flat assembler
Message board for the users of flat assembler.

Index > Windows > PUSH/POP Problem

Goto page 1, 2  Next
Author
Thread Post new topic Reply to topic
Overflowz



Joined: 03 Sep 2010
Posts: 1046
Overflowz
Hello everyone. I'm trying to figure out whats problem here.. I have 2 questions.
#1 Why value are changing when I'm using PUSH and then POP to increase with 1?
#2 How to get size of register ?
Here's code, hope you'll know what I mean.
Code:
format PE console 4.0
include 'WIN32AX.INC'
entry main
.data
wbytes rd 1
itdb db ?
.code
proc main
xor eax,eax
start:
push eax
invoke itoa,ecx,itdb,10
invoke WriteFile,STD_OUTPUT_HANDLE,itdb,1,wbytes,0
invoke getchar
pop eax
inc eax
cmp eax,7
jne start
invoke ExitProcess,0
endp
data import
library kernel32,'kernel32.dll',msvcrt,'msvcrt.dll'
include 'API\KERNEL32.INC'
import msvcrt,itoa,'_itoa',getchar,'getchar'
end data    

the value of eax first time is 0 then 1 and everytime 1,1,1,1,1,1...
and second one, in WriteFile I dont know what size will be eax so how I can get size of EAX ?
Thank you.
Post 24 Sep 2010, 17:20
View user's profile Send private message Reply with quote
LocoDelAssembly
Your code has a bug


Joined: 06 May 2005
Posts: 4633
Location: Argentina
LocoDelAssembly
Use cinvoke for itoa instead. The way you have it now, it is popping out into EAX the first parameter of the last invocation to itoa (everything in msvcrt is cdecl instead of stdcall)
Post 24 Sep 2010, 17:27
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17667
Location: In your JS exploiting you and your system
revolution
msvcrt APIs should be called with cinvoke. You got to put the "c" there else your stack will be corrupted.

[edit] pwned by LocoDelAssembly except he forgot about getchar also needing a "c" Razz
Post 24 Sep 2010, 17:30
View user's profile Send private message Visit poster's website Reply with quote
Overflowz



Joined: 03 Sep 2010
Posts: 1046
Overflowz
But I get same result.. always 0 then 1 and everytime 1. its like 0 1 1 1 1 1 1 1 and i need 0 1 2 3 4 5 6 and then exit. and How to get size of EAX for WriteFile
Post 24 Sep 2010, 17:59
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17667
Location: In your JS exploiting you and your system
revolution
Show your latest code! We can't help without seeing the code.
Post 24 Sep 2010, 18:04
View user's profile Send private message Visit poster's website Reply with quote
Overflowz



Joined: 03 Sep 2010
Posts: 1046
Overflowz
ohh sorry my bad instead of EAX I was using ECX Razz SOLVED!
I'll wait another quiestion how to get size of EAX ? Razz
Post 24 Sep 2010, 18:07
View user's profile Send private message Reply with quote
Overflowz



Joined: 03 Sep 2010
Posts: 1046
Overflowz
Here's code and works fine.
Code:
format PE console 4.0
include 'WIN32AX.INC'
entry main
.data
wbytes rd 1
itdb db ?
.code
proc main
xor eax,eax
start:
push eax
cinvoke itoa,eax,itdb,10
invoke WriteFile,STD_OUTPUT_HANDLE,itdb,1,wbytes,0
cinvoke getchar
pop eax
inc eax
cmp eax,7
jne start
invoke ExitProcess,0
endp
data import
library kernel32,'kernel32.dll',msvcrt,'msvcrt.dll'
include 'API\KERNEL32.INC'
import msvcrt,itoa,'_itoa',getchar,'getchar'
end data    
Post 24 Sep 2010, 18:07
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17667
Location: In your JS exploiting you and your system
revolution
Code:
invoke lstrlen,itdb ;return size of text buffer in EAX    
BTW: You should define itdb as a larger buffer
Code:
itdb rb 10 ;in case of 9 digit number maximum    
Post 24 Sep 2010, 18:11
View user's profile Send private message Visit poster's website Reply with quote
Overflowz



Joined: 03 Sep 2010
Posts: 1046
Overflowz
All done! Thank you. works fine now Smile
Code:
format PE console 4.0
include 'WIN32AX.INC'
entry main
.data
wbytes rd 1
itdb rb 10
.code
proc main
xor eax,eax
start:
push eax
cinvoke itoa,eax,itdb,10
invoke lstrlen,itdb
invoke WriteFile,STD_OUTPUT_HANDLE,itdb,eax,wbytes,0
cinvoke getchar
pop eax
inc eax
cmp eax,11
jne start
invoke ExitProcess,0
endp
data import
library kernel32,'kernel32.dll',msvcrt,'msvcrt.dll'
include 'API\KERNEL32.INC'
import msvcrt,itoa,'_itoa',getchar,'getchar'
end data    
Post 24 Sep 2010, 18:38
View user's profile Send private message Reply with quote
Overflowz



Joined: 03 Sep 2010
Posts: 1046
Overflowz
1 more quiestion, how itoa will be on asm style or without msvcrt support ? thanks.
Post 24 Sep 2010, 18:42
View user's profile Send private message Reply with quote
baldr



Joined: 19 Mar 2008
Posts: 1651
baldr
Overflowz,

Conversion to decimal (or any other base) representation is simple: divide by base, convert remainder to digit, repeat that for quotient while it's not zero. It naturally comes from the equation a = a0+b(a1+b(a2+…)) where a0, a1 and so on are b-ary digits, least-significant to most-significant.
Post 24 Sep 2010, 19:12
View user's profile Send private message Reply with quote
Overflowz



Joined: 03 Sep 2010
Posts: 1046
Overflowz
Example please ? Razz
Post 24 Sep 2010, 19:15
View user's profile Send private message Reply with quote
LocoDelAssembly
Your code has a bug


Joined: 06 May 2005
Posts: 4633
Location: Argentina
LocoDelAssembly
Use the Search feature of this board with IntToStr or even itoa.
Post 24 Sep 2010, 19:16
View user's profile Send private message Reply with quote
baldr



Joined: 19 Mar 2008
Posts: 1651
baldr
Overflowz,

Search for «bin2dec» here or with Google. You can try to write 1001st implementation yourself, too. Wink
Post 24 Sep 2010, 19:23
View user's profile Send private message Reply with quote
Overflowz



Joined: 03 Sep 2010
Posts: 1046
Overflowz
Tried already but not good results for me just starter.. So is there any function like itoa without MSVCRT Support on other library ? Ty.
Post 24 Sep 2010, 19:50
View user's profile Send private message Reply with quote
windwakr



Joined: 30 Jun 2004
Posts: 827
Location: Michigan, USA
windwakr
I was bored:
Code:
proc itoa2 stdcall value,buf,base      ;Return will be in eax, 0:fine, -1:base too small/large

  local table db '0123456789ABCDEF' ;Table used in conversion

  cmp  [base],16      ;Nothing over base 16(Hex) is supported. You could add support for them by just modifying this line and the table above
  ja   .base_error
  cmp  [base],2       ;Nothing below base 2 is supported
  jb   .base_error

  pushad              ;Save the registers. No one likes a procedure that thrashes everything

  mov  eax,[value]    ;Load up the registers
  mov  ebx,[base]
  mov  edi,[buf]
  mov  edx,0          ;Important note if you didn't know this, division by a dword is a 64-bit divide, edx will interfere if it's not cleared
                      ;Division by a dword does edx:eax div r/m32      where edx:eax is treated as one 64-bit number

  push 0xFFFF         ;This push is used later in the reversing part, it tells it that it's done.

  @@:
    or   eax,eax      ;Is the value to convert zero?
    jz   .reverse     ;If so, we're done here, lets reverse it.
    div  ebx          ;Else, divide it by the base.  Result stored in eax, remainder in edx
    lea  edx,[edx+table] ;Point edx to the byte in the table holding the value we need
    movzx edx,byte[edx]  ;Put that byte in edx
    push edx             ;Push it
    mov  edx,0           ;and as I explained earlier, edx MUST be zero before the next divide, or it will interfere with the divide
    jmp @b               ;Lather, rinse, and repeat



;The routine above gets the numbers backwards, so we must reverse them.
  .reverse:
    pop  eax          ;Pop a converted value off the stack
    cmp  eax,0xFFFF   ;Are we done reversing(was the popped value the 0xFFFF we pushed before we started)?
    je   @f
    stosb             ;If not, store the byte in the buffer
    jmp  .reverse

  @@:
    mov  eax,0        ;The string needs to be zero terminated, so this just places a 0x0 at the end
    stosb

  popad
  mov  eax,0          ;Out: eax = 0, everything went fine
  ret

  .base_error:
    mov  eax,-1       ;Out: eax = -1, Bad base
    ret
endp
    


I tried to put enough comments in there so you would be able to understand it, but I think I overdid it.

_________________
----> * <---- My star, won HERE


Last edited by windwakr on 25 Sep 2010, 01:59; edited 4 times in total
Post 24 Sep 2010, 20:33
View user's profile Send private message Reply with quote
Overflowz



Joined: 03 Sep 2010
Posts: 1046
Overflowz
aw so much code lol. I'll see that. Thank you for reply. Smile
Post 24 Sep 2010, 20:37
View user's profile Send private message Reply with quote
windwakr



Joined: 30 Jun 2004
Posts: 827
Location: Michigan, USA
windwakr
Oh, and in case you didn't know, it needs to be called with 'stdcall'.

For example:
Code:
stdcall itoa2,4660,buf,16
    
Post 24 Sep 2010, 20:44
View user's profile Send private message Reply with quote
Overflowz



Joined: 03 Sep 2010
Posts: 1046
Overflowz
Sorry I dont understand much from there Sad Isn't there other EASYEST way ? Sad
Post 24 Sep 2010, 21:06
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17667
Location: In your JS exploiting you and your system
revolution
Overflowz wrote:
Isn't there other EASYEST way ?
Yep, try this:
Code:
cinvoke itoa,eax,itdb,10    
Post 25 Sep 2010, 01:10
View user's profile Send private message Visit poster's website Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  
Goto page 1, 2  Next

< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2020, Tomasz Grysztar. Also on GitHub, YouTube, Twitter.

Website powered by rwasa.