Problem with syntax

Index > Main > Problem with syntax

Author

Thread

OzzY

Joined: 19 Sep 2003
Posts: 1029
Location: Everywhere

OzzY

I've got this code on internet, and this is a example of polimorphic code, to avoid debugging, and is very good.
How to do this in fasm?

Code:

; smc1.asm ==================================================================
.286
.model small
.stack 200h
.DATA
;buffer for Keyboard Input, formatted for easy reference:
MaxKbLength  db 05h
KbLength     db 00h
KbBuffer     dd 00h

;strings: note the password is not encrypted, though it should be...
szGuessIt     db     'Care to guess the super-secret password?',0Dh,0Ah,'$'
szString1  db     'Congratulations! You solved it!',0Dh,0Ah, '$'
szString2  db     'Ah, damn, too bad eh?',0Dh,0Ah,'$'
secret_word   db     "this"

.CODE
;===========================================
start:
 mov     ax,@data                ; set segment registers
     mov     ds, ax                  ; same as "assume" directive
      mov     es, ax
      call Query                      ; prompt user for password
  mov     ah, 0Ah                 ; DOS 'Get Keyboard Input' function
       mov     dx, offset MaxKbLength  ; start of buffer
   int     21h
 call Compare                    ; compare passwords and patch
exit:
  mov ah,4ch                      ; 'Terminate to DOS' function
     int 21h
;===========================================
Query                 proc
       mov  dx, offset szGuessIt       ; Prompt string
     mov  ah, 09h                    ; 'Display String' function
       int  21h
    ret
Query             endp
;===========================================
Reply           proc
PatchSpot:
     mov  dx, offset szString2       ; 'You failed' string
     mov  ah, 09h                    ; 'Display String' function
       int  21h
    ret
Reply             endp
;===========================================
Compare           proc
     mov     cx, 4                   ; # of bytes in password
    mov     si, offset KbBuffer     ; start of password-input in Buffer
 mov     di, offset secret_word  ; location of real password
 rep cmpsb                       ; compare them
      or cx, cx                       ; are they equal?
   jnz     bad_guess               ; nope, do not patch
        mov word ptr cs:PatchSpot[1], offset szString1      ;patch to GoodString
bad_guess:
      call Reply                      ; output string to display result
   ret
Compare     endp
end  start
; EOF =======================================================================

I've got problems on translating the part:

Code:

mov word ptr cs:PatchSpot[1], offset szString1

Thanks,
OzzY

17 Apr 2004, 18:49

OzzY

Joined: 19 Sep 2003
Posts: 1029
Location: Everywhere

OzzY

Well I have done it:

Code:

org 100h
jmp start
;buffer for Keyboard Input, formatted for easy reference:
MaxKbLength  db 05h
KbLength     db 00h
KbBuffer     dd 00h

;strings: note the password is not encrypted, though it should be...
szGuessIt    db   'Care to guess the super-secret password?',0Dh,0Ah,'$'
szString1    db   'Congratulations! You solved it!',0Dh,0Ah, '$'
szString2    db   'Ah, damn, too bad eh?',0Dh,0Ah,'$'
secret_word    db   "this"

start:
   call Query          ; prompt user for password
   mov       ah, 0Ah       ; DOS 'Get Keyboard Input' function
   mov   dx,  MaxKbLength   ; start of buffer
   int  21h
   call Compare         ; compare passwords and patch
exit:
   mov ah,4ch           ; 'Terminate to DOS' function
   int 21h
;===========================================
Query:
mov  dx,  szGuessIt   ; Prompt string
   mov    ah, 09h         ; 'Display String' function
   int 21h
   ret
;===========================================
Reply:
PatchSpot:
   mov dx,  szString2   ; 'You failed' string
   mov      ah, 09h         ; 'Display String' function
   int 21h
   ret
;===========================================
Compare:
   mov  cx, 4         ; # of bytes in password
   mov        si,  KbBuffer   ; start of password-input in Buffer
   mov   di,  secret_word   ; location of real password
   rep cmpsb      ; compare them
   or cx, cx          ; are they equal?
   jnz         bad_guess      ; nope, do not patch
   mov word ptr cs:PatchSpot[1],  szString1   ;patch to GoodString
bad_guess:
   call Reply             ; output string to display result
   ret
end   start
; EOF =======================================================================

but still don't work... Sad

Please help!!

Thanks...

17 Apr 2004, 19:33

OzzY

Joined: 19 Sep 2003
Posts: 1029
Location: Everywhere

OzzY

Oh yeah!! I've found the answer by myself....
here it is:

Code:

org 100h
jmp start
;buffer for Keyboard Input, formatted for easy reference:
MaxKbLength  db 05h
KbLength     db 00h
KbBuffer     dd 00h

;strings: note the password is not encrypted, though it should be...
szGuessIt    db   'Care to guess the super-secret password?',0Dh,0Ah,'$'
szString1    db   'Congratulations! You solved it!',0Dh,0Ah, '$'
szString2    db   'Ah, damn, too bad eh?',0Dh,0Ah,'$'
secret_word    db   "this"

start:
   call Query         ; prompt user for password
   mov        ah, 0Ah       ; DOS 'Get Keyboard Input' function
   mov   dx,  MaxKbLength   ; start of buffer
   int          21h
   call Compare    ; compare passwords and patch
exit:
   mov ah,4ch       ; 'Terminate to DOS' function
   int 21h
;===========================================
Query:
mov  dx,  szGuessIt   ; Prompt string
   mov     ah, 09h    ; 'Display String' function
   int      21h
   ret
;===========================================
Reply:
PatchSpot:
   mov         dx,  szString2    ; 'You failed' string
   mov     ah, 09h    ; 'Display String' function
   int      21h
   ret
;===========================================
Compare:
   mov          cx, 4          ; # of bytes in password
   mov       si,  KbBuffer    ; start of password-input in Buffer
   mov          di,  secret_word   ; location of real password
   rep cmpsb            ; compare them
   or cx, cx          ; are they equal?
   jnz   bad_guess   ; nope, do not patch
   mov word ptr PatchSpot+1,  szString1   ;patch to GoodString
bad_guess:
   call Reply       ; output string to display result
   ret
; EOF =======================================================================

This shows that FASM can produce polymorphic code!! If anyone likes polymorphic code, please contact me in this forum to let us change ideas...

Thanks anyway,
and thanks for the very good (the best) assembler!!

OzzY

17 Apr 2004, 19:40

Madis731

Joined: 25 Sep 2003
Posts: 2141
Location: Estonia

Madis731

But there still seems to be something wrong:
"thi" and "thi*" are valid passwords where * is whatever character Smile

25 Apr 2004, 18:04

Posetf

Joined: 01 Mar 2004
Posts: 35
Location: London

Posetf

replace
rep cmpsb
or cx,cx
with
repe cmpsb

26 Apr 2004, 01:43

Madis731

Joined: 25 Sep 2003
Posts: 2141
Location: Estonia

Madis731

Nice, its working now. I'm trying to loose that limit of same character buffer as password length right now.

26 Apr 2004, 14:31

Posetf

Joined: 01 Mar 2004
Posts: 35
Location: London

Posetf

Madis731 wrote:

Nice, its working now. I'm trying to loose that limit of same character buffer as password length right now.

I fixed that but deleted the code Sad

.
I think it was just changing the Max Length constant and adding ,0x0D after the password.
Oh, beware that first string will get overwritten since you've only declared a one byte buffer, not that it should be a problem.

26 Apr 2004, 22:36

< Last Thread | Next Thread >

Forum Rules:

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum