flat assembler
Message board for the users of flat assembler.
Index
> Windows > Simple Winprogram without macros |
Author |
|
dstyl 17 Jul 2016, 14:26
Has someone a good templeate of a win pe programm with code and data seg without the use of macros for the purpose of learning?
Thx in advance. |
|||
17 Jul 2016, 14:26 |
|
patulinu 18 Jul 2016, 00:39
Code: ; Example of making 32-bit PE program as raw code and data ; (no Kernel32.dll) format PE GUI entry start section '.text' code readable executable start: push 0 push _caption push _message push 0 call [MessageBoxA] xor ax, ax ret ; dismisses Kernel's ExitProcess. ; the "ret" above is enough. ; push 0 ; call [ExitProcess] section '.data' data readable writeable _caption db 'Win32 assembly program',0 _message db 'Hello World!',0 section '.idata' import data readable writeable ; dd 0,0,0,RVA kernel_name,RVA kernel_table dd 0,0,0,RVA user_name,RVA user_table dd 0,0,0,0,0 ; kernel_table: ; ExitProcess dd RVA _ExitProcess ; dd 0 user_table: MessageBoxA dd RVA _MessageBoxA dd 0 ; kernel_name db 'KERNEL32.DLL',0 user_name db 'USER32.DLL',0 ; _ExitProcess dw 0 ; db 'ExitProcess',0 _MessageBoxA dw 0 db 'MessageBoxA',0 ; NOTE: I didn't see any errors running the app without this section. ; section '.reloc' fixups data readable discardable |
|||
18 Jul 2016, 00:39 |
|
revolution 18 Jul 2016, 00:54
Note that using "ret" to exit the program is not guaranteed to work. It is not a documented method so it may break at any time when a new Windows update or version is released.
|
|||
18 Jul 2016, 00:54 |
|
Mikl___ 18 Jul 2016, 04:24
Hi, dstyl!
Different ways of creating MessageBox It would seem that it may be easier function MessageBox? - only function MessageBeep Will try to find out what is inside the MessageBox? Maybe this will help make our programs even less. Run the program where MessageBox displayed in the debugger Ollydbg and the moment when the cursor reaches the line call MessageBoxA not push F8 (Step over), and the key F7 (Step into) and end up inside the function MessageBoxA - is going on here recoding ASCII-header rows and text messages in UNICODE and function call MessageBoxW, again click on F7 - is inside MessageBoxW is function MessageBoxExA which has one parameter more than MessageBoxA and MessageBoxW and this parameter (dwLanguageId) is 0 (LANG_NEUTRAL), the rest are parameters coincide completely. Inside there is a function MessageBoxExA is MessageBoxExW. Inside MessageBoxExW is function MessageBoxTimeoutA in which one parameter is more than this parameter and MessageBoxExW (Timeout) -1. Inside MessageBoxTimeoutA, as you might guess MessageBoxTimeoutW. Inside MessageBoxTimeoutW is MessageBoxIndirectA, this feature allows you to change the icon at MessageBox and may cause the Help, but we leave these parameters to zero. Inside MessageBoxIndirectA is exactly the same but with UNICODE strings function MessageBoxIndirectW is SoftModalMessageBox In programm of Indy/Clerk I found a link to NtRaiseHardError - MessageBox call at the kernel level Code: ; masm windows gui # .686P .model flat include windows.inc include w2k\native.inc include w2k\ntstatus.inc includelib user32.lib includelib ntdll.lib extern _imp__MessageBoxA@16:dword extern _imp__MessageBoxW@16:dword extern _imp__MessageBoxExA@20:dword extern _imp__MessageBoxExW@20:dword extern _imp__MessageBoxTimeoutA@24:dword extern _imp__MessageBoxTimeoutW@24:dword extern _imp__SoftModalMessageBox@4:dword extern _imp__MessageBoxIndirectA@4:dword extern _imp__MessageBoxIndirectW@4:dword extern _imp__NtRaiseHardError@24:dword ;extern _imp__KiFastSystemCall@0:dword .code start: xor ebx,ebx mov esi,ebx push MB_ICONASTERISK or MB_OK push offset MsgCaption push [Msg+esi*4] push ebx call _imp__MessageBoxA@16 ;--------------------------------------- inc esi push MB_ICONASTERISK or MB_OK push offset TitleText push [Msg+esi*4] push ebx call _imp__MessageBoxW@16 ;---------------------------------------- inc esi push ebx push MB_ICONASTERISK or MB_OK push offset MsgCaption push [Msg+esi*4] push ebx call _imp__MessageBoxExA@20 ;----------------------------------------- inc esi push ebx push MB_ICONASTERISK or MB_OK push offset TitleText push [Msg+esi*4] push ebx call _imp__MessageBoxExW@20 ;----------------------------------------- inc esi push -1 push ebx push MB_ICONASTERISK or MB_OK push offset MsgCaption push [Msg+esi*4] push ebx call _imp__MessageBoxTimeoutA@24 ;------------------------------------------ inc esi push -1 push ebx push MB_ICONASTERISK or MB_OK push offset TitleText push [Msg+esi*4] push ebx call _imp__MessageBoxTimeoutW@24 ;------------------------------------------ sub esp,sizeof(MSGBOXPARAMSA);40 mov edi,esp assume edi:ptr MSGBOXPARAMSA mov dword ptr [edi].cbSize,sizeof(MSGBOXPARAMSA) mov dword ptr [edi].hwndOwner,ebx mov dword ptr [edi].hInstance,400000h mov dword ptr [edi].lpszText,offset Msg8 mov dword ptr [edi].lpszCaption,offset MsgCaption mov dword ptr [edi].dwStyle,MB_ICONASTERISK or MB_OK mov dword ptr [edi].lpszIcon,ebx;:= PCHAR('MYICO'); mov dword ptr [edi].dwContextHelpId,ebx;:= 0; mov dword ptr [edi].lpfnMsgBoxCallback,ebx;:= nil; mov dword ptr [edi].dwLanguageId,ebx;:= LANG_NEUTRAL; push edi call _imp__MessageBoxIndirectA@4 ;-------------------------------------------------------- mov dword ptr [edi].lpszText,offset Msg9 mov dword ptr [edi].lpszCaption,offset TitleText push edi call _imp__MessageBoxIndirectW@4 add esp,sizeof(MSGBOXPARAMSA) ;------------------------------------------------------------------------- MSGBOXDATA struct params MSGBOXPARAMSA <> pwndOwner DWORD ? wLanguageId DWORD ? pidButton DWORD ? ; // Array of button IDs ppszButtonText DWORD ? ; // Array of button text strings cButtons DWORD ? DefButton DWORD ? CancelId DWORD ? Timeout DWORD ? MSGBOXDATA ends sub esp,sizeof MSGBOXDATA+0Ch ; local mbd:MSGBOXDATA ; local bufid[1]:DWORD ; local bufstr[1]:DWORD lea eax,[esp+4];bufid mov dword ptr[eax],1 mov [esp],offset _OK lea edi,[esp+8] mov [edi].cbSize,sizeof MSGBOXPARAMSA mov [edi].hwndOwner,ebx mov [edi].lpszText,offset Msg7 mov [edi].lpszCaption,offset TitleText mov [edi].dwStyle,MB_ICONASTERISK or MB_OK assume edi:ptr MSGBOXDATA mov [edi].pwndOwner,ebx;0 mov [edi].wLanguageId,ebx;0 mov [edi].pidButton,eax mov [edi].ppszButtonText,esp;offset bufstr mov [edi].cButtons,1 mov [edi].DefButton,ebx;0 mov [edi].CancelId,1 mov [edi].Timeout,-1 push edi call _imp__SoftModalMessageBox@4 assume edi:nothing add esp,sizeof MSGBOXDATA+0Ch ;------------------------------------------------------------------ ShowMessage proc Local MessageBuffer[60h]:WCHAR;2 Num+Num1 in words;push ebp Local Message[2]:UNICODE_STRING;mov ebp,esp Local HardErrorPointer[3]:PVOID;sub esp,0DCh ;the first parameter lea edi,MessageBuffer;lea edi,[ebp-0C0h] mov Message.Buffer+sizeof(UNICODE_STRING)*0,edi;mov [ebp-0CCh],edi mov Message.MaximumLength+sizeof(UNICODE_STRING)*0,Num;mov word ptr[ebp-0CEh],22h mov Message._Length+sizeof(UNICODE_STRING)*0,Num-2;mov word ptr[ebp-0D0h],20h lea edx,Message+sizeof(UNICODE_STRING)*0;lea edx,[ebp-0D0h] mov HardErrorPointer+sizeof(PVOID)*0,edx;pwText;mov [ebp-0DCh],edx mov esi,offset MessageText mov ecx,Num+Num1;mov ecx,62h rep movsb ;the second parameter lea edi,MessageBuffer+Num;lea edi,[ebp-9Eh] mov Message.Buffer+sizeof(UNICODE_STRING)*1,edi;mov [ebp-0C4h],edi mov Message.MaximumLength+sizeof(UNICODE_STRING)*1,Num1;mov word ptr[ebp-0C6h],40h mov Message._Length+sizeof(UNICODE_STRING)*1,Num1-2;mov word ptr[ebp-0C8h],3Eh lea edx,Message+sizeof(UNICODE_STRING)*1;lea edx,[ebp-0C8h] mov HardErrorPointer+sizeof(PVOID)*1,edx;pwCaption;mov [ebp-0D8h],edx ;the third parameter mov HardErrorPointer+sizeof(PVOID)*2,MB_ICONASTERISK or MB_OK;uType;mov dword ptr[ebp-0D4h],40h lea edx,HardErrorPointer;lea edx, [ebp-0DCh] push offset x;where this function write the answer selected by the user (if the type passed to the ;next parameter, involves choosing an answer by the user) push ebx;0 answers push edx;a pointer to an array of parameters push 3;the total number of parameters push 00000011b;mask bits set which correspond to the ;parameters that are of type PUNICODE_STRING, and zeros - the other parameters push STATUS_SERVICE_NOTIFICATION call _imp__NtRaiseHardError@24 ;-------------------------------------------------- ;change the first parameter lea edi,MessageBuffer mov Message.Buffer+sizeof(UNICODE_STRING)*0,edi mov Message.MaximumLength+sizeof(UNICODE_STRING)*0,Num3 mov Message._Length+sizeof(UNICODE_STRING)*0,Num3-2 lea edx,Message+sizeof(UNICODE_STRING)*0 mov HardErrorPointer+sizeof(PVOID)*0,edx;pwText mov esi,offset MessageText2 mov ecx,Num3 rep movsb lea edx,HardErrorPointer mov eax,0B6h;ID NtRaiseHardError for WinXP push offset x push ebx push edx push 3 push 00000011b push STATUS_SERVICE_NOTIFICATION push offset a1 call dword ptr ds:[7FFE0300h];KiFastSystemCall a1: ;-------------------------------------------------------- ;change the first parameter lea edi,MessageBuffer mov Message.Buffer+sizeof(UNICODE_STRING)*0,edi mov Message.MaximumLength+sizeof(UNICODE_STRING)*0,Num4 mov Message._Length+sizeof(UNICODE_STRING)*0,Num4-2 lea edx,Message+sizeof(UNICODE_STRING)*0 mov HardErrorPointer+sizeof(PVOID)*0,edx;pwText mov esi,offset MessageText3 mov ecx,Num4 rep movsb lea edx,HardErrorPointer mov eax,0B6h;ID NtRaiseHardError for WinXP push offset x push ebx push edx push 3 push 00000011b push STATUS_SERVICE_NOTIFICATION push offset a2 push offset a2 mov edx,esp db 0Fh,34h;sysenter a2: ;-------------------------------------------------- lea edi,MessageBuffer mov Message.Buffer+sizeof(UNICODE_STRING)*0,edi mov Message.MaximumLength+sizeof(UNICODE_STRING)*0,Num2 mov Message._Length+sizeof(UNICODE_STRING)*0,Num2-2 lea edx,Message+sizeof(UNICODE_STRING)*0 mov HardErrorPointer+sizeof(PVOID)*0,edx;pwText mov esi,offset MessageText1 mov ecx,Num2 rep movsb lea edx,HardErrorPointer mov eax,0B6h;ID NtRaiseHardError for WinXP push offset x push ebx push edx push 3 push 00000011b push STATUS_SERVICE_NOTIFICATION mov edx,esp int 2Eh leave retn ShowMessage endp .data MessageText dw 'N','t','R','a','i','s','e','H','a','r','d','E','r','r','o','r',0 Num equ $-MessageText TitleText dw 'I','c','z','e','l','i','o','n',' ','T','u','t','o','r' dw 'i','a','l',' ','#','2',':','M','e','s','s','a','g','e','B','o','x',0 Num1 equ $-TitleText MessageText1 dw 'i','n','t',' ','2','E','h',0 Num2 equ $-MessageText1 MessageText2 dw 'K','i','F','a','s','t','S','y','s','t','e','m','C','a','l','l',0 Num3 equ $-MessageText2 MessageText3 dw 'S','y','s','e','n','t','e','r',0 Num4 equ $-MessageText3 x dd 0 Msg dd Msg1,Msg2,Msg3,Msg4,Msg5,Msg6,Msg7,Msg8,Msg9 Msg1 db 'MessageBoxA',0 Msg2 dw 'M','e','s','s','a','g','e','B','o','x','W',0 Msg3 db 'MessageBoxExA',0 Msg4 dw 'M','e','s','s','a','g','e','B','o','x','E','x','W',0 Msg5 db 'MessageBoxTimeoutA',0 Msg6 dw 'M','e','s','s','a','g','e','B','o','x','T','i','m','e','o','u','t','W',0 Msg7 dw 'S','o','f','t','M','o','d','a','l','M','e','s','s','a','g','e','B','o','x',0 Msg8 db 'MessageBoxIndirectA',0 Msg9 dw 'M','e','s','s','a','g','e','B','o','x','I','n','d','i','r','e','c','t','W',0 MsgCaption db "Iczelion Tutorial #2:MessageBox",0 _OK dw 'O','K',0 end start |
|||
18 Jul 2016, 04:24 |
|
dstyl 18 Jul 2016, 09:07
Thx for your help it really got me a lot of steps farther on my way to assembler language understanding. @ mike thx its really interesting ill try out as soon as i got my pedemo finished.
|
|||
18 Jul 2016, 09:07 |
|
DimonSoft 18 Jul 2016, 19:42
revolution wrote: Note that using "ret" to exit the program is not guaranteed to work. It is not a documented method so it may break at any time when a new Windows update or version is released. In fact it doesn’t work even in the versions like XP, it’s just that you have to do something interesting in your program. As an example: standard function for showing an Open Dialog creates a few threads internally and doesn’t exit them before returning to the caller. And since ret from WinMain is backed by a simple ExitThread, the process survives and doesn’t terminate. This school-year a few of my students also mentioned that a simple MessageBox-program terminated with plain ret also stays hanging around in the process list under Win10 and, possibly, Win8. |
|||
18 Jul 2016, 19:42 |
|
dstyl 19 Jul 2016, 14:34
Thx for the info i will use exitprocess.
|
|||
19 Jul 2016, 14:34 |
|
l_inc 19 Jul 2016, 21:36
DimonSoft
Quote: In fact it doesn’t work even in the versions like XP However as long as the entry point is defined to be a function, it is OK to return from it. And one can safely assume that this will terminate the primary thread. Quote: And since ret from WinMain is backed by a simple ExitThread, the process survives and doesn’t terminate. WinMain is not the image entry point. It's called by the C runtime, and returning the control from it to the C runtime results in the ExitProcess. _________________ Faith is a superposition of knowledge and fallacy |
|||
19 Jul 2016, 21:36 |
|
DimonSoft 20 Jul 2016, 08:29
l_inc wrote: DimonSoft Yep. Which is still different from terminating a process as a newbie would expect. l_inc wrote:
I just got used to mark the entry point with WinMain label. Sorry, this might really be somewhat confusing for other people on the forum. |
|||
20 Jul 2016, 08:29 |
|
< Last Thread | Next Thread > |
Forum Rules:
|
Copyright © 1999-2024, Tomasz Grysztar. Also on GitHub, YouTube.
Website powered by rwasa.