flat assembler
Message board for the users of flat assembler.

Index > Windows > invoke and constants

Author
Thread Post new topic Reply to topic
Chrifi



Joined: 25 Jun 2013
Posts: 5
Location: Austria
Chrifi
hello,

I have got problems using invoke (to call RegCreateKeyEx) with the constant HKEY_CURRENT_USER. fasm shows this error message:
Quote:
imefind.asm [54]:
invoke _regcreatekey, HKEY_CURRENT_USER, \ ; main key
C:\fasm\include\macro/proc32.inc [17] invoke [3]:
pushd arg
error: invalid value.


My code looks like this:
Code:
include 'C:\fasm\include\win32a.inc'
...
invoke _regcreatekey, HKEY_CURRENT_USER, \      ; main key
                        regsubkey, \                            ; sub key
                        blablabla ...
...
data import
...
library advapi, 'ADVAPI.DLL'
import advapi, _regcreatekey, 'RegCreateKeyEx'
...
end data
    


Is it impossible to use invoke with constants or am I just doing something wrong?
Post 26 Jun 2013, 07:12
View user's profile Send private message Reply with quote
typedef



Joined: 25 Jul 2010
Posts: 2913
Location: 0x77760000
typedef
you have to define it.
Post 26 Jun 2013, 09:46
View user's profile Send private message Reply with quote
AsmGuru62



Joined: 28 Jan 2004
Posts: 1419
Location: Toronto, Canada
AsmGuru62
These are some definitions for Registry access:
http://doxygen.reactos.org/d0/d77/winreg_8h_source.html

Basically, just add to your FASM file this line (translated from C):
Code:
HKEY_CURRENT_USER = 80000001h
    

Not absolutely all constants/structures from Windows are defined by INC files from FASM package.
Some must be defined in addition to INC files.
Post 26 Jun 2013, 10:25
View user's profile Send private message Send e-mail Reply with quote
Chrifi



Joined: 25 Jun 2013
Posts: 5
Location: Austria
Chrifi
I know that I cannot use undefined constants, I was quite sure it is already defined in INCLUDE/EQUATES/KERNEL32.INC though, which is included by WIN32A.INC.
Post 26 Jun 2013, 19:13
View user's profile Send private message Reply with quote
AsmGuru62



Joined: 28 Jan 2004
Posts: 1419
Location: Toronto, Canada
AsmGuru62
You are correct!
This definition do exist in FASM package.
Then I have no idea why assembling failed.
I tried to include the HKCU in my code I am writing and it did assemble properly.
Weird issue... maybe Tomasz can help.
Post 26 Jun 2013, 20:02
View user's profile Send private message Send e-mail Reply with quote
Chrifi



Joined: 25 Jun 2013
Posts: 5
Location: Austria
Chrifi
Oh, I'm sorry, I just figured out that the error occured elsewhere in the same line:

Code:
proc CreateRegistryKey stdcall
        local keyhandle:DWORD
        local disp:DWORD
        local path:DWORD, pathlen:DWORD
        
        invoke _regcreatekey, HKEY_CURRENT_USER, 0, 1, 0, 0, 0, keyhandle, disp
    


The last two arguments to invoke are local variables and using them like this (I wanted to push a pointer to them) caused the error.
I put their adresses into registers now, before invoking _regcreatekey. I did not check if it works, yet, it assembles though:
Code:
        lea eax, [keyhandle]
        lea ebx, [disp]
        invoke _regcreatekey, HKEY_CURRENT_USER, 0, 1, 0, 0, 0, eax, ebx
    


But thanks for trying to help Very Happy I should have shown more code.
Post 26 Jun 2013, 20:22
View user's profile Send private message Reply with quote
baldr



Joined: 19 Mar 2008
Posts: 1651
baldr
Chrifi,

Extended headers contain augmented invoke macro (actually it's pushd macro that gets updated) that accept addr local_var syntax for parameter (it then will use edx for lea/push in case of stack-based variable).
Post 01 Jul 2013, 20:46
View user's profile Send private message Reply with quote
Chrifi



Joined: 25 Jun 2013
Posts: 5
Location: Austria
Chrifi
Okay... I tried this, but it won't work:
Code:
include 'C:\fasm\include\win32ax.inc' ; instead of win32a.inc
; ...
invoke _regcreatekey, HKEY_CURRENT_USER, 0, 1, 0, 0, 0, addr keyhandle, addr disp    


I get this error:
Quote:
flat assembler version 1.70.03 (1611755 kilobytes memory)
imefind.asm [82]:
invoke _regsetvalue, keyhandle, 0, 0, 1, addr path, [pathlen]
C:\fasm\include\win32ax.inc [41] invoke [0]:
\{ \reverse pushd <arg>
C:\fasm\include\win32ax.inc [37] pushd [27]:
pushd <value>
C:\fasm\include\win32ax.inc [108] pushd [36]:
push value
error: invalid value.

Which looks even more mysterious to me than the first one.[/code]
Post 02 Jul 2013, 08:08
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17667
Location: In your JS exploiting you and your system
revolution
If "keyhandle" is a local variable then you either have to push the address or the value:
Code:
invoke ...,addr keyhandle,... ;or
invoke ...,[keyhandle],...    
Local variables are addessed with EBP so you get this:
Code:
lea edx,[ebp+4]
push edx ;or
push [ebp+4]    
Your code fails to assemble because you are doing this:
Code:
push (ebp+4) ;cannot assemble    
Post 02 Jul 2013, 08:55
View user's profile Send private message Visit poster's website Reply with quote
Chrifi



Joined: 25 Jun 2013
Posts: 5
Location: Austria
Chrifi
Okay, yes... seems quite obvious now. Thanks again! Very Happy[/b]
Post 02 Jul 2013, 10:25
View user's profile Send private message Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2020, Tomasz Grysztar. Also on GitHub, YouTube, Twitter.

Website powered by rwasa.