flat assembler
Message board for the users of flat assembler.

Index > Main > struct and union problem

Author
Thread Post new topic Reply to topic
Overflowz



Joined: 03 Sep 2010
Posts: 1046
Overflowz 03 Sep 2011, 22:02
Hi, I found this structure here, but I don't know how to use union structures and is there any way to replace them ? if not, how to use them ? Here's structures:
Code:
EXCEPTION_NONCONTINUABLE = 0x1 
EXCEPTION_MAXIMUM_PARAMETERS = 15 
EXCEPTION_DEBUG_EVENT = 1
CREATE_THREAD_DEBUG_EVENT = 2
CREATE_PROCESS_DEBUG_EVENT = 3
EXIT_THREAD_DEBUG_EVENT = 4
EXIT_PROCESS_DEBUG_EVENT = 5
LOAD_DLL_DEBUG_EVENT = 6
UNLOAD_DLL_DEBUG_EVENT = 7
OUTPUT_DEBUG_STRING_EVENT = 8
RIP_EVENT = 9

struct EXCEPTION_RECORD 
  ExceptionCode        dd ?;DWORD 
  ExceptionFlags       dd ?;DWORD 
  ExceptionRecord      dd ?;_EXCEPTION_RECORD* 
  ExceptionAddress     dd ?;PVOID 
  NumberParameters     dd ?;DWORD 
  ExceptionInformation dd EXCEPTION_MAXIMUM_PARAMETERS dup (?);ULONG_PTR 
ends 

struct CREATE_THREAD_DEBUG_INFO 
  hThread               dd ?;HANDLE 
  lpThreadLocalBase     dd ?;LPVOID 
  lpStartAddress        dd ?;LPTHREAD_START_ROUTINE 
ends 

struct EXCEPTION_DEBUG_INFO 
  ExceptionRecord  EXCEPTION_RECORD 
  dwFirstChance    dw ? ;DWORD 
ends 

struct CREATE_PROCESS_DEBUG_INFO 
  hFile                 dd ?;HANDLE 
  hProcess              dd ?;HANDLE 
  hThread               dd ?;HANDLE 
  lpBaseOfImage         dd ?;LPVOID 
  dwDebugInfoFileOffset dd ?;DWORD 
  nDebugInfoSize        dd ?;DWORD 
  lpThreadLocalBase     dd ?;LPVOID 
  lpStartAddress        dd ?;LPTHREAD_START_ROUTINE 
  lpImageName           dd ?;LPVOID 
  fUnicode              dd ?;WORD 
ends 

struct EXIT_THREAD_DEBUG_INFO 
  dwExitCode            dd ?;DWORD 
ends 

struct EXIT_PROCESS_DEBUG_INFO 
  dwExitCode            dd ?;DWORD 
ends 

struct LOAD_DLL_DEBUG_INFO 
  hFile                 dd ?;HANDLE 
  lpBaseOfDll           dd ?;LPVOID 
  dwDebugInfoFileOffset dd ?;DWORD 
  nDebugInfoSize        dd ?;DWORD 
  lpImageName           dd ?;LPVOID 
  fUnicode              dw ?;WORD 
ends 

struct UNLOAD_DLL_DEBUG_INFO 
  lpBaseOfDll           dd ?;LPVOID 
ends 

struct OUTPUT_DEBUG_STRING_INFO 
  lpDebugStringData     dd ?;LPSTR 
  fUnicode              dw ?;WORD 
  nDebugStringLength    dw ?;WORD 
ends 

struct RIP_INFO 
  dwError               dd ?;DWORD 
  dwType                dd ?;DWORD 
ends 

macro union [def] 
 { common size@union = 0 
          origin@union = $ 
   forward virtual 
            def 
            if $-origin@union > size@union 
             size@union = $-origin@union 
            end if 
           end virtual 
   common rb size@union } 

struct DEBUG_EVENT 
  dwDebugEventCode dd ?;DWORD 
  dwProcessId      dd ?;DWORD 
  dwThreadId       dd ?;DWORD 
   .u: ;union { 
  rb 96-(3*4);reserve union size then virtual all the structs at the union location 
  virtual at .u;  EXCEPTION_DEBUG_INFO Exception; 
    .u.Exception EXCEPTION_DEBUG_INFO 
  end virtual 
  virtual at .u;  CREATE_THREAD_DEBUG_INFO CreateThread; 
    .u.CreateThread CREATE_THREAD_DEBUG_INFO 
  end virtual 
  virtual at .u;  CREATE_PROCESS_DEBUG_INFO CreateProcessInfo; 
    .u.CreateProcessInfo CREATE_PROCESS_DEBUG_INFO 
  end virtual 
  virtual at .u;  EXIT_THREAD_DEBUG_INFO ExitThread; 
    .u.ExitThread EXIT_THREAD_DEBUG_INFO 
  end virtual 
  virtual at .u;  EXIT_PROCESS_DEBUG_INFO ExitProcess; 
    .u.ExitProcess EXIT_PROCESS_DEBUG_INFO 
  end virtual 
  virtual at .u;  LOAD_DLL_DEBUG_INFO LoadDll; 
    .u.LoadDll LOAD_DLL_DEBUG_INFO 
  end virtual 
  virtual at .u;  UNLOAD_DLL_DEBUG_INFO UnloadDll; 
    .u.UnloadDll UNLOAD_DLL_DEBUG_INFO 
  end virtual 
  virtual at .u;  OUTPUT_DEBUG_STRING_INFO DebugString; 
    .u.DebugString OUTPUT_DEBUG_STRING_INFO 
  end virtual 
  virtual at .u;  RIP_INFO RipInfo; 
    .u.RipInfo RIP_INFO 
  end virtual 
  ;} u; 
ends    

I get error when doing something like this:
Code:
DBEvent DEBUG_EVENT
--
mov eax,[DBEvent.u+CreateProcessInfo.lpStartAddress]    

it says Undefined symbol.. Thanks.
Post 03 Sep 2011, 22:02
View user's profile Send private message Reply with quote
vid
Verbosity in development


Joined: 05 Sep 2003
Posts: 7105
Location: Slovakia
vid 03 Sep 2011, 22:45
try DBEvent.u.CreateProcessInfo.lpStartAddress
Post 03 Sep 2011, 22:45
View user's profile Send private message Visit poster's website AIM Address MSN Messenger ICQ Number Reply with quote
Overflowz



Joined: 03 Sep 2010
Posts: 1046
Overflowz 03 Sep 2011, 22:51
same problem.
Post 03 Sep 2011, 22:51
View user's profile Send private message Reply with quote
typedef



Joined: 25 Jul 2010
Posts: 2909
Location: 0x77760000
typedef 03 Sep 2011, 23:53
^^^^

http://www.programmersheaven.com/mb/CandCPP/62634/62634/struct-vs-union/

I could have said use struct instead but as the above link says, the size of a union is the size of its largest member, because all union members share the same memory.
Post 03 Sep 2011, 23:53
View user's profile Send private message Reply with quote
Overflowz



Joined: 03 Sep 2010
Posts: 1046
Overflowz 04 Sep 2011, 00:41
Never mind what differences are between them, I know but I'm trying to access them but I can't. I found another struct of that, but I can't access it's elements. First of all, this structure shows me error - "Undefined Symbol RIP_INFO..dwType.u" and stops at first "virtual at .u". and second, I can't access it's elements. For example, I need to access this element: DEBUG_EVENT.u.CreateProcessInfo.lpStartAddress but it fails.. I don't have any ideas how to fix structures and macroses here..
Code:
EXCEPTION_NONCONTINUABLE = 0x1 
EXCEPTION_MAXIMUM_PARAMETERS = 15 
EXCEPTION_DEBUG_EVENT = 1
CREATE_THREAD_DEBUG_EVENT = 2
CREATE_PROCESS_DEBUG_EVENT = 3
EXIT_THREAD_DEBUG_EVENT = 4
EXIT_PROCESS_DEBUG_EVENT = 5
LOAD_DLL_DEBUG_EVENT = 6
UNLOAD_DLL_DEBUG_EVENT = 7
OUTPUT_DEBUG_STRING_EVENT = 8
RIP_EVENT = 9

struct EXCEPTION_RECORD 
  .ExceptionCode        dd ? 
  .ExceptionFlags       dd ? 
  .pExceptionRecord     dd ? 
  .ExceptionAddress     dd ? 
  .NumberParameters     dd ? 
  .ExceptionInformation rd 15 
ends 

struct EXCEPTION_DEBUG_INFO 
  .pExceptionRecord     EXCEPTION_RECORD 
  .dwFirstChance        dd ? 
ends 

struct CREATE_THREAD_DEBUG_INFO 
  .hThread              dd ? 
  .lpThreadLocalBase    dd ? 
  .lpStartAddress       dd ? 
ends 

struct CREATE_PROCESS_DEBUG_INFO 
  .hFile                 dd ? 
  .hProcess              dd ? 
  .hThread               dd ? 
  .lpBaseOfImage         dd ? 
  .dwDebugInfoFileOffset dd ? 
  .nDebugInfoSize        dd ? 
  .lpThreadLocalBase     dd ? 
  .lpStartAddress        dd ? 
  .lpImageName           dd ? 
  .fUnicode              dw ? 
ends 

struct EXIT_THREAD_DEBUG_INFO 
  .dwExitCode           dd ? 
ends 

struct EXIT_PROCESS_DEBUG_INFO 
  .dwExitCode           dd ? 
ends 

struct LOAD_DLL_DEBUG_INFO 
  .hFile                     dd ? 
  .lpBaseOfDll               dd ? 
  .dwDebugInfoFileOffset     dd ? 
  .nDebugInfoSize            dd ? 
  .lpImageName               dd ? 
  .fUnicode                  dw ? 
ends 

struct UNLOAD_DLL_DEBUG_INFO 
  .lpBaseOfDll          dd ? 
ends 

struct OUTPUT_DEBUG_STRING_INFO 
  .lpDebugStringData            dd ? 
  .fUnicode                     dw ? 
  .nDebugStringiLength          dw ? 
ends 

struct RIP_INFO 
  .dwError              dd ? 
  .dwType               dd ? 
ends 

struct DEBUG_EVENT 
  .dwDebugEventCode     dd ? 
  .dwProcessId          dd ? 
  .dwThreadId           dd ?  
  .u                rb sizeof.EXCEPTION_DEBUG_INFO 
  virtual at .u 
    .Exception EXCEPTION_DEBUG_INFO 
  end virtual 
  virtual at .u 
    .CreateThread CREATE_THREAD_DEBUG_INFO 
  end virtual 
  virtual at .u 
    .CreateProcessInfo CREATE_PROCESS_DEBUG_INFO 
  end virtual 
  virtual at .u 
    .ExitThread EXIT_THREAD_DEBUG_INFO 
  end virtual 
  virtual at .u 
    .ExitProcess EXIT_PROCESS_DEBUG_INFO 
  end virtual 
  virtual at .u 
    .LoadDll LOAD_DLL_DEBUG_INFO 
  end virtual 
  virtual at .u 
    .UnloadDll UNLOAD_DLL_DEBUG_INFO 
  end virtual 
  virtual at .u 
    .DebugString OUTPUT_DEBUG_STRING_INFO 
  end virtual 
  virtual at .u 
    .RipInfo RIP_INFO 
  end virtual 
ends    

could someone just test it to see what is the result ? here's attachements of some source codes that fails.
--
will be very thankful if someone will fix this for me or teaches how to access them. Thanks.


Description:
Download
Filename: ASM Stuff.rar
Filesize: 2.02 KB
Downloaded: 310 Time(s)

Post 04 Sep 2011, 00:41
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 20299
Location: In your JS exploiting you and your system
revolution 04 Sep 2011, 00:49
'struct' is a macro and you shouldn't be including the leading dot (.) in the member fields with that macro. Also it is not compatible with 'virtual'.

Instead I suggest you use 'struc' instead with curly brackets {} and remove the 'ends'.
Code:
struc EXCEPTION_RECORD {
  .ExceptionCode        dd ?
  .ExceptionFlags       dd ?
  .pExceptionRecord     dd ?
  .ExceptionAddress     dd ?
  .NumberParameters     dd ?
  .ExceptionInformation rd 15
}
;etc    
BTW: the windows headers are all documented: http://flatassembler.net/docs.php?article=win32
If you still insist upon using 'struct' then you need to follow the rules and alter all your structure member fields.

If you don't understand 'struc' then read the help: http://flatassembler.net/docs.php
We can't be duplicating the documentation here in the forum, that would be inefficient use of time.
Post 04 Sep 2011, 00:49
View user's profile Send private message Visit poster's website Reply with quote
Overflowz



Joined: 03 Sep 2010
Posts: 1046
Overflowz 04 Sep 2011, 00:54
Thanks revolution! It works perfect for now! Thank you!!!
I'll read that, thanks again! Smile
Post 04 Sep 2011, 00:54
View user's profile Send private message Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2024, Tomasz Grysztar. Also on GitHub, YouTube.

Website powered by rwasa.