basic loader (32bit/64bit)

[icrypto]

Convert to 64bit

! Done

 

include masm64rt.inc
 
.const
    filename              db    "test.exe", 0
    targetaddress         equ   004012A5h
    
    InfiniteLoopBytes     db    0EBh, 0FEh, 0
    OriginalBytesBuff     db    00h, 00h, 0
    SerialMsg             db    "Your valid serial is: %s", 10, 0
    
.data
    sinfo STARTUPINFO<>
    pinfo PROCESS_INFORMATION<>
    
    align 8
    ctx CONTEXT64<>

.data?
    RealSerialBuff        db    20+1 dup (?)
 
.code
start proc  
    invoke CreateProcessA, addr filename, NULL, 0, 0, 0, CREATE_SUSPENDED, 0, 0, addr sinfo, addr pinfo
 
    invoke ReadProcessMemory, pinfo.hProcess, targetaddress, addr OriginalBytesBuff, 2, 0
    invoke WriteProcessMemory, pinfo.hProcess, targetaddress, addr InfiniteLoopBytes, 2, 0
    invoke ResumeThread, pinfo.hThread
    
    mov    ctx.ContextFlags, CONTEXT_FULL
    invoke GetThreadContext, pinfo.hThread, addr ctx
    
    @InfiniteLoop:
    invoke GetThreadContext, pinfo.hThread, addr ctx
    .if (ctx.Rip ~= targetaddress)
    jmp @InfiniteLoop
    .endif
    
    invoke SuspendThread, pinfo.hThread
    invoke GetThreadContext, pinfo.hThread, addr ctx

    mov    rax, qword ptr ctx+120 ;; --> ctx.Rax :)
    invoke ReadProcessMemory, pinfo.hProcess, rax, addr RealSerialBuff, 20, 0
    
    invoke printf, addr  SerialMsg, addr RealSerialBuff
    invoke WriteProcessMemory, pinfo.hProcess, targetaddress, addr OriginalBytesBuff, 2, 0
    
    invoke ResumeThread, pinfo.hThread
    invoke getchar
    invoke ExitProcess, 0
    ret 0
start endp
end

.Attached 64bit build