flat assembler
Message board for the users of flat assembler.

Index > Windows > WinExec & WaitForSingleObject

Author
Thread Post new topic Reply to topic
Overflowz



Joined: 03 Sep 2010
Posts: 1046
Overflowz 13 Nov 2010, 16:50
Hello everyone. I'm stuck about those API's. I'm trying to WinExec calc.exe and wait until it will finish its execution, and after closing calc.exe it should messagebox something.. I'm trying this code but doesn't work.. Can any1 fix this for me please ? Thanks. Smile
Code:
format PE GUI 4.0
include 'WIN32AX.INC'
entry main
section '.data' data readable writeable
nProc db "calc.exe",0
section '.text' code readable executable
proc main
invoke WinExec,nProc,SW_SHOW
invoke WaitForSingleObject,eax,-1
invoke MessageBox,0,nProc,nProc,MB_OK
invoke ExitProcess,0
endp
section '.idata' import data readable
library user32,'user32.dll',kernel32,'kernel32.dll'
include 'API\USER32.INC'
include 'API\KERNEL32.INC'
section '.reloc' fixups data discardable    
Post 13 Nov 2010, 16:50
View user's profile Send private message Reply with quote
b1528932



Joined: 21 May 2010
Posts: 287
b1528932 13 Nov 2010, 18:24
WinExec suck, use CreateProcess instead.
WinExec doesnt even return u handle to process it created.


and reloc should also get readable attribute. look at pe coff spec.
Post 13 Nov 2010, 18:24
View user's profile Send private message Reply with quote
Overflowz



Joined: 03 Sep 2010
Posts: 1046
Overflowz 13 Nov 2010, 19:00
hmm maybe can you write some little example ? Smile
Post 13 Nov 2010, 19:00
View user's profile Send private message Reply with quote
baldr



Joined: 19 Mar 2008
Posts: 1651
baldr 13 Nov 2010, 19:13
Overflowz,

Why do you think that WinExec() returns handle to a waitable object?

Search is the key. CreateProcess() is the keyword. You'll probably get tons of examples.

----8<----
b1528932,

WinExec() is deprecated and insecure, but why it sucks? Despite its limitation, it works, and it's simple.

Base relocations can reside anywhere, kernel ignores protection attributes of the containing section. Most sections are created as readable anyway.
Post 13 Nov 2010, 19:13
View user's profile Send private message Reply with quote
drobole



Joined: 03 Nov 2010
Posts: 67
Location: Norway
drobole 13 Nov 2010, 19:50
@Overflowz
You generally don't get any help if you don't show that you tried yourself. Its a harsh world out there Evil or Very Mad

It just so happens that I have a CreateProcess test program available, but you will have to look up the documentation yourself. I don't feel like commenting the code other than the fact that it may contain hazardous constructs

Code:
format PE GUI 4.0 

include 'WIN32AX.INC' 

entry main 

section '.data' data readable writeable 
       
    startInfo STARTUPINFO <> 
     sizeof.startInfo = $ - startInfo
        procInfo PROCESS_INFORMATION <>
   sizeof.procInfo = $ - procInfo
      prog db "calc.exe", 0 

section '.text' code readable executable 

proc main 

   invoke RtlZeroMemory, startInfo, sizeof.startInfo
   invoke RtlZeroMemory, procInfo, sizeof.procInfo
     mov [startInfo.cb], sizeof.startInfo
        
    invoke CreateProcess, 0, prog, 0, 0, DETACHED_PROCESS, NORMAL_PRIORITY_CLASS, 0, 0, startInfo, procInfo
     invoke WaitForSingleObject, [procInfo.hProcess], 0xffffffff ;  INFINITE
     
    invoke CloseHandle, procInfo.hProcess
        invoke CloseHandle, procInfo.hThread
       
    invoke MessageBox, 0, prog, prog, MB_OK 
    invoke ExitProcess, 0 

endp 

section '.idata' import data readable 

     library user32, 'user32.dll', kernel32, 'kernel32.dll'      

        include 'API\USER32.INC' 
        include 'API\KERNEL32.INC' 

section '.reloc' fixups data readable discardable
    
Post 13 Nov 2010, 19:50
View user's profile Send private message Reply with quote
Overflowz



Joined: 03 Sep 2010
Posts: 1046
Overflowz 14 Nov 2010, 10:40
Thanks it works fine. I understand myself what's going on that code but I don't understand why you use ZeroMemory thing.. I don't know about Allocation things.. I tried without that and worked fine. Other things I know now what does what. Thanks for reply Smile
Post 14 Nov 2010, 10:40
View user's profile Send private message Reply with quote
baldr



Joined: 19 Mar 2008
Posts: 1651
baldr 15 Nov 2010, 18:39
Overflowz wrote:
…I don't understand why you use ZeroMemory thing.
Uninitialized data can contain anything (though under NT it rarely differs from 0); in this case fasm fills those structures with 0 because they're followed by db "calc.exe", 0.

Static data probably should be initialized statically rather than dynamically (i.e. at compile time rather that run time).
Post 15 Nov 2010, 18:39
View user's profile Send private message Reply with quote
drobole



Joined: 03 Nov 2010
Posts: 67
Location: Norway
drobole 15 Nov 2010, 20:24
@overflowz
For the record, (Rtl)ZeroMemory fills memory with 0's.
Filling a data structure with 0's has basically the same effect as setting all its fields to 0

Quote:

fasm fills those structures with 0 because they're followed by db "calc.exe", 0.

May I ask what the logic behind this is?
Is this behavior documented anywhere?
Post 15 Nov 2010, 20:24
View user's profile Send private message Reply with quote
baldr



Joined: 19 Mar 2008
Posts: 1651
baldr 15 Nov 2010, 21:39
drobole,

It can't fill them with ?, can it? Wink

You may look in SOURCE\ASSEMBLE.INC around data_bytes: label. fasm initializes those bytes to 0 but doesn't include them in the initialized portion of data yet (until some really initialized data follows). When output file is written, those bytes may or may not be included (only initialized portion is output).
Post 15 Nov 2010, 21:39
View user's profile Send private message Reply with quote
drobole



Joined: 03 Nov 2010
Posts: 67
Location: Norway
drobole 15 Nov 2010, 23:13
Quote:

It can't fill them with ?, can it?

Well, I was under the impression that ? was a placeholder, and that nothing was filled in in those cases. Coming from C that seems perfectly reasonable to me. In fact, C never initialize variables or structs at all, and they are known to hold "garbage" until explicitly initialized.
I will be sure to look into those bits though Idea

Another thing that is somewhat related;
I have seen the construct <0> used as part of struct definitions. (And also <>)
Is this a initialization list where you can initialize each member of the struct, or is it more like a repeated fill value. Or is it something entirely different?

edit:
Ok, I think I get it. Be cause some other data in the same section is initalized, fasm will consider it a section of initalized data, as opposed to uninitalized data, and fill it automatically? Anyway, I guess I'll look into those files you mentioned. Maybe the answer lies there.
Post 15 Nov 2010, 23:13
View user's profile Send private message Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2025, Tomasz Grysztar. Also on GitHub, YouTube.

Website powered by rwasa.