flat assembler
Message board for the users of flat assembler.
![]() |
Author |
|
revolution 20 Feb 2011, 02:03
If you had it in fasm syntax then perhaps I could test it for you.
|
|||
![]() |
|
Hornet52 20 Feb 2011, 03:11
That's fair enough this is a FASM board after all, below is the code converted to FASM style syntax:
Code: ;================================================ ;Portable Executable(PE) format ;-Assemble as a pure binary format ;================================================ use32 ORG 0x400E00 AppBase equ 0x400E00 Section_Alignment equ 0x1000 File_Alignment equ 0x200 DOS_Header: dw 0x5A4D dw 0x00 dw 0x00 dw 0x00 dw 0x00 dw 0x00 dw 0x00 dw 0x00 dw 0x00 dw 0x00 dw 0x00 dw 0x00 dw 0x00 dw 0x00 times 4 dw 0x00 ;Reserved words dw 0x00 dw 0x00 times 10 dw 0x00 ;Reserved words dd PE_Signature - AppBase DOS_Stub: mov DX, DOS_Stub.msg - AppBase mov AH, 0x09 int 0x21 mov AH, 0x4C int 0x21 .msg: db "This is a Win32 NT Windows program only", 0x0D, 0x0D, 0x0A, 0x24 ALIGN 0x08 PE_Signature: ;must be in 8-byte alignment dd 0x00004550 COFF_Header: dw 0x014C dw 0x01 ;Only 1 section(.text) dd 0x00 dd 0x00 dd 0x00 dw Optional_Header_Size dw 0x0103 Optional_Header: dw 0x010B db 0x00 db 0x00 dd Code_Section_Size dd 0x00 dd 0x00 dd (Main-File_Alignment)+Section_Alignment-AppBase ;Execution will start at this point dd Code_Section - AppBase dd Code_Section_Size dd 0x400000 ;Windows-only fields dd Section_Alignment dd File_Alignment dw 0x00 dw 0x00 dw 0x00 dw 0x00 dw 0x04 dw 0x00 dd 0x00 dd (((Code_Section_Size+(Section_Alignment-1))/Section_Alignment)*Section_Alignment)+Section_Alignment dd (((All_Header_Size+(File_Alignment-1))/File_Alignment)*File_Alignment) dd 0x00 dw 0x02 dw 0x00 dd 0x100000 dd 0x1000 dd 0x100000 dd 0x00 dd 0x00 dd 0x10 ;Number of directories dd 0x00 ;Data directories dd 0x00 dd (Idata-File_Alignment)+Section_Alignment-AppBase dd Idata_Size times 0x0E dq 0x00 Optional_Header_Size = $ - Optional_Header Code_Section_Header: db ".text", 0x00, 0x00, 0x00 dd Code_Section_Size dd (Code_Section-File_Alignment)+Section_Alignment-AppBase dd (((Code_Section_Size+(File_Alignment-1))/File_Alignment)*File_Alignment) dd Code_Section - AppBase dd 0x00 dd 0x00 dw 0x00 dw 0x00 dd 0xE0000020 ;All access rights (read/write/execute) All_Header_Size = $ - $$ ALIGN File_Alignment ;should be at 0x401000 Code_Section: ;===================.text=================== Main: push DWORD 0x00 ;Get hInstance for class etc. call [GetModuleHandleW] mov [hInstance], EAX push DWORD 0x7F00 ;Get a cursor for application push DWORD 0x00 call [LoadCursorW] mov [hCursor], EAX push DWORD WNDCLASSEX ;Register windows class call [RegisterClassExW] push DWORD 0x00 ;Create Window push DWORD [hInstance] push DWORD 0x00 push DWORD 0x00 push DWORD 0x01F4 push DWORD 0x01F4 push DWORD 0x64 push DWORD 0x64 push DWORD 0x10CF0000 ;WS_OVERLAPPEDWINDOW | WS_VISIBLE push DWORD String.WindowName push DWORD String.ClassName push DWORD 0x00 call [CreateWindowExW] or EAX, EAX jz Error MessageLoop: push DWORD 0x00 push DWORD 0x00 push DWORD 0x00 push DWORD MSG call [GetMessageW] or EAX, EAX jz WM_QUIT ;check for quiting push DWORD MSG call [TranslateMessage] push DWORD MSG call [DispatchMessageW] jmp MessageLoop WndProc: push EBP ;[EBP+0x08] hWnd mov EBP, ESP ;[EBP+0x0C] Message push EBX ;[EBP+0x10] wParam push ESI ;[EBP+0x14] lParam push EDI cmp DWORD [EBP+0x0C], 0x02 je WM_DESTORY .Default: push DWORD [EBP+0x14] push DWORD [EBP+0x10] push DWORD [EBP+0x0C] push DWORD [EBP+0x08] call [DefWindowProcW] .Return: mov ESP, EBP pop EBP pop EDI pop ESI pop EBX ret WM_DESTORY: push DWORD 0x00 call [PostQuitMessage] jmp WndProc.Return WM_QUIT: push DWORD wParam call [ExitProcess] Error: push DWORD 0x00 push DWORD 0x00 push DWORD 0x00 push DWORD 0x00 call [MessageBoxW] jmp WM_QUIT ;===================.data=================== WNDCLASSEX: cbSize dd 0x30 ;48 bytes (same everytime) style dd 0x03 ;CS_HREDRAW | CS_VREDRAW, redraw lpfnWndProc dd WndProc cbClsExtra dd 0x00 cbWndExtra dd 0x00 hInstance dd 0x00 ;Will be updated when application starts hIcon dd 0x00 ;No Icon hCursor dd 0x00 ;Will be set in Main hbrBackground dd 0x06 ;COLOR_WINDOW+1 lpszMenuName dd 0x00 lpszClassName dd String.ClassName ;"Main Class" hIconSm dd 0x00 MSG: hwnd dd 0x00 message dd 0x00 wParam dd 0x00 lParam dd 0x00 time dd 0x00 ptx dd 0x00 pty dd 0x00 String: .ClassName: db "Main Class", 0x00 .WindowName: db "Basic Window", 0x00 Idata: ;===================.idata=================== dd 0x00 dd 0x00 dd 0x00 dd (Kernel32.name-File_Alignment)+Section_Alignment-AppBase dd (Kernel32.iat-File_Alignment)+Section_Alignment-AppBase dd 0x00 dd 0x00 dd 0x00 dd (User32.name-File_Alignment)+Section_Alignment-AppBase dd (User32.iat-File_Alignment)+Section_Alignment-AppBase dd 0x00 ;null entry, end of table/directory dd 0x00 dd 0x00 dd 0x00 dd 0x00 Kernel32: .name: db "KERNEL32.dll", 0x00 .iat: ExitProcess dd (FunctionName.K1-File_Alignment)+Section_Alignment-AppBase GetModuleHandleW dd (FunctionName.K2-File_Alignment)+Section_Alignment-AppBase dd 0x00 User32: .name: db "USER32.dll", 0x00 .iat: MessageBoxW dd (FunctionName.U1-File_Alignment)+Section_Alignment-AppBase RegisterClassExW dd (FunctionName.U2-File_Alignment)+Section_Alignment-AppBase LoadCursorW dd (FunctionName.U3-File_Alignment)+Section_Alignment-AppBase CreateWindowExW dd (FunctionName.U4-File_Alignment)+Section_Alignment-AppBase GetMessageW dd (FunctionName.U5-File_Alignment)+Section_Alignment-AppBase TranslateMessage dd (FunctionName.U6-File_Alignment)+Section_Alignment-AppBase DispatchMessageW dd (FunctionName.U7-File_Alignment)+Section_Alignment-AppBase DefWindowProcW dd (FunctionName.U8-File_Alignment)+Section_Alignment-AppBase PostQuitMessage dd (FunctionName.U9-File_Alignment)+Section_Alignment-AppBase dd 0x00 FunctionName: .K1: dw 0x00 db "ExitProcess", 0x00 .K2: dw 0x00 db "GetModuleHandleW", 0x00, 0x00 .U1: dw 0x00 db "MessageBoxW", 0x00 .U2: dw 0x00 db "RegisterClassExW", 0x00, 0x00 .U3: dw 0x00 db "LoadCursorW", 0x00 .U4: dw 0x00 db "CreateWindowExW", 0x00 .U5: dw 0x00 db "GetMessageW", 0x00 .U6: dw 0x00 db "TranslateMessage", 0x00, 0x00 .U7: dw 0x00 db "DispatchMessageW", 0x00, 0x00 .U8: dw 0x00 db "DefWindowProcW", 0x00, 0x00 .U9: dw 0x00 db "PostQuitMessage", 0x00 Idata_Size = $ - Idata Code_Section_Size = $ - Code_Section times 0x600-($-$$) db 0 |
|||
![]() |
|
revolution 20 Feb 2011, 03:27
A couple of changes to get you started:
Code: ;... .Return: pop EDI pop ESI pop EBX pop EBP ret ;... String: .ClassName: du "Main Class", 0x00 .WindowName: du "Basic Window", 0x00 ;... |
|||
![]() |
|
Hornet52 20 Feb 2011, 18:48
Thanks, I changed the stack unwinding and made unicode compliant strings, still no effect on the error however. 'CreateWindowEx" still returns a fail(Null). Any ideas why?
|
|||
![]() |
|
vid 20 Feb 2011, 18:55
When API fails, use GetLastError to find out error code (and optionally FormatMessage to turn it into readable string)
|
|||
![]() |
|
revolution 20 Feb 2011, 18:55
Hornet52: Really? It worked for me when I ran it with just those two changes. Gives me a white window which can be closed by clicking the X.
|
|||
![]() |
|
Hornet52 20 Feb 2011, 19:19
Sorry my mistake, in the return state I left the "mov ESP, EBP", which I realize is the actual error. So I assume due to moving the pointers back and forth the stack would have grown beyond the applications scope? I took that line out and sure enough ran as you said. Damn calling conventions I'll have to look into them more.
Thanks FASM gentleman Finished code below (FASM syntax): Code: ;================================================ ;Portable Executable(PE) format ;-Assemble as a pure binary format ;================================================ use32 ORG 0x400E00 AppBase equ 0x400E00 Section_Alignment equ 0x1000 File_Alignment equ 0x200 DOS_Header: dw 0x5A4D dw 0x00 dw 0x00 dw 0x00 dw 0x00 dw 0x00 dw 0x00 dw 0x00 dw 0x00 dw 0x00 dw 0x00 dw 0x00 dw 0x00 dw 0x00 times 4 dw 0x00 ;Reserved words dw 0x00 dw 0x00 times 10 dw 0x00 ;Reserved words dd PE_Signature - AppBase DOS_Stub: mov DX, DOS_Stub.msg - AppBase mov AH, 0x09 int 0x21 mov AH, 0x4C int 0x21 .msg: db "This is a Win32 NT Windows program only", 0x0D, 0x0D, 0x0A, 0x24 ALIGN 0x08 PE_Signature: ;must be in 8-byte alignment dd 0x00004550 COFF_Header: dw 0x014C dw 0x01 ;Only 1 section(.text) dd 0x00 dd 0x00 dd 0x00 dw Optional_Header_Size dw 0x0103 Optional_Header: dw 0x010B db 0x00 db 0x00 dd Code_Section_Size dd 0x00 dd 0x00 dd (Main-File_Alignment)+Section_Alignment-AppBase ;Execution will start at this point dd Code_Section - AppBase dd Code_Section_Size dd 0x400000 ;Windows-only fields dd Section_Alignment dd File_Alignment dw 0x00 dw 0x00 dw 0x00 dw 0x00 dw 0x04 dw 0x00 dd 0x00 dd (((Code_Section_Size+(Section_Alignment-1))/Section_Alignment)*Section_Alignment)+Section_Alignment dd (((All_Header_Size+(File_Alignment-1))/File_Alignment)*File_Alignment) dd 0x00 dw 0x02 dw 0x00 dd 0x100000 dd 0x1000 dd 0x100000 dd 0x00 dd 0x00 dd 0x10 ;Number of directories dd 0x00 ;Data directories dd 0x00 dd (Idata-File_Alignment)+Section_Alignment-AppBase dd Idata_Size times 0x0E dq 0x00 Optional_Header_Size = $ - Optional_Header Code_Section_Header: db ".text", 0x00, 0x00, 0x00 dd Code_Section_Size dd (Code_Section-File_Alignment)+Section_Alignment-AppBase dd (((Code_Section_Size+(File_Alignment-1))/File_Alignment)*File_Alignment) dd Code_Section - AppBase dd 0x00 dd 0x00 dw 0x00 dw 0x00 dd 0xE0000020 ;All access rights (read/write/execute) All_Header_Size = $ - $$ ALIGN File_Alignment ;should be at 0x401000 Code_Section: ;===================.text=================== Main: push DWORD 0x00 ;Get hInstance for class etc. call [GetModuleHandleW] mov [hInstance], EAX push DWORD 0x7F00 ;Get a cursor for application push DWORD 0x00 call [LoadCursorW] mov [hCursor], EAX push DWORD WNDCLASSEX ;Register windows class call [RegisterClassExW] push DWORD 0x00 ;Create Window push DWORD [hInstance] push DWORD 0x00 push DWORD 0x00 push DWORD 0x01F4 push DWORD 0x01F4 push DWORD 0x64 push DWORD 0x64 push DWORD 0x10CF0000 ;WS_OVERLAPPEDWINDOW | WS_VISIBLE push DWORD String.WindowName push DWORD String.ClassName push DWORD 0x00 call [CreateWindowExW] or EAX, EAX jz Error MessageLoop: push DWORD 0x00 push DWORD 0x00 push DWORD 0x00 push DWORD MSG call [GetMessageW] or EAX, EAX jz WM_QUIT ;check for quiting push DWORD MSG call [TranslateMessage] push DWORD MSG call [DispatchMessageW] jmp MessageLoop WndProc: push EBP ;[EBP+0x08] hWnd mov EBP, ESP ;[EBP+0x0C] Message push EBX ;[EBP+0x10] wParam push ESI ;[EBP+0x14] lParam push EDI cmp DWORD [EBP+0x0C], 0x02 je WM_DESTORY .Default: push DWORD [EBP+0x14] push DWORD [EBP+0x10] push DWORD [EBP+0x0C] push DWORD [EBP+0x08] call [DefWindowProcW] .Return: pop EDI pop ESI pop EBX pop EBP ret WM_DESTORY: push DWORD 0x00 call [PostQuitMessage] jmp WndProc.Return WM_QUIT: push DWORD wParam call [ExitProcess] Error: push DWORD 0x00 push DWORD 0x00 push DWORD 0x00 push DWORD 0x00 call [MessageBoxW] jmp WM_QUIT ;===================.data=================== WNDCLASSEX: cbSize dd 0x30 ;48 bytes (same everytime) style dd 0x03 ;CS_HREDRAW | CS_VREDRAW, redraw lpfnWndProc dd WndProc cbClsExtra dd 0x00 cbWndExtra dd 0x00 hInstance dd 0x00 ;Will be updated when application starts hIcon dd 0x00 ;No Icon hCursor dd 0x00 ;Will be set in Main hbrBackground dd 0x06 ;COLOR_WINDOW+1 lpszMenuName dd 0x00 lpszClassName dd String.ClassName ;"Main Class" hIconSm dd 0x00 MSG: hwnd dd 0x00 message dd 0x00 wParam dd 0x00 lParam dd 0x00 time dd 0x00 ptx dd 0x00 pty dd 0x00 String: .ClassName: du "Main Class", 0x00 .WindowName: du "Basic Window", 0x00 Idata: ;===================.idata=================== dd 0x00 dd 0x00 dd 0x00 dd (Kernel32.name-File_Alignment)+Section_Alignment-AppBase dd (Kernel32.iat-File_Alignment)+Section_Alignment-AppBase dd 0x00 dd 0x00 dd 0x00 dd (User32.name-File_Alignment)+Section_Alignment-AppBase dd (User32.iat-File_Alignment)+Section_Alignment-AppBase dd 0x00 ;null entry, end of table/directory dd 0x00 dd 0x00 dd 0x00 dd 0x00 Kernel32: .name: db "KERNEL32.dll", 0x00 .iat: ExitProcess dd (FunctionName.K1-File_Alignment)+Section_Alignment-AppBase GetModuleHandleW dd (FunctionName.K2-File_Alignment)+Section_Alignment-AppBase dd 0x00 User32: .name: db "USER32.dll", 0x00 .iat: MessageBoxW dd (FunctionName.U1-File_Alignment)+Section_Alignment-AppBase RegisterClassExW dd (FunctionName.U2-File_Alignment)+Section_Alignment-AppBase LoadCursorW dd (FunctionName.U3-File_Alignment)+Section_Alignment-AppBase CreateWindowExW dd (FunctionName.U4-File_Alignment)+Section_Alignment-AppBase GetMessageW dd (FunctionName.U5-File_Alignment)+Section_Alignment-AppBase TranslateMessage dd (FunctionName.U6-File_Alignment)+Section_Alignment-AppBase DispatchMessageW dd (FunctionName.U7-File_Alignment)+Section_Alignment-AppBase DefWindowProcW dd (FunctionName.U8-File_Alignment)+Section_Alignment-AppBase PostQuitMessage dd (FunctionName.U9-File_Alignment)+Section_Alignment-AppBase dd 0x00 FunctionName: .K1: dw 0x00 db "ExitProcess", 0x00 .K2: dw 0x00 db "GetModuleHandleW", 0x00, 0x00 .U1: dw 0x00 db "MessageBoxW", 0x00 .U2: dw 0x00 db "RegisterClassExW", 0x00, 0x00 .U3: dw 0x00 db "LoadCursorW", 0x00 .U4: dw 0x00 db "CreateWindowExW", 0x00 .U5: dw 0x00 db "GetMessageW", 0x00 .U6: dw 0x00 db "TranslateMessage", 0x00, 0x00 .U7: dw 0x00 db "DispatchMessageW", 0x00, 0x00 .U8: dw 0x00 db "DefWindowProcW", 0x00, 0x00 .U9: dw 0x00 db "PostQuitMessage", 0x00 Idata_Size = $ - Idata Code_Section_Size = $ - Code_Section times 0x600-($-$$) db 0 |
|||
![]() |
|
Yardman 20 Feb 2011, 19:22
[ Post removed by author. ]
Last edited by Yardman on 04 Apr 2012, 03:53; edited 1 time in total |
|||
![]() |
|
revolution 20 Feb 2011, 19:28
Hornet52 wrote: So I assume due to moving the pointers back and forth the stack would have grown beyond the applications scope? |
|||
![]() |
|
Hornet52 20 Feb 2011, 19:42
Thanks I see what you mean, I had read the calling convention for the Win32 api ahead of time so the last statement was actually more so out of place. I added the "mov ESP, EBP" before restoring EBP so as to clear the stack of the input parameters (which I believe is the callee's job).
Again thanks, I'm not used to using a predefined calling convention that I didn't create. |
|||
![]() |
|
revolution 20 Feb 2011, 19:48
Actually I missed that, you do need to clear the stack of incoming parameters. But you do it with this:
Code: ret 16 ;release 4 dword parameters |
|||
![]() |
|
< Last Thread | Next Thread > |
Forum Rules:
|
Copyright © 1999-2025, Tomasz Grysztar. Also on GitHub, YouTube.
Website powered by rwasa.