flat assembler
Message board for the users of flat assembler.

Index > Windows > [help] wsprintf

Author
Thread Post new topic Reply to topic
tutenhamon



Joined: 16 Jan 2010
Posts: 27
Location: Polska (Poland)
tutenhamon
Code:
format pe console

include 'INCLUDE\win32ax.inc'

.code
  start:
        invoke  CreateFile, "plik", GENERIC_READ or GENERIC_WRITE, FILE_SHARE_READ, NULL, OPEN_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL
        mov [Handle], eax
   invoke  GetSystemTime, lpSystemTime
 invoke  wsprintf, buf, "%i %i %i", [lpSystemTime.wDay], [lpSystemTime.wMonth], [lpSystemTime.wYear]
       invoke  WriteFile, [Handle], buf, eax, edx, NULL ; crashes at the moment
    invoke  CloseHandle, [Handle]
       invoke  ExitProcess, NULL

.data
      lpSystemTime SYSTEMTIME
     Handle  dd 0
        buf rb 256
.end start    

why WriteFile was suspended?


Last edited by tutenhamon on 23 Sep 2011, 10:09; edited 1 time in total
Post 17 Sep 2011, 12:32
View user's profile Send private message Reply with quote
Overflowz



Joined: 03 Sep 2010
Posts: 1046
Overflowz
because of EDX.
Quote:
lpNumberOfBytesWritten [out, optional]
A pointer to the variable that receives the number of bytes written when using a synchronous hFile parameter. WriteFile sets this value to zero before doing any work or error checking. Use NULL for this parameter if this is an asynchronous operation to avoid potentially erroneous results.

It's pointer.

try:
Code:
invoke  WriteFile, [Handle], buf, eax, wbytes, NULL
wbytes dd ?    


also, read this:
Quote:
This parameter can be NULL only when the lpOverlapped parameter is not NULL.


You can also reserve some space and point EDX to it.
Post 17 Sep 2011, 12:37
View user's profile Send private message Reply with quote
tutenhamon



Joined: 16 Jan 2010
Posts: 27
Location: Polska (Poland)
tutenhamon
its 2 another problems
if i wrote
Code:
invoke   WriteFile, [Handle], buf, eax, d, NULL
d dd 0
    


Code:
invoke       ExitProcess, NULL    

was crashes
and file "plik" was contain
Code:
589841 865732571 -536840879    

it is not today date
Post 17 Sep 2011, 13:05
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17716
Location: In your JS exploiting you and your system
revolution
The offsets wDay, wMonth and wYear are word values. You need to zero the high portion of the dword before passing to wsprintf.
Code:
;...
movzx eax,[lpSystemTime.wDay]
movzx ecx,[lpSystemTime.wMonth]
movzx edx,[lpSystemTime.wYear]
cinvoke  wsprintf, buf, "%u %u %u", eax, ecx, edx    
BTW: wsprintf is a cdecl function. Use cinvoke instead of invoke.
Post 17 Sep 2011, 13:17
View user's profile Send private message Visit poster's website Reply with quote
Overflowz



Joined: 03 Sep 2010
Posts: 1046
Overflowz
here's working example.
Code:
format pe console

include 'win32ax.inc'

.code 
  start: 
        invoke  CreateFile, "plik", GENERIC_READ or GENERIC_WRITE, FILE_SHARE_READ, NULL, OPEN_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL
        mov [Handle], eax 
        invoke  GetSystemTime, lpSystemTime 
        cinvoke  wsprintf, buf, "%u %u %u",dword[lpSystemTime.wDay],dword[lpSystemTime.wMonth],dword[lpSystemTime.wYear]
        invoke  WriteFile, [Handle], buf, eax, d, NULL ; crashes at the moment
        invoke  CloseHandle, [Handle] 
        invoke  ExitProcess, NULL 

.data 
        lpSystemTime SYSTEMTIME 
        Handle  dd 0 
        buf rb 256
        d dd ?
.end start    

For me, DWORD values are not causing any fault so, if something will went wrong, use revolution's method. Wink

P.S you have lost stack control when was pushing word values in stack. That was the problem.

P.P.S %i = signed and %u = unsigned.
Time value can't be signed right ? Wink
Post 17 Sep 2011, 13:40
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17716
Location: In your JS exploiting you and your system
revolution
Code:
dword[lpSystemTime.wDay],dword[lpSystemTime.wMonth],dword[lpSystemTime.wYear]    
... is wrong because you are pushing two word values to make a single dword value. The high portion of the dword will be some other word value from the lpSystemTime structure.
Post 17 Sep 2011, 14:09
View user's profile Send private message Visit poster's website Reply with quote
Overflowz



Joined: 03 Sep 2010
Posts: 1046
Overflowz
revolution
You're right. I don't knew that they were WORD sizes following each other.. Smile
Post 17 Sep 2011, 15:02
View user's profile Send private message Reply with quote
tutenhamon



Joined: 16 Jan 2010
Posts: 27
Location: Polska (Poland)
tutenhamon
Thanks

last question:
about '\n' in 2st parameter of wsprintf function?

"%u %u %u\n" gives '23 9 2011\n'

\n eqe 10,13
Post 23 Sep 2011, 09:47
View user's profile Send private message Reply with quote
Overflowz



Joined: 03 Sep 2010
Posts: 1046
Overflowz
tutenhamon
try:
Code:
frmt db "%u %u %u",0x0d,0x0a ;0x0d,0x0a = \r\n
...
cinvoke wsprint,buf,frmt,...    

>eqe
you mean EQU ?
Post 23 Sep 2011, 10:23
View user's profile Send private message Reply with quote
tutenhamon



Joined: 16 Jan 2010
Posts: 27
Location: Polska (Poland)
tutenhamon
<"%u %u %u",0x0d,0x0a> as parameter ?

it's works
but is another way?

Overflowz wrote:

>eqe
you mean EQU ?

yes
Post 23 Sep 2011, 10:51
View user's profile Send private message Reply with quote
Overflowz



Joined: 03 Sep 2010
Posts: 1046
Overflowz
You're welcome.
about "%u %u %u 0x0d,0x0a" will point you to false positive, because \r\n is defined as variable, not character.
<"..",0x0d,0x0a> will work fine.
Post 23 Sep 2011, 11:15
View user's profile Send private message Reply with quote
tutenhamon



Joined: 16 Jan 2010
Posts: 27
Location: Polska (Poland)
tutenhamon
\r\n implement to FASM preprocesor or INCLUDE files ?
it's suggestion
Post 23 Sep 2011, 11:36
View user's profile Send private message Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2020, Tomasz Grysztar. Also on GitHub, YouTube, Twitter.

Website powered by rwasa.