flat assembler
Message board for the users of flat assembler.
Index
> Windows > Question about retrieving memory contents |
Author |
|
Adam Kachwalla 24 Aug 2007, 23:37
StalkFallT wrote: let's go with something simpler: I guess over here you want to know the difference between putting it in .data and DB'ing it anywhere: Putting it in .data allows your program to be smaller in size (when using RBs), because it then loads the data at runtime. Also reduces the need for JMPs. It is similar to placing it right at the end, except memory space for the variables/data is created at runtime.. As for the colon: Code: test: db 'Pneumonoultramicroscopicsilicovolcanoconiosis',0 Code: test db 'Pneumonoultramicroscopicsilicovolcanoconiosis',0 The colon is used for writing things like: Code: test: DB 'Pneumono' DB 'ultra' DB 'microscopic' DB 'silico' DB 'volcano' DB 'conio' DB 'sis' |
|||
24 Aug 2007, 23:37 |
|
StakFallT 24 Aug 2007, 23:53
Awesome, thanks! Nice explanation! So I guess my follow up question is, is using labels to declare stuff considered sloppy, and placing things inside "section"s the better approach, on average? Like when would you really actually need to declare something in a label?
On a slightly side note, I'm picking through the Detours example, it's slow but it's helping a little (so many labels and jumping all around and it sooo hard to tell what can be placed into a proc). I tend to really dislike labels. I really don't like the program having the ability to have it's code-flow flow right into something else without you realizing it. My father is good with that stuff in VB, he'll do labels and jump around all over the place, when I'd prefer to just put something in it's own separate sub or function if necessary and just call it when I need to. This way I don't have pages and pages of code to pass through before I get to look at something I need to. I figure once I've worked with the detours example enough, I should be able to get a better grip on what is actually happening, right now it's so hard to tell.. |
|||
24 Aug 2007, 23:53 |
|
Adam Kachwalla 25 Aug 2007, 03:41
Quote: Awesome, thanks! Nice explanation! So I guess my follow up question is, is using labels to declare stuff considered sloppy, and placing things inside "section"s the better approach, on average? Like when would you really actually need to declare something in a label? It is preferable to use the .data section - only if you want your app to work under Windows and Windows only. You can place labels if you want, but be aware that you will need to do something like: Code: JMP endLbl startLabel DB 'Pneumonoultramicroscopicsilicovolcanoconiosis',0 endLbl It is not a big deal to use labels, though, if you are like me and want to make different ports of your application for different operating systems. Beware that it is very easy to execute the contents of variables! I have, several times, made that mistake of executing a variable! This is why buffer overflow attacks are so common. The original code: Code: JMP eLabel sLabel RB 16 eLabel: ;Some other code Code: JMP eLabel sbLabel DB 'Pneumonoultramic' eLabel: DB 'roscopicsilicovolcanoconiosis' Dangerous security fault |
|||
25 Aug 2007, 03:41 |
|
StakFallT 25 Aug 2007, 03:56
You mean by executing labels, have code-flow flow into the label that's really meant to declare the variable (or you accidentally jump to the label without realizing it was a label used to declare something) right? lol That's exactly what I'm trying to avoid, because I could see how easy it is to do that
So what's with the "data import" line I found in the detours example? A normal line I'm used to seeing is something like this: section '.data' data readable writeable which is usually at the top, I usually have something like this section '.idata' import data readable writeable on the bottom.. But in the detours example, I don't see the "section'.idata' I see this: (just this) "data import" with some code below it is that the same as "section '.data' data readable writeable" ? |
|||
25 Aug 2007, 03:56 |
|
Adam Kachwalla 25 Aug 2007, 06:01
Quote: You mean by executing labels, have code-flow flow into the label that's really meant to declare the variable (or you accidentally jump to the label without realizing it was a label used to declare something) right? lol That's exactly what I'm trying to avoid, because I could see how easy it is to do that The section '.data' data readable writeable line that you see tells FASM to compile the code directly under the line (until it hits section '.code' code readable executable). Also, about your question about the data import line: Code: section '.idata' import data readable writable |
|||
25 Aug 2007, 06:01 |
|
StakFallT 25 Aug 2007, 08:32
but is
Code: data import the same as Code:
section '.idata' import data readable writeable
? |
|||
25 Aug 2007, 08:32 |
|
Adam Kachwalla 25 Aug 2007, 09:11
Yes.
Code: data import library kernel,'KERNEL32.DLL',\ user,'USER32.DLL',\ gdi,'GDI32.DLL',\ dwmapi,'DWMAPI.DLL' import kernel,\ GetModuleHandle,'GetModuleHandleA',\ ExitProcess,'ExitProcess',\ GetLastError,'GetLastError' import user,\ RegisterClass,'RegisterClassA',\ CreateWindowEx,'CreateWindowExA',\ DefWindowProc,'DefWindowProcA',\ SetWindowLong,'SetWindowLongA',\ RedrawWindow,'RedrawWindow',\ GetMessage,'GetMessageA',\ TranslateMessage,'TranslateMessage',\ DispatchMessage,'DispatchMessageA',\ SendMessage,'SendMessageA',\ PostQuitMessage,'PostQuitMessage' ,\ import dwmapi,\ ApplyGlass,'DwmExtendFrameIntoClientArea' end data Code: section '.idata' import data readable writeable library kernel,'KERNEL32.DLL',\ user,'USER32.DLL',\ gdi,'GDI32.DLL',\ dwmapi,'DWMAPI.DLL' import kernel,\ GetModuleHandle,'GetModuleHandleA',\ ExitProcess,'ExitProcess',\ GetLastError,'GetLastError' import user,\ RegisterClass,'RegisterClassA',\ CreateWindowEx,'CreateWindowExA',\ DefWindowProc,'DefWindowProcA',\ SetWindowLong,'SetWindowLongA',\ RedrawWindow,'RedrawWindow',\ GetMessage,'GetMessageA',\ TranslateMessage,'TranslateMessage',\ DispatchMessage,'DispatchMessageA',\ SendMessage,'SendMessageA',\ PostQuitMessage,'PostQuitMessage' ,\ import dwmapi,\ ApplyGlass,'DwmExtendFrameIntoClientArea' I wouldn't recommend giving an '.import' section write and/or execute permissions at all, so the best lines to use for data, code, and imports are: Code: section '.data' readable writeable' section '.code' readable writeable executable section '.idata' readable |
|||
25 Aug 2007, 09:11 |
|
StakFallT 25 Aug 2007, 17:09
gotcha, thanks
|
|||
25 Aug 2007, 17:09 |
|
FrozenKnight 25 Aug 2007, 21:13
Quote: The use of one over another really depends on one person or another. The latter line has more control over the former line, because it allows you to specify read/write/execute priveleges. Used in conjunction with Data Execution Prevention in Windows XP SP2 and Longhorn Server, you can build yourself one secure application! untill you learn about VirtualProtectEX(). it doesn't matter how secure your application is Hackers can find a way around it. and btw Data Execution Prevention is computer specific so it can be turned off. (quite easily too) At best you might slow down a hacker for about 10 seconds. but if your at that then you should not give write permissions to the .code section either. |
|||
25 Aug 2007, 21:13 |
|
< Last Thread | Next Thread > |
Forum Rules:
|
Copyright © 1999-2025, Tomasz Grysztar. Also on GitHub, YouTube.
Website powered by rwasa.