flat assembler
Message board for the users of flat assembler.

Home Search Register
Log in to check your private messages Log in

Index > Windows > [Source]Simulate GetWindowsDirectory
Author
Thread Post new topic Reply to topic
krackwar



Joined: 24 May 2008
Posts: 13
Location: Chile
krackwar 06 Sep 2008, 21:41
Code:
;This source simulate the api GetWindowsDirectory
;Autor:Krackwar 
include 'win32ax.inc'

  .data
  ruta db 0
.code
start:

      buscap:
                inc ebp
                cmp word[ebp],':'
                jne buscap
                sub ebp,2
               unir:
               invoke lstrcat ,ruta,ebp
               add  ebp,2
               cmp word[ebp],'\'
                JE ver
                JNe unir
     mostrar:
      invoke MessageBox,0,ruta,0,0
       push 0
       call[ExitProcess]
       ver:
mov ecx,100h  ;supuesto tamaño de la cadena
mov al,'\'        ;caracter separador
mov edi,ruta
repne scasb    ;compara hasta que se cumpla la condicion
 jne unir
 JE mostrar
       jmp unir
      .end start
Post 06 Sep 2008, 21:41
View user's profile Send private message Reply with quote
baldr



Joined: 19 Mar 2008
Posts: 1651
baldr 07 Sep 2008, 15:05
krackwar,

Doesn't include 'win32ax.inc' contradicts the cmp word[bp],':'?

Hint: A vs. W. It's always good to try to compile example and run it. Wink
Post 07 Sep 2008, 15:05
View user's profile Send private message Reply with quote
krackwar



Joined: 24 May 2008
Posts: 13
Location: Chile
krackwar 08 Sep 2008, 02:40
baldr wrote:
krackwar,

Doesn't include 'win32ax.inc' contradicts the cmp word[bp],':'?

Hint: A vs. W. It's always good to try to compile example and run it. Wink
The code is run....
Post 08 Sep 2008, 02:40
View user's profile Send private message Reply with quote
LocoDelAssembly
Your code has a bug


Joined: 06 May 2005
Posts: 4623
Location: Argentina
LocoDelAssembly 08 Sep 2008, 03:02
WinXP SP3 without source modification
Code:
---------------------------
Error
---------------------------
C:\WINDOWS
---------------------------
Aceptar   
---------------------------


With baldr suggestion:
Code:
---------------------------
Error
---------------------------
C:\WINDOWS\WinSxs\:\WINDOWS\WinSxs\
---------------------------
Aceptar   
---------------------------


I suppose it works* because lstrcatA is copying char by char and krackwar's algorithm stops at the second slash so this algorithm has some kind of Unicode to ASCII built-in functionality. (If someone can verify my "claims" please do it since I have spent too few time on OllyDgb with this snippet so it is just a guess).

*works in the sense that it shows "C:\WINDOWS" but I'm not assuring that this snippet will always provide the correct path.
Post 08 Sep 2008, 03:02
View user's profile Send private message Reply with quote
f0dder



Joined: 19 Feb 2004
Posts: 3174
Location: Denmark
f0dder 08 Sep 2008, 17:01
Code that depends on initial register value on program startup? Yay, that's never going to break.
Post 08 Sep 2008, 17:01
View user's profile Send private message Reply with quote
baldr



Joined: 19 Mar 2008
Posts: 1651
baldr 27 Sep 2008, 20:03
krackwar wrote:
baldr wrote:
krackwar,

Doesn't include 'win32ax.inc' contradicts the cmp word[bp],':'?

Hint: A vs. W. It's always good to try to compile example and run it. Wink
The code is run....
I do know that it runs. I'm talking about somewhat convoluted way you've done the simple strchr*2/strcpy routine… That jne/je pairs are just marvels! Wink Don't take it as an offense, though.

There are more to find in userspace, as Windows™ extensively uses it for dirty tricks. Do you want to believe that this will not change at [their] will?

f0dder,

His code depends on previous function's (BaseProcessStart to be exact) stack frame base pointer, that's OK for some time. BP in DOS is as predictable as EBP in Windows™…

_________________
"Don't belong. Never join. Think for yourself. Peace." – Victor Stone.
Post 27 Sep 2008, 20:03
View user's profile Send private message Reply with quote
r22



Joined: 27 Dec 2004
Posts: 805
r22 28 Sep 2008, 07:56
Entertaining little hack.

On the same level as GetCurrentProcess always returning -1 and GetCurrentThread always returning -2 (Making the actual api calls dubious).

Take it for whats it's worth, an interesting hacky snippet.
Post 28 Sep 2008, 07:56
View user's profile Send private message AIM Address Yahoo Messenger Reply with quote
f0dder



Joined: 19 Feb 2004
Posts: 3174
Location: Denmark
f0dder 28 Sep 2008, 13:49
r22 wrote:
Entertaining little hack.

On the same level as GetCurrentProcess always returning -1 and GetCurrentThread always returning -2 (Making the actual api calls dubious).
...Until the days they start looking up the values via [FS:xx] instead Razz

(I find it weird that MSDN does mention the value -1, but still say that's how they're currently handled... one shouldn't really be documentation implementation details. MSDN also does say "it is best to call GetCurrentProcess instead of hard-coding this constant value").

r22 wrote:
Take it for whats it's worth, an interesting hacky snippet.
Yeah... cute, but definitely not something you should use outside 4k intros/whatever Smile

_________________
carpe noctem
Post 28 Sep 2008, 13:49
View user's profile Send private message Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Main index Download Documentation Examples Message board

Copyright © 1999-2025, Tomasz Grysztar. Also on GitHub, YouTube.

Website powered by rwasa.