flat assembler
Message board for the users of flat assembler.

Index > Windows > Fail VerQueryValue

Author
Thread Post new topic Reply to topic
fasmlover



Joined: 17 May 2017
Posts: 2
fasmlover 17 May 2017, 03:23
Hi guys. Pleasure to be here. Can you please help with my code to retrieve file version of ntoskrnl.exe? I want to be able to query my file version and print it in a messagebox. Still learning FASM in Windows32. Thank you for you help. Cannot wait to contribute more.

Code:
format  pe gui 4.0
include 'win32ax.inc'

invoke GetFileVersionInfoA, lpszFilePath, 0, 1024, lpVersionInfo
invoke VerQueryValueA, buffer, "\\", lplpReturnVal, dwLength
mov [hfile],VS_FIXEDFILEINFO.dwFileVersionLS
invoke MessageBox, 0, [hfile], [hfile], MB_OK
invoke ExitProcess, 0

VS_FIXEDFILEINFO:
 .dwFileVersionLS dd ?

lpszFilePath      db 'C:\Windows\System32\ntoskrnl.exe',0
dwDummy       dd ?
lpVersionInfo    dd ?
buffer               db 256 dup(?)
lplpReturnVal    dd ?
dwLength         dd ?
hfile                dd ? 

section '.idata' import data readable
        library  kernel32,'kernel32.dll',\
                 version, 'version.dll'
         import  kernel32,\
                 ExitProcess,'ExitProcess',\
         import  version,\
                 GetFileVersionInfoA, 'GetFileVersionInfoA',\
                 VerQueryValueA, 'VerQueryValueA'
         import  user32,\
                 MessageBox,'MessageBoxA'    
Post 17 May 2017, 03:23
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 20304
Location: In your JS exploiting you and your system
revolution 18 May 2017, 11:14
You are setting the value at hfile to the fixed constant VS_FIXEDFILEINFO.dwFileVersionLS. So MessageBox has nothing to display other than a pointer to an invalid buffer.
Post 18 May 2017, 11:14
View user's profile Send private message Visit poster's website Reply with quote
Picnic



Joined: 05 May 2007
Posts: 1389
Location: Piraeus, Greece
Picnic 18 May 2017, 13:22
Hi fasmlover, it is somewhat more complex.
Here is a working sample (written hurriedly), see if you can make something of it.
Notice that you have to include the version.inc file.

Code:
    format PE gui 4.0
    entry start

    include "..\include\win32ax.inc"

section ".data" data readable writeable

    lptstrFilename db "C:\Windows\System32\ntoskrnl.exe",0
    lpData dd 0
    BufLen dd 0
    dwLen dd 0
    dwHandle dd 0
    pFileInfo dd 0
    lpBuffer rb 256

section ".code" code readable executable
start:

    invoke GetFileVersionInfoSize, lptstrFilename, dwHandle
    .if eax = 0
        ; handle error
        jmp .exit
    .endif

    mov [dwLen], eax

    invoke LocalAlloc, LPTR, eax  ; use HeapAlloc instead
    .if eax = 0
        ; handle error
        jmp .exit
    .endif

    mov [lpData], eax

    invoke GetFileVersionInfo, lptstrFilename, [dwHandle], [dwLen], [lpData]
    .if eax = 0
        invoke GetLastError
        ; handle error
        ; free lpData
        jmp .exit
    .endif

    invoke VerQueryValue, [lpData], "\\", pFileInfo, BufLen
    .if eax = 0
        ; handle error
        ; free lpData
        jmp .exit
    .endif

    mov esi, [pFileInfo]  ; VS_FIXEDFILEINFO ptr (FAR* FAR*)

    mov eax, [esi+2*4]  ; dwFileVersionMS
    mov ebx, eax
    and ebx, 0xFFFF  ; Minor Version
    shr eax, 16
    and eax, 0xFFFF  ; Major Version

    mov ecx, [esi+3*4]  ; dwFileVersionLS
    mov edx, ecx
    and edx, 0xFFFF  ; Revision Number
    shr ecx, 16
    and ecx, 0xFFFF  ; Build Number

    ; Output: major.minor.build.revision
    cinvoke wsprintf, lpBuffer, <"File Version: %d.%d.%d.%d">, eax, ebx, ecx, edx
    invoke MessageBox, 0, lpBuffer, lptstrFilename, MB_OK
    invoke LocalFree, [lpData]

    .exit: invoke ExitProcess, 0


section ".idata" import data readable writeable

    library kernel32,"kernel32.dll", user32,"user32.dll", version,"version.dll"

    include "..\include\api\kernel32.inc"
    include "..\include\api\user32.inc"
    include "..\include\api\version.inc"
    



XP 32-Bit Output: major.minor.build.revision

Image

Windows 7 64 Bit

Image


Description:
Download
Filename: version.inc
Filesize: 675 Bytes
Downloaded: 370 Time(s)

Post 18 May 2017, 13:22
View user's profile Send private message Visit poster's website Reply with quote
fasmlover



Joined: 17 May 2017
Posts: 2
fasmlover 21 May 2017, 08:57
Many thanks, guys. Especially appreciated a detailed response from Picnic and included "version.inc". It is extremely helpful; I did not know at that time what my roadblock was. Thanks again! It works perfectly, Picnic.
Post 21 May 2017, 08:57
View user's profile Send private message Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2024, Tomasz Grysztar. Also on GitHub, YouTube.

Website powered by rwasa.