Dark Bit Factory & Gravity
PROGRAMMING => Other languages => ASM => Topic started by: rain_storm on April 29, 2012
-
Here's a tiny effect coded using my 512b framework. It's slow as hell and ugly as sin but for some weird reason I'm kinda proud of it. I really hope this runs on Vista/Windows 7 as it's only been tested on XP SP3. Full source has been included along with the tool used to obtain the import function hashes. No compression was used during the making of this effect.
-
Doesn't work for me on Win7 x64.
-
A shame, Here's the original but it has changed quite alot from this to the final production. The colours are all gone and the sinewave no longer oscilates.
-
Yep, that works, and looks pretty cool too! :)
-
if you'd like, I can share my stripped PE header code with you. Works on all Windows versions :)
-
Yes please, and thank you very much.
-
And forgot to mention, cool little prod :)
-
The old version worked for me, looked really cool! :)
-
Awesome. Love it!
-
Couldn't get the new version to run but the old version ran fine here, it's a lovely little effect.
Nice one! K+ for the source and the mention for DBF in the nfos.
-
Hi,
I know, this topic is old, but im unable to download the ZIP. Could someone provide me the attachment?
Thanks,
wolfee
-
The link should work ( tested it a moment ago )
But here is the source so you can compile using FASM
format binary as 'exe'
macro tinycall proc,[arg]
{
common
if ~ arg eq
reverse
pushd arg
common
end if
call dword [ebx + proc]
}
VK_ESCAPE = (0x0000001B)
SRCCOPY = (0x00CC0020)
WS_POPUP = (0x80000000)
WS_VISIBLE = (0x10000000)
WS_MAXIMIZE = (0x01000000)
PM_REMOVE = (0x00000001)
WM_KEYDOWN = (0x00000100)
WM_KEYUP = (0x00000101)
SM_CXSCREEN = (0x00000000)
SM_CYSCREEN = (0x00000001)
RESX equ 256
RESY equ 192
ImageBase = 0x00400000
SizeOfHdr = 0x0088 ; 0x94
SizeOfCode = 0x00600080 ; 0x00040004 ; 0x00010000 + 196608 ; (196608 = 4*(RESX)*(RESY))
;GetSystemMetrics dd 0xB9DAA600
use32
root: dec ebp
pop edx
jmp jump
dd 'PE' ; .Signature
dw 0x014C ; .Machine
dw 0x0000 ; .NumberOfSections
LoadLibrary dd 0xE9826FC6 ; .TimeDateStamp
GetWindowRect dd 0xF9AC1F38 ; .PointerToSymbolTable
ShowCursor dd 0x19A434A8 ; .NumberOfSymbols
dw 0x0010 ; .SizeOfOptionalHeader
dw 0x010F ; .Characteristics (no relocations, executable, 32 bit)
Op_Hdr:
dd 0x0000010B ; .Magic .MajorLinkerVersion .MinorLinkerVersion
PeekMessage dd 0xEA1682FE ; .SizeOfCode
StretchDIBits dd 0x4ED54D5C ; .SizeOfInitializedData
ExitProcess dd 0x38A66AE8 ; .SizeOfUninitializedData
dd root ; .AddressOfEntryPoint
CreateWindowEx dd 0xF8820ECC ; .BaseOfCode
dd 'edit' ; .BaseOfData
dd ImageBase ; .ImageBase
dd 0x00000004 ; .SectionAlignment
dd 0x00000004 ; .FileAlignment
GetDC dd 0xA4D450D1 ; .MajorOperatingSystemVersion
wave dd 0x3DC90FDB ; .MinorOperatingSystemVersion .MajorImageVersion
dw 0x0004 ; .MajorSubsystemVersion
jump: push 0x30
pop ecx
push edx
jmp kern
dd SizeOfCode ; .SizeOfImage
dd SizeOfHdr ; .SizeOfHeaders
libname: dd 'gdi3' ; .CheckSum
dw 0x0002 ; .Subsystem
dw 0x0000 ; .DllCharacteristics
SizeStackClear = 0x24
NumStackValues = 0x0F
BitMapInfo = 0x68
PtrStack = (PackedStack-libname)+3
PackedStack:
db 0x08, 0x34 ; <- &edit
db 0x0A, 0x40 ; <- &edit+ImageBase
db 0x13, 0x91 ; <- window style WS_POPUP|WS_MAXIMIZE|WS_VISIBLE
db 0x60, 0x20 ; <- LOWORD(SRCCOPY);
db 0x4D, 0x01 ; <- StretchDIBits->nSrcWidth = RESX
db 0x68, 0x28 ; <- bmi.bmiHeader.biSize = sizeof(BITMAPINFOHEADER);
db 0x56, 0x41 ; <- 41 here is compressed 00410000 == &pixel[0]
db 0x50, 0xC0 ; <- StretchDIBits->nSrcHeight = RESY
db 0x62, 0xCC ; <- HIWORD(SRCCOPY);
db 0x6D, 0x01 ; <- bmi.bmiHeader.biWidth = RESX;
dd 0x00000000 ; .NumberOfRvaAndSizes
db 0x76, 0x20 ; <- bmi.bmiHeader.biBitCount = 32;
db 0x70, 0xC0 ; <- bmi.bmiHeader.biHeight = RESY;
db 0x74, 0x01 ; <- bmi.bmiHeader.biPlanes = 1;
kern: mov eax, [fs : ecx] ; 64 8B 01
mov eax, [eax+0x0C] ; 8B 40 0C
mov eax, [eax+0x1C] ; 8B 40 1C
base: mov edx, [eax+0x20] ; 8B 50 20
mov ebp, [eax+0x08] ; 8B 68 08
cmp [edx+0x18], ch ; 38 6A 18
mov eax, [eax] ; 8B 00
jnz base ; 75 F3
mov esi, ImageBase+libname ; BE 5C 00 40 00
jmp libs ;
hash: mov ecx, [edx+0x18] ; 8B 4A 18 ; ecx = Num Exports
redo: jecxz done ; E3 2E ; ecx = 0 No More Exports
dec ecx ; 49 ; ecx = Num Exports Decreased
mov esi, [edx+0x20] ; 8B 72 20 ; edi = RVA Exports Asciiz
add esi, ebp ; 01 EE ; edi = RVA -> VA
mov esi, [esi+ecx*0x04] ; 8B 34 8E ; esi = RVA Export Asciiz Index
add esi, ebp ; 01 EE ; esi = RVA -> VA
mov ebx, 0x00000000 ; BB 00 00 00 00 ; .PointerToLinenumbers
calc: lodsb ; AC ; al = Char Export Asciiz
rol ebx, 0x06 ; C1 C3 06 ; ebx = Hash Preparation
xor bl, al ; 30 C3 ; ebx = Hash Complete
test al, al ; 84 C0 ; al = 0 Only For End of Asciiz
jnz calc ; 75 F6 ; If Not Zero Keep Hashing
cmp ebx, [edi] ; 3B 1F ; Check Hash Against Input
jnz redo ; 75 E3 ; If Not Equal Hash Next Function
mov ebx, [edx+0x24] ; 8B 5A 24 ; edi = RVA Function Ordinal
add ebx, ebp ; 01 EB ; edi = RVA -> VA
movzx ecx, word [ebx+ecx*0x02] ; 0F B7 0C 4B ;
mov ebx, [edx+0x1C] ; 8B 5A 1C ; edi = Function RVAS List
add ebx, ebp ; 01 EB ; edi = RVA -> VA
add ebp, [ebx+ecx*0x04] ; 03 2C 8B ; eax = Function RVA
mov [edi], ebp ; 89 2F
jmp done
libs: or byte [esi+0x04], cl
mov ebx, esi
mov bl, ch
scan: push 0x13 ;
pop ecx ; LoadLibrary trashes ecx
func: pusha
lea edi, [ebx+ecx*0x04]
mov eax, [ebp+0x3C] ; 8B 45 3C ; eax = RVA NT Header
mov edx, [ebp+eax+0x78] ; 8B 54 05 78 ; edx = RVA Data Directory
add edx, ebp ; 01 EA ; edx = RVA -> VA
jmp hash
done: popa ; 61 ; Restore Registers
loop func ; E2 EB
push esi ; 56
tinycall LoadLibrary ;, esi ; FF 53 0C
dec esi ; 4E
mov dword [esi], 'user' ; C7 06 75 73 65 72
xchg ebp, eax ; 95
or ebp, ebp ; 09 ED
jnz scan ; 75 DE
start: push SizeStackClear ; 0x24
pop ecx
push ebp
loop $-1
lea esi, [esi + PtrStack]
mov cl, NumStackValues
lodsw
movzx edx, al
mov [esp+edx], ah
loop $-8
lea ebp, [esp+BitMapInfo]
mov [esp+0x58], ebp
tinycall ShowCursor
tinycall CreateWindowEx
mov edx, esp
tinycall GetWindowRect, eax, edx, eax
tinycall GetDC
push eax
RESX equ 256
RESY equ 192
ResX equ ebp+0x1C
ResY equ ebp+0x20
Size equ ebp+0x1F
Pixel equ ebp+0x24
msg equ edi
pump: ;xor ecx, ecx
mov ebp, esp
tinycall PeekMessage, msg, ecx, ecx, ecx, PM_REMOVE
tinycall StretchDIBits
mov esp, ebp
mov eax, [ResX]
cmp eax, [msg + 4]
jnz main
tinycall ExitProcess
x = 0x0A
y = 0x0A
HalfResX = 0x54
HalfResY = 0x56
time = 0x78
SixtyFour = 0x3A
Sixteen = 0x18
NinetySix = 0x56
;ebx image pointer
;ebp frame pointer
;esi const pointer
;edx temp pointer
;edi pixel pointer
;ecx loop counter
main: fld dword [ebx+time]
fadd dword [ebx+wave]
fstp dword [ebx+time]
mov edi, [Pixel]
mov ecx, [Size]
draw: dec ecx
jz pump
finit
push 0x0A
pop dword [edi]
lea esi, [ebx+0x18] ;0x0010
lea edx, [ebx+0x2C] ;0x00000000
;float dirx = (float)(x+x-ResX);
;float diry = fabs((float)(y+y-ResY));
;float dirz = (float)ResX;
mov byte [edx], cl ;
fild word [edx] ;
fisub word [ebx+0x54] ; ResX/2
mov byte [edx], ch ;
fild word [edx] ;
fisub word [ebx+0x56] ; ResY/2
fabs ;
fild word [ResX] ;
;float norm = 1.0f/sqrt(dirx*dirx + diry*diry + dirz*dirz);
fld st2
fmul st0, st0
fld st2
fmul st0, st0
fld st2
fmul st0, st0
faddp st1, st0
faddp st1, st0
fsqrt
fld1
fdivrp st1, st0
;dirx *= norm;
;diry *= norm;
;dirz *= norm;
fmul st3, st0
fmul st2, st0
fmulp st1, st0
;float posx = sin(time*wave)*0x40;
;float posy = cos(time*wave)*0x10-0x20;
;float posz = 0x60;
fld dword [ebx+time]
fsincos
fimul word [ebx+0x3A] ; 0x0040
fxch
fimul word [esi]
fisub word [esi]
fisub word [esi]
fild word [ResX] ; 0x0080
cast: ;do {
;dist = fabs(posy + 0x10*sin(posx*wave)*sin(posz*wave));
fld st0
fmul dword [ebx+wave]
fsin
fld st3
fmul dword [ebx+wave]
fsin
fmulp st1, st0
fimul dword [edi]
fadd st0, st2
fabs
fist dword [ebx]
;posx += dist*dirx;
;posy += dist*diry;
;posz += dist*dirz;
fld st6
fmul st0, st1
faddp st4, st0
fld st5
fmul st0, st1
faddp st3, st0
fld st4
fmulp st1, st0
faddp st1, st0
;} while ((int)posz < 0x0200 && (int)dist>1);
cmp dword [ebx], 0x00000004
jbe colr
fist dword [ebx]
cmp dword [ebx], 0x00000800
jb cast
colr:
;int b = (int)fabs(posy*0x100/posz)<<2;
;int r = ((int)posx^(int)posz)&0x10;
;r = (int)(r*0x100/posz);
fild dword [ResX]
fdivrp st1, st0
fmulp st1, st0
fimul dword [edi]
fabs
fistp dword [edi]
mov eax, [edi]
stosb
stosb
stosb
scasb
jmp draw
db 0