flat assembler
Message board for the users of flat assembler.

Index > Main > How to convert "mov fs:[0],esp" to FASM syntax?

Goto page 1, 2  Next
Author
Thread Post new topic Reply to topic
Azu



Joined: 16 Dec 2008
Posts: 1159
Azu 06 Feb 2009, 05:58
Can somebody please tell me how to convert "mov fs:[0],esp" to FASM syntax?

So far I have tried


mov fs:0,esp
mov fs,esp
mov fs:[NULL],esp
mov fs:null,esp
mov dword fs:0,esp
mov dword fs,esp
mov dword fs:[NULL],esp
mov dword fs:null,esp


And none of them even compile.

I also can't figure out how to get "assume fs:nothing" into FASM syntax. I think just commenting it out should be okay though.



I would be very very happy if somebody could explain to me how to fix one (or both) of these compile errors Very Happy


P.S. sorry if this has been answered before. I tried searching for fs:[0] and there are a lot of results but none of them even have "fs" in them.. I guess I don't know how to use the search thing..
Post 06 Feb 2009, 05:58
View user's profile Send private message Send e-mail AIM Address Yahoo Messenger MSN Messenger ICQ Number Reply with quote
sinsi



Joined: 10 Aug 2007
Posts: 790
Location: Adelaide
sinsi 06 Feb 2009, 06:05
Code:
  mov [fs:0],esp    
Forget assume
Post 06 Feb 2009, 06:05
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 20343
Location: In your JS exploiting you and your system
revolution 06 Feb 2009, 06:15
Also, this is allowed:
Code:
fs
mov [0],esp    


And this:
Code:
fs mov [0],esp    
Post 06 Feb 2009, 06:15
View user's profile Send private message Visit poster's website Reply with quote
Azu



Joined: 16 Dec 2008
Posts: 1159
Azu 06 Feb 2009, 08:06
Thanks guys Smile I'm almost done converting now I think

There is another thing I'ms tuck on though.. if you could help me with this one to that would be great

"assume esi:ptr IMAGE_NT_HEADERS"

It won't compile at all.. tried changing it to "assume esi:IMAGE_NT_HEADERS" but still no go. I have the IMAGE_NT_HEADERS struct defined in an include so I'm not sure why it isn't working x_x any ideas?

Is there a way to get this working easily or should I just look through the structs and try to do the offsets manually instead? I'm almost to the end and think I'll have it done as soon as I get this last obstacle out of the way.. I don't see why it won't compile though..

It doesn't get hung up on the "assume esi:ptr EXCEPTION_RECORD,edi:ptr CONTEXT" near the start of the file, which looks to me like it would have more problem.. I'm really confused Confused
And I tried replacing that line with it just to see if it would work, but it still gives "illegal instruction" compile error.. Confused

The line right after it is "mov esi,[esi].OptionalHeader.DataDirectory.VirtualAddress" if that matters (which I changed to mov esi,[esi.OptionalHeader.DataDirectory.VirtualAddress] btw)



Edit: nevermind the one at the top gives a compile error to. I thought FASM parsed files from the top to the bottom, but when I commented out the stuff at the bottom it's giving errors on the assume at the top now. Damn. Is the whole "assume" directive just non existent in FASM? Sad
I tried commenting out all the assumes but now I get an error on "pop [edi.regEbp]" saying undefined symbol Crying or Very sad


Last edited by Azu on 06 Feb 2009, 08:19; edited 2 times in total
Post 06 Feb 2009, 08:06
View user's profile Send private message Send e-mail AIM Address Yahoo Messenger MSN Messenger ICQ Number Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 20343
Location: In your JS exploiting you and your system
revolution 06 Feb 2009, 08:14
If you are not using the MASM macros then you can't use assume.

Try this:
Code:
mov esi,[esi+EXCEPTION_RECORD.OptionalHeader.DataDirectory.VirtualAddress]    
Post 06 Feb 2009, 08:14
View user's profile Send private message Visit poster's website Reply with quote
Azu



Joined: 16 Dec 2008
Posts: 1159
Azu 06 Feb 2009, 08:29
Thanks.. I'm having a problem with one of the structs, now. Hopefully this will be the last one...

This "Fpr0 double ?" gives illegal instruction

Did I convert it wrong or is it just impossible to use the "double" type in FASM?

It was originally "double Fpr0;" from msdn

Confused


This is getting frustrating lol..


P.S. tried changing it to dfloat, to Confused
Post 06 Feb 2009, 08:29
View user's profile Send private message Send e-mail AIM Address Yahoo Messenger MSN Messenger ICQ Number Reply with quote
MazeGen



Joined: 06 Oct 2003
Posts: 977
Location: Czechoslovakia
MazeGen 06 Feb 2009, 09:13
Azu wrote:

Did I convert it wrong or is it just impossible to use the "double" type in FASM?

The fastest way to get most of the answers is to read the docs:

http://flatassembler.net/docs.php?article=manual#1.2.2
Post 06 Feb 2009, 09:13
View user's profile Send private message Visit poster's website Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 20343
Location: In your JS exploiting you and your system
revolution 06 Feb 2009, 09:40
double is the same as dq and rq.
Code:
MyFloat dq 1.2345678901234
MyOtherFloat dq ?    
Post 06 Feb 2009, 09:40
View user's profile Send private message Visit poster's website Reply with quote
Azu



Joined: 16 Dec 2008
Posts: 1159
Azu 06 Feb 2009, 18:57
Thanks again guys. I still can't get it to compile though Sad


Now these aren't compiling

Code:
SIZE_OF_80387_REGISTERS equ 80
struct FLOATING_SAVE_AREA
  ControlWord        dd ?
  StatusWord         dd ?
  TagWord            dd ?
  ErrorOffset        dd ?
  ErrorSelector      dd ?
  DataOffset         dd ?
  DataSelector       dd ?
  RegisterArea       rb SIZE_OF_80387_REGISTERS
  Cr0NpxStatedd      dd ?
ends 
MAXIMUM_SUPPORTED_EXTENSION equ 512
struct CONTEXT
        ContextFlags            DW ?
        iDr0                    DW ?
        iDr1                    DW ?
        iDr2                    DW ?
        iDr3                    DW ?
        iDr6                    DW ?
        iDr7                    DW ?
        FloatSave               FLOATING_SAVE_AREA
        regGs                   DW ?
        regFs                   DW ?
        regEs                   DW ?
        regDs                   DW ?
        regEdi                  DW ?
        regEsi                  DW ?
        regEbx                  DW ?
        regEdx                  DW ?
        regEcx                  DW ?
        regEax                  DW ?
        regEbp                  DW ?
        regEip                  DW ?
        regCs                   DW ?
        regFlag                 DW ?
        regEsp                  DW ?
        regSs                   DW ?
        Extendedregisters       DB MAXIMUM_SUPPORTED_EXTENSION DUP (?)
ends    

On the last ends it says "Error: definition of CONTEXT contains illegal instructions."

If I comment out the "FloatSave FLOATING_SAVE_AREA" part then it gets passed that but then it gets stuck on this "pop[edi+CONTEXT.regEbp]" and says "Error: undefined symbol 'CONTEXT.regEbp'."

I can't find anything in the docs about why this shouldn't be working, sorry.. Sad

I also tried putting this struct as
Code:
struct CONTEXT
  ContextFlags            DW ?
  iDr0                    DW ?
  iDr1                    DW ?
  iDr2                    DW ?
  iDr3                    DW ?
  iDr6                    DW ?
  iDr7                    DW ?
  FloatSave
    ControlWord        dd ?
    StatusWord         dd ?
    TagWord            dd ?
    ErrorOffset        dd ?
    ErrorSelector      dd ?
    DataOffset         dd ?
    DataSelector       dd ?
    RegisterArea       rb SIZE_OF_80387_REGISTERS
    Cr0NpxStatedd      dd ?
  ends
  regGs                   DW ?
  regFs                   DW ?
  regEs                   DW ?
  regDs                   DW ?
  regEdi                  DW ?
  regEsi                  DW ?
  regEbx                  DW ?
  regEdx                  DW ?
  regEcx                  DW ?
  regEax                  DW ?
  regEbp                  DW ?
  regEip                  DW ?
  regCs                   DW ?
  regFlag                 DW ?
  regEsp                  DW ?
  regSs                   DW ?
  Extendedregisters       DB MAXIMUM_SUPPORTED_EXTENSION DUP (?)
ends    

but it says illegal instructions on " FloatSave"
I don't understand why this is since I used exactly the same syntax as this struct (which doesn't error)
Code:
struct IMAGE_IMPORT_DESCRIPTOR
  union
    Characteristics     dd ?
    OriginalFirstThunk  dd ?
  ends
  TimeDateStamp         dd ?
  ForwarderChain        dd ?
  Name                  dd ?
  FirstThunk            dd ?
ends    



Please help Confused the tiny "structures" section in the docs doesn't help at all..
Post 06 Feb 2009, 18:57
View user's profile Send private message Send e-mail AIM Address Yahoo Messenger MSN Messenger ICQ Number Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 20343
Location: In your JS exploiting you and your system
revolution 07 Feb 2009, 00:37
Can you please show some minimal code that gives the error. There may be some interaction with other parts of your code. By this I mean not just the snippets you posted above, but one small asm file with the includes and other things all intact.

BTW: Why do you have DW in your structure for 32bit registers?
Post 07 Feb 2009, 00:37
View user's profile Send private message Visit poster's website Reply with quote
Azu



Joined: 16 Dec 2008
Posts: 1159
Azu 07 Feb 2009, 00:57
I'm not sure why it's a DW, sorry. I am just finding the structs on Google and trying to convert them to FASM syntax. It was a DW to begin with so I left it as a DW.


Here's the original file I'm trying to include and get to compile
Code:
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
; ¹«ÓÃÄ£¿é£º_GetKernel.asm
; ¸ù¾Ý³ÌÐò±»µ÷ÓõÄʱºò¶ÑÕ»ÖÐÓиöÓÃÓÚ Ret µÄµØÖ·Ö¸Ïò Kernel32.dll
; ¶ø´ÓÄÚ´æÖÐɨÃè²¢»ñÈ¡ Kernel32.dll µÄ»ùÖ·
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
;
;
;
;
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
; ´íÎó Handler
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
_SEHHandler     proc    _lpExceptionRecord,_lpSEH,_lpContext,_lpDispatcherContext

                pushad
                mov     esi,_lpExceptionRecord
                mov     edi,_lpContext
                assume  esi:ptr EXCEPTION_RECORD,edi:ptr CONTEXT
                mov     eax,_lpSEH
                push    [eax + 0ch]
                pop     [edi].regEbp
                push    [eax + 8]
                pop     [edi].regEip
                push    eax
                pop     [edi].regEsp
                assume  esi:nothing,edi:nothing
                popad
                mov     eax,ExceptionContinueExecution
                ret

_SEHHandler     endp
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
; ÔÚÄÚ´æÖÐɨÃè Kernel32.dll µÄ»ùÖ·
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
_GetKernelBase  proc    _dwKernelRet
                local   @dwReturn

                pushad
                mov     @dwReturn,0
;********************************************************************
; Öض¨Î»
;********************************************************************
                call    @F
                @@:
                pop     ebx
                sub     ebx,offset @B
;********************************************************************
; ´´½¨ÓÃÓÚ´íÎó´¦ÀíµÄ SEH ½á¹¹
;********************************************************************
                assume  fs:nothing
                push    ebp
                lea     eax,[ebx + offset _PageError]
                push    eax
                lea     eax,[ebx + offset _SEHHandler]
                push    eax
                push    fs:[0]
                mov     fs:[0],esp
;********************************************************************
; ²éÕÒ Kernel32.dll µÄ»ùµØÖ·
;********************************************************************
                mov     edi,_dwKernelRet
                and     edi,0ffff0000h
                .while  TRUE
                        .if     word ptr [edi] == IMAGE_DOS_SIGNATURE
                                mov     esi,edi
                                add     esi,[esi+003ch]
                                .if word ptr [esi] == IMAGE_NT_SIGNATURE
                                        mov     @dwReturn,edi
                                        .break
                                .endif
                        .endif
                        _PageError:
                        sub     edi,010000h
                        .break  .if edi < 070000000h
                .endw
                pop     fs:[0]
                add     esp,0ch
                popad
                mov     eax,@dwReturn
                ret

_GetKernelBase  endp
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
; ´ÓÄÚ´æÖÐÄ£¿éµÄµ¼³ö±íÖлñȡij¸ö API µÄÈë¿ÚµØÖ·
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
_GetApi         proc    _hModule,_lpszApi
                local   @dwReturn,@dwStringLength

                pushad
                mov     @dwReturn,0
;********************************************************************
; Öض¨Î»
;********************************************************************
                call    @F
                @@:
                pop     ebx
                sub     ebx,offset @B
;********************************************************************
; ´´½¨ÓÃÓÚ´íÎó´¦ÀíµÄ SEH ½á¹¹
;********************************************************************
                assume  fs:nothing
                push    ebp
                lea     eax,[ebx + offset _Error]
                push    eax
                lea     eax,[ebx + offset _SEHHandler]
                push    eax
                push    fs:[0]
                mov     fs:[0],esp
;********************************************************************
; ¼ÆËã API ×Ö·û´®µÄ³¤¶È£¨´øβ²¿µÄ0£©
;********************************************************************
                mov     edi,_lpszApi
                mov     ecx,-1
                xor     al,al
                cld
                repnz   scasb
                mov     ecx,edi
                sub     ecx,_lpszApi
                mov     @dwStringLength,ecx
;********************************************************************
; ´Ó PE ÎļþÍ·µÄÊý¾ÝĿ¼»ñÈ¡µ¼³ö±íµØÖ·
;********************************************************************
                mov     esi,_hModule
                add     esi,[esi + 3ch]
                assume  esi:ptr IMAGE_NT_HEADERS
                mov     esi,[esi].OptionalHeader.DataDirectory.VirtualAddress
                add     esi,_hModule
                assume  esi:ptr IMAGE_EXPORT_DIRECTORY
;********************************************************************
; ²éÕÒ·ûºÏÃû³ÆµÄµ¼³öº¯ÊýÃû
;********************************************************************
                mov     ebx,[esi].AddressOfNames
                add     ebx,_hModule
                xor     edx,edx
                .repeat
                        push    esi
                        mov     edi,[ebx]
                        add     edi,_hModule
                        mov     esi,_lpszApi
                        mov     ecx,@dwStringLength
                        repz    cmpsb
                        .if     ZERO?
                                pop     esi
                                jmp     @F
                        .endif
                        pop     esi
                        add     ebx,4
                        inc     edx
                .until  edx >=  [esi].NumberOfNames
                jmp     _Error
@@:
;********************************************************************
; APIÃû³ÆË÷Òý --> ÐòºÅË÷Òý --> µØÖ·Ë÷Òý
;********************************************************************
                sub     ebx,[esi].AddressOfNames
                sub     ebx,_hModule
                shr     ebx,1
                add     ebx,[esi].AddressOfNameOrdinals
                add     ebx,_hModule
                movzx   eax,word ptr [ebx]
                shl     eax,2
                add     eax,[esi].AddressOfFunctions
                add     eax,_hModule
;********************************************************************
; ´ÓµØÖ·±íµÃµ½µ¼³öº¯ÊýµØÖ·
;********************************************************************
                mov     eax,[eax]
                add     eax,_hModule
                mov     @dwReturn,eax
_Error:
                pop     fs:[0]
                add     esp,0ch
                assume  esi:nothing
                popad
                mov     eax,@dwReturn
                ret

_GetApi         endp
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
    


And here's how I've changed it so far to try to get it to compile
Code:
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
; ¹«ÓÃÄ£¿é£º_GetKernel.asm
; ¸ù¾Ý³ÌÐò±»µ÷ÓõÄʱºò¶ÑÕ»ÖÐÓиöÓÃÓÚ Ret µÄµØÖ·Ö¸Ïò Kernel32.dll
; ¶ø´ÓÄÚ´æÖÐɨÃè²¢»ñÈ¡ Kernel32.dll µÄ»ùÖ·
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
;
;
;
;
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
; ´íÎó Handler
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
include 'PeStructs.inc'

proc           _SEHHandler _lpExceptionRecord,_lpSEH,_lpContext,_lpDispatcherContext

                pushad
                mov     esi,[_lpExceptionRecord]
                mov     edi,[_lpContext]
;                assume  esi:ptr EXCEPTION_RECORD,edi:ptr CONTEXT
;                assume  edi:CONTEXT
                mov     eax,[_lpSEH]
                push   dword [eax + 0ch]
                pop     [edi+CONTEXT.regEbp]
                push    [eax + 8]
                pop     [edi.regEip]
                push    eax
                pop     [edi.regEsp]
;                assume  esi:nothing,edi:nothing
                popad
                mov     eax,ExceptionContinueExecution
                ret

;_SEHHandler
endp
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
; ÔÚÄÚ´æÖÐɨÃè Kernel32.dll µÄ»ùÖ·
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
proc           _GetKernelBase _dwKernelRet
                local   dd @dwReturn

                pushad
                mov     [@dwReturn],0
;********************************************************************
; Öض¨Î»
;********************************************************************
                call    @F
                @@:
                pop     ebx
                sub     ebx,@B
;********************************************************************
; ´´½¨ÓÃÓÚ´íÎó´¦ÀíµÄ SEH ½á¹¹
;********************************************************************
;                assume  fs:nothing
                push    ebp
                lea     eax,[ebx + _PageError]
                push    eax
                lea     eax,[ebx + _SEHHandler]
                push    eax
                push    [fs:0]
                mov     [fs:0],esp
;********************************************************************
; ²éÕÒ Kernel32.dll µÄ»ùµØÖ·
;********************************************************************
                mov     edi,[_dwKernelRet]
                and     edi,0ffff0000h
                .while  TRUE
;                        .if     word ptr [edi] == IMAGE_DOS_SIGNATURE
                        .if     word [edi] = IMAGE_DOS_SIGNATURE
                                mov     esi,edi
                                add     esi,[esi+003ch]
;                                .if word ptr [esi] == IMAGE_NT_SIGNATURE
                                .if word [esi] = IMAGE_NT_SIGNATURE
                                        mov     [dwReturn],edi
;                                        .break
jmp @f
                                .endif
                        .endif
                        _PageError:
                        sub     edi,010000h
;                        .break  .if edi < 070000000h
                        .if edi < 070000000h
jmp @f
                        .endif
                .endw
                @@:
                pop     [fs:0];fs:[0]
                add     esp,0ch
                popad
                mov     eax,@dwReturn
                ret

;_GetKernelBase
endp
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
; ´ÓÄÚ´æÖÐÄ£¿éµÄµ¼³ö±íÖлñȡij¸ö API µÄÈë¿ÚµØÖ·
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
proc           _GetApi _hModule,_lpszApi
                local  dd @dwReturn, dd @dwStringLength

                pushad
                mov     [@dwReturn],0
;********************************************************************
; Öض¨Î»
;********************************************************************
                call    @F
                @@:
                pop     ebx
                sub     ebx,@B
;********************************************************************
; ´´½¨ÓÃÓÚ´íÎó´¦ÀíµÄ SEH ½á¹¹
;********************************************************************
;                assume  fs:nothing
                push    ebp
                lea     eax,[ebx + _Error]
                push    eax
                lea     eax,[ebx + _SEHHandler]
                push    eax
                push    [fs:0];fs:[0]
                mov     [fs:0],esp
;********************************************************************
; ¼ÆËã API ×Ö·û´®µÄ³¤¶È£¨´øβ²¿µÄ0£©
;********************************************************************
                mov     edi,[_lpszApi]
                mov     ecx,-1
                xor     al,al
                cld
                repnz   scasb
                mov     ecx,edi
                sub     ecx,[_lpszApi]
                mov     [@dwStringLength],ecx
;********************************************************************
; ´Ó PE ÎļþÍ·µÄÊý¾ÝĿ¼»ñÈ¡µ¼³ö±íµØÖ·
;********************************************************************
                mov     esi,[_hModule]
                add     esi,[esi + 3ch]
;                assume  esi:ptr IMAGE_NT_HEADERS
;                mov     esi,[esi].OptionalHeader.DataDirectory.VirtualAddress
                mov     esi,[esi.OptionalHeader.DataDirectory.VirtualAddress]
                add     esi,[_hModule]
;                assume  esi:ptr IMAGE_EXPORT_DIRECTORY
;********************************************************************
; ²éÕÒ·ûºÏÃû³ÆµÄµ¼³öº¯ÊýÃû
;********************************************************************
                mov     ebx,[esi.AddressOfNames]
                add     ebx,[_hModule]
                xor     edx,edx
                .repeat
                        push    esi
                        mov     edi,[ebx]
                        add     edi,[_hModule]
                        mov     esi,[_lpszApi]
                        mov     ecx,@dwStringLength
                        repz    cmpsb
                        .if     ZERO?
                                pop     esi
                                jmp     @F
                        .endif
                        pop     esi
                        add     ebx,4
                        inc     edx
                .until  edx >=  [esi.NumberOfNames]
                jmp     _Error
@@:
;********************************************************************
; APIÃû³ÆË÷Òý --> ÐòºÅË÷Òý --> µØÖ·Ë÷Òý
;********************************************************************
                sub     ebx,[esi.AddressOfNames]
                sub     ebx,[_hModule]
                shr     ebx,1
                add     ebx,[esi.AddressOfNameOrdinals]
                add     ebx,[_hModule]
                movzx   eax,word [ebx];word ptr [ebx]
                shl     eax,2
                add     eax,[esi.AddressOfFunctions]
                add     eax,[_hModule]
;********************************************************************
; ´ÓµØÖ·±íµÃµ½µ¼³öº¯ÊýµØÖ·
;********************************************************************
                mov     eax,[eax]
                add     eax,[_hModule]
                mov     [@dwReturn],eax
_Error:
                pop     [fs:0]
                add     esp,0ch
;                assume  esi:nothing
                popad
                mov     eax,[@dwReturn]
                ret

;_GetApi
endp
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
    


P.S. here's the struct file I've made for it
Code:
;#define IMAGE_DOS_SIGNATURE                 0x5A4D      // MZ
;#define IMAGE_OS2_SIGNATURE                 0x454E      // NE
;#define IMAGE_OS2_SIGNATURE_LE              0x454C      // LE
;#define IMAGE_VXD_SIGNATURE                 0x454C      // LE
;#define IMAGE_NT_SIGNATURE                  0x00004550  // PE00
IMAGE_DOS_SIGNATURE    = 0x5A4D
IMAGE_OS2_SIGNATURE    = 0x454E
IMAGE_OS2_SIGNATURE_LE = 0x454C
IMAGE_VXD_SIGNATURE    = 0x454C
IMAGE_NT_SIGNATURE     = 0x00004550

;typedef struct _IMAGE_DOS_HEADER {      // DOS .EXE header
;    WORD   e_magic;                     // Magic number
;    WORD   e_cblp;                      // Bytes on last page of file
;    WORD   e_cp;                        // Pages in file
;    WORD   e_crlc;                      // Relocations
;    WORD   e_cparhdr;                   // Size of header in paragraphs
;    WORD   e_minalloc;                  // Minimum extra paragraphs needed
;    WORD   e_maxalloc;                  // Maximum extra paragraphs needed
;    WORD   e_ss;                        // Initial (relative) SS value
;    WORD   e_sp;                        // Initial SP value
;    WORD   e_csum;                      // Checksum
;    WORD   e_ip;                        // Initial IP value
;    WORD   e_cs;                        // Initial (relative) CS value
;    WORD   e_lfarlc;                    // File address of relocation table
;    WORD   e_ovno;                      // Overlay number
;    WORD   e_res[4];                    // Reserved words
;    WORD   e_oemid;                     // OEM identifier (for e_oeminfo)
;    WORD   e_oeminfo;                   // OEM information; e_oemid specific
;    WORD   e_res2[10];                  // Reserved words
;    LONG   e_lfanew;                    // File address of new exe header
;  } IMAGE_DOS_HEADER, *PIMAGE_DOS_HEADER;

struct IMAGE_DOS_HEADER
  e_magic       dw ?
  e_cblp        dw ?
  e_cp          dw ?
  e_crlc        dw ?
  e_cparhdr     dw ?
  e_minalloc    dw ?
  e_maxalloc    dw ?
  e_ss          dw ?
  e_sp          dw ?
  e_csum        dw ?
  e_ip          dw ?
  e_cs          dw ?
  e_lfarlc      dw ?
  e_ovno        dw ?
  e_res         dw 4 dup (?)
  e_oemid       dw ?
  e_oeminfo     dw ?
  e_res2        dw 10 dup (?)
  e_lfanew      dd ?
ends

;typedef struct _IMAGE_FILE_HEADER {
;    WORD    Machine;
;    WORD    NumberOfSections;
;    DWORD   TimeDateStamp;
;    DWORD   PointerToSymbolTable;
;    DWORD   NumberOfSymbols;
;    WORD    SizeOfOptionalHeader;
;    WORD    Characteristics;
;} IMAGE_FILE_HEADER, *PIMAGE_FILE_HEADER;

struct IMAGE_FILE_HEADER
  Machine                dw ?
  NumberOfSections       dw ?
  TimeDateStamp          dd ?
  PointerToSymbolTable   dd ?
  NumberOfSymbols        dd ?
  SizeOfOptionalHeader   dw ?
  Characteristics        dw ?
ends

;#define IMAGE_NUMBEROF_DIRECTORY_ENTRIES    16
IMAGE_NUMBEROF_DIRECTORY_ENTRIES = 16

;typedef struct _IMAGE_DATA_DIRECTORY {
;    DWORD   VirtualAddress;
;    DWORD   Size;
;} IMAGE_DATA_DIRECTORY, *PIMAGE_DATA_DIRECTORY;

struct IMAGE_DATA_DIRECTORY
  VirtualAddress        dd ?
  Size                  dd ?
ends

;typedef struct _IMAGE_OPTIONAL_HEADER {
;    //
;    // Standard fields.
;    //
;
;    WORD    Magic;
;    BYTE    MajorLinkerVersion;
;    BYTE    MinorLinkerVersion;
;    DWORD   SizeOfCode;
;    DWORD   SizeOfInitializedData;
;    DWORD   SizeOfUninitializedData;
;    DWORD   AddressOfEntryPoint;
;    DWORD   BaseOfCode;
;    DWORD   BaseOfData;
;
;    //
;    // NT additional fields.
;    //
;
;    DWORD   ImageBase;
;    DWORD   SectionAlignment;
;    DWORD   FileAlignment;
;    WORD    MajorOperatingSystemVersion;
;    WORD    MinorOperatingSystemVersion;
;    WORD    MajorImageVersion;
;    WORD    MinorImageVersion;
;    WORD    MajorSubsystemVersion;
;    WORD    MinorSubsystemVersion;
;    DWORD   Win32VersionValue;
;    DWORD   SizeOfImage;
;    DWORD   SizeOfHeaders;
;    DWORD   CheckSum;
;    WORD    Subsystem;
;    WORD    DllCharacteristics;
;    DWORD   SizeOfStackReserve;
;    DWORD   SizeOfStackCommit;
;    DWORD   SizeOfHeapReserve;
;    DWORD   SizeOfHeapCommit;
;    DWORD   LoaderFlags;
;    DWORD   NumberOfRvaAndSizes;
;    IMAGE_DATA_DIRECTORY DataDirectory[IMAGE_NUMBEROF_DIRECTORY_ENTRIES];
;} IMAGE_OPTIONAL_HEADER32, *PIMAGE_OPTIONAL_HEADER32;

struct IMAGE_OPTIONAL_HEADER32
  ;Standard fields.
  Magic                       dw ?
  MajorLinkerVersion          db ?
  MinorLinkerVersion          db ?
  SizeOfCode                  dd ?
  SizeOfInitializedData       dd ?
  SizeOfUninitializedData     dd ?
  AddressOfEntryPoint         dd ?
  BaseOfCode                  dd ?
  BaseOfData                  dd ?
  ;NT additional fields.
  ImageBase                   dd ?
  SectionAlignment            dd ?
  FileAlignment               dd ?
  MajorOperatingSystemVersion dw ?
  MinorOperatingSystemVersion dw ?
  MajorImageVersion           dw ?
  MinorImageVersion           dw ?
  MajorSubsystemVersion       dw ?
  MinorSubsystemVersion       dw ?
  Win32VersionValue           dd ?
  SizeOfImage                 dd ?
  SizeOfHeaders               dd ?
  CheckSum                    dd ?
  Subsystem                   dw ?
  DllCharacteristics          dw ?
  SizeOfStackReserve          dd ?
  SizeOfStackCommit           dd ?
  SizeOfHeapReserve           dd ?
  SizeOfHeapCommit            dd ?
  LoaderFlags                 dd ?
  NumberOfRvaAndSizes         dd ?
  DataDirectory               IMAGE_DATA_DIRECTORY; IMAGE_NUMBEROF_DIRECTORY_ENTRIES dup (?)
                              rb sizeof.IMAGE_DATA_DIRECTORY * (IMAGE_NUMBEROF_DIRECTORY_ENTRIES -1)
ends

;typedef struct _IMAGE_NT_HEADERS {
;    DWORD Signature;
;    IMAGE_FILE_HEADER FileHeader;
;    IMAGE_OPTIONAL_HEADER32 OptionalHeader;
;} IMAGE_NT_HEADERS32, *PIMAGE_NT_HEADERS32;

struct IMAGE_NT_HEADERS32
  Signature      dd ?
  FileHeader     IMAGE_FILE_HEADER
  OptionalHeader IMAGE_OPTIONAL_HEADER32
ends

struct IMAGE_NT_HEADERS
  Signature      dd ?
  FileHeader     IMAGE_FILE_HEADER
  OptionalHeader IMAGE_OPTIONAL_HEADER32
ends

SIZE_OF_80387_REGISTERS equ 80
;struct FLOATING_SAVE_AREA
;  ControlWord        dd ?
;  StatusWord         dd ?
;  TagWord            dd ?
;  ErrorOffset        dd ?
;  ErrorSelector      dd ?
;  DataOffset         dd ?
;  DataSelector       dd ?
;  RegisterArea       rb SIZE_OF_80387_REGISTERS
;  Cr0NpxStatedd      dd ?
ends 
MAXIMUM_SUPPORTED_EXTENSION equ 512
struct CONTEXT
  ContextFlags            DW ?
  iDr0                    DW ?
  iDr1                    DW ?
  iDr2                    DW ?
  iDr3                    DW ?
  iDr6                    DW ?
  iDr7                    DW ?
; FloatSave               FLOATING_SAVE_AREA
  FloatSave
    ControlWord        dd ?
    StatusWord         dd ?
    TagWord            dd ?
    ErrorOffset        dd ?
    ErrorSelector      dd ?
    DataOffset         dd ?
    DataSelector       dd ?
    RegisterArea       rb SIZE_OF_80387_REGISTERS
    Cr0NpxStatedd      dd ?
  ends
  regGs                   DW ?
  regFs                   DW ?
  regEs                   DW ?
  regDs                   DW ?
  regEdi                  DW ?
  regEsi                  DW ?
  regEbx                  DW ?
  regEdx                  DW ?
  regEcx                  DW ?
  regEax                  DW ?
  regEbp                  DW ?
  regEip                  DW ?
  regCs                   DW ?
  regFlag                 DW ?
  regEsp                  DW ?
  regSs                   DW ?
  Extendedregisters       DB MAXIMUM_SUPPORTED_EXTENSION DUP (?)
ends


;struct CONTEXT
;Fpr0 dq ?
;Fpr1 dq ?
;Fpr2 dq ?
;Fpr3 dq ?
;Fpr4 dq ?
;Fpr5 dq ?
;Fpr6 dq ?
;Fpr7 dq ?
;Fpr8 dq ?
;Fpr9 dq ?
;Fpr10 dq ?
;Fpr11 dq ?
;Fpr12 dq ?
;Fpr13 dq ?
;Fpr14 dq ?
;Fpr15 dq ?
;Fpr16 dq ?
;Fpr17 dq ?
;Fpr18 dq ?
;Fpr19 dq ?
;Fpr20 dq ?
;Fpr21 dq ?
;Fpr22 dq ?
;Fpr23 dq ?
;Fpr24 dq ?
;Fpr25 dq ?
;Fpr26 dq ?
;Fpr27 dq ?
;Fpr28 dq ?
;Fpr29 dq ?
;Fpr30 dq ?
;Fpr31 dq ?
;Fpscr dq ?
;Gpr0 dw ?
;Gpr1 dw ?
;Gpr2 dw ?
;Gpr3 dw ?
;Gpr4 dw ?
;Gpr5 dw ?
;Gpr6 dw ?
;Gpr7 dw ?
;Gpr8 dw ?
;Gpr9 dw ?
;Gpr10 dw ?
;Gpr11 dw ?
;Gpr12 dw ?
;Gpr13 dw ?
;Gpr14 dw ?
;Gpr15 dw ?
;Gpr16 dw ?
;Gpr17 dw ?
;Gpr18 dw ?
;Gpr19 dw ?
;Gpr20 dw ?
;Gpr21 dw ?
;Gpr22 dw ?
;Gpr23 dw ?
;Gpr24 dw ?
;Gpr25 dw ?
;Gpr26 dw ?
;Gpr27 dw ?
;Gpr28 dw ?
;Gpr29 dw ?
;Gpr30 dw ?
;Gpr31 dw ?
;Cr dw ?
;Xer dw ?
;Msr dw ?
;Iar dw ?
;Lr dw ?
;Ctr dw ?
;ContextFlags dw ?
;Fill dw 3 dup ?
;Dr0 dw ?
;Dr1 dw ?
;Dr2 dw ?
;Dr3 dw ?
;Dr4 dw ?
;Dr5 dw ?
;Dr6 dw ?
;Dr7 dw ?
;ends


;#define IMAGE_SIZEOF_SHORT_NAME              8
IMAGE_SIZEOF_SHORT_NAME = 8

;typedef struct _IMAGE_SECTION_HEADER {
;    BYTE    Name[IMAGE_SIZEOF_SHORT_NAME];
;    union {
;            DWORD   PhysicalAddress;
;            DWORD   VirtualSize;
;    } Misc;
;    DWORD   VirtualAddress;
;    DWORD   SizeOfRawData;
;    DWORD   PointerToRawData;
;    DWORD   PointerToRelocations;
;    DWORD   PointerToLinenumbers;
;    WORD    NumberOfRelocations;
;    WORD    NumberOfLinenumbers;
;    DWORD   Characteristics;
;} IMAGE_SECTION_HEADER, *PIMAGE_SECTION_HEADER;

struct IMAGE_SECTION_HEADER
  Name      db IMAGE_SIZEOF_SHORT_NAME dup (?)
  union
    PhysicalAddress     dd ?
    VirtualSize         dd ?
  ends
  VirtualAddress        dd ?
  SizeOfRawData         dd ?
  PointerToRawData      dd ?
  PointerToRelocations  dd ?
  PointerToLinenumbers  dd ?
  NumberOfRelocations   dw ?
  NumberOfLinenumbers   dw ?
  Characteristics       dd ?
ends

;typedef struct _IMAGE_IMPORT_DESCRIPTOR {
;    union {
;        DWORD   Characteristics;            // 0 for terminating null import descriptor
;        DWORD   OriginalFirstThunk;         // RVA to original unbound IAT (PIMAGE_THUNK_DATA)
;    };
;    DWORD   TimeDateStamp;                  // 0 if not bound,
;                                            // -1 if bound, and real date\time stamp
;                                            //     in IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT (new BIND)
;                                            // O.W. date/time stamp of DLL bound to (Old BIND)
;
;    DWORD   ForwarderChain;                 // -1 if no forwarders
;    DWORD   Name;
;    DWORD   FirstThunk;                     // RVA to IAT (if bound this IAT has actual addresses)
;} IMAGE_IMPORT_DESCRIPTOR;
;typedef IMAGE_IMPORT_DESCRIPTOR UNALIGNED *PIMAGE_IMPORT_DESCRIPTOR;

struct IMAGE_IMPORT_DESCRIPTOR
  union
    Characteristics     dd ?
    OriginalFirstThunk  dd ?
  ends
  TimeDateStamp         dd ?
  ForwarderChain        dd ?
  Name                  dd ?
  FirstThunk            dd ?
ends

;typedef struct _IMAGE_IMPORT_BY_NAME {
;    WORD    Hint;
;    BYTE    Name[1];
;} IMAGE_IMPORT_BY_NAME, *PIMAGE_IMPORT_BY_NAME;

struct IMAGE_IMPORT_BY_NAME
  Hint      dw ?
  Name      db 1 dup (?)
ends

;typedef struct _IMAGE_THUNK_DATA32 {
;    union {
;        DWORD ForwarderString;      // PBYTE
;        DWORD Function;             // PDWORD
;        DWORD Ordinal;
;        DWORD AddressOfData;        // PIMAGE_IMPORT_BY_NAME
;    } u1;
;} IMAGE_THUNK_DATA32;

struct IMAGE_THUNK_DATA32
  union
    ForwarderString     dd ?
    Function            dd ?
    Ordinal             dd ?
    AddressOfData       dd ?
  ends
ends

;#define IMAGE_ORDINAL_FLAG32 0x80000000
IMAGE_ORDINAL_FLAG32 = 0x80000000

IMAGE_SCN_TYPE_REG = 0x00000000         ;Reserved.
IMAGE_SCN_TYPE_DSECT = 0x00000001       ;Reserved.
IMAGE_SCN_TYPE_NOLOAD = 0x00000002      ;Reserved.
IMAGE_SCN_TYPE_GROUP = 0x00000004       ;Reserved.
IMAGE_SCN_TYPE_NO_PAD = 0x00000008      ;Reserved.
IMAGE_SCN_TYPE_COPY = 0x00000010        ;Reserved.
IMAGE_SCN_CNT_CODE = 0x00000020         ;Section contains executable code.
IMAGE_SCN_CNT_INITIALIZED_DATA = 0x00000040     ;Section contains initialized data.
IMAGE_SCN_CNT_UNINITIALIZED_DATA = 0x00000080   ;Section contains uninitialized data.
IMAGE_SCN_LNK_OTHER = 0x00000100        ;Reserved.
IMAGE_SCN_LNK_INFO = 0x00000200         ;Reserved.
IMAGE_SCN_TYPE_OVER = 0x00000400        ;Reserved.
IMAGE_SCN_LNK_COMDAT = 0x00001000       ;Section contains COMDAT data.
IMAGE_SCN_MEM_FARDATA = 0x00008000      ;Reserved.
IMAGE_SCN_MEM_PURGEABLE = 0x00020000    ;Reserved.
IMAGE_SCN_MEM_16BIT = 0x00020000        ;Reserved.
IMAGE_SCN_MEM_LOCKED = 0x00040000       ;Reserved.
IMAGE_SCN_MEM_PRELOAD = 0x00080000      ;Reserved.
IMAGE_SCN_ALIGN_1BYTES = 0x00100000     ;Align data on a 1-byte boundary.
IMAGE_SCN_ALIGN_2BYTES = 0x00200000     ;Align data on a 2-byte boundary.
IMAGE_SCN_ALIGN_4BYTES = 0x00300000     ;Align data on a 4-byte boundary.
IMAGE_SCN_ALIGN_8BYTES = 0x00400000     ;Align data on a 8-byte boundary.
IMAGE_SCN_ALIGN_16BYTES = 0x00500000    ;Align data on a 16-byte boundary.
IMAGE_SCN_ALIGN_32BYTES = 0x00600000    ;Align data on a 32-byte boundary.
IMAGE_SCN_ALIGN_64BYTES = 0x00700000    ;Align data on a 64-byte boundary.
IMAGE_SCN_ALIGN_128BYTES = 0x00800000   ;Align data on a 128-byte boundary.
IMAGE_SCN_ALIGN_256BYTES = 0x00900000   ;Align data on a 256-byte boundary.
IMAGE_SCN_ALIGN_512BYTES = 0x00A00000   ;Align data on a 512-byte boundary.
IMAGE_SCN_ALIGN_1024BYTES = 0x00B00000  ;Align data on a 1024-byte boundary.
IMAGE_SCN_ALIGN_2048BYTES = 0x00C00000  ;Align data on a 2048-byte boundary.
IMAGE_SCN_ALIGN_4096BYTES = 0x00D00000  ;Align data on a 4096-byte boundary.
IMAGE_SCN_ALIGN_8192BYTES = 0x00E00000  ;Align data on a 8192-byte boundary.
IMAGE_SCN_LNK_NRELOC_OVFL = 0x01000000  ;Section contains extended relocations.
IMAGE_SCN_MEM_DISCARDABLE = 0x02000000  ;Section can be discarded as needed.
IMAGE_SCN_MEM_NOT_CACHED = 0x04000000   ;Section cannot be cached.
IMAGE_SCN_MEM_NOT_PAGED = 0x08000000    ;Section cannot be paged.
IMAGE_SCN_MEM_SHARED = 0x10000000       ;Section can be shared in memory.
IMAGE_SCN_MEM_EXECUTE = 0x20000000      ;Section can be executed as code.
IMAGE_SCN_MEM_READ = 0x40000000         ;Section can be read.
IMAGE_SCN_MEM_WRITE = 0x80000000        ;Section can be written to.    
most of it came from this forum, and some from MSDN and random pages found on Google.
Post 07 Feb 2009, 00:57
View user's profile Send private message Send e-mail AIM Address Yahoo Messenger MSN Messenger ICQ Number Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 20343
Location: In your JS exploiting you and your system
revolution 07 Feb 2009, 01:06
Azu: Please don't just post the MASM file, post the fasm file that you made that shows the error you mention above. Even better if you can make it minimal. That way will give you the best chance that someone can help you to fix it.
Post 07 Feb 2009, 01:06
View user's profile Send private message Visit poster's website Reply with quote
Azu



Joined: 16 Dec 2008
Posts: 1159
Azu 07 Feb 2009, 01:10
I don't know what ASM it is, sorry. I just thought you wanted the file. So I posted the original one and the one I partially converted to FASM, and the structs file I made for it. Did you mean something else? Confused

The only other file is this
Code:
use32
format PE GUI 4.0
include 'J:\fasmw16727\INCLUDE\win32ax.inc'
include '_GetKernel.asm'
section '.text' code readable executable
ret    

My attempt to get the files I listed above included and compiling.
Post 07 Feb 2009, 01:10
View user's profile Send private message Send e-mail AIM Address Yahoo Messenger MSN Messenger ICQ Number Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 20343
Location: In your JS exploiting you and your system
revolution 07 Feb 2009, 01:25
Yes, now we have a complete fasm source file. By ASM I just meant the file with the .asm extension.


Last edited by revolution on 07 Feb 2009, 03:29; edited 1 time in total
Post 07 Feb 2009, 01:25
View user's profile Send private message Visit poster's website Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 20343
Location: In your JS exploiting you and your system
revolution 07 Feb 2009, 01:52
Oh shucks, I just realised as I got out the door that you are using UPPERCASE for DW and DD etc. The struct macro only supports lower case. Change them all to lower case.
Post 07 Feb 2009, 01:52
View user's profile Send private message Visit poster's website Reply with quote
Azu



Joined: 16 Dec 2008
Posts: 1159
Azu 07 Feb 2009, 01:56
Thanks!

It still errors out in the same places though x_x

Is there something else I have to do besides saving the file and restarting FASMW.exe?

BTW this compiles and runs without error
Code:
include 'J:\fasmw16727\INCLUDE\win32ax.inc'
struct foo
bar DD ?
ends
ret    
Post 07 Feb 2009, 01:56
View user's profile Send private message Send e-mail AIM Address Yahoo Messenger MSN Messenger ICQ Number Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 20343
Location: In your JS exploiting you and your system
revolution 07 Feb 2009, 03:17
I changed just this part only and it compiled fine for me:
Code:
SIZE_OF_80387_REGISTERS = 80
struct FLOATING_SAVE_AREA
  ControlWord        dd ?
  StatusWord         dd ?
  TagWord            dd ?
  ErrorOffset        dd ?
  ErrorSelector      dd ?
  DataOffset         dd ?
  DataSelector       dd ?
  RegisterArea       rb SIZE_OF_80387_REGISTERS
  Cr0NpxStatedd      dd ?
ends
MAXIMUM_SUPPORTED_EXTENSION = 512
struct CONTEXT
  ContextFlags            dd ?
  iDr0                    dd ?
  iDr1                    dd ?
  iDr2                    dd ?
  iDr3                    dd ?
  iDr6                    dd ?
  iDr7                    dd ?
  FloatSave               FLOATING_SAVE_AREA
  regGs                   dd ?
  regFs                   dd ?
  regEs                   dd ?
  regDs                   dd ?
  regEdi                  dd ?
  regEsi                  dd ?
  regEbx                  dd ?
  regEdx                  dd ?
  regEcx                  dd ?
  regEax                  dd ?
  regEbp                  dd ?
  regEip                  dd ?
  regCs                   dd ?
  regFlag                 dd ?
  regEsp                  dd ?
  regSs                   dd ?
  Extendedregisters       rb MAXIMUM_SUPPORTED_EXTENSION
ends    
Post 07 Feb 2009, 03:17
View user's profile Send private message Visit poster's website Reply with quote
Azu



Joined: 16 Dec 2008
Posts: 1159
Azu 07 Feb 2009, 03:34
Thanks so much!

I just changed the db to rb and now it works perfect. Very Happy
Time for me to go make something with it now.




Edit: nevermind.. I tried to shorten my example file for you and I guess since I didn't call anything from the file in it, it wasn't trying to compile it, and that's why no errors...


This " local dd @dwReturn" errors saying undefined symbol (I thought the point of this instruction is to define it???) it was "local @dwReturn " before which says illegal instruction..


Here is example that gives the compiler errors..
Code:
use32
format PE GUI 4.0
include 'J:\fasmw16727\INCLUDE\win32ax.inc'
include '_GetKernel.asm'
section '.text' code readable executable
ret
invoke  _GetKernelBase    
Post 07 Feb 2009, 03:34
View user's profile Send private message Send e-mail AIM Address Yahoo Messenger MSN Messenger ICQ Number Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 20343
Location: In your JS exploiting you and your system
revolution 07 Feb 2009, 03:39
Inside a proc macro local must be used like this:
Code:
local somevar:DWORD    
Notice that it is uppercase for the DWORD to work properly.
Post 07 Feb 2009, 03:39
View user's profile Send private message Visit poster's website Reply with quote
Azu



Joined: 16 Dec 2008
Posts: 1159
Azu 07 Feb 2009, 03:45
Okay.. I tried putting it as "local DWORD:@dwReturn" but it still says illegal instruction? Confused
Post 07 Feb 2009, 03:45
View user's profile Send private message Send e-mail AIM Address Yahoo Messenger MSN Messenger ICQ Number Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  
Goto page 1, 2  Next

< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2024, Tomasz Grysztar. Also on GitHub, YouTube.

Website powered by rwasa.