edfed
Posts: 4354
Location: Now
06 Jan 2012, 21:48
hello, for this new year, new projects, before to do opengl programming (using NeHe tutorial for initiation) here is the start of a sort of win32 fool coding librairy.

for the moment, it just gives a little (sym)pa(te)thic code, but it have a cool effect. next step after dynamic language binding will be a "book you are the hero" game, using messages boxes exclusivelly, even in a simple stuff like this there will be good tricks to find i think.

let see how can be a code in fool for win32:

;mainloop equ 1 ;use it if you want to run in main loop
;the first test source code all in foolw
include 'foolw.inc'

test1:  Node .no,.yes,.ask
.ask:   Msgb fr.title,fr.ask,MB_ICONQUESTION+MB_YESNOCANCEL
.yes:   Ife IDYES,.next,.no      ;be carefull to always have a end point
.next:  Node .exit,.bye          ;you should force endpoint here with .exit
.bye:   Msgb fr.title,fr.bye,MB_ICONINFORMATION
.no:    Ife IDNO,.exit,.cancel
.cancel:Ife IDCANCEL,0           ;if you cancel, then restart the test1, see foolw.inc
.exit:  Exit

.title: db "Exemple fool win32.",0
.ask:   db "Bonjour.",crlf,"Voulez vous voir la prochaine boite de message?",0
.bye:   db "Au revoir!",crlf,"Merci pour l'exécution.",0

en:  ;this section is for non-french speaking people
.title: db "Fool win32 example.",0
.ask:   db "Hello.",crlf,"Do you want to see the next message box?",0
.bye:   db "Good bye!",crlf,"Thank you for execution.",0
;next step, do dynamic language(fr,en,etc....) binding Wink

you just have to replace all accurences of "fr." by "en." and you have the application in english.

Description: foolw 0.00.00

use at your own risk.

Filename: foolw.zip
Filesize: 6.07 KB
Downloaded: 262 Time(s)

typedef
Posts: 2909
Location: 0x77760000
06 Jan 2012, 21:53
I get bored at clicking on message boxes.

Then I guess the game is not for me.
edfed
Posts: 4354
Location: Now
06 Jan 2012, 21:56
Laughing that's the goal of win32, clic clic clic!

and here the preliminary test for a return value exploitation.
macro func n
        align 32
        db n
        align 32
;final results that are NULL are errors(overflow, infinite, NULL as operand)
;operation result that is =NULL is incremented to fit the valid scale.
        org 100h
        mov esi,MAIN
        mov eax,NULL
        call caller
        cmp eax,NULL
        jne @b
        align 4
        dd f.if,.read,.then,.else
.read:  dd f.read,.char
.write: dd f.write,.char
.char:  dd 10000041h
.then:  dd f.read,0
.else:  dd f.node,@f-$-4
        dd .print,.write,.dec
.dec:   dd f.dec,.char
.print: dd f.putc

func 'flist                           '
f: ;function list
.NULL   dd 0
.if     dd _if
.puts   dd _puts
.putc   dd _putc
.read   dd _read
.write  dd _write
.node   dd _node
.add    dd _add
.sub    dd _sub
.neg    dd _neg
.inc    dd _inc
.dec    dd _dec

align 32
func 'caller                          '
;esi=object to call
        push ebx
        or esi,esi
        je @f
        mov ebx,[esi+.call]
        or ebx,ebx
        je @f
        mov ebx,[ebx]
        or ebx,ebx
        je @f
        call bx
        pop ebx
func 'inc                             '
        push esi
        mov esi,[esi+.op]
        call caller
        inc eax
        pop esi
func 'dec                             '
        push esi
        mov esi,[esi+.op]
        call caller
        dec eax
        pop esi
func 'add                             '
        push ebx esi
        mov ebx,esi
        mov esi,[ebx+.op1]
        call caller
        mov esi,[ebx+.op2]
        mov ebx,eax
        call caller
        add eax,ebx
        pop esi ebx
func 'sub                             '
        push ebx esi
        mov ebx,esi
        mov esi,[ebx+.op2]
        call caller
        mov esi,[ebx+.op1]
        mov ebx,eax
        call caller
        sub eax,ebx
        pop esi ebx
func 'neg                             '
        push esi
        mov esi,[esi+.op]
        call caller
        neg eax
        pop esi
func 'node                            '
        push ebx
        mov ebx,[esi+.size]
        shr ebx,2
        jl .end
        push esi
        mov esi,[esi+.size+ebx*4]
        call caller
        pop esi
        dec ebx
        jg @b
        pop ebx
func 'putc                            '
;eax=char to print at cursor
        push eax edi es word 0b800h
        pop es
        movzx edi,word[.cursor]
        mov ah,4fh
        mov [es:edi*2],ax
        inc edi
        cmp edi,25*80*2
        jl @f
        xor edi,edi
        mov [.cursor],edi
        pop es edi eax
.cursor dd 0
func 'puts                            '
;uses putc via eax
        push eax esi
        mov esi,[esi+.string]
        cmp al,0
        je @f
        call _putc
        jmp @b
        pop esi eax
func 'ife                             '
        push ebx esi
        mov ebx,esi
        mov esi,[ebx+.cond]
        call caller
        mov esi,[ebx+.then]
        or eax,eax ;if eax=0
        je @f
        mov esi,[ebx+.else]
        call caller
        pop esi ebx
func 'read                            '
        push ebx
        mov ebx,[esi+.ptr]
        mov eax,NULL
        or ebx,ebx
        je @f
        mov eax,[ebx]
        pop ebx

func 'write                           '
        push ebx
        mov ebx,[esi+.ptr]
        or ebx,ebx
        je @f
        mov [ebx],eax
        pop ebx

it doesn't work somewhere between the if and the caller. but where?
and now, it works really good

macro _1op i
        push esi
        _call [esi+.op]
        i eax
        pop esi
macro _2op i
        push ebx esi
        mov ebx,esi
        _call [ebx+.op1]
        mov esi,[ebx+.op2]
        mov ebx,eax
        call _caller
        i eax,ebx
        pop esi ebx
macro debug c
        push eax
        mov al,c
        call _putc
        pop eax
macro _call a
        if ~ a eq
        if a eq esi
        mov esi,a
        end if
        end if
        call _caller
macro _func a
        align 32
        db a
        align 32
        org 100h
        mov eax,NULL
        _call _MAIN
        cmp eax,NULL
        jne @b
        align 4
        dd f.if,.read,.then,.else
.else:  dd f.node,@f-$-4
        dd .print,.write,.dec
.read:  dd f.read,.char
.write: dd f.write,.char
.char:  dd '9'
.then:  dd f.read,0
.dec:   dd f.dec,.read
.inc:   dd f.inc,.read
.print: dd f.putc
_func 'flist                           '
f: ;_function list
.NULL   dd 0
.if     dd _if
.puts   dd _puts
.putc   dd _putc
.read   dd _read
.write  dd _write
.node   dd _node
.add    dd _add
.sub    dd _sub
.neg    dd _neg
.inc    dd _inc
.dec    dd _dec
_func 'caller                          '
;esi=object to call
        push ebx esi
        or esi,esi
        je .null
        mov ebx,[esi+.call]
        or ebx,ebx
        je @f
        mov ebx,[ebx]
        or ebx,ebx
        je @f
        call bx
        pop esi ebx
        mov eax,NULL
        jmp @b
_func 'node                            '
;executes childs in list from last to first
        push ebx
        mov ebx,[esi+.list]
        shr ebx,2
        jl .end
        push esi
        _call [esi+.list+ebx*4]
        pop esi
        dec ebx
        jg @b
        pop ebx
_func 'ife                             '
;returns eax as else, then, or cc
_if:;eax = 0
        push ebx esi
        mov ebx,esi
        _call [ebx+.cc]
        mov esi,[ebx+.then]
        or eax,eax ;if eax=0
        je @f
        mov esi,[ebx+.else]
        pop esi ebx
_func 'putc                            '
;eax=char to print at cursor
        push eax edi es word 0b800h
        pop es
        mov edi,[.cursor]
        mov ah,4fh
        mov [es:edi*2],ax
        inc edi
        cmp edi,25*80
        jl @f
        xor edi,edi
        mov [.cursor],edi
        pop es edi eax
.cursor dd 0
_func 'puts                            '
;uses putc via eax
        push eax esi
        mov esi,[esi+.string]
        cmp al,0
        je @f
        call _putc
        jmp @b
        pop esi eax
_func 'read                            '
;returns value in eax or NULL if ptr=0
        push ebx
        mov ebx,[esi+.ptr]
        mov eax,NULL
        or ebx,ebx
        je @f
        mov eax,[ebx]
        pop ebx
_func 'write                           '
;returns nothing, preserve eax
        push ebx
        mov ebx,[esi+.ptr]
        or ebx,ebx
        je @f
        mov [ebx],eax
        pop ebx
_func 'inc                             '
_inc:   _1op inc
_func 'dec                             '
_dec:   _1op dec
_func 'neg                             '
_neg:   _1op neg
_func 'add                             '
_add:   _2op add
_func 'sub                             '
_sub:   _2op sub
