Hi all, i just started with asm and found the fasm compiler which is great. I tried out the example programs provided in the %fasmdir%examples\

Well i started with the template (%fasmdir%examples\template\template.asm) to see if it would be possible to (by using ollydbg) replacing the function names with addresses so that way it wouldn't be needed to include api\kernel32.inc and api\user32.inc

This is the source code (the row that im having trouble with is marked with <--):
; Template for program using standard Win32 headers

format PE GUI 4.0
entry start

include 'win32w.inc'

section '.data' data readable writeable

  _class TCHAR 'asdf',0
  _title TCHAR 'test',0
  _error TCHAR 'Startup failed.',0

  wc WNDCLASS 0, WindowProc, 0, 0, NULL, NULL, NULL, COLOR_BTNFACE + 1, NULL, _class

  msg MSG

section '.code' code readable executable

        push    0
        call    0x7608427B
;GetModuleHandleA = 0x7608427B
        mov     [wc.hInstance], eax
        push    32512
;IDI_HAND        = 32513
;IDI_QUESTION    = 32514
;IDI_ASTERISK    = 32516
;IDI_WINLOGO     = 32517
        push    0
        call    0x762986D8
;LoadIcon = 0x762986D8
        mov     [wc.hIcon], eax
        push    32512
;IDC_ARROW       = 32512
;IDC_IBEAM       = 32513
;IDC_WAIT        = 32514
;IDC_CROSS       = 32515
;IDC_UPARROW     = 32516
;IDC_SIZE        = 32640
;IDC_ICON        = 32641
;IDC_SIZENWSE    = 32642
;IDC_SIZENESW    = 32643
;IDC_SIZEWE      = 32644
;IDC_SIZENS      = 32645
;IDC_NO          = 32648
;IDC_HAND        = 32649
;IDC_HELP        = 32651
        push    0
        call    0x7629862C
;LoadCursor = 0x7629862C
        mov     [wc.hCursor], eax
        push    wc
        call    0x7628F923
;RegisterClass = 0x7628F923
        test    eax, eax
        jz      error
        push    0;NULL
        push    [wc.hInstance]
        push    0;NULL
        push    0;NULL
        push    192
        push    256
        push    128
        push    128
        push    010000000h + 000400000h + 000080000h
;WS_OVERLAPPED   = 000000000h
;WS_ICONICPOPUP  = 0C0000000h
;WS_POPUP        = 080000000h
;WS_CHILD        = 040000000h
;WS_MINIMIZE     = 020000000h
;WS_VISIBLE      = 010000000h
;WS_DISABLED     = 008000000h
;WS_CLIPSIBLINGS = 004000000h
;WS_CLIPCHILDREN = 002000000h
;WS_MAXIMIZE     = 001000000h
;WS_CAPTION      = 000C00000h
;WS_BORDER       = 000800000h
;WS_DLGFRAME     = 000400000h
;WS_VSCROLL      = 000200000h
;WS_HSCROLL      = 000100000h
;WS_SYSMENU      = 000080000h
;WS_THICKFRAME   = 000040000h
;WS_HREDRAW      = 000020000h
;WS_VREDRAW      = 000010000h
;WS_GROUP        = 000020000h
;WS_TABSTOP      = 000010000h
;WS_MINIMIZEBOX  = 000020000h
;WS_MAXIMIZEBOX  = 000010000h
        push    _title
        push    _class
        push    0
        call    0x762985F0
;CreateWindowEx = 0x762985F0
        test    eax, eax
        jz      error

        push    0
        push    0
        push    0;NULL
        push    msg
        call    0x762A19A2
;GetMessage = 0x762A19A2
        cmp     eax, 1
        jb      end_loop
        jne     msg_loop
        push    msg
        call    0x762A2AA1
;TranslateMessage = 0x762A2AA1
        push    msg
        call    0x762A2A89
;DispatchMessage = 0x762A2A89
        jmp     msg_loop

        push    000010h + 000000h
;MB_OK                   = 000000h
;MB_OKCANCEL             = 000001h
;MB_YESNOCANCEL          = 000003h
;MB_YESNO                = 000004h
;MB_RETRYCANCEL          = 000005h
;MB_ICONHAND             = 000010h
;MB_ICONQUESTION         = 000020h
;MB_ICONEXCLAMATION      = 000030h
;MB_ICONASTERISK         = 000040h
;MB_USERICON             = 000080h
;MB_DEFBUTTON1           = 000000h
;MB_DEFBUTTON2           = 000100h
;MB_DEFBUTTON3           = 000200h
;MB_DEFBUTTON4           = 000300h
;MB_APPLMODAL            = 000000h
;MB_SYSTEMMODAL          = 001000h
;MB_TASKMODAL            = 002000h
;MB_HELP                 = 004000h
;MB_NOFOCUS              = 008000h
;MB_SETFOREGROUND        = 010000h
;MB_TOPMOST              = 040000h
;MB_RIGHT                = 080000h
;MB_RTLREADING           = 100000h
        push    0;NULL
        push    _error
        push    NULL
        call    0x762DFBD5
;MessageBox = 0x762DFBD5

        push    [msg.wParam]
        call    0x7607D85E
;ExitProcess = 0x7607D85E

proc WindowProc hwnd, wmsg, wparam, lparam
        push    ebx esi edi
        cmp     [wmsg], 0002h
;WM_STATE                  = 0000h
;WM_NULL                   = 0000h
;WM_CREATE                 = 0001h
;WM_DESTROY                = 0002h
;WM_MOVE                   = 0003h
;WM_SIZE                   = 0005h
;WM_ACTIVATE               = 0006h
;WM_SETFOCUS               = 0007h
;WM_KILLFOCUS              = 0008h
;WM_ENABLE                 = 000Ah
;WM_SETREDRAW              = 000Bh
;WM_SETTEXT                = 000Ch
;WM_GETTEXT                = 000Dh
;WM_GETTEXTLENGTH          = 000Eh
;WM_PAINT                  = 000Fh
;WM_CLOSE                  = 0010h
;WM_QUERYENDSESSION        = 0011h
;WM_QUIT                   = 0012h
;WM_QUERYOPEN              = 0013h
;WM_ERASEBKGND             = 0014h
;WM_SYSCOLORCHANGE         = 0015h
;WM_ENDSESSION             = 0016h
;WM_SYSTEMERROR            = 0017h
;WM_SHOWWINDOW             = 0018h
;WM_CTLCOLOR               = 0019h
;WM_WININICHANGE           = 001Ah
;WM_DEVMODECHANGE          = 001Bh
;WM_ACTIVATEAPP            = 001Ch
;WM_FONTCHANGE             = 001Dh
;WM_TIMECHANGE             = 001Eh
;WM_CANCELMODE             = 001Fh
;WM_SETCURSOR              = 0020h
;WM_MOUSEACTIVATE          = 0021h
;WM_CHILDACTIVATE          = 0022h
;WM_QUEUESYNC              = 0023h
;WM_GETMINMAXINFO          = 0024h
;WM_PAINTICON              = 0026h
;WM_ICONERASEBKGND         = 0027h
;WM_NEXTDLGCTL             = 0028h
;WM_SPOOLERSTATUS          = 002Ah
;WM_DRAWITEM               = 002Bh
;WM_MEASUREITEM            = 002Ch
;WM_DELETEITEM             = 002Dh
;WM_VKEYTOITEM             = 002Eh
;WM_CHARTOITEM             = 002Fh
;WM_SETFONT                = 0030h
;WM_GETFONT                = 0031h
;WM_SETHOTKEY              = 0032h
;WM_QUERYDRAGICON          = 0037h
;WM_COMPAREITEM            = 0039h
;WM_COMPACTING             = 0041h
;WM_COMMNOTIFY             = 0044h
;WM_POWER                  = 0048h
;WM_COPYDATA               = 004Ah
;WM_CANCELJOURNAL          = 004Bh
;WM_NOTIFY                 = 004Eh
;WM_INPUTLANGCHANGE        = 0051h
;WM_TCARD                  = 0052h
;WM_HELP                   = 0053h
;WM_USERCHANGED            = 0054h
;WM_NOTIFYFORMAT           = 0055h
;WM_CONTEXTMENU            = 007Bh
;WM_STYLECHANGING          = 007Ch
;WM_STYLECHANGED           = 007Dh
;WM_DISPLAYCHANGE          = 007Eh
;WM_GETICON                = 007Fh
;WM_SETICON                = 0080h
;WM_NCCREATE               = 0081h
;WM_NCDESTROY              = 0082h
;WM_NCCALCSIZE             = 0083h
;WM_NCHITTEST              = 0084h
;WM_NCPAINT                = 0085h
;WM_NCACTIVATE             = 0086h
;WM_GETDLGCODE             = 0087h
;WM_NCMOUSEMOVE            = 00A0h
;WM_NCLBUTTONDOWN          = 00A1h
;WM_NCLBUTTONUP            = 00A2h
;WM_NCRBUTTONDOWN          = 00A4h
;WM_NCRBUTTONUP            = 00A5h
;WM_NCMBUTTONDOWN          = 00A7h
;WM_NCMBUTTONUP            = 00A8h
;WM_KEYFIRST               = 0100h
;WM_KEYDOWN                = 0100h
;WM_KEYUP                  = 0101h
;WM_CHAR                   = 0102h
;WM_DEADCHAR               = 0103h
;WM_SYSKEYDOWN             = 0104h
;WM_SYSKEYUP               = 0105h
;WM_SYSCHAR                = 0106h
;WM_SYSDEADCHAR            = 0107h
;WM_KEYLAST                = 0108h
;WM_INITDIALOG             = 0110h
;WM_COMMAND                = 0111h
;WM_SYSCOMMAND             = 0112h
;WM_TIMER                  = 0113h
;WM_HSCROLL                = 0114h
;WM_VSCROLL                = 0115h
;WM_INITMENU               = 0116h
;WM_INITMENUPOPUP          = 0117h
;WM_MENUSELECT             = 011Fh
;WM_MENUCHAR               = 0120h
;WM_ENTERIDLE              = 0121h
;WM_MENURBUTTONUP          = 0122h
;WM_MENUDRAG               = 0123h
;WM_MENUGETOBJECT          = 0124h
;WM_UNINITMENUPOPUP        = 0125h
;WM_MENUCOMMAND            = 0126h
;WM_CTLCOLORMSGBOX         = 0132h
;WM_CTLCOLOREDIT           = 0133h
;WM_CTLCOLORLISTBOX        = 0134h
;WM_CTLCOLORBTN            = 0135h
;WM_CTLCOLORDLG            = 0136h
;WM_CTLCOLORSTATIC         = 0138h
;WM_MOUSEFIRST             = 0200h
;WM_MOUSEMOVE              = 0200h
;WM_LBUTTONDOWN            = 0201h
;WM_LBUTTONUP              = 0202h
;WM_LBUTTONDBLCLK          = 0203h
;WM_RBUTTONDOWN            = 0204h
;WM_RBUTTONUP              = 0205h
;WM_RBUTTONDBLCLK          = 0206h
;WM_MBUTTONDOWN            = 0207h
;WM_MBUTTONUP              = 0208h
;WM_MBUTTONDBLCLK          = 0209h
;WM_MOUSEWHEEL             = 020Ah
;WM_MOUSELAST              = 020Ah
;WM_PARENTNOTIFY           = 0210h
;WM_ENTERMENULOOP          = 0211h
;WM_EXITMENULOOP           = 0212h
;WM_NEXTMENU               = 0213h
;WM_SIZING                 = 0214h
;WM_CAPTURECHANGED         = 0215h
;WM_MOVING                 = 0216h
;WM_POWERBROADCAST         = 0218h
;WM_DEVICECHANGE           = 0219h
;WM_MDICREATE              = 0220h
;WM_MDIDESTROY             = 0221h
;WM_MDIACTIVATE            = 0222h
;WM_MDIRESTORE             = 0223h
;WM_MDINEXT                = 0224h
;WM_MDIMAXIMIZE            = 0225h
;WM_MDITILE                = 0226h
;WM_MDICASCADE             = 0227h
;WM_MDIICONARRANGE         = 0228h
;WM_MDIGETACTIVE           = 0229h
;WM_MDISETMENU             = 0230h
;WM_ENTERSIZEMOVE          = 0231h
;WM_EXITSIZEMOVE           = 0232h
;WM_DROPFILES              = 0233h
;WM_MDIREFRESHMENU         = 0234h
;WM_IME_SETCONTEXT         = 0281h
;WM_IME_NOTIFY             = 0282h
;WM_IME_CONTROL            = 0283h
;WM_IME_SELECT             = 0285h
;WM_IME_CHAR               = 0286h
;WM_IME_KEYDOWN            = 0290h
;WM_IME_KEYUP              = 0291h
;WM_MOUSEHOVER             = 02A1h
;WM_MOUSELEAVE             = 02A3h
;WM_CUT                    = 0300h
;WM_COPY                   = 0301h
;WM_PASTE                  = 0302h
;WM_CLEAR                  = 0303h
;WM_UNDO                   = 0304h
;WM_RENDERFORMAT           = 0305h
;WM_DRAWCLIPBOARD          = 0308h
;WM_PAINTCLIPBOARD         = 0309h
;WM_SIZECLIPBOARD          = 030Bh
;WM_CHANGECBCHAIN          = 030Dh
;WM_PALETTECHANGED         = 0311h
;WM_HOTKEY                 = 0312h
;WM_PRINT                  = 0317h
;WM_PRINTCLIENT            = 0318h
;WM_HANDHELDFIRST          = 0358h
;WM_HANDHELDLAST           = 035Fh
;WM_AFXFIRST               = 0360h
;WM_AFXLAST                = 037Fh
;WM_PENWINFIRST            = 0380h
;WM_PENWINLAST             = 038Fh
;WM_COALESCE_FIRST         = 0390h
;WM_COALESCE_LAST          = 039Fh
;WM_USER                   = 0400h
        je      .wmdestroy
        push    [lparam]
        push    [wparam]
        push    [wmsg]
        push    [hwnd]
        call    [DefWindowProcW];0x762A1D90 <-- The program works fine with [DefWindowProcW]
        ;but if it is changed to the address 0x762A1D90 the program will crash. any ideas
        ;to why this might happen, and how can it be fixed?
;DefWindowProc = 0x762A1D90
        jmp     .finish
        push    0
        call    0x762921DF
;PostQuitMessage = 0x762921DF
        xor     eax, eax
        pop     edi esi ebx

section '.idata' import data readable writeable

  library kernel32,'KERNEL32.DLL',\

  include 'api\user32.inc'

;  dd 0, 0, 0, RVA user_name, RVA user_table

;  user_table:
;    DefWindowProcW dd RVA _DefWindowProcW
;    dd 0

;  user_name db 'USER32.DLL', 0

;  _DefWindowProcW dw 0
;    db 'DefWindowProcW', 0

;section '.reloc' fixups data readable discardable    

This row is the i cant get to work:
        call    [DefWindowProcW];0x762A1D90 <-- The program works fine with [DefWindowProcW]
        ;but if it is changed to the address 0x762A1D90 the program will crash. any ideas
        ;to why this might happen, and how can it be fixed?    

Here is a screenshot from ollydbg which will show the address of the [DefWindowProcW] function.


Hope you guys know what ive done wrong, and also is there a way to define TCHAR somehow and the others needed so by doing that not having to include any libraries?

Thx for the help

cheers /dw0rek

thank you for your reply.

no i did not use call [0x762A1D90]

i first try with
call    [DefWindowProcW]    

then everything works just fine like it should. but when i replace it to this:
call    0x762A1D90    

it doesnt work anymore. this is a bit strange to me since ive used the same way of replacing all the other function calls with their address.

Im sure there is something that im missing but like i said i just started out with asm and would appreciate if you guys could help out.

This is the problem signature:
  Problem Event Name:   APPCRASH
  Application Name:     TEMPLATE.exe
  Application Version:
  Application Timestamp:        45c6e7a5
  Fault Module Name:    StackHash_1ce9
  Fault Module Version:
  Fault Module Timestamp:       00000000
  Exception Code:       c0000005
  Exception Offset:     762986d8
  OS Version:   6.0.6000.
  Locale ID:    1033
  Additional Information 1:     1ce9
  Additional Information 2:     36da68bdbac70af0c8325c2c9239f49e
  Additional Information 3:     bcdc
  Additional Information 4:     954b3c412b38dd2f446ab2854d4b5865    

not sure if it tells you guys much, i cant really see what is wrong may-b you can?

Anyways, thx for the help.

cheers /dw0rek

Verbosity in development

I guess you mean with getting rid of includes is related to imports:
http://board.flatassembler.net/topic.php?t=5808 for tips how to manually build smaller but working IAT.

http://board.flatassembler.net/topic.php?t=5436 for two different procs to manage imports w/GetProcAddress and few tips how to get address of GetProcAddress w/o importing it.

and here is the code/method I use in some of my projects:
; - okasvi
;apihash-macro is taken from fasm-board, iirc...
format PE gui
        ;macros and equs
macro apihash destination, [args]
        common local ..result, ..char, ..temp
        virtual at 0
                db args
                db 0
                ..result = 0
                ..temp = 0
                repeat $
                        load ..char byte from % - 1
                        if ..char = 0
                        end if
                        ..temp   = (..temp and 0xffffff00) or ..char
                        ..temp   = ..temp shl 25 or ..temp shr 7
                        ..result = ..result xor ..temp
                end repeat
        end virtual
        destination dd ..result and 0xffffffff

pad_size equ 32
pad_eax  equ 28
pad_ecx  equ 24
pad_edx  equ 20
pad_ebx  equ 16
pad_esp  equ 12
pad_ebp  equ 8
pad_esi  equ 4
pad_edi  equ 0
entry $
                call    krnl32base
                test    eax, eax
                jz      error

                push    [LoadLibrary]
                push    eax
                call    gpaddr
                mov     [LoadLibrary], eax

                mov     esi, ApiTable
        .l1:    push    esi
                call    [LoadLibrary]
                mov     ebp, eax
                call    iez

        .l2:    push    dword [esi]
                push    ebp
                call    gpaddr
                mov     [esi], eax

                add     esi, 4
                mov     eax, [esi]
                test    eax, eax
                jnz     .l2
                                        ;I'm lazy&dealing w/hangover.
                                        ;The part of my brain which
                                        ;is supposed to think
                                        ;logically refuses to work.
                add     esi, 4
                mov     eax, [esi]
                test    eax, eax
                jz      .l3
                jmp     .l1
                push    0
                push    capt
                push    msg
                push    0
                call    [MessageBox]

                xor     eax, eax
                jmp     done
error:          mov     eax, 1
done:           push    eax
                call    [ExitProcess]
        ;get kernel32.dll baseaddress
                xor     eax, eax
                mov     eax, [fs:eax+30h]
                test    eax,eax
                js      .err
                mov     eax, [eax+0ch]
                mov     esi, [eax+1ch]
                mov     eax, [eax+08h]
                mov     [esp+pad_eax], eax
                jmp     .ret
        .err:   xor     eax, eax
                mov     [esp+pad_eax], eax
        .ret:   popad
        ;counter                [esp-4]
        ;baddr                  [esp+4]
        ;hash                   [esp+8]
                mov     edi, [esp+pad_size+4]
                mov     ebp, [esp+pad_size+8]
                sub     esp, 4
                mov     edi, [esp+pad_size+4+4]
                add     edi, [edi+03ch]
                mov     edi, [edi+078h]
                add     edi, [esp+pad_size+4+4]
                mov     ebx, edi
                mov     eax, [edi+018h]
                mov     esi, [edi+020h]
                mov     ecx, eax
                mov     [esp], eax
                add     esi, [esp+pad_size+4+4]
                inc     ecx
                sub     esi, 4
        .l1:    add     esi, 4
                dec     ecx
                jz      .err
                mov     edi, [esi]
                add     edi, [esp+pad_size+4+4]
                push    edi
                call    hashz
                cmp     eax, ebp
                jnz     .l1
                mov     esi, [ebx+024h]
                neg     ecx
                add     ecx, [esp]
                shl     ecx, 1
                add     esi, ecx
                add     esi, [esp+pad_size+4+4]
                movzx   eax, word [esi]
                mov     esi, [ebx+01ch]
                shl     eax, 2
                add     esi, [esp+pad_size+4+4]
                add     esi, eax
                mov     edi, [esi]
                add     edi, [esp+pad_size+4+4]
                jmp     .ret
        .err:   xor     eax, eax
        .ret:   add     esp, 4
                mov     [esp+pad_eax], edi
                retn    8
        ;inc esi until 0byte. esi=0byte+1
                push    eax
        .l1:    mov     al, byte [esi]
                inc     esi
                test    al, al
                jnz     .l1
                pop     eax
        ;str    [esp+4]
        ;hash asciiZ-string
                mov     esi, dword [esp+pad_size+4]
                xor     edx, edx
                xor     eax, eax
      .l1:      ror     eax, 7
                xor     edx, eax
                test    al, al
                jnz     .l1
                mov     [esp+pad_eax], edx
                retn    4
        msg     db      'humm',0
        capt    db      'bleh',0
        apihash LoadLibrary,            'LoadLibraryA'
        kernel32        db      'kernel32',0
        apihash Sleep,                  'Sleep'
                                dd      0
        user32          db      'user32',0
        apihash MessageBox,             'MessageBoxA'
                                dd      0
                                dd      0;marks the end of the hashes
                ExitProcess     dd      RVA _ExitProcess
                                dw      0
                _ExitProcess    db      0,0,'ExitProcess',0
        _krnl32                 db      'kernel32'
data import
        dd      0,0,0, RVA _krnl32, RVA krnl32
        dd      0,0,0,0,0
end data
        ;reserved data
        EOF     rd      1    

edit: code above is just an example how to not rely on GetProcAddressA@kernel32.dll, how to keep your executables IAT clean and how to hide your imports as there is no string pointing to APIs you use.

btw. my gpaddr doesnt support forwarded-exports so incase it fails to get addr of some APIs like HeapAlloc@kernel32.dll you need to see where it's really located and there should be string which you see while it crashes under debugger(something like NTDLL.RtlAllocateHeap = make it import it directly from there...)

dw0rek wrote:
i mean the includes that defines the function names. I.E. MessageBoxA.

well, you could do it this way:
data import
        library kernel32,       'kernel32'  ,\
                user32,         'user32'

        import  kernel32,       \
                ExitProcess,    'ExitProcess'   ,\
                ReadFile,       'ReadFile'      ,\
                WriteFile,      'WriteFile'     ,\
                Sleep,          'Sleep'

        import  user32,\
                MessageBox,     'MessageBoxA'
end data     

instead of including INCLUDE\API\KERNEL32.INC & USER32.inc which do define the name of APIs you use...

I hope I didnt miss the point of 'getting rid of includes' again Smile

