flat assembler
Message board for the users of flat assembler.

Index > Windows > Why is MSVCRT not found?

Author
Thread Post new topic Reply to topic
NanoBytes



Joined: 02 Jun 2011
Posts: 57
Location: Iowa, United States
NanoBytes 22 May 2012, 03:56
Code:
format PE console
include 'win32ax.inc'

.code
start:
        invoke AllocConsole


        invoke GetProcAddress, <invoke GetModuleHandle,"MSVCRT.dll">, "getchar"
        stdcall EAX
        invoke ExitProcess,0
.end start
    

_________________
He is no fool who gives what he cannot
keep to gain what he cannot loose.
Post 22 May 2012, 03:56
View user's profile Send private message Send e-mail Visit poster's website Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 20299
Location: In your JS exploiting you and your system
revolution 22 May 2012, 04:43
MSVCRT is not loaded by default. Before you can get a handle to MSVCRT you have to use LoadLibrary to initialise and bind to it.
Post 22 May 2012, 04:43
View user's profile Send private message Visit poster's website Reply with quote
NanoBytes



Joined: 02 Jun 2011
Posts: 57
Location: Iowa, United States
NanoBytes 22 May 2012, 16:01
Thank you, it works correctly until I try to put it in a function
Code:
format PE console
include 'win32ax.inc'

Library DD ?

proc halt
        invoke GetProcAddress, [Library], "getchar"
        stdcall EAX
        ret
endp

.code
start:
        invoke AllocConsole
        invoke GetModuleHandle,"MSVCRT.dll"
        mov [Library],EAX


        stdcall halt
        invoke ExitProcess,0
.end start  
    

_________________
He is no fool who gives what he cannot
keep to gain what he cannot loose.
Post 22 May 2012, 16:01
View user's profile Send private message Send e-mail Visit poster's website Reply with quote
AsmGuru62



Joined: 28 Jan 2004
Posts: 1618
Location: Toronto, Canada
AsmGuru62 22 May 2012, 16:29
Where is "LoadLibrary"?

Also, what is a calling convention for getchar()?
Are you sure it is 'stdcall'? Maybe it is 'cinvoke'?
Post 22 May 2012, 16:29
View user's profile Send private message Send e-mail Reply with quote
NanoBytes



Joined: 02 Jun 2011
Posts: 57
Location: Iowa, United States
NanoBytes 22 May 2012, 16:50
Never mind, i got it
Post 22 May 2012, 16:50
View user's profile Send private message Send e-mail Visit poster's website Reply with quote
NanoBytes



Joined: 02 Jun 2011
Posts: 57
Location: Iowa, United States
NanoBytes 22 May 2012, 16:54
Nope, i spoke too soon
Code:
format PE console
include 'win32ax.inc'

Input   DD ?
Memory  DD ?
Library DD ?

String  DD ?

proc halt
        invoke GetProcAddress, [Library], "getchar"
        stdcall EAX
        ret
endp

proc ftoa
        local Float:QWORD
        fstp [Float]
        invoke GetProcAddress, [Library], "sprintf"
        stdcall EAX,String,"%g",double[Float]
        cinvoke wsprintf,String,'%s',String
        ret
endp

.code
start:
        invoke AllocConsole
        invoke GetProcessHeap
        mov  [Memory],eax
        invoke LoadLibrary,"MSVCRT.dll"
        mov [Library],EAX

        fld1
        mov dword[esp],89
        fidiv dword[esp]
        stdcall ftoa

        invoke GetProcAddress, [Library], "printf"
        stdcall EAX,String

        stdcall halt
        invoke ExitProcess,0
.end start   
    

_________________
He is no fool who gives what he cannot
keep to gain what he cannot loose.
Post 22 May 2012, 16:54
View user's profile Send private message Send e-mail Visit poster's website Reply with quote
NanoBytes



Joined: 02 Jun 2011
Posts: 57
Location: Iowa, United States
NanoBytes 22 May 2012, 17:01
Apparently the problem comes from ftoa
Post 22 May 2012, 17:01
View user's profile Send private message Send e-mail Visit poster's website Reply with quote
typedef



Joined: 25 Jul 2010
Posts: 2909
Location: 0x77760000
typedef 22 May 2012, 17:47
sprintf / printf functions are __cdecl not __stdcall Wink

It's fucking up your frame.

String is declared as DWORD and your format specifier is %s which will crash your app, unless your string is less than or equal to 3 bytes the 4th byte being the null terminator.

Another thing,

Code:
        fld1
        mov dword[esp],89
        fidiv dword[esp] 
        stdcall ftoa
    


How certain are you that the value at ESP is yours / unwanted?

You might want to push a dummy value then work on that space instead of messing around with the unknown.
Post 22 May 2012, 17:47
View user's profile Send private message Reply with quote
NanoBytes



Joined: 02 Jun 2011
Posts: 57
Location: Iowa, United States
NanoBytes 22 May 2012, 18:44
how do you use __cdecl, could you give me an eample
Post 22 May 2012, 18:44
View user's profile Send private message Send e-mail Visit poster's website Reply with quote
AsmGuru62



Joined: 28 Jan 2004
Posts: 1618
Location: Toronto, Canada
AsmGuru62 22 May 2012, 18:48
Use cinvoke instead of stdcall:
Code:
ftoa DD 0
...
GetProcAddress, [hDLL], "ftoa"
mov [ftoa], eax
cinvoke ftoa, ...
    
Post 22 May 2012, 18:48
View user's profile Send private message Send e-mail Reply with quote
NanoBytes



Joined: 02 Jun 2011
Posts: 57
Location: Iowa, United States
NanoBytes 22 May 2012, 19:00
See, it works correctly when i use the code directly
Code:
...
        invoke GetProcAddress, [Library], "printf"
        mov [printf],EAX
        cinvoke printf,String

        invoke GetProcAddress, [Library], "getchar"
        mov [getchar],EAX
        cinvoke getchar
...

    

But when i call the function with the exact same code in it it screws up
Code:
..
proc halt
        invoke GetProcAddress, [Library], "getchar"
        mov [getchar],EAX
        cinvoke getchar
        ret
endp 
...
        invoke GetProcAddress, [Library], "printf"
        mov [printf],EAX
        cinvoke printf,String

        stdcall halt 
...
    

I dont know why it wont work when it is used as a function
Post 22 May 2012, 19:00
View user's profile Send private message Send e-mail Visit poster's website Reply with quote
AsmGuru62



Joined: 28 Jan 2004
Posts: 1618
Location: Toronto, Canada
AsmGuru62 22 May 2012, 19:33
Use a debugger and see how this call is made.
Post 22 May 2012, 19:33
View user's profile Send private message Send e-mail Reply with quote
typedef



Joined: 25 Jul 2010
Posts: 2909
Location: 0x77760000
typedef 23 May 2012, 06:25
NanoBytes wrote:
I dont know why it wont work when it is used as a function


Did you change your code to what I told you.
Post 23 May 2012, 06:25
View user's profile Send private message Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2024, Tomasz Grysztar. Also on GitHub, YouTube.

Website powered by rwasa.