flat assembler
Message board for the users of flat assembler.

Index > Windows > fasm problem?

Author
Thread Post new topic Reply to topic
smoke



Joined: 16 Jan 2006
Posts: 42
smoke 12 Sep 2007, 16:02
Hello everyone,

I have a problem. Yesterday I finished coding a hooking engine (it worked quite okay as far as i remember) and now this morning i assembled it again (the same source) and it didnt work again (I haven't changed a thing..) So I'm asking you .. Is this a fasm issue? and ... has something like this ever happened to you? If yes, how did you solve it? (my code crashes when calling GetThreadContext ... i get ERROR_NOACCESS)

Here are the sources (the patch program, the dll that handles the detoured apis and the test file ..)


ps: i could paste the code but .. i think its nicer to just download and check it out


Thank you in advance...


Description: The problem is in the patcher.asm
Download
Filename: sources.rar
Filesize: 3.71 KB
Downloaded: 249 Time(s)

Post 12 Sep 2007, 16:02
View user's profile Send private message Reply with quote
bogdanontanu



Joined: 07 Jan 2004
Posts: 403
Location: Sol. Earth. Europe. Romania. Bucuresti
bogdanontanu 12 Sep 2007, 18:08
FASM is a mature assembler today.
Maybe you could suspect FASM in the first releases but not today.

Then again, is it FASM crashing or it is your code that fails?
My bet would be that your code is wrong.

Probably you coded something that was tied (or lucky) to the current status of the OS. Because of this it used to work until you have restarted the OS or until an OS update was performed (maybe automatically).

Hence after a restart some modules are at a different address or layout and you code assumptions are no longer valid.
Post 12 Sep 2007, 18:08
View user's profile Send private message Visit poster's website Reply with quote
smoke



Joined: 16 Jan 2006
Posts: 42
smoke 12 Sep 2007, 18:38
Well, its my code crashing not fasm .. though .. if i trace through the code everything executes nicely .. but when it comes to that CALL dword ... I get ERROR_NOACCESS .. (call to GetThreadContext)

EDIT: dword aligning the context structure solved the problem
Post 12 Sep 2007, 18:38
View user's profile Send private message Reply with quote
vid
Verbosity in development


Joined: 05 Sep 2003
Posts: 7105
Location: Slovakia
vid 13 Sep 2007, 09:39
for next time, good way to solve this kind of problems is to keep old versions of executable, and then compare them to new versions, and see what's changed.
Post 13 Sep 2007, 09:39
View user's profile Send private message Visit poster's website AIM Address MSN Messenger ICQ Number Reply with quote
madmatt



Joined: 07 Oct 2003
Posts: 1045
Location: Michigan, USA
madmatt 13 Sep 2007, 19:14
I've found one problem with you code so far.
In "hook.asm" where you define your imports, this:
Code:
kernel,       'kernel32.dll'    

should be this:
Code:
kernel32, 'kernel32.dll'    


And this:
Code:
import kernel,\
                ReadProcessMemory,    'ReadProcessMemory',\    

should be:
Code:
import kernel32,\
                ReadProcessMemory,    'ReadProcessMemory',\    


That's all i've found so far.
Post 13 Sep 2007, 19:14
View user's profile Send private message Reply with quote
LocoDelAssembly
Your code has a bug


Joined: 06 May 2005
Posts: 4624
Location: Argentina
LocoDelAssembly 13 Sep 2007, 19:59
Why that change is needed?
Post 13 Sep 2007, 19:59
View user's profile Send private message Reply with quote
madmatt



Joined: 07 Oct 2003
Posts: 1045
Location: Michigan, USA
madmatt 13 Sep 2007, 20:58
I've had this problem before and fasm doesn't report an error for it. ALL the import and label text's must match, in this case, kernel32 must be the label in both library and api sections. All I can ask is try it and see if it helps.
Post 13 Sep 2007, 20:58
View user's profile Send private message Reply with quote
LocoDelAssembly
Your code has a bug


Joined: 06 May 2005
Posts: 4624
Location: Argentina
LocoDelAssembly 13 Sep 2007, 21:15
The Quetannon example has "library kernel,'KERNEL32.DLL',\" and "import kernel,\" and it worked so far. The labels MUST match of course but in the attachment I see that both parts already uses the same label (and you showed that in your previous post).

That is the reason of why I don't understand the change. I'm missing something else?
Post 13 Sep 2007, 21:15
View user's profile Send private message Reply with quote
madmatt



Joined: 07 Oct 2003
Posts: 1045
Location: Michigan, USA
madmatt 13 Sep 2007, 21:35
LocoDelAssembly wrote:
The Quetannon example has "library kernel,'KERNEL32.DLL',\" and "import kernel,\" and it worked so far. The labels MUST match of course but in the attachment I see that both parts already uses the same label (and you showed that in your previous post).

That is the reason of why I don't understand the change. I'm missing something else?


No, your right, I don't think it does. my mistake. I have gotten the file 'hook.asm' to compile to a dll on my fasmw setup. I'll try and get the other code to compile then start debugging and see what I can find.
Post 13 Sep 2007, 21:35
View user's profile Send private message Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2024, Tomasz Grysztar. Also on GitHub, YouTube.

Website powered by rwasa.