flat assembler
Message board for the users of flat assembler.

Index > Windows > Working with binary files.

Author
Thread Post new topic Reply to topic
Overflowz



Joined: 03 Sep 2010
Posts: 1046
Overflowz 20 Feb 2011, 15:45
Hello everyone. I have some questions how to work with binary files. First of all, I'm interested about ReadFile API (I guess). Here's structure what I'm trying to do.
1) Open binary file (OpenFile, CreateFile or some API)
2) Get start of file, and end of file address
3) Go to offset for example 0x000071ef and get that byte from file
4) Change that byte to another and save it back
5) And save modified file.
Can anyone show me example of this ? Thanks. Smile
Regards.
Post 20 Feb 2011, 15:45
View user's profile Send private message Reply with quote
typedef



Joined: 25 Jul 2010
Posts: 2909
Location: 0x77760000
typedef 20 Feb 2011, 17:59
Dude, haha LOL ,,,

struct FILE_INFO
{
int x;
int y;
};

;FILE_INFO info{ 2,2 };

Code:

.data

hFile DD ?
mov [info.x],2
mov [info.y],2

push ...
OPEN_EXISTING <----Not this
call [CreateFile]

invoke WriteFile,[hFile],info,sizeof.FILE_INFO......


;; in another program

FILE_INFO in = {0,0}

if FILE_INFO 0,0
invoke ReadFile,[hFile],in,size......

first FILE_INFO is in second FILE_INFO now.


    


Is that it ?
Post 20 Feb 2011, 17:59
View user's profile Send private message Reply with quote
Overflowz



Joined: 03 Sep 2010
Posts: 1046
Overflowz 20 Feb 2011, 18:07
lol I don't understand :/ I need working example in asm Sad
Post 20 Feb 2011, 18:07
View user's profile Send private message Reply with quote
typedef



Joined: 25 Jul 2010
Posts: 2909
Location: 0x77760000
typedef 20 Feb 2011, 19:55
Ok, sorry dude I was a little busy then here's a simpl Console app in FASM

Code:
;
; Program to write a structure to a file and then read it back.
; Good for designing your own file format Smile
;
;  Enjoy
;

format pe console 4.0

include 'win32ax.inc'
include 'api/kernel32.inc'

entry main

.data
    msg1 db 'Wrote to file ',0
    msg2 db 'Read from file ',0
    txt_out_format db '%s {%u %u}',13,10,0
    ;Make a struct
    struct OVERFLOWZ
           _x dd ?   ; OVERFLOWZ + 0
           _y dd ?   ; OVERFLOWZ + 1
    ends

   _OvrFlwz OVERFLOWZ 0,0
   _OvrFlwz_New OVERFLOWZ 0,0

hFile dd ? ; File handle
nBytesWritten dd ?
nBytesRead    dd ?
.code
    proc main
         mov [_OvrFlwz._x],2
         mov [_OvrFlwz._y],4
    ;this will attempt to write the raw struct to the file 'file.bin'. 8 bytes total

         invoke CreateFile,'file.bin',GENERIC_WRITE,FILE_SHARE_READ,NULL,CREATE_ALWAYS,FILE_ATTRIBUTE_NORMAL,NULL

         mov    [hFile],eax

         invoke WriteFile ,eax,_OvrFlwz,sizeof.OVERFLOWZ,nBytesWritten,NULL

         invoke CloseHandle,[hFile]

         invoke printf,txt_out_format,msg1,[_OvrFlwz._x],[_OvrFlwz._y]

         ;Now read the data back into a new struct; 8 bytes to read

         invoke CreateFile,'file.bin',GENERIC_READ,FILE_SHARE_READ,NULL,OPEN_EXISTING,FILE_ATTRIBUTE_NORMAL,NULL

         mov    [hFile],eax

         invoke ReadFile,eax,_OvrFlwz_New,8,nBytesRead,NULL

         invoke CloseHandle,[hFile]

         invoke printf,txt_out_format,msg2,[_OvrFlwz_New._x],[_OvrFlwz_New._y]

         invoke system,'pause'
        push eax
        call [ExitProcess]
    endp

section '.idata' import data readable
        library kernel32,'kernel32.dll',\
                  msvc  ,  'msvcrt.dll'
 import msvc,\
        system,'system',\
        printf,'printf'
    


This is mostly known as 'Object / Data serialization' in most HLL's
Post 20 Feb 2011, 19:55
View user's profile Send private message Reply with quote
Overflowz



Joined: 03 Sep 2010
Posts: 1046
Overflowz 20 Feb 2011, 20:32
typedef
without mixing C language Sad I don't even know what the hell does struct and what you did there I don't understand anything..
Post 20 Feb 2011, 20:32
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 20299
Location: In your JS exploiting you and your system
revolution 20 Feb 2011, 20:43
Overflowz wrote:
I don't even know what the hell does struct ...
See here: http://flatassembler.net/docs.php?article=win32#1.1
Post 20 Feb 2011, 20:43
View user's profile Send private message Visit poster's website Reply with quote
typedef



Joined: 25 Jul 2010
Posts: 2909
Location: 0x77760000
typedef 20 Feb 2011, 20:54
Oh, my Bad...

You don't event know what a struct and what it does? Shocked

Struct will ease the burden of having to move pointers around.

If you recall 'IMAGE_NT_HEADERS' <----- This is a Structure.

Code:

struct MY_STRUCT
        x dd ?
        y dd ?
ends

same as

label:
        [0x100]: db  x ?
        [0x101]: db  y ?
        ;ends here.....
                              accessing will be
        label.x or label.y

^ It's just like playing around on the stack:
;For example if you passed it as a value to a procedure

proc  proc_

mov eax , [ESP+8]
       [eax+label.x] or eax+MY_STRUCT.x will cast and give you the value in [ESP+8] which is [MY_STRUCT+4]

Get it now? :D

Dude you should learn atleast C or JAVA, or VB LOL... :



    
Laughing
Post 20 Feb 2011, 20:54
View user's profile Send private message Reply with quote
Overflowz



Joined: 03 Sep 2010
Posts: 1046
Overflowz 20 Feb 2011, 20:59
Hehe Smile I'm gonna learn C after I'll go university. I'm 17 only now Sad
Post 20 Feb 2011, 20:59
View user's profile Send private message Reply with quote
typedef



Joined: 25 Jul 2010
Posts: 2909
Location: 0x77760000
typedef 20 Feb 2011, 21:18
Overflowz wrote:
I'm gonna learn C after I'll go university. I'm 17 only now Sad


Not bad, I started that when I was in High School. (Freshman yr) LOL

I started with Visual Basic --> VB.NET --> C/C++, C/C++.NET, C#, then JAVA...LOL.

I know QBasic too but it's old and I don't use it anymore.. I find raw WIN32 more sexy than .NET Razz. And so I lost interest in .NET stuff, I now do PHP, HTML, JAVA, ASM, C/C++ etc....Excluding .NET stuff, so yeah. Thought I might share that with you.
Post 20 Feb 2011, 21:18
View user's profile Send private message Reply with quote
Overflowz



Joined: 03 Sep 2010
Posts: 1046
Overflowz 20 Feb 2011, 21:32
typedef
Hehe Smile I started when I was 10 (lol).. I was learning Bath, VBS, JScript(Windows Script) and then started basic C (not followed it..) then web languages. and back on assembly now hehe Smile I don't like VB and .NET programming >.> delphi neither.. I like assembly very much and learning it Very Happy
Post 20 Feb 2011, 21:32
View user's profile Send private message Reply with quote
typedef



Joined: 25 Jul 2010
Posts: 2909
Location: 0x77760000
typedef 20 Feb 2011, 22:02
I know dude. I love assembly too. I wish I had known about it sometime back, I hate all these .NET stuff, I feel you ma MAN. Very Happy
Post 20 Feb 2011, 22:02
View user's profile Send private message Reply with quote
Overflowz



Joined: 03 Sep 2010
Posts: 1046
Overflowz 20 Feb 2011, 22:38
typedef
nice to hear Wink anyway if anyone else knows how to do just post it here (:
Post 20 Feb 2011, 22:38
View user's profile Send private message Reply with quote
typedef



Joined: 25 Jul 2010
Posts: 2909
Location: 0x77760000
typedef 20 Feb 2011, 22:53
You can use DOS interrupts maybe.... If you want pure assembly.
Post 20 Feb 2011, 22:53
View user's profile Send private message Reply with quote
DOS386



Joined: 08 Dec 2006
Posts: 1900
DOS386 21 Feb 2011, 07:53
typedef wrote:
You can use DOS interrupts maybe....


Bad idea Sad

Quote:
If you want pure assembly


> CreateFile,'file.bin',GENERIC_WRITE,FILE_SHARE_READ,NULL,CREATE_NEVER
> WriteFile ,eax,_OvrFlwz,sizeof.OVERFLOWZ,nBytesWritten,NULL
> CloseHandle,[hFile]

Good, just avoid M$WCRT.DLL, avoid invoke, instead PUSH and then CALL KERNEL32.DLL Wink

_________________
Bug Nr.: 12345

Title: Hello World program compiles to 100 KB !!!

Status: Closed: NOT a Bug
Post 21 Feb 2011, 07:53
View user's profile Send private message Reply with quote
typedef



Joined: 25 Jul 2010
Posts: 2909
Location: 0x77760000
typedef 21 Feb 2011, 13:15
word....I usually use PUSH and CALL.

Code:
call [ALIAS_HERE]
    


But I know what you mean. I read about calling conventions and all that.

Well, I used MSVCRT.DLL because I did not want to take up
time writing to the STD_OUTPUT Handle..... <---- But I know it's better than printf Very Happy

And oh, the printf function should be called by cinvoke if possible...

But thanks though Very Happy
Post 21 Feb 2011, 13:15
View user's profile Send private message Reply with quote
typedef



Joined: 25 Jul 2010
Posts: 2909
Location: 0x77760000
typedef 21 Feb 2011, 13:29
Bump : SNOW DAY ! NO COLLEGE TODAY ! HAHA.

NOW THAT'S THE REAL AMERICAN LIFE Very Happy
Post 21 Feb 2011, 13:29
View user's profile Send private message Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2024, Tomasz Grysztar. Also on GitHub, YouTube.

Website powered by rwasa.