flat assembler
Message board for the users of flat assembler.

Index > Windows > [solved]FormatMessage

Author
Thread Post new topic Reply to topic
Overclick



Joined: 11 Jul 2020
Posts: 197
Overclick
Hi
What exactly FormatMessage have to return? Numeric text or some sort of description? I cannot get it. Few rubbish symbols only.


Description:
Filesize: 34.74 KB
Viewed: 459 Time(s)

Capture.PNG




Last edited by Overclick on 24 Aug 2020, 12:14; edited 1 time in total
Post 27 Jul 2020, 14:19
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17620
Location: In your JS exploiting you and your system
revolution
I presume this question is for the Windows API so I have moved this to the Windows forum.
Post 27 Jul 2020, 22:47
View user's profile Send private message Visit poster's website Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17620
Location: In your JS exploiting you and your system
revolution
So show your code please. We can't help you with no code.
Post 28 Jul 2020, 01:58
View user's profile Send private message Visit poster's website Reply with quote
bitRAKE



Joined: 21 Jul 2003
Posts: 3018
Location: vpcmipstrm
bitRAKE
Code:
format PE64 CONSOLE 6.2
include 'win64wxp.inc'
.code
Quilt:
invoke GetStdHandle,STD_OUTPUT_HANDLE
mov [hCon],rax
invoke GetLastError
invoke FormatMessage,FORMAT_MESSAGE_ALLOCATE_BUFFER\
\       ; always use these two together
        or FORMAT_MESSAGE_FROM_SYSTEM\
        or FORMAT_MESSAGE_IGNORE_INSERTS,\
        0,rax,0,ADDR lpBuffer,0,0
invoke WriteConsole,[hCon],[lpBuffer],eax,0,0
invoke LocalFree,[lpBuffer]
invoke ExitProcess,eax
.data
hCon            rq 1
lpBuffer        rq 1
.end Quilt    

_________________
¯\(°_o)/¯ unlicense.org
Post 22 Aug 2020, 02:12
View user's profile Send private message Visit poster's website Reply with quote
Overclick



Joined: 11 Jul 2020
Posts: 197
Overclick
Ah it was pointer... I had to read clearly, thanks bro.


Description:
Filesize: 29.59 KB
Viewed: 266 Time(s)

Capture.PNG


Post 24 Aug 2020, 12:13
View user's profile Send private message Reply with quote
Overclick



Joined: 11 Jul 2020
Posts: 197
Overclick
Quote:

; always use these two together

It some mistake?
Working fine as usual single one:
Code:
invoke  FormatMessage,FORMAT_MESSAGE_FROM_SYSTEM\
                        +0xFF,0,r15d,0,ERROR_fun_buffer,512,0    

Or you mean that keys(flags)? Any way I don't need the pointer.
Post 24 Aug 2020, 12:21
View user's profile Send private message Reply with quote
bitRAKE



Joined: 21 Jul 2003
Posts: 3018
Location: vpcmipstrm
bitRAKE
Yeah, the flags - possible security hole when FORMAT_MESSAGE_FROM_SYSTEM not accompanied by FORMAT_MESSAGE_IGNORE_INSERTS. I haven't looked into it specifically, but I'll trust MS that there is a system message that uses inserts.

_________________
¯\(°_o)/¯ unlicense.org
Post 25 Aug 2020, 05:45
View user's profile Send private message Visit poster's website Reply with quote
Overclick



Joined: 11 Jul 2020
Posts: 197
Overclick
You talking about FORMAT_MESSAGE_IGNORE_INSERTS? You probably right I will use it just in case.
Post 25 Aug 2020, 13:08
View user's profile Send private message Reply with quote
bitRAKE



Joined: 21 Jul 2003
Posts: 3018
Location: vpcmipstrm
bitRAKE
Code:
format PE64 CONSOLE 6.2 at $7FFF_FFFE_0000
include 'win64wxp.inc'

struct MSGBOXPARAMSW
cbSize                  dd ?,?
hwndOwner               dq ?
hInstance               dq ?
lpszText                dq ?
lpszCaption             dq ?
dwStyle                 dd ?,?
lpszIcon                dq ?
dwContextHelpId         dd ?,?
lpfnMsgBoxCallback      dq ?
dwLanguageId            dd ?,?
ends ; MSGBOXPARAMSW

struct HELPINFO
cbSize          dd ?
iContextType    dd ?
iCtrlId         dd ?,?
hItemHandle     dq ?
dwContextId     dd ?,?
MousePos        POINT
ends ; HELPINFO

.code

help_info:
        virtual at RCX
                .hi HELPINFO
        end virtual
        cmp [.hi.dwContextId],55555
        jnz @F
        enter 32,0
        ; don't loop back here
        and [mbp__GetLastError.dwStyle],not MB_HELP
        lea rcx,[mbp__GetLastError]
        call [MessageBoxIndirectW]
        leave
@@:     retn



Quilt:

invoke GetStdHandle,STD_OUTPUT_HANDLE
mov [hCon],rax
invoke GetLastError
mov [last_error],rax
invoke FormatMessage,FORMAT_MESSAGE_ALLOCATE_BUFFER\
\       ; always use these two together
        or FORMAT_MESSAGE_FROM_SYSTEM\
        or FORMAT_MESSAGE_IGNORE_INSERTS,0,[last_error],0,ADDR lpBuffer,0,0
invoke WriteConsole,[hCon],[lpBuffer],eax,0,0

        push [lpBuffer]
        pop [mbp__GetLastError.lpszText]
        invoke MessageBoxIndirectW,ADDR mbp__GetLastError ; display error

invoke LocalFree,[lpBuffer]
invoke ExitProcess,eax



.data
_title TCHAR "My GetLastError",0

align 8
last_error      rq 1
hCon            rq 1
lpBuffer        rq 1

mbp__GetLastError MSGBOXPARAMSW\
        cbSize:80,\
        hwndOwner:0,\
        hInstance:0,\; zero to use system icon (LoadIcon) value
        lpszCaption:_title,\
        dwStyle:MB_OK or MB_USERICON  or MB_HELP or MB_TASKMODAL,\
        lpszIcon:32518,\
        dwContextHelpId:55555,\
        lpfnMsgBoxCallback:help_info

.end Quilt    

_________________
¯\(°_o)/¯ unlicense.org
Post 12 Sep 2020, 02:18
View user's profile Send private message Visit poster's website Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2020, Tomasz Grysztar. Also on GitHub, YouTube, Twitter.

Website powered by rwasa.