flat assembler
Message board for the users of flat assembler.

Index > Main > comparing in buffer

Author
Thread Post new topic Reply to topic
GhostXoPCorp



Joined: 13 Dec 2008
Posts: 199
Location: 01F0:0100
GhostXoPCorp
how can i tell my program to compare what letter or space in my buffer

say 123456 letters defign where letters are in buffer
the buffer has "foo.exe"

and i want to compare the file extension, would i use

Code:
 
mov si,buffer 
cmp byte [si+4],'e'
je next1
jmp err
cmp byte [si+5],'x'
je next2
jmp err
cmp byte [si+6],'e'
je safeexec
jmp err
    

would this work, or is this all wrong and i have all of this misunderstood?

_________________
Oh that divide overflow. Just jumps out of the bushes every time to scare the day lights out of me.
Post 03 Jun 2009, 04:53
View user's profile Send private message Reply with quote
pete



Joined: 20 Apr 2009
Posts: 110
pete
You could improve it this way:

Code:
mov si,buffer  
cmp byte [si+4],'e' 
jne err
cmp byte [si+5],'x' 
jne err 
cmp byte [si+6],'e' 
jne err
safeexec: 
...
    


Or you get rid of the byte-comparisons and do a word or dword-comparison.
Post 03 Jun 2009, 05:48
View user's profile Send private message Reply with quote
GhostXoPCorp



Joined: 13 Dec 2008
Posts: 199
Location: 01F0:0100
GhostXoPCorp
true, thanks

_________________
Oh that divide overflow. Just jumps out of the bushes every time to scare the day lights out of me.
Post 03 Jun 2009, 07:21
View user's profile Send private message Reply with quote
ManOfSteel



Joined: 02 Feb 2005
Posts: 1154
ManOfSteel
Or just use string operands instead?
Code:
rep* cmps*
jcc
    


Or, at the very least, some inc/decrements and loops/jmps, along with your comparisons?



Also, what if the file name is not 3 chars long?

What if there's no extension?

What if there's more than 1 extension?

In this case, you should set your pointer to the end of your buffer and go backwards until you find a ".", and only THEN do the above comparison (forwards).
Post 03 Jun 2009, 07:31
View user's profile Send private message Reply with quote
GhostXoPCorp



Joined: 13 Dec 2008
Posts: 199
Location: 01F0:0100
GhostXoPCorp
i know, i just need this for my type of application, thanks for the tip though Very Happy

_________________
Oh that divide overflow. Just jumps out of the bushes every time to scare the day lights out of me.
Post 03 Jun 2009, 08:26
View user's profile Send private message Reply with quote
GhostXoPCorp



Joined: 13 Dec 2008
Posts: 199
Location: 01F0:0100
GhostXoPCorp
well, that didnt work Sad

_________________
Oh that divide overflow. Just jumps out of the bushes every time to scare the day lights out of me.
Post 04 Jun 2009, 21:13
View user's profile Send private message Reply with quote
pete



Joined: 20 Apr 2009
Posts: 110
pete
Post the bit of code that didn't work!
Post 05 Jun 2009, 06:16
View user's profile Send private message Reply with quote
lamar



Joined: 05 Jun 2009
Posts: 16
lamar
Code:
format pe gui 4.0
entry start
include 'include\win32a.inc'
start:
 invoke lstrlen,filename
 cmp    eax,3
 jl        fileisok
 mov    eax,dword [filename+eax-3] ;Last 3 char of filename
 or     eax,202020h ;To lower case
 cmp    eax,'exe'
 je     not_safe_file
fileisok:
 invoke MessageBox,0,fileok,title,MB_OK or MB_ICONINFORMATION
 jmp    exit
not_safe_file:
 invoke MessageBox,0,notsafefile,title,MB_OK or MB_ICONWARNING
exit:
invoke ExitProcess,0

title db 'Information',0
notsafefile db 'File not safe!',0
fileok db 'File is ok!',0
filename db 'virus.eXE',0

data import
 library kernel32,'KERNEL32.DLL',user32,'USER32.DLL'
 include 'include\api\kernel32.inc'
 include 'include\api\user32.inc'
end data 
    

That is simpla.


and 16 bit version:
Code:
mov si,buffer
or word[si],2020h
cmp word[si],'xe'
jne file_ok
or byte[si+2],20h
cmp byte[si+2],'e'
jne file_ok
jmp safe_exec
    

Laughing
Post 10 Jun 2009, 16:53
View user's profile Send private message Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2020, Tomasz Grysztar.

Powered by rwasa.