Код (Text): invoke LoadIcon, hInstance, ID_TESTICO invoke SendMessage, hWnd, WM_SETICON, ICON_SMALL, eax a part shellcode Код (Text): _xcall [_LoadIcon], [_wc.hInstance], ID_TESTICO _xcall [_SendMessage], hWnd, WM_SETICON, ICON_SMALL, eax the above code can't work.
dcskm4200, for instance, try this: Код (Text): _xcall [_LoadIcon], 0, 32515 If window icon changes to “yellow exclamation sign” - check availability of resources in module, pointed by [_wc.hInstance]. Anyway, you should analyze return value of LoadIcon, to understand, what's happening when you try to load your icon. If eax!=0, you should call GetLastError an find - what's the problem it was. btw, why the heck you need an icon in shellcode?!? )))
Hello G13,regiomontanus,W4FhLF thanks your response. every exe file has his resource which included ico. i knew how add some code(shellcode) into the exe file. but the shellcode can only use the ico that owned the exe file or the system ico(etc. IDI_APPLICATION). some code can change the ico of an exe file. how add an ico outside the exe is my question.
First, LoadIcon need a handle to loaded module. If module isn't loaded, we shoud fix it - by casting LoadLibrary: Код (Text): .data szMojuruNamae db "module.exe",0 .code push offset szMojuruNamae call LoadLibrary .if eax!=0 push eax ; save handle in stack push 500 ; Icon ID in module push eax call LoadIcon push eax push ICON_BIG ;ICON_SMALL push WM_SETICON push hWin call SendMessage call FreeLibrary ;parameter is already in stack ;.if eax==0 ; call _debug ;.endif ;.else ; call _debug .endif If external icon is in .ico, you could use LoadImage with LR_LOADFROMFILE instead.
the code maybe easily change into shellcode. but it can change the Exe file's ICO which i don't need. where is wrong? Код (Text): .386 .Model Flat, StdCall Option Casemap :None include \masm32\include\windows.inc include \masm32\include\user32.inc include \masm32\include\kernel32.inc includelib \masm32\lib\user32.lib includelib \masm32\lib\kernel32.lib GROUPICON struct ;22 bytes Reserved1 WORD ? ResourceType WORD ? ImageCount WORD ? _Width BYTE ? _Height BYTE ? Colors BYTE ? Reserved2 BYTE ? Planes WORD ? BitsPerPixel WORD ? ImageSize DWORD ? ResourceID WORD ? GROUPICON ends .data hFileIcon dd 0 hUpdateRes dd 0 dwFileIconSize dd 0 szTargetExe db "mm.exe",0 szMyIcon db "xx.ico",0 .code MAKELANGID proc usPrimaryLanguage:USHORT, usSubLanguage:USHORT movzx eax, usPrimaryLanguage movzx ebx, usSubLanguage shl ebx, 10 or eax, ebx ret MAKELANGID endp InjectMainIcon proc uses ebx ecx edx esi edi lpExeFile:DWORD,lpMyIcon:DWORD LOCAL lpBuf :DWORD LOCAL dwBytesTouched :DWORD LOCAL grDate :GROUPICON LOCAL LanguageId :DWORD LOCAL lpBufSize_22 :DWORD invoke BeginUpdateResource,lpExeFile,FALSE mov hUpdateRes,eax invoke CreateFile, lpMyIcon, GENERIC_READ,FILE_SHARE_READ, 0, OPEN_EXISTING, 0, 0 test eax,eax js _exit mov hFileIcon,eax invoke GetFileSize, hFileIcon, 0 mov dwFileIconSize,eax invoke GlobalAlloc,GPTR,dwFileIconSize mov lpBuf,eax invoke ReadFile,hFileIcon,lpBuf,dwFileIconSize,ADDR dwBytesTouched,0 invoke CloseHandle,hFileIcon invoke MAKELANGID,LANG_ENGLISH,SUBLANG_DEFAULT mov LanguageId,eax mov ebx,lpBuf add ebx,22;sizeof GROUPICON mov edx,dwFileIconSize sub edx,22;sizeof GROUPICON mov lpBufSize_22,edx invoke UpdateResource,hUpdateRes,RT_ICON,1,LanguageId,ebx,lpBufSize_22 invoke RtlZeroMemory,addr grDate,sizeof grDate mov ax,1 mov grDate.ResourceType, ax mov grDate.ImageCount,ax mov al,32 mov grDate._Width,al mov grDate._Height,al mov ax,2 mov grDate.Planes,ax mov ax,32 mov grDate.BitsPerPixel,ax push lpBufSize_22 pop grDate.ImageSize mov ax,1 mov grDate.ResourceID,ax invoke UpdateResource,hUpdateRes,RT_GROUP_ICON,1,LanguageId,addr grDate,SIZEOF grDate invoke EndUpdateResource,hUpdateRes,FALSE invoke GlobalFree,lpBuf _exit: ret InjectMainIcon endp start: invoke InjectMainIcon,addr szTargetExe,addr szMyIcon invoke ExitProcess, 0 end start
