flat assembler
Message board for the users of flat assembler.
Index
> Windows > Converting binary values to decimal and hex Goto page 1, 2 Next |
Author |
|
LocoDelAssembly 17 Oct 2010, 19:39
You are passing a pointer to function to MessageBox twice when you actually need pointers to null terminated strings. Convert the pointer to string first, then pass it to MessageBox.
|
|||
17 Oct 2010, 19:39 |
|
pearlz 17 Oct 2010, 19:52
Code: format PE GUI 4.0 include 'win32ax.inc' .data szAddr rb 20 hExit dd ? .code proc main invoke LoadLibrary,'kernel32.dll' invoke GetProcAddress,eax,'ExitProcess' mov [hExit],eax invoke wsprintf,szAddr,'Address= %d',eax invoke MessageBox,0,szAddr,szAddr,MB_OK push 0 call [hExit] endp .end main ;Function wsprintf in user32 named is wsprintfA have fun |
|||
17 Oct 2010, 19:52 |
|
Overflowz 18 Oct 2010, 10:25
Mate, I need to show the address of function not to call it.. I tried that code but it shows not valid address. on my OS ExitProcess address is 0x77e32aef and msgbox shows me 1983326959.. fix please ))
|
|||
18 Oct 2010, 10:25 |
|
MHajduk 18 Oct 2010, 11:00
You need to format the procedure address as a hex number, right? So, this should be exactly what you want:
Code: format PE GUI 4.0 include 'win32ax.inc' .data szAddr rb 20 .code main: invoke LoadLibrary, "kernel32.dll" invoke GetProcAddress, eax, "Sleep" invoke wsprintf, szAddr, "Address = 0x%8.8x", eax invoke MessageBox, 0, szAddr, "Proc address", MB_OK invoke ExitProcess, 0 .end main |
|||
18 Oct 2010, 11:00 |
|
Overflowz 18 Oct 2010, 11:05
Thanks for reply but can u tell me why "0x%8.8x" for hex ? thanks.
|
|||
18 Oct 2010, 11:05 |
|
revolution 18 Oct 2010, 11:17
Overflowz: Rather than waiting here for answers you can also help yourself by searching for simple answers. wsprintf is documented very well by MS (and is also the very first result returned by Google).
http://msdn.microsoft.com/en-us/library/ms647550%28VS.85%29.aspx |
|||
18 Oct 2010, 11:17 |
|
MHajduk 18 Oct 2010, 11:17
Overflowz wrote: Thanks for reply but can u tell me why "0x%8.8x" for hex ? thanks.
|
|||
18 Oct 2010, 11:17 |
|
revolution 18 Oct 2010, 11:18
MHajduk: cinvoke for wsprintf.
|
|||
18 Oct 2010, 11:18 |
|
MHajduk 18 Oct 2010, 11:25
revolution wrote: MHajduk: cinvoke for wsprintf. |
|||
18 Oct 2010, 11:25 |
|
Overflowz 18 Oct 2010, 11:37
Ahh got it.. Thank you!
|
|||
18 Oct 2010, 11:37 |
|
Picnic 18 Oct 2010, 20:31
Hi,
You can place MessageBox and wsprintf calls inside a small show macro which might be useful to view values. Code: macro show [fmt,arg] { pushad pushfd sub esp, MAX_PATH mov ebx, esp cinvoke wsprintf, ebx, fmt, arg invoke MessageBox, HWND_DESKTOP, ebx, "", MB_OK add esp, MAX_PATH popfd popad } Now you can view the function address simply insert line in MHajduk sample, Code: invoke LoadLibrary, "kernel32.dll" invoke GetProcAddress, eax, "Sleep" show "Address = 0x%8.8x", eax invoke ExitProcess, 0 Few more examples, macro param like this fmt,arg,fmt,arg,... Code: .data Temp1 dd 0x12345678 Temp2 dd 0x87654321 .code main: mov eax, 0FFFFh mov edi, Temp1 show "Constant: %d", MAX_PATH show "Memory: 0x%X", dword [edi], "Memory: 0x%X", dword [edi+4] show "Register: 0x%X", eax, "Text: %s", "The End" Have Fun. |
|||
18 Oct 2010, 20:31 |
|
baldr 18 Oct 2010, 23:44
Picnic,
Small modification will make it more like printf: Code: include "Win32AX.Inc" macro showf fmt,[arg] { common; process all args at once pushad pushfd sub esp, MAX_PATH mov ebx, esp; beware: ebx can't be used in args cinvoke wsprintf, ebx, <fmt>, arg; angle brackets for compound strings invoke MessageBox, HWND_DESKTOP, ebx, "", MB_OK add esp, MAX_PATH popfd popad } .code here: invoke LoadLibrary, "kernel32.dll" mov esi, eax invoke GetProcAddress, eax, "Sleep" showf <"Handle = %#10x", 10, "Address = 0x%8.8x">, esi, eax; format string contains LF, hence <> invoke ExitProcess, 0 .end here |
|||
18 Oct 2010, 23:44 |
|
Picnic 19 Oct 2010, 16:37
Ah, how nice
|
|||
19 Oct 2010, 16:37 |
|
vid 19 Oct 2010, 18:08
baldr: why MAX_PATH and wsprintf? Does wsprintf have hardcoded limit of MAX_PATH or just a random pick?
Also, on a very unrelated topic: if you decrease SP by more than page size, aren't you risking that you will skip stack guard page and page fault? |
|||
19 Oct 2010, 18:08 |
|
baldr 19 Oct 2010, 18:20
vid,
MSDN says wsprintf() has limit of 1024 bytes for lpOutput; my post was about modification of Picnic's show macro (so I've changed only essentials). Yes, unaware sub esp, something can miss guard page and cause fatal exception on subsequent access. Moreover, Windows won't display anything and just kills the offending process. Last edited by baldr on 19 Oct 2010, 18:31; edited 1 time in total |
|||
19 Oct 2010, 18:20 |
|
vid 19 Oct 2010, 18:28
In that case, I suggest following for max convenience:
Code: macro showf fmt,[arg] { common; process all args at once pushad pushfd sub esp, 1024 mov ebx, esp; beware: ebx can't be used in args cinvoke wsprintf, ebx, <fmt>, arg; angle brackets for compound strings invoke MessageBox, HWND_DESKTOP, ebx, "", MB_OK add esp, 1024 popfd popad } |
|||
19 Oct 2010, 18:28 |
|
Picnic 19 Oct 2010, 18:46
Quote: Yes, unaware sub esp, something can miss guard page and cause fatal exception on subsequent access. No argue about that, even though MAX_PATH is a common Windows API constant. |
|||
19 Oct 2010, 18:46 |
|
pearlz 22 Oct 2010, 03:21
Code: mov [hExit],eax ;Store values in eax to hExit invoke wsprintf,szAddr,'Address= %d',eax ;eax [register] for speed up ;it's can be invoke wsprintf,szAddr,'Address= %d',DWORD[hExit] invoke MessageBox,0,szAddr,szAddr,MB_OK ;replace it with invoke MessageBox,0,szAddr,'Address of ExitProcess',0 ;it's show 2 U address of ExitProcess call [hExit] ;it's show 2 U it's really containt address of ExitProcess ; if it work with no error, it's really containt address of ExitProcess fun! |
|||
22 Oct 2010, 03:21 |
|
revolution 22 Oct 2010, 04:17
pearlz: cinvoke wsprintf,...
|
|||
22 Oct 2010, 04:17 |
|
Goto page 1, 2 Next < Last Thread | Next Thread > |
Forum Rules:
|
Copyright © 1999-2025, Tomasz Grysztar. Also on GitHub, YouTube.
Website powered by rwasa.