Index
> Windows > Converting binary values to decimal and hexGoto page 1, 2 Next |
| Author |
|
|
LocoDelAssembly
You are passing a pointer to function to MessageBox twice when you actually need pointers to null terminated strings. Convert the pointer to string first, then pass it to MessageBox.
|
|||
17 Oct 2010, 19:39 |
|
|
pearlz
Code: format PE GUI 4.0 include 'win32ax.inc' .data szAddr rb 20 hExit dd ? .code proc main invoke LoadLibrary,'kernel32.dll' invoke GetProcAddress,eax,'ExitProcess' mov [hExit],eax invoke wsprintf,szAddr,'Address= %d',eax invoke MessageBox,0,szAddr,szAddr,MB_OK push 0 call [hExit] endp .end main ;Function wsprintf in user32 named is wsprintfA have fun |
|||
|
17 Oct 2010, 19:52 |
|
|
Overflowz
Mate, I need to show the address of function not to call it.. I tried that code but it shows not valid address. on my OS ExitProcess address is 0x77e32aef and msgbox shows me 1983326959.. fix please ))
|
|||
|
18 Oct 2010, 10:25 |
|
|
MHajduk
You need to format the procedure address as a hex number, right? So, this should be exactly what you want:
Code: format PE GUI 4.0 include 'win32ax.inc' .data szAddr rb 20 .code main: invoke LoadLibrary, "kernel32.dll" invoke GetProcAddress, eax, "Sleep" invoke wsprintf, szAddr, "Address = 0x%8.8x", eax invoke MessageBox, 0, szAddr, "Proc address", MB_OK invoke ExitProcess, 0 .end main |
|||
|
18 Oct 2010, 11:00 |
|
|
Overflowz
Thanks for reply but can u tell me why "0x%8.8x" for hex ? thanks.
|
|||
|
18 Oct 2010, 11:05 |
|
|
revolution
Overflowz: Rather than waiting here for answers you can also help yourself by searching for simple answers. wsprintf is documented very well by MS (and is also the very first result returned by Google).
http://msdn.microsoft.com/en-us/library/ms647550%28VS.85%29.aspx |
|||
|
18 Oct 2010, 11:17 |
|
|
MHajduk
Overflowz wrote: Thanks for reply but can u tell me why "0x%8.8x" for hex ? thanks.
 |
|||
|
18 Oct 2010, 11:17 |
|
|
revolution
MHajduk: cinvoke for wsprintf.
|
|||
|
18 Oct 2010, 11:18 |
|
|
MHajduk
revolution wrote: MHajduk: cinvoke for wsprintf.  |
|||
|
18 Oct 2010, 11:25 |
|
|
Overflowz
Ahh got it.. Thank you!
|
|||
|
18 Oct 2010, 11:37 |
|
|
Picnic
Hi,
You can place MessageBox and wsprintf calls inside a small show macro which might be useful to view values. Code: macro show [fmt,arg] { pushad pushfd sub esp, MAX_PATH mov ebx, esp cinvoke wsprintf, ebx, fmt, arg invoke MessageBox, HWND_DESKTOP, ebx, "", MB_OK add esp, MAX_PATH popfd popad } Now you can view the function address simply insert line in MHajduk sample, Code:
invoke LoadLibrary, "kernel32.dll"
invoke GetProcAddress, eax, "Sleep"
show "Address = 0x%8.8x", eax
invoke ExitProcess, 0
Few more examples, macro param like this fmt,arg,fmt,arg,... Code:
.data
Temp1 dd 0x12345678
Temp2 dd 0x87654321
.code
main:
mov eax, 0FFFFh
mov edi, Temp1
show "Constant: %d", MAX_PATH
show "Memory: 0x%X", dword [edi], "Memory: 0x%X", dword [edi+4]
show "Register: 0x%X", eax, "Text: %s", "The End"
Have Fun. |
|||
|
18 Oct 2010, 20:31 |
|
|
baldr
Picnic,
Small modification will make it more like printf: Code: include "Win32AX.Inc" macro showf fmt,[arg] { common; process all args at once pushad pushfd sub esp, MAX_PATH mov ebx, esp; beware: ebx can't be used in args cinvoke wsprintf, ebx, <fmt>, arg; angle brackets for compound strings invoke MessageBox, HWND_DESKTOP, ebx, "", MB_OK add esp, MAX_PATH popfd popad } .code here: invoke LoadLibrary, "kernel32.dll" mov esi, eax invoke GetProcAddress, eax, "Sleep" showf <"Handle = %#10x", 10, "Address = 0x%8.8x">, esi, eax; format string contains LF, hence <> invoke ExitProcess, 0 .end here |
|||
|
18 Oct 2010, 23:44 |
|
|
Picnic
Ah, how nice
|
|||
|
19 Oct 2010, 16:37 |
|
|
vid
baldr: why MAX_PATH and wsprintf? Does wsprintf have hardcoded limit of MAX_PATH or just a random pick?
Also, on a very unrelated topic: if you decrease SP by more than page size, aren't you risking that you will skip stack guard page and page fault? |
|||
|
19 Oct 2010, 18:08 |
|
|
baldr
vid,
MSDN says wsprintf() has limit of 1024 bytes for lpOutput; my post was about modification of Picnic's show macro (so I've changed only essentials). Yes, unaware sub esp, something can miss guard page and cause fatal exception on subsequent access. Moreover, Windows won't display anything and just kills the offending process. Last edited by baldr on 19 Oct 2010, 18:31; edited 1 time in total |
|||
|
19 Oct 2010, 18:20 |
|
|
vid
In that case, I suggest following for max convenience:
Code: macro showf fmt,[arg] { common; process all args at once pushad pushfd sub esp, 1024 mov ebx, esp; beware: ebx can't be used in args cinvoke wsprintf, ebx, <fmt>, arg; angle brackets for compound strings invoke MessageBox, HWND_DESKTOP, ebx, "", MB_OK add esp, 1024 popfd popad } |
|||
|
19 Oct 2010, 18:28 |
|
|
Picnic
Quote: Yes, unaware sub esp, something can miss guard page and cause fatal exception on subsequent access. No argue about that, even though MAX_PATH is a common Windows API constant. |
|||
|
19 Oct 2010, 18:46 |
|
|
pearlz
Code: mov [hExit],eax ;Store values in eax to hExit invoke wsprintf,szAddr,'Address= %d',eax ;eax [register] for speed up ;it's can be invoke wsprintf,szAddr,'Address= %d',DWORD[hExit] invoke MessageBox,0,szAddr,szAddr,MB_OK ;replace it with invoke MessageBox,0,szAddr,'Address of ExitProcess',0 ;it's show 2 U address of ExitProcess call [hExit] ;it's show 2 U it's really containt address of ExitProcess ; if it work with no error, it's really containt address of ExitProcess fun! |
|||
|
22 Oct 2010, 03:21 |
|
|
revolution
pearlz: cinvoke wsprintf,...
|
|||
|
22 Oct 2010, 04:17 |
|
| Goto page 1, 2 Next < Last Thread | Next Thread > |
Forum Rules:
|