flat assembler
Message board for the users of flat assembler.

Index > Windows > Beginners Question..

Goto page 1, 2, 3  Next
Author
Thread Post new topic Reply to topic
Jmac



Joined: 23 Nov 2009
Posts: 54
Jmac
Hi all...

As there is no section for those starting out....I will ask here.

what confuses me most about some of the coding is pushing parameters..

example

invoke DialogBoxParam ,eax,37,HWND_DESKTOP,DialogProc,0

what is actually being pushed onto the stack when pushing DialogProc...is it the address of the procedure which then returns the pointer back to the invokes next parameter using a ret function....... or something else...

This question applies to the other parameter
Post 04 Dec 2009, 00:53
View user's profile Send private message Reply with quote
kohlrak



Joined: 21 Jul 2006
Posts: 1421
Location: Uncle Sam's Pad
kohlrak
Essentially, numbers and pointers are passed, followed by a call instruction. The call instruction passes a pointer to what's after the call, so the ret can pop that location off the stack and jump to it... Lemme translate...

Code:
invoke meow, 1, 2, 3
more code    


translates to:

Code:
push 3
push 2
push 1
call [meow]    


Where call can be replaced as:

Code:
push 3
push 2
push 1
push nextoffset
jmp [meow]
nextoffset:    


The ret, essentually (although, just like call, it's not a macro) does this:

Code:
pop ebx
jmp ebx    


to return back to the procedure.
Post 04 Dec 2009, 01:17
View user's profile Send private message Visit poster's website AIM Address Yahoo Messenger MSN Messenger Reply with quote
Jmac



Joined: 23 Nov 2009
Posts: 54
Jmac
Thanks for the quick reply....

Yeah I understood about the pushing.......just was not clear on what it was that was actually being pushed....

So basically its either a number or a pointer that gets pushed....
Post 04 Dec 2009, 01:34
View user's profile Send private message Reply with quote
kohlrak



Joined: 21 Jul 2006
Posts: 1421
Location: Uncle Sam's Pad
kohlrak
Essentially yes, because you can only ever actually push small things. You could never push a whole structure (wouldn't that be a headache?), so you are instead pushing the pointer to that structure. Pointers are dealt with alot in programming, they're just painful in HLLs (but not in assembly, thank god).
Post 04 Dec 2009, 01:46
View user's profile Send private message Visit poster's website AIM Address Yahoo Messenger MSN Messenger Reply with quote
Jmac



Joined: 23 Nov 2009
Posts: 54
Jmac
great....thats helps...


Thank you
Post 04 Dec 2009, 01:48
View user's profile Send private message Reply with quote
kohlrak



Joined: 21 Jul 2006
Posts: 1421
Location: Uncle Sam's Pad
kohlrak
Also, be sure to learn what is a pointer and what is a structure when messing with the winAPI. Often, handles and things tend to be sent to you as pointers, so you can pass them directly again (rather than passing a pointer to wherever you stored it), but if you create them yourself, they tend to be structures that you pass the pointer to.
Post 04 Dec 2009, 01:52
View user's profile Send private message Visit poster's website AIM Address Yahoo Messenger MSN Messenger Reply with quote
bitshifter



Joined: 04 Dec 2007
Posts: 764
Location: Massachusetts, USA
bitshifter
To see whats happening inside the stack during a procedure...
http://board.flatassembler.net/topic.php?p=92372#92372
Post 04 Dec 2009, 03:43
View user's profile Send private message Reply with quote
Jmac



Joined: 23 Nov 2009
Posts: 54
Jmac
Hi all..

If its ok with the forum I will continue to ask my beginner questions on this thread...

I understand the idea of the flow of a program but not sure about situation like this...

.wmcommand:
jne .iconerror_ok
or [flags],MB_ICONERROR

.iconerror_ok:
push ID_ICONINFORMATION

This is just a snipper if one of the examples....But does the program just contiue if no jmp or such gets in the way..the last operation inbetween is an "or", so then it just continues on to the next....?
Post 04 Dec 2009, 08:40
View user's profile Send private message Reply with quote
kohlrak



Joined: 21 Jul 2006
Posts: 1421
Location: Uncle Sam's Pad
kohlrak
Pretty much...
Post 04 Dec 2009, 08:45
View user's profile Send private message Visit poster's website AIM Address Yahoo Messenger MSN Messenger Reply with quote
Jmac



Joined: 23 Nov 2009
Posts: 54
Jmac
Hi

Great....thats what I was assuming.....just was not sure given the lable ...I though maybe you could only jump to it....

thanks for the Help.
Post 04 Dec 2009, 08:52
View user's profile Send private message Reply with quote
vid
Verbosity in development


Joined: 05 Sep 2003
Posts: 7105
Location: Slovakia
vid
hint: download OllyDbg debugger, and learn how to step through your code instruction-by-instruction. That way you will see what is happening all the time.
Post 04 Dec 2009, 10:17
View user's profile Send private message Visit poster's website AIM Address MSN Messenger ICQ Number Reply with quote
Jmac



Joined: 23 Nov 2009
Posts: 54
Jmac
Hi...

I remember seeing something about that in my searches....will take a look, thanks for the suggestion.

John
Post 04 Dec 2009, 12:26
View user's profile Send private message Reply with quote
Borsuc



Joined: 29 Dec 2005
Posts: 2466
Location: Bucharest, Romania
Borsuc
I second OllyDbg, it's an awesome program. Very handy if you are beginner.
Post 04 Dec 2009, 16:08
View user's profile Send private message Reply with quote
Jmac



Joined: 23 Nov 2009
Posts: 54
Jmac
Hi all..

I am trying out that impressive program....OllyObg

My question is....how do numbers get changed from what is typed in..

example from one of the FASM examples..

push 0
push DialogProc
push HWND_DESKTOP
push 37
push eax
call DialogBoxParam

Thats what is in the example...but using an invoke

but when looking at it using OllyD.....the 37 becomes 25.....how/why does this occur.
Post 06 Dec 2009, 01:33
View user's profile Send private message Reply with quote
windwakr



Joined: 30 Jun 2004
Posts: 827
Location: Michigan, USA
windwakr
37 in decimal = 25 in hex. You input the number in base 10(decimal), but fasm converts it to base 16(hex)

If you put an "h" at the end of a number in FASM(or a "0x" before it), then FASM will directly interpret that as a hex number.

_________________
----> * <---- My star, won HERE
Post 06 Dec 2009, 01:46
View user's profile Send private message Reply with quote
Jmac



Joined: 23 Nov 2009
Posts: 54
Jmac
Hi all...


Ahhh ok...did not think of that....
I assumed it put a "h" or something to till the difference...

Ok that makes some sense.....

Thanks for the very quick reply...
Post 06 Dec 2009, 01:48
View user's profile Send private message Reply with quote
Jmac



Joined: 23 Nov 2009
Posts: 54
Jmac
Hi all...

now I have more time to do some learning....my process of learning is to use an example an pull it apart..and work it back together step by step..

I was doing this on the example Dialog.asm thats provided with FASM.

First question is...if the broken down example can be compiled and run on a windows 95 computer........but will only compile but not run on an XP.....it seems to run..just wont display the dialog frame...

pretty much the only things removed were buttons and the code reacting to some event....

Only the window clsing "X" fuction was left in..

so I am a little stumped...works on 95..not on XP...but is basically the same program...
Post 23 Dec 2009, 02:29
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17720
Location: In your JS exploiting you and your system
revolution
Without code to see it is very difficult to know what you have done.
Post 23 Dec 2009, 02:33
View user's profile Send private message Visit poster's website Reply with quote
Jmac



Joined: 23 Nov 2009
Posts: 54
Jmac
Hi..


yes very true.....


Last edited by Jmac on 23 Dec 2009, 10:07; edited 1 time in total
Post 23 Dec 2009, 02:44
View user's profile Send private message Reply with quote
Jmac



Joined: 23 Nov 2009
Posts: 54
Jmac
hi...

Just discovered what was stopping the dialog frame from displaying on the XP

if this is in the program ...

section '.bss' readable writeable

but there is nothing in it...just the heading...it was messing things up...even though I could not see any connection to this section from what I had left in the broken down program..

So, using a ";" and making it a comment...work the trick and up comes the dialog frame now..on the XP.
Post 23 Dec 2009, 03:16
View user's profile Send private message Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  
Goto page 1, 2, 3  Next

< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2020, Tomasz Grysztar. Also on GitHub, YouTube, Twitter.

Website powered by rwasa.