flat assembler
Message board for the users of flat assembler.

Index > Windows > Checking PE file for validation

Author
Thread Post new topic Reply to topic
Necromancer13



Joined: 18 Oct 2007
Posts: 32
Location: Ukraine
Necromancer13
I try to write a program for chacking PE file for validation...
But I can't compile it... FASM finds some errors...

It's a code of a program...

Code:
format PE GUI 4.0
entry start
include '%fasminc%\win32a.inc'
struct  SEH
        PrevLink        dd ?
        CurrentHandler  dd ?
        SafeOffset      dd ?
        PrevEsp         dd ?
        PrevEbp         dd ?
ends
IDD_DLG1    = 1
MAXSIZE  = 512
ButtonID       = 3
section '.data' data readable writeable
hInstance   dd ?
CommandLine     dd ?
ofn             OPENFILENAME
FilterString    db 'EXE-files (*.exe), DLL-files (*.dll)',0,'*.exe;*.dll',0
             db 'All Files (*.*)',0,'*.*',0,0
buffer          rb MAXSIZE
hFileRead dd ?
hMapFile        dd ?
pMemory         dd ?
seh             SEH
section '.code' code readable writeable executable
start:
   invoke  GetModuleHandle,0
   mov     [hInstance],eax
     invoke  GetCommandLine
      mov     [CommandLine],eax
   invoke  DialogBoxParam,[hInstance],IDD_DLG1,HWND_DESKTOP,DlgProc,0
  invoke  ExitProcess,eax
     
proc DlgProc hWnd,uMsg,wParam,lParam
    cmp     [uMsg],WM_INITDIALOG
        jz      .initdialog
 cmp     [uMsg],WM_CLOSE
     jz      .wmclose
    cmp     [uMsg],WM_COMMAND
   jz      .wmcommand
  mov     eax,FALSE
   ret
.initdialog:
     mov     [ofn.lStructSize],sizeof.OPENFILENAME
       push    [hWnd]
      pop     [ofn.hwndOwner]
     push    [hInstance]
 pop     [ofn.hInstance]
     mov     [ofn.lpstrFilter],FilterString
      mov     [ofn.lpstrFile],buffer
      mov     [ofn.nMaxFile],MAXSIZE
      jmp     _finish
.wmclose:
        cmp     [hMapFile],0
        je      @f
        call    CloseMapFile
@@:
   invoke  EndDialog,[hWnd],0
  jmp     _finish
.wmcommand:
  mov     eax,[wParam]
        mov     edx,eax
     shr     edx,16
      cmp     dx,BN_CLICKED
       jne     _finish
     cmp     ax,ButtonID
 jne     _finish
     mov     [ofn.Flags],OFN_FILEMUSTEXIST or OFN_PATHMUSTEXIST or OFN_LONGNAMES or OFN_EXPLORER or OFN_HIDEREADONLY
     invoke  GetOpenFileName,ofn
 cmp     eax,TRUE
    jne     _finish
     invoke  CreateFile,buffer,GENERIC_READ,FILE_SHARE_READ,0,OPEN_EXISTING,FILE_ATTRIBUTE_NORMAL,0
      test    eax,eax
     je      _erroropen
  mov     [hFileRead],eax
     invoke  CreateFileMapping,[hFileRead],0,PAGE_READONLY,0,0,0
 test    eax,eax
     je      _errormap
   mov     [hMapFile],eax
      
    ;=======================================
    ;=======================================
    call    CheckFile
FinalExit:
        test    ecx,ecx
        jne     @next
        push    [seh.PrevLink]
        pop     dword[fs:0]
        invoke  UnmapViewOfFile,[pMemory]
        jmp     @f
ValidText       db 'It''s a valid PE file!',0
AppName         db 'PE View',0
@@:
        invoke  MessageBox,HWND_DESKTOP,ValidText,AppName,MB_ICONINFORMATION
 jmp     _finish
@next:
        push    [seh.PrevLink]
        pop     dword[fs:0]
        invoke  UnmapViewOfFile,[pMemory]
        jmp     @f
InvalidText     db 'It''s not a valid PE file!',0
@@:
        invoke  MessageBox,HWND_DESKTOP,InvalidText,AppName,MB_ICONERROR
        jmp     _finish
        ;=======================================
        ;=======================================
_finish:
    mov     eax,TRUE
    ret
errop           db 'Can not open file for reading',0
errmp           db 'Can not map file',0

_erroropen:
        invoke  MessageBox,HWND_DESKTOP,errop,AppName,MB_ICONERROR
        jmp     _finish
_errormap:
        invoke  MessageBox,HWND_DESKTOP,errmp,AppName,MB_ICONERROR
        jmp     _finish
endp

proc CloseMapFile
        invoke  CloseHandle,[hMapFile]
        mov     [hMapFile],0
        invoke  CloseHandle,[hFileRead]
        ret
endp

proc CheckFile
        invoke  MapViewOfFile,[hMapFile],FILE_MAP_READ,0,0,0
        test    eax,eax
        je      _mappingerror
        mov     [pMemory],eax
        push    dword[fs:0]
        pop     [seh.PrevLink]
        mov     [seh.CurrentHandler],SEHHandler
        mov     [seh.SafeOffset],FinalExit
        mov     eax,seh
        mov     [fs:0],eax
        mov     [seh.PrevEsp],esp
        mov     [seh.PrevEbp],ebp
        mov     edi,[pMemory]
        cmp     word[edi],'MZ'
        jne     .notmz
        add     edi,dword[edi+3Ch]
        cmp     dword[edi],00004550h
        je      _valid
        xor     ecx,ecx
        inc     ecx
        ret
.notmz:
        jmp     @f
NotMZ           db 'MZ-signature is not found!',0
@@:
        invoke  MessageBox,HWND_DESKTOP,NotMZ,AppName,MB_ICONERROR        
        xor     ecx,ecx
        inc     ecx
        ret
_mappingerror:
        jmp     @f
MappingError    db 'Can not map file into memory!',0
@@:
        invoke  MessageBox,HWND_DESKTOP,MappingError,AppName,MB_ICONERROR
        xor     ecx,ecx
        inc     ecx
        ret
_valid:
        xor     ecx,ecx
        ret
endp

proc SEHHandler pExcept,pFrame,pContext,pDispatch
        push    edx
        mov     edx,[pFrame]
        mov     eax,[pContext]
        push    dword[seh.SafeOffset]
        add     dword[pContent],0B8h
        pop     dword[pContent]
        sub     dword[pContent],0B8h
        add     dword[pContent],0C4h
        push    dword[seh.PrevEsp]
        pop     dword[pContent]
        sub     dword[pContent],0C4h
        add     dword[pContent],0B4h
        push    dword[seh.PrevEbp]
        pop     dword[pContent]
        sub     dword[pContent],0B4h
        xor     ecx,ecx
        inc     ecx
        xor     eax,eax
        pop     edx
        ret
endp

section '.idata' import data readable writeable
        library user32,'user32.dll',\
            kernel32,'kernel32.dll',\
                comdlg32,'comdlg32.dll'
   include '%fasminc%\api\user32.inc'
      include '%fasminc%\api\kernel32.inc'
    include '%fasminc%\api\comdlg32.inc'
section '.rsrc' resource from 'PEView.res' data readable
    


And it's a rc-file:

Code:

#define IDD_DLG1 1
#define IDC_GRP1 2
#define IDC_BTN1 3
IDD_DLG1 DIALOGEX 150,88,192,118
CAPTION "PE View"
FONT 10,"Comic Sans MS",400,0,204
STYLE 0x10CA0000
BEGIN
  CONTROL "PE VIEW",IDC_GRP1,"Button",0x50000007,0,0,192,119
  CONTROL "Open File",IDC_BTN1,"Button",0x50012F00,10,41,168,27
END


    


FASM finds some errors in this strings:

Code:

proc SEHHandler pExcept,pFrame,pContext,pDispatch
        push    edx
        mov     edx,[pFrame]
        mov     eax,[pContext]
        push    dword[seh.SafeOffset]
        add     dword[pContent],0B8h
        pop     dword[pContent]
        sub     dword[pContent],0B8h
        add     dword[pContent],0C4h
        push    dword[seh.PrevEsp]
        pop     dword[pContent]
        sub     dword[pContent],0C4h
        add     dword[pContent],0B4h
        push    dword[seh.PrevEbp]
        pop     dword[pContent]
        sub     dword[pContent],0B4h
        xor     ecx,ecx
        inc     ecx
        xor     eax,eax
        pop     edx
        ret
endp
    


It's very hard without assume and without .IF, .ENDIF, .ELSEIF, .WHILE..Sad
Can you advice me a good way for cheking for PE file validation or tell, where I can find a source of this program?..
Thank you:)

P.S. I am new to FASM, and I use it only for some days

_________________
FASM Rulezzzzzz!
Post 22 Oct 2007, 18:16
View user's profile Send private message Visit poster's website MSN Messenger ICQ Number Reply with quote
LocoDelAssembly
Your code has a bug


Joined: 06 May 2005
Posts: 4633
Location: Argentina
LocoDelAssembly
You can use .if, .endif, etc, check http://flatassembler.net/docs.php?article=win32

For assume you can use "include 'macro\masm.inc'" (open it to look what others things will do).

PS: Include masm.inc AFTER including win32*.inc
Post 22 Oct 2007, 18:58
View user's profile Send private message Reply with quote
Necromancer13



Joined: 18 Oct 2007
Posts: 32
Location: Ukraine
Necromancer13
oh.. really! =0
Thanks!Smile FASM is so cool:)
Post 22 Oct 2007, 19:08
View user's profile Send private message Visit poster's website MSN Messenger ICQ Number Reply with quote
DOS386



Joined: 08 Dec 2006
Posts: 1901
DOS386
Quote:
It's very hard without assume and without .IF, .ENDIF, .ELSEIF, .WHILE..
Can you advice me a good way for cheking for PE file validation or tell, where I can find a source of this program?..
Thank you
P.S. I am new to FASM, and I use it only for some days


Welcome Smile

FASM<>MA$M (or FASM!=MA$M Laughing ) by intention

Make sure to read: http://flatassembler.net/docs.php?article=design
Post 22 Oct 2007, 22:07
View user's profile Send private message Reply with quote
Necromancer13



Joined: 18 Oct 2007
Posts: 32
Location: Ukraine
Necromancer13
Yes...
FASM!=MA$M
FASM is better:)
Post 23 Oct 2007, 18:28
View user's profile Send private message Visit poster's website MSN Messenger ICQ Number Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2020, Tomasz Grysztar. Also on GitHub, YouTube, Twitter.

Website powered by rwasa.