文章

AHK 机器码(MCode)的制作

本文来至feiyue的分享!

最早从官网看到大神们在使用机器码(MCode)的时候,惊为天人,极为仰慕。
可惜一看介绍,需要先下载安装VC或者GCC,还有各种参数配置,总感觉很难,
因此很长时间都没有使用过。

后来慢慢尝试使用GCC,发现并不难,因为都是用命令行调用的,下载安装
GCC后根本不用配置,找到gcc.exe程序就可以在命令行使用了。
我推荐使用 TDM-GCC 64位版,可以在百度搜索 TDM-GCC 或在 官网 下载。

我成功地实现了自己写C语言代码并快速转化为机器码(MCode),真令人高兴。
比较了多种方法后,我把最简单的转化方式分享给大家,让大家也来使用机器码。 

  1. ;===========================================
  2. ;   AHK机器码生成器】 v2.0  By FeiYue
  3. ;
  4. ;   使用方法:
  5. ;
  6. ;   1、下载安装 TDM-GCC 64位版 到默认的安装目录,下载网址为:
  7. ;      https://sourceforge.net/projects/tdm-gcc/files/latest/download
  8. ;
  9. ;   2、下载安装 TCC  32  64位版 AHK的目录,下载网址为:
  10. ;      https://bellard.org/tcc/
  11. ;
  12. ;   3、选择C代码后,按【 Alt+C 】热键生成 GCC 编译的机器码,
  13. ;      或者按【 Ctrl+Alt+C 】热键生成 TCC 编译的机器码
  14. ;
  15. ;===========================================
  18. !c::    ; 选择C代码后用 GCC 编译
  20. ^!c::   ; 选择C代码后用 TCC 编译
  22. ClipSaved:=Clipboard
  23. Clipboard=
  24. Send {Ctrl Down}c{CtrlUp}
  25. ClipWait, 3
  26. s:=Clipboard, Clipboard:=ClipSaved
  27. if s=
  28. {
  29.   MsgBox, 4096, Error, The contents of the copy are empty
  30.   Exit
  31. }
  32. Loop, 2 {
  33.   i:=A_Index-1
  34.   hex:=A_ThisLabel="!c" ? Gcc(s,i) : Tcc(s,i)
  35.   hex:=RegExReplace("xxx" hex, ".{1,50}", "`r`n    . ""$0""")
  36.   s%i%:=StrReplace(hex, ". ""xxx", (i ? "x64":"x32") ":=""")
  37. }
  38. MsgBox, 4096, MCode has been generated! (32 + 64)
  39.   , % Clipboard:=s0 . s1
  40.   . "`r`n    MCode(MyFunc, A_PtrSize=8 ? x64:x32)"
  41. s:=s0:=s1:=""
  42. return
  44. Gcc(s, win64=0)
  45. {
  46.   dir:=A_IsCompiled ? A_ScriptDir : RegExReplace(A_AhkPath,"\\[^\\]+$")
  47.   ;-----------------------------
  48.   exe1=C:\TDM-GCC-64\bin\gcc.exe
  49.   exe2=C:\TDM-GCC-64\bin\objcopy.exe
  50.   ;-----------------------------
  51.   IfNotExist, %exe1%
  52.   {
  53.     MsgBox, 4096, Tip, Can't Find %exe1% !
  54.     return
  55.   }
  56.   FileDelete, % cpp:=dir "\5.c"
  57.   FileDelete, % obj:=dir "\5.obj"
  58.   FileDelete, % log:=dir "\5.log"
  59.   FileDelete, % bin:=dir "\5.bin"
  60.   FileAppend, %s%, %cpp%
  61.   SplitPath, ComSpec, cmd
  62.   Loop
  63.   {
  64.     Process, Exist, %cmd%
  65.     if !(pid:=ErrorLevel)
  66.       Break
  67.     Process, Close, %pid%
  68.     Process, WaitClose, %pid%, 3
  69.   }
  70.   arg:=(win64 ? "-m64":"-m32") . " -O2"
  71.   RunWait, %ComSpec% /c ""%exe1%" %arg% -c -o "%obj%" "%cpp%" 2>"%log%""
  72.     ,, Hide
  73.   IfNotExist, %obj%
  74.   {
  75.     FileRead, s, %log%
  76.     FileDelete, %cpp%
  77.     FileDelete, %log%
  78.     MsgBox, 4096, Tip, C Compile Error`n`n%s%
  79.     return
  80.   }
  81.   RunWait, "%exe2%" -j .text -O binary "%obj%" "%bin%",, Hide
  82.   hex:=bin2hex(bin)
  83.   FileDelete, %cpp%
  84.   FileDelete, %obj%
  85.   FileDelete, %log%
  86.   FileDelete, %bin%
  87.   return, hex
  88. }
  90. Tcc(s, win64=0)
  91. {
  92.   dir:=A_IsCompiled ? A_ScriptDir : RegExReplace(A_AhkPath,"\\[^\\]+$")
  93.   ;-----------------------------
  94.   exe1:=dir (win64 ? "\TCC-64\tcc.exe" : "\TCC-32\tcc.exe")
  95.   ;-----------------------------
  96.   IfNotExist, %exe1%
  97.   {
  98.     MsgBox, 4096, Tip, Can't Find %exe1% !
  99.     return
  100.   }
  101.   ;-----------------------------
  102.   add0=`n int _Flag0_%A_Now%() { return 0x11110000; } `n
  103.   add1=`n int _Flag1_%A_Now%() { return 0x11111111; } `n
  104.   add2=`n int _Flag2_%A_Now%() { return 0x11111111; } `n
  105.   add3=`n int _Flag3_%A_Now%() { return 0x11111111; } `n
  106.   s:=add0 . add1 . add2 . s . add3
  107.   ;-----------------------------
  108.   FileDelete, % cpp:=dir "\5.c"
  109.   FileDelete, % obj:=dir "\5.obj"
  110.   FileDelete, % log:=dir "\5.log"
  111.   FileAppend, % StrReplace(s,"`r"), %cpp%
  112.   SplitPath, ComSpec, cmd
  113.   Loop
  114.   {
  115.     Process, Exist, %cmd%
  116.     if !(pid:=ErrorLevel)
  117.       Break
  118.     Process, Close, %pid%
  119.     Process, WaitClose, %pid%, 3
  120.   }
  121.   arg:=(win64 ? "-m64":"-m32") . " -O2"
  122.   RunWait, %ComSpec% /c ""%exe1%" %arg% -c -o "%obj%" "%cpp%" 2>"%log%""
  123.     ,, Hide
  124.   IfNotExist, %obj%
  125.   {
  126.     FileRead, s, %log%
  127.     FileDelete, %cpp%
  128.     FileDelete, %log%
  129.     MsgBox, 4096, Tip, C Compile Error`n`n%s%
  130.     return
  131.   }
  132.   hex:=bin2hex(obj)
  133.   ;-----------------------------
  134.   p1:=RegExMatch(hex,"i)B811111111.{0,2}?C3",r)
  135.   p2:=InStr(hex,r,0,p1+1), p3:=InStr(hex,r,0,0)
  136.   len:=p2-p1, i:=(r="B811111111C3") ? p2+len : p2+StrLen(r)
  137.   hex:=(p1 and p2) ? SubStr(hex,i,p3-p2-len) : ""
  138.   ;-----------------------------
  139.   FileDelete, %cpp%
  140.   FileDelete, %obj%
  141.   FileDelete, %log%
  142.   return, hex
  143. }
  145. bin2hex(obj)
  146. {
  147.   ListLines, % "Off" (lls:=A_ListLines=0 ? "Off":"On")/0
  148.   SetBatchLines, % "-1" (bch:=A_BatchLines)/0
  149.   VarSetCapacity(bin,1024), VarSetCapacity(bin,0)
  150.   FileRead, bin, *c %obj%
  151.   size:=VarSetCapacity(bin), p:=&bin
  152.   VarSetCapacity(hex, (2*size+1)*(1+!!A_IsUnicode))
  153.   SetFormat, IntegerFast, % "H" (fmt:=A_FormatInteger)/0
  154.   Loop, %size%
  155.     hex.=SubStr(0x100+(*p++),-1)
  156.   SetFormat, IntegerFast, %fmt%
  157.   SetBatchLines, %bch%
  158.   ListLines, %lls%
  159.   return, hex
  160. }
  162. MCode(ByRef code, hex)
  163. {
  164.   ListLines, % "Off" (lls:=A_ListLines=0 ? "Off":"On")/0
  165.   SetBatchLines, % "-1" (bch:=A_BatchLines)/0
  166.   VarSetCapacity(code, len:=StrLen(hex)//2)
  167.   Loop, % len
  168.     NumPut("0x" SubStr(hex,2*A_Index-1,2),code,A_Index-1,"uchar")
  169.   DllCall("VirtualProtect","ptr",&code,"ptr",len,"uint",0x40,"ptr*",0)
  170.   SetBatchLines, %bch%
  171.   ListLines, %lls%
  172. }
  174. ;

下面是一个AHK机器码(MCode)调用WinAPI的例子: 

  1. /****** C source code ******
  3. #include <windows.h>
  5. typedef int (WINAPI * _MessageBoxA)(
  6.   HWND   hWnd,
  7.   LPCSTR lpText,
  8.   LPCSTR lpCaption,
  9.   UINT   uType
  10. );
  12. typedef BOOL (WINAPI * _GetUserNameA)(
  13.   LPSTR   lpBuffer,
  14.   LPDWORD pcbBuffer
  15. );
  17. typedef void * (WINAPI * _GetWinAPI)(char * str);
  19. int WINAPI TestWinAPI(_GetWinAPI GetWinAPI, char * name, int * size)
  20. {
  21.   char str1[] = "User32.dll\\MessageBoxA";
  22.   _MessageBoxA MessageBoxA = (_MessageBoxA)GetWinAPI(str1);
  23.   if (NULL == MessageBoxA)
  24.     return -1;
  26.   char str2[] = "Advapi32.dll\\GetUserNameA";
  27.   _GetUserNameA GetUserNameA = (_GetUserNameA)GetWinAPI(str2);
  28.   if (NULL == GetUserNameA)
  29.     return -2;
  31.   char text[] = "Hello World!";
  32.   char title[] = "Machine Code Call WinAPI";
  33.   MessageBoxA(0, text, title, 1);
  35.   GetUserNameA(name, size);
  36.   MessageBoxA(0, name, title, 1);
  38.   return 0;
  39. }
  41. */
  43. if (!MyFunc)
  44. {
  45.     x32:="5557BA78410000565383EC7C8D4424268BB424900000008"
  46.     . "BBC2494000000C744242655736572C744242A33322E64C7442"
  47.     . "42E6C6C5C4DC744243265737361C74424366765426F6689542"
  48.     . "43AC644243C00890424FFD683EC0485C00F840301000089C3B"
  49.     . "841000000C744245641647661668944246E8D442456C744245"
  50.     . "A70693332C744245E2E646C6CC74424625C476574C74424665"
  51.     . "5736572C744246A4E616D65890424FFD683EC0485C089C60F8"
  52.     . "4BE0000008D6C243D8D442419C744241948656C6CC744241D6"
  53.     . "F20576FC7442421726C6421C644242500C744243D4D616368C"
  54.     . "7442441696E6520C7442445436F6465C74424492043616CC74"
  55.     . "4244D6C205769C74424516E415049C644245500C744240C010"
  56.     . "00000896C240889442404C7042400000000FFD383EC108B842"
  57.     . "498000000893C2489442404FFD683EC08C744240C010000008"
  58.     . "96C2408897C2404C7042400000000FFD331C083EC1083C47C5"
  59.     . "B5E5F5DC20C00B8FFFFFFFFEBEF8DB600000000B8FEFFFFFFE"
  60.     . "BE2909090909090909090"
  61.     x64:="4154555756534881EC9000000048B85573657233322E644"
  62.     . "8894424304889D748B86C6C5C4D65737361BA784100004889C"
  63.     . "E4D89C44889442438C74424406765426F488D4C24306689542"
  64.     . "444C644244600FFD64885C04889C30F84E200000048B841647"
  65.     . "66170693332488D4C2470488944247048B82E646C6C5C47657"
  66.     . "4488944247848B8557365724E616D654889842480000000B84"
  67.     . "10000006689842488000000FFD64885C04889C60F84A200000"
  68.     . "048B848656C6C6F20576F488D6C245041B9010000004889442"
  69.     . "42048B84D616368696E6520488D542420488944245048B8436"
  70.     . "F64652043616C4989E8488944245848B86C2057696E4150493"
  71.     . "1C9C7442428726C6421C644242C004889442460C644246800F"
  72.     . "FD34C89E24889F9FFD641B9010000004989E84889FA31C9FFD"
  73.     . "331C04881C4900000005B5E5F5D415CC30F1F440000B8FFFFF"
  74.     . "FFFEBE6660F1F840000000000B8FEFFFFFFEBD690909090909"
  75.     . "0909090"
  76.     MCode(MyFunc, A_PtrSize=8 ? x64:x32)
  77.     GetWinAPI:=RegisterCallback("GetWinAPI","Fast")
  78. }
  79. VarSetCapacity(str,100,0), size:=100
  80. DllCall(&MyFunc, "Ptr",GetWinAPI, "Ptr",&str, "int*",size)
  81. MsgBox, 1, AHK Command
  82.   , % "UserName:`t" StrGet(&str,"CP0") "`nSize:`t`t" size
  83. return
  85. GetWinAPI(pstr)  ; 参数格式为:DLL文件名\\函数名
  86. {
  87.   static WinAPI:=[]
  88.   if (addr:=WinAPI[ v:=StrGet(pstr,"CP0") ])
  89.     return, addr
  90.   i:=InStr(v,"\",0,0), v1:=SubStr(v,1,i-1), v2:=SubStr(v,i+1)
  91.   if !(base:=DllCall("LoadLibrary", "Str",v1, "Ptr"))
  92.     return, 0
  93.   if !(addr:=DllCall("GetProcAddress", "Ptr",base, "AStr",v2, "Ptr"))
  94.     return, 0
  95.   WinAPI[v]:=addr
  96.   return, addr
  97. }
  99. MCode(ByRef code, hex)
  100. {
  101.   ListLines, % "Off" (lls:=A_ListLines=0 ? "Off":"On")/0
  102.   SetBatchLines, % "-1" (bch:=A_BatchLines)/0
  103.   VarSetCapacity(code, len:=StrLen(hex)//2)
  104.   Loop, % len
  105.     NumPut("0x" SubStr(hex,2*A_Index-1,2),code,A_Index-1,"uchar")
  106.   DllCall("VirtualProtect","ptr",&code,"ptr",len,"uint",0x40,"ptr*",0)
  107.   SetBatchLines, %bch%
  108.   ListLines, %lls%
  109. }
  111. ;

利用TCC动态运行C语言代码的简单方式:
(必须在AHK目录下安装 “\TCC-64\tcc.exe” 和 “\TCC-32\tcc.exe”) 

  1. ;------------------------------------------
  2. ;  Using TCC to run C code  (By FeiYue)
  3. ;------------------------------------------
  5. Goto, F1
  7. F1::
  8. code=
  9. (
  10. //////////////
  12. char * __attribute__((stdcall)) hello(char * out) {
  13.   char str[]="Hello World!";
  14.   for (int i=0; str[i]!='\0'; i++)
  15.     out[i]=str[i];
  16.   return out;
  17. }
  19. //////////////
  20. )
  21. VarsetCapacity(str,100,0)
  22. MsgBox, 4096,, % StrGet( DllCall(TccRun(code), "ptr",&str, "ptr"), "CP0")
  23. return
  26. ;========== TCC Functions ==========
  29. TccRun(s)
  30. {
  31.   static Address:=[]
  32.   if (addr:=Address[hash:=GetHash(s)])
  33.     return, addr
  34.   if !(hex:=Tcc(s, A_PtrSize=8))
  35.     return
  36.   if !(addr:=DllCall("GlobalAlloc", "int",0, "ptr",len:=StrLen(hex)//2, "ptr"))
  37.     return
  38.   MCode(code,hex), DllCall("RtlMoveMemory", "ptr",addr, "ptr",&code, "ptr",len)
  39.   DllCall("VirtualProtect", "ptr",addr, "ptr",len, "uint",0x40, "ptr*",0)
  40.   Address[hash]:=addr
  41.   return, addr
  42. }
  44. GetHash(s)
  45. {
  46.   ListLines, % "Off" (lls:=A_ListLines!=0 ? "On":"Off")/0
  47.   SetBatchLines, % "-1" (bch:=A_BatchLines)/0
  48.   hash1:=hash2:=hash3:=0, size:=VarSetCapacity(s,-1), p:=&s
  49.   Loop, % size
  50.     v:=*p++
  51.     , hash1:=(hash1*31  +v)&0xFFFFFFFF
  52.     , hash2:=(hash2*131 +v)&0xFFFFFFFF
  53.     , hash3:=(hash3*1313+v)&0xFFFFFFFF
  54.   SetBatchLines, %bch%
  55.   ListLines, %lls%
  56.   return, hash1 "-" hash2 "-" hash3
  57. }
  59. Tcc(s, win64=0)
  60. {
  61.   dir:=A_IsCompiled ? A_ScriptDir : RegExReplace(A_AhkPath,"\\[^\\]+$")
  62.   ;-----------------------------
  63.   exe1:=dir (win64 ? "\TCC-64\tcc.exe" : "\TCC-32\tcc.exe")
  64.   ;-----------------------------
  65.   IfNotExist, %exe1%
  66.   {
  67.     MsgBox, 4096, Tip, Can't Find %exe1% !
  68.     return
  69.   }
  70.   ;-----------------------------
  71.   add0=`n int _Flag0_%A_Now%() { return 0x11110000; } `n
  72.   add1=`n int _Flag1_%A_Now%() { return 0x11111111; } `n
  73.   add2=`n int _Flag2_%A_Now%() { return 0x11111111; } `n
  74.   add3=`n int _Flag3_%A_Now%() { return 0x11111111; } `n
  75.   s:=add0 . add1 . add2 . s . add3
  76.   ;-----------------------------
  77.   FileDelete, % cpp:=dir "\5.c"
  78.   FileDelete, % obj:=dir "\5.obj"
  79.   FileDelete, % log:=dir "\5.log"
  80.   FileAppend, % StrReplace(s,"`r"), %cpp%
  81.   SplitPath, ComSpec, cmd
  82.   Loop
  83.   {
  84.     Process, Exist, %cmd%
  85.     if !(pid:=ErrorLevel)
  86.       Break
  87.     Process, Close, %pid%
  88.     Process, WaitClose, %pid%, 3
  89.   }
  90.   arg:=(win64 ? "-m64":"-m32") . " -O2"
  91.   RunWait, %ComSpec% /c ""%exe1%" %arg% -c -o "%obj%" "%cpp%" 2>"%log%""
  92.     ,, Hide
  93.   IfNotExist, %obj%
  94.   {
  95.     FileRead, s, %log%
  96.     FileDelete, %cpp%
  97.     FileDelete, %log%
  98.     MsgBox, 4096, Tip, C Compile Error`n`n%s%
  99.     return
  100.   }
  101.   hex:=bin2hex(obj)
  102.   ;-----------------------------
  103.   p1:=RegExMatch(hex,"i)B811111111.{0,2}?C3",r)
  104.   p2:=InStr(hex,r,0,p1+1), p3:=InStr(hex,r,0,0)
  105.   len:=p2-p1, i:=(r="B811111111C3") ? p2+len : p2+StrLen(r)
  106.   hex:=(p1 and p2) ? SubStr(hex,i,p3-p2-len) : ""
  107.   ;-----------------------------
  108.   FileDelete, %cpp%
  109.   FileDelete, %obj%
  110.   FileDelete, %log%
  111.   return, hex
  112. }
  114. bin2hex(obj)
  115. {
  116.   ListLines, % "Off" (lls:=A_ListLines=0 ? "Off":"On")/0
  117.   SetBatchLines, % "-1" (bch:=A_BatchLines)/0
  118.   VarSetCapacity(bin,1024), VarSetCapacity(bin,0)
  119.   FileRead, bin, *c %obj%
  120.   size:=VarSetCapacity(bin), p:=&bin
  121.   VarSetCapacity(hex, (2*size+1)*(1+!!A_IsUnicode))
  122.   SetFormat, IntegerFast, % "H" (fmt:=A_FormatInteger)/0
  123.   Loop, %size%
  124.     hex.=SubStr(0x100+(*p++),-1)
  125.   SetFormat, IntegerFast, %fmt%
  126.   SetBatchLines, %bch%
  127.   ListLines, %lls%
  128.   return, hex
  129. }
  131. MCode(ByRef code, hex)
  132. {
  133.   ListLines, % "Off" (lls:=A_ListLines=0 ? "Off":"On")/0
  134.   SetBatchLines, % "-1" (bch:=A_BatchLines)/0
  135.   VarSetCapacity(code, len:=StrLen(hex)//2)
  136.   Loop, % len
  137.     NumPut("0x" SubStr(hex,2*A_Index-1,2),code,A_Index-1,"uchar")
  138.   DllCall("VirtualProtect","ptr",&code,"ptr",len,"uint",0x40,"ptr*",0)
  139.   SetBatchLines, %bch%
  140.   ListLines, %lls%
  141. }
  143. ;
声明:本站所有文章,如无特殊说明或标注,均为本站原创发布。任何个人或组织,在未征得本站同意时,禁止复制、盗用、采集、发布本站内容到任何网站、书籍等各类媒体平台。如若本站内容侵犯了原著者的合法权益,可联系我们进行处理。
MCode机器码
其他教程

Excel数据拆分发邮件

2020-3-27 20:26:21

其他教程

后台发送按键和操作鼠标 By FeiYue

2020-4-1 12:59:38

0 条回复 A文章作者 M管理员
欢迎您,新朋友,感谢参与互动!
    暂无讨论,说说你的看法吧

请输入验证码

请输入图片中的验证码
点击发送按钮获取验证码

取消
×
×
¥undefined
请打开手机使用微信扫码支付
×

....支付确认中....

×
支付金额

undefined
×
积分支付
您当前的积分为0

检测到您未绑定微信账户,请先绑定微信

立刻绑定
确定
×

举报

请选择举报类型*

政治有害
不友善
垃圾广告
违法违规
色情低俗
涉嫌侵权
网络暴力
涉未成年
自杀自残
不实信息
引人不适
抄袭
扰乱社区秩序
请输入举报内容 *

举报提交后,我们会以邮件的形式向您反馈处理结果。

×

打开微信扫一扫

扫码并「关注我们的公众号」安全快捷登录

×

下载海报:

解锁会员权限

开通会员

解锁海量优质VIP资源

立刻开通

个人中心
购物车
优惠劵
私信列表
搜索
客服

  • 扫码打开当前页

返回顶部