 ib Rotate 33 bits right imm8 times ROL r/m8,1 D0 /0 Rotate 8 bits r/m8 left once ROL r/m8,CL D2 /0 Rotate 8 bits r/m8 left CL times ROL r/m8,imm8 C0 /0 ib Rotate 8 bits r/m8 left imm8 times ROL r/m32,1 D1 /0 Rotate 32 bits r/m32 left once ROL r/m32,CL D3 /0 Rotate 32 bits r/m32 left CL times ROL r/m32,imm8 C1 /0 ib Rotate 32 bits r/m32 left imm8 times ROR r/m8,1 D0 /1 Rotate 8 bits r/m8 right once ROR r/m8,CL D2 /1 Rotate 8 bits r/m8 right CL times ROR r/m8,imm8 C0 /1 ib Rotate 8 bits r/m16 right imm8 times ROR r/m32,1 D1 /1 Rotate 32 bits r/m32 right once ROR r/m32,CL D3 /1 Rotate 32 bits r/m32 right CL times ROR r/m32,imm8 C1 /1 ib Rotate 32 bits r/m32 right imm8 times RDMSR 0F 32 Read from Model Specific Register RDPMC 0F 33 Read Performance-Monitoring counters RDTSC 0F 31 Read Time-Stamp Counter REP INS m8,DX F3 6C Input ECX bytes from port DX into ES:[(E)DI] REP INS m32,DX F3 6D Input ECX dwords from port DX into ES:[(E)DI] REP MOVS m8,m8 F3 A4 Move ECX bytes from DS:[(E)SI] to ES:[(E)DI] REP MOVS m32,m32 F3 A5 Move ECX dwords from DS:[(E)SI] to ES:[(E)DI] REP OUTS DX,m8 F3 6E Output ECX bytes from DS:[(E)SI] to port DX REP OUTS DX,m32 F3 6F Output ECX dwords from DS:[(E)SI] to port DX REP LODS AL F3 AC Load ECX bytes from DS:[(E)SI] to AL REP LODS EAX F3 AD Load ECX dwords from DS:[(E)SI] to EAX REP STOS m8 F3 AA Fill ECX bytes at ES:[(E)DI] with AL REP STOS m32 F3 AB Fill ECX dwords at ES:[(E)DI] with EAX REPE CMPS m8,m8 F3 A6 Find nonmatching bytes in m and m REPE CMPS m32,m32 F3 A7 Find nonmatching dwords in m and m REPE SCAS m8 F3 AE Find non-AL byte starting at REPE SCAS m32 F3 AF Find non-EAX dword starting at REPNE CMPS m8,m8 F2 A6 Find matching bytes in m and m REPNE CMPS m32,m32 F2 A7 Find matching dwords in m and m REPNE SCAS m8 F2 AE Find AL, starting at ES:[(E)DI] REPNE SCAS m32 F2 AF Find EAX, starting at ES:[(E)DI] RET C3 Near return RET CB Far return RET imm16 C2 iw Near return, pop imm16 bytes from stack RET imm16 CA iw Far return, pop imm16 bytes from stack RSM 0F AA Resume from System Management SAHF 9E Store AH into Flags SAL r/m8,1 D0 /4 Shift Arithmetic Left SAL r/m8,CL D2 /4 Shift Arithmetic Left SAL r/m8,imm8 C0 /4 ib Shift Arithmetic Left SAL r/m32,1 D1 /4 Shift Arithmetic Left SAL r/m32,CL D3 /4 Shift Arithmetic Left SAL r/m32,imm8 C1 /4 ib Shift Arithmetic Left SAR r/m8,1 D0 /7 Shift Arithmetic Right SAR r/m8,CL D2 /7 Shift Arithmetic Right SAR r/m8,imm8 C0 /7 ib Shift Arithmetic Right SAR r/m32,1 D1 /7 Shift Arithmetic Right SAR r/m32,CL D3 /7 Shift Arithmetic Right SAR r/m32,imm8 C1 /7 ib Shift Arithmetic Right SHL r/m8,1 D0 /4 Shift Logical Left SHL r/m8,CL D2 /4 Shift Logical Left SHL r/m8,imm8 C0 /4 ib Shift Logical Left SHL r/m32,1 D1 /4 Shift Logical Left SHL r/m32,CL D3 /4 Shift Logical Left SHL r/m32,imm8 C1 /4 ib Shift Logical Left SHR r/m8,1 D0 /5 Shift Logical Right SHR r/m8,CL D2 /5 Shift Logical Right SHR r/m8,imm8 C0 /5 ib Shift Logical Right SHR r/m32,1 D1 /5 Shift Logical Right SHR r/m32,CL D3 /5 Shift Logical Right SHR r/m32,imm8 C1 /5 ib Shift Logical Right SBB AL,imm8 1C ib Subtract with borrow SBB EAX,imm32 1D id Subtract with borrow SBB r/m8,imm8 80 /3 ib Subtract with borrow SBB r/m32,imm32 81 /3 id Subtract with borrow SBB r/m32,imm8 83 /3 ib Subtract with borrow SBB r/m8,r8 18 /r Subtract with borrow SBB r/m32,r32 19 /r Subtract with borrow SBB r8,r/m8 1A /r Subtract with borrow SBB r32,r/m32 1B /r Subtract with borrow SCAS m8 AE Scan String SCAS m32 AF Scan String SETA r/m8 0F 97 /r Set byte if above SETAE r/m8 0F 93 /r Set byte if above or equal SETB r/m8 0F 92 /r Set byte if below SETBE r/m8 0F 96 /r Set byte if below or equal SETE r/m8 0F 94 /r Set byte if equal SETG r/m8 0F 9F /r Set byte if greater SETGE r/m8 0F 9D /r Set byte if greater or equal SETL r/m8 0F 9C /r Set byte if less SETLE r/m8 0F 9E /r Set byte if less or equal SETNE r/m8 0F 95 /r Set byte if not equal SETNO r/m8 0F 91 /r Set byte if not overflow SETNS r/m8 0F 99 /r Set byte if not sign SETO r/m8 0F 90 /r Set byte if overflow SETPE r/m8 0F 9A /r Set byte if parity even SETPO r/m8 0F 9B /r Set byte if parity odd SETS r/m8 0F 98 /r Set byte if sign SGDT m 0F 01 /0 Store GDTR to m SIDT m 0F 01 /1 Store IDTR to m SHLD r/m32,r32,imm8 0F A4 /r ib Double Precision Shift Left SHLD r/m32,r32,CL 0F A5 /r Double Precision Shift Left SHRD r/m32,r32,imm8 0F AC /r ib Double Precision Shift Right SHRD r/m32,r32,CL 0F AD /r Double Precision Shift Right SLDT r/m32 0F 00 /0 Store Local Descriptor Table Register SMSW r/m32 0F 01 /4 Store Machine Status Word STC F9 Set Carry Flag STD FD Set Direction Flag STI FB Set Interrup Flag STOS m8 AA Store String STOS m32 AB Store String STR r/m16 0F 00 /1 Store Task Register SUB AL,imm8 2C ib Subtract SUB EAX,imm32 2D id Subtract SUB r/m8,imm8 80 /5 ib Subtract SUB r/m32,imm32 81 /5 id Subtract SUB r/m32,imm8 83 /5 ib Subtract SUB r/m8,r8 28 /r Subtract SUB r/m32,r32 29 /r Subtract SUB r8,r/m8 2A /r Subtract SUB r32,r/m32 2B /r Subtract TEST AL,imm8 A8 ib Logical Compare TEST EAX,imm32 A9 id Logical Compare TEST r/m8,imm8 F6 /0 ib Logical Compare TEST r/m32,imm32 F7 /0 id Logical Compare TEST r/m8,r8 84 /r Logical Compare TEST r/m16,r16 85 /r Logical Compare TEST r/m32,r32 85 /r Logical Compare UD2 0F 0B Undifined Instruction VERR r/m16 0F 00 /4 Verify a Segment for Reading VERW r/m16 0F 00 /5 Verify a Segment for Writing WAIT 9B Wait FWAIT 9B Wait WBINVD 0F 09 Write Back and Invalidate Cache WRMSR 0F 30 Write to Model Specific Register XADD r/m8,r8 0F C0 /r Exchange and Add XADD r/m16,r16 0F C1 /r Exchange and Add XADD r/m32,r32 0F C1 /r Exchange and Add XCHG EAX,r32 90+rd Exchange r32 with EAX XCHG r32,EAX 90+rd Exchange EAX with r32 XCHG r/m8,r8 86 /r Exchange byte XCHG r8,r/m8 86 /r Exchange byte XCHG r/m32,r32 87 /r Exchange doubleword XCHG r32,r/m32 87 /r Exchange doubleword XLAT m8 D7 Table Look-up Translation XOR AL,imm8 34 ib Logical Exclusive OR XOR EAX,imm32 35 id Logical Exclusive OR XOR r/m8,imm8 80 /6 ib Logical Exclusive OR XOR r/m32,imm32 81 /6 id Logical Exclusive OR XOR r/m32,imm8 83 /6 ib Logical Exclusive OR XOR r/m8,r8 30 /r Logical Exclusive OR XOR r/m32,r32 31 /r Logical Exclusive OR XOR r8,r/m8 32 /r Logical Exclusive OR XOR r32,r/m32 33 /r Logical Exclusive OR |
|
[ZT]Complete Instruction Set Table by anorganix
AAA 37 ASCII adjust AL after addition AAD D5 0A ASCII adjust AX before division AAM D4 0A ASCII adjust AX after multiplication AAS 3F ASCII adjust AL after subtraction ADC AL,imm8 14 ib Add with carry ADC EAX,imm32 15 id Add with carry ADC r/m8,imm8 80 /2 ib Add with carry ADC r/m32,imm32 81 /2 id Add with carry ADC r/m32,imm8 83 /2 ib Add with carry ADC r/m8,r8 10 /r Add with carry ADC r/m32,r32 11 /r Add with carry ADC r8,r/m8 12 /r Add with carry ADC r32,r/m32 13 /r Add with carry ADD AL,imm8 04 ib Add ADD EAX,imm32 05 id Add ADD r/m8,imm8 80 /0 ib Add ADD r/m32,imm32 81 /0 id Add ADD r/m32,imm8 83 /0 ib Add ADD r/m8,r8 00 /r ADD ADD r/m32,r32 01 /r ADD ADD r8,r/m8 02 /r ADD ADD r32,r/m32 03 /r ADD AND AL,imm8 24 ib AND AND EAX,imm32 25 id AND AND r/m8,imm8 80 /4 ib AND AND r/m32,imm32 81 /4 id AND AND r/m32,imm8 83 /4 ib AND AND r/m8,r8 20 /r AND AND r/m32,r32 21 /r AND AND r8,r/m8 22 /r AND AND r32,r/m32 23 /r AND ARPL r/m16,r16 63 /r Adjust Request Privilege Level of Sel. BOUND r32,m32&32 62 /r Check Array Index Against Bounds BSF r32,r/m32 0F BC /r Bit scan forward on r/m32 BSR r32,r/m32 0F BD /r Bit scan reverse on r/m32 BSWAP r32 0F C8+rd Reverses the byte order of a r32 BT r/m32,r32 0F A3 /r Bit Test BT r/m32,imm8 0F BA /4 ib Bit Test BTC r/m32,r32 0F BB /r Bit Test and Complement BTC r/m32,imm8 0F BA /7 ib Bit Test and Complement BTR r/m32,r32 0F B3 /r Bit Test and Clear BTR r/m32,imm8 0F BA /6 ib Bit Test and Clear BTS r/m32,r32 0F AB /r Bit Test and Set BTS r/m32,imm8 0F BA /5 ib Bit Test and Set CALL rel32 E8 cd Call near, rel to n.inst CALL r/m32 FF /2 Call near, abs.ind.add. given in r/m32 CALL ptr16:32 9A cp Call far, abs.add. given in operand CALL m16:32 FF /3 Call far, abs.ind.add. given in m16:32 CBW 98 Convert Byte to Word CWD 99 Convert Word to Doubleword CDQ 99 Convert Doubleword to Quadword CLC F8 Clear CF flag CLD FC Clear DF flag CLI FA Clear interrupt flag CLTS 0F 06 Clear Task-Switched Flag in Control Reg. Zero CMC F5 Complement CF flag CMOVA r32,r/m32 0F 47 /r Move if above CMOVAE r32,r/m32 0F 43 /r Move if above or equal CMOVB r32,r/m32 0F 42 /r Move if below CMOVBE r32,r/m32 0F 46 /r Move if below or equal CMOVC r32,r/m32 0F 42 /r Move if carry CMOVE r32,r/m32 0F 44 /r Move if equal CMOVG r32,r/m32 0F 4F /r Move if greater CMOVGE r32,r/m32 0F 4D /r Move if greater or equal CMOVL r32,r/m32 0F 4C /r Move if less CMOVLE r32,r/m32 0F 4E /r Move if less or equal CMOVNA r32,r/m32 0F 46 /r Move if not above CMOVNAE r32,r/m32 0F 42 /r Move if not above or equal CMOVNB r32,r/m32 0F 43 /r Move if not below CMOVNBE r32,r/m32 0F 47 /r Move if not below or equal CMOVNC r32,r/m32 0F 43 /r Move if not carry CMOVNE r32,r/m32 0F 45 /r Move if not equal CMOVNG r32,r/m32 0F 4E /r Move if not greater CMOVNGE r32,r/m32 0F 4C /r Move if not greater or equal CMOVNL r32,r/m32 0F 4D /r Move if not less CMOVNLE r32,r/m32 0F 4F /r Move if not less or equal CMOVNO r32,r/m32 0F 41 /r Move if not overflow CMOVNP r32,r/m32 0F 4B /r Move if not parity CMOVNS r32,r/m32 0F 49 /r Move if not sign CMOVNZ r32,r/m32 0F 45 /r Move if not zero CMOVO r32,r/m32 0F 40 /r Move if overflow CMOVP r32,r/m32 0F 4A /r Move if parity CMOVPE r32,r/m32 0F 4A /r Move if parity even CMOVPO r32,r/m32 0F 4B /r Move if parity odd CMOVS r32,r/m32 0F 48 /r Move if sign CMOVZ r32,r/m32 0F 44 /r Move if zero CMP AL,imm8 3C ib Compare CMP EAX,imm32 3D id Compare CMP r/m8,imm8 80 /7 ib Compare CMP r/m32,imm32 81 /7 id Compare CMP r/m32,imm8 83 /7 ib Compare CMP r/m8,r8 38 /r Compare CMP r/m32,r32 39 /r Compare CMP r8,r/m8 3A /r Compare CMP r32,r/m32 3B /r Compare CMPSB A6 Compare byte at DS:(E)SI with ES:(E)DI CMPSD A7 Compare dw at DS:(E)SI with ES:(E)DI CMPXCHG r/m8,r8 0F B0 /r Compare and Exchange CMPXCHG r/m32,r32 0F B1 /r Compare and Exchange CMPXCHG8B m64 0F C7 /1 m64 Compare and Exchange CPUID 0F A2 EAX := Processor id.info. DAA 27 Decimal adjust AL after addition DAS 2F Decimal adjust AL after subtraction DEC r/m8 FE /1 Decrement r/m8 by 1 DEC r/m32 FF /1 Decrement r/m32 by 1 DEC r32 48+rd Decrement r32 by 1 DIV r/m8 F6 /6 Unsigned divide AX by r/m8 DIV r/m16 F7 /6 Unsigned divide DX:AX by r/m16 DIV r/m32 F7 /6 Unsigned divide EDX:EAX by r/m32 EMMS 0F 77 Set the FP tag word to empty ENTER imm16,0 C8 iw 00 Create a stack frame for a procedure ENTER imm16,1 C8 iw 01 Create a nested stack frame for a proc. ENTER imm16,imm8 C8 iw ib Create a nested stack frame for a proc. F2XM1 D9 F0 Replace ST(0) with 2**ST(0) - 1 FABS D9 E1 Replace ST(0) with its absolute value FADD m32real D8 /0 Add m32real to ST(0) and s.r. in ST(0) FADD m64real DC /0 Add m64real to ST(0) and s.r.in ST(0) FADD ST(0),ST(i) D8 C0+i Add ST(0) to ST(i) and s.r.in ST(0) FADD ST(i),ST(0) DC C0+i Add ST(i) to ST(0) and s.r. in ST(i) FADDP ST(i),ST(0) DE C0+i Add ST(0) to ST(i), s.r.in ST(i),pop r.stack FADDP DE C1 Add ST(0) to ST(1), s.r.in ST(1),pop r.stack FIADD m32int DA /0 Add m32int to ST(0) and s.r.in ST(0) FIADD m16int DE /0 Add m16int to ST(0) and s.r.in ST(0) FBLD m80bcd DF /4 Convert m80BCD to real and push FBSTP m80bcd DF /6 Store ST(0) in m80bcd and pop ST(0) FCHS D9 E0 Complements sign of ST(0) FCLEX 9B DB E2 Clear f.e.f. after checking for .. FNCLEX DB E2 Clear f.e.f. without checking for .. FCMOVB ST(0),ST(i) DA C0+i Move if below FCMOVE ST(0),ST(i) DA C8+i Move if equal FCMOVBE ST(0),ST(i) DA D0+i Move if below or equal FCMOVU ST(0),ST(i) DA D8+i Move if unordered FCMOVNB ST(0),ST(i) DB C0+i Move if not below FCMOVNE ST(0),ST(i) DB C8+i Move if not equal FCMOVNBE ST(0),ST(i) DB D0+i Move if not below or equal FCMOVNU ST(0),ST(i) DB D8+i Move if not unordered FCOM m32real D8 /2 Compare ST(0) with m32real. FCOM m64real DC /2 Compare ST(0) with m64real. FCOM ST(i) D8 D0+i Compare ST(0) with ST(i). FCOM D8 D1 Compare ST(0) with ST(1). FCOMP m32real D8 /3 Compare ST(0) with m32real,pop r.stack. FCOMP m64real DC /3 Compare ST(0) with m64real,pop r.stack. FCOMP ST(i) D8 D8+i Compare ST(0) with ST(i), pop FCOMP D8 D9 Compare ST(0) with ST(1), pop FCOMPP DE D9 Compare ST(0) with ST(1), pop pop FCOMI ST,ST(i) DB F0+i Compare ST(0) with ST(i), set status flags FCOMIP ST,ST(i) DF F0+i Compare ST(0) with ST(i), set s.f. ,pop FUCOMI ST,ST(i) DB E8+i Compare ST(0) with ST(i), check o.v.set s.f. FUCOMIP ST,ST(i) DF E8+i Compare ST(0) with ST(i), check ovssf pop FCOS D9 FF Replace ST(0) with its cosine FDECSTP D9 F6 Decrement TOP field in FPU status word. FDIV m32real D8 /6 Divide ST(0) by m32real and s.r.in ST(0) FDIV m64real DC /6 Divide ST(0) by m64real and s.r.in ST(0) FDIV ST(0),ST(i) D8 F0+i Divide ST(0) by ST(i) and s.r.in ST(0) FDIV ST(i),ST(0) DC F8+i Divide ST(i) by ST(0) and s.r.in ST(i) FDIVP ST(i),ST(0) DE F8+i Divide ST(i) by ST(0), s.r.in ST(i) pop FDIVP DE F9 Divide ST(1) by ST(0), s.r.in ST(1) pop FIDIV m32int DA /6 Divide ST(0) by m32int and s.r.in ST(0) FIDIV m16int DE /6 Divide ST(0) by m64int and s.r.in ST(0) FDIVR m32real D8 /7 Divide m32real by ST(0) and s.r.in ST(0) FDIVR m64real DC /7 Divide m64real by ST(0) and s.r.in ST(0) FDIVR ST(0),ST(i) D8 F8+i Divide ST(i) by ST(0) and s.r.in ST(0) FDIVR ST(i),ST(0) DC F0+i Divide ST(0) by ST(i) and s.r.in ST(i) FDIVRP ST(i),ST(0) DE F0+i Divide ST(0) by ST(i), s.r.in ST(i) pop FDIVRP DE F1 Divide ST(0) by ST(1), s.r.in ST(1) pop FIDIVR m32int DA /7 Divide m32int by ST(0) and s.r.in ST(0) FIDIVR m16int DE /7 Divide m64int by ST(0) and s.r.in ST(0) FFREE ST(i) DD C0+i Sets tag for ST(i) to empty FICOM m16int DE /2 Compare ST(0) with m16int FICOM m32int DA /2 Compare ST(0) with m32int FICOMP m16int DE /3 Compare ST(0) with m16int and pop FICOMP m32int DA /3 Compare ST(0) with m32int and pop FILD m16int DF /0 Push m16int FILD m32int DB /0 Push m32int FILD m64int DF /5 Push m64int FINCSTP D9 F7 Increment the TOP field FPU status r. FINIT 9B DB E3 Initialize FPU after ... FNINIT DB E3 Initialize FPU without ... FIST m16int DF /2 Store ST(0) in m16int FIST m32int DB /2 Store ST(0) in m32int FISTP m16int DF /3 Store ST(0) in m16int and pop FISTP m32int DB /3 Store ST(0) in m32int and pop FISTP m64int DF /7 Store ST(0) in m64int and pop FLD m32real D9 /0 Push m32real FLD m64real DD /0 Push m64real FLD m80real DB /5 Push m80real FLD ST(i) D9 C0+i Push ST(i) FLD1 D9 E8 Push +1.0 FLDL2T D9 E9 Push log2 10 FLDL2E D9 EA Push log2 e FLDPI D9 EB Push pi FLDLG2 D9 EC Push log10 2 FLDLN2 D9 ED Push loge 2 FLDZ D9 EE Push +0.0 FLDCW m2byte D9 /5 Load FPU control word from m2byte FLDENV m14/28byte D9 /4 Load FPU environment from m14/m28 FMUL m32real D8 /1 Multiply ST(0) by m32real and s.r.in ST(0) FMUL m64real DC /1 Multiply ST(0) by m64real and s.r.in ST(0) FMUL ST(0),ST(i) D8 C8+i Multiply ST(0) by ST(i) and s.r.in ST(0) FMUL ST(i),ST(0) DC C8+i Multiply ST(i) by ST(0) and s.r.in ST(i) FMULP ST(i),ST(0) DE C8+i Multiply ST(i) by ST(0), s.r.in ST(i) pop FMULP DE C9 Multiply ST(1) by ST(0), s.r.in ST(1) pop FIMUL m32int DA /1 Multiply ST(0) by m32int and s.r.in ST(0) FIMUL m16int DE /1 Multiply ST(0) by m16int and s.r.in ST(0) FNOP D9 D0 No operation is performed FPATAN D9 F3 Repalces ST(1) with arctan(ST(1)/ST(0)) pop FPREM D9 F8 Replaces ST(0) with rem (ST(0)/ST(1)) FPREM1 D9 F5 Replaces ST(0) with IEEE rem(ST(0)/ST(1)) FPTAN D9 F2 Replaces ST(0) with its tangent push 1.0 FRNDINT D9 FC Round ST(0) to an integer FRSTOR m94/108byte DD /4 Load FPU status from m94 or m108 byte FSAVE m94/108byte 9B DD /6 Store FPU status to m94 or m108 FNSAVE m94/108byte DD /6 Store FPU environment to m94 or m108 FSCALE D9 FD Scale ST(0) by ST(1) FSIN D9 FE Replace ST(0) with its sine FSINCOS D9 FB Compute sine and consine of ST(0) s push c FSQRT D9 FA square root of ST(0) FST m32real D9 /2 Copy ST(0) to m32real FST m64real DD /2 Copy ST(0) to m64real FST ST(i) DD D0+i Copy ST(0) to ST(i) FSTP m32real D9 /3 Copy ST(0) to m32real and pop FSTP m64real DD /3 Copy ST(0) to m64real and pop FSTP m80real DB /7 Copy ST(0) to m80real and pop FSTP ST(i) DD D8+i Copy ST(0) to ST(i) and pop FSTCW m2byte 9B D9 /7 Store FPU control word FNSTCW m2byte D9 /7 Store FPU control word without FSTENV m14/28byte 9B D9 /6 Store FPU environment FNSTENV m14/28byte D9 /6 Store FPU env without FSTSW m2byte 9B DD /7 Store FPU status word at m2byte after FSTSW AX 9B DF E0 Store FPU status word in AX after FNSTSW m2byte DD /7 Store FPU status word at m2byte without FNSTSW AX DF E0 Store FPU status word in AX without FSUB m32real D8 /4 Sub m32real from ST(0) and s.r.in ST(0) FSUB m64real DC /4 Sub m64real from ST(0) and s.r.in ST(0) FSUB ST(0),ST(i) D8 E0+i Sub ST(i) from ST(0) and s.r.in ST(0) FSUB ST(i),ST(0) DC E8+i Sub ST(0) from ST(i) and s.r.in ST(i) FSUBP ST(i),ST(0) DE E8+i Sub ST(0) from ST(i), s.r.in ST(i) pop FSUBP DE E9 Sub ST(0) from ST(1), s.r.in ST(1) pop FISUB m32int DA /4 Sub m32int from ST(0) and s.r.in ST(0) FISUB m16int DE /4 Sub m16int from ST(0) and s.r.in ST(0) FSUBR m32real D8 /5 Sub ST(0) from m32real and s.r.in ST(0) FSUBR m64real DC /5 Sub ST(0) from m64real and s.r.in ST(0) FSUBR ST(0),ST(i) D8 E8+i Sub ST(0) from ST(i) and s.r.in ST(0) FSUBR ST(i),ST(0) DC E0+i Sub ST(i) from ST(0) and s.r.in ST(i) FSUBRP ST(i),ST(0) DE E0+i Sub ST(i) from ST(0), s.r. in ST(i) pop FSUBRP DE E1 Sub ST(1) from ST(0), s.r.in ST(1) pop FISUBR m32int DA /5 Sub ST(0) from m32int and s.r.in ST(0) FISUBR m16int DE /5 Sub ST(0) from m16int and s.r.in ST(0) FTST D9 E4 Compare ST(0) with 0.0 FUCOM ST(i) DD E0+i Compare ST(0) with ST(i) FUCOM DD E1 Compare ST(0) with ST(1) FUCOMP ST(i) DD E8+i Compare ST(0) with ST(i) and pop FUCOMP DD E9 Compare ST(0) with ST(1) and pop FUCOMPP DA E9 Compare ST(0) with ST(1) and pop pop FXAM D9 E5 Classify value or number in ST(0) FXCH ST(i) D9 C8+i Exchange ST(0) and ST(i) FXCH D9 C9 Exchange ST(0) and ST(1) FXTRACT D9 F4 Seperate value in ST(0) exp. and sig. FYL2X D9 F1 Replace ST(1) with ST(1)*log2ST(0) and pop FYL2XP1 D9 F9 Replace ST(1) with ST(1)*log2(ST(0)+1) pop HLT F4 Halt IDIV r/m8 F6 /7 Divide IDIV r/m32 F7 /7 Divide IMUL r/m8 F6 /5 Multiply IMUL r/m32 F7 /5 Multiply IMUL r32,r/m32 0F AF /r Multiply IMUL r32,r/m32,imm8 6B /r ib Multiply IMUL r32,imm8 6B /r ib Multiply IMUL r32,r/m32,imm32 69 /r id Multiply IMUL r32,imm32 69 /r id Multiply IN AL,imm8 E4 ib Input byte from imm8 I/O port address into AL IN EAX,imm8 E5 ib Input byte from imm8 I/O port address into EAX IN AL,DX EC Input byte from I/O port in DX into AL IN EAX,DX ED Input doubleword from I/O port in DX into EAX INC r/m8 FE /0 Increment 1 INC r/m32 FF /0 Increment 1 INC r32 40+rd Increment register by 1 INS m8 6C Input byte from I/O(DX) into ES:(E)DI INS m32 6D Input dw from I/O(DX) into ES:(E)DI INT 3 CC Interrupt 3--trap to debugger INT imm8 CD ib Interrupt vector number (imm8) INTO CE Interrupt 4--if overflow flag is 1 INVD 0F 08 Flush internal caches INVLPG m 0F 01 /7 Invalidate TLB Entry for page (m) IRETD CF Interrupt return(32) JA rel8 77 cb Jump short if above JAE rel8 73 cb Jump short if above or equal JBE rel8 76 cb Jump short if below or equal JC rel8 72 cb Jump short if carry JECXZ rel8 E3 cb Jump short if ECX register is 0 JE rel8 74 cb Jump short if equal JG rel8 7F cb Jump short if greater JGE rel8 7D cb Jump short if greater or equal JL rel8 7C cb Jump short if less JLE rel8 7E cb Jump short if less or equal JNE rel8 75 cb Jump short if not equal JNO rel8 71 cb Jump short if not overflow JNS rel8 79 cb Jump short if not sign JO rel8 70 cb Jump short if overflow JPE rel8 7A cb Jump short if parity even JPO rel8 7B cb Jump short if parity odd JS rel8 78 cb Jump short if sign JA rel32 0F 87 cd Jump near if above JAE rel32 0F 83 cd Jump near if above or equal JB rel32 0F 82 cd Jump near if below JBE rel32 0F 86 cd Jump near if below or equal JE rel32 0F 84 cd Jump near if equal JG rel32 0F 8F cd Jump near if greater JGE rel32 0F 8D cd Jump near if greater or equal JL rel32 0F 8C cd Jump near if less JLE rel32 0F 8E cd Jump near if less or equal JNE rel32 0F 85 cd Jump near if not equal JNO rel32 0F 81 cd Jump near if not overflow JNS rel32 0F 89 cd Jump near if not sign JO rel32 0F 80 cd Jump near if overflow JPE rel32 0F 8A cd Jump near if parity even JPO rel32 0F 8B cd Jump near if parity odd JS rel32 0F 88 cd Jump near if sign JMP rel8 EB cb Jump short, relative, JMP rel32 E9 cd Jump near, relative, JMP r/m32 FF /4 Jump near, abs.ind.in r/m32 JMP ptr16:32 EA cp Jump far, abs.add given in operand JMP m16:32 FF /r Jump far, abs.ind.in m16:32 |
|
如何读写物理内存?
Undocumented functions of NTDLL http://undocumented.ntinternals.net/UserMode/Undocumented%20Functions/NT%20Objects/Section/NtOpenSection.html NtOpenSection( OUT PHANDLE SectionHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes ); http://undocumented.ntinternals.net/UserMode/Undocumented%20Functions/NT%20Objects/Section/NtMapViewOfSection.html NtMapViewOfSection( IN HANDLE SectionHandle, IN HANDLE ProcessHandle, IN OUT PVOID *BaseAddress OPTIONAL, IN ULONG ZeroBits OPTIONAL, IN ULONG CommitSize, IN OUT PLARGE_INTEGER SectionOffset OPTIONAL, IN OUT PULONG ViewSize, IN SECTION_INHERIT InheritDisposition, IN ULONG AllocationType OPTIONAL, IN ULONG Protect ); http://undocumented.ntinternals.net/UserMode/Undocumented%20Functions/NT%20Objects/Section/NtUnmapViewOfSection.html NtUnmapViewOfSection( IN HANDLE ProcessHandle, IN PVOID BaseAddress ); |
|
域天加密壳
卡巴必杀:Packed.Win32.NSAnti(虽然只是怀疑) |
|
xp系统下,请问c语言的编程环境在那里可以下载到?
Visual C++ 2005 Express Editions 比较小些,而且免费. |
|
|
|
[求助]堆践使用的问题.移动堆践指针为什么一些堆践中数据会变动?
VC的优化也不错: 00401000 />push ebp 00401001 |>mov ebp,esp 00401003 |>sub esp,400 00401009 |>push 400 ; /BufSize = 400 (1024.) 0040100E |>lea eax,[ebp-400] ; | 00401014 |>push eax ; |Buffer 00401015 |>push 0040301C ; |VarName = "ComSpec" 0040101A |>call [<&KERNEL32.GetEnvironmentVariableA>] ; \GetEnvironmentVariableA 00401020 |>push 200 ; /BufSize = 200 (512.) 00401025 |>push 00403010 ; |/StringToAdd = " /c del \"" 0040102A |>lea eax,[ebp-400] ; || 00401030 |>push eax ; ||ConcatString 00401031 |>call [<&KERNEL32.lstrcatA>] ; |\lstrcatA 00401037 |>push eax ; |/String 00401038 |>call [<&KERNEL32.lstrlenA>] ; |\lstrlenA 0040103E |>lea eax,[ebp+eax-400] ; | 00401045 |>push eax ; |PathBuffer 00401046 |>push 0 ; |/pModule = NULL 00401048 |>call [<&KERNEL32.GetModuleHandleA>] ; |\GetModuleHandleA 0040104E |>push eax ; |hModule 0040104F |>call [<&KERNEL32.GetModuleFileNameA>] ; \GetModuleFileNameA 00401055 |>push 0 ; /ShowState = SW_HIDE 00401057 |>lea eax,[ebp-400] ; | 0040105D |>push eax ; |CmdLine 0040105E |>call [<&KERNEL32.WinExec>] ; \WinExec 00401064 |>xor eax,eax 00401066 |>leave 00401067 \>retn 再手工优化一下: sub esp,400 push 400 push esp push 0040301C ;"ComSpec" call GetEnvironmentVariableA push 200 push 00403010 ;" /c del \"" push esp call lstrcatA push eax call lstrlenA add eax,esp push eax push 0 call GetModuleHandleA push eax call GetModuleFileNameA push 0 push esp call WinExec add esp,400 retn |
|
[原创]通用版本EXE自删除代码..TASM代码..学习使用堆践存储数据
最初由 Anskya 发布 小心如果其它文件名作参数会连那个文件一起删除. 如果有其它非文件名作参数,删除可能失败. 最初由 WAKU 发布 自定义入口的程序不能外部变量_pgmptr. |
|
[原创]通用版本EXE自删除代码..TASM代码..学习使用堆践存储数据
我也来个一行的: #include<windows.h> #include<string> void main() { WinExec((std::string("cmd /c del ")+_pgmptr).c_str(),0); } |
|
[求助]如何看C程序的汇编代码??
VC的调试器可以C/汇编对照显示. |
|
[求助]用tc新建文件夹如何实现???
int _mkdir( const char *dirname ); Return Value Each of these functions returns the value 0 if the new directory was created. On an error the function returns ?1 and sets errno as follows: EEXIST Directory was not created because dirname is the name of an existing file, directory, or device ENOENT Path was not found Parameter dirname Path for new directory Remarks The _mkdir function creates a new directory with the specified dirname. _mkdir can create only one new directory per call, so only the last component of dirname can name a new directory. _mkdir does not translate path delimiters. In Windows NT, both the backslash ( \) and the forward slash (/ ) are valid path delimiters in character strings in run-time routines. _wmkdir is a wide-character version of _mkdir; the dirname argument to _wmkdir is a wide-character string. _wmkdir and _mkdir behave identically otherwise. Example /* MAKEDIR.C */ #include <direct.h> #include <stdlib.h> #include <stdio.h> void main( void ) { if( _mkdir( "\\testtmp" ) == 0 ) { printf( "Directory '\\testtmp' was successfully created\n" ); system( "dir \\testtmp" ); if( _rmdir( "\\testtmp" ) == 0 ) printf( "Directory '\\testtmp' was successfully removed\n" ); else printf( "Problem removing directory '\\testtmp'\n" ); } else printf( "Problem creating directory '\\testtmp'\n" ); } Output Directory '\testtmp' was successfully created Volume in drive C is CDRIVE Volume Serial Number is 0E17-1702 Directory of C:\testtmp 05/03/94 12:30p <DIR> . 05/03/94 12:30p <DIR> .. 2 File(s) 0 bytes 17,358,848 bytes free Directory '\testtmp' was successfully removed |
|
如果要你选一种语言来精通,你选哪种[调查]
2005年11月程序语言世界排行榜揭晓 世界前20位语言排行榜: 世界前10位语言在前五年内长期发展趋势图: 世界前30-50位语言排行榜: 竟然没有ASM |
|
|
操作理由
RANk
{{ user_info.golds == '' ? 0 : user_info.golds }}
雪币
{{ experience }}
课程经验
{{ score }}
学习收益
{{study_duration_fmt}}
学习时长
基本信息
荣誉称号:
{{ honorary_title }}
能力排名:
No.{{ rank_num }}
等 级:
LV{{ rank_lv-100 }}
活跃值:
在线值:
浏览人数:{{ visits }}
最近活跃:{{ last_active_time }}
注册时间:{{ user_info.create_date_jsonfmt }}
勋章
兑换勋章
证书
证书查询 >
能力值