flat assembler
Message board for the users of flat assembler.

Index > DOS > Tutorial: Doing assembly without using an assembler

Author
Thread Post new topic Reply to topic
Ciper



Joined: 01 Jan 2013
Posts: 27
Ciper 03 Jan 2013, 14:37
The following runs under XP.

Add the following to 'commands.txt':
Code:
n my.com
a
mov ah,2
mov dl,41
int 21
int 20

r cx
8
w
q
    


Then issue:
Code:
debug < commands.txt
    


Now you have my.com that you can run as you please.
Post 03 Jan 2013, 14:37
View user's profile Send private message Visit poster's website Reply with quote
freecrac



Joined: 19 Oct 2011
Posts: 117
Location: Germany Hamburg
freecrac 08 Jan 2013, 07:39
Ciper wrote:
The following runs under XP.

Add the following to 'commands.txt':
Code:
n my.com
a
mov ah,2
mov dl,41
int 21
int 20

r cx
8
w
q
    


Then issue:
Code:
debug < commands.txt
    


Now you have my.com that you can run as you please.


Thats nice and now we can place it all together into one batchfile:
Code:
@echo off
echo n my.com>tmp.deb
echo a>>tmp.deb
echo mov ah,2>>tmp.deb
echo mov dl,41>>tmp.deb
echo int 21>>tmp.deb
echo int 20>>tmp.deb
echo rcx>>tmp.deb
echo 8>>tmp.deb
echo w>>tmp.deb
echo q>>tmp.deb
debug <tmp.deb >debug.tmp
REM del tmp.deb
REM type debug.tmp
REM del debug.tmp
my.com
    


Additional we can place opcodes direktly inside of a batchfile or a shellscript, like Herbert Kleebauers example shows.
Code:
ftp://137.193.64.130/pub/assembler/xlinux.zip

Linux X demo Herbert Kleebauer <klee@unibwm.de> 18.07.2007 23:31:04
Newsgroups: alt.lang.asm

Have done a little bit code clean up and added some comments.
It still requires a 24 bit true color screen but packet
splitting should now be ok. Press any key or mouse button
to exit the program. Most of the code is stolen from Frank
(hope he doesn't mind, at least now he gets the code back
in a readably assembler syntax). Here the binary (the source
in a follow up):


#!/bin/bash
name=xdemo
echo -n>$name
x=ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789123
for (( i=0; i<65; i++ )); do eval _$(( $i/62 ))${x:$i:1}=$(( $i&63 )); done
n=0; m=0
(while read -n 1 c; do 
  case $c in [A-Za-z0-9+/=])
   if   [ "$c" == "+" ]; then c=11; elif [ "$c" == "/" ]; then c=12; 
   elif [ "$c" == "=" ]; then c=13; else c=0$c; fi
   e=$d;   d=$c ; eval c=\$_$c;  n=$(( $n*64+$c )); m=$(( $m+1 ))
   if [ "$m" == "4" ]; then
    echo -n -e \\$(( ($n>>22&7)*100+($n>>19&7)*10+($n>>16&7) ))>>$name
    if [  "$e" != "13" ]; then 
    echo -n -e \\$(( ($n>>14&7)*100+($n>>11&7)*10+($n>>8&7) ))>>$name; fi
    if [  "$d" != "13" ]; then 
    echo -n -e \\$(( ($n>>6&7) *100+($n>>3&7)*10+($n&7) ))>>$name; fi
    n=0; m=0
   fi
  esac
done)<<"---";
f0VMR gEBAQAAAAAAAAAAAAIAAwABAAA Ad IA ECDQAAAAAAAAAAAAAADQAIAACA AA AAAAAAAEA
AAAAAA AAAIAECACABAhEBQAARAUAAA UAA AAA EAAAAQAAAEQFAABElQQIRJUE CIg AAAC07gMA
BgAAAAA QAACJJcx9CAhqAGoBagGJ4 bsBA AAAu GYAAADNgIPEDIXAD4gHAgA Ao9B 9CAhoEwAA
AGgwhQQI /zXQfQgIieG7AwAAALhm AAAAz YCDxA yFwA+I2QEAAIsd0H0ICL kDAAA AuDcAAADN
gIXAD4i/A QAAix3QfQgIuQQAAAC JwoHKA AgAALg 3AAAAzYCFwA+InQEAA LhMlQQ IugwAAADo
HwIAAA+CKA AAAGaJHVKVBAhmiT VUlQQI6 P0CAACJ yI1TA4Pi/OjwAgAA ieiNVgO D4vzo4wIA
ADHtvvh/CAi /AAQAAInwifrop QMAAHT1g D34fwgIA Q+FNwEAAAHFAcY px4H9CAA AAHLaD7cd
/n8ICI0cnQgA AAA53XLIvvh/ CAiLRgyLV hCJ0ffZIc qjXJUECKOIlQ QIo5SVBAi juJUECKOs
lQQIAdCjkJUEC KO8lQQIAdA Pt0YYg8ArJ PwPtlYdweI DAcKLBBajY JUECItEFhS jaJUECC1A
AcgA0egl/3///6 PElQQIuF iVBAi6LAAAA OgkAgAA6GgC AAB0CYA4 AA+EjAAAALi ElQQIuggA
AADoBQIAAOhJAgA AdAmAO AAPhG0AAAC4j JUECLocAAAA6 OYBAAD oKgIAAHQJgDg AD4ROAAAA
uKiVBAi6DAAAAOjH AQAA 6AsCAAB0CYA4A A+ELwAAAOiWAA AA6D EAAAC4tJUECLo Y6AMA6J4B
AADo4gEAAHTlgDgAd Aq AOAJ0BYA4BHXWu wAAAAC4AQAAAM2 AY DHb/wXUfQgIuQD 6AAAx/4n4
MdK7QAEAAPfzLXgAAA  CB6qAAAAB/Avfai cMPr9sB0PfoAcN0  CTHSuMAnCQD38wM F1H0ICMDo
Ag+2wIsEhdh9CAiJBL 3 MlQQIR+KzYZDDY L7YfQgIuAAAAAC5 Q AAAAIkGg8YEBBB mBQAIBQAA
BADi7mGQw1BSV4s9z H0I CIsHjXyHCIs3g 8cEhfYPhKoAAAC BPk hPTUV164B+BD1 15YPGBYPJ
/0GAPA4AdfkJyQ+E hwAAA IH5AAEAAA+He wAAAL/YfggI86 S4Ly5 YYau4dXRob6u 4cml0eavG
BwC72H4ICDHJuAU AAADNgI XAeE2Jw7n4f wgIugAEAAC4A wAAAM2A PQAEAAAPg9j +//+JxbgG
AAAAzYCF7XQivv h/CAgB9TH AZq1mSHQWu QQAAABmrWbB yAgBxuL2O e5y5/nrKrk CAAAAictm
rWbByAgBxuL2Z q1mwcgIifEP t9gB3matZ sHICIn1D7f w+F9aWMNgic WJ1on3gf8 AQAAAdgW/
AEAAAGoAV1X/ NdB9CAiJ4bsJA AAAuGYAA ADNgIPEED 31////dN6FwA+ IOv7//yn GdAQBxeu/
YZDDUVZXoUi VBAg9IAAAAHM7iz VElQQIv /h/CAiJP USVBAg593QICcB0 BInB86S 6AAQAACnC
jYD4fwgI6F AAAAB1AutIAQVIlQQ I67mLN USVBAiA PiIPh9b9//+APgAPh M39//+ 6IAAAAIA+
AXUMA1YMA 1YMA1YMA1YMOdByk4nw KRVIl QQIARV ElQQIX15Zw1FTagBSUP 810H0 ICInhuwoA
AAC4ZgAA AM2Ag8QQW1k99f///3QIh cAPi HP9// /DAAABAC90bXAvLlgxMS1 1bml 4L1gwAPh/
CAgAAAA AbAALAAAAAAAAAAAAAQALAA AAA AAAA AAAAAAAAIACkAEAAAAAAAAA AAI KAAAAAAAA
AQAAAA UAAAAIAAIAAAAAADcABwAAAAA AA AAA AA0AAAADAAAA////AP+AAAAqA AM AAAAAAAAA
AABIA gb6AAAAAAAAAABAAcgAoABkAAAY A AA=
---
chmod +x $name

;-------------------------------------------------------------
; "Annie's Heart" for Xwindows
; Herbert's code, translated to Nasm
; "regular linkable version"
;
; nasm -f elf -O999 myprog.asm
; ld -o myprog myprog.o

global _start

section .text
_start:

;--------------------------- code ------------------------------------------

main:   mov  [stack_ptr], esp    ; save initial stack pointer


         ; ******************** get socket handle 
***************************
         push 0        ; no protocol specified
         push 1        ; 1: SOCK_STREAM (/usr/include/linux/net.h)
         push 1        ; 1: AF_UNIX, AF_LOCAL  (/usr/include/linux/socket.h)
         mov  ecx, esp ; pointer to parameter for "socket"
         mov  ebx, 1   ; "socket" (/usr/include/linux/net.h)
         mov  eax, 102 ; socketcall (/usr/include/asm/unistd.h)
         int  80h
         add  esp, 3 * 4  ; free space for parameters
         test eax, eax    ; ERROR
         js   err

        ; my apologies for propagating this sloppiness.
        ; really should be "cmp eax, -4096" (or -4095?)
        ; won't happen here, but we *could* get a
        ; valid return over 2G! - fbk

         mov  [x_handle], eax


         ; ********** connect socket to /tmp/.X11-unix/X0" 
******************
         push  sockaddr_un_l
         push  sockaddr_un       ; (/usr/include/linux/un.h)
         push  dword [x_handle]  ; socket handle
         mov   ecx, esp          ; pointer to parameter for "connect"
         mov   ebx, 3            ; "connect" (/usr/include/linux/net.h)
         mov   eax, 102          ; socketcall (/usr/include/asm/unistd.h)
         int   80h
         add   esp, 3 * 4        ; free space for parameters
         test  eax, eax          ; ERROR
         js    err


         ; *************** make socket read non blocking 
*******************
         mov  ebx, [x_handle]    ; socket handle
         mov  ecx, 3             ; F_GETFL (/usr/include/asm/fcntl.h)
         mov  eax, 55            ; fcntl  (/usr/include/asm/unistd.h)
         int  80h
         test eax, eax           ; ERROR
         js   err
         mov  ebx, [x_handle]    ; socket handle
         mov  ecx, 4             ; F_SETFL (/usr/include/asm/fcntl.h)
         mov  edx, eax
         or   edx, 800h          ; O_NONBLOCK (/usr/include/asm/fcntl.h)
         mov  eax, 55            ; fcntl  (/usr/include/asm/unistd.h)
         int  80h
         test eax, eax           ; ERROR
         js   err


         ; ******************* send connect message 
*************************
         mov  eax, send1         ; pointer to connect message
         mov  edx, send1l

         call get_xauth          ; try to read .Xauthority
         jc   _11                ; no success, let's try without auth.

         mov  [send1+6], bx      ; insert name length
         mov  [send1+8], si      ; insert data length

         call x_send             ; send header

         mov  eax, ecx           ; pointer to name
         lea  edx, [ebx + 3]     ; pad to a multiple of 4
         and  edx, -4
         call x_send             ; send name

         mov  eax, ebp           ; pointer to data
         lea  edx, [esi + 3]     ; pad to a multiple of 4
         and  edx, -4
    _11: call x_send             ; send data

         xor  ebp, ebp           ; number of total bytes read
         mov  esi, buf2          ; pointer to buffer for next read
         mov  edi, buf2l         ; max. bytes to read

    .10: mov  eax, esi
         mov  edx, edi
         call x_receive_raw
         jz   .10                ; but we need a reply

         cmp   byte [buf2], 1         ; success
         jne   err               ; something went wrong

         add   ebp, eax          ; total read bytes
         add   esi, eax          ; pointer to buffer for next read
         sub   edi, eax          ; max. bytes to read
         cmp   ebp, 8            ; at least 8 bytes read?
         jc    .10               ; no, get more

         movzx   ebx, word [buf2 + 6]  ; additional data in 4 bytes
         lea     ebx, [ebx * 4 + 8]    ; total size in bytes
         cmp     ebp, ebx              ; all read
         jc      .10                   ; no, get more


         ; ******************* calculate id's 
*******************************
         mov     esi, buf2
         mov     eax, [esi + 0Ch]  ; resource_id_base

         mov     edx, [esi + 10h]  ; resource_id_mask
         mov     ecx, edx
         neg     ecx
         and     edx, ecx          ; resource_id_incr

         mov     [s2a], eax        ; wid for CreateWindow
         mov     [s3a], eax        ; wid for MapWindow
         mov     [s4a], eax        ; wid for CreateDC
         mov     [s5a], eax        ; wid for CreateDC
         mov     [s6a], eax        ; wid for SetInputFocus

         add     eax, edx          ; next id
         mov     [s4b], eax        ; cid for CreateDC
         mov     [s5b], eax        ; cid for CreateDC

         add     eax, edx          ; next id  ; lint!!!

;       mov  [resource_id_next], eax
;       mov  [resource_id_incr], edx


         ; ******************* get root window id 
***************************
         movzx   eax, word [esi + 18h] ; length of vendor string
         add     eax, 28h + 3    ; const header length + round vendor length
         and     al, -4          ; round to 4 bytes

         movzx   edx, byte [esi + 1Dh]    ; number of FORMATs
         shl     edx, 3          ; 8 byte for each FORMAT entry
         add     edx, eax        ; offset to root WINDOW id

         mov     eax, [esi + edx] ; root window
         mov     [s2b], eax       ; CreateWindow needs root window id

         mov     eax, [esi + edx + 20]  ; width/height of root window
         mov     [s2x], eax             ; create window full size

         sub     eax, (200 << 16) + 320
         shr     eax, 1
         and     eax, 0FFFF7FFFh
         mov     [s5x], eax          ; center drawing


         ; ******************* send CreatWindow request 
*********************
         mov     eax, send2
         mov     edx, send2l
         call    x_send
         call    x_receive
         jz      .20             ; no message is a good message
         cmp     byte [eax], 0   ; error message
         je      ende


         ; ******************* send MapWindow request 
***********************
    .20: mov     eax, send3
         mov     edx, send3l
         call   x_send
         call   x_receive
         jz     .30             ; no message is a good message
         cmp    byte [eax], 0   ; error message
         je     ende


         ; ******************* send CreatDC request 
*************************
    .30: mov     eax, send4
         mov     edx, send4l
         call    x_send
         call    x_receive
         jz      .40             ; no message is a good message
         cmp     byte [eax], 0   ; error message
         je      ende


         ; ******************* send SetInputFocust *************************
    .40: mov     eax, send6
         mov     edx, send6l
         call    x_send
         call    x_receive
         jz      .60             ; no message is a good message
         cmp     byte [eax], 0   ; error message
         je      ende


    .60: call    init_color      ; init 64 VGA colors

         ; ******************** main loop ***************************
    .50: call    annie           ; generate next picture
        call display
         call    x_receive
         jz      .50             ; no message is a good message

         cmp     byte [eax], 0   ; error message
         je      err
         cmp     byte [eax], 2   ; key press
         je      ende
         cmp     byte [eax], 4   ; button press
         jne     .50
err:
ende:   mov     ebx, 0           ; return code
         mov     eax, 1           ; exit
         int     80h

;------------------------------------------
display:
        mov esi, screen
        mov ecx, 20              ; we use 20 parts to make each less than 16k
.10
        mov eax, send5
        mov edx, send5l
        call x_send
        mov eax, esi
        mov edx, 320 * 10 * 4    ; size of one part
        call x_send
        add word [s5y], 10       ; update y pos for next part
        add     esi, 320*10*4    ; update source pointer for next part
         loop    .10
         sub   word [s5y], 20*10  ; restore original y position
         ret
;-----------------------------------------


         ; ********* Annie's code to draw a heart    ****************
annie:  pusha
         xor     ebx, ebx

    .10: inc     dword [annie1]
         mov     ecx, 320 * 200
         xor     edi, edi
    .20: mov     eax, edi        ; byte pos in screen
         xor     edx, edx
         mov     ebx, 320        ; 320 lines
         div     ebx             ; eax: line 0-199  edx: column 0-319
         sub     eax, 120        ; center y=120  (-120 .. +79)
         sub     edx, 160        ;        x=160  (-160 .. +159)
         jg      .30
         neg     edx             ; symmetric in x (0 .. 160)
    .30: mov     ebx, eax
         imul    ebx, ebx        ; ebx = x*x
         add     eax, edx        ; eax = x*x+y
         imul    eax             ; eax = (x*x+y)**2 mod 2*16
         add     ebx, eax
         jz      .40
         xor     edx, edx
         mov     eax, 600000
         div     ebx
    .40: add     eax, [annie1]   ; change color
         shr     eax, 2
         movzx   eax, al
         mov     eax, [color+ eax * 4]
         mov     [screen + edi * 4], eax
         inc     edi
         loop    .20

         popa
        ; nop ???
         ret

         ; ****************** initialize 64 VGA colors *********************
init_color:
         pusha
         mov     esi, color
         mov     eax, 0  ; sic
         mov     ecx, 64
    _01: mov     [esi], eax
         add     esi, 4
         add     al, 10h
         add     ax, 800h
         add     eax, 40000h
         loop    _01
         popa
        ; nop ???
         ret

;**********************************************************
;******** read cookie from $home/.Xauthority **************
;**********************************************************
;                                                         *
; input:  stack_ptr: original sp at program start         *
; output: C=0: cookie found in $home/.Xauthority          *
;              r2: pointer to protocol name               *
;              r3: length of protocol name                *
;              r4: pointer to protocol data               *
;              r5: length of protocol data                *
;         C=1: nothing found                              *
;              r2/r3/r4/r5 undefined                      *
;                                                         *
;       typedef struct xauth {                            *
;            unsigned short family;                       *
;            unsigned short address_length;               *
;            char           *address;                     *
;            unsigned short number_length;                *
;            char           *number;                      *
;            unsigned short name_length;                  *
;            char           *name;                        *
;            unsigned short data_length;                  *
;            char           *data;                        *
;       } Xauth;                                          *
;**********************************************************

get_xauth:
         push eax
         push edx
         push edi

         mov     edi, [stack_ptr]  ; original stack pointer at program start
         mov     eax, [edi]        ; number of arguments
         lea     edi, [edi + eax * 4 + 8] ; skip arguments + trailing 
null pointer

    .20: mov     esi, [edi]        ; pointer to next env variable
         add     edi, 4
         test    esi, esi          ; no more env variables
         jz      .notfound
         cmp     dword [esi], 'HOME'  ; HOME found?
         jne     .20             ; no, try next
         cmp     byte [esi + 4], '='  ; HOME= found?
         jne     .20             ; no, try next
         add     esi, 5          ; start of HOME path
         or      ecx, -1
    .30: inc     ecx             ; count length of HOME path
         cmp     byte [esi + ecx], 0
         jne     .30

         or      ecx, ecx        ; at least one char long?
         jz      .notfound       ; no, HOME is empty
         cmp     ecx, 256        ; more than 256 charcters
         ja      .notfound       ; somebody tries a buffer overflow
         mov     edi, fname      ; buffer for filename
         rep movsb               ; copy HOME path
         mov     eax, '/.Xa' ; 'aX./'     ; add .Xauthority
         stosd
         mov     eax, 'utho' ; 'ohtu'
         stosd
         mov     eax, 'rity'  ; 'ytir'
         stosd
         mov     byte [edi], 0   ; and a trailing 0

         mov     ebx, fname
         xor     ecx, ecx        ; readonly
         mov     eax, 5          ; open
         int     80h


         test    eax, eax        ; file open error?
         js     .notfound        ; yes

         mov     ebx, eax        ; file handle
         mov     ecx, buf2
         mov     edx, buf2l      ; read 1024 byte
         mov     eax, 3          ; read
         int     80h

         cmp     eax, buf2l
         jnc     err             ; .Xauthority >= 1024 byte
         mov     ebp, eax        ; bytes read

         mov     eax, 6          ; close
         int     80h

         test    ebp, ebp        ; file empty
         jz      .notfound


         mov     esi, buf2
         add     ebp, esi        ; end of read data
         xor     eax, eax

    .60: lodsw                   ; family
         dec     ax
         jz      .40             ; 1=FamilyLocal

         mov     ecx, 4          ; skip entry
    .50: lodsw
         ror     ax, 8           ; big -> little endian
         add     esi, eax
         loop    .50
         cmp     esi, ebp        ; more data
         jc      .60             ; try next entry

.notfound:
         stc
         jmp     _70

    .40: mov     ecx, 2
         mov     ebx, ecx
    .41: lodsw
         ror     ax, 8
         add     esi, eax        ; skip address/number
         loop    .41

    .42: lodsw
         ror     ax, 8
         mov     ecx, esi
         movzx   ebx, ax
         add     esi, ebx

         lodsw
         ror     ax, 8
         mov     ebp, esi
         movzx   esi, ax
         clc
    _70: pop     edi
        pop     edx
        pop     eax
        ret


;**********************************************************
;********   send message to X server         **************
;**********************************************************
; input: eax: pointer to message                           *
;        edx: length of message                            *
;**********************************************************
x_send: pusha
         mov     ebp, eax        ; pointer to next byte of message
         mov     esi, edx        ; remaining bytes to send

    .20: push    0               ; flags
         push    esi             ; length
         push    ebp             ; pointer to data
         push    dword [x_handle] ; socket handle
         mov     ecx, esp        ; pointer to parameter for "send"
         mov     ebx, 9          ; "send"  (/usr/include/linux/net.h)
         mov     eax, 102        ; socketcall (/usr/include/asm/unistd.h)
         int     80h
         add     esp, 4*4        ; free space for parameters

         cmp     eax, -11        ; EAGAIN:
         je      .20             ; message couldn't be sent, try again

         test    eax, eax        ; ERROR
         js      err

         sub     esi, eax        ; remaining bytes to send
         jz      .30             ; nothing, all sent
         add     ebp, eax        ; pointer to remaining message
         jmp     .20             ; send rest of message

    .30: popa
        ; nop ?
         ret


;**********************************************************
;********   receive ONE message from X server    **********
;**********************************************************
; input: none                                             *
; output: Z=1: no complete message available              *
;              eax/edx undefined                          *
;         Z=0: eax: pointer to message data               *
;              edx: size of data                          *
;**********************************************************
x_receive:
         push   ecx
        push    esi
        push    edi
    _00: mov     eax, [buf2_rest] ; still something in read buffer?
         cmp     eax, 32         ; a message has at least 32 bytes
         jnc     .10             ; maybe it is a complete message

    .30: mov     esi, [buf2_ptr] ; start of message
         mov     edi, buf2       ; start of buffer
         mov     [buf2_ptr], edi ; we copy message to top of buffer
         cmp     edi, esi        ; already at top of buffer
         je      .50             ; then nothing to copy
         or      eax, eax        ; nothing in buffer
         jz      .50             ; then also nothing to copy
         mov     ecx, eax        ; copy to top of buffer
         rep movsb

    .50: mov     edx, buf2l      ; let's try to get some more data
         sub     edx, eax        ; not more bytes than space is left in 
the buf
         lea     eax, [buf2 + eax]  ; append it here
         call    x_receive_raw
         jnz     .20             ; we could read something
         jmp     _100            ; return with Z=1

    .20: add     [buf2_rest], eax  ; now we have a few more bytes in the 
buffer
         jmp     _00             ; let's try again

    .10: mov     esi, [buf2_ptr]  ; let's test if it is a complete meesage
         cmp     byte [esi], 34
         ja      err             ; the last known message is nr 34
        mov     edx, 32
         cmp     byte [esi], 0   ; error message
         cmp     byte [esi], 1   ; reply message
         jne     .40             ; event message is always 32 byte
         add     edx, [esi + 12] ; + additional data for reply
         add     edx, [esi + 12] ; + additional data for reply
         add     edx, [esi + 12] ; + additional data for reply
         add     edx, [esi + 12] ; + additional data for reply
         cmp     eax, edx        ; complete reply in buffer
         jc      .30             ; no, let's try to get more
   .40:  mov     eax, esi        ; pointer to data
         sub     [buf2_rest], edx  ; new rest
         add     [buf2_ptr], edx   ; pointer to next data; clear Z flag
   _100: pop     edi
         pop     esi
         pop     ecx
         ret

;**********************************************************
;********      read data from X server           **********
;**********************************************************
; input: eax: pointer to read buffer                       *
;        edx: size of buffer                               *
; output: Z=1: nothing to read                            *
;         Z=0: eax bytes read                              *
;**********************************************************
x_receive_raw:
         push    ecx
         push   ebx

         push    0               ; flags
         push   edx             ; bytes to read
         push   eax             ; pointer to buffer
         push   dword [x_handle]  ; socket handle
         mov     ecx, esp        ; pointer to parameter for "recv"
         mov     ebx, 10         ; "recv"  (/usr/include/linux/net.h)
         mov     eax, 102        ; socketcall (/usr/include/asm/unistd.h)
         int    80h
         add     esp, 4 * 4      ; free space for parameters
         pop    ebx
         pop    ecx
         cmp    eax, -11        ; EAGAIN: no message available -> Z=1
         je      .10
         test   eax, eax        ; <0: ERROR  0: NULL message -> Z=1
         js      err
    .10: ret




;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;

;--------------------------- constant data ---------------------------------
; (note that we're in .text, not .rdata)

         align 4

sockaddr_un:
         dw      1     ; 1: AF_UNIX, AF_LOCAL  (/usr/include/linux/socket.h)
         db      "/tmp/.X11-unix/X0"
         sockaddr_un_l equ $ - sockaddr_un

         align 4

;---------------------------------------------------------------------------


section .data


;--------------------------- initialized data ------------------------------
buf2_ptr:       dd    buf2
buf2_rest:      dd    0

         ; Connection Setup
send1:  db    $6c,0   ; LSB first
         dw    11,0    ; major/minor version
         dw    0,0     ; length of protocol name/data
         dw    0       ; unused
         send1l equ $ - send1

         ; Create Window
send2:  db    1       ; opcode for Create Window
         db    0       ; depth from parent
         dw    send2l/4; request length
    s2a: dd    0       ; wid (has to be calculated)
    s2b: dd    0       ; parent (has to be calculated)
         dw    0       ; x
         dw    0       ; y
    s2x: dw    640     ; width
    s2y: dw    400     ; heigth
         dw    0       ; border-width
         dw    0       ; class: CopyFromParent
         dd    0       ; visual: CopyFromParent
         dd    0A02h   ; value-mask:   background-pixel    2
                        ;             + override-redirect 200
                         ;             + event-mask        800
         dd    0         ; background: black
         db    1       ; override-redirect = true
         db    0,0,0   ; pad
         dd    5       ; event_mask: KeyPress        1
                         ;            +ButtenPress     4
                         ;            +PointerMotion  40
        send2l equ (($-send2)+3) & 0fffffffch

         ; Map Window
send3:  db    8       ; opcode for Map Window
         db    0       ; unused
         dw    send3l/4; request length
    s3a: dd    0       ; wid (has to be calculated)
         send3l equ $ - send3


         ; Create GC
send4:  db    55      ; opcode for CreateGC
         db    0       ; unused
         dw    send4l/4; request length
    s4b: dd    0       ; cid (has to be calculated)
    s4a: dd    0       ; wid (has to be calculated)
         dd    1+4+8   ; function+foreground+background
         dd    3       ; function=copy
         dd    0ffffffh ; foreground: white
         dd    0080ffh ; background: light blue
         send4l equ $ - send4

         ; Set Input Focus
send6:  db    42      ; opcode for SetInputFocus
         db    0       ; revert-to None
         dw    send6l/4; request length
    s6a: dd    0       ; wid (has to be calculated)
         dd    0       ; timestamp CurrentTime
         send6l equ $ - send6

         ; Put Image
send5:  db    72      ; opcode for PutImage
         db    2       ; ZPixmap
         dw    send5l/4 + 320*10*4/4 ; request length
    s5a: dd    0       ; wid (has to be calculated)
    s5b: dd    0       ; cid (has to be calculated)
         dw    320     ; width
         dw    200/20     ; height
    s5x: dw    0       ; dest-x
    s5y: dw    0       ; dest-y
         db    0       ; left-pad
         db    24      ; depth
         dw    0       ; unused
       send5l equ $ - send5

section .bss
;--------------------------- uninitialized data ----------------------------

screen: resd   320*200 ; bitmap

stack_ptr:      resd   1
x_handle:       resd   1
annie1:         resd   1
color:          resd   64
fname:          resb   256+32
buf2:           resb   1024
     buf2l equ $ - buf2

;---------------------------------------------------------------------------
    
Dirk
Post 08 Jan 2013, 07:39
View user's profile Send private message Send e-mail Reply with quote
Asmix



Joined: 07 Sep 2004
Posts: 5
Location: Ukraine
Asmix 10 Jan 2013, 22:13
Real coders do it like that:
B4 02 B3 41 CD 21 C3
Only HEX, Only Hardcore !!! Wink
Post 10 Jan 2013, 22:13
View user's profile Send private message Reply with quote
HaHaAnonymous



Joined: 02 Dec 2012
Posts: 1178
Location: Unknown
HaHaAnonymous 10 Jan 2013, 22:37
[ Post removed by author. ]


Last edited by HaHaAnonymous on 28 Feb 2015, 22:02; edited 1 time in total
Post 10 Jan 2013, 22:37
View user's profile Send private message Reply with quote
freecrac



Joined: 19 Oct 2011
Posts: 117
Location: Germany Hamburg
freecrac 11 Jan 2013, 07:49
Asmix wrote:
Real coders do it like that:
B4 02 B3 41 CD 21 C3
Only HEX, Only Hardcore !!! Wink


Therefore we need on one side a table of opcodes and on the other side a table of Postbytes/ModRM-bytes. And now we can also use a batchfile.
Code:
@echo off
echo n my.com>tmp.deb
echo rcx>>tmp.deb
echo 7>>tmp.deb 
echo ecs:100>>tmp.deb
echo B4 02 B3 41 CD 21 C3>>tmp.deb
echo wcs:100>>tmp.deb 
echo q>>tmp.deb
debug <tmp.deb
my.com
    

But how can the last byte of "C3" be execute, it is placed after "CD 21"?

Dirk
Post 11 Jan 2013, 07:49
View user's profile Send private message Send e-mail Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2024, Tomasz Grysztar. Also on GitHub, YouTube.

Website powered by rwasa.