Hello,
Security is a complex subject with windows 10.
There is two ways:
* use a manifest in a rc file adding a trustinfo with a requestedExecutionLevel
* add a SECURITY_DESCRIPTOR in a source file.
Here is a translated sample from microsoft lightly modified and commented.
Hi TouEnMasm,
the program does not work for me, the code stops at this stage:
RegCreateKeyEx result 0
and in the debugger it is displayed like this
---------------------------
0H RegCreateKeyEx Failed
---------------------------
The operation completed successfully.
---------------------------
OK
---------------------------
RegCreateKeyEx result 5
This mean that the key must already exist.
The sample had not added an instruction to delet the key at end.
Use regedit to delet HKEY_CURRENT_USER\mykey
to avoid this problem,a little modify is needed,delet the key created with regedit first.
Quote
main proc c ;c or not c test uasm or jwasm
Local error:XMASM
invoke InitSecurity_Descriptor
invoke _getch
;----------------------- to RegDeleteKey work, change right KEY_READ to KEY_ALL_ACCESS in EVERYONE
;mov explicit_access[sizeof EXPLICIT_ACCESS * 0].grfAccessPermissions,KEY_ALL_ACCESS ;accès clé registre
invoke RegDeleteKey,HKEY_CURRENT_USER,TXT("Mykey")
.if eax != ERROR_SUCCESS
invoke RetrouveMessageErreur,TXT("RegDeleteKey Failed")
;jmp cleanup
.endif
mov eax,0
ret
main endp
If the right to Everyone isn't change,RegDeleteKey failed
Ups....
Tmp_File.asm(2) : Error A2106: Cannot open file: "sdk32.inc" [ENOENT]
Tmp_File.asm(3) : Error A2106: Cannot open file: "stdio.sdk" [ENOENT]
Tmp_File.asm(4) : Error A2106: Cannot open file: "conio.sdk" [ENOENT]
Tmp_File.asm(6) : Error A2106: Cannot open file: "accCtrl.sdk" [ENOENT]
Tmp_File.asm(7) : Error A2106: Cannot open file: "aclapi.sdk" [ENOENT]
Tmp_File.asm(43) : Error A2082: Must be in segment block
Eh JJ,
use the translated sdk here http://luce.yves.pagesperso-orange.fr/header.htm (http://luce.yves.pagesperso-orange.fr/header.htm)
with uasm or Jwasm
Wow, a whopping 83MB! But I get the same errors with C:\sdkrc100\projects\security.asm :sad:
So I tried to edit the PATH, and had to add 3 (three!!) of your SDK folders to make it assemble; only to discover that now the linker complains bitterly: oldnames.lib not found.
And that file isn't present in the whole sdkrc folder. Kind of messy, my friend :sad:
P.S.: I found some in various C:\Program Files folders. Always the same errors... has anybody been able to build a project with Yves' SDK?
copied from C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\lib\oldnames.lib
Searching .\OldNames.lib
POLINK: error: Unresolved external symbol '__imp____stdio_common_vfprintf'.
POLINK: error: Unresolved external symbol '__imp____stdio_common_vfprintf_p'.
POLINK: error: Unresolved external symbol '__imp____stdio_common_vfprintf_s'.
POLINK: error: Unresolved external symbol '__imp____stdio_common_vfscanf'.
POLINK: error: Unresolved external symbol '__imp____acrt_iob_func'.
POLINK: error: Unresolved external symbol '__imp____stdio_common_vsprintf'.
POLINK: error: Unresolved external symbol '__imp____stdio_common_vsprintf_p'.
POLINK: error: Unresolved external symbol '__imp____stdio_common_vsnprintf_s'.
POLINK: error: Unresolved external symbol '__imp____stdio_common_vsscanf'.
POLINK: error: Unresolved external symbol '__imp____stdio_common_vsprintf_s'.
POLINK: fatal error: 10 unresolved external(s).
Same with
oldnames.lib C:\Program Files (x86)\Microsoft Visual Studio 14.0\VC\lib 80 kB 9.6.16 21:07 9.6.16 21:07 Object File Library
oldnames.lib C:\Program Files (x86)\Microsoft Visual Studio 14.0\VC\lib\amd64 79 kB 9.6.16 21:10 9.6.16 21:10 Object File Library
oldnames.lib C:\Program Files (x86)\Microsoft Visual Studio 14.0\VC\lib\arm 79 kB 9.6.16 21:11 9.6.16 21:11 Object File Library
oldnames.lib C:\Program Files (x86)\Microsoft Visual Studio 14.0\VC\lib\store 80 kB 9.6.16 21:07 9.6.16 21:07 Object File Library
oldnames.lib C:\Program Files (x86)\Microsoft Visual Studio 14.0\VC\lib\store\amd64 79 kB 9.6.16 21:10 9.6.16 21:10 Object File Library
oldnames.lib C:\Program Files (x86)\Microsoft Visual Studio 14.0\VC\lib\store\arm 79 kB 9.6.16 21:11 9.6.16 21:11 Object File Library
****** vsfprintf is part of the msvcrt.lib or ucrt.lib ,You have an old version of VS and perhaps this one need that you add manually
"includelib msvcrt.lib"
And/or "includelib ucrt.lib"
******** take care also to get the good libraries for X86 or X64
VS 2019 use path in X86 for 32 bits and in X64 for 64 bits.
Your second test use "C:\Program Files (x86)\Microsoft Visual Studio 14.0\VC\lib\amd64" ,it is 64 bits libraries,not good for 32.
Stay with the paths of your first test and add the includelib (original lib not those of the forum package lib).
You can also try to use LINK instead of polink
ucrt is part of Windows Kit
Windows 10 Universal C Runtime (https://www.microsoft.com/en-us/download/details.aspx?id=48234)
https://docs.microsoft.com/en-us/cpp/windows/universal-crt-deployment?view=msvc-160
https://support.microsoft.com/en-us/topic/update-for-universal-c-runtime-in-windows-c0514201-7fe6-95a3-b0a5-287930f3560c
Playing a little with the sample
When adding RegDeleteKey,the function failed with not enough right .
further soluces exist to solve this.For example,force a change of user beginnig an administrator.
For this : detect if the prog is running as admin or not.
If not , run a new instance of the prog as admin and quit
if admin,run the normal proc .
Quote
.data
sModuleFileName db MAX_PATH dup (0)
runas db "runas",0
asAdminMsg db "Running as Administrator!",10,0
.code
manager proc ;
Local hconsole:DWORD,hservice:DWORD,retour:DWORD
mov retour,0
invoke OpenSCManager,0,0,GENERIC_READ OR GENERIC_WRITE OR GENERIC_EXECUTE ;need to be admin to work
mov hservice,eax
.if eax == 0 ;not admin,do it
;invoke GetConsoleWindow
;mov hconsole, eax
;invoke ShowWindow,hconsole,SW_SHOWNORMAL
invoke GetModuleFileName,NULL,addr sModuleFileName,MAX_PATH
invoke ShellExecute,NULL,TXT("runas"),addr sModuleFileName,NULL,NULL,SW_SHOWNORMAL
.if eax <= 32
invoke RetrouveMessageErreur,addr sModuleFileName
.endif
mov retour,1
.else
; Is Administrator
invoke CloseServiceHandle,hservice
invoke printf,addr asAdminMsg
.endif
mov eax,retour
ret
manager endp
Quote from: TouEnMasm on February 04, 2021, 07:14:15 PMYou have an old version of VS
It's not that old, actually :tongue:
QuoteStay with the paths of your first test and add the includelib (original lib not those of the forum package lib).
You can also try to use LINK instead of polink
Doesn't help. Did anybody else succeed in building something with Yves' SDK?
Quote from: jj2007 on February 05, 2021, 04:05:06 AM
Quote from: TouEnMasm on February 04, 2021, 07:14:15 PMYou have an old version of VS
It's not that old, actually :tongue:
QuoteStay with the paths of your first test and add the includelib (original lib not those of the forum package lib).
You can also try to use LINK instead of polink
Doesn't help. Did anybody else succeed in building something with Yves' SDK?
Hi jj2007,
the SDK from TouEnMasm is my favorite over the years, I've compiled the example with no problem:
(https://i.ibb.co/JcZBfqV/Image-Security.jpg)
@TouEnMasm
Do you take the old 10.0.10240.0 MS-SDK as a basis for conversion?! Why do you have such a large file ?! What options did you use while assembling the program?
P.S.
I always had difficulties with drivers, it seems to me that something is missing in the SDK for drivers, of course I can copy the necessary structures, but with nested headers, compilation does not work.
Quote from: LiaoMi on February 05, 2021, 11:00:23 AM
Quote from: jj2007 on February 05, 2021, 04:05:06 AM
Quote from: TouEnMasm on February 04, 2021, 07:14:15 PMYou have an old version of VS
It's not that old, actually :tongue:
QuoteStay with the paths of your first test and add the includelib (original lib not those of the forum package lib).
You can also try to use LINK instead of polink
Doesn't help. Did anybody else succeed in building something with Yves' SDK?
Hi jj2007,
the SDK from TouEnMasm is my favorite over the years, I've compiled the example with no problem:
Lucky you... it seems that it requires a pretty special setup including that behemoth of M$ C compiler. Too complicated for my taste :cool:
For those who don't find the official msvcrt functions who are in msvcrt.lib and ucrt.lib ,I can do nothing.
Take care also if you don't use the sdk32.inc that there is need of the inlines functions (printf..) with numerous sub proc in
\sdkrc100\crt_lib\IX86\release\crt10_32.lib
With those three lib in 32 bits,link is happy.
The complete build envirronnement is here.
Quote
EditMasmIni
Pour les variables d'environnements:
-* l'ancienne variable,si elle existe,est remplacé entièrement
-* chaque chemin s'ajoute,le ; est ajouté
Par défaut,le mot suivant EditMasmIni (en début de ligne) est considéré comme une variable
d'environnement,à moins qu'il ne fasse partie de la liste de mots réservés
EditMasmIni RESERVELISTE
;rien pour l'instant , éventuel futur
EditMasmIni PATH
C:\Program Files (x86)\Microsoft Visual Studio\2019\Community\VC\Tools\MSVC\14.28.29333\bin\Hostx64\x64
C:\Program Files (x86)\Windows Kits\10\bin\10.0.19041.0\x64
H:\uasm64
EditMasmIni PROCESSEUR
IX86
EditMasmIni LIB
C:\Program Files (x86)\Microsoft Visual Studio\2019\Community\VC\Tools\MSVC\14.28.29333\lib\x86
C:\Program Files (x86)\Windows Kits\10\Lib\10.0.19041.0\um\x86
C:\Program Files (x86)\Windows Kits\10\Lib\10.0.19041.0\ucrt\x86
H:\sdkrc100\crt_lib\IX86\release
EditMasmIni INCLUDE
H:\sdkrc100\shared
H:\sdkrc100\um
H:\sdkrc100\VC
C:\Program Files (x86)\Windows Kits\10\Include\10.0.19041.0\um
C:\Program Files (x86)\Windows Kits\10\Include\10.0.19041.0\shared
C:\Program Files (x86)\Windows Kits\10\Include\10.0.19041.0\ucrt
EditMasmIni UASM
/c /coff /nologo /Zp4
EditMasmIni LINK
/NOLOGO /SUBSYSTEM:WINDOWS
EditMasmIni FindeEditMasmIni
For the version of the sdk,It is difficult to answer because I have added some new files that was not on the original and update some others.
With translation,the translated sdk is easy to update partially without problem.
I have keep the originals .h files but there is no version of sdk in them.
Wich file is so large ?
The sample, exe file with added is 12k.
And if it is the include files you find too big,here the size of the include files in the windows sdk 10.0.19041.0 : 323 Mo
But luckily some of us knows what functions are in msvcrt.dll and ucrtbase.dll and can make import libraries for them :thumbsup:
Last chance for those who have an old version of VS.
inline functions are recents (some years),verify that there is none doing this:
put " includelib \sdkrc100\crt_lib\IX86\release\crt10_32.lib" in comment (in the sdk32.inc) ,it is the inlines functions in a library.
add "inludelib msvcrt.lib" if necessary
And if it work,you have a version with no inlines functions.
Quote from: jj2007 on February 05, 2021, 12:07:12 PM
Quote from: LiaoMi on February 05, 2021, 11:00:23 AM
Quote from: jj2007 on February 05, 2021, 04:05:06 AM
Quote from: TouEnMasm on February 04, 2021, 07:14:15 PMYou have an old version of VS
It's not that old, actually :tongue:
QuoteStay with the paths of your first test and add the includelib (original lib not those of the forum package lib).
You can also try to use LINK instead of polink
Doesn't help. Did anybody else succeed in building something with Yves' SDK?
Hi jj2007,
the SDK from TouEnMasm is my favorite over the years, I've compiled the example with no problem:
Lucky you... it seems that it requires a pretty special setup including that behemoth of M$ C compiler. Too complicated for my taste :cool:
Hi jj2007,
no, this is not necessary, you just need to prepare the environment, as elsewhere, you need to correct the file with your default inclusions - "include sdk32.inc", I excluded this file and added my own set of options, this is my habit.
It was before>
include sdk32.inc
include stdio.sdk
include conio.sdk
;include ntifs.sdk
include accCtrl.sdk
include aclapi.sdk
;SdkDdkVer.sdk
;winnt.sdk
;include H:\sdkrc100\um\dbghelp.sdk NTDDI_WIN10_RS5
;include perso32.inc
;includelib perso32.lib
;includelib libucrt.lib
;includelib libcmt.lib
;includelib libcmt.libturned into (Add to the header of the source code (Security.asm))
.686P
.XMM
.model flat,stdcall
option casemap:none
option LITERALS:ON
OPTION FIELDALIGN:16; 1|2|4|8|16|32 - The default value is 1 or the value set by cmdline switch -Zp
include translate32.inc
include windows.inc
include WinUser.inc
include ShlObj.inc
include WinBase.inc
include stdio.inc
include sysinfoapi.inc
include timezoneapi.inc
include stdio.inc
include conio.inc
include accCtrl.inc
include aclapi.inc
includelib crt10_32.lib
includelib ntdll.lib
includelib ntdllp.lib
includelib kernel32.Lib
includelib User32.Lib
includelib ntoskrnl.lib
includelib Advapi32.lib
includelib ucrt.lib
.nolist
.nocref
Next, you need a basic set of lib files, I use from visual studio 2017. After that, define the paths to all this data, I do this through the script (Can be downloaded from the attachment.)
Variables are defined in the Bat script.
REM ************* The following lines can be customized:
set UASM=C:\masm64\bin
set MASM=C:\masm64\bin\HostX64\x64
set INCLUDE=C:\masm64\sdkrc100\um;C:\masm64\sdkrc100\shared;C:\masm64\sdkrc100\VC;
set LIB=C:\masm64\VS2017\Lib\10.0.18362.0\um\x86\;C:\masm64\sdkrc100\crt_lib\IX86\release;C:\masm64\VS2017\Lib\10.0.18362.0\km\x86\;C:\masm64\VC2015CompSDK\lib;C:\masm64\VS2017\Lib\10.0.18362.0\ucrt\x86
REM **************************** End of customized linesAnd, of course, you need linkers from Microsoft :thumbsup:
I forgot to say that I renamed all *.sdk to *.inc extensions, and then through notepad++ corrected the internal links to *.inc file extension.P.S> Attachments don't work
Quote from: TouEnMasm on February 05, 2021, 08:44:57 PM
For those who don't find the official msvcrt functions who are in msvcrt.lib and ucrt.lib ,I can do nothing.
Take care also if you don't use the sdk32.inc that there is need of the inlines functions (printf..) with numerous sub proc in
\sdkrc100\crt_lib\IX86\release\crt10_32.lib
With those three lib in 32 bits,link is happy.
The complete build envirronnement is here.
Quote
EditMasmIni
Pour les variables d'environnements:
-* l'ancienne variable,si elle existe,est remplacé entièrement
-* chaque chemin s'ajoute,le ; est ajouté
Par défaut,le mot suivant EditMasmIni (en début de ligne) est considéré comme une variable
d'environnement,à moins qu'il ne fasse partie de la liste de mots réservés
EditMasmIni RESERVELISTE
;rien pour l'instant , éventuel futur
EditMasmIni PATH
C:\Program Files (x86)\Microsoft Visual Studio\2019\Community\VC\Tools\MSVC\14.28.29333\bin\Hostx64\x64
C:\Program Files (x86)\Windows Kits\10\bin\10.0.19041.0\x64
H:\uasm64
EditMasmIni PROCESSEUR
IX86
EditMasmIni LIB
C:\Program Files (x86)\Microsoft Visual Studio\2019\Community\VC\Tools\MSVC\14.28.29333\lib\x86
C:\Program Files (x86)\Windows Kits\10\Lib\10.0.19041.0\um\x86
C:\Program Files (x86)\Windows Kits\10\Lib\10.0.19041.0\ucrt\x86
H:\sdkrc100\crt_lib\IX86\release
EditMasmIni INCLUDE
H:\sdkrc100\shared
H:\sdkrc100\um
H:\sdkrc100\VC
C:\Program Files (x86)\Windows Kits\10\Include\10.0.19041.0\um
C:\Program Files (x86)\Windows Kits\10\Include\10.0.19041.0\shared
C:\Program Files (x86)\Windows Kits\10\Include\10.0.19041.0\ucrt
EditMasmIni UASM
/c /coff /nologo /Zp4
EditMasmIni LINK
/NOLOGO /SUBSYSTEM:WINDOWS
EditMasmIni FindeEditMasmIni
For the version of the sdk,It is difficult to answer because I have added some new files that was not on the original and update some others.
With translation,the translated sdk is easy to update partially without problem.
I have keep the originals .h files but there is no version of sdk in them.
Wich file is so large ?
The sample, exe file with added is 12k.
And if it is the include files you find too big,here the size of the include files in the windows sdk 10.0.19041.0 : 323 Mo
security.exe = 38,0 KB (38 912 bytes)
My security_20210205_004650 = 10,0 KB (10 240 bytes)
Quote from: LiaoMi on February 05, 2021, 10:14:27 PMyou just need to prepare the environment
The SDK is three times the size of the Masm32 SDK, plus it requires some GB of Visual X? With comments in French?
Way too complicated for my taste, folks. Enjoy what you are doing, but I am not eager to run in circles around Visual Studio to program in Assembly :thumbsup:
Quote from: jj2007 on February 06, 2021, 12:07:41 AM
Quote from: LiaoMi on February 05, 2021, 10:14:27 PMyou just need to prepare the environment
The SDK is three times the size of the Masm32 SDK, plus it requires some GB of Visual X? With comments in French?
Way too complicated for my taste, folks. Enjoy what you are doing, but I am not eager to run in circles around Visual Studio to program in Assembly :thumbsup:
:tongue: This SDK has support for 64 bit systems and unicode encoding out of the box.
You can take the old lib files, but they probably won't cover the modern requirements of Windows 10. And here you can see a huge plus that this SDK has full compatibility with the visual studio. Imagine it's like French flirting with a girl :biggrin: , don't give up, compile with us :eusa_boohoo:
I have added a 64 bits version,in the first post, who allow a choice beetween admin or everyone group (console mode).
+ detection "key already exist"
Only the admin allow to delet the key.
Good play with rights and group.Failed for not enough rights are all reported.