Код:
.386
.model flat,stdcall
option casemap:none
include windows.inc
include user32.inc
include kernel32.inc
includelib kernel32.lib
.data
szModulePath db 257 dup(?)
hHandle dword ?
hf_ dword ?
m7 dword ?
size_ dword ?
hdumped dword ?
address_ dword ?
error_ db "Cannot create file!",0
si_ dword ?
lpflOldProtect dword ?
hcom dword ?
REGION_ dword ?
CREATED_ db "Rewrite file?",0
open_error db "Cannot open file!",0
name_ db 300 dup (?)
concat_ db "\dumped_.exe",0
read_error db "Read file error!",0
size_headers dword ?
filter_ db "All EXEs",0
size_obraz dword ?
lpNumberOfBytesWritten dword ?
lpNumberOfBytesRead dword ?
title_ db "File To dump",0
.code
DllEntry proc hInstance:HINSTANCE, reason:DWORD, reserved1:DWORD
mov eax,TRUE
.if m7!=7
mov m7,7
invoke GetModuleFileNameA,0,addr szModulePath,255
invoke MessageBoxA,0,addr szModulePath,0,0
.if eax!=0
invoke GetModuleHandle,0
.if eax!=0
mov hHandle,eax
invoke CreateFile,addr szModulePath,GENERIC_READ,FILE_SHARE_READ,0,OPEN_EXISTING,0,0
.if eax==-1
invoke MessageBoxA,0,offset open_error,0,16
jmp ret_
.endif
mov hf_,eax
invoke GetFileSize,hf_,0
.if eax!=0
mov size_,eax
invoke VirtualAlloc,0,eax,MEM_COMMIT,PAGE_READWRITE
mov address_,eax
invoke ReadFile,hf_,address_, size_,addr lpNumberOfBytesRead,0
mov edi,lpNumberOfBytesRead
.if edi!=size_
invoke MessageBoxA,0,offset read_error,0,16
jmp free_
.endif
mov eax,address_
cmp word ptr[eax],IMAGE_DOS_SIGNATURE ; ïðîâåðÿåì èñïîëíÿåìûé ëè ýòî ôàéë
jnz free_
add eax, 03ch
mov esi, dword ptr [eax]
sub esi, 03ch
add eax, esi
cmp dword ptr [eax],IMAGE_NT_SIGNATURE ; åñëè íå PE, òî âûõîäèì
jnz free_
assume eax:ptr IMAGE_NT_HEADERS
mov esi,[eax].OptionalHeader.SizeOfHeaders
mov size_headers,esi
mov esi,[eax].OptionalHeader.SizeOfImage
sub esi, size_headers
mov size_obraz,esi
invoke GetCurrentDirectory,255,offset name_
invoke lstrcat,offset name_,offset concat_
invoke CreateFile,addr name_,GENERIC_READ or GENERIC_WRITE,FILE_SHARE_READ or FILE_SHARE_WRITE,0,OPEN_EXISTING,0,0
.if eax!=-1
pushad
invoke MessageBox,0, addr CREATED_,0,MB_YESNO
.if eax!=7
invoke CreateFile,addr name_,GENERIC_READ or GENERIC_WRITE,FILE_SHARE_READ or FILE_SHARE_WRITE,0,OPEN_ALWAYS,0,0
.if eax==-1
invoke MessageBox,0, addr error_,0,16
jmp free_
.endif
.endif
mov hdumped,eax
popad
.endif
.if eax==-1
invoke CreateFile,addr name_,GENERIC_READ or GENERIC_WRITE,FILE_SHARE_READ or FILE_SHARE_WRITE,0,OPEN_ALWAYS,0,0
.if eax==-1
invoke MessageBox,0, addr error_,0,16
jmp free_
.endif
mov hdumped,eax
.endif
invoke WriteFile,hdumped,address_,size_headers,addr lpNumberOfBytesWritten,0
free_:
invoke VirtualFree,address_,size_,MEM_DECOMMIT
mov esi,hHandle
add esi,size_headers
pushad
invoke VirtualAlloc,0,size_obraz,MEM_COMMIT,PAGE_READWRITE
mov REGION_,eax
popad
invoke VirtualProtectEx,-1,esi,size_obraz,PAGE_EXECUTE_READWRITE, addr lpflOldProtect
invoke ReadProcessMemory,-1,esi,REGION_,size_obraz,addr lpNumberOfBytesRead ; вот тут вылетает ошибка
mov edi,lpNumberOfBytesRead
.if edi==size_obraz
invoke WriteFile,hdumped,REGION_,size_obraz,addr lpNumberOfBytesWritten,0
.endif
.endif
invoke VirtualFree,REGION_,size_obraz,MEM_DECOMMIT
invoke CloseHandle,hf_
invoke CloseHandle,hdumped
.endif
.endif
.endif
ret_:
ret
DllEntry Endp
End DllEntry