flat assembler
Message board for the users of flat assembler.

Index > High Level Languages > HELP: linking asm and c++

Goto page Previous  1, 2
Author
Thread Post new topic Reply to topic
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 19737
Location: In your JS exploiting you and your system
revolution 30 Sep 2010, 06:53
bitRAKE wrote:
Just introduce their systems to virii which bypass their AV scanner. Let them try every possible AV they want. You can make a believer out of them. Wink
Yep, good plan. Now if only those nice people at the FBI, and other equivalent agencies elsewhere, would look the other way ...
Post 30 Sep 2010, 06:53
View user's profile Send private message Visit poster's website Reply with quote
iic2



Joined: 26 Jun 2008
Posts: 122
iic2 30 Sep 2010, 23:40
revolution wrote:
Quote:
1) The PE spec (that defines a valid PE file) is very broad.

Back in 2003-2005 I converted from MASM to FASM because "ONLY" people at FASM was working on manual-PE. Even as a noob I thought that was so cool. Every since, all my apps are build to assemble as manual-PE or standard-PE (just in case) and Windows "NEVER" had an issue, "EVER". Only AV been telling me lies. Thanks for the information revolution. No one could come up with facts like that but you. It make no since to work with manual-PE any longer when other programs (AV's) who claim to be a better PE than i can stop the growth of this technology we found worth-while for our applications.
Quote:
3) The AVs only let pass and even smaller range of PE files than even the Win32 loader will support.


It should be a law against blocking clean code. If you do it "you go to jail". If AV's can't even detect a real virus in a tiny PE header ... something is very wrong ... If I was into writing AV's, I would know if the header had a virus or not and if size was an issue, it would be my AV job to go deeper into the program to find and connect the virus to the PE header if it had one, if not ... leave it along.

It is not an AV job to stop at the PE and scream bloody murder just because of the size or anything else as long as it had NO VIRUS. So now, that part of the job goes back to the OS, "ONLY". "No program PE is better than my unless the OS say so." They have no right to claim your program PE as invalid when it works perfectly for given OS and all service-packs to date.

I'm sure I am correct to say; "nothing on earth can do manual-PE but FASM".

If so, I change my mind, I'm not giving up. For the next few weeks I'll gather more facts and write serious and maybe nasty letter and send it to all AV's of the world and if they choose to play the dumb role, I'm going to tell all of there customers over the INTERNET about how they try to hide from the common users some great technology that can be presented only by FASM applications that may be capable of connecting them to MARS tomorrow when no other can.

Houston, Houston, roll out the FASM ...

Thanks revolution

Could be strange, but you alway make me wonder more...
Post 30 Sep 2010, 23:40
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 19737
Location: In your JS exploiting you and your system
revolution 30 Sep 2010, 23:57
Any compiler/assembler that allows a db (or similar) directive can be used to create manual PEs.

But your argument about laws and AVs doesn't really hold since people specifically allow the AV to do whatever it wants when they install it. That is the EULA thing that you have probably heard of but most people never read.
Post 30 Sep 2010, 23:57
View user's profile Send private message Visit poster's website Reply with quote
vid
Verbosity in development


Joined: 05 Sep 2003
Posts: 7105
Location: Slovakia
vid 01 Oct 2010, 01:29
lic2: your idea about AV making is very naive. They can't possibly reverse completely every virus, test for every virus througly, or test AV on every exotic executable out there. This way both AV development and run-time would be too slow to be effective. AVs need to respond within hour, and have to check for gazillion viruses in fractions of second small enough not to bother the user. Also, it is never possible to get zero false positives, you'd yourself hate such AV, because with such low filter it would then also let real viruses through. Better 30 false positives than single malware in my machine.
Post 01 Oct 2010, 01:29
View user's profile Send private message Visit poster's website AIM Address MSN Messenger ICQ Number Reply with quote
iic2



Joined: 26 Jun 2008
Posts: 122
iic2 01 Oct 2010, 14:02
Thanks for your patience guys, and for saving me another 6 years of campaigning, and complaining. Deep down, I know that AV has a lot of work to do but I just can't help but to pitching a B about it sometimes. I re-install my favorite back-up every other day so I really don't use AV's for anything other than to find a out-of-place manual-PE's on my disk Sad

tutenhamon, double-sorry about that because it was a false alarm. I had a manual-PE example in its path. I just downloaded the zip again to double check and there was no warning. Anyway, since I'm taking a C++ class this semester I might as well try linking asm and c++ and if anything go wrong at lease I'll have something legit to pow-wow about Smile
Post 01 Oct 2010, 14:02
View user's profile Send private message Reply with quote
tutenhamon



Joined: 16 Jan 2010
Posts: 27
Location: Polska (Poland)
tutenhamon 01 Oct 2010, 19:09
LocoDelAssembly yes console application was compiled (I try this at first without precompiled headers. Program was crashes because bufor was to small.) but I write win32 project (window application) and his can not compile.
I can't disable precompiled headers in MSVC Express
Post 01 Oct 2010, 19:09
View user's profile Send private message Reply with quote
iic2



Joined: 26 Jun 2008
Posts: 122
iic2 04 Oct 2010, 07:47
I did a google search using:
"disable precompiled headers in MSVC Express"

Maybe this can give you some ideas. This is getting interesting. Maybe using DevC++ is a better option when dealing with ASM. I write all my HW in DevC++ that is like "perfect" in the end, than I give it to Visual C++ 2008 Express to compile which usually dish out lots of warning and errors. (missing headers mostly). I like DevC++ 5.0 a lot.
Quote:
By default, C++ projects are set to use a precompiled header called stdafx.h. So that means that every project needs #include "stdafx.h" as the very first include file. To disable this, you could either tell the project not to use precompiled headers during the project creation or disable precompiled headers in the project settings.

http://social.msdn.microsoft.com/Forums/en-US/Vsexpressvc/thread/3e225ac4-1f2d-435a-b30d-11be7ebd3272
Post 04 Oct 2010, 07:47
View user's profile Send private message Reply with quote
LocoDelAssembly
Your code has a bug


Joined: 06 May 2005
Posts: 4624
Location: Argentina
LocoDelAssembly 04 Oct 2010, 15:33
tutenhamon, I hope you are not creating a Windows Forms application? I think there is no way to mix native and MSIL code in the same executable and clearly calling the procs cannot be so straight.

Now I've tried with Win32 app. The steps are the same I've said earlier, but the code in the main file changed. I'm using just what Visual Studio 2010 provided me except that I've added #include "tutenhamon.h", and replaced the InitInstance function with this:
Code:
BOOL InitInstance(HINSTANCE hInstance, int nCmdShow)
{
   HWND hWnd;
   char buff[256];
   int i;

   for (i = 0; i < 256; buff[i++] = '\0'); /* The assembly routines are not really ensuring NUL termination */

   getVendorString(buff);

   i = 0;
   do {
      szTitle[i] = (TCHAR)buff[i]; // Improper way to do this, but will work for the example.
   } while (buff[i++]);

   hInst = hInstance; // Store instance handle in our global variable

   hWnd = CreateWindow(szWindowClass, szTitle, WS_OVERLAPPEDWINDOW,
      CW_USEDEFAULT, 0, CW_USEDEFAULT, 0, NULL, NULL, hInstance, NULL);

   if (!hWnd)
   {
      return FALSE;
   }

   ShowWindow(hWnd, nCmdShow);
   UpdateWindow(hWnd);

   return TRUE;
}    
It shown "AuthenticAMD" in the window's title bar and no crash occurred.

If still with problems, please upload your project.

PS: And I'm using pre-compiled headers, this project was created with all the default settings.
Post 04 Oct 2010, 15:33
View user's profile Send private message Reply with quote
tutenhamon



Joined: 16 Jan 2010
Posts: 27
Location: Polska (Poland)
tutenhamon 09 Oct 2010, 12:30
this is a dialog "new project" in VC 2010 EE

Image

"button" is excluded

LocoDelAssembly this code was not compiled on my VC

my code is
Code:
LRESULT CALLBACK WndProc(HWND hWnd, UINT message, WPARAM wParam, LPARAM lParam)
{
      int wmId, wmEvent;
  PAINTSTRUCT ps;
     HDC hdc;

        switch (message)
    {
      case WM_KEYDOWN:
                if (wParam == VK_ESCAPE) DestroyWindow(hWnd);
               break;
      case WM_COMMAND:
                wmId    = LOWORD(wParam);
           wmEvent = HIWORD(wParam);
           // Parse the menu selections:
           switch (wmId)
               {
              case IDM_ABOUT:
                 DialogBox(hInst, MAKEINTRESOURCE(IDD_ABOUTBOX), hWnd, About);
                       break;
              case IDM_EXIT:
                  DestroyWindow(hWnd);
                        break;
              default:
                        return DefWindowProc(hWnd, message, wParam, lParam);
                }
              break;
      case WM_PAINT:
          hdc = BeginPaint(hWnd, &ps);
            // TODO: Add any drawing code here...
           {
              LPTSTR cmdl = GetCommandLine();
             TCHAR ProcessorString [12];
         getProcessorString(ProcessorString);
                TextOut(hdc,0,0,cmdl,lstrlen(cmdl));
                TextOut(hdc,0,10,ProcessorString,lstrlen(ProcessorString));
         }
              EndPaint(hWnd, &ps);
            break;
      case WM_DESTROY:
                PostQuitMessage(0);
         break;
      default:
                return DefWindowProc(hWnd, message, wParam, lParam);
        }
      return 0;
}    
Post 09 Oct 2010, 12:30
View user's profile Send private message Reply with quote
LocoDelAssembly
Your code has a bug


Joined: 06 May 2005
Posts: 4624
Location: Argentina
LocoDelAssembly 09 Oct 2010, 15:26
TCHAR is not defined as CHAR but as WCHAR (two bytes per char instead of one), since your proc works with CHAR then it does not compile. That was the reason I used a char buffer first, and then I transformed it to WCHAR onto the target array.
Post 09 Oct 2010, 15:26
View user's profile Send private message Reply with quote
tutenhamon



Joined: 16 Jan 2010
Posts: 27
Location: Polska (Poland)
tutenhamon 09 Oct 2010, 17:18
LocoDelAssembly I add your code to my code and was not linking on my VC
WCHAR (unicode) was disabled and TCHAR was defined as CHAR (typedef char TCHAR)
Post 09 Oct 2010, 17:18
View user's profile Send private message Reply with quote
baldr



Joined: 19 Mar 2008
Posts: 1651
baldr 09 Oct 2010, 17:33
tutenhamon,

That linker message can disclose some classified information? If not, why do you think we should guess possible reasons of failure? Wink


Last edited by baldr on 09 Oct 2010, 17:35; edited 1 time in total
Post 09 Oct 2010, 17:33
View user's profile Send private message Reply with quote
LocoDelAssembly
Your code has a bug


Joined: 06 May 2005
Posts: 4624
Location: Argentina
LocoDelAssembly 09 Oct 2010, 17:35
I don't know what's happening then. Try uploading your project so I can try fixing it here.
Post 09 Oct 2010, 17:35
View user's profile Send private message Reply with quote
tutenhamon



Joined: 16 Jan 2010
Posts: 27
Location: Polska (Poland)
tutenhamon 09 Oct 2010, 18:36
gentlemen, I,am linking my code
problem wasn't in code but MSVC
( when I clean solution project was linking )
thanks for all
Post 09 Oct 2010, 18:36
View user's profile Send private message Reply with quote
baldr



Joined: 19 Mar 2008
Posts: 1651
baldr 09 Oct 2010, 19:05
tutenhamon,

Provide error message, that may help to help you.
Post 09 Oct 2010, 19:05
View user's profile Send private message Reply with quote
tutenhamon



Joined: 16 Jan 2010
Posts: 27
Location: Polska (Poland)
tutenhamon 09 Oct 2010, 20:03
the problem is solved
the topic to delete
Post 09 Oct 2010, 20:03
View user's profile Send private message Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  
Goto page Previous  1, 2

< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2023, Tomasz Grysztar. Also on GitHub, YouTube.

Website powered by rwasa.