flat assembler
Message board for the users of flat assembler.
![]() Goto page 1, 2 Next |
Author |
|
LocoDelAssembly
You are passing a pointer to function to MessageBox twice when you actually need pointers to null terminated strings. Convert the pointer to string first, then pass it to MessageBox.
|
|||
![]() |
|
pearlz
Code: format PE GUI 4.0 include 'win32ax.inc' .data szAddr rb 20 hExit dd ? .code proc main invoke LoadLibrary,'kernel32.dll' invoke GetProcAddress,eax,'ExitProcess' mov [hExit],eax invoke wsprintf,szAddr,'Address= %d',eax invoke MessageBox,0,szAddr,szAddr,MB_OK push 0 call [hExit] endp .end main ;Function wsprintf in user32 named is wsprintfA have fun |
|||
![]() |
|
Overflowz
Mate, I need to show the address of function not to call it.. I tried that code but it shows not valid address. on my OS ExitProcess address is 0x77e32aef and msgbox shows me 1983326959.. fix please ))
|
|||
![]() |
|
MHajduk
You need to format the procedure address as a hex number, right? So, this should be exactly what you want:
Code: format PE GUI 4.0 include 'win32ax.inc' .data szAddr rb 20 .code main: invoke LoadLibrary, "kernel32.dll" invoke GetProcAddress, eax, "Sleep" invoke wsprintf, szAddr, "Address = 0x%8.8x", eax invoke MessageBox, 0, szAddr, "Proc address", MB_OK invoke ExitProcess, 0 .end main |
|||
![]() |
|
Overflowz
Thanks for reply but can u tell me why "0x%8.8x" for hex ? thanks.
|
|||
![]() |
|
revolution
Overflowz: Rather than waiting here for answers you can also help yourself by searching for simple answers. wsprintf is documented very well by MS (and is also the very first result returned by Google).
http://msdn.microsoft.com/en-us/library/ms647550%28VS.85%29.aspx |
|||
![]() |
|
MHajduk
Overflowz wrote: Thanks for reply but can u tell me why "0x%8.8x" for hex ? thanks.
![]() |
|||
![]() |
|
revolution
MHajduk: cinvoke for wsprintf.
|
|||
![]() |
|
MHajduk
revolution wrote: MHajduk: cinvoke for wsprintf. ![]() |
|||
![]() |
|
Overflowz
Ahh got it.. Thank you!
![]() |
|||
![]() |
|
Picnic
Hi,
You can place MessageBox and wsprintf calls inside a small show macro which might be useful to view values. Code: macro show [fmt,arg] { pushad pushfd sub esp, MAX_PATH mov ebx, esp cinvoke wsprintf, ebx, fmt, arg invoke MessageBox, HWND_DESKTOP, ebx, "", MB_OK add esp, MAX_PATH popfd popad } Now you can view the function address simply insert line in MHajduk sample, Code: invoke LoadLibrary, "kernel32.dll" invoke GetProcAddress, eax, "Sleep" show "Address = 0x%8.8x", eax invoke ExitProcess, 0 Few more examples, macro param like this fmt,arg,fmt,arg,... Code: .data Temp1 dd 0x12345678 Temp2 dd 0x87654321 .code main: mov eax, 0FFFFh mov edi, Temp1 show "Constant: %d", MAX_PATH show "Memory: 0x%X", dword [edi], "Memory: 0x%X", dword [edi+4] show "Register: 0x%X", eax, "Text: %s", "The End" Have Fun. |
|||
![]() |
|
baldr
Picnic,
Small modification will make it more like printf: Code: include "Win32AX.Inc" macro showf fmt,[arg] { common; process all args at once pushad pushfd sub esp, MAX_PATH mov ebx, esp; beware: ebx can't be used in args cinvoke wsprintf, ebx, <fmt>, arg; angle brackets for compound strings invoke MessageBox, HWND_DESKTOP, ebx, "", MB_OK add esp, MAX_PATH popfd popad } .code here: invoke LoadLibrary, "kernel32.dll" mov esi, eax invoke GetProcAddress, eax, "Sleep" showf <"Handle = %#10x", 10, "Address = 0x%8.8x">, esi, eax; format string contains LF, hence <> invoke ExitProcess, 0 .end here |
|||
![]() |
|
Picnic
Ah, how nice
![]() |
|||
![]() |
|
vid
baldr: why MAX_PATH and wsprintf? Does wsprintf have hardcoded limit of MAX_PATH or just a random pick?
Also, on a very unrelated topic: if you decrease SP by more than page size, aren't you risking that you will skip stack guard page and page fault? |
|||
![]() |
|
baldr
vid,
MSDN says wsprintf() has limit of 1024 bytes for lpOutput; my post was about modification of Picnic's show macro (so I've changed only essentials). Yes, unaware sub esp, something can miss guard page and cause fatal exception on subsequent access. Moreover, Windows won't display anything and just kills the offending process. Last edited by baldr on 19 Oct 2010, 18:31; edited 1 time in total |
|||
![]() |
|
vid
In that case, I suggest following for max convenience:
Code: macro showf fmt,[arg] { common; process all args at once pushad pushfd sub esp, 1024 mov ebx, esp; beware: ebx can't be used in args cinvoke wsprintf, ebx, <fmt>, arg; angle brackets for compound strings invoke MessageBox, HWND_DESKTOP, ebx, "", MB_OK add esp, 1024 popfd popad } |
|||
![]() |
|
Picnic
Quote: Yes, unaware sub esp, something can miss guard page and cause fatal exception on subsequent access. No argue about that, even though MAX_PATH is a common Windows API constant. |
|||
![]() |
|
pearlz
Code: mov [hExit],eax ;Store values in eax to hExit invoke wsprintf,szAddr,'Address= %d',eax ;eax [register] for speed up ;it's can be invoke wsprintf,szAddr,'Address= %d',DWORD[hExit] invoke MessageBox,0,szAddr,szAddr,MB_OK ;replace it with invoke MessageBox,0,szAddr,'Address of ExitProcess',0 ;it's show 2 U address of ExitProcess call [hExit] ;it's show 2 U it's really containt address of ExitProcess ; if it work with no error, it's really containt address of ExitProcess fun! |
|||
![]() |
|
revolution
pearlz: cinvoke wsprintf,...
|
|||
![]() |
|
Goto page 1, 2 Next < Last Thread | Next Thread > |
Forum Rules:
|
Copyright © 1999-2020, Tomasz Grysztar. Also on GitHub, YouTube, Twitter.
Website powered by rwasa.