flat assembler
Message board for the users of flat assembler.
Index
> Windows > NewBie migrating from MASM... Goto page Previous 1, 2 |
Author |
|
Zani 27 Mar 2005, 02:13
If it helps heres the working MASM code:
Code: Adciona Proc lpWndCap: DWORD, lpBaseAddress: DWORD, lpBuffer: DWORD, nToAdd: DWORD invoke FindWindowExA,0,0,0,lpWndCap invoke GetWindowThreadProcessId,eax,addr Dummy invoke OpenProcess,PROCESS_ALL_ACCESS,FALSE,Dummy mov hProcess,eax .IF eax==FALSE invoke MessageBoxA,0,addr Err_open,addr AppName,MB_ICONWARNING ret .endif invoke ReadProcessMemory,eax,lpBaseAddress,lpBuffer,4,addr Dummy .IF eax==FALSE invoke MessageBoxA,0,addr Err_Read,addr AppName,MB_ICONWARNING .endif mov ecx,nToAdd mov ebx,dword ptr [lpBuffer] add dword ptr [ebx],ecx invoke WriteProcessMemory,hProcess,lpBaseAddress,lpBuffer,4,ADDR Dummy .IF eax==FALSE invoke MessageBoxA,0,addr Err_patch,addr AppName,MB_ICONWARNING .endif invoke CloseHandle,hProcess ret Adciona endp |
|||
27 Mar 2005, 02:13 |
|
Zani 27 Mar 2005, 03:33
Well.... the error is here:
Code: invoke ReadProcessMemory,eax,[lpBaseAddress],[lpBuffer],4,[dummy] the code execute fine and do everything it should .... but when it got here it crashs a fatal error sayng: The memory could not be "written" i believe that theres a problem with the lpBuffer variable... but im not sure....... Any help is welcome Tnx in advance.... |
|||
27 Mar 2005, 03:33 |
|
Zani 27 Mar 2005, 03:50
Here is the full source :
Code: ; Template for simple game trainers ; MASM specific source 28/05/2001 By Zani format PE GUI 4.0 entry start include 'win32a.inc' section '.data' data readable writeable _title db 'BroodWar 1.08 Trainer - By Zanis',0 _class db 'ZanisFASMTrainer',0 _bclass db 'BUTTON',0 _binfo db 'Info',0 _bbout db 'About',0 dbug db 'dbug',0 WndCap db "Brood War",0 Err_patch db "Sorry im not able to write into the process...",0 Err_open db "I cant find the process make sure the game is running.",0 Err_Read db "Sorry im not able to read from the process...",0 nfo db "Use:",0ah db "=========================",0ah db "Press the respective function key to your",0ah db "player number.",0ah db " ",0ah db "eg.",0ah db "To give 5k of Mineral and Gas to player 1",0ah db "press F1, to player 2 use F2 and so on...",0ah db "=========================",0ah db "This trainer was written to be used on 4x4",0ah db "games on The Hunters and may not work",0ah db "with other type/map.",0ah db "=========================",0ah db "Dont use this to cheat on BNET or it will",0ah db "crash the game...enjoy!",0 about db "BroodWar 1.08 Trainer - MultiPlayer",0ah db "======================",0ah db "100% ASM = Simple + Small + Fast",0ah db " ",0ah db " Dont like it?Bite Me!",0ah db " ",0ah db " By Zani",0 hProcess dd 0 mainhwnd dd ? hinstance dd ? dummy dd 0 buffer dd 0 bid dd ? b2id dd ? msg MSG wc WNDCLASS section '.code' code readable executable start: invoke GetModuleHandle,0 mov [hinstance],eax invoke LoadIcon,0,IDI_APPLICATION mov [wc.hIcon],eax invoke LoadCursor,0,IDC_ARROW mov [wc.hCursor],eax mov [wc.style],0 mov [wc.lpfnWndProc],WindowProc mov [wc.cbClsExtra],0 mov [wc.cbWndExtra],0 mov eax,[hinstance] mov [wc.hInstance],eax mov [wc.hbrBackground],COLOR_BTNFACE+1 mov [wc.lpszMenuName],0 mov [wc.lpszClassName],_class invoke RegisterClass,wc invoke CreateWindowEx,0,_class,_title,WS_VISIBLE+WS_MINIMIZEBOX + WS_SYSMENU,CW_USEDEFAULT,CW_USEDEFAULT,220,60,NULL,NULL,[hinstance],NULL mov [mainhwnd],eax invoke CreateWindowEx,0,_bclass,_binfo, WS_VISIBLE + WS_CHILD, 5, 5, 100, 20,[mainhwnd], NULL,[hinstance], NULL mov [bid],eax invoke CreateWindowEx,0,_bclass,_bbout, WS_VISIBLE + WS_CHILD, 110, 5, 100, 20,[mainhwnd], NULL,[hinstance], NULL mov [b2id],eax invoke SetTimer,[mainhwnd],123,500,NULL msg_loop: invoke GetMessage,msg,NULL,0,0 or eax,eax jz end_loop invoke TranslateMessage,msg invoke DispatchMessage,msg jmp msg_loop end_loop: invoke ExitProcess,[msg.wParam] proc WindowProc, hwnd,wmsg,wparam,lparam push ebx esi edi cmp [wmsg],WM_DESTROY je wmdestroy cmp [wmsg],WM_COMMAND je wmcommand cmp [wmsg],WM_TIMER je wmtimer defwndproc: invoke DefWindowProc,[hwnd],[wmsg],[wparam],[lparam] jmp finish wmcommand: mov eax,[lparam] cmp eax,[bid] je info_click cmp eax,[b2id] je bout_click jmp finish info_click: invoke MessageBox,0,nfo,_title,MB_ICONINFORMATION jmp finish bout_click: invoke MessageBox,0,about,_title,MB_ICONINFORMATION jmp finish wmtimer: invoke GetAsyncKeyState,VK_F1 cmp eax,1 je F1_Press invoke GetAsyncKeyState,VK_F2 cmp eax,1 je F2_Press invoke GetAsyncKeyState,VK_F3 cmp eax,1 je F3_Press invoke GetAsyncKeyState,VK_F4 cmp eax,1 je F4_Press invoke GetAsyncKeyState,VK_F5 cmp eax,1 je F5_Press invoke GetAsyncKeyState,VK_F6 cmp eax,1 je F6_Press invoke GetAsyncKeyState,VK_F7 cmp eax,1 je F7_Press invoke GetAsyncKeyState,VK_F8 cmp eax,1 je F8_Press jmp finish F1_Press: push 5000 push buffer push 508718h push WndCap call addval ;invoke addval,WndCap,508718h,buffer,5000 push 5000 push buffer push 508748h push WndCap call addval ;invoke addval,WndCap,508748h,buffer,5000 jmp finish F2_Press: push 5000 push buffer push 50871Ch push WndCap call addval ;invoke addval,WndCap,508718h,buffer,5000 push 5000 push buffer push 50874Ch push WndCap call addval jmp finish ;invoke addval,WndCap,508748h,buffer,5000 F3_Press: push 5000 push buffer push 508720h push WndCap call addval ;invoke addval,WndCap,508718h,buffer,5000 push 5000 push buffer push 508750h push WndCap call addval ;invoke addval,WndCap,508748h,buffer,5000 jmp finish F4_Press: push 5000 push buffer push 508724h push WndCap call addval ;invoke addval,WndCap,508718h,buffer,5000 push 5000 push buffer push 508724h push WndCap call addval jmp finish ;invoke addval,WndCap,508748h,buffer,5000 F5_Press: push 5000 push buffer push 508728h push WndCap call addval ;invoke addval,WndCap,508718h,buffer,5000 push 5000 push buffer push 508758h push WndCap call addval ;invoke addval,WndCap,508748h,buffer,5000 jmp finish F6_Press: push 5000 push buffer push 50872Ch push WndCap call addval ;invoke addval,WndCap,508718h,buffer,5000 push 5000 push buffer push 50875Ch push WndCap call addval jmp finish ;invoke addval,WndCap,508748h,buffer,5000 F7_Press: push 5000 push buffer push 508730h push WndCap call addval ;invoke addval,WndCap,508718h,buffer,5000 push 5000 push buffer push 508760h push WndCap call addval ;invoke addval,WndCap,508748h,buffer,5000 jmp finish F8_Press: push 5000 push buffer push 508734h push WndCap call addval ;invoke addval,WndCap,508718h,buffer,5000 push 5000 push buffer push 508764h push WndCap call addval ;invoke addval,WndCap,508748h,buffer,5000 jmp finish wmdestroy: invoke PostQuitMessage,0 xor eax,eax finish: pop edi esi ebx return endp proc addval,lpWndCap,lpBaseAddress,lpBuffer,nToAdd invoke FindWindow,0,[lpWndCap] invoke GetWindowThreadProcessId,eax,dummy invoke OpenProcess,PROCESS_ALL_ACCESS,FALSE,[dummy] mov [hProcess],eax cmp eax,0 je err_open invoke ReadProcessMemory,eax,[lpBaseAddress],[lpBuffer],4,[dummy] cmp eax,0 je err_read mov ecx,[nToAdd] lea ebx,[lpBuffer] add [ebx],ecx invoke WriteProcessMemory,[hProcess],[lpBaseAddress],[lpBuffer],4,[dummy] cmp eax,0 je err_write invoke CloseHandle,[hProcess] err_read: invoke MessageBox,0,Err_Read,_title,MB_ICONERROR jmp fim err_write: invoke MessageBox,0,Err_patch,_title,MB_ICONERROR jmp fim err_open: invoke MessageBox,0,Err_open,_title,MB_ICONERROR fim: return endp section '.idata' import data readable writeable library kernel32,'KERNEL32.DLL',\ user32,'USER32.DLL' include 'apia\kernel32.inc' include 'apia\user32.inc' tnx... |
|||
27 Mar 2005, 03:50 |
|
coconut 27 Mar 2005, 04:22
zani see this example on a keyboard hook for nt/xp systems, it may prove more efficient than a timer: http://board.flatassembler.net/topic.php?t=1670
i think theres a couple problems looking at the masm source, ill try to correct them as best as i can |
|||
27 Mar 2005, 04:22 |
|
coconut 27 Mar 2005, 04:53
ok here it is, i cannot work around the push/call convention with invoke i dont know how. also i cannot get it to compile with the window caption as a parameter to the addval function, simply hardcore the caption as i did with _notepad. i believe this is a correct translation of the masm source you provided, i would appreciate if anyone seeing this can point out any errors. the main confusing thing for me is the adding part, masm uses the dword ptr [ebx], which i think is simply ebx in fasm syntax:
Code: ; Template for program using standard Win32 headers format PE GUI 4.0 entry start include '%fasminc%\win32a.inc' section '.data' data readable writeable _title db 'Win32 program template',0 _class db 'FASMWIN32',0 mainhwnd dd ? hinstance dd ? buffer dd ? pid dd ? hprocess dd ? _notepad db 'Untitled - Notepad',0 _no_window db 'window not found',0 _no_pid db 'process id error',0 _err_open db 'open error',0 _err_read db 'read error',0 _err_write db 'write error',0 _success db 'success',0 msg MSG wc WNDCLASS section '.code' code readable executable start: invoke GetModuleHandle,0 mov [hinstance],eax invoke LoadIcon,0,IDI_APPLICATION mov [wc.hIcon],eax invoke LoadCursor,0,IDC_ARROW mov [wc.hCursor],eax mov [wc.style],0 mov [wc.lpfnWndProc],WindowProc mov [wc.cbClsExtra],0 mov [wc.cbWndExtra],0 mov eax,[hinstance] mov [wc.hInstance],eax mov [wc.hbrBackground],COLOR_BTNFACE+1 mov [wc.lpszMenuName],0 mov [wc.lpszClassName],_class invoke RegisterClass,wc invoke CreateWindowEx,0,_class,_title,WS_VISIBLE+WS_DLGFRAME+WS_SYSMENU,128,128,192,192,NULL,NULL,[hinstance],NULL mov [mainhwnd],eax msg_loop: invoke GetMessage,msg,NULL,0,0 or eax,eax jz end_loop invoke TranslateMessage,msg invoke DispatchMessage,msg jmp msg_loop end_loop: invoke ExitProcess,[msg.wParam] proc WindowProc, hwnd,wmsg,wparam,lparam push ebx esi edi cmp [wmsg],WM_DESTROY je wmdestroy cmp [wmsg],WM_CREATE je wmcreate defwndproc: invoke DefWindowProc,[hwnd],[wmsg],[wparam],[lparam] jmp finish wmdestroy: invoke PostQuitMessage,0 xor eax,eax jmp finish wmcreate: push 50 push buffer ;push [buffer] ???? push 4871h call addval xor eax,eax finish: pop edi esi ebx return endp proc addval,baseaddr,temp,addend invoke FindWindow,0,_notepad push eax or eax,eax jz .window_not_found pop eax invoke GetWindowThreadProcessId,eax,pid or eax,eax jz .no_pid invoke OpenProcess,PROCESS_ALL_ACCESS,0,[pid] mov [hprocess],eax or eax,eax jz .err_open invoke ReadProcessMemory,[hprocess],[baseaddr],[temp],4,pid or eax,eax jz .err_read mov ecx,[addend] mov ebx,[temp] add ebx,[ecx] invoke WriteProcessMemory,[hprocess],[baseaddr],[temp],4,pid or eax,eax jz .err_write invoke CloseHandle,[hprocess] invoke MessageBox,0,_success,_success,0 jmp .done .window_not_found: invoke MessageBox,0,_no_window,_no_window,0 jmp .done .no_pid: invoke MessageBox,0,_no_pid,_no_pid,0 jmp .done .err_open: invoke MessageBox,0,_err_open,_err_open,0 jmp .done .err_read: invoke MessageBox,0,_err_read,_err_read,0 jmp .done .err_write: invoke MessageBox,0,_err_write,_err_write,0 .done: return endp section '.idata' import data readable writeable library kernel32,'KERNEL32.DLL',\ user32,'USER32.DLL' include '%fasminc%\apia\kernel32.inc' include '%fasminc%\apia\user32.inc' |
|||
27 Mar 2005, 04:53 |
|
JohnFound 27 Mar 2005, 07:36
coconut wrote:
At first you can use "stdcall" instead of "push, call". It will be more consistent with using "invoke" for external functions. Also, the right syntax is [buffer], because visibly "buffer" is the variable keeping the address of the area we want to write: Code: stdcall addval, 4871h, [buffer], 50 Also, you should initialize the value in [buffer] somewhere in the code, because now it will be 0. Regards |
|||
27 Mar 2005, 07:36 |
|
coconut 27 Mar 2005, 14:20
thanks john, id completely overlooked stdcall
|
|||
27 Mar 2005, 14:20 |
|
Zani 27 Mar 2005, 18:36
I have rewritten some parts of the code and now it is working as expected ... here is the working code:
Code: ; Template for simple game trainers ; MASM specific source 28/05/2001 By Zani format PE GUI 4.0 entry start include 'win32a.inc' section '.data' data readable writeable _title db 'BroodWar 1.08 Trainer - By Zanis',0 _class db 'ZanisFASMTrainer',0 _bclass db 'BUTTON',0 _binfo db 'Info',0 _bbout db 'About',0 dbug db 'dbug',0 WndCap db "Brood War",0 Err_patch db "Sorry im not able to write into the process...",0 Err_open db "I cant find the process make sure the game is running.",0 Err_Read db "Sorry im not able to read from the process...",0 nfo db "Use:",0ah db "=========================",0ah db "Press the respective function key to your",0ah db "player number.",0ah db " ",0ah db "eg.",0ah db "To give 5k of Mineral and Gas to player 1",0ah db "press F1, to player 2 use F2 and so on...",0ah db "=========================",0ah db "This trainer was written to be used on 4x4",0ah db "games on The Hunters and may not work",0ah db "with other type/map.",0ah db "=========================",0ah db "Dont use this to cheat on BNET or it will",0ah db "crash the game...enjoy!",0 about db "BroodWar 1.08 Trainer - MultiPlayer",0ah db "======================",0ah db "100% ASM = Simple + Small + Fast",0ah db " ",0ah db " Dont like it?Bite Me!",0ah db " ",0ah db " By Zani",0 hProcess dd 0 mainhwnd dd ? hinstance dd ? dummy dd 0 buffer rd 4 bid dd ? b2id dd ? msg MSG wc WNDCLASS section '.code' code readable executable start: invoke GetModuleHandle,0 mov [hinstance],eax invoke LoadIcon,0,IDI_APPLICATION mov [wc.hIcon],eax invoke LoadCursor,0,IDC_ARROW mov [wc.hCursor],eax mov [wc.style],0 mov [wc.lpfnWndProc],WindowProc mov [wc.cbClsExtra],0 mov [wc.cbWndExtra],0 mov eax,[hinstance] mov [wc.hInstance],eax mov [wc.hbrBackground],COLOR_BTNFACE+1 mov [wc.lpszMenuName],0 mov [wc.lpszClassName],_class invoke RegisterClass,wc invoke CreateWindowEx,0,_class,_title,WS_VISIBLE+WS_MINIMIZEBOX + WS_SYSMENU,CW_USEDEFAULT,CW_USEDEFAULT,220,60,NULL,NULL,[hinstance],NULL mov [mainhwnd],eax invoke CreateWindowEx,0,_bclass,_binfo, WS_VISIBLE + WS_CHILD, 5, 5, 100, 20,[mainhwnd], NULL,[hinstance], NULL mov [bid],eax invoke CreateWindowEx,0,_bclass,_bbout, WS_VISIBLE + WS_CHILD, 110, 5, 100, 20,[mainhwnd], NULL,[hinstance], NULL mov [b2id],eax invoke SetTimer,[mainhwnd],123,500,NULL msg_loop: invoke GetMessage,msg,NULL,0,0 or eax,eax jz end_loop invoke TranslateMessage,msg invoke DispatchMessage,msg jmp msg_loop end_loop: invoke ExitProcess,[msg.wParam] proc WindowProc, hwnd,wmsg,wparam,lparam push ebx esi edi cmp [wmsg],WM_DESTROY je wmdestroy cmp [wmsg],WM_COMMAND je wmcommand cmp [wmsg],WM_TIMER je wmtimer defwndproc: invoke DefWindowProc,[hwnd],[wmsg],[wparam],[lparam] jmp finish wmcommand: mov eax,[lparam] cmp eax,[bid] je info_click cmp eax,[b2id] je bout_click jmp finish info_click: invoke MessageBox,0,nfo,_title,MB_ICONINFORMATION jmp finish bout_click: invoke MessageBox,0,about,_title,MB_ICONINFORMATION jmp finish wmtimer: invoke GetAsyncKeyState,VK_F1 cmp eax,1 je F1_Press invoke GetAsyncKeyState,VK_F2 cmp eax,1 je F2_Press invoke GetAsyncKeyState,VK_F3 cmp eax,1 je F3_Press invoke GetAsyncKeyState,VK_F4 cmp eax,1 je F4_Press invoke GetAsyncKeyState,VK_F5 cmp eax,1 je F5_Press invoke GetAsyncKeyState,VK_F6 cmp eax,1 je F6_Press invoke GetAsyncKeyState,VK_F7 cmp eax,1 je F7_Press invoke GetAsyncKeyState,VK_F8 cmp eax,1 je F8_Press jmp finish F1_Press: push 5000 push buffer push 508718h push WndCap call addval ;invoke addval,WndCap,508718h,buffer,5000 push 5000 push buffer push 508748h push WndCap call addval ;invoke addval,WndCap,508748h,buffer,5000 jmp finish F2_Press: push 5000 push buffer push 50871Ch push WndCap call addval ;invoke addval,WndCap,508718h,buffer,5000 push 5000 push buffer push 50874Ch push WndCap call addval jmp finish ;invoke addval,WndCap,508748h,buffer,5000 F3_Press: push 5000 push buffer push 508720h push WndCap call addval ;invoke addval,WndCap,508718h,buffer,5000 push 5000 push buffer push 508750h push WndCap call addval ;invoke addval,WndCap,508748h,buffer,5000 jmp finish F4_Press: push 5000 push buffer push 508724h push WndCap call addval ;invoke addval,WndCap,508718h,buffer,5000 push 5000 push buffer push 508754h push WndCap call addval jmp finish ;invoke addval,WndCap,508748h,buffer,5000 F5_Press: push 5000 push buffer push 508728h push WndCap call addval ;invoke addval,WndCap,508718h,buffer,5000 push 5000 push buffer push 508758h push WndCap call addval ;invoke addval,WndCap,508748h,buffer,5000 jmp finish F6_Press: push 5000 push buffer push 50872Ch push WndCap call addval ;invoke addval,WndCap,508718h,buffer,5000 push 5000 push buffer push 50875Ch push WndCap call addval jmp finish ;invoke addval,WndCap,508748h,buffer,5000 F7_Press: push 5000 push buffer push 508730h push WndCap call addval ;invoke addval,WndCap,508718h,buffer,5000 push 5000 push buffer push 508760h push WndCap call addval ;invoke addval,WndCap,508748h,buffer,5000 jmp finish F8_Press: push 5000 push buffer push 508734h push WndCap call addval ;invoke addval,WndCap,508718h,buffer,5000 push 5000 push buffer push 508764h push WndCap call addval ;invoke addval,WndCap,508748h,buffer,5000 jmp finish wmdestroy: invoke PostQuitMessage,0 xor eax,eax finish: pop edi esi ebx return endp proc addval,lpWndCap,lpBaseAddress,lpBuffer,nToAdd invoke FindWindow,0,[lpWndCap] invoke GetWindowThreadProcessId,eax,dummy invoke OpenProcess,PROCESS_ALL_ACCESS,FALSE,[dummy] mov [hProcess],eax cmp eax,0 je err_open invoke ReadProcessMemory,eax,[lpBaseAddress],[lpBuffer],4,dummy cmp eax,0 je err_read mov ecx,[nToAdd] mov ebx,[lpBuffer] add [ebx],ecx invoke WriteProcessMemory,[hProcess],[lpBaseAddress],[lpBuffer],4,dummy cmp eax,0 je err_write invoke CloseHandle,[hProcess] jmp fim err_read: invoke MessageBox,0,Err_Read,_title,MB_ICONERROR jmp fim err_write: invoke MessageBox,0,Err_patch,_title,MB_ICONERROR jmp fim err_open: invoke MessageBox,0,Err_open,_title,MB_ICONERROR fim: return endp section '.idata' import data readable writeable library kernel32,'KERNEL32.DLL',\ user32,'USER32.DLL' include 'apia\kernel32.inc' include 'apia\user32.inc' tnx to everyone here ...mainly coconut who have helped a lot... any comments and improvements are welcome... |
|||
27 Mar 2005, 18:36 |
|
coconut 28 Mar 2005, 00:34
your welcome zani, welcome to fasm and the boards
|
|||
28 Mar 2005, 00:34 |
|
coconut 31 Mar 2005, 01:16
zani, i have rewritten the program using a keyboard hook to detect the key presses. this may be more effective than a simple timer and getasynckeystate. i cant test if the hook works on 9x systems. thanks to mike.dld for helping fix the hookproc function. let me know if it works
|
|||||||||||
31 Mar 2005, 01:16 |
|
Zani 31 Mar 2005, 14:16
Wow tnx mate the result is awesome... and yes it works on all windows i have tested including 98,95 ... and tnx for send me a msg telling me about this cause actually dont have enough time during week to mess around with ASM stuff... im system developer so i got lots of works to do and my deadlines are insane but on the weekends i will be here all the time....
Tnx again. |
|||
31 Mar 2005, 14:16 |
|
Goto page Previous 1, 2 < Last Thread | Next Thread > |
Forum Rules:
|
Copyright © 1999-2025, Tomasz Grysztar. Also on GitHub, YouTube.
Website powered by rwasa.