Necromancer13
Joined: 18 Oct 2007
Posts: 32
Location: Ukraine
|
I try to write a program for chacking PE file for validation...
But I can't compile it... FASM finds some errors...
It's a code of a program...
format PE GUI 4.0
entry start
include '%fasminc%\win32a.inc'
struct SEH
PrevLink dd ?
CurrentHandler dd ?
SafeOffset dd ?
PrevEsp dd ?
PrevEbp dd ?
ends
IDD_DLG1 = 1
MAXSIZE = 512
ButtonID = 3
section '.data' data readable writeable
hInstance dd ?
CommandLine dd ?
ofn OPENFILENAME
FilterString db 'EXE-files (*.exe), DLL-files (*.dll)',0,'*.exe;*.dll',0
db 'All Files (*.*)',0,'*.*',0,0
buffer rb MAXSIZE
hFileRead dd ?
hMapFile dd ?
pMemory dd ?
seh SEH
section '.code' code readable writeable executable
start:
invoke GetModuleHandle,0
mov [hInstance],eax
invoke GetCommandLine
mov [CommandLine],eax
invoke DialogBoxParam,[hInstance],IDD_DLG1,HWND_DESKTOP,DlgProc,0
invoke ExitProcess,eax
proc DlgProc hWnd,uMsg,wParam,lParam
cmp [uMsg],WM_INITDIALOG
jz .initdialog
cmp [uMsg],WM_CLOSE
jz .wmclose
cmp [uMsg],WM_COMMAND
jz .wmcommand
mov eax,FALSE
ret
.initdialog:
mov [ofn.lStructSize],sizeof.OPENFILENAME
push [hWnd]
pop [ofn.hwndOwner]
push [hInstance]
pop [ofn.hInstance]
mov [ofn.lpstrFilter],FilterString
mov [ofn.lpstrFile],buffer
mov [ofn.nMaxFile],MAXSIZE
jmp _finish
.wmclose:
cmp [hMapFile],0
je @f
call CloseMapFile
@@:
invoke EndDialog,[hWnd],0
jmp _finish
.wmcommand:
mov eax,[wParam]
mov edx,eax
shr edx,16
cmp dx,BN_CLICKED
jne _finish
cmp ax,ButtonID
jne _finish
mov [ofn.Flags],OFN_FILEMUSTEXIST or OFN_PATHMUSTEXIST or OFN_LONGNAMES or OFN_EXPLORER or OFN_HIDEREADONLY
invoke GetOpenFileName,ofn
cmp eax,TRUE
jne _finish
invoke CreateFile,buffer,GENERIC_READ,FILE_SHARE_READ,0,OPEN_EXISTING,FILE_ATTRIBUTE_NORMAL,0
test eax,eax
je _erroropen
mov [hFileRead],eax
invoke CreateFileMapping,[hFileRead],0,PAGE_READONLY,0,0,0
test eax,eax
je _errormap
mov [hMapFile],eax
;=======================================
;=======================================
call CheckFile
FinalExit:
test ecx,ecx
jne @next
push [seh.PrevLink]
pop dword[fs:0]
invoke UnmapViewOfFile,[pMemory]
jmp @f
ValidText db 'It''s a valid PE file!',0
AppName db 'PE View',0
@@:
invoke MessageBox,HWND_DESKTOP,ValidText,AppName,MB_ICONINFORMATION
jmp _finish
@next:
push [seh.PrevLink]
pop dword[fs:0]
invoke UnmapViewOfFile,[pMemory]
jmp @f
InvalidText db 'It''s not a valid PE file!',0
@@:
invoke MessageBox,HWND_DESKTOP,InvalidText,AppName,MB_ICONERROR
jmp _finish
;=======================================
;=======================================
_finish:
mov eax,TRUE
ret
errop db 'Can not open file for reading',0
errmp db 'Can not map file',0
_erroropen:
invoke MessageBox,HWND_DESKTOP,errop,AppName,MB_ICONERROR
jmp _finish
_errormap:
invoke MessageBox,HWND_DESKTOP,errmp,AppName,MB_ICONERROR
jmp _finish
endp
proc CloseMapFile
invoke CloseHandle,[hMapFile]
mov [hMapFile],0
invoke CloseHandle,[hFileRead]
ret
endp
proc CheckFile
invoke MapViewOfFile,[hMapFile],FILE_MAP_READ,0,0,0
test eax,eax
je _mappingerror
mov [pMemory],eax
push dword[fs:0]
pop [seh.PrevLink]
mov [seh.CurrentHandler],SEHHandler
mov [seh.SafeOffset],FinalExit
mov eax,seh
mov [fs:0],eax
mov [seh.PrevEsp],esp
mov [seh.PrevEbp],ebp
mov edi,[pMemory]
cmp word[edi],'MZ'
jne .notmz
add edi,dword[edi+3Ch]
cmp dword[edi],00004550h
je _valid
xor ecx,ecx
inc ecx
ret
.notmz:
jmp @f
NotMZ db 'MZ-signature is not found!',0
@@:
invoke MessageBox,HWND_DESKTOP,NotMZ,AppName,MB_ICONERROR
xor ecx,ecx
inc ecx
ret
_mappingerror:
jmp @f
MappingError db 'Can not map file into memory!',0
@@:
invoke MessageBox,HWND_DESKTOP,MappingError,AppName,MB_ICONERROR
xor ecx,ecx
inc ecx
ret
_valid:
xor ecx,ecx
ret
endp
proc SEHHandler pExcept,pFrame,pContext,pDispatch
push edx
mov edx,[pFrame]
mov eax,[pContext]
push dword[seh.SafeOffset]
add dword[pContent],0B8h
pop dword[pContent]
sub dword[pContent],0B8h
add dword[pContent],0C4h
push dword[seh.PrevEsp]
pop dword[pContent]
sub dword[pContent],0C4h
add dword[pContent],0B4h
push dword[seh.PrevEbp]
pop dword[pContent]
sub dword[pContent],0B4h
xor ecx,ecx
inc ecx
xor eax,eax
pop edx
ret
endp
section '.idata' import data readable writeable
library user32,'user32.dll',\
kernel32,'kernel32.dll',\
comdlg32,'comdlg32.dll'
include '%fasminc%\api\user32.inc'
include '%fasminc%\api\kernel32.inc'
include '%fasminc%\api\comdlg32.inc'
section '.rsrc' resource from 'PEView.res' data readable
And it's a rc-file:
#define IDD_DLG1 1
#define IDC_GRP1 2
#define IDC_BTN1 3
IDD_DLG1 DIALOGEX 150,88,192,118
CAPTION "PE View"
FONT 10,"Comic Sans MS",400,0,204
STYLE 0x10CA0000
BEGIN
CONTROL "PE VIEW",IDC_GRP1,"Button",0x50000007,0,0,192,119
CONTROL "Open File",IDC_BTN1,"Button",0x50012F00,10,41,168,27
END
FASM finds some errors in this strings:
proc SEHHandler pExcept,pFrame,pContext,pDispatch
push edx
mov edx,[pFrame]
mov eax,[pContext]
push dword[seh.SafeOffset]
add dword[pContent],0B8h
pop dword[pContent]
sub dword[pContent],0B8h
add dword[pContent],0C4h
push dword[seh.PrevEsp]
pop dword[pContent]
sub dword[pContent],0C4h
add dword[pContent],0B4h
push dword[seh.PrevEbp]
pop dword[pContent]
sub dword[pContent],0B4h
xor ecx,ecx
inc ecx
xor eax,eax
pop edx
ret
endp
It's very hard without assume and without .IF, .ENDIF, .ELSEIF, .WHILE..
Can you advice me a good way for cheking for PE file validation or tell, where I can find a source of this program?..
Thank you:)
P.S. I am new to FASM, and I use it only for some days
_________________ FASM Rulezzzzzz!
|