flat assembler
Message board for the users of flat assembler.

Index > Main > Executing Opcodes

Goto page Previous  1, 2
Author
Thread Post new topic Reply to topic
vid
Verbosity in development


Joined: 05 Sep 2003
Posts: 7105
Location: Slovakia
vid 26 Oct 2006, 21:47
PAGE_READWRITE works because older processors doesn't have implemented page-execute bit. newer ones have, so PAGE_READWRITE won't work anymore
Post 26 Oct 2006, 21:47
View user's profile Send private message Visit poster's website AIM Address MSN Messenger ICQ Number Reply with quote
Remy Vincent



Joined: 16 Sep 2005
Posts: 155
Location: France
Remy Vincent 27 Oct 2006, 11:55
I have done a very clear tutorial for VIRTUALPROTECT() function. It is very hard to be sure that it is working, without some DEBUG INFORMATION... But the DEBUG INFORMATION are there, prooving that the CODE SEGMENT rights ar really existing, they are really changed too, then they are really restored to previous value!!! it is 100% sure because DEBUG INFORMATION is displaying some "ON THE FLY" informations.

;===== FILES:

FnSubst1.asm
- GPF error when writing to CODE SEGMENT.

FnSubst2.asm
- Many debugging code.
- Writing to CODE SEGMENT works.

FnSubst3.asm
- Many debugging code.
- Writing to CODE SEGMENT works.
- Restoring previous bytes inside CODE SEGMENT works too.

FnSubst4.asm
- No debugging code anymore, so program is shorter.

FnSubst5.asm
- RETF instruction is used instead of JMP instruction.

FnSubst6.asm
- Substituing two functions, using two routines making it all!!


Description: TUTORIAL for VirtualProtect() routine, with many DEBUG INFORMATION...
Download
Filename: FnSubst.zip
Filesize: 17.23 KB
Downloaded: 363 Time(s)

Post 27 Oct 2006, 11:55
View user's profile Send private message Visit poster's website Reply with quote
Remy Vincent



Joined: 16 Sep 2005
Posts: 155
Location: France
Remy Vincent 27 Oct 2006, 11:57
@Vid: SORRY, I have forgotten your last post, so I didn't check if PAGE_READWRITE is working with newer OS... I will check...
Post 27 Oct 2006, 11:57
View user's profile Send private message Visit poster's website Reply with quote
vid
Verbosity in development


Joined: 05 Sep 2003
Posts: 7105
Location: Slovakia
vid 27 Oct 2006, 13:02
let us know them please

by the way, it's matter of hardware, not OS
Post 27 Oct 2006, 13:02
View user's profile Send private message Visit poster's website AIM Address MSN Messenger ICQ Number Reply with quote
Remy Vincent



Joined: 16 Sep 2005
Posts: 155
Location: France
Remy Vincent 29 Oct 2006, 13:41
Code:
FORMAT PE GUI 4.0
ENTRY Start

INCLUDE "C:\Prog\Fasm167\FasmW\INCLUDE\win32a.inc"

; Structure for  VirtualQuery()  function
struct MEMORY_BASIC_INFORMATION
   BaseAddress        dd  ?
   AllocationBase     dd  ?
   AllocationProtect  dd  ?
   RegionSize         dd  ?
   State              dd  ?
   Protect            dd  ?
   Type               dd  ?
ends

SECTION '.data' DATA READABLE WRITEABLE
   ;----- Debugging with usual  MessageBox()  function
   C_DEBUG_1  db  'DEBUG.1',0
   C_DEBUG_2  db  'DEBUG.2',0
   C_DEBUG_3  db  'DEBUG.3',0
;--DEBUG:invoke  MessageBox   ,0,C_DEBUG_1,C_DEBUG_1,MB_OK+MB_ICONEXCLAMATION--

   ;----- Debugging with  GetLastError()  function
   C_LastErrorTitle  db  'LastError INFORMATION...',0
   G_LastError       dd  ?

   ;----- Using  FormatMessage()  higher level function
   C_UsualTagMsg    db  '%1!c!  %2!u!  %3!i!  %4!#X!  %5!#x!  %6!u!  %7!d!  %8!i!',0
   G_USER_Arg_1     dd  ?
   G_USER_Arg_2     dd  ?
   G_USER_Arg_3     dd  ?
   G_USER_Arg_4     dd  ?
   G_USER_Arg_5     dd  ?
   G_USER_Arg_6     dd  ?
   G_USER_Arg_7     dd  ?
   G_USER_Arg_8     dd  ?
   G_FmtMsgBuf240   rb  240
   G_FmtMsgBuf320   rb  320
   G_FmtMsgAutoBuf  dd  ?      ;--- Auto buffer tested only once... It was working well!

   ;----- Debugging with  GetSystemInfo()  function
   C_SysInfoTitle  db  'System INFORMATION...',0
   C_SysInfoMsg    db  'DEBUG:%n%n' ,\
                       'OemId=0x%1!X!  PageSize=0x%2!X!  MinAppAddr=0x%3!X!  MaxAppAddr=0x%4!X!  ' ,\
                       'ActiveProcessorMask=0x%5!X!  NumberOfProcessors=0x%6!X!  ' ,\
                       'ProcessorType=0x%7!X!  AllocationGranularity=0x%8!X!  ' ,\
                       'ProcessorLevel|ProcessorRevision=0x%9!X!',0
   G_SYSTEM_INFO  SYSTEM_INFO  0,0 , 00 , 00,00 , 00,00,00,00 , 0,0

   ;----- Debugging with  VirtualQuery()  function
   C_MemAttribTitle  db  'Memory attribute INFORMATION...',0
   C_MemAttribMsg    db  'BaseAddress=0x%1!X!  AllocationBase=0x%2!X!  AllocationProtect=0x%3!X!  ' ,\
                         'RegionSize=0x%4!X!  State=0x%5!X!  Protect=0x%6!X!  Type=0x%7!X!',0
   C_MemAttribMsgB   db  '%1!s!%n%n' ,\
                         'More debug INFO:%n%n' ,\
                         '( VirtualQuery:  Param1=0x%2!X! )%n%n' ,\
                         '( If changes:  OldProtect=0x%3!X! )',0
   G_MEMORY_BASIC_INFORMATION  MEMORY_BASIC_INFORMATION  00,00 , 00,00,00,00,00


   C_Track01        db  'Music... Track 01',0
   C_Track02        db  'Music... Track 02',0
   C_Track03        db  'Music... Track 03',0
   C_Track04        db  'Music... Track 04',0

   C_Title          db  'OLLLLLD TITLE',0
   C_NewTitle       db  '--------------- NNEEEEEEEEEEWW TIIIIIIITLE ---------------',0

   G_OLD_Protect    dd  0x11114444
   G_ReadWritePtr   dd  ?

   G_KEEP_MyMuBePl  rb  4*3
   G_KEEP_AdjVolLe  rb  4*3

SECTION '.code' CODE READABLE EXECUTABLE
Start:
   ;----- Usual CALL

   stdcall MyMusicBeeingPlayed   ,C_Track01

   ;----- INDIRECT call

   stdcall RedirectCall_INSTALL   ,MyMusicBeeingPlayed,G_KEEP_MyMuBePl,NEW_TITLEPROC
   stdcall MyMusicBeeingPlayed   ,C_Track01
   stdcall RedirectCall_REMOVE   ,G_KEEP_MyMuBePl,MyMusicBeeingPlayed

   ;----- Usual call AGAIN

   stdcall MyMusicBeeingPlayed   ,C_Track01

   push    0
   call    [ExitProcess]


;===============


proc   MyMusicBeeingPlayed   , I_Message
 invoke  MessageBox   ,0,[I_Message],C_Title,MB_OK + MB_ICONEXCLAMATION
 ret
endp

proc   NEW_TITLEPROC   , I_Message
 invoke  MessageBox   ,0,[I_Message],C_NewTitle,MB_OK + MB_ICONEXCLAMATION
 ret
endp

proc   RedirectCall_INSTALL   , I_OldProc , I_KEEP_OldCode , I_NewProc
   ;----- Keep current code
   mov     esi,[I_OldProc]
   mov     edi,[I_KEEP_OldCode]
   movsd
   movsd
   mov     eax,[esi]
   mov     [edi],eax

   ;----- Enable write access
;DEBUG:
stdcall VirtualQuery_FormatMessage_MessageBox   ,Start
   invoke   VirtualProtect   ,[I_OldProc],20,PAGE_READWRITE,G_OLD_Protect
   mov      eax,[I_OldProc]
   mov      [G_ReadWritePtr],eax
;DEBUG:
stdcall VirtualQuery_FormatMessage_MessageBox   ,Start

   ;----- Install JMP
   mov     edi,[G_ReadWritePtr]
   mov     al,0x0E
   stosb     ;--- CODE SEGMENT WRITING, PROBLEM SOLVED!!!
   mov     al,0xB8
   stosb     ;--- Idem, SOLVED!!!
   mov     eax,[I_NewProc]
   stosd     ;--- Idem, SOLVED!!!
   mov     al,0x50
   stosb     ;--- Idem, SOLVED!!!
   mov     al,0xCB
   mov     [edi],al      ;--- Idem, SOLVED!!!

   ;----- Disable write access
   invoke  VirtualProtect   ,[I_OldProc],20,[G_OLD_Protect],G_OLD_Protect
;DEBUG:
stdcall VirtualQuery_FormatMessage_MessageBox   ,Start
stdcall GetLastError_FormatMessage_MessageBox

   ret
endp

proc   RedirectCall_REMOVE   , I_OldCode , I_OldProc
   ;----- Enable write access
   invoke   VirtualProtect   ,[I_OldProc],20,PAGE_READWRITE,G_OLD_Protect

   ;----- Restore previous code
   mov     esi,[I_OldCode]
   mov     edi,[I_OldProc]
   movsd
   movsd
   mov     eax,[esi]
   mov     [edi],eax

   ;----- Disable write access
   invoke  VirtualProtect   ,[I_OldProc],20,[G_OLD_Protect],G_OLD_Protect

   ret
endp

proc   GetLastError_FormatMessage_MessageBox
   ;--invoke   SetLastError   ,2--

   invoke  GetLastError
   MOV     [G_LastError] , EAX

   invoke  FormatMessage   ,FORMAT_MESSAGE_FROM_SYSTEM \
                           ,NULL,[G_LastError],LANG_NEUTRAL \
                           ,G_FmtMsgBuf240,240-1,NULL

   invoke  MessageBox   ,0,G_FmtMsgBuf240,C_LastErrorTitle,MB_OK + MB_ICONEXCLAMATION

   ;----- Auto buffer tested only once... It was working well!
   ;--invoke  LocalFree   ,[G_FmtMsgAutoBuf]--

   ret
endp

proc   VirtualQuery_FormatMessage_MessageBox   , I_Address
   ;----- Get  VirtualQuery()  informations
   invoke  VirtualQuery   ,[I_Address],G_MEMORY_BASIC_INFORMATION,4*7

   ;----- Format message 1
   invoke  FormatMessage   ,FORMAT_MESSAGE_FROM_STRING + FORMAT_MESSAGE_ARGUMENT_ARRAY \
                           ,C_MemAttribMsg,0,LANG_NEUTRAL \
                           ,G_FmtMsgBuf240,240-1,G_MEMORY_BASIC_INFORMATION

   ;----- Prepare parameters for message 2
   mov     [G_USER_Arg_1],G_FmtMsgBuf240

   mov     eax,[I_Address]
   mov     [G_USER_Arg_2],eax

   mov     eax,[G_OLD_Protect]
   mov     [G_USER_Arg_3],eax

   ;----- Format message 2
   invoke  FormatMessage   ,FORMAT_MESSAGE_FROM_STRING + FORMAT_MESSAGE_ARGUMENT_ARRAY \
                           ,C_MemAttribMsgB,0,LANG_NEUTRAL \
                           ,G_FmtMsgBuf320,320-1,G_USER_Arg_1

   ;----- MessageBox
   invoke  MessageBox   ,0,G_FmtMsgBuf320,C_MemAttribTitle,MB_OK + MB_ICONEXCLAMATION

   ret
endp

SECTION '.idata' IMPORT DATA READABLE WRITEABLE

library  kernel , "KERNEL32.DLL" ,\
         user   , "USER32.DLL"

import  kernel ,\
   ExitProcess    , "ExitProcess"    ,\
   FormatMessage  , "FormatMessageA" ,\
   GetLastError   , "GetLastError"   ,\
   GetSystemInfo  , "GetSystemInfo"  ,\
   LocalFree      , "LocalFree"      ,\
   SetLastError   , "SetLastError"   ,\
   VirtualProtect , "VirtualProtect" ,\
   VirtualQuery   , "VirtualQuery"

import  user ,\
   MessageBox , "MessageBoxA"

SECTION '.reloc' FIXUPS DATA READABLE DISCARDABLE
    

I don't understand why VIRTUALQUERY() is not responding with my WINDOWS XP, all fields remain blank,... but with my WINDOWS 98, VIRTUALQUERY() is filling all his usual record... very strange
Post 29 Oct 2006, 13:41
View user's profile Send private message Visit poster's website Reply with quote
okasvi



Joined: 18 Aug 2005
Posts: 382
Location: Finland
okasvi 29 Oct 2006, 14:23
for me, the bigger msgboxes with info from VirtualQuery()'s were empty too, BaseAddress=0x0 ....
xp sp2

maybe using VirtualQueryEx helps? thought it shouldnt have any other difference than making possible to query vmem of other processes, afaik.
Post 29 Oct 2006, 14:23
View user's profile Send private message MSN Messenger Reply with quote
vid
Verbosity in development


Joined: 05 Sep 2003
Posts: 7105
Location: Slovakia
vid 29 Oct 2006, 16:17
you are not checking returned values Exclamation
Post 29 Oct 2006, 16:17
View user's profile Send private message Visit poster's website AIM Address MSN Messenger ICQ Number Reply with quote
f0dder



Joined: 19 Feb 2004
Posts: 3175
Location: Denmark
f0dder 29 Oct 2006, 18:14
Remy Vincent wrote:

I was planning to use the constant: PAGE_EXECUTE_READWRITE
but in fact, this constant is enough: PAGE_READWRITE


Until you try executing on a processor with NX capabilities... so better use the correct flag, PAGE_EXECUTE_READWRITE.


Last edited by f0dder on 29 Oct 2006, 19:57; edited 1 time in total
Post 29 Oct 2006, 18:14
View user's profile Send private message Visit poster's website Reply with quote
Remy Vincent



Joined: 16 Sep 2005
Posts: 155
Location: France
Remy Vincent 29 Oct 2006, 19:28
Sorry, but I can't produce a 100 lines DEMO with VIRTUALQUERY()
or even VIRTUALQUERYEX() working with WINXP... It's so frstrating,
I am using VirtualQueryEx with {GetCurrentProcess & CloseHandle} ,
and it's giving me the expected result on my WIN98, but on my WINXP: no
way... There are some new "concepts & notions" that are much too hard for
me... ALSO VirtualQueryEx with {GetCurrentProcessID} gives me many ZEROS
on both W98 and WXP!

Thank you anyway for you IDEA of using VirtualQueryEx,... I was just stopping
all this kinf of coding
Post 29 Oct 2006, 19:28
View user's profile Send private message Visit poster's website Reply with quote
vid
Verbosity in development


Joined: 05 Sep 2003
Posts: 7105
Location: Slovakia
vid 29 Oct 2006, 19:59
you are not checking returned values Exclamation Exclamation Exclamation

what does the function return?
Post 29 Oct 2006, 19:59
View user's profile Send private message Visit poster's website AIM Address MSN Messenger ICQ Number Reply with quote
Remy Vincent



Joined: 16 Sep 2005
Posts: 155
Location: France
Remy Vincent 29 Oct 2006, 22:03
it's because I use the "on the fly" debug function displaying last error, and the last error is often "no error"... sorry not to check permanently the last error...
Post 29 Oct 2006, 22:03
View user's profile Send private message Visit poster's website Reply with quote
vid
Verbosity in development


Joined: 05 Sep 2003
Posts: 7105
Location: Slovakia
vid 29 Oct 2006, 22:38
you should check for error always in your code, and on error at least display error message
Post 29 Oct 2006, 22:38
View user's profile Send private message Visit poster's website AIM Address MSN Messenger ICQ Number Reply with quote
Remy Vincent



Joined: 16 Sep 2005
Posts: 155
Location: France
Remy Vincent 30 Oct 2006, 12:41
vid wrote:
you should check for error always in your code, and on error at least display error message


I'm sorry, but if you start checking all errors, in fact you are "debugging the OS" you are using... Instead of learning another function of the OS...

How would you store a VirtualQuery() small DEMO program, if you were the creator of a small OS able to handle VirtualQuery() CALL ?? I'am sure that you would do quicly a try, and then in case an error occurs, you would use DEBUG information directly from the OS debug mode tools, instead of adding and adding "return value checking"... That the point: if you add and add returned error checking, in fact you debug the OSwithout any of the usual powerfull tools used to debug an OS!!
Post 30 Oct 2006, 12:41
View user's profile Send private message Visit poster's website Reply with quote
vid
Verbosity in development


Joined: 05 Sep 2003
Posts: 7105
Location: Slovakia
vid 30 Oct 2006, 13:31
oh, sorry. VirtualQuery doesn't return any errors. But others do, like VirtualProtect, and you are not checking these.

by the way:
MSDN reference of VirtualQuery() wrote:

Passing a kernel-mode pointer to this function can result in no information being returned, due to security issues. In this case, the return value is zero.
Post 30 Oct 2006, 13:31
View user's profile Send private message Visit poster's website AIM Address MSN Messenger ICQ Number Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  
Goto page Previous  1, 2

< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2024, Tomasz Grysztar. Also on GitHub, YouTube.

Website powered by rwasa.