flat assembler
Message board for the users of flat assembler.
Index
> Windows > masm procedure to fasm proc |
Author |
|
MHajduk 29 Mar 2008, 08:58
I hope that I've made it correctly:
Code: proc ValidPE push esi pushf cmp word [esi], 'ZM' jne .End .Exe: add esi, [esi + IMAGE_DOS_HEADER.e_lfanew] cmp word [esi], 'EP' jne .End .PE: popf pop esi mov eax, TRUE ret .End: popf pop esi mov eax, FALSE ret endp |
|||
29 Mar 2008, 08:58 |
|
tester3000 29 Mar 2008, 09:06
thanks but it doesn't work
Code: add esi, [esi + IMAGE_DOS_HEADER.e_lfanew] Error: undefined symbol |
|||
29 Mar 2008, 09:06 |
|
MHajduk 29 Mar 2008, 09:23
Include this definition into your source file:
Code: struct IMAGE_DOS_HEADER e_magic dw ? e_cblp dw ? e_cp dw ? e_crlc dw ? e_cparhdr dw ? e_minalloc dw ? e_maxalloc dw ? e_ss dw ? e_sp dw ? e_csum dw ? e_ip dw ? e_cs dw ? e_lfarlc dw ? e_ovno dw ? e_res rw 4 e_oemid dw ? e_oeminfo dw ? e_res2 rw 10 e_lfanew dd ? ends |
|||
29 Mar 2008, 09:23 |
|
tester3000 29 Mar 2008, 10:26
Still doesn't work
pe_dll: Code: format PE GUI 4.0 DLL entry DllEntryPoint include 'win32a.inc' struct IMAGE_DOS_HEADER e_magic dw ? e_cblp dw ? e_cp dw ? e_crlc dw ? e_cparhdr dw ? e_minalloc dw ? e_maxalloc dw ? e_ss dw ? e_sp dw ? e_csum dw ? e_ip dw ? e_cs dw ? e_lfarlc dw ? e_ovno dw ? e_res rw 4 e_oemid dw ? e_oeminfo dw ? e_res2 rw 10 e_lfanew dd ? ends section '.code' code readable executable proc DllEntryPoint hinstDLL,fdwReason,lpvReserved mov eax,TRUE ret endp proc ValidPE push esi pushf cmp word [esi], 'ZM' jne .notpe .valid: add esi, [esi + IMAGE_DOS_HEADER.e_lfanew] cmp word [esi], 'EP' jne .notpe .PE: popf pop esi mov eax,TRUE ret .notpe: popf pop esi mov eax,FALSE ret endp section '.edata' export data readable export 'PE.DLL',\ ValidPE,'ValidPE' section '.reloc' fixups data discardable test_dll: Code: format PE GUI 4.0 entry start include 'win32a.inc' section '.data' data readable writeable hFile dd ? szFile db 'notepad.exe',0 _titlepe db 'Pe File',0 _captionpe db 'Pe Valid Proc',0 _titlenotpe db 'Not Pe File',0 _captionnotpe db 'Pe Valid Proc',0 section '.code' code readable executable start: invoke CreateFile,szFile,GENERIC_READ,0,0,OPEN_EXISTING,0,0 mov [hFile],eax invoke ValidPE,[hFile] test eax,eax jnz @F jmp .notpe @@: invoke MessageBox,0,_titlepe,_captionpe,MB_ICONINFORMATION+MB_TOPMOST .notpe: invoke MessageBox,0,_titlenotpe,_captionnotpe,MB_ICONINFORMATION+MB_TOPMOST invoke ExitProcess,0 section '.idata' import data readable library kernel,'KERNEL32.DLL',\ user32,'USER32.DLL',\ pedll,'PE_DLL.DLL' import kernel,\ CreateFile,'CreateFileA',\ ExitProcess,'ExitProcess' import user32,\ MessageBox,'MessageBoxA' import pedll,\ ValidPE,'ValidPE' |
|||
29 Mar 2008, 10:26 |
|
MHajduk 29 Mar 2008, 10:32
Change 'ZM' to 'MZ' and 'EP' to 'PE'.
[EDIT]... and procedure 'ValidPE' in DLL should take one argument. You should fix it.[/EDIT] |
|||
29 Mar 2008, 10:32 |
|
tester3000 29 Mar 2008, 11:36
MHajduk wrote: Change 'ZM' to 'MZ' and 'EP' to 'PE'. I've changed ZM' to 'MZ' and 'EP' to 'PE' and add argument to procedure: Code: proc ValidPE,hFile push esi pushf cmp word [esi], 'MZ' jne .notpe .valid: add esi, [esi + IMAGE_DOS_HEADER.e_lfanew] cmp word [esi], 'PE' jne .notpe .PE: popf pop esi mov eax,TRUE ret .notpe: popf pop esi mov eax,FALSE ret endp But nothing changed. Can you attach your code ? |
|||
29 Mar 2008, 11:36 |
|
revolution 29 Mar 2008, 13:03
tester3000:
1. After you create the file you have to also read in the header to memory, use ReadFile. 2. In the "ValidPE" function you need to load the value of esi. Use "mov esi,[hFile]" after the "pushf" |
|||
29 Mar 2008, 13:03 |
|
tester3000 29 Mar 2008, 13:40
revolution wrote: tester3000: I've done all that you said and my dll doesn't work. Try yourself compile and run. |
|||
29 Mar 2008, 13:40 |
|
revolution 29 Mar 2008, 13:46
Post your latest code.
|
|||
29 Mar 2008, 13:46 |
|
MHajduk 29 Mar 2008, 13:57
tester3000
Here you have a proper solution: PE_DLL.asm Code: format PE GUI 4.0 DLL entry DllEntryPoint include 'win32a.inc' struct IMAGE_DOS_HEADER e_magic dw ? e_cblp dw ? e_cp dw ? e_crlc dw ? e_cparhdr dw ? e_minalloc dw ? e_maxalloc dw ? e_ss dw ? e_sp dw ? e_csum dw ? e_ip dw ? e_cs dw ? e_lfarlc dw ? e_ovno dw ? e_res rw 4 e_oemid dw ? e_oeminfo dw ? e_res2 rw 10 e_lfanew dd ? ends section '.code' code readable executable proc DllEntryPoint hinstDLL,fdwReason,lpvReserved mov eax,TRUE ret endp proc ValidPE, FilePtr push esi pushf mov esi, [FilePtr] cmp word [esi], 'MZ' jne .notpe .valid: add esi, [esi + IMAGE_DOS_HEADER.e_lfanew] cmp word [esi], 'PE' jne .notpe .PE: popf pop esi mov eax, TRUE ret .notpe: popf pop esi mov eax, FALSE ret endp section '.edata' export data readable export 'PE_DLL.DLL',\ ValidPE, 'ValidPE' section '.reloc' fixups data discardable Code: format PE GUI 4.0 entry start include 'win32a.inc' section '.data' data readable writeable hFile dd ? hFileMap dd ? hFileView dd ? szFile db 'PETest.exe',0 _titlepe db 'Pe File',0 _captionpe db 'Pe Valid Proc',0 _titlenotpe db 'Not Pe File',0 _captionnotpe db 'Pe Valid Proc',0 FileMapName db 'MyFileMap', 0 section '.code' code readable executable start: invoke CreateFile, szFile, GENERIC_READ, 0, 0, OPEN_EXISTING, FILE_ATTRIBUTE_READONLY, 0 cmp eax, INVALID_HANDLE_VALUE je .End mov [hFile], eax invoke CreateFileMapping, [hFile], NULL, PAGE_READONLY, 0, 0, FileMapName test eax, eax jz .End mov [hFileMap], eax invoke MapViewOfFile, eax, FILE_MAP_READ, 0, 0, 0 test eax, eax jz .End mov [hFileView], eax invoke ValidPE, [hFileView] test eax, eax jnz .pe jmp .notpe .pe: invoke MessageBox, 0, _titlepe, _captionpe, MB_ICONINFORMATION + MB_TOPMOST jmp .End .notpe: invoke MessageBox, 0, _titlenotpe, _captionnotpe, MB_ICONINFORMATION + MB_TOPMOST .End: invoke UnmapViewOfFile, [hFileView] invoke CloseHandle, [hFileMap] invoke CloseHandle, [hFile] invoke ExitProcess,0 section '.idata' import data readable library kernel, 'KERNEL32.DLL',\ user32, 'USER32.DLL',\ pedll, 'PE_DLL.DLL' import kernel,\ CreateFile, 'CreateFileA',\ CloseHandle, 'CloseHandle',\ CreateFileMapping, 'CreateFileMappingA',\ MapViewOfFile, 'MapViewOfFile',\ UnmapViewOfFile, 'UnmapViewOfFile',\ ExitProcess, 'ExitProcess' import user32,\ MessageBox, 'MessageBoxA' import pedll,\ ValidPE, 'ValidPE' |
|||
29 Mar 2008, 13:57 |
|
tester3000 29 Mar 2008, 15:10
MHajduk большое спасибо
|
|||
29 Mar 2008, 15:10 |
|
MHajduk 29 Mar 2008, 16:29
I'm glad that I was able to help you.
|
|||
29 Mar 2008, 16:29 |
|
< Last Thread | Next Thread > |
Forum Rules:
|
Copyright © 1999-2024, Tomasz Grysztar. Also on GitHub, YouTube.
Website powered by rwasa.