flat assembler
Message board for the users of flat assembler.

Index > Windows > where are agruments?

Author
Thread Post new topic Reply to topic
asmrox



Joined: 19 Jan 2008
Posts: 160
asmrox
where are loaded arguments (**argv from c)?
dont tell me to use api, i really can do that.
Post 19 Jan 2008, 02:46
View user's profile Send private message Reply with quote
vid
Verbosity in development


Joined: 05 Sep 2003
Posts: 7105
Location: Slovakia
vid
You have to use api.

If you really can't, too bad for you Razz
Post 19 Jan 2008, 03:31
View user's profile Send private message Visit poster's website AIM Address MSN Messenger ICQ Number Reply with quote
asmrox



Joined: 19 Jan 2008
Posts: 160
asmrox
bullshit, you just dont know.

Code:
 GetCommandLineA:
            mov     eax,[L7C8835F4]
             retn
    

whats that magic 7C8835F4
Post 19 Jan 2008, 03:43
View user's profile Send private message Reply with quote
LocoDelAssembly
Your code has a bug


Joined: 06 May 2005
Posts: 4633
Location: Argentina
LocoDelAssembly
Exactly that, MAGIC, not portable at all.

My WinXP SP2:
Code:
7C812F1D > A1 F445887C      MOV EAX,DWORD PTR DS:[7C8845F4]
7C812F22   C3               RETN    


A Win2003 I have access to:
Code:
77E6B487 > A1 D4B5EC77      MOV EAX,DWORD PTR DS:[77ECB5D4]
77E6B48C   C3               RETN    


As you can see different enough addresses to be used as hardcoded magics shits Smile
Post 19 Jan 2008, 03:58
View user's profile Send private message Reply with quote
asmrox



Joined: 19 Jan 2008
Posts: 160
asmrox
okay, but when program is loaded into memory, segment registers are filled with addresses. And 1 of them should be command line pointer.
Am i wrong?
Post 19 Jan 2008, 04:15
View user's profile Send private message Reply with quote
LocoDelAssembly
Your code has a bug


Joined: 06 May 2005
Posts: 4633
Location: Argentina
LocoDelAssembly
Code:
include 'win32wx.inc'

start:
  mov    eax, [fs:$30]
  mov    eax, [eax+$10]
  mov    ebx, [eax+16+4*10+4]
  invoke MessageBox, 0, ebx, ebx, 0
  ret

.end start    


Here you have a more platform independent approach (but still not safe and it is highly probable that it doesn't work on non-NT kernels).

References:
http://en.wikipedia.org/wiki/Win32_Thread_Information_Block
http://msdn2.microsoft.com/en-us/library/aa813706(VS.85).aspx
http://msdn2.microsoft.com/en-us/library/aa813741(VS.85).aspx

As for how KERNEL32.DLL has a PRIVATE variable with a pointer to the same thing is very probably that its entry-point has very similar code than above to set it up. I'm not sure who fills out all these structures fields but I suppose that the kernel does it.
Post 19 Jan 2008, 04:49
View user's profile Send private message Reply with quote
asmrox



Joined: 19 Jan 2008
Posts: 160
asmrox
mov eax, [fs:0x30]
mov eax, [eax+16]
mov eax, [eax+60]
push 0
push eax
push eax
push 0
call [MessageBoxW]
retn 0

yeah! it works! thanks for that links!
finally!
Quote:
You have to use api.

OWNED!
Post 19 Jan 2008, 05:08
View user's profile Send private message Reply with quote
LocoDelAssembly
Your code has a bug


Joined: 06 May 2005
Posts: 4633
Location: Argentina
LocoDelAssembly
Quote:


Quote:
You have to use api.



OWNED!

But it is still true actually unless you don't care about future behavior. Look the comments in red in the Microsoft's links. And as I've said before, this way is candidate to be fully incompatible with Win9x/ME.

PS: I asked a friend with Windows Vista to test it and he says it does not work, the program just crashes. This means that the comments in red are very true and if you look at the requirements Vista isn't listed for RTL_USER_PROCESS_PARAMETERS (last link).
Post 19 Jan 2008, 05:33
View user's profile Send private message Reply with quote
asmrox



Joined: 19 Jan 2008
Posts: 160
asmrox
thats bad, it dont have to work with 9x, but vista...
do you have any idea how can i get it on vista and xp, without using any dlls?
(When i start writing shellcodes, imports from dlls wouldnt be nice ;/)
Post 19 Jan 2008, 05:37
View user's profile Send private message Reply with quote
LocoDelAssembly
Your code has a bug


Joined: 06 May 2005
Posts: 4633
Location: Argentina
LocoDelAssembly
I think that is a very bad idea to stay in front of a computer at 4:00 AM... The program works great, the mistake was that I passed to him my bugged program from the NtAllocateVirtualMemory thread Embarassed

I've also tested it on a Win98SE (AND I'M SURE IT IS THIS PROGRAM THIS TIME) but:
Image

Doesn't works as expected.
Post 19 Jan 2008, 06:19
View user's profile Send private message Reply with quote
vid
Verbosity in development


Joined: 05 Sep 2003
Posts: 7105
Location: Slovakia
vid
asmrox: ok, as long as you are fine with your app working only on your machine, go for this method. But it is a VERY BAD practice.

What particular reason do you have to not to do it properly?
Post 19 Jan 2008, 12:13
View user's profile Send private message Visit poster's website AIM Address MSN Messenger ICQ Number Reply with quote
Goplat



Joined: 15 Sep 2006
Posts: 181
Goplat
asmrox wrote:
call [MessageBoxW]
MessageBox is an API too.

Most API functions ultimately come down to system calls. You could, I suppose, write a Windows program without importing from any DLLs, using INT 2E to make direct system calls instead. This would be completely pointless, it would only ever work on one particular Windows version since system call numbers are always changing, and besides, system calls are really just a low-level kind of API anyway.

In short: You can't do jack on Windows without APIs. Get used to it.
Post 19 Jan 2008, 19:11
View user's profile Send private message Reply with quote
AlexP



Joined: 14 Nov 2007
Posts: 561
Location: Out the window. Yes, that one.
AlexP
I've got a simple, fast command-line parsar function if you would like it, it calls GetCommandLineA for portability.
Code:
GetCommandLineParams:
        push eax ebx
        call [GetCommandLine]
        ;Find the params or end of string
        ;ecx contains pointer to out for pointer to go
        xor ebx,ebx
    @@: cmp byte[eax+ebx],0x2F ; /
        je @f
    .A: cmp byte[eax+ebx],0x2D ; -
        je @f
    .B: cmp byte[eax+ebx],0x00
        je @f
        inc ebx
        jmp @b
    @@: add eax,ebx
        mov [ecx],eax
        pop ebx eax
        ret
    

Just add anything to the cmp statement block to make it recognize any character. Mine returns the address of the beginning of the commands, denoted by / or - when using the prompt.
Post 19 Jan 2008, 20:03
View user's profile Send private message Visit poster's website Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2020, Tomasz Grysztar. Also on GitHub, YouTube, Twitter.

Website powered by rwasa.