flat assembler
Message board for the users of flat assembler.
Index
> Main > The examples section Goto page Previous 1, 2, 3, 4 Next |
Author |
|
vid 14 Dec 2006, 21:42
allright, here is the finished (i hope) example. You can post it Tomasz.
arafael: what exactly is "lib/ld-linux.so.2"? Are you sure it doesn't need initialization, like Windoze's "libcmt.obj"? Maybe we could also add instructions to dynamically link to win32 libc, and statically link to linux libc. EDIT - nasty bug in example fixed. I was using STDCALL EDIT 2 - one more incosistency with signed/unsigned numbers fixed
Last edited by vid on 15 Dec 2006, 12:09; edited 6 times in total |
|||||||||||
14 Dec 2006, 21:42 |
|
vid 14 Dec 2006, 23:46
no, i meant statical linking to libc for linux. But i think there is no reason to do that...
|
|||
14 Dec 2006, 23:46 |
|
MichaelH 15 Dec 2006, 01:09
Follow up to detour_example.exe problem
RedGhost Below are the disassembly of the functions in user32.dll for both Windows XP with and without SP2. As you can see MessageBoxA calls MessageBoxExA which does the work. Unfortunately MessageBoxA can not be used in Windows XP without SP2. I changed your example to point to MessageBoxExA and everything works as expected. Whether you want to change your code is up to you but it would be good if all worked. Great example, thank you very much. Vid I think this thread needs it's own forum. Can you split all the different programs into there own threads. A lot of work I know but it's really needed as thing are already out of control in this thread. Windows XP SP2 Code: * Export: MessageBoxA, 01DD 77D8050B: 8BFF mov edi, edi 77D8050D: 55 push ebp 77D8050E: 8BEC mov ebp, esp ........... Export: MessageBoxExA, 01DE 77D8057D: 8BFF mov edi, edi 77D8057F: 55 push ebp 77D80580: 8BEC mov ebp, esp 77D80582: 6AFF push FFFFFFFF 77D80584: FF7518 push dword ptr [ebp+18] 77D80587: FF7514 push dword ptr [ebp+14] 77D8058A: FF7510 push dword ptr [ebp+10] 77D8058D: FF750C push dword ptr [ebp+0C] 77D80590: FF7508 push dword ptr [ebp+08] 77D80593: E8505A0100 call 77D95FE8 77D80598: 5D pop ebp 77D80599: C21400 ret 0014 77D8059C: 90 nop 77D8059D: 90 nop 77D8059E: 90 nop 77D8059F: 90 nop 77D805A0: 90 nop Windows XP NO SP Code: * Export: MessageBoxA, 01DD 77D6ADD7: 833DC4D3D97700 cmp dword ptr [77D9D3C4], 00000000 77D6ADDE: 0F85377E0100 jne 77D82C1B * Jump: 77D82C33(C), 77D82C43(U) 77D6ADE4: 6A00 push 00000000 77D6ADE6: FF742414 push dword ptr [esp+14] 77D6ADEA: FF742414 push dword ptr [esp+14] 77D6ADEE: FF742414 push dword ptr [esp+14] 77D6ADF2: FF742414 push dword ptr [esp+14] 77D6ADF6: E803000000 call 77D6ADFE 77D6ADFB: C21000 ret 0010 * Call: 77D6ADF6 * Export: MessageBoxExA, 01DE 77D6ADFE: 55 push ebp 77D6ADFF: 8BEC mov ebp, esp 77D6AE01: 6AFF push FFFFFFFF 77D6AE03: FF7518 push dword ptr [ebp+18] 77D6AE06: FF7514 push dword ptr [ebp+14] 77D6AE09: FF7510 push dword ptr [ebp+10] 77D6AE0C: FF750C push dword ptr [ebp+0C] 77D6AE0F: FF7508 push dword ptr [ebp+08] 77D6AE12: E804000000 call 77D6AE1B 77D6AE17: 5D pop ebp 77D6AE18: C21400 ret 0014 |
|||
15 Dec 2006, 01:09 |
|
vid 15 Dec 2006, 01:28
MichaelH: i can move releated posts to new thread in Windows section
|
|||
15 Dec 2006, 01:28 |
|
MichaelH 15 Dec 2006, 01:53
OK
I think this idea of Thomasz is excellient. Wouldn't it be cool if we had a system like http://www.codeproject.com/ where you can vote on the value of articles/code? |
|||
15 Dec 2006, 01:53 |
|
vid 15 Dec 2006, 02:01
well, it's true that we still lack something for articles... you could post idea in feedback section
|
|||
15 Dec 2006, 02:01 |
|
arafel 15 Dec 2006, 02:13
vid wrote: what exactly is "lib/ld-linux.so.2"? Are you sure it doesn't need initialization, like Windoze's "libcmt.obj"? ld-linux.so.2 is a default dynamic linker which initializes all the stuff need by the application. It's required for dynamically linked ELFs. For static linking the '-static' switch (+ linking against crt0.o and such) will probably do the trick. Though I never did this directly with ld, so I am not sure about the exact command line. |
|||
15 Dec 2006, 02:13 |
|
vid 15 Dec 2006, 02:16
someone could write example using win32 SEH. I haven't seen such.
|
|||
15 Dec 2006, 02:16 |
|
kohlrak 15 Dec 2006, 05:35
No more giving back...
Last edited by kohlrak on 07 Aug 2008, 15:04; edited 1 time in total |
|||
15 Dec 2006, 05:35 |
|
RedGhost 15 Dec 2006, 05:46
MichaelH, thanks, but I polled about 30 people, from #fasm, to #CSharp, to #C and I could not find a single person with XP pre-SP2 (as it's highly unsafe), and the only other OS I could find was Windows 2000, so I added support for that. I updated the source to include disassembly from both versions and what it's been tested on, the only way to make it work for every kernel is via a length disassembly engine. Thanks for the post.
_________________ redghost.ca |
|||
15 Dec 2006, 05:46 |
|
RedGhost 15 Dec 2006, 08:14
vid wrote: someone could write example using win32 SEH. I haven't seen such. FASM SEH example. Adds an exception handler, breakpoints, handles the exception and continues execution, then creates a fatal exception. The exception handler displays all the exception info to the user. Edit: Updated to also create a hardware breakpoint with the Debug registers. Edit: New thread http://board.flatassembler.net/topic.php?p=49484#49484
_________________ redghost.ca Last edited by RedGhost on 15 Dec 2006, 19:45; edited 4 times in total |
|||||||||||
15 Dec 2006, 08:14 |
|
vid 15 Dec 2006, 11:55
thanks RedGhost.
I changed it slightly - added few comments, changed imports to ones using macros (importing without macros can be separate example more focusing on this), and changed formatting string for nicer output. If you dislike any of changes just let me know, i will change it back. by the way: what is "SetUnhandledExceptionFilter" to [fs:0] structure? is it same?
|
|||||||||||
15 Dec 2006, 11:55 |
|
vid 15 Dec 2006, 12:12
kohlrak: you have some misconception about "executable" flag in your example
|
|||
15 Dec 2006, 12:12 |
|
RedGhost 15 Dec 2006, 14:49
vid, I updated with the nicer text formatting, should have done from the start, thanks. I also added hardware breakpointing to one of the exception examples (Debug registers). About the imports, as Tomasz said in the start of the thread he wants examples on new things as well as other styles. My style uses no macros besides "struc", building the import table yourself produces the same result, and you see the exact generation, so this is my preference.
Yes [fs:$0] which is the start of the TEB contains the SEH chain which SetUnhandledExceptionFilter modifies. try / catch block override this filter. This is why AddVectoredExceptionHandler was introduced. _________________ redghost.ca Last edited by RedGhost on 15 Dec 2006, 16:15; edited 1 time in total |
|||
15 Dec 2006, 14:49 |
|
vid 15 Dec 2006, 15:48
RedGhost: i thought that about imports. I just think that every example should focus on just one thing, and keep others simple (standard). But yes, it's your preference.
|
|||
15 Dec 2006, 15:48 |
|
vid 15 Dec 2006, 18:10
tomasz: one more: http://board.flatassembler.net/topic.php?t=6371
it's mixing C and ASM. This has been questioned and answered many times, but there was no centralized info on this. So here is at least an example. |
|||
15 Dec 2006, 18:10 |
|
kohlrak 15 Dec 2006, 20:56
vid wrote: kohlrak: you have some misconception about "executable" flag in your example I put that in there the way that i saw the executable flag. Irregardless, it works just fine without the flag. And because of that, i really don't understand the point in the flag, and i consider it a hinderance if you want your variables to be in the same section (which i'm guession each seperate section counts as a seperage segment, so i'd personally prefer keeping it all one section to prevent having to use far pointers). |
|||
15 Dec 2006, 20:56 |
|
vid 15 Dec 2006, 22:01
it works ON YOUR PROCESSOR! It might not work on different processor, which supports protecting page against execution.
Another misconception is that you need far pointer to access different section. No you don't. There are no far pointers at all in win32, it's flat model. |
|||
15 Dec 2006, 22:01 |
|
OzzY 16 Dec 2006, 03:02
What about an examples/tutorials wiki for FASM?
|
|||
16 Dec 2006, 03:02 |
|
Goto page Previous 1, 2, 3, 4 Next < Last Thread | Next Thread > |
Forum Rules:
|
Copyright © 1999-2025, Tomasz Grysztar. Also on GitHub, YouTube.
Website powered by rwasa.