flat assembler
Message board for the users of flat assembler.

Index > Windows > masm procedure to fasm proc

Author
Thread Post new topic Reply to topic
tester3000



Joined: 16 Feb 2007
Posts: 17
tester3000 29 Mar 2008, 08:08
Can somebody help to change masm procedure to FASM plz.

Code:
ValidPE     proc
        push    esi                                     
        pushf                                         
        .IF WORD ptr [esi]=="ZM"
                assume  esi:ptr IMAGE_DOS_HEADER        
                add esi,[esi].e_lfanew                  
                .IF WORD PTR [esi]=="EP"
                        popf                            
                        pop esi                         
                        mov eax,TRUE
                        ret
                .ENDIF
        .ENDIF
        popf                                            
        pop esi                                         
        mov eax,FALSE
        ret
ValidPE        endp      
Post 29 Mar 2008, 08:08
View user's profile Send private message Reply with quote
MHajduk



Joined: 30 Mar 2006
Posts: 6115
Location: Poland
MHajduk 29 Mar 2008, 08:58
I hope that I've made it correctly:
Code:
proc  ValidPE

 push    esi
 pushf

   cmp     word [esi], 'ZM'
  jne     .End

    .Exe:
           add esi, [esi + IMAGE_DOS_HEADER.e_lfanew]

              cmp     word [esi], 'EP'
          jne     .End

            .PE:
                    popf
                        pop     esi
                 mov     eax, TRUE
                   ret

     .End:
           popf
                pop     esi
         mov     eax, FALSE
          ret
endp    
Post 29 Mar 2008, 08:58
View user's profile Send private message Visit poster's website Reply with quote
tester3000



Joined: 16 Feb 2007
Posts: 17
tester3000 29 Mar 2008, 09:06
thanks but it doesn't work

Code:
add esi, [esi + IMAGE_DOS_HEADER.e_lfanew]    


Error: undefined symbol Sad
Post 29 Mar 2008, 09:06
View user's profile Send private message Reply with quote
MHajduk



Joined: 30 Mar 2006
Posts: 6115
Location: Poland
MHajduk 29 Mar 2008, 09:23
Include this definition into your source file:
Code:
struct      IMAGE_DOS_HEADER
    e_magic       dw ?
  e_cblp        dw ?
  e_cp          dw ?
  e_crlc        dw ?
  e_cparhdr     dw ?
  e_minalloc    dw ?
  e_maxalloc    dw ?
  e_ss          dw ?
  e_sp          dw ?
  e_csum        dw ?
  e_ip          dw ?
  e_cs          dw ?
  e_lfarlc      dw ?
  e_ovno        dw ?
  e_res         rw 4
  e_oemid       dw ?
  e_oeminfo     dw ?
  e_res2        rw 10
 e_lfanew      dd ?
ends    
Post 29 Mar 2008, 09:23
View user's profile Send private message Visit poster's website Reply with quote
tester3000



Joined: 16 Feb 2007
Posts: 17
tester3000 29 Mar 2008, 10:26
Still doesn't work Sad

pe_dll:

Code:
format PE GUI 4.0 DLL
entry DllEntryPoint

include 'win32a.inc'

struct  IMAGE_DOS_HEADER
        e_magic       dw ?
        e_cblp        dw ?
        e_cp          dw ?
        e_crlc        dw ?
        e_cparhdr     dw ?
        e_minalloc    dw ?
        e_maxalloc    dw ?
        e_ss          dw ?
        e_sp          dw ?
        e_csum        dw ?
        e_ip          dw ?
        e_cs          dw ?
        e_lfarlc      dw ?
        e_ovno        dw ?
        e_res         rw 4
        e_oemid       dw ?
        e_oeminfo     dw ?
        e_res2        rw 10
        e_lfanew      dd ?
ends

section '.code' code readable executable

proc DllEntryPoint hinstDLL,fdwReason,lpvReserved
        mov     eax,TRUE
        ret
endp

proc ValidPE
        push    esi
        pushf
        cmp     word [esi], 'ZM'
        jne     .notpe

 .valid:
        add esi, [esi + IMAGE_DOS_HEADER.e_lfanew]
        cmp     word [esi], 'EP'
        jne     .notpe

 .PE:
        popf
        pop esi
        mov eax,TRUE
        ret

 .notpe:
        popf
        pop esi
        mov eax,FALSE
        ret
endp


section '.edata' export data readable

  export 'PE.DLL',\
         ValidPE,'ValidPE'

section '.reloc' fixups data discardable    


test_dll:

Code:
format PE GUI 4.0
entry start

include 'win32a.inc'

section '.data' data readable writeable

hFile     dd ?

szFile db 'notepad.exe',0

_titlepe   db 'Pe File',0
_captionpe db 'Pe Valid Proc',0

_titlenotpe   db 'Not Pe File',0
_captionnotpe db 'Pe Valid Proc',0

section '.code' code readable executable

  start:
        invoke CreateFile,szFile,GENERIC_READ,0,0,OPEN_EXISTING,0,0
        mov [hFile],eax
        invoke ValidPE,[hFile]
        test eax,eax
        jnz @F
        jmp .notpe

@@:
        invoke MessageBox,0,_titlepe,_captionpe,MB_ICONINFORMATION+MB_TOPMOST

.notpe:
        invoke MessageBox,0,_titlenotpe,_captionnotpe,MB_ICONINFORMATION+MB_TOPMOST



invoke  ExitProcess,0

section '.idata' import data readable

library kernel,'KERNEL32.DLL',\
        user32,'USER32.DLL',\
        pedll,'PE_DLL.DLL'

import kernel,\
       CreateFile,'CreateFileA',\
       ExitProcess,'ExitProcess'

import user32,\
       MessageBox,'MessageBoxA'

import pedll,\
         ValidPE,'ValidPE'    
Post 29 Mar 2008, 10:26
View user's profile Send private message Reply with quote
MHajduk



Joined: 30 Mar 2006
Posts: 6115
Location: Poland
MHajduk 29 Mar 2008, 10:32
Change 'ZM' to 'MZ' and 'EP' to 'PE'.

[EDIT]... and procedure 'ValidPE' in DLL should take one argument. You should fix it.[/EDIT]
Post 29 Mar 2008, 10:32
View user's profile Send private message Visit poster's website Reply with quote
tester3000



Joined: 16 Feb 2007
Posts: 17
tester3000 29 Mar 2008, 11:36
MHajduk wrote:
Change 'ZM' to 'MZ' and 'EP' to 'PE'.

[EDIT]... and procedure 'ValidPE' in DLL should take one argument. You should fix it.[/EDIT]


I've changed ZM' to 'MZ' and 'EP' to 'PE' and add argument to procedure:

Code:
proc ValidPE,hFile
        push    esi
        pushf
        cmp     word [esi], 'MZ'
        jne     .notpe

 .valid:
        add esi, [esi + IMAGE_DOS_HEADER.e_lfanew]
        cmp     word [esi], 'PE'
        jne     .notpe

 .PE:
        popf
        pop esi
        mov eax,TRUE
        ret

 .notpe:
        popf
        pop esi
        mov eax,FALSE
        ret
endp                         


But nothing changed. Can you attach your code ?
Post 29 Mar 2008, 11:36
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 20299
Location: In your JS exploiting you and your system
revolution 29 Mar 2008, 13:03
tester3000:

1. After you create the file you have to also read in the header to memory, use ReadFile.

2. In the "ValidPE" function you need to load the value of esi. Use "mov esi,[hFile]" after the "pushf"
Post 29 Mar 2008, 13:03
View user's profile Send private message Visit poster's website Reply with quote
tester3000



Joined: 16 Feb 2007
Posts: 17
tester3000 29 Mar 2008, 13:40
revolution wrote:
tester3000:

1. After you create the file you have to also read in the header to memory, use ReadFile.

2. In the "ValidPE" function you need to load the value of esi. Use "mov esi,[hFile]" after the "pushf"


I've done all that you said and my dll doesn't work.
Sad Try yourself compile and run.
Post 29 Mar 2008, 13:40
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 20299
Location: In your JS exploiting you and your system
revolution 29 Mar 2008, 13:46
Post your latest code.
Post 29 Mar 2008, 13:46
View user's profile Send private message Visit poster's website Reply with quote
MHajduk



Joined: 30 Mar 2006
Posts: 6115
Location: Poland
MHajduk 29 Mar 2008, 13:57
tester3000

Here you have a proper solution:

PE_DLL.asm
Code:
format PE GUI 4.0 DLL
entry DllEntryPoint

include 'win32a.inc'

struct  IMAGE_DOS_HEADER
        e_magic       dw ?
        e_cblp        dw ?
        e_cp          dw ?
        e_crlc        dw ?
        e_cparhdr     dw ?
        e_minalloc    dw ?
        e_maxalloc    dw ?
        e_ss          dw ?
        e_sp          dw ?
        e_csum        dw ?
        e_ip          dw ?
        e_cs          dw ?
        e_lfarlc      dw ?
        e_ovno        dw ?
        e_res         rw 4
        e_oemid       dw ?
        e_oeminfo     dw ?
        e_res2        rw 10
        e_lfanew      dd ?
ends

section '.code' code readable executable

proc     DllEntryPoint hinstDLL,fdwReason,lpvReserved
        mov     eax,TRUE
        ret
endp

proc     ValidPE, FilePtr
        
        push    esi
        pushf
        
        mov esi, [FilePtr]
        
        cmp     word [esi], 'MZ'
        jne     .notpe

 .valid:
        add   esi, [esi + IMAGE_DOS_HEADER.e_lfanew]
        cmp     word [esi], 'PE'
        jne     .notpe

 .PE:
        popf
        pop  esi
        mov      eax, TRUE
        ret

 .notpe:
        popf
        pop     esi
        mov      eax, FALSE
        ret
endp


section '.edata' export data readable

    export  'PE_DLL.DLL',\
           ValidPE, 'ValidPE'

section '.reloc' fixups data discardable
    
PETest.asm
Code:
format PE GUI 4.0
entry start

include 'win32a.inc'

section '.data' data readable writeable

hFile            dd ?
hFileMap        dd ?
hFileView       dd ?

szFile              db 'PETest.exe',0

_titlepe     db 'Pe File',0
_captionpe  db 'Pe Valid Proc',0

_titlenotpe       db 'Not Pe File',0
_captionnotpe   db 'Pe Valid Proc',0

FileMapName       db 'MyFileMap', 0

section '.code' code readable executable

  start:
        invoke     CreateFile, szFile, GENERIC_READ, 0, 0, OPEN_EXISTING, FILE_ATTRIBUTE_READONLY, 0               
        cmp eax, INVALID_HANDLE_VALUE
        je .End
        
        mov [hFile], eax
        
        invoke CreateFileMapping, [hFile], NULL, PAGE_READONLY, 0, 0, FileMapName        
        test   eax, eax
        jz  .End
        
        mov [hFileMap], eax
        
        invoke   MapViewOfFile, eax, FILE_MAP_READ, 0, 0, 0        
        test      eax, eax
        jz  .End
        
        mov [hFileView], eax
        
        invoke  ValidPE, [hFileView]
        test    eax, eax
        jnz .pe
        jmp      .notpe

.pe:
        invoke        MessageBox, 0, _titlepe, _captionpe, MB_ICONINFORMATION + MB_TOPMOST
        jmp     .End

.notpe:
        invoke       MessageBox, 0, _titlenotpe, _captionnotpe, MB_ICONINFORMATION + MB_TOPMOST

.End:
 invoke  UnmapViewOfFile, [hFileView]
        invoke  CloseHandle, [hFileMap]
     invoke  CloseHandle, [hFile]
        invoke  ExitProcess,0

section '.idata' import data readable

library kernel, 'KERNEL32.DLL',\
        user32, 'USER32.DLL',\
        pedll, 'PE_DLL.DLL'

import     kernel,\       
    CreateFile, 'CreateFileA',\
      CloseHandle, 'CloseHandle',\
     CreateFileMapping, 'CreateFileMappingA',\
        MapViewOfFile, 'MapViewOfFile',\
 UnmapViewOfFile, 'UnmapViewOfFile',\
     ExitProcess, 'ExitProcess'

import      user32,\
   MessageBox, 'MessageBoxA'

import       pedll,\
    ValidPE, 'ValidPE'
    
Post 29 Mar 2008, 13:57
View user's profile Send private message Visit poster's website Reply with quote
tester3000



Joined: 16 Feb 2007
Posts: 17
tester3000 29 Mar 2008, 15:10
MHajduk большое спасибо
Post 29 Mar 2008, 15:10
View user's profile Send private message Reply with quote
MHajduk



Joined: 30 Mar 2006
Posts: 6115
Location: Poland
MHajduk 29 Mar 2008, 16:29
I'm glad that I was able to help you. Very Happy
Post 29 Mar 2008, 16:29
View user's profile Send private message Visit poster's website Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2024, Tomasz Grysztar. Also on GitHub, YouTube.

Website powered by rwasa.