The MASM Forum

General => The Laboratory => Topic started by: jangogrand on August 11, 2017, 09:55:10 AM

Title: help about native api
Post by: jangogrand on August 11, 2017, 09:55:10 AM
hi i try to use RtlCompareString to compare 2 strings , when i run that code in ollydbg it get bloked  any help please , about how to display RtlCompareString result, thank you

.386
.model flat, stdcall
option casemap:none
includelib C:\masm32\lib\kernel32.lib
includelib C:\masm32\lib\user32.lib
includelib C:\masm32\lib\ntdll.lib
include C:\masm32\include\kernel32.inc
include C:\masm32\include\user32.inc
include C:\masm32\include\windows.inc
include C:\masm32\include\ntdll.inc
.data

s1 db "abcd",0
s2 db "ab",0
.code
Main:
invoke RtlCompareString, OFFSET s1, OFFSET s2, TRUE

mov ebx,eax

end Main
Title: Re: help about native api
Post by: hutch-- on August 11, 2017, 10:30:42 AM
Just check a couple of things, make sure RtlCompareString is in both the library and include file and if that is not correct, try calling the API with LoadLibrary / GetProcAddress and close it on exit with FreeLibrary. I don't use Olly but you may need to check if it has the symbols for ntdll.dll.
Title: Re: help about native api
Post by: jangogrand on August 11, 2017, 10:47:33 AM
yes  RtlCompareString is in both the library and include file , and i have use msgbox to dispaly the result but it not work

.386
.model flat, stdcall
option casemap:none
includelib C:\masm32\lib\kernel32.lib
includelib C:\masm32\lib\user32.lib
includelib C:\masm32\lib\ntdll.lib
include C:\masm32\include\kernel32.inc  ;cotient les prototype des function
include C:\masm32\include\user32.inc
include C:\masm32\include\windows.inc
include C:\masm32\include\ntdll.inc
.data

s1 db "abcd",0
s2 db "ab",0

MsgTitle db "My First MessageBox",0
.code
Main:
mov eax,0
invoke RtlCompareString, OFFSET s1, OFFSET s2, TRUE

mov ebx,eax
invoke MessageBoxA, NULL,  ebx, OFFSET MsgTitle, NULL

end Main

can please show me the technique  calling the API with LoadLibrary / GetProcAddress

thank you
Title: Re: help about native api
Post by: jj2007 on August 11, 2017, 10:48:21 AM
A quick example:
Code: [Select]
include \masm32\include\masm32rt.inc
uselib ntdll

.data
Src1a dw 20, 20
dd Src1
Src1 db "abcde", 0
Src2a dw 20, 20
dd Src2
Src2 db "abcdef", 0
.code
start:
  invoke RtlCompareString, addr Src1a, addr Src2a, 0
  inkey str$(eax), " returned", 13, 10
  exit
end start

It works. What do you need it for?

- google for "counted string"
- read the forum rules regarding black hat activities
- study this two-pager (http://www.webalice.it/jj2006/Masm32_Tips_Tricks_and_Traps.htm)
Title: Re: help about native api
Post by: jangogrand on August 11, 2017, 11:01:23 AM
hi thank you jj2007 , but i dont understand your code , why you use dw 20, 20
and what that line mean inkey str$(eax), " returned", 13, 10

i need the program fro stading how to use native api with masm
thank you
Title: Re: help about native api
Post by: jj2007 on August 11, 2017, 11:07:37 AM
- inkey str$(): \Masm32\help\hlhelp.chm, macro categories, string macros
- dw 20, 20: google for "counted strings"

Here is a better example:
Code: [Select]
include \masm32\include\masm32rt.inc
uselib ntdll

.data
Src1a dw 5, 5 ; min, max
dd Src1
Src1 db "abcde", 0
Src2a dw 6, 6
dd Src2
Src2 db "ABCDEF", 0
.code
start:
  invoke RtlCompareString, addr Src2a, addr Src1a, 0
  print str$(eax), " returned", 13, 10
  invoke RtlCompareString, addr Src2a, addr Src1a, 1
  inkey str$(eax), " returned", 13, 10
  exit
end start

Why do you want to use "native api" with Masm...?
Title: Re: help about native api
Post by: jangogrand on August 11, 2017, 11:15:08 AM
how i can get the result , are it stored in eax can we desplay it using msgbox , ur program when i open it with ollydbg it give eax >0 when the 2 string are same and that is not the correct result
Title: Re: help about native api
Post by: felipe on August 11, 2017, 11:16:50 AM

.386
.model flat, stdcall
option casemap:none
includelib C:\masm32\lib\kernel32.lib
includelib C:\masm32\lib\user32.lib
includelib C:\masm32\lib\ntdll.lib
include C:\masm32\include\kernel32.inc
include C:\masm32\include\user32.inc
include C:\masm32\include\windows.inc
include C:\masm32\include\ntdll.inc

Don't you need to put windows.inc declaration first of all?
Title: Re: help about native api
Post by: jangogrand on August 11, 2017, 11:21:37 AM
jj2007 the program is not displaying any result , i have test it on my windows xp on virtualbox.

felipe we can put windows.inc any where
Title: Re: help about native api
Post by: felipe on August 11, 2017, 12:16:14 PM

felipe we can put windows.inc any where

Yeah, seems as you are right.
Title: Re: help about native api
Post by: aw27 on August 11, 2017, 02:58:53 PM

Hello jangogrande

This is how you should use the function, most examples here are pure crap.

 
Code: [Select]
.386

.model Flat, STDCALL
option Casemap :None

TRUE equ 1

includelib \masm32\lib\ntdll.lib
RtlCompareString PROTO STDCALL :ptr,:ptr,:BYTE

includelib \masm32\lib\msvcrt.lib
printf PROTO C :ptr, :vararg

_STRING struct
_Length word ?
_Maximumlength word ?
_Buffer dword ?
_STRING ends

.data
s1 db "abcd" ;
s2 db "bab"
format db 'result: %d',13,10,0

.code

main proc
LOCAL str1 : _STRING
LOCAL str2 : _STRING

mov str1._Length, LENGTHOF s1
mov str1._Maximumlength, LENGTHOF s1
mov eax, offset s1
mov str1._Buffer, eax

mov str2._Length, LENGTHOF s2
mov str2._Maximumlength, LENGTHOF s2
mov eax, offset s2
mov str2._Buffer, eax

INVOKE RtlCompareString, addr str1, addr str2, TRUE

INVOKE printf, addr format, eax ; should display negative

ret
main endp

end main

Beware also that the prototype of RtlCompareString is wrong in the NtDll.inc include file.

Title: Re: help about native api
Post by: aw27 on August 11, 2017, 03:04:26 PM
Hello jangogrande

This is how you should use the function, most examples here are misleading (or pure crap).

 
Code: [Select]
.386

.model Flat, STDCALL
option Casemap :None

TRUE equ 1

includelib \masm32\lib\ntdll.lib
RtlCompareString PROTO STDCALL :ptr,:ptr,:BYTE

includelib \masm32\lib\msvcrt.lib
printf PROTO C :ptr, :vararg

_STRING struct
_Length word ?
_Maximumlength word ?
_Buffer dword ?
_STRING ends

.data
s1 db "abcd" ;
s2 db "bab"
format db 'result: %d',13,10,0

.code

main proc
LOCAL str1 : _STRING
LOCAL str2 : _STRING

mov str1._Length, LENGTHOF s1
mov str1._Maximumlength, LENGTHOF s1
mov eax, offset s1
mov str1._Buffer, eax

mov str2._Length, LENGTHOF s2
mov str2._Maximumlength, LENGTHOF s2
mov eax, offset s2
mov str2._Buffer, eax

INVOKE RtlCompareString, addr str1, addr str2, TRUE

INVOKE printf, addr format, eax ; should display negative

ret
main endp

end main

Beware also that the prototype of RtlCompareString is wrong in the NtDll.inc include file.
Title: Re: help about native api
Post by: hutch-- on August 11, 2017, 03:51:03 PM
 :biggrin:

Microsoft C prototype

 ; LONG RtlCompareString(
 ;   _In_ const STRING  *String1,
 ;   _In_ const STRING  *String2,
 ;   _In_       BOOLEAN CaseInSensitive
 ; );


MASM32 prototype

RtlCompareString PROTO STDCALL :DWORD,:DWORD,:DWORD


aw prototype

RtlCompareString PROTO STDCALL :ptr,:ptr,:BYTE


MASM32 version of ntdll.dll internal data

RtlCompareString@12
__imp__RtlCompareString@12


The data for the linker says 3 x DWORD values.
Title: Re: help about native api
Post by: hutch-- on August 11, 2017, 04:00:23 PM
aw,

I built your version but it does not run on my Win10 64. Builds OK, just does nothing.

Running this,

    LOCAL hLib  :DWORD
    LOCAL pFnc  :DWORD
    LOCAL rval  :DWORD

    mov hLib, rv(LoadLibrary,"ntdll.dll")
    print str$(hLib)," Library handle",13,10

    mov pFnc, rv(GetProcAddress,hLib,"RtlCompareString")
    print str$(pFnc)," Procedure address",13,10

    push FALSE
    push ptx3
    push ptx1
    call pFnc
    mov rval, eax


Mine crashes.
Title: Re: help about native api
Post by: aw27 on August 11, 2017, 04:03:06 PM
The data for the linker says 3 x DWORD values.
For the linker will always be a multiple of 4 because you can not push a byte on the stack.  :P
Title: Re: help about native api
Post by: aw27 on August 11, 2017, 04:21:57 PM
aw,
I built your version but it does not run on my Win10 64. Builds OK, just does nothing.

Hutch,

This works in windows 10 64-bit, now i use ExitProcess.
You don't need to use GetProcAddress, the function has been around since Windows 2000.

Code: [Select]
.386

.model Flat, STDCALL
option Casemap :None

TRUE equ 1

includelib \masm32\lib\ntdll.lib
RtlCompareString PROTO STDCALL :ptr,:ptr,:BYTE

includelib \masm32\lib\msvcrt.lib
printf PROTO C :ptr, :vararg

includelib \masm32\lib\kernel32.lib
ExitProcess proto :dword

_STRING struct
_Length word ?
_Maximumlength word ?
_Buffer dword ?
_STRING ends

.data
s1 db "abcd" ;
s2 db "Bbcd" ;
format db 'result: %d',13,10,0

.code

main proc
LOCAL str1 : _STRING
LOCAL str2 : _STRING

mov str1._Length, LENGTHOF s1
mov str1._Maximumlength, LENGTHOF s1
mov eax, offset s1
mov str1._Buffer, eax

mov str2._Length, LENGTHOF s2
mov str2._Maximumlength, LENGTHOF s2
mov eax, offset s2
mov str2._Buffer, eax

INVOKE RtlCompareString, addr str1, addr str2, TRUE

INVOKE printf, addr format, eax ; should display negative

INVOKE ExitProcess,0
main endp

end main
Title: Re: help about native api
Post by: hutch-- on August 11, 2017, 05:03:32 PM
 :biggrin:

This revelation does not make either yours or mine work in win 10 64 bit.  :P
Title: Re: help about native api
Post by: aw27 on August 11, 2017, 05:31:47 PM
:biggrin:

This revelation does not make either yours or mine work in win 10 64 bit.  :P

Mine works in "my" Windows 10 64-bit Build 15063.483  Version 1703
I built it with 100% Genuine ™ Microsoft ® products, namely MASM.EXE and LINK.EXE :lol:
Title: Re: help about native api
Post by: jangogrand on August 11, 2017, 05:54:49 PM
thank you aw27 it work fine  :t
Title: Re: help about native api
Post by: hutch-- on August 11, 2017, 06:03:33 PM
shrug,

Microsoft Windows [Version 10.0.14393]
(c) 2016 Microsoft Corporation. All rights reserved.

Doesn't work here.

LATER : The exit process fixed it.

K:\asm32\RtlCmpStr\aw>aw
result: -1

Title: Re: help about native api
Post by: jj2007 on August 11, 2017, 06:46:53 PM
ur program when i open it with ollydbg it give eax >0 when the 2 string are same and that is not the correct result

jj2007 the program is not displaying any result

Did you assemble it as console app?

Did you understand this line?
Code: [Select]
Src1a dw 5, 5 ; min, max
My example may be "pure crap", as aw27 puts it in his usual educated style of communication, but it works perfectly. It even returns 0 for the case-insensitive comparison of abcd vs ABCD, but you must understand the min, max line above. And you would certainly understand it if you had followed my advice to google for "counted strings". Now, please answer my question why you want to use the native API. Or better: Why do you want to use the native API, are the CRT functions not available?

P.S.: The 64-bit equivalent - project attached.
Code: [Select]
include \Masm32\MasmBasic\Res\JBasic.inc ; ## 64-bit demo, builds with ML and UAsm ##
.data
Src1a dd 5, 5 ; min, max
dq Src1
Src1 db "abcde", 0
Src2a dd 5, 5
dq Src2
Src2 db "ABCDE", 0
.code
Init
  Print Chr$("This code was assembled with ", @AsmUsed$(1), " in ", jbit$, "-bit format", 13, 10, 10)
  jinvoke RtlCompareString, addr Src2a, addr Src1a, 0
  Print Str$("%i returned\n", rax)
  jinvoke RtlCompareString, addr Src2a, addr Src1a, 1
  Inkey Str$("%i returned\n", rax)
EndOfCode

Output:
Code: [Select]
This code was assembled with ml64 in 64-bit format

-32 returned
0 returned
Title: Re: help about native api
Post by: aw27 on August 11, 2017, 07:02:29 PM
The example is pure crap because:
1) it does not evidence that you are dealing with a structure.
2) You are using NULL terminated strings which proves that you simply don't know what counted string are used for.
3) There is no min and max. There is the size of the string and the maximum number of characters in the buffer.
4) It is ridiculous to ask "why do you want this? Is it for malware production?". Come on, not everybody is in the Charles Petzold era, you must not assume that people that want to know more than you are producing ramsonware.
Title: Re: help about native api
Post by: jj2007 on August 11, 2017, 07:24:26 PM
Note that in the 64-bit example the min max fields are DWORDs, while they are WORDs in 32-bit land.

A short and crispy explanation of counted strings is here (http://www.cs.yale.edu/homes/aspnes/pinewiki/C(2f)Strings.html).

you must not assume that people that want to know more than you are producing ramsonware.

You are young and naive, José. And uneducated :greensml:
(http://www.atelierweb.com/wp-content/localimgs/gallery/jose.png)
Title: Re: help about native api
Post by: TWell on August 11, 2017, 07:29:01 PM
RtlCompareString uses
https://msdn.microsoft.com/en-us/library/windows/hardware/ff540605(v=vs.85).aspx
Code: [Select]
typedef struct _STRING {
  USHORT Length;
  USHORT MaximumLength;
  PCHAR  Buffer;
} ANSI_STRING, *PANSI_STRING;

RtlCompareUnicodeString uses
https://msdn.microsoft.com/en-us/library/windows/desktop/aa380518(v=vs.85).aspx
Code: [Select]
typedef struct _LSA_UNICODE_STRING {
  USHORT Length;
  USHORT MaximumLength;
  PWSTR  Buffer;
} LSA_UNICODE_STRING, *PLSA_UNICODE_STRING, UNICODE_STRING, *PUNICODE_STRING;

EDIT: in NtDef.h
Code: [Select]
typedef struct _STRING {
    __maybevalid USHORT Length;
    __maybevalid USHORT MaximumLength;
#ifdef MIDL_PASS
    [size_is(MaximumLength), length_is(Length) ]
#endif // MIDL_PASS
    __field_bcount_part_opt(MaximumLength, Length) PCHAR Buffer;
} STRING;
typedef STRING *PSTRING;
typedef STRING ANSI_STRING;
typedef PSTRING PANSI_STRING;
Title: Re: help about native api
Post by: jangogrand on August 11, 2017, 07:35:09 PM
thank you  aw27  , now i try to use LoadLibraryA :


.386
.model flat, stdcall
option casemap:none
includelib C:\masm32\lib\kernel32.lib
includelib C:\masm32\lib\user32.lib
includelib C:\masm32\lib\ntdll.lib
includelib C:\masm32\lib\msvcrt.lib
include C:\masm32\include\kernel32.inc  ;cotient les prototype des function
include C:\masm32\include\user32.inc
include C:\masm32\include\windows.inc
RtlCompareString PROTO STDCALL :ptr,:ptr,:BYTE
printf PROTO C :ptr, :vararg
ExitProcess proto :dword
TRUE equ 1
_STRING struct
   _Length word ?
   _Maximumlength word ?
   _Buffer dword ?
_STRING ends

.data
lMod dd ?
s1 db "abcdpom" ;
s2 db "abcd" ;
format db 'result: %d',13,10,0
Fapi db "RtlCompareString",0
Flib db "ntdll",0

.code

main proc
   LOCAL str1 : _STRING
   LOCAL str2 : _STRING
   
   mov str1._Length, LENGTHOF s1
   mov str1._Maximumlength, LENGTHOF s1
   mov eax, offset s1
   mov str1._Buffer, eax
   
   mov str2._Length, LENGTHOF s2
   mov str2._Maximumlength, LENGTHOF s2
   mov eax, offset s2
   mov str2._Buffer, eax
   

invoke LoadLibraryA, OFFSET Flib
invoke GetProcAddress, eax, OFFSET Fapi
mov lMod,eax

push  str1
push  str2
push 1
call lMod
   
   INVOKE printf, addr format, eax ; should display negative
   
   INVOKE ExitProcess,0
main endp

end main

i get error about "push  str1 " ad "push  str2"  i have also try offset but i still get the error
Title: Re: help about native api
Post by: jangogrand on August 11, 2017, 07:36:43 PM
 jj2007  iam not try to make some malware , is only for education
Title: Re: help about native api
Post by: aw27 on August 11, 2017, 07:42:54 PM

I can not test more (JJ can assist you  :badgrin:), but it appears that you are pushing the parameters in the wrong order, i.e left to right.
Title: Re: help about native api
Post by: jj2007 on August 11, 2017, 07:43:19 PM
RtlCompareString uses
https://msdn.microsoft.com/en-us/library/windows/hardware/ff540605(v=vs.85).aspx
Code: [Select]
typedef struct _STRING {
  USHORT Length;
  USHORT MaximumLength;
  PCHAR  Buffer;
} ANSI_STRING, *PANSI_STRING;

Interesting, Tim, but my tests show that the MSDN info is incorrect; in x64, the size of USHORT is still 16 bits, but that fails miserably with RtlCompareString. It would be interesting to see a C 64-bit example, with an _asm int 3; inserted before the RtlCompareString(). Your turn - as you know, jj is not a C programmer  :bgrin:

jj2007  iam not try to make some malware , is only for education

Bien sur. On attend une description plus détaillée du "projet d'éducation" ;-)
Title: Re: help about native api
Post by: jangogrand on August 11, 2017, 07:50:46 PM
 jj2007  il faut m'aider , c'est pour connaitre utiliser native api c'est tout
Title: Re: help about native api
Post by: jj2007 on August 11, 2017, 08:12:06 PM
Re 64-bit version, this is more correct:
Code: [Select]
Src1a dw 5, 5 ; current len, maxlen
dd ? ; padding
dq Src1
Src1 db "abcde", 0

So it seems the ANSI_STRING structure is, well, QWORD-aligned in x64 8)

Under the hood:
Code: [Select]
000000007771DA18 | 0F B7 31                          | movzx esi, word ptr ds:[rcx]          | 2nd string, current len
000000007771DA1B | 44 0F B7 2A                       | movzx r13d, word ptr ds:[rdx]         | 1st string, current len
000000007771DA1F | 4C 8B 59 08                       | mov r11, qword ptr ds:[rcx+8]         | [rcx+8]:"ABCDE"
000000007771DA23 | 48 8B 5A 08                       | mov rbx, qword ptr ds:[rdx+8]         | [rdx+8]:"abcde"

So, here is a formally correct example for 64-bit land (tested, it works fine):

include \Masm32\MasmBasic\Res\JBasic.inc        ; # 64-bit demo, builds with ML and UAsm #
.data
Src1    db "abcde", 0
Src2    db "ABCDE", 0

ANSI_STRING STRUCT              ; MSDN: Driver Reference (https://msdn.microsoft.com/en-us/library/windows/hardware/ff540605(v=vs.85).aspx)
 _Length        USHORT ?
 MaximumLength  USHORT ?
 Buffer         PCHAR ?
ANSI_STRING ENDS

AnsiString1     ANSI_STRING <5, 5, Src1>
AnsiString2     ANSI_STRING <5, 5, Src2>

Init
  Print Chr$("This code was assembled with ", @AsmUsed$(1), " in ", jbit$, "-bit format", 13, 10, 10)
  jinvoke RtlCompareString, addr AnsiString1, addr AnsiString2, 0
  Print Str$("%i returned\n", rax)
  jinvoke RtlCompareString, addr AnsiString1, addr AnsiString2, 1
  Inkey Str$("%i returned\n", rax)
EndOfCode


Code: [Select]
This code was assembled with ml64 in 64-bit format

32 returned
0 returned

Btw Google shows no sign of life for RtlCompareString, it seems to be the most exotic function on Earth. In which educational context do you want to use it, jango? I am impressed that although you can't push arguments in the right order, you are already studying Kernel mode driver functions (https://msdn.microsoft.com/en-us/library/windows/hardware/ff540605(v=vs.85).aspx) :t
Title: Re: help about native api
Post by: jangogrand on August 11, 2017, 08:22:31 PM
i need it to be able to compare between solder in clone troopers , to attack the galaxy  , you know iam Jango Fett
Title: Re: help about native api
Post by: aw27 on August 11, 2017, 08:44:34 PM
64-bit version

Code: [Select]
; 100% ML64 compliant ASM
; ml64 -c -Zp8 test64.asm
; link /entry:main /SUBSYSTEM:console test64.obj


OPTION Casemap :None

TRUE equ 1

includelib \masm32\lib64\ntdll.lib
RtlCompareString PROTO :ptr,:ptr,:BYTE

includelib \masm32\lib64\msvcrt.lib
printf PROTO :ptr, :vararg

includelib \masm32\lib64\kernel32.lib
ExitProcess proto :dword

_STRING struct
_Length word ?
_Maximumlength word ?
_Buffer qword ?
_STRING ends

.data
s1 db "bcde" ;
s2 db "bulls$" ;
format db 'result: %d',13,10,0

.code

main proc public
LOCAL str1 : _STRING
LOCAL str2 : _STRING

mov str1._Length, LENGTHOF s1
mov str1._Maximumlength, LENGTHOF s1
mov rax, offset s1
mov str1._Buffer, rax

mov str2._Length, LENGTHOF s2
mov str2._Maximumlength, LENGTHOF s2
mov rax, offset s2
mov str2._Buffer, rax

sub rsp, 20h
lea rcx, str1
lea rdx, str2
mov r8, TRUE
call RtlCompareString

lea rcx, format
mov edx, eax

call printf
add rsp, 20h

push 0
call ExitProcess
main endp

end
Title: Re: help about native api
Post by: jj2007 on August 11, 2017, 08:48:09 PM
So you are a gamer (http://starwars.wikia.com/wiki/Jango_Fett) and want to inject a short routine ... oops, that remark was against point 3 of the forum rules (http://masm32.com/board/index.php?topic=4.0) :icon_redface:

Try to keep questions in the legal sphere, and you will get help for your "educational project". Thanks for the project description, it clarifies things and helps to understand that you are not developing
ramsonware

Welcome to the Forum :icon14:
Title: Re: help about native api
Post by: jangogrand on August 11, 2017, 08:57:49 PM
thank you  jj2007 , how many years you are in the field of assembly programming?
Title: Re: help about native api
Post by: jj2007 on August 11, 2017, 09:01:40 PM
thank you  jj2007 , how many years you are in the field of assembly programming?

About 30, but I wasted some years on Motorola's 68000 ;)

Most of us here are pretty old, except José alias aw27.
Title: Re: help about native api
Post by: jangogrand on August 11, 2017, 09:07:15 PM
waw , great  jj2007 , my respect to you
what is you advice to me to mastering assembly , i would like to be able to use assembly to program a operating system
and how mastering windows api ,what books is great .
Title: Re: help about native api
Post by: aw27 on August 11, 2017, 09:09:37 PM
thank you  jj2007 , how many years you are in the field of assembly programming?

About 30, but I wasted some years on Motorola's 68000 ;)

Most of us here are pretty old, except José alias aw27.
You are a kid, 25 years ago I was already teaching ASM in magazines.
http://www.atelierweb.com/downloads/PgAssb1.pdf
Title: Re: help about native api
Post by: jangogrand on August 11, 2017, 09:19:51 PM
great  aw27 and jj2007 you are experts , i hope that you help me and advice me to get knowledge and mastering assembly
thank you
Title: Re: help about native api
Post by: jj2007 on August 11, 2017, 09:47:45 PM
You are a kid, 25 years ago I was already teaching ASM in magazines.

Spooler #17? That must have been around end of 1993, right? Some years earlier, I had already published a book with a very renommated science editor. Not on programming, though; but the book was written with my own self-programmed word processor, graphics included; and screen and printer drivers were written in 100kBytes of absolutely pure lowest level 68k assembly 8)
Title: Re: help about native api
Post by: aw27 on August 11, 2017, 09:58:06 PM
You are a kid, 25 years ago I was already teaching ASM in magazines.
Spooler #17? That must have been around end of 1993, right? Some years earlier, I had already published a book with a very renommated science editor. Not on programming, though; but the book was written with my own self-programmed word processor, graphics included; and screen and printer drivers were written in 100kBytes of absolutely pure lowest level 68k assembly 8)

Some years earlier I had already done lots, I was invited to produce the ASM tutorial for some reason. I believe the first thing I have done after I was born was looking for a keyboard.
Title: Re: help about native api
Post by: hutch-- on August 11, 2017, 10:25:05 PM
Now come on kiddies, no more cat scratching.  :P

Now for jango, "iam not try to make some malware , is only for education"

This sounds like you are not telling us why you want to use this function that is normally only used by device drivers. A string compare is a technically trivial affair, the RTL version outputs standard C design that is also used for sort comparison but there are plenty of string comparison algorithms available, why in particular is a device driver version desirable in this context ? From memory there is a simple API that will do it, certainly a C runtime that will do it and a number of 32 bit assembler algorithms that will do it.

Now I do need an answer here and DO NOT try and feed me bullsh*t as we have heard it all before here many many times.

Title: Re: help about native api
Post by: jangogrand on August 11, 2017, 10:51:08 PM
hutch the answer  is simple , after i have read a book Windows Internals Part 1 (6th Edition) , thei have talk about native api ,  i have no idea about it before so i have try make a native api call , i  chose RtlCompareString  because is simple and have not alot of parameters .
Title: Re: help about native api
Post by: aw27 on August 11, 2017, 11:01:21 PM
I would add that it would be a thrilling experience to do device drivers in ASM.
For example, https://vxlab.info/wasm/print.php-article=drvw2k05.htm

I never did, but have that on schedule.
Title: Re: help about native api
Post by: hutch-- on August 12, 2017, 12:27:11 AM
OK jango,

We will let it run at the moment but make sure there is no nonsense, you are not being victimised here, we have had many over time that were not honest with us and were trying to extract information on how to get privileged access to write illegal software so we must be careful which means shoot first and ask questions later.
Title: Re: help about native api
Post by: jangogrand on August 12, 2017, 12:39:23 AM
hutch ok no problem