flat assembler
Message board for the users of flat assembler.

Index > Main > Bug or my Error???

Author
Thread Post new topic Reply to topic
shism2



Joined: 14 Sep 2005
Posts: 248
shism2 13 Nov 2005, 00:09
Code:
STRUCTURE :

struct PROCESSENTRY32 
        .dwSize                 dd ? 
        .cntUsage               dd ? 
        .th32ProcessID          dd ? 
        .th32DefaultHeapID      dd ? 
        .th32ModuleID           dd ? 
        .cntThreads             dd ? 
        .th32ParentProcessID    dd ? 
        .pcPriClassBase         dd ? 
        .dwFlags                dd ? 
        .szExeFile              rb 260 
ends     





PrE PROCESSENTRY32




Code:
proc _T2  
              mov eax,sizeof.PrE
                [mov PrE.dwSize],eax
        invoke CreateToolhelp32Snapshot,TH32CS_SNAPPROCESS,0
        mov [temp],eax
        invoke Process32First,eax, PrE
        mov ebx,100
        call T2:
        
        ret

 endp

T2:


  
     
   .repeat
 invoke lstrcmp,PrE.szExeFile,szOlly1 <---- New Problem happens here also
        .if eax,e,0
 invoke   OpenProcess,PROCESS_ALL_ACCESS,TRUE,PrE.th32ProcessID 
                mov [handle],eax
                
       
    invoke TerminateProcess,handle,0
         invoke ExitProcess,0
  
        .else
  
        invoke Process32Next,temp,PrE
  
  
          .endif
          dec ebx
  .until ebx,e,0
    



Remaining Problems :

Quote:
flat assembler version 1.64
C:\Documents and Settings\Owner\Desktop\flatpe.asm [63]:
invoke lstrcmp,PrE.szExeFile,szOlly1
C:\WinAsm\Assemblers\fasm\INCLUDE\win32ax.inc [41] invoke [0]:
\{ \reverse pushd <arg>
C:\WinAsm\Assemblers\fasm\INCLUDE\win32ax.inc [37] pushd [27]:
pushd <value>
C:\WinAsm\Assemblers\fasm\INCLUDE\win32ax.inc [109] pushd [41]:
push value
error: undefined symbol.


Quote:
Last problem Fixed :

Kernel32.inc had 2 copys of lstrcmp.

One was wrong it had lstrcmp,lstrcmp <----- delete this one
The right one was lstrcmp,lstrcmpA
Post 13 Nov 2005, 00:09
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 20300
Location: In your JS exploiting you and your system
revolution 13 Nov 2005, 00:42
Code:
STRUCTURE : 

struct PROCESSENTRY32  
        dwSize                 dd ?  
        cntUsage               dd ?  
        th32ProcessID          dd ?  
        th32DefaultHeapID      dd ?  
        th32ModuleID           dd ?  
        cntThreads             dd ?  
        th32ParentProcessID    dd ?  
        pcPriClassBase         dd ?  
        dwFlags                dd ?  
        szExeFile              rb 260  
ends 
    
Don't use the dot if you use the standard STRUCT macro.
Post 13 Nov 2005, 00:42
View user's profile Send private message Visit poster's website Reply with quote
shism2



Joined: 14 Sep 2005
Posts: 248
shism2 13 Nov 2005, 00:44
AH OK thanks didn't know that

Now I have another problem which has never happened to me...


Code:
proc _T2  
mov eax,sizeof.PrE
      mov [PrE.dwSize],eax
        invoke CreateToolhelp32Snapshot,TH32CS_SNAPPROCESS,0
        mov [temp],eax
        invoke Process32First,eax, PrE
        mov ebx,100
        call T2
        
        ret

 endp    


The program compiles BUT when I open the exe in Ollydbg... This part of the code isn't there..


I also tried doing this




Code:


jmp _T2



proc _T2  
mov eax,sizeof.PrE
      mov [PrE.dwSize],eax
        invoke CreateToolhelp32Snapshot,TH32CS_SNAPPROCESS,0
        mov [temp],eax
        invoke Process32First,eax, PrE
        mov ebx,100
        call T2
        
        ret

 endp
    



However when I do that I get this :

Quote:
flat assembler version 1.64
C:\Documents and Settings\Owner\Desktop\flatpe.asm [50]:
mov eax,sizeof.PrE
error: undefined symbol.
Post 13 Nov 2005, 00:44
View user's profile Send private message Reply with quote
LocoDelAssembly
Your code has a bug


Joined: 06 May 2005
Posts: 4624
Location: Argentina
LocoDelAssembly 13 Nov 2005, 03:32
Did you tried "mov eax,sizeof.PROCESSENTRY32"?

When there is no reference to a procedure the procedure is not assembled, that's the reason why you can't see it with Ollydbg
Post 13 Nov 2005, 03:32
View user's profile Send private message Reply with quote
shism2



Joined: 14 Sep 2005
Posts: 248
shism2 13 Nov 2005, 03:44
That's what I was thinking... The fasm asmbeller doesn't add it ..

Nope It still gives me a problem
Post 13 Nov 2005, 03:44
View user's profile Send private message Reply with quote
Reverend



Joined: 24 Aug 2004
Posts: 408
Location: Poland
Reverend 13 Nov 2005, 11:55
1 - in masm you could use 'sizeof variable', in fasm you cannot. But 'struct' macros defines 'sizeof.STRUCTURE' as constant. But remember it's structure's name after 'sizeof.' not variable's name.
2 - you must use '_T2' label somewhere in the file to let fasm include it in executable. Just put somewhere in data 'dd _T2'
Post 13 Nov 2005, 11:55
View user's profile Send private message Visit poster's website Reply with quote
LocoDelAssembly
Your code has a bug


Joined: 06 May 2005
Posts: 4624
Location: Argentina
LocoDelAssembly 13 Nov 2005, 15:23
What problem?

Actually the PROC macro doesn't add the code by doing "if used name".
Post 13 Nov 2005, 15:23
View user's profile Send private message Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2024, Tomasz Grysztar. Also on GitHub, YouTube.

Website powered by rwasa.