flat assembler
Message board for the users of flat assembler.
![]() |
Author |
|
DJ Mauretto 22 Jun 2011, 09:18
Hello
![]() Code: proc something pusha invoke blabla.. ;returns code to eax register mov [esp+28],eax popa ret endp _________________ Nil Volentibus Arduum ![]() |
|||
![]() |
|
Overflowz 22 Jun 2011, 09:58
Ohh! Thank you but after ESP is variables in stack.. should I try ESP-4 ? Anyway Thank you!
![]() |
|||
![]() |
|
Overflowz 22 Jun 2011, 10:35
still stuck
![]() Code: proc main push host call gethostaddr ret proc gethostaddr pushad ;save registers invoke gethostbyname,dword[esp+0x24] ;ARG1 = host variable. mov eax,[eax+0x0C] mov eax,[eax] mov eax,[eax] ;get ip address mov dword[esp+0x24],eax ;overwrite ARG1 with host address popad ;pop all registers mov eax,dword[esp+0x4] ;save ARG1 (modified with IP address) into eax. ret ;return. endp but stack looks like this before executing ret! Code: 0x00 - return to caller process 0x04 - ip address (modified ARG1) 0x08 - ExitThread how can I destroy it ? ![]() Code: 0x00 - ip address (modified ARG1) 0x04 - ExitThread after doing something like this: Code: add esp,4 it looks like: Code: 0x00 - ExitThread and after RET, debugger says thread was ended but program is still running.. I don't understand what's problem ![]() |
|||
![]() |
|
vid 22 Jun 2011, 10:51
Overflow: push/pop only those registers you want to remain unchanged.
|
|||
![]() |
|
Overflowz 22 Jun 2011, 11:01
@vid
okay.. I just wanted this method )) Thread closed now. Thank you all. |
|||
![]() |
|
JoeCoder1 22 Jun 2011, 11:02
Overflowz wrote: Ohh! Thank you but after ESP is variables in stack.. should I try ESP-4 ? Anyway Thank you! I think the stack grows down so you can offset + from the stack. If you offset - from the stack I think you will segfault? Somebody knows the answer for sure? |
|||
![]() |
|
Overflowz 22 Jun 2011, 11:07
damnit.. still same problem with pushes too..
can somebody try that code in debugger ? Thanks.. |
|||
![]() |
|
vid 22 Jun 2011, 11:07
JoeCoder: Yes, stack grows down so it should have been + offset. If you offset - from ESP, you will simply write to unused part of stack and nothing will happen unless you cross bottom of the stack. There you can hit stack guard page (google it) or get violation if you go too far down.
|
|||
![]() |
|
JoeCoder1 22 Jun 2011, 11:15
Thanks Vid
![]() |
|||
![]() |
|
Overflowz 22 Jun 2011, 11:17
Here's another code. It works FINE but I think something is problem with gethostbyname API... did anyone had same problem before ?
Code: proc gethostaddr url mov eax,[url] invoke gethostbyname,eax mov eax,[eax+0x0C] mov eax,[eax] mov eax,[eax] ret endp |
|||
![]() |
|
vid 22 Jun 2011, 12:15
gethostbyname can return error. You seem not to be checking it. See http://tinyurl.com/69625t8
|
|||
![]() |
|
DJ Mauretto 22 Jun 2011, 12:15
Code: PUSH WSAData PUSH 22H CALL [WSAStartup] TEST EAX,EAX JNZ @Error PUSH Hostname CALL [gethostbyname] ; note that this proc is deprecated from Microsoft , use getaddrinfo TEST EAX,EAX ; EAX = Address hostent Structure JZ @Error ;--------- ; Data ;--------- Hostname DB 'www.google.it',0 WSAData DD ? _________________ Nil Volentibus Arduum ![]() |
|||
![]() |
|
Overflowz 22 Jun 2011, 12:32
@vid
@DJ Mauretto I'm attaching it into debugger and watching all what code does. No errors were found. The call was successful, returned the address of url. After RET, it returned to caller - OK. and after another RET instruction it jumped to ExitThread - OK. After ExitThread it said Thread was successfully terminated but program keeps running itself. I've tested it on virtual XP and there were no problems, only on Win7.. Any suggestions ? |
|||
![]() |
|
vid 22 Jun 2011, 12:47
Then probably your problem lies outside of code you posted.
Quote: I'm attaching it into debugger and watching all what code does. Instead, your code should be checking for error at the runtime. |
|||
![]() |
|
Overflowz 22 Jun 2011, 13:22
Okay.. I'll try to figure out what I'm doing wrong. Thanks anyway guys
![]() |
|||
![]() |
|
< Last Thread | Next Thread > |
Forum Rules:
|
Copyright © 1999-2025, Tomasz Grysztar. Also on GitHub, YouTube.
Website powered by rwasa.