flat assembler
Message board for the users of flat assembler.
![]() |
Author |
|
just76 09 Aug 2014, 05:33
Hello!
Why don't run my file ( msg.exe - regular window - messagebox )? example: this code is working: Code: FORMAT PE GUI 4.0 entry start FILE_NAME equ 'MSG.EXE' include 'C:\fasm\INCLUDE\win32a.inc' section '.main' code readable writable executable data import library kernel32,'KERNEL32.DLL',\ user32,'USER32.DLL' include 'C:\fasm\INCLUDE\API\user32.inc' include 'C:\fasm\INCLUDE\API\kernel32.inc' end data macro xinvoke proc,[arg] { common if ~ arg eq reverse pushd arg common end if call [ebx+_#proc-_delta] } proc start locals pVA dd ? shit dd ? endl mov esi,some_file add esi,[esi+3ch] ;peheader mov ecx,[esi+34h] ;image base mov edx,[esi+50h] ;image size lea edi,[edx+ecx] ;imagebase+imagesize mov esi,alloced_size add esi,10000h and esi,0ffff0000h ;îêðóãëèòü çíà÷åíèÿ. @@: add edi,10000h invoke VirtualAlloc,edi,esi,MEM_RESERVE+MEM_COMMIT,PAGE_EXECUTE_READWRITE ;èùåì íîâîå ìåñòî ãäå-íèáóäü çà imagebase+imagesize, ÷òîá ðàçìåñòèòü òàì çàãðóç÷èê test eax,eax jz @b mov [pVA],eax ;ñîõðàíèòü mov esi,api_table mov edi,esi @@: lodsd test eax,eax jz @f mov eax,[eax] stosd jmp @b ;òàê êàê òàáëèöó èìïîðòà ìû íå ïåðåíîñèì, àäðåñà íåîáõîäèìûõ àïè çàíåñåì â òàáëèöó. @@: mov esi,alloced_area_start mov edi,[pVA] mov ecx,alloced_size rep movsb ;êîïèðîâàíèå íà íîâîå ìåñòî çàãðóç÷èêà ñ îáðàçîì ôàéëà jmp [pVA] ;ïðûæîê íà íà÷àëî êîäà çàãðóç÷èêà endp ;äàëüøå òîëüêî áàçîíåçàâèñèìûé êîä proc alloced_area_start locals pVA dd ? endl call _delta _delta: pop ebx ;ebx=delta lea esi,[ebx+some_file-_delta] push esi add esi,dword[esi+3ch] mov ecx,[esi+34h] ;image base mov edx,[esi+50h] ;image size mov edi,ecx stdcall Allock_Region,ecx,edx ;ïîëó÷èì ïàìÿòè ïîä çàãðóçêó ôàéëà mov [pVA],ecx ;çàïîìíèì ýòî çíà÷åíèå mov edx,esi ;edx=pointer to PE header pop esi push esi ;ïîñëåäíèé ïàðàìåòð â process_sections mov ecx,[edx+54h] add ecx,18h ;ðàçìåð çàãîëîâêîâ è òàáëèöû ñåêöèé rep movsb ;ïåðåìåùàåì èõ lea eax,[edx+78h+16*8] ;óêàçàòåëü íà ïåðâûé IMAGE_SECTION_HEADER movzx ecx,word[edx+6] ;IMAGE_NT_HEADER.FileHeader.NumberOfSections stdcall process_sections,ecx,eax,[pVA] ;ðàññòàâëÿåì ñåêöèè ïî ìåñòàì stdcall process_imports,dword[edx+78h+8],[pVA] ;çàïîëíÿåì èìïîðòû push MEM_RELEASE ;òåïåðü íàäî îñâîáîäèòü ïàìÿòü, çàíÿòóþ çàãðóç÷èêîì push 0 mov eax,ebx and eax,0fffff000h push eax ;àäðåñ mov ecx,dword[edx+28h] ;RVA òî÷êè âõîäà add ecx,[pVA] ;VA push ecx ;àäðåñ âîçâðàòà èç VirtualFree jmp [_VirtualFree+ebx-_delta] ;îñâîáîæäàåì ïàìÿòü endp proc process_imports pTab,pImageBase ;pTab - RVA òàáëèöû èìïîðòîâ (áåðåì èç ìàññèâà DataDirectory) ;pImageBase - óêàçàòåëü íà "ïàìÿòü" pusha mov edx,[pTab] add edx,[pImageBase] ;VA òàáëèöû èìïîðòîâ .loop: push edx mov edi,[edx+4*4] ;import address table (å¸ è áóäåì çàïîëíÿòü) mov esi,[edx] ;lookup table (ìîæíî ñäåëàòü ïðîñòî = import address table, îíè èäåíòè÷íû) test edi,edi jz .ends ;ïîñëåäíèé IMAGE_IMPORT_DESCRIPTOR íóëåâîé test esi,esi jnz .ok mov esi,edi .ok: mov ecx,[pImageBase] add esi,ecx add edi,ecx ;VA ñîîòâåòñòâóþùèõ òàáëèö mov eax,[edx+4*3] add eax,ecx ;VA èìåíè DLL @@: cmp byte[eax],0 jnz @f inc eax jmp @b ;ìîãóò áûòü íóëè äëÿ âûðàâíèâàíèÿ @@: xinvoke LoadLibrary,eax mov edx,eax ;çàãðóçèòü DLL .po_1_dll: lodsd ;RVA IMAGE_IMPORT_BY_NAME test eax,eax jz .exit_it ;òàáëèöà çàêàí÷èâàåòñÿ íóëåâûì ýëåìåíòîì bt eax,31 ;åñëè óñòàíîâëåí 31 áèò, òî èìïîðò ïî îðäèíàëó. jnc .no_ord and eax,0ffffh jmp .getproc .no_ord: add eax,[pImageBase] ;VA IMAGE_IMPORT_BY_NAME add eax,2 ;VA IMAGE_IMPORT_BY_NAME.Name .getproc: push edx xinvoke GetProcAddress,edx,eax ;ïîëó÷èòü àäðåñ ÀÏÈ pop edx stosd ;ïîìåñòèòü åãî íà ñâîå ìåñòî jmp .po_1_dll .exit_it: pop edx add edx,5*4 ;ïåðåéòè ê ñëåäóþùåìó IMAGE_IMPORT_DESCRIPTOR jmp .loop .ends: pop edx popa ret endp proc process_sections num, pStable,pImageBase,pImage ;num - êîë-âî ñåêöèé, áåðåì Number Of Sections èç IMAGE_FILE_HEADER ;pStable - óêàçàòåëü íà òàáëèöó ñåêöèé (ñðàçó çà ìàññèâîì DataDirectory) ;pImageBase - óêàçàòåëü íà âûäåëåííóþ "ïàìÿòü" ;pImage - óêàçàòåëü íà îáðàç Á pusha mov ecx,[num] mov edx,[pStable] @@: push ecx mov edi,[edx+0ch] ;Section RVA add edi,[pImageBase] ;Section VA mov ecx,[edx+10h] ;Physical Size mov esi,[pImage] add esi,[edx+14h] ;Physical Offset rep movsb ;êîïèðóåì ñåêöèþ íà å¸ çàêîííîå ìåñòî pop ecx add edx,28h ;ñëåäóþùàÿ dec ecx jnz @b popa ret endp proc Allock_Region pRegion,Size pusha mov edi,[pRegion] mov esi,[Size] add esi,edi ;esi - óêàçàòåëü íà êîíåö âûäåëÿåìîé îáëàñòè ;edi - óêàçàòåëü íà íà÷àëî @@: xinvoke UnmapViewOfFile,edi xinvoke VirtualFree,edi,0,MEM_RELEASE ;îñâîáîäèòü ïàìÿòü xinvoke VirtualAlloc,edi,10000h,MEM_RESERVE+MEM_COMMIT,PAGE_EXECUTE_READWRITE ;çàðåçåðâèðîâàòü test eax,eax jz @f ;áåç ýòîé ïðîâåðêè ôóíêöèÿ ðàáîòàåò, åñëè ïàðàìåòðû â "ðàçóìíûõ" ïðåäåëàõ add edi,10000h ;ïàìÿòü ðåçåðâèðóåòñÿ ïî 10000h çà øàã cmp edi,esi jl @b @@: popa ret endp api_table: _UnmapViewOfFile dd UnmapViewOfFile _VirtualAlloc dd VirtualAlloc _LoadLibrary dd LoadLibrary _GetProcAddress dd GetProcAddress _VirtualFree dd VirtualFree dd 0 ;òàáëèöà ÀÏÈ, íåîáõîäèìûõ äëÿ ðàáîòû çàãðóç÷èêà some_file: _bin file FILE_NAME ;ôàéëèê, êîòîðûé áóäåì çàãðóæàòü _bin_size = $ - _bin alloced_size=$-alloced_area_start but when I add in the code function "MessageBox", this code is not working. this code is not working: Code: FORMAT PE GUI 4.0 entry start FILE_NAME equ 'MSG.EXE' include 'C:\fasm\INCLUDE\win32a.inc' section '.main' code readable writable executable data import library kernel32,'KERNEL32.DLL',\ user32,'USER32.DLL' include 'C:\fasm\INCLUDE\API\user32.inc' include 'C:\fasm\INCLUDE\API\kernel32.inc' end data macro xinvoke proc,[arg] { common if ~ arg eq reverse pushd arg common end if call [ebx+_#proc-_delta] } proc start locals pVA dd ? shit dd ? endl ;------ ADD THIS MESSAGEBOX AND MY FILE DON'T RUNNING ------- invoke MessageBox, 0, 0, 0, 0 ;------------------------------------------------------------ mov esi,some_file add esi,[esi+3ch] ;peheader mov ecx,[esi+34h] ;image base mov edx,[esi+50h] ;image size lea edi,[edx+ecx] ;imagebase+imagesize mov esi,alloced_size add esi,10000h and esi,0ffff0000h ;îêðóãëèòü çíà÷åíèÿ. @@: add edi,10000h invoke VirtualAlloc,edi,esi,MEM_RESERVE+MEM_COMMIT,PAGE_EXECUTE_READWRITE ;èùåì íîâîå ìåñòî ãäå-íèáóäü çà imagebase+imagesize, ÷òîá ðàçìåñòèòü òàì çàãðóç÷èê test eax,eax jz @b mov [pVA],eax ;ñîõðàíèòü mov esi,api_table mov edi,esi @@: lodsd test eax,eax jz @f mov eax,[eax] stosd jmp @b ;òàê êàê òàáëèöó èìïîðòà ìû íå ïåðåíîñèì, àäðåñà íåîáõîäèìûõ àïè çàíåñåì â òàáëèöó. @@: mov esi,alloced_area_start mov edi,[pVA] mov ecx,alloced_size rep movsb ;êîïèðîâàíèå íà íîâîå ìåñòî çàãðóç÷èêà ñ îáðàçîì ôàéëà jmp [pVA] ;ïðûæîê íà íà÷àëî êîäà çàãðóç÷èêà endp ;äàëüøå òîëüêî áàçîíåçàâèñèìûé êîä proc alloced_area_start locals pVA dd ? endl call _delta _delta: pop ebx ;ebx=delta lea esi,[ebx+some_file-_delta] push esi add esi,dword[esi+3ch] mov ecx,[esi+34h] ;image base mov edx,[esi+50h] ;image size mov edi,ecx stdcall Allock_Region,ecx,edx ;ïîëó÷èì ïàìÿòè ïîä çàãðóçêó ôàéëà mov [pVA],ecx ;çàïîìíèì ýòî çíà÷åíèå mov edx,esi ;edx=pointer to PE header pop esi push esi ;ïîñëåäíèé ïàðàìåòð â process_sections mov ecx,[edx+54h] add ecx,18h ;ðàçìåð çàãîëîâêîâ è òàáëèöû ñåêöèé rep movsb ;ïåðåìåùàåì èõ lea eax,[edx+78h+16*8] ;óêàçàòåëü íà ïåðâûé IMAGE_SECTION_HEADER movzx ecx,word[edx+6] ;IMAGE_NT_HEADER.FileHeader.NumberOfSections stdcall process_sections,ecx,eax,[pVA] ;ðàññòàâëÿåì ñåêöèè ïî ìåñòàì stdcall process_imports,dword[edx+78h+8],[pVA] ;çàïîëíÿåì èìïîðòû push MEM_RELEASE ;òåïåðü íàäî îñâîáîäèòü ïàìÿòü, çàíÿòóþ çàãðóç÷èêîì push 0 mov eax,ebx and eax,0fffff000h push eax ;àäðåñ mov ecx,dword[edx+28h] ;RVA òî÷êè âõîäà add ecx,[pVA] ;VA push ecx ;àäðåñ âîçâðàòà èç VirtualFree jmp [_VirtualFree+ebx-_delta] ;îñâîáîæäàåì ïàìÿòü endp proc process_imports pTab,pImageBase ;pTab - RVA òàáëèöû èìïîðòîâ (áåðåì èç ìàññèâà DataDirectory) ;pImageBase - óêàçàòåëü íà "ïàìÿòü" pusha mov edx,[pTab] add edx,[pImageBase] ;VA òàáëèöû èìïîðòîâ .loop: push edx mov edi,[edx+4*4] ;import address table (å¸ è áóäåì çàïîëíÿòü) mov esi,[edx] ;lookup table (ìîæíî ñäåëàòü ïðîñòî = import address table, îíè èäåíòè÷íû) test edi,edi jz .ends ;ïîñëåäíèé IMAGE_IMPORT_DESCRIPTOR íóëåâîé test esi,esi jnz .ok mov esi,edi .ok: mov ecx,[pImageBase] add esi,ecx add edi,ecx ;VA ñîîòâåòñòâóþùèõ òàáëèö mov eax,[edx+4*3] add eax,ecx ;VA èìåíè DLL @@: cmp byte[eax],0 jnz @f inc eax jmp @b ;ìîãóò áûòü íóëè äëÿ âûðàâíèâàíèÿ @@: xinvoke LoadLibrary,eax mov edx,eax ;çàãðóçèòü DLL .po_1_dll: lodsd ;RVA IMAGE_IMPORT_BY_NAME test eax,eax jz .exit_it ;òàáëèöà çàêàí÷èâàåòñÿ íóëåâûì ýëåìåíòîì bt eax,31 ;åñëè óñòàíîâëåí 31 áèò, òî èìïîðò ïî îðäèíàëó. jnc .no_ord and eax,0ffffh jmp .getproc .no_ord: add eax,[pImageBase] ;VA IMAGE_IMPORT_BY_NAME add eax,2 ;VA IMAGE_IMPORT_BY_NAME.Name .getproc: push edx xinvoke GetProcAddress,edx,eax ;ïîëó÷èòü àäðåñ ÀÏÈ pop edx stosd ;ïîìåñòèòü åãî íà ñâîå ìåñòî jmp .po_1_dll .exit_it: pop edx add edx,5*4 ;ïåðåéòè ê ñëåäóþùåìó IMAGE_IMPORT_DESCRIPTOR jmp .loop .ends: pop edx popa ret endp proc process_sections num, pStable,pImageBase,pImage ;num - êîë-âî ñåêöèé, áåðåì Number Of Sections èç IMAGE_FILE_HEADER ;pStable - óêàçàòåëü íà òàáëèöó ñåêöèé (ñðàçó çà ìàññèâîì DataDirectory) ;pImageBase - óêàçàòåëü íà âûäåëåííóþ "ïàìÿòü" ;pImage - óêàçàòåëü íà îáðàç Á pusha mov ecx,[num] mov edx,[pStable] @@: push ecx mov edi,[edx+0ch] ;Section RVA add edi,[pImageBase] ;Section VA mov ecx,[edx+10h] ;Physical Size mov esi,[pImage] add esi,[edx+14h] ;Physical Offset rep movsb ;êîïèðóåì ñåêöèþ íà å¸ çàêîííîå ìåñòî pop ecx add edx,28h ;ñëåäóþùàÿ dec ecx jnz @b popa ret endp proc Allock_Region pRegion,Size pusha mov edi,[pRegion] mov esi,[Size] add esi,edi ;esi - óêàçàòåëü íà êîíåö âûäåëÿåìîé îáëàñòè ;edi - óêàçàòåëü íà íà÷àëî @@: xinvoke UnmapViewOfFile,edi xinvoke VirtualFree,edi,0,MEM_RELEASE ;îñâîáîäèòü ïàìÿòü xinvoke VirtualAlloc,edi,10000h,MEM_RESERVE+MEM_COMMIT,PAGE_EXECUTE_READWRITE ;çàðåçåðâèðîâàòü test eax,eax jz @f ;áåç ýòîé ïðîâåðêè ôóíêöèÿ ðàáîòàåò, åñëè ïàðàìåòðû â "ðàçóìíûõ" ïðåäåëàõ add edi,10000h ;ïàìÿòü ðåçåðâèðóåòñÿ ïî 10000h çà øàã cmp edi,esi jl @b @@: popa ret endp api_table: _UnmapViewOfFile dd UnmapViewOfFile _VirtualAlloc dd VirtualAlloc _LoadLibrary dd LoadLibrary _GetProcAddress dd GetProcAddress _VirtualFree dd VirtualFree dd 0 ;òàáëèöà ÀÏÈ, íåîáõîäèìûõ äëÿ ðàáîòû çàãðóç÷èêà some_file: _bin file FILE_NAME ;ôàéëèê, êîòîðûé áóäåì çàãðóæàòü _bin_size = $ - _bin alloced_size=$-alloced_area_start why?????!!! help me please!!! help me!!!
|
|||||||||||
![]() |
|
typedef 09 Aug 2014, 10:21
Debugger
|
|||
![]() |
|
< Last Thread | Next Thread > |
Forum Rules:
|
Copyright © 1999-2025, Tomasz Grysztar. Also on GitHub, YouTube.
Website powered by rwasa.