flat assembler
Message board for the users of flat assembler.

Index > Windows > GetCommandLine & ShellExecute

Goto page 1, 2  Next
Author
Thread Post new topic Reply to topic
semiono



Joined: 31 Aug 2007
Posts: 176
Location: section '.code' executable
semiono
Is this cycle good or not good? :)

Code:
        invoke ExpandEnvironmentStrings,'%ProgramFiles%\WinRAR\WinRAR.exe',lpFile,MAX_PATH
        invoke GetCommandLine
        mov ebx,eax
next:
        cmp byte [ebx],0
        jz @xor

        cmp byte [ebx],' '
        je @cli

        inc ebx
        jmp next
@xor:
        xor ebx,ebx
@cli:
        invoke ShellExecute,NULL,NULL,lpFile,ebx,NULL,SW_NORMAL
exit:
        invoke ExitProcess,NULL

section '.data' readable writable

        lpFile db ?,0    


How may to use CommandLineToArgvW() for this?

_________________
Memory=8388608
Post 16 Aug 2010, 09:54
View user's profile Send private message ICQ Number Reply with quote
semiono



Joined: 31 Aug 2007
Posts: 176
Location: section '.code' executable
semiono
How to check a string? Sad

cmp byte [ebx],' -help'
cmp byte [ebx],' -options'
cmp byte [ebx],' --n'
cmp byte [ebx],' /x'
etc.

Please? :\
Post 17 Aug 2010, 12:36
View user's profile Send private message ICQ Number Reply with quote
Tyler



Joined: 19 Nov 2009
Posts: 1216
Location: NC, USA
Tyler
Code:
; edi = str1
; esi = str2
; returns same as strcmp in libc

strcmp:
    lodsb
    and       eax, 0xff
    movzx     byte[edi], ebx
    add       edi, 1
    sub       eax, ebx
    jne       .done
    cmp       eax, 0 ; Does jne trash eflags?  If not, this line can be removed.
    je        strcmp
    .done:
    ret
    
Post 17 Aug 2010, 21:26
View user's profile Send private message Reply with quote
vid
Verbosity in development


Joined: 05 Sep 2003
Posts: 7105
Location: Slovakia
vid
Quote:
cmp byte [ebx],' -help'

"cmp byte [ebx], value" compares single byte at ebx with value. In (ANSI) string, each character is a byte.

So, straightforward way would be:
Code:
cmp byte [ebx], '-'
jne not_help
cmp byte [ebx+1], 'h'
jne not_help
cmp byte [ebx+2], 'e'
jne not_help
cmp byte [ebx+3], 'l'
jne not_help
cmp byte [ebx+4], 'p'
jne not_help
cmp byte [ebx+5], 0  ;end of string is marked by byte with value zero
jne not_help
;here, string at memory pointed by ebx is "-help"
...
not_help:
...
    

Of course, this is tedious, that's why people use functions such as strcmp.
Post 17 Aug 2010, 22:04
View user's profile Send private message Visit poster's website AIM Address MSN Messenger ICQ Number Reply with quote
Tyler



Joined: 19 Nov 2009
Posts: 1216
Location: NC, USA
Tyler
Sorry. I should've explained the theory behind it, like vid did.
Post 18 Aug 2010, 05:53
View user's profile Send private message Reply with quote
sinsi



Joined: 10 Aug 2007
Posts: 695
Location: Adelaide
sinsi
You can use 'GetCommandLineW' then 'CommandLineToArgvW' which gives you a pointer to a list of pointers to each string from the command line, and how many there are. Then you can use 'lstrcmpW' to compare.
Post 18 Aug 2010, 06:09
View user's profile Send private message Reply with quote
semiono



Joined: 31 Aug 2007
Posts: 176
Location: section '.code' executable
semiono
I have some example, but it running with errors.
Code:
   call    GetCommandLineW

   push    offset numArgs
   push    EAX
   call    CommandLineToArgvW

   mov     EDI, EAX
   push    EDI
   mov     ECX, numArgs

@showArgs:
   mov     EAX, [EDI]

   push    ECX
   push    0
   push    0
   push    EAX
   push    0
   call    MessageBoxW
   pop     ECX

   add     EDI, 4

   loop    @showArgs

   call    GlobalFree    

+ invoke ExitProcess,NULL

Is it need to be compiled with 'win32wx.inc' ?
What could be a problems is here?
---

an example more...
Code:
include '%fasm%\win32ax.inc'
start:
        invoke GetCommandLine
        push eax
        pop esi
        cmp [esi],byte 0x00000022
        jz @i
@i2:
        inc esi
        cmp [esi],byte 0x00000020
        jz @i1
        jmp @i2
@i:
        inc esi
        cmp [esi],byte 0x00000022
        jz @i1
        jmp @i
@i1:
        inc esi

        invoke MessageBox,NULL,esi,'Done...',MB_OK
exit:
        invoke ExitProcess,NULL

.end start

section '.rsrc' resource readable
        directory RT_MANIFEST,_manifest
        resource _manifest,1,LANG_NEUTRAL,manifest
        resdata manifest
        file '%fasm%\manifest32.xml'
        endres
    


Image
empty commandline without switcher - why output with ierogliph ? Smile

Tyler, vid, sinsi... thanks!... Image
Post 18 Aug 2010, 09:33
View user's profile Send private message ICQ Number Reply with quote
vid
Verbosity in development


Joined: 05 Sep 2003
Posts: 7105
Location: Slovakia
vid
Code:
        push eax 
        pop esi    

You can just use "mov esi, eax".

Code:
cmp [esi],byte 0x00000022    

What is this supposed to do?

By the way, maximal value of byte is 0xFF, so those initial 6 nulls are always gonna be there, and so there is no reason to write them. Just use "cmp [esi], byte 0x22", or "cmp byte [esi], 0x22".
Post 18 Aug 2010, 10:14
View user's profile Send private message Visit poster's website AIM Address MSN Messenger ICQ Number Reply with quote
vid
Verbosity in development


Joined: 05 Sep 2003
Posts: 7105
Location: Slovakia
vid
I almost forgot - did you try to use debugger? You can trace your code step-by-step and see what's happening after every instruction. Get OllyDbg at http://www.ollydbg.de/
Post 18 Aug 2010, 10:16
View user's profile Send private message Visit poster's website AIM Address MSN Messenger ICQ Number Reply with quote
semiono



Joined: 31 Aug 2007
Posts: 176
Location: section '.code' executable
semiono
vid wrote:
Get OllyDbg at http://www.ollydbg.de/

I'm afraid of debuggers Very Happy

By the way, why the debugger allways complains with code section

Image

Code:
...
section '.code' executable
...    


Is it OllyDbg 2 good for first steps, is it stable?
I try to use OllyDbg1.10 now.

_________________
Memory=8388608
Post 18 Aug 2010, 15:48
View user's profile Send private message ICQ Number Reply with quote
LocoDelAssembly
Your code has a bug


Joined: 06 May 2005
Posts: 4633
Location: Argentina
LocoDelAssembly
Quote:

cmp eax, 0 ; Does jne trash eflags? If not, this line can be removed.

Jcc does not alter the flags so yes, you can remove it.
BTW, do you realize that your code is destroying one of the strings and that probably it is not returning in EAX the correct answer?
Post 18 Aug 2010, 18:30
View user's profile Send private message Reply with quote
vid
Verbosity in development


Joined: 05 Sep 2003
Posts: 7105
Location: Slovakia
vid
semiono: both Olly 1.10 and 2.0 are good to use, no reason to be afraid. You can ignore that warning too.
Post 18 Aug 2010, 19:46
View user's profile Send private message Visit poster's website AIM Address MSN Messenger ICQ Number Reply with quote
MHajduk



Joined: 30 Mar 2006
Posts: 6038
Location: Poland
MHajduk
semiono wrote:
By the way, why the debugger allways complains with code section

Image

Code:
...
section '.code' executable
...    
semiono, you forgot to specify type of the section. Wink Now your Olly won't complain:
Code:
section '.code' code executable    
Very Happy
Post 18 Aug 2010, 21:19
View user's profile Send private message Visit poster's website Reply with quote
Tyler



Joined: 19 Nov 2009
Posts: 1216
Location: NC, USA
Tyler
LocoDelAssembly wrote:
Quote:

cmp eax, 0 ; Does jne trash eflags? If not, this line can be removed.

Jcc does not alter the flags so yes, you can remove it.
BTW, do you realize that your code is destroying one of the strings and that probably it is not returning in EAX the correct answer?

Oops.

Code:
; esi = str1
; edi = str2
; returns same as strcmp in libc

strcmp:
    lodsb
    movzx     ebx, byte[edi]
    add       edi, 1
    sub       eax, ebx
    jne       .done
    cmp       ebx, 0
    jne       strcmp
    .done:
    ret
    

Better?
[/code]
Post 19 Aug 2010, 02:27
View user's profile Send private message Reply with quote
LocoDelAssembly
Your code has a bug


Joined: 06 May 2005
Posts: 4633
Location: Argentina
LocoDelAssembly
Yep, it seems it does its job this time. There is a minor detail though, if strcmp is defined to return an integer and not a char (i.e. the result is extracted from EAX and not AL alone), then the upper 24 bits are unintended garbage and should be corrected.

Code:
strcmp:
    lodsb
    mov       dl, [edi]
    inc       edi
    sub       al, dl
    jnz       .done

    cmp       dl, 0
    jne       strcmp

.done:
    movsx     eax, al
    ret    

PS: Well, now that I look more carefully, your code would fail if EAX[31:8] is not zero at entry.
Post 19 Aug 2010, 02:48
View user's profile Send private message Reply with quote
semiono



Joined: 31 Aug 2007
Posts: 176
Location: section '.code' executable
semiono
MHajduk wrote:
semiono, you forgot to specify type of the section. Wink


section '.data' readable
section '.code' executable
I don't forgot. I try it experimental and fasm accept with it. Smile
If it need for debugger I improve it.

_________________
Memory=8388608
Post 19 Aug 2010, 12:43
View user's profile Send private message ICQ Number Reply with quote
MHajduk



Joined: 30 Mar 2006
Posts: 6038
Location: Poland
MHajduk
semiono, the name between quotes doesn't determine type of the section. This string can be empty
Code:
section '' code readable executable    
or can be any other string with maximal length equal to 8 chars (as far as I remember correctly):
Code:
section 'i3jwaGzb' code readable executable    
Both examples are compiled correctly.

If the name of the section isn't followed by the one of the flags 'code' or 'data', compiler, by default, assumes that this is a data section (please, correct me here if I'm wrong). In such case Olly shows the warning message presented above ("entry point outside the code").
section directive defines a new section, it should be followed by quoted string defining the name of section, then one or more section flags can follow. Available flags are: code, data, readable, writeable, executable, shareable, discardable, notpageable. The origin of section is aligned to page (4096 bytes). Example declaration of PE section:
Code:
section '.text' code readable executable    
Smile
Post 19 Aug 2010, 20:05
View user's profile Send private message Visit poster's website Reply with quote
semiono



Joined: 31 Aug 2007
Posts: 176
Location: section '.code' executable
semiono
Code:
include '%fasm%\win32ax.inc'
section '.code' code executable ; readable writable
start:
        invoke GetCommandLine
        mov ebx,eax
        cmp byte [ebx],' '      ; 0x20
        jne msg
        cmp byte [ebx+1],'x'    ; 0x78
        jne msg
calc:
        invoke ShellExecute,NULL,NULL,'calc.exe',NULL,NULL,SW_NORMAL
        jmp exit
msg:
        invoke MessageBox,NULL,ebx,'--->8---',MB_OK
exit:
        invoke ExitProcess,NULL

.end start    


Rolling Eyes nothing work. i cry. (((
Post 27 Aug 2010, 15:03
View user's profile Send private message ICQ Number Reply with quote
MHajduk



Joined: 30 Mar 2006
Posts: 6038
Location: Poland
MHajduk
semiono, check this, works on my machine:
Code:
include '%fasm%\win32ax.inc' 
section '.code' code executable ; readable writable 

start: 
        invoke    GetCommandLine 
        mov  ebx, eax 
                
       OmitName:
               cmp     byte [ebx], 0
               je      msg 
                cmp     byte [ebx], ' '
           je      OmitSpaces
          inc     ebx
         jmp     OmitName
            
        OmitSpaces:
         inc     ebx
         cmp     byte [ebx], ' '
           je      OmitSpaces

      x:  
            cmp     byte [ebx], 'x'    ; 0x78 
                jne     msg 
calc: 
        invoke    ShellExecute, NULL, NULL, 'calc.exe', NULL, NULL, SW_NORMAL 
        jmp   exit 
msg: 
        invoke    MessageBox, NULL, ebx, '--->8---', MB_OK 
exit: 
        invoke  ExitProcess, NULL 

.end start    
Post 27 Aug 2010, 17:20
View user's profile Send private message Visit poster's website Reply with quote
semiono



Joined: 31 Aug 2007
Posts: 176
Location: section '.code' executable
semiono
COOL! It's great! Smile Thanks!
I try now to add more events for jump.. ShellExecute1 ShellExecute2 etc.
Good start for me! Thanks for help!

---
And this work additional with any inputs like "*%" COOL! Good cycle!
Post 27 Aug 2010, 17:45
View user's profile Send private message ICQ Number Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  
Goto page 1, 2  Next

< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2020, Tomasz Grysztar. Also on YouTube, Twitter.

Website powered by rwasa.