flat assembler
Message board for the users of flat assembler.

Index > Non-x86 architectures > [ARM] porting fasmw builtin examples to WinCE

Author
Thread Post new topic Reply to topic
ProMiNick



Joined: 24 Mar 2012
Posts: 804
Location: Russian Federation, Sochi
ProMiNick 06 Jan 2020, 05:38
Hello all.
periodicaly I tryed to adapt win32 examples to wince examples - just for fun (to see that windows is always windows).

I adapt PE DEMO in macroless multisection optimized form:
Code:
; Example of making 32-bit PE program as raw code and data

format PE GUI
entry start

section '.text' code readable executable

  start:
        mov     r3, #0
        mov     r2, _caption
        add     r1, r2, _message-_caption
        mov     r0, #0
        bl      indirect.MessageBoxW
        mov     r0, 0
        bl      indirect.ExitThread

section '.data' data readable writeable

  _caption du 'WinCE assembly program',0
  _message du 'Hello World!',0

section '.idata' import data readable writeable

  dw RVA coredll_table,0,0,RVA coredll_name,RVA coredll_table
  dw 0,0,0,0,0

  coredll_table:
    ExitThread  dw RVA _ExitThread
    MessageBoxW dw RVA _MessageBoxW
                dw 0
  indirect:
    .ExitThread:  ldr pc,[ExitThread]
    .MessageBoxW: ldr pc,[MessageBoxW]

  coredll_name db 'COREDLL.DLL',0
  align 2
  _ExitThread dh 0
    db 'ExitThread',0
  align 2
  _MessageBoxW dh 0
    db 'MessageBoxW',0    

with variation that works without ExitThread:
Code:
; Example of making 32-bit PE program as raw code and data

format PE GUI
entry start

section '.text' code readable executable

  start:
        str     lr, [sp,#-4]!
        mov     r3, #0
        mov     r2, _caption
        add     r1, r2, _message-_caption
        mov     r0, #0
        bl      indirect.MessageBoxW
        ldr     pc, [sp],#4

section '.data' data readable writeable

  _caption du 'WinCE assembly program',0
  _message du 'Hello World!',0

section '.idata' import data readable writeable

  dw RVA coredll_table,0,0,RVA coredll_name,RVA coredll_table
  dw 0,0,0,0,0

  coredll_table:
    MessageBoxW dw RVA _MessageBoxW
                dw 0
  indirect:
    .MessageBoxW: ldr pc,[MessageBoxW]

  coredll_name db 'COREDLL.DLL',0
  align 2
  _MessageBoxW dh 0
    db 'MessageBoxW',0    


and I checked if some modifications I made to revolution includes that they not breaks output consistency - all OK:
Code:
; Example of making 32-bit PE program as raw code and data

format PE GUI
entry start

include 'wince.inc'
macro invoke name,args& { apscall indirect.#name,args }

section '.text' code readable executable

  start:
        invoke MessageBoxW,0,far _message,far _caption,0
        invoke ExitThread, 0

section '.data' data readable writeable

  _caption du 'WinCE assembly program',0
  _message du 'Hello World!',0

section '.idata' import data readable writeable

  library coredll,'COREDLL.DLL'

  include 'os specific/windows/api/armce/coredll.inc'    


but when I go from MessageBoxes to Windows - porting TEMPLLATE - I had window that closed immidiately after it was created:
Code:
format PE GUI
entry start

include 'wince.inc'
macro invoke name,args& { apscall indirect.#name,args }

ID_CMDBAR = 1000

section '.text' code readable executable
  start:
        ldr     r6, [.local.lpwc]
        invoke  RegisterClassW, r6
        mov     r1, r0, lsl#16
        movs    r0, r1, lsr#16
        beq     .error
        invoke  GetSystemMetrics, SM_CXSCREEN
        ;ldr     r1, [.local.lpxscreen]
        ;str     r0, [r1]
        mov     r4, r0
        invoke  GetSystemMetrics, SM_CYSCREEN
        ;ldr     r1, [.local.lpyscreen]
        ;str     r0, [r1]
        mov     r7, r0
        mov     r0, #0
        ldr     r5, [r6,WNDCLASS.hInstance]
        ldr     r1, [r6,WNDCLASS.lpszClassName]
        ldr     r2, [.local.lp_title]
        invoke  CreateWindowExW,r0,r1,r2,WS_VISIBLE,r0,r0,r4,r7,r0,r0,r5,r0
        movs    r4, r0
        beq     .error
        invoke  ShowWindow, r4
        invoke  UpdateWindow, r4
  .msg_loop:
        adr     r0, .msg
        invoke  GetMessageW,r0,0,0,0
        cmp     r0, 1
        blo     .end_loop
        bne     .msg_loop
        adr     r0, .msg
        invoke  TranslateMessage,r0
        adr     r0, .msg
        invoke  DispatchMessageW,r0
        b       .msg_loop
  .error:
        ldr     r1, [.local.lp_error]
        invoke  MessageBoxW,0,r1,0,MB_ICONERROR+MB_OK
  .end_loop:
        invoke  ExitThread, [.msg.wParam]

        .local.lpwc             dw wc
        .local.lp_title         dw _title
        .local.lp_error         dw _error
        ;.local.lpxscreen        dw xscreen
        ;.local.lpyscreen        dw yscreen
        .msg MSG

proc WindowProc nospil uses lr,hwnd,wmsg,wparam,lparam
        cmp     r1, #WM_DESTROY
        beq     .wmdestroy
        cmp     r1, #WM_CREATE
        beq     .retZero
        bl      DefWindowProcW
        b       .retZero
  .wmdestroy:
        invoke  PostQuitMessage,0
        b       .retZero
  .wmcreate:
        ldr     r6, [.local.lpwc.hInstance]
        mov     r1, r0
        invoke  CommandBar_Create,r6,r1,ID_CMDBAR
        invoke  CommandBar_AddAdornments,r0,0,0
  .retZero:
        mov     r0, #0
  .locret:
        ret
endp
WindowProc.local.lpwc.hInstance dw wc.hInstance

section '.data' data readable writeable
        wc WNDCLASS 0,WindowProc,0,0,PE_IMAGE_BASE,NULL,NULL,COLOR_BTNFACE+1,NULL,_class
        _class TCHAR 'FASMWINCE',0
        _title TCHAR 'WinCE program template',0
        _error TCHAR 'Startup failed.',0
        xscreen dw ?
        yscreen dw ?

section '.idata' import data readable writeable

  library coredll,'COREDLL.DLL',\
          commctrl,'COMMCTRL.DLL'

  include 'os specific/windows/api/armce/coredll.inc'
  include 'os specific/windows/api/armce/commctrl.inc'    


if I change "beq .error" to "bne .error" I got 'Startup failed.' message & app is closed correctly. So RegisterClassW & CreateWindowExW worked successfuly.
All look almost correct but... if I move execution of WindowProc on WM_CREATE from safe .retZero back to .wmcreate it will hang the emulating system.

And whole context if needed:https://www.dropbox.com/s/xnhr6ru0fvlb4i2/fasmw17321COMFRIENDLY.zip?dl=0 [LAST UPDATE 8.01.20 contain all examples described in topic]

_________________
I don`t like to refer by "you" to one person.
My soul requires acronim "thou" instead.


Last edited by ProMiNick on 07 Jan 2020, 21:44; edited 3 times in total
Post 06 Jan 2020, 05:38
View user's profile Send private message Send e-mail Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 20451
Location: In your JS exploiting you and your system
revolution 06 Jan 2020, 05:53
Your WindowProc uses r6 but you don't save and restore it, so it gets corrupted. However fortunately you never actually jump to the .wmcreate section because the WM_CREATE message simply returns zero.

Also, after calling DefWindowProcW it might not be a good idea to always force a zero return value.
Post 06 Jan 2020, 05:53
View user's profile Send private message Visit poster's website Reply with quote
ProMiNick



Joined: 24 Mar 2012
Posts: 804
Location: Russian Federation, Sochi
ProMiNick 06 Jan 2020, 06:33
dosn`t helps.
"proc WindowProc nospil uses r6 r12 lr,hwnd,wmsg,wparam,lparam" not solved OS hang.

Working version was - almost that I want to code (but I got it patching much larger binary, but not assembling from sources)
Code:
; IMAGE_DOS_HEADER

; Processor       : ARM
; ARM architecture: metaarm
; Target assembler: Generic assembler for ARM
; Byte sex        : Little endian

; ===========================================================================

; Segment type: Pure data
                AREA HEADER, DATA, ALIGN=8
                ; ORG 0x10000
__ImageBase     DCW 0x5A4D              ; DATA XREF: HEADER:0001003Co
                                        ; HEADER:0001010Co
                                        ; PE magic number
                DCW 0x90                ; Bytes on last page of file
                DCW 3                   ; Pages in file
                DCW 0                   ; Relocations
                DCW 4                   ; Size of header in paragraphs
                DCW 0                   ; Minimum extra paragraphs needed
                DCW 0xFFFF              ; Maximum extra paragraphs needed
                DCW 0                   ; Initial (relative) SS value
                DCW 0xB8                ; Initial SP value
                DCW 0                   ; Checksum
                DCW 0                   ; Initial IP value
                DCW 0                   ; Initial (relative) CS value
                DCW 0x40                ; File address of relocation table
                DCW 0                   ; Overlay number
                DCW 0, 0, 0, 0          ; Reserved words
                DCW 0                   ; OEM identifier (for e_oeminfo)
                DCW 0                   ; OEM information; e_oemid specific
                DCW 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 ; Reserved words
                DCD dword_100D8 - __ImageBase ; File address of new exe header
                DCB 0xE, 0x1F, 0xBA, 0xE, 0, 0xB4, 9, 0xCD, 0x21, 0xB8 ; DOS Stub code
                DCB 1, 0x4C, 0xCD, 0x21, 0x54, 0x68, 0x69, 0x73, 0x20
                DCB 0x70, 0x72, 0x6F, 0x67, 0x72, 0x61, 0x6D, 0x20, 0x63
                DCB 0x61, 0x6E, 0x6E, 0x6F, 0x74, 0x20, 0x62, 0x65, 0x20
                DCB 0x72, 0x75, 0x6E, 0x20, 0x69, 0x6E, 0x20, 0x44, 0x4F
                DCB 0x53, 0x20, 0x6D, 0x6F, 0x64, 0x65, 0x2E, 0xD, 0xD
                DCB 0xA, 0x24, 0, 0, 0, 0, 0, 0, 0, 0x4F, 0xF5, 0x48, 0xD8
                DCB 0xB, 0x94, 0x26, 0x8B, 0xB, 0x94, 0x26, 0x8B, 0xB
                DCB 0x94, 0x26, 0x8B, 0xF7, 0x8B, 0x2C, 0x8B, 8, 0x94
                DCB 0x26, 0x8B, 0xB, 0x94, 0x27, 0x8B, 0x16, 0x94, 0x26
                DCB 0x8B, 0x8E, 0x8B, 0x35, 0x8B, 0xE, 0x94, 0x26, 0x8B
                DCB 0x59, 0xB4, 0x2D, 0x8B, 0xA, 0x94, 0x26, 0x8B, 0x68
                DCB 0x93, 0x20, 0x8B, 0xA, 0x94, 0x26, 0x8B, 0x52, 0x69
                DCB 0x63, 0x68, 0xB, 0x94, 0x26, 0x8B, 0, 0, 0, 0, 0, 0
                DCB 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
                DCB 0
; IMAGE_NT_HEADERS
dword_100D8     DCD 0x4550              ; DATA XREF: HEADER:0001003Co
                                        ; Signature
; IMAGE_FILE_HEADER
                DCW 0x1C0               ; Machine
                DCW 5                   ; Number of sections
                DCD 0x37CAA222          ; Time stamp: Mon Aug 30 15:24:18 1999
                DCD 0                   ; Pointer to symbol table
                DCD 0                   ; Number of symbols
                DCW 0xE0                ; Size of optional header
                DCW 0x10F               ; Characteristics
; IMAGE_OPTIONAL_HEADER
                DCW 0x10B               ; Magic number
                DCB 6                   ; Major linker version
                DCB 1                   ; Minor linker version
                DCD 0xC00               ; Size of code
                DCD 0xC00               ; Size of initialized data
                DCD 0                   ; Size of uninitialized data
                DCD start - 0x10000     ; Address of entry point
                DCD start - 0x10000     ; Base of code
                DCD unk_12000 - 0x10000 ; Base of data
                DCD __ImageBase         ; Image base
                DCD 0x1000              ; Section alignment
                DCD 0x200               ; File alignment
                DCW 4                   ; Major operating system version
                DCW 0                   ; Minor operating system version
                DCW 0                   ; Major image version
                DCW 0                   ; Minor image version
                DCW 2                   ; Major subsystem version
                DCW 0xB                 ; Minor subsystem version
                DCD 0                   ; Reserved 1
                DCD 0x4000              ; Size of image
                DCD 0x400               ; Size of headers
                DCD 0                   ; Checksum
                DCW 9                   ; Subsystem
                DCW 0                   ; Dll characteristics
                DCD 0x10000             ; Size of stack reserve
                DCD 0x1000              ; Size of stack commit
                DCD 0x100000            ; Size of heap reserve
                DCD 0x1000              ; Size of heap commit
                DCD 0                   ; Loader flag
                DCD 0x10                ; Number of data directories
                DCD 0, 0                ; Export Directory
; Import Directory
                DCD 0x3000              ; Virtual address
                DCD 0x3C                ; Size
                DCD 0, 0                ; Resource Directory
                DCD 0, 0                ; Exception Directory
                DCD 0, 0                ; Security Directory
                DCD 0, 0                ; Base Relocation Table
                DCD 0, 0                ; Debug Directory
                DCD 0, 0                ; Architecture Specific Data
                DCD 0, 0                ; RVA of GP
                DCD 0, 0                ; TLS Directory
                DCD 0, 0                ; Load Configuration Directory
                DCD 0, 0                ; Bound Import Directory in headers
; Import Address Table
                DCD __imp_RegisterClassW - 0x10000 ; Virtual address
                DCD 0x30                ; Size
                DCD 0, 0                ; Delay Load Import Descriptors
                DCD 0, 0                ; COM Runtime descriptor
                DCD 0, 0                ; Image data directory 15
; IMAGE_SECTION_HEADER
                DCB ".text",0,0,0       ; Name
                DCD 0x224               ; Virtual size
                DCD start - 0x10000     ; Virtual address
                DCD 0x400               ; Size of raw data
                DCD 0x400               ; Pointer to raw data
                DCD 0                   ; Pointer to relocations
                DCD 0                   ; Pointer to line numbers
                DCW 0                   ; Number of relocations
                DCW 0                   ; Number of linenumbers
                DCD 0x60000020          ; Characteristics
; IMAGE_SECTION_HEADER
                DCB ".data",0,0,0       ; Name
                DCD 0x74                ; Virtual size
                DCD unk_12000 - 0x10000 ; Virtual address
                DCD 0x200               ; Size of raw data
                DCD 0x800               ; Pointer to raw data
                DCD 0                   ; Pointer to relocations
                DCD 0                   ; Pointer to line numbers
                DCW 0                   ; Number of relocations
                DCW 0                   ; Number of linenumbers
                DCD 0xC0000040          ; Characteristics
; IMAGE_SECTION_HEADER
                DCB ".idata",0,0        ; Name
                DCD 0x1A8               ; Virtual size
                DCD 0x3000              ; Virtual address
                DCD 0x200               ; Size of raw data
                DCD 0xA00               ; Pointer to raw data
                DCD 0                   ; Pointer to relocations
                DCD 0                   ; Pointer to line numbers
                DCW 0                   ; Number of relocations
                DCW 0                   ; Number of linenumbers
                DCD 0xC0000060          ; Characteristics
; IMAGE_SECTION_HEADER
                DCB 0,0,0,0,0,0,0,0     ; Name
                DCD 0                   ; Virtual size
                DCD 0                   ; Virtual address
                DCD 0                   ; Size of raw data
                DCD 0                   ; Pointer to raw data
                DCD 0                   ; Pointer to relocations
                DCD 0                   ; Pointer to line numbers
                DCW 0                   ; Number of relocations
                DCW 0                   ; Number of linenumbers
                DCD 0                   ; Characteristics
; IMAGE_SECTION_HEADER
                DCB 0,0,0,0,0,0,0,0     ; Name
                DCD 0                   ; Virtual size
                DCD 0                   ; Virtual address
                DCD 0                   ; Size of raw data
                DCD 0                   ; Pointer to raw data
                DCD 0                   ; Pointer to relocations
                DCD 0                   ; Pointer to line numbers
                DCW 0                   ; Number of relocations
                DCW 0                   ; Number of linenumbers
                DCD 0                   ; Characteristics
                ALIGN 0x1000
; HEADER        ends

; File Name   : C:\Program Files (x86)\Microsoft Device Emulator\1.0\SDflash\winCE5CE6freeware\Utilities\search5.exe
; Format      : Portable executable for ARM (PE)
; Imagebase   : 10000
; Section 1. (virtual address 00001000)
; Virtual size                  : 00000224 (    548.)
; Section size in file          : 00000400 (   1024.)
; Offset to raw data for section: 00000400
; Flags 60000020: Text Executable Readable
; Alignment     : default
;
; The code at 10000..11000 is hidden from normal disassembly
; and was loaded because the user ordered to load it explicitly
;
;  <<<< IT MAY CONTAIN TROJAN HORSES, VIRUSES, AND DO HARMFUL THINGS >>>
;
;
; ===========================================================================

; Segment type: Pure code
                AREA .text, CODE, ALIGN=4
                ; ORG 0x11000
                CODE32

                EXPORT start
start                                   ; DATA XREF: HEADER:00010100o
                                        ; HEADER:00010104o ...
                STMFD           SP!, {R0,LR}
                SUB             SP, SP, #0x20
                MOV             R5, R0
                LDR             R6, =unk_12000
                STR             R5, [R6,#(dword_12010 - 0x12000)]
                MOV             R0, R6  ; lpWndClass
                BL              RegisterClassW
                MOV             R1, R0,LSL#16
                MOVS            R0, R1,LSR#16
                ADDEQ           SP, SP, #0x20
                LDMEQFD         SP!, {R0,PC}
                MOV             R0, #0  ; nIndex
                BL              GetSystemMetrics
                LDR             R1, =dword_1206C
                STR             R0, [R1]
                MOV             R4, R0
                MOV             R0, #1  ; nIndex
                BL              GetSystemMetrics
                LDR             R1, =dword_12070
                STR             R0, [R1]
                MOV             R7, R0
                MOV             R0, #0  ; dwExStyle
                STR             R0, [SP,#0x1C] ; lpParam
                STR             R5, [SP,#0x18] ; hInstance
                STR             R0, [SP,#0x14] ; hMenu
                STR             R0, [SP,#0x10] ; hWndParent
                STR             R7, [SP,#0xC] ; nHeight
                STR             R4, [SP,#8] ; nWidth
                STR             R0, [SP,#4] ; Y
                STR             R0, [SP,#0] ; X
                MOV             R3, #0x10000000 ; dwStyle
                LDR             R2, =aWinceProgramTe ; "WinCE program template"
                LDR             R1, [R6,#(dword_12024 - 0x12000)] ; lpClassName
                BL              CreateWindowExW
                MOVS            R4, R0
                ADDEQ           SP, SP, #0x20
                LDMEQFD         SP!, {R0,PC}
                MOV             R1, R9  ; nCmdShow
                MOV             R0, R4  ; hwnd
                BL              ShowWindow
                MOV             R0, R4  ; hwnd
                BL              UpdateWindow

loc_110A8                               ; CODE XREF: .text:000110D4j
                MOV             R3, #0  ; wMsgFilterMax
                MOV             R2, #0  ; wMsgFilterMin
                MOV             R1, #0  ; hWnd
                ADR             R0, dword_110D8 ; lpMsg
                BL              GetMessageW
                CMP             R0, #0
                BEQ             loc_110F4
                ADR             R0, dword_110D8 ; pMsg
                BL              TranslateMessage
                ADR             R0, dword_110D8 ; lpMsg
                BL              DispatchMessageW
                B               loc_110A8
; ---------------------------------------------------------------------------
dword_110D8     DCD 0, 0                ; DATA XREF: .text:000110B4o
                                        ; .text:000110C4o ...
dword_110E0     DCD 0                   ; DATA XREF: .text:loc_110F4r
                DCD 0, 0, 0, 0
; ---------------------------------------------------------------------------

loc_110F4                               ; CODE XREF: .text:000110C0j
                LDR             R0, =0
                ADD             SP, SP, #0x20
                LDMFD           SP!, {R0,PC}
; ---------------------------------------------------------------------------
; WNDCLASSW *lpWndClass
lpWndClass      DCD unk_12000           ; DATA XREF: .text:0001100Cr
; LPCWSTR lpWindowName
lpWindowName    DCD aWinceProgramTe     ; DATA XREF: .text:0001107Cr
                                        ; "WinCE program template"
off_11108       DCD dword_1206C         ; DATA XREF: .text:00011034r
off_1110C       DCD dword_12070         ; DATA XREF: .text:00011048r
                DCD 0, 0, 0, 0, 0
                DCD unk_12000
                DCD aWinceProgramTe     ; "WinCE program template"
                DCD dword_1206C
                DCD dword_12070
; ---------------------------------------------------------------------------
                STMFD           SP!, {R4-R8,R11,LR}
                CMP             R1, #2
                MOVEQ           R0, #0
                MOVEQ           R12, #8
                BLEQ            0x13170
                MOVEQ           R0, #0
                LDMEQFD         SP!, {R4-R8,R11,PC}
                CMP             R1, #1
                BLEQ            loc_11164
                MOV             R12, #9
                BL              0x13170
                LDMFD           SP!, {R4-R8,R11,PC}
; ---------------------------------------------------------------------------

loc_11164                               ; CODE XREF: .text:00011154j
                LDR             R6, =dword_12010
                MOV             R1, R0
                LDR             R0, [R6]
                MOV             R2, #0x3E8
                MOV             R12, #0xA
                BL              0x13170
                MOV             R1, #0
                MOV             R2, #0
                MOV             R12, #0xB
                BL              0x13170
                LDMFD           SP!, {R4-R8,R11,PC}
; ---------------------------------------------------------------------------
off_11190       DCD dword_12010         ; DATA XREF: .text:loc_11164r

; =============== S U B R O U T I N E =======================================

; Attributes: thunk

; ATOM __stdcall RegisterClassW(const WNDCLASSW *lpWndClass)
RegisterClassW                          ; CODE XREF: .text:00011018p
                LDR             R12, =__imp_RegisterClassW
                LDR             PC, [R12]
; End of function RegisterClassW

; ---------------------------------------------------------------------------
off_1119C       DCD __imp_RegisterClassW ; DATA XREF: RegisterClassWr
; [00000008 BYTES: COLLAPSED FUNCTION GetSystemMetrics. PRESS CTRL-NUMPAD+ TO EXPAND]
off_111A8       DCD __imp_GetSystemMetrics ; DATA XREF: GetSystemMetricsr
; [00000008 BYTES: COLLAPSED FUNCTION CreateWindowExW. PRESS CTRL-NUMPAD+ TO EXPAND]
off_111B4       DCD __imp_CreateWindowExW ; DATA XREF: CreateWindowExWr
; [00000008 BYTES: COLLAPSED FUNCTION ShowWindow. PRESS CTRL-NUMPAD+ TO EXPAND]
off_111C0       DCD __imp_ShowWindow    ; DATA XREF: ShowWindowr
; [00000008 BYTES: COLLAPSED FUNCTION UpdateWindow. PRESS CTRL-NUMPAD+ TO EXPAND]
off_111CC       DCD __imp_UpdateWindow  ; DATA XREF: UpdateWindowr
; [00000008 BYTES: COLLAPSED FUNCTION GetMessageW. PRESS CTRL-NUMPAD+ TO EXPAND]
off_111D8       DCD __imp_GetMessageW   ; DATA XREF: GetMessageWr
; [00000008 BYTES: COLLAPSED FUNCTION TranslateMessage. PRESS CTRL-NUMPAD+ TO EXPAND]
off_111E4       DCD __imp_TranslateMessage ; DATA XREF: TranslateMessager
; [00000008 BYTES: COLLAPSED FUNCTION DispatchMessageW. PRESS CTRL-NUMPAD+ TO EXPAND]
off_111F0       DCD __imp_DispatchMessageW ; DATA XREF: DispatchMessageWr
; [00000008 BYTES: COLLAPSED FUNCTION PostQuitMessage. PRESS CTRL-NUMPAD+ TO EXPAND]
off_111FC       DCD __imp_PostQuitMessage ; DATA XREF: PostQuitMessager
; [00000008 BYTES: COLLAPSED FUNCTION DefWindowProcW. PRESS CTRL-NUMPAD+ TO EXPAND]
off_11208       DCD __imp_DefWindowProcW ; DATA XREF: DefWindowProcWr
; [00000008 BYTES: COLLAPSED FUNCTION CommandBar_Create. PRESS CTRL-NUMPAD+ TO EXPAND]
off_11214       DCD __imp_CommandBar_Create ; DATA XREF: CommandBar_Creater

; =============== S U B R O U T I N E =======================================

; Attributes: thunk

; BOOL __stdcall sub_11218(HWND hwndCB, DWORD dwFlags, DWORD dwReserved)
sub_11218
                LDR             R12, =CommandBar_AddAdornments
                LDR             PC, [R12]
; End of function sub_11218

; ---------------------------------------------------------------------------
off_11220       DCD CommandBar_AddAdornments ; DATA XREF: sub_11218r
                ALIGN 0x200
                % 0xC00
; .text         ends

; Section 2. (virtual address 00002000)
; Virtual size                  : 00000074 (    116.)
; Section size in file          : 00000200 (    512.)
; Offset to raw data for section: 00000800
; Flags C0000040: Data Readable Writable
; Alignment     : default
; ===========================================================================

; Segment type: Pure data
                AREA .data, DATA, ALIGN=4
                ; ORG 0x12000
unk_12000       DCB    1                ; DATA XREF: HEADER:00010108o
                                        ; HEADER:00010204o ...
                DCB    0
                DCB    0
                DCB    0
                DCD 0x11134
                DCB    0
                DCB    0
                DCB    0
                DCB    0
                DCB    0
                DCB    0
                DCB    0
                DCB    0
dword_12010     DCD 0                   ; DATA XREF: .text:00011010w
                                        ; .text:loc_11164o ...
                ALIGN 8
                DCB    0
                DCB    0
                DCB    0
                DCB    0
                DCB    5
                DCB    0
                DCB    0
                DCB    0
                DCB    0
                DCB    0
                DCB    0
                DCB    0
dword_12024     DCD 0x13028             ; DATA XREF: .text:00011080r
asc_12028       DCB "F",0,"A",0,"S",0,"M",0,"W",0,"I",0,"N",0,"C",0,"E",0,0,0
aWinceProgramTe unicode 0, <WinCE program template>,0 ; DATA XREF: .text:0001107Co
                                        ; .text:lpWindowNameo ...
                ALIGN 4
dword_1206C     DCD 0                   ; DATA XREF: .text:00011034o
                                        ; .text:00011038w ...
dword_12070     DCD 0                   ; DATA XREF: .text:00011048o
                                        ; .text:0001104Cw ...
                ALIGN 0x1000
; .data         ends

;
; Imports from COREDLL.dll
;
; Section 3. (virtual address 00003000)
; Virtual size                  : 000001A8 (    424.)
; Section size in file          : 00000200 (    512.)
; Offset to raw data for section: 00000A00
; Flags C0000060: Text Data Readable Writable
; Alignment     : default
; ===========================================================================

; Segment type: Externs
; ATOM __stdcall RegisterClassW(const WNDCLASSW *lpWndClass)
                IMPORT __imp_RegisterClassW ; DATA XREF: HEADER:000101B0o
                                        ; RegisterClassWo ...
; int __stdcall GetSystemMetrics(int nIndex)
                IMPORT __imp_GetSystemMetrics ; DATA XREF: GetSystemMetricso
                                        ; .text:off_111A8o
; HWND __stdcall CreateWindowExW(DWORD dwExStyle, LPCWSTR lpClassName, LPCWSTR lpWindowName, DWORD dwStyle, int X, int Y, int nWidth, int nHeight, HWND hWndParent, HMENU hMenu, HINSTANCE hInstance, LPVOID lpParam)
                IMPORT __imp_CreateWindowExW ; DATA XREF: CreateWindowExWo
                                        ; .text:off_111B4o
; BOOL __stdcall ShowWindow(HWND hwnd, INT nCmdShow)
                IMPORT __imp_ShowWindow ; DATA XREF: ShowWindowo
                                        ; .text:off_111C0o
; BOOL __stdcall UpdateWindow(HWND hwnd)
                IMPORT __imp_UpdateWindow ; DATA XREF: UpdateWindowo
                                        ; .text:off_111CCo
; BOOL __stdcall GetMessageW(LPMSG lpMsg, HWND hWnd, UINT wMsgFilterMin, UINT wMsgFilterMax)
                IMPORT __imp_GetMessageW ; DATA XREF: GetMessageWo
                                        ; .text:off_111D8o
; BOOL __stdcall TranslateMessage(const MSG *pMsg)
                IMPORT __imp_TranslateMessage ; DATA XREF: TranslateMessageo
                                        ; .text:off_111E4o
; LONG __stdcall DispatchMessageW(const MSG *lpMsg)
                IMPORT __imp_DispatchMessageW ; DATA XREF: DispatchMessageWo
                                        ; .text:off_111F0o
; void __stdcall PostQuitMessage(int nExitCode)
                IMPORT __imp_PostQuitMessage ; DATA XREF: PostQuitMessageo
                                        ; .text:off_111FCo
; LRESULT __stdcall DefWindowProcW(HWND hWnd, UINT Msg, WPARAM wParam, LPARAM lParam)
                IMPORT __imp_DefWindowProcW ; DATA XREF: DefWindowProcWo
                                        ; .text:off_11208o
;
; Imports from commctrl.dll
;
; HWND __stdcall CommandBar_Create(HINSTANCE hInst, HWND hwndParent, int idCmdBar)
                IMPORT __imp_CommandBar_Create ; DATA XREF: CommandBar_Createo
                                        ; .text:off_11214o
; BOOL __stdcall CommandBar_AddAdornments(HWND hwndCB, DWORD dwFlags, DWORD dwReserved)
                IMPORT CommandBar_AddAdornments ; DATA XREF: sub_11218o
                                        ; .text:off_11220o

                END start    
Post 06 Jan 2020, 06:33
View user's profile Send private message Send e-mail Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 20451
Location: In your JS exploiting you and your system
revolution 06 Jan 2020, 06:36
The "uses" caluse needs square brackets around the arguments.
Code:
proc Start base sp uses[r0-r12,r14]    
Post 06 Jan 2020, 06:36
View user's profile Send private message Visit poster's website Reply with quote
guignol



Joined: 06 Dec 2008
Posts: 763
guignol 06 Jan 2020, 22:49
why?
Post 06 Jan 2020, 22:49
View user's profile Send private message Reply with quote
ProMiNick



Joined: 24 Mar 2012
Posts: 804
Location: Russian Federation, Sochi
ProMiNick 07 Jan 2020, 01:47
Code:
format PE GUI
entry start

include 'wince.inc'
macro invoke name,args& { apscall indirect.#name,args }

ID_CMDBAR = 1000

section '.text' code readable executable
  ;start:
proc start base sp uses [r0,lr]
        ;locals
        ;        db $20 dup ?
        ;endl
        ldr     r6, [start.local.lpwc]
        invoke  RegisterClassW, r6
        ;nop
        ;nop
        mov     r1, r0, lsl#16
        movs    r0, r1, lsr#16
        ;addeq   sp, $20
        ldmeqfd sp!,{r0,pc}
        invoke  GetSystemMetrics, SM_CXSCREEN
        ;ldr     r1, [start.local.lpxscreen]
        ;str     r0, [r1]
        mov     r4, r0
        invoke  GetSystemMetrics, SM_CYSCREEN
        ;ldr     r1, [start.local.lpyscreen]
        ;str     r0, [r1]
        mov     r7, r0
        mov     r0, #0
        ldr     r5, [r6,WNDCLASS.hInstance]
        ldr     r1, [r6,WNDCLASS.lpszClassName]
        ldr     r2, [start.local.lp_title]
        ;sub     sp, $20
        ;str     r0, [sp,#$1C]
        ;str     r5, [sp,#$18]
        ;str     r0, [sp,#$14]
        ;str     r0, [sp,#$10]
        ;str     r7, [sp,#$0C]
        ;str     r4, [sp,#$08]
        ;str     r0, [sp,#$04]
        ;str     r0, [sp,#$00]
        invoke  CreateWindowExW,r0,r1,r2,WS_VISIBLE,r0,r0,r4,r7,r0,r0,r5,r0
        ;add     sp, $20
        movs    r4, r0
        ;addeq   sp, $20
        ldmeqfd sp!,{r0,pc}
        invoke  ShowWindow, r4,r9
        invoke  UpdateWindow, r4
  .msg_loop:
        adr     r0, .msg
        invoke  GetMessageW,r0,0,0,0
        cmp     r0, 0
        beq     .end_loop
        adr     r0, .msg
        invoke  TranslateMessage,r0
        adr     r0, .msg
        invoke  DispatchMessageW,r0
        b       .msg_loop
  .msg MSG
  .end_loop:
        ldr     r0, [.msg.wParam]
        ret
endp
start.local.lpwc        dw wc
start.local.lp_title    dw _title
;start.local.lpxscreen   dw xscreen
;start.local.lpyscreen   dw yscreen
                        ;dw 9 dup (?)
proc WindowProc nospil base sp uses [r4-r8,r11,lr]
        cmp     r1, #WM_DESTROY
        moveq   r0, #0
        moveq   r12, 8
        bleq    indirect.PostQuitMessage
        moveq   r0, #0
        ldmeqfd sp!,{r4-r8,r11,pc}
        cmp     r1, #WM_CREATE
        bleq    .wmcreate
        mov     r12, 9
        bl      indirect.DefWindowProcW
        ldmfd   sp!,{r4-r8,r11,pc}
  .wmcreate:
        ldr     r6, [WindowProc.local.lpwc.hInstance]
        mov     r1, r0
        ldr     r0, [r6]
        mov     r12, 10
        invoke  CommandBar_Create,r0,r1,1000
        mov     r12, 11
        invoke  CommandBar_AddAdornments,r0,0,0
        ret
endp
WindowProc.local.lpwc.hInstance dw wc.hInstance

;indirect.RegisterClassW:
;        ldr     r12, [pc]
;        ldr     pc, [r12]
;        dw      RegisterClassW

;indirect.GetSystemMetrics:
;        ldr     r12, [pc]
;        ldr     pc, [r12]
;        dw      GetSystemMetrics

;indirect.CreateWindowExW:
;        ldr     r12, [pc]
;        ldr     pc, [r12]
;        dw      CreateWindowExW

;indirect.ShowWindow:
;        ldr     r12, [pc]
;        ldr     pc, [r12]
;        dw      ShowWindow

;indirect.UpdateWindow:
;        ldr     r12, [pc]
;        ldr     pc, [r12]
;        dw      UpdateWindow

;indirect.GetMessageW:
;        ldr     r12, [pc]
;        ldr     pc, [r12]
;        dw      GetMessageW

;indirect.TranslateMessage:
;        ldr     r12, [pc]
;        ldr     pc, [r12]
;        dw      TranslateMessage

;indirect.DispatchMessageW:
;        ldr     r12, [pc]
;        ldr     pc, [r12]
;        dw      DispatchMessageW

;indirect.PostQuitMessage:
;        ldr     r12, [pc]
;        ldr     pc, [r12]
;        dw      PostQuitMessage

;indirect.DefWindowProcW:
;        ldr     r12, [pc]
;        ldr     pc, [r12]
;        dw      DefWindowProcW

;indirect.CommandBar_Create:
;        ldr     r12, [pc]
;        ldr     pc, [r12]
;        dw      CommandBar_Create

;indirect.CommandBar_AddAdornments:
;        ldr     r12, [pc]
;        ldr     pc, [r12]
;        dw      CommandBar_AddAdornments



section '.data' data readable writeable
        wc WNDCLASS 1,WindowProc,0,0,PE_IMAGE_BASE,NULL,NULL,COLOR_BTNFACE+1+$40000000,NULL,_class
        _class TCHAR 'FASMWINCE',0
        _title TCHAR 'WinCE program template',0
        ;_error TCHAR 'Startup failed.',0
        align 4
        ;xscreen dw ?
        ;yscreen dw ?

section '.idata' import data readable writeable

;macro extend_import [labl] {}

  library coredll,'COREDLL.DLL',\
          commctrl,'COMMCTRL.DLL'

  include 'os specific/windows/api/armce/coredll.inc'
  include 'os specific/windows/api/armce/commctrl.inc'    

I reproduce donor code exactly same and after comment rudiments left from donor

Only left to make it closer to win32 template code, and may be make start not as procedure but end it with ExitThread (because ExitProcess dosn`t exist in wince)

Image

_________________
I don`t like to refer by "you" to one person.
My soul requires acronim "thou" instead.


Last edited by ProMiNick on 08 Dec 2020, 15:37; edited 1 time in total
Post 07 Jan 2020, 01:47
View user's profile Send private message Send e-mail Reply with quote
ProMiNick



Joined: 24 Mar 2012
Posts: 804
Location: Russian Federation, Sochi
ProMiNick 07 Jan 2020, 14:23
revolution, I almost liked result (It is very similar to x86|64 template example):
Code:
format PE GUI
entry start

include 'wince.inc'
macro invoke name,args& { apscall indirect.#name,args }

ID_CMDBAR = 1000

section '.text' code readable executable
  start:
;proc start base sp uses [r0,lr]
        ldr     r6, [start.local.lpwc]
        invoke  RegisterClassW, r6
        mov     r1, r0, lsl#16
        movs    r0, r1, lsr#16
        beq     .error

        invoke  GetSystemMetrics, SM_CXSCREEN ; wince specific - all apps usualy fullscreaned and its display sizes vary from device to device
        mov     r4, r0
        invoke  GetSystemMetrics, SM_CYSCREEN ;
        mov     r7, r0

        mov     r0, #0
        ldr     r5, [r6,WNDCLASS.hInstance]
        ldr     r1, [r6,WNDCLASS.lpszClassName]
        ldr     r2, [start.local.lp_title]
        invoke  CreateWindowExW,r0,r1,r2,WS_VISIBLE,r0,r0,r4,r7,r0,r0,r5,r0
        movs    r4, r0
        beq     .error

        invoke  ShowWindow, r4,r9 ; wince specific: without it nothing work
        invoke  UpdateWindow, r4

  .msg_loop:
        adr     r0, .msg
        invoke  GetMessageW,r0,0,0,0
        cmp     r0, 1
        bhi     .msg_loop
        blo     .end_loop
        adr     r0, .msg
        invoke  TranslateMessage,r0
        adr     r0, .msg
        invoke  DispatchMessageW,r0
        b       .msg_loop

  .msg MSG

  .error:
        ldr     r1, [start.local.lp_error]
        invoke  MessageBoxW,0,r1,0,MB_ICONERROR+MB_OK
  .end_loop:
        ldr     r0, [.msg.wParam]
        invoke  ExitThread,r0
        ;ret
;endp
start.local.lpwc        dw wc
start.local.lp_title    dw _title
start.local.lp_error    dw _error

proc WindowProc nospil base sp uses [r4-r8,r11,lr]
        cmp     r1, #WM_DESTROY
        beq     .wmdestroy
        cmp     r1, #WM_CREATE
        beq     .wmcreate
  .defwndproc:
        invoke  DefWindowProcW,r0,r1,r2,r3
        b       .finish
  .wmcreate:
        ldr     r6, [WindowProc.local.lpwc.hInstance]
        mov     r1, r0
        ldr     r0, [r6]
        invoke  CommandBar_Create,r0,r1,ID_CMDBAR
        invoke  CommandBar_AddAdornments,r0,0,0
        b       .processed
  .wmdestroy:
        invoke  PostQuitMessage,0
  .processed:
        mov     r0, #0
  .finish:
        ret
endp
WindowProc.local.lpwc.hInstance dw wc.hInstance

section '.data' data readable writeable
        _class TCHAR 'FASMWINCE',0
        _title TCHAR 'WinCE program template',0
        _error TCHAR 'Startup failed.',0
        align 4
        wc WNDCLASS 1,WindowProc,0,0,PE_IMAGE_BASE,NULL,NULL,COLOR_BTNFACE+1+$40000000,NULL,_class

section '.idata' import data readable writeable

  library coredll,'COREDLL.DLL',\
          commctrl,'COMMCTRL.DLL'     


what dissapoint me is only
Code:
proc WindowProc nospil base sp uses [r4-r8,r11,lr]    

i can`t override it as
Code:
proc WindowProc nospil base sp uses [r4-r8,r11,lr], hwnd,wmsg,wparam,lparam    

because assembler adds r0-r3 to preserved registers but in ret restoring them not implemented - this makes stack pointer broken.
Post 07 Jan 2020, 14:23
View user's profile Send private message Send e-mail Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 20451
Location: In your JS exploiting you and your system
revolution 07 Jan 2020, 17:56
ProMiNick wrote:
what dissapoint me is only
Code:
proc WindowProc nospil base sp uses [r4-r8,r11,lr]    

i can`t override it as
Code:
proc WindowProc nospil base sp uses [r4-r8,r11,lr], hwnd,wmsg,wparam,lparam    

because assembler adds r0-r3 to preserved registers but in ret restoring them not implemented - this makes stack pointer broken.
That is probably a bug in the macros. The assembler doesn't have any notion of preserved registers.
Post 07 Jan 2020, 17:56
View user's profile Send private message Visit poster's website Reply with quote
ProMiNick



Joined: 24 Mar 2012
Posts: 804
Location: Russian Federation, Sochi
ProMiNick 07 Jan 2020, 20:35
revolution, no bug. keyword is nospill not nospil
Post 07 Jan 2020, 20:35
View user's profile Send private message Send e-mail Reply with quote
ProMiNick



Joined: 24 Mar 2012
Posts: 804
Location: Russian Federation, Sochi
ProMiNick 07 Jan 2020, 21:42
so, PEDEMO & TEMPLATE ported.
next one DLL(ERRORMSG & LASTERR)

LASTERR.EXE can be build simply:
Code:
format PE GUI 4.0
entry start

include 'wince.inc'
macro invoke name,args& { apscall indirect.#name,args }

section '.text' code readable executable

  start:
        invoke  SetLastError,0
        invoke  ShowLastError,HWND_DESKTOP
        invoke  ExitThread,0

section '.idata' import data readable writeable

  library coredll,'COREDLL.DLL',\
          errormsg,'ERRORMSG.DLL'

  include 'os specific/windows/api/armce/coredll.inc'

  import errormsg,\
         ShowLastError,'ShowLastError'    


but with ERRORMSG.DLL I had a problem:
Code:
; DLL creation example

format PE GUI 4.0 DLL
entry DllEntryPoint

include 'wince.inc'
macro invoke name,args& { apscall indirect.#name,args }

section '.text' code readable executable

proc DllEntryPoint nospill base sp,hinstDLL,fdwReason,lpvReserved
        mov     r0,TRUE
        ret
endp

; VOID ShowErrorMessage(HWND hWnd,DWORD dwError);
proc ShowErrorMessage base sp,hWnd,dwError
  locals
        lpBuffer dw ?
  endl
        lea     r0,[lpBuffer]
        invoke  FormatMessageW,FORMAT_MESSAGE_ALLOCATE_BUFFER+FORMAT_MESSAGE_FROM_SYSTEM,0,r1,LANG_NEUTRAL,r0,0,0
        ldr     r1, [lpBuffer]
        ldr     r0, [hWnd]
        invoke  MessageBoxW,r0,r1,NULL,MB_ICONERROR+MB_OK
        ldr     r0, [lpBuffer]
        invoke  LocalFree,r0
        ret
endp

; VOID ShowLastError(HWND hWnd);
proc ShowLastError base sp,hWnd
        invoke  GetLastError
        mov     r1,r0
        ldr     r0, [hWnd]
        apscall ShowErrorMessage,r0,r1
        ret
endp

section '.idata' import data readable writeable

  library coredll,'COREDLL.DLL'

  include 'os specific/windows/api/armce/coredll.inc'

section '.edata' export data readable

  export 'ERRORMSG.DLL',\
         ShowErrorMessage,'ShowErrorMessage',\
         ShowLastError,'ShowLastError'

section '.reloc' fixups data readable discardable    


with payload logic all is OK - content of this example will go to final release without any changes.
Problem is in exports macro - and I cant understand why. Tomasz, revolution, I need your help: "What in case of ARM may went wrong in exports macroset? Thanks"

relocs looks like not problem - relocs with HIGHLOW type share same type for whole set of platforms supported by PE and I don`t use ARM specific trick instructions that need ARM exotic reloc types.
Post 07 Jan 2020, 21:42
View user's profile Send private message Send e-mail Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 20451
Location: In your JS exploiting you and your system
revolution 08 Jan 2020, 01:58
ProMiNick wrote:
Problem is in exports macro - and I cant understand why. Tomasz, revolution, I need your help: "What in case of ARM may went wrong in exports macroset? Thanks"
Please explain the problem.
Post 08 Jan 2020, 01:58
View user's profile Send private message Visit poster's website Reply with quote
ProMiNick



Joined: 24 Mar 2012
Posts: 804
Location: Russian Federation, Sochi
ProMiNick 08 Jan 2020, 07:04
All goes within https://www.dropbox.com/s/xnhr6ru0fvlb4i2/fasmw17321COMFRIENDLY.zip?dl=0 there are FASMWARM.EXE and includes ecosystem, I open in it file "\EXAMPLES\WINCE\DLL\ERRORMSG.ASM" and tryed to compile.
I got "Error:value out of range" "export.inc [43]: load v1?1Sw from str1?1Su+%-1"
that is all
Post 08 Jan 2020, 07:04
View user's profile Send private message Send e-mail Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 20451
Location: In your JS exploiting you and your system
revolution 08 Jan 2020, 09:40
I can't access dropbox from my location. Can you post a minimal example exposing the problem.

Edit: I briefly switched to a proxy via my VPN (and bypassed the company firewall (OMG please don't tell them I'm breaking the rules)) and loaded the page. But no way is that going to work with all that JS.
Post 08 Jan 2020, 09:40
View user's profile Send private message Visit poster's website Reply with quote
ProMiNick



Joined: 24 Mar 2012
Posts: 804
Location: Russian Federation, Sochi
ProMiNick 08 Jan 2020, 11:19
thanks revolution when I going prepare to post content of files for thou.

I found it:
Code:
        store dword v1 at names+(z-x)*4
        store dword v2 at names+z*4
        load v1 word from ordinal+z*2
        load v2 word from ordinal+(z-x)*2    


v1 & v2 was defined as dword & word
but in pair
"\INCLUDE\GENERIC\FIX\X86DDEFONARM\BEGIN.INC" & "\INCLUDE\GENERIC\FIX\X86DDEFONARM\END.INC"
I dont process them:
BEGIN.INC:
Code:
dq fix dd
dd fix dw
dw fix dh
rq fix rd
rd fix rw
rw fix rh    


END.INC:
Code:
rw fix rw
rd fix rd
rq fix rq
dw fix dw
dd fix dd
dq fix dq    


I fixed it to
BEGIN.INC:
Code:
dq fix dd
dd fix dw
dw fix dh
rq fix rd
rd fix rw
rw fix rh
dword fix word
word fix hword    


END.INC:
Code:
rw fix rw
rd fix rd
rq fix rq
dw fix dw
dd fix dd
dq fix dq
dword fix dword
word fix word    


And all compiled
Thanks

B.T.W. where I could share in future files so thou could access them?
Post 08 Jan 2020, 11:19
View user's profile Send private message Send e-mail Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 20451
Location: In your JS exploiting you and your system
revolution 08 Jan 2020, 11:32
ProMiNick wrote:
B.T.W. where I could share in future files so thou could access them?
I have *.flatassembler.net whitelisted here. So just post as inline code, or if it is too long as an attachment.

But regardless, I would discourage using external sites. They might be blocked (as is my case) or they might get compromised, or delete the content after some time, or simply cease to exist.
Post 08 Jan 2020, 11:32
View user's profile Send private message Visit poster's website Reply with quote
ProMiNick



Joined: 24 Mar 2012
Posts: 804
Location: Russian Federation, Sochi
ProMiNick 08 Jan 2020, 11:53
I have to fix ShowErrorMessage & ShowLastError they uses calls internaly so they should preserve lr:
Code:
proc ShowErrorMessage base sp uses [lr],hWnd,dwError    
Code:
proc ShowLastError base sp uses [lr],hWnd    


so, here it is - 1st DLL compiled in fasmwarm, and exe using it

as you see in wince no predefined texts for describing errors.

Image

_________________
I don`t like to refer by "you" to one person.
My soul requires acronim "thou" instead.


Last edited by ProMiNick on 08 Dec 2020, 15:29; edited 1 time in total
Post 08 Jan 2020, 11:53
View user's profile Send private message Send e-mail Reply with quote
ProMiNick



Joined: 24 Mar 2012
Posts: 804
Location: Russian Federation, Sochi
ProMiNick 08 Jan 2020, 20:45
revolution, look at code that was produced by fasmwarm from ERRORMSG.ASM
Code:
; BOOL __stdcall DllEntryPoint(HINSTANCE hinstDLL, DWORD fdwReason, LPVOID lpReserved)
                EXPORT DllEntryPoint
DllEntryPoint                           ; DATA XREF: HEADER:000100A8o
                                        ; HEADER:000100ACo ...
                MOV             R0, #1
                BX              LR
; End of function DllEntryPoint    

thats perfect

but than:
Code:
; void __usercall ShowErrorMessage(HWND hWnd@<R0>, int dwError@<R1>)
                EXPORT ShowErrorMessage
ShowErrorMessage                        ; CODE XREF: .text:00011074p
                                        ; DATA XREF: .edata:off_13028o

lpBuffer        = -4

                STMFD           SP!, {R0,R1,LR} ; as expected - we need preserve spilled registers & lr
                SUB             SP, SP, #4 ; reserve space for locals
                ADD             R0, SP, #4+lpBuffer ; lea r0, [sp] as expected because locals at top of stack
                MOV             LR, #0 ; we could pass to stack only register value so init lr with 0
                STR             LR, [SP,#-4] ; go to last param value 0 stored in lr
                STR             LR, [SP,#-8] ; go to last by one param value 0 stored in lr
                STR             R0, [SP,#-0xC] ; go to last by two param value r0
                MOV             R3, LR ; 4th param is zero, get it from lr
                MOV             R2, R1 ; 3rd param is [dwError] stored r1
                MOV             R1, LR ; 2nd param is zero, get it from lr
                MOV             R0, #0x1100 ; 1st param FORMAT_MESSAGE_ALLOCATE_BUFFER+FORMAT_MESSAGE_FROM_SYSTEM
                SUB             SP, SP, #0xC ; in ARM absent of pushes(other then push reg) so after passing params stack updated manualy
                BL              FormatMessageW
                ADD             SP, SP, #0xC ; restore stack 
                LDR             R1, [SP,#4+lpBuffer] ; as expected
                LDR             R0, [SP,#4] ; is STMFD pass regs from hi indexed to lo, if yes all again OK
                MOV             R3, #0x10 ; MB_ICONERROR+MB_OK 
                MOV             R2, #0 ; again perfect
                BL              MessageBoxW
                LDR             R0, [SP,#4+lpBuffer] ; as expected
                BL              LocalFree
                ADD             SP, SP, #0xC ; is STMFD pass regs from hi indexed to lo, if yes retaddr will be at SP
                LDR             R10, [SP+0],#4 ; WTF, here should pe poped PC, not R10 - and I don`t completely understand what this instruction do
; End of function ShowErrorMessage    


same thing with:
Code:
; void __usercall ShowLastError(HWND hWnd<R0>)
                EXPORT ShowLastError
ShowLastError                           ; DATA XREF: .edata:off_13028o
                STMFD           SP!, {R0,LR}
                BL              GetLastError
                MOV             R1, R0
                LDR             R0, [SP]
                BL              ShowErrorMessage
                ADD             SP, SP, #4
                LDR             R10, [SP],#4 ; WTF, here should pe poped PC, not R10 - and I don`t completely understand what this instruction do
                ANDEQ           R0, R0, R0 ; and honesty disassembler dosn`t understand too that previous instruction was function end
                ANDEQ           R0, R0, R0
                ANDEQ           R0, R0, R0    


revolution, I used thour procaps.inc - they produced this bugs

macros in my packege not ideal too... byt thours I thought ideal
can thou help to fix them

what for it is all - I want to produce graphic & internet examples for varios platform & OSes (I choose win32 win64 winCE & kolibri) to show unification of realization of all described.
On simple examples I going to test macros(and rest includes).
sometime ago I willing to add in this list linux based systems, but for me isn`t enought ability of drawing ANY grafic (analog to GDI32.DLL) I willing to draw Windows & controls with appropriate behavior relative to type of desctop (analog to user32.dll) in linux based systems - that information I not gained so I canceled from linux idea.
Post 08 Jan 2020, 20:45
View user's profile Send private message Send e-mail Reply with quote
ProMiNick



Joined: 24 Mar 2012
Posts: 804
Location: Russian Federation, Sochi
ProMiNick 08 Jan 2020, 21:52
temporary I solved problem this way:
Code:
; DLL creation example

format PE GUI 4.0 DLL
entry DllEntryPoint

include 'wince.inc'
macro invoke name,args& { apscall indirect.#name,args }

section '.text' code readable executable

proc DllEntryPoint nospill base sp,hinstDLL,fdwReason,lpvReserved
        mov     r0,TRUE
        ret
endp

; VOID ShowErrorMessage(HWND hWnd,DWORD dwError);
proc ShowErrorMessage base sp uses [lr],hWnd,dwError
  locals
        lpBuffer dw ?
  endl
        lea     r0,[lpBuffer]
        invoke  FormatMessageW,FORMAT_MESSAGE_ALLOCATE_BUFFER+FORMAT_MESSAGE_FROM_SYSTEM,0,r1,LANG_NEUTRAL,r0,0,0
        ldr     r1, [lpBuffer]
        ldr     r0, [hWnd]
        invoke  MessageBoxW,r0,r1,NULL,MB_ICONERROR+MB_OK
        ldr     r0, [lpBuffer]
        invoke  LocalFree,r0
        ret
endp

virtual
        ldr     PC, [sp],4
        load revolutionbugpatch word from $$
end virtual
        store word revolutionbugpatch at $-4

; VOID ShowLastError(HWND hWnd);
proc ShowLastError base sp uses [lr],hWnd
        invoke  GetLastError
        mov     r1,r0
        ldr     r0, [hWnd]
        apscall ShowErrorMessage,r0,r1
        ret
endp
        store word revolutionbugpatch at $-4

section '.idata' import data readable writeable

  library coredll,'COREDLL.DLL'

  include 'os specific/windows/api/armce/coredll.inc'

section '.edata' export data readable

  export 'ERRORMSG.DLL',\
         ShowErrorMessage,'ShowErrorMessage',\
         ShowLastError,'ShowLastError'

section '.reloc' fixups data readable discardable    

outer dll is now fully workable
Post 08 Jan 2020, 21:52
View user's profile Send private message Send e-mail Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2025, Tomasz Grysztar. Also on GitHub, YouTube.

Website powered by rwasa.