flat assembler
Message board for the users of flat assembler.

Index > Windows > [solved] How to call wsprintf in xp via fasmg ?

Author
Thread Post new topic Reply to topic
uor99



Joined: 04 Dec 2014
Posts: 42
uor99 25 Sep 2016, 12:57
Please read the following replies.


Last edited by uor99 on 26 Sep 2016, 07:39; edited 1 time in total
Post 25 Sep 2016, 12:57
View user's profile Send private message ICQ Number Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 20343
Location: In your JS exploiting you and your system
revolution 25 Sep 2016, 13:04
You have only defined wsprintfA. So you will either have to modify the name to wsprintf (wsprintf dd RVA _wsprintfA) or change the call to wsprintfA (call wsprintfA).
Post 25 Sep 2016, 13:04
View user's profile Send private message Visit poster's website Reply with quote
uor99



Joined: 04 Dec 2014
Posts: 42
uor99 26 Sep 2016, 07:37
Thanks for your help, revolution ! I got it at last.


Last edited by uor99 on 28 Sep 2016, 11:10; edited 1 time in total
Post 26 Sep 2016, 07:37
View user's profile Send private message ICQ Number Reply with quote
sinsi



Joined: 10 Aug 2007
Posts: 790
Location: Adelaide
sinsi 26 Sep 2016, 09:08
Quote:
Note It is important to note that wsprintf uses the C calling convention (_cdecl), rather than the standard call (_stdcall) calling convention. As a result, it is the responsibility of the calling process to pop arguments off the stack, and arguments are pushed on the stack from right to left.
Post 26 Sep 2016, 09:08
View user's profile Send private message Reply with quote
uor99



Joined: 04 Dec 2014
Posts: 42
uor99 27 Sep 2016, 13:43
sinsi, you are right. I am eager to know whether there are any errors in the above codes. Please give us the correct codes.
Post 27 Sep 2016, 13:43
View user's profile Send private message ICQ Number Reply with quote
AsmGuru62



Joined: 28 Jan 2004
Posts: 1629
Location: Toronto, Canada
AsmGuru62 27 Sep 2016, 14:34
every PUSH results in:
Code:
SUB ESP, 4
    

So to bring stack back after the call you need this:
Code:
ADD ESP, 4*<# of PUSH-es>
    

In your case 4 parameters pushed, so:
Code:
CALL [wsprintfA]
ADD ESP,16
    

If you're calling few of these in sequence you can optimize:
Code:
;
; push values for 1st call
;
CALL [wsprintfA]
;
; push values for 2nd call
;
CALL [wsprintfA]
;
; push values for 3rd call
;
CALL [wsprintfA]
ADD ESP, <room for all pushes>
    

I am not sure however if FASM will properly handle the variables declared as local.
I am talking about a case where you access your locals in the middle of your call:
Code:
PUSH param1
PUSH param2
;
; Access locals here
;
PUSH param3
CALL [wsprintfA]
    

I believe FASM has a macro for using the calls to these types of functions.
The macro pushes parameters AND restores stack in one line, and even then I am not
sure if locals will be properly handled.
Post 27 Sep 2016, 14:34
View user's profile Send private message Send e-mail Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 20343
Location: In your JS exploiting you and your system
revolution 27 Sep 2016, 15:08
The standard fasm macros use EBP for locals so it is not affected by pushes, pops or any other ESP manipulations.
Post 27 Sep 2016, 15:08
View user's profile Send private message Visit poster's website Reply with quote
Tomasz Grysztar



Joined: 16 Jun 2003
Posts: 8354
Location: Kraków, Poland
Tomasz Grysztar 27 Sep 2016, 15:33
There is no officially made proc.inc for fasmg yet, but the basic stdcall/ccall macros are very easy to make, I'm writing them as I type here:
Code:
macro stdcall proc,args&
        iterate arg, args
                indx 1+%%-%
                pushd arg
        end iterate
        call proc
end macro

macro ccall proc,args&
        local size
        size = 0
        iterate arg, args
                indx 1+%%-%
                pushd arg
                size = size + 4
        end iterate
        call proc
        if size
                add esp,size
        end if
end macro

macro invoke proc,args&
        stdcall [proc],args
end macro

macro cinvoke proc,args&
        ccall [proc],args
end macro    

With these macros your code could look like:
Code:
start:
        call    main
        invoke  ExitProcess,0

main: 
        cinvoke wsprintfA,buf,fmt,hi,88
        invoke  MessageBoxA,0,buf,hi,0
        ret    
Post 27 Sep 2016, 15:33
View user's profile Send private message Visit poster's website Reply with quote
uor99



Joined: 04 Dec 2014
Posts: 42
uor99 28 Sep 2016, 22:48
;Thanks for all of you ! It works well.
Code:
include '80386.inc'
include 'format/format.inc'
format PE GUI
entry start
macro stdcall proc,args&
        iterate arg, args
                indx 1+%%-%
                pushd arg
        end iterate
        call proc
end macro

macro ccall proc,args&
        local size
        size = 0
        iterate arg, args
                indx 1+%%-%
                pushd arg
                size = size + 4
        end iterate
        call proc
        if size
                add esp,size
        end if
end macro

macro invoke proc,args&
        stdcall [proc],args
end macro

macro cinvoke proc,args&
        ccall [proc],args
end macro

section '.idata' import data readable writeable
  dd 0,0,0,RVA kernel_name,RVA kernel_table
  dd 0,0,0,RVA user_name,RVA user_table
  dd 0,0,0,0,0
;
  kernel_name db 'KERNEL32.DLL',0
  user_name db 'USER32.DLL',0
;
  kernel_table:
    ExitProcess dd rva _ExitProcess
    CreateFile dd rva _CreateFileA
    ReadFile dd rva _ReadFile
    WriteFile dd rva _WriteFile
    CloseHandle dd rva _CloseHandle
    SetFilePointer dd rva _SetFilePointer
    GetCommandLine dd rva _GetCommandLineA
    GetEnvironmentVariable dd rva _GetEnvironmentVariable
    GetStdHandle dd rva _GetStdHandle
    VirtualAlloc dd rva _VirtualAlloc
    VirtualFree dd rva _VirtualFree
    GetTickCount dd rva _GetTickCount
    GetSystemTime dd rva _GetSystemTime
    GlobalMemoryStatus dd rva _GlobalMemoryStatus
    dd 0

  
  _ExitProcess dw 0
    db 'ExitProcess',0
  _CreateFileA dw 0
    db 'CreateFileA',0
  _ReadFile dw 0
    db 'ReadFile',0
  _WriteFile dw 0
    db 'WriteFile',0
  _CloseHandle dw 0
    db 'CloseHandle',0
  _SetFilePointer dw 0
    db 'SetFilePointer',0
  _GetCommandLineA dw 0
    db 'GetCommandLineA',0
  _GetEnvironmentVariable dw 0
    db 'GetEnvironmentVariableA',0
  _GetStdHandle dw 0
    db 'GetStdHandle',0
  _VirtualAlloc dw 0
    db 'VirtualAlloc',0
  _VirtualFree dw 0
    db 'VirtualFree',0
  _GetTickCount dw 0
    db 'GetTickCount',0
  _GetSystemTime dw 0
    db 'GetSystemTime',0
  _GlobalMemoryStatus dw 0
    db 'GlobalMemoryStatus',0

;
  user_table:
    MessageBoxA dd RVA _MessageBoxA
    wsprintfA dd RVA _wsprintfA
    dd 0
;

  _MessageBoxA dw 0
    db 'MessageBoxA',0
  _wsprintfA dw 0
    db 'wsprintfA',0
;
section '.reloc' fixups data readable discardable
section '.text' code readable executable
start:
        call main
        push    0
        call    [ExitProcess]
;
main: 
        cinvoke wsprintfA,buf,fmt,88,hi
        invoke  MessageBoxA,0,buf,hi,0
        ret
section '.data' data readable writeable ;needed by wsprintf
fmt     DB "%d, %s !",0
hi      DB "hi",0
buf     DB 22 DUP(?)
    
Post 28 Sep 2016, 22:48
View user's profile Send private message ICQ Number Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2024, Tomasz Grysztar. Also on GitHub, YouTube.

Website powered by rwasa.