الفريق العربي للهندسة العكسية
Loader total command 11.5 - نسخة قابلة للطباعة

+- الفريق العربي للهندسة العكسية (https://www.at4re.net/f)
+-- قسم : منتديات البرمجة - Programming Forums (https://www.at4re.net/f/forum-5.html)
+--- قسم : البرمجة بالأسمبلي - Assembly Section (https://www.at4re.net/f/forum-16.html)
+--- الموضوع : Loader total command 11.5 (/thread-4664.html)

Loader total command 11.5 - Lauda937 - 24-07-2025

Loader total command 11.5 written in fasm assembly to remove the unregistered source code of the top title bar

; Loader total command 11.5 
format PE GUI 4.0
entry start
 
include 'win32a.inc'
 
section '.data' data readable writeable
    processInfo PROCESS_INFORMATION
    startupInfo STARTUPINFO
    cmdLine db 'TOTALCMD64.EXE',0
    hProcess dd ?
    baseAddress dd ?
    bytesWritten dd ?
    nops db 90h, 90h, 90h, 90h, 90h, 90h
 
section '.code' code readable executable
start:
    ; Initialize the STARTUPINFO structure
    invoke RtlZeroMemory, startupInfo, sizeof.STARTUPINFO
    mov [startupInfo.cb], sizeof.STARTUPINFO
 
    ; Create process (suspended state)
    invoke CreateProcessA, 0, cmdLine, 0, 0, 0, CREATE_SUSPENDED, 0, 0, startupInfo, processInfo
    test eax, eax
    jz error_exit
 
    ; Save the process handle
    mov eax, [processInfo.hProcess]
    mov [hProcess], eax
 
    ; Get the process base address (simplified here, it should actually be obtained through PEB)
    ; Note: For 64-bit processes, 32-bit programs need special handling, here we know the base address
    ; In actual application, the ImageBaseAddress of PEB should be read
    mov [baseAddress], 00400000h ; The base address is 00400000h, which needs to be modified according to the actual situation
 
    ; Calculate the address to be modified (base address + RVA)
    mov eax, [baseAddress]
    add eax, 2B2DD0h ; RVA 2B2DD0
 
    ; Modify memory (6 NOPs)
    invoke WriteProcessMemory, [hProcess], eax, nops, 6, bytesWritten
 
    ; Resume thread execution
    invoke ResumeThread, [processInfo.hThread]
 
    ; Close the handle
    invoke CloseHandle, [processInfo.hThread]
    invoke CloseHandle, [processInfo.hProcess]
 
    ; Exit the program
    invoke ExitProcess, 0
 
error_exit:
    ; Error handling
 
    invoke ExitProcess, 1
 
section '.idata' import data readable writeable
    library kernel32, 'kernel32.dll', \
            user32, 'user32.dll'
 
    import kernel32, \
           CreateProcessA, 'CreateProcessA', \
           ExitProcess, 'ExitProcess', \
           CloseHandle, 'CloseHandle', \
           WriteProcessMemory, 'WriteProcessMemory', \
           ResumeThread, 'ResumeThread', \
           RtlZeroMemory, 'RtlZeroMemory'
 
    import user32, \
           MessageBoxA, 'MessageBoxA'