This is a managed C++ wrapper for the library version of Flat Assembler released by FASM's author in this thread. Included is the full C++ source code and a C# example of use. In the C++ source file fasmdll_managed.cpp, one can also find an example of how to invoke FASM.OBJ (included in source download) from unmanaged code.
What does it do?
Basically, it allows C# and VB.NET programmers to assemble and inject code into another process with far greater ease than normal methods.
Can you give me a step-by-step example of use?
1. Use either the class constructor or fasm.SetProcessHandle(IntPtr) to set the process handle to that of the process into which code will be injected.
2. Use fasm.AddLine(string) to add to the list of mnemonics to be assembled. FASM uses Intel syntax. You can find the FASM Programmer's Manual here.
3. a. Call fasm.Assemble() which will return the bytecode in the form of a byte-array.
b. Call fasm.Inject(), fasm.InjectAndExecute(), or fasm.InjectAndExecuteEx() to inject your code into the process. Each of these takes at least one parameter: the address at which code will be injected; optionally, you can specify a handle to the process into which code will be injected and, in the case of the latter two, a parameter to be passed to the code upon injection.
Notes:
* If you use fasm.Inject(), fasm.InjectAndExecute(), or fasm.InjectAndExecuteEx() to inject your code, relative jumps and calls will automatically be adjusted relative to the address at which code is injected. FASM's org macro sets the origin of the assembled code, so you may do this yourself, but, if you do, the origin will not be set automatically.
* You may specify to assemble as 16-bit or 64-bit bytecode with use16 or use64 macros. This will disable the class' default usage of 32-bit assembly.
* There are static methods for assembly as well. These are in the Fasm.ManagedFasm namespace.
* The Fasm class object is not multiple-thread safe. This is a limitation of the way FASM was written (it uses a lot of static variables). I have not gone to the trouble of attempting to prevent threading errors so, please, take care not to cause any.
* The default memory size for FASM's memory buffer is 0x1000. This should be plenty for general use, but it can be changed using fasm.SetMemorySize(int).
* The default limit on the number of passes FASM will attempt to assemble your code before giving up is 100. This will be sufficient for anything you use this library for. However, if you feel the need to change it, you may do so using fasm.SetPassLimit(int).
* The differences between the two Inject/Execute methods:
o fasm.InjectAndExecute() injects the code at the specified address and uses CreateRemoteThread to execute it (optionally passing a parameter that you specify). It will then wait for up to 10 seconds for the code to return and return the exit code (value of EAX when 'retn' is hit) to you.
o fasm.InjectAndExecuteEx() returns immediately, returning the handle to the thread created by CreateRemoteThread. It is your responsibility to get the exit code using kernel32:GetExitCodeThread(HANDLE, LPDWORD) and to close the thread handle using kernel32:CloseHandle(HANDLE). Useful if you want to inject code that forever loops in the context of another process (information gathering and whatnot).
Updated!
Fixed a small bug where addresses weren't getting normalized. Added ability to pass a format string and variable arguments to .AddLine and .Add, so you can do things like fasm.AddLine("call 0x{0:X}", lpLoadLibrary) and such.
Updated! (12/06/08 11:31 EST)
I recompiled the FASM source to be a linkable Microsoft COFF object. This means you can say goodbye to FASM.DLL: all that is needed is fasmdll_managed.dll and you're good to go.
