flat assembler
Message board for the users of flat assembler.

Index > Windows > Trouble creating a valid executable

Author
Thread Post new topic Reply to topic
shadowomf



Joined: 31 Mar 2010
Posts: 12
Location: Germany
shadowomf 25 Mar 2012, 12:24
Hello,

I'm having a bit trouble with creating a valid x64 executable.
At first I was thinking it might have been caused by some import or something else, but now I just created a small example to test it and it just doesn't work.
....exe has stopped working.
Code:
format PE64 GUI
use64
entry start
include 'win64wxp.inc'

section '.text' code readable executable
start:
    sub       rsp,8*5
    
    invoke GetCommandLineA
    invoke GetCommandLineToArgvA, rax, argc
    mov [argv], rax
    
    invoke ExitProcess, 0
    
section '.data' data readable writeable
    
    argc dq 0
    argv dq 0
    
section '.idata' import data readable writeable
    
    library kernel32, 'kernel32.dll'
    include 'api\kernel32.inc'
    
    library shell32, 'shell32.dll'
    include 'api\shell32.inc'
    
    library user32, 'user32.dll'
    include 'api\user32.inc'
    
    library gdi32, 'gdi32.dll'
    include 'api\gdi32.inc'
    

If I remove the three lines:
Code:
    invoke GetCommandLineA
    invoke GetCommandLineToArgvA, rax, argc
    mov [argv], rax
    

the executable does work (it does nothing, but at least it doesn't crash).

I added GetCommandLineToArgvA to the api\shell32.inc.
The problem seems unrelated to the used functions. When using:
Code:
    invoke MessageBoxA, 0, "text", "caption", 0
    

instead it doesn't work either.

Fasm builds both versions of the source without complaining.

Sorry to ask such tivial questions, but I just can't find the error.
-Christoph
Post 25 Mar 2012, 12:24
View user's profile Send private message Visit poster's website Reply with quote
dancho



Joined: 06 Mar 2011
Posts: 74
dancho 25 Mar 2012, 12:31
you are using widechar win64 header but calling ascii functions,program will be assembled but it wont work as expected...
change one or other...
Post 25 Mar 2012, 12:31
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 20430
Location: In your JS exploiting you and your system
revolution 25 Mar 2012, 12:39
shadowomf: GetCommandLineToArgvA is not an MS API function. Perhaps you meant CommandLineToArgvW (note there is no ASCII version of this function).

Also, I suggest you remove all the trailing "A"s from the function calls. Let the macro do its job.
Post 25 Mar 2012, 12:39
View user's profile Send private message Visit poster's website Reply with quote
shadowomf



Joined: 31 Mar 2010
Posts: 12
Location: Germany
shadowomf 25 Mar 2012, 13:03
Wow, that was fast. Sadly it did not help.

My api\shell32.inc looks now a bit like this:
Code:
import shell32,\
       CheckEscapesA,'CheckEscapesA',\
       CheckEscapesW,'CheckEscapesW',\
       CommandLineToArgvW, 'CommandLineToArgvW',\
       DoEnvironmentSubstA,'DoEnvironmentSubstA',\
       ...
    


Now I have different versions of the sample, but they just don't work.

A) Just a Messagebox:
Code:
format PE64 GUI
entry start
include 'win64wxp.inc'

section '.text' code readable executable
start:
    sub   rsp,8*5
    invoke MessageBox, 0, "text", "caption", 0
    invoke ExitProcess, 0
    
section '.idata' import data readable writeable
    
    library kernel32, 'kernel32.dll'
    include 'api\kernel32.inc'
    
    library shell32, 'shell32.dll'
    include 'api\shell32.inc'
    
    library user32, 'user32.dll'
    include 'api\user32.inc'
    
    library gdi32, 'gdi32.dll'
    include 'api\gdi32.inc'
    


B) Trying to get the command line:
Code:
format PE64 GUI
entry start
include 'win64wxp.inc'

section '.text' code readable executable
start:
    sub     rsp,8*5
    
    invoke GetCommandLine
    invoke CommandLineToArgvW, rax, argc
    mov [argv], rax
    
    invoke ExitProcess, 0
    
section '.data' data readable writeable
    
    argc dq 0
    argv dq 0
    
section '.idata' import data readable writeable
    
    library kernel32, 'kernel32.dll'
    include 'api\kernel32.inc'
    
    library shell32, 'shell32.dll'
    include 'api\shell32.inc'
    
    library user32, 'user32.dll'
    include 'api\user32.inc'
    
    library gdi32, 'gdi32.dll'
    include 'api\gdi32.inc'
    


A) still builds and crashes just like before.
B) doesn't build fasm gives "Error: invalid count of parameters for GetCommandLine." error message. But http://msdn.microsoft.com/en-us/library/windows/desktop/ms683156%28v=vs.85%29.aspx say's no parameters (void) is exspected.

Could it be that by adding CommandLineToArgvW to the shell32.inc something got messed up?
Post 25 Mar 2012, 13:03
View user's profile Send private message Visit poster's website Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 20430
Location: In your JS exploiting you and your system
revolution 25 Mar 2012, 13:26
shadowomf wrote:
B) doesn't build fasm gives "Error: invalid count of parameters for GetCommandLine." error message. But http://msdn.microsoft.com/en-us/library/windows/desktop/ms683156%28v=vs.85%29.aspx say's no parameters (void) is exspected.
That looks like a bug in the macro. We will have to wait for Tomasz to fix it. In the meantime you can include 'win64wx.inc' instead until a fix is uploaded.
Post 25 Mar 2012, 13:26
View user's profile Send private message Visit poster's website Reply with quote
shadowomf



Joined: 31 Mar 2010
Posts: 12
Location: Germany
shadowomf 25 Mar 2012, 13:45
Okay, without the procedure counting it builds, but still crashes.
Does it build and run on any other computer (just want to make sure it is not some messed up security thingy that sabotages me).

Thank you.
Post 25 Mar 2012, 13:45
View user's profile Send private message Visit poster's website Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 20430
Location: In your JS exploiting you and your system
revolution 25 Mar 2012, 13:56
You have placed four libraries in your exe, that won't work. You can use the macro '.end' to define the library for you.

Or just fix manually:
Code:
format PE64 GUI
entry start
include 'win64wx.inc'

section '.text' code readable executable
start:
    sub rsp,8*5

    invoke GetCommandLine
    invoke CommandLineToArgvW, rax, argc
    mov [argv], rax
    invoke MessageBox, 0, "text", "caption", 0

    invoke ExitProcess, 0

section '.data' data readable writeable

    argc dq 0
    argv dq 0

section '.idata' import data readable writeable

    library kernel32, 'kernel32.dll',\
         shell32, 'shell32.dll',\
         user32, 'user32.dll',\
           gdi32, 'gdi32.dll'

    include 'api\kernel32.inc'
    include 'api\shell32.inc'
    include 'api\user32.inc'
    include 'api\gdi32.inc'    
Post 25 Mar 2012, 13:56
View user's profile Send private message Visit poster's website Reply with quote
shadowomf



Joined: 31 Mar 2010
Posts: 12
Location: Germany
shadowomf 25 Mar 2012, 14:10
Now it works, thank you.
I have the bad feeling I have made the same mistake before. Should have learned something from it.

It would be nice if fasm would report an error in future versions. If I'm correct it does so when you use import <libname> twice with the same libraryname.

Anyway, thank you, I would propably not have found it in the near future.
Post 25 Mar 2012, 14:10
View user's profile Send private message Visit poster's website Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2024, Tomasz Grysztar. Also on GitHub, YouTube.

Website powered by rwasa.