News:

Masm32 SDK description, downloads and other helpful links
Message to All Guests

Main Menu

Are you a valid Masm32 Forum member?

Started by jj2007, August 24, 2013, 12:28:10 AM

Previous topic - Next topic

jj2007

I am trying to find a reliable way to determine if somebody launching my brand new installer is a regular on this Forum or just a script kiddie. My current method invited Dave to google for Visual Basic, so that is probably not a good solution :bgrin:

Attached a little helper that reads some registry values (no, it doesn't write anything - the source is attached). Could you please post results here (or PM me)? I am interested both in boring standard installations and more exotic setups.

Thanks, jj

Example:
### Testing asm files: ###
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asm\UserChoice
Progid=[Applications\qeditor.exe]
HKCU\Software\Classes\Applications\qeditor.exe\shell\open\command
default=["C:\Masm32\qeditor.exe" "%1"]
HKCR\.asm
default=[VCExpress.asm.10.0]
HKCR\VCExpress.asm.10.0\shell\Open\Command
default=["c:\Program Files\Microsoft Visual Studio 10.0\Common7\IDE\VCExpress.exe" /dde]

Magnum


*** Running Microsoft Windows XP ***

### Testing asm files: ###
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asm\UserChoice
Progid=[* failed *]
HKCR\.asm
default=[asm_auto_file]
HKCR\asm_auto_file\shell\Open\Command
default=["C:\masm32\qeditor.exe" "%1"]

### Testing inc files: ###
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inc\UserChoice
Progid=[* failed *]
HKCR\.inc
default=[* failed *]
HKCR\* failed *\shell\Open\Command
default=[* failed *]

### Testing rc files: ###
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rc\UserChoice
Progid=[* failed *]
HKCR\.rc
default=[rc_auto_file]
HKCR\rc_auto_file\shell\Open\Command
default=["C:\masm32\qeditor.exe" "%1"]

### Finding the path for qEditor.exe: ###
HKCU\Software\Microsoft\Windows\CurrentVersion\App Paths\qEditor.exe [* failed *]
HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\qEditor.exe [* failed *]
HKCR\Applications\qEditor.exe\shell\open\command ["C:\masm32\qeditor.exe" "%1"]

### Finding the path for winword.exe: ###
HKCU\Software\Microsoft\Windows\CurrentVersion\App Paths\winword.exe [* failed *]
HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\winword.exe [C:\PROGRA~1\MICROS~2\OFFICE11\WINWORD.EXE]
HKCR\Applications\winword.exe\shell\open\command [* failed *]

Messy, right? Now trying to find the editor elsewhere...

Registry HKCU $edi No luck in HKCU...
Registry HKLM $edi "C:\masm32\qeditor.exe" "%1"
Registry HKCR $edi "C:\masm32\qeditor.exe" "%1"
Registry HKCR $edi "C:\masm32\qeditor.exe" "%1"

FileWrite
$esi C:\MASM32\SOURCE\~tmp23081341.asm
$edi C:\masm32\qeditor.exe

Your Masm32 root    $M32$ C:\masm32\
Your asm files editor $edi C:\masm32\qeditor.exe

-- bye --
Take care,
                   Andy

Ubuntu-mate-18.04-desktop-amd64

http://www.goodnewsnetwork.org

Paulo

jj2007 wrote:
QuoteI am trying to find a reliable way to determine if somebody launching my brand new installer is a regular on this Forum or just a script kiddie.

Interesting idea and I'm intrigued as to why?

Paulo.


jj2007

Quote from: Paulo on August 24, 2013, 04:47:19 AM
jj2007 wrote:
QuoteI am trying to find a reliable way to determine if somebody launching my brand new installer is a regular on this Forum or just a script kiddie.

Interesting idea and I'm intrigued as to why?

It's simply a matter of mutual trust, Paulo. MasmBasic is pretty well tested, but there could be a well-hidden bug somewhere. Members of this forum know that it's assembler, i.e. only 99.5% foolproof ;-)
Therefore I prefer that it gets installed by members only.

@Andy: Thanks for the test - you will not be sent googling for Visual Basic :biggrin:

Here is my notebook's result:*** Running Microsoft Windows XP ***

### Testing asm files: ###
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asm\UserChoice

Progid=[* failed *]
HKCR\.asm
default=[Assembler_source_code]
HKCR\Assembler_source_code\shell\Open\Command
default=[* failed *]

### Testing inc files: ###
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inc\UserChoice

Progid=[* failed *]
HKCR\.inc
default=[Assembler_source_code]
HKCR\Assembler_source_code\shell\Open\Command
default=[* failed *]

### Testing rc files: ###
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rc\UserChoice
Progid=[* failed *]
HKCR\.rc
default=[rc_auto_file]
HKCR\rc_auto_file\shell\Open\Command
default=[* failed *]

### Finding the path for qEditor.exe: ###
HKCU\Software\Microsoft\Windows\CurrentVersion\App Paths\qEditor.exe    [* faile
d *]
HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\qEditor.exe    [* faile
d *]
HKCR\Applications\qEditor.exe\shell\open\command        ["D:\masm32\qeditor.exe"
"%1"]

### Finding the path for winword.exe: ###
HKCU\Software\Microsoft\Windows\CurrentVersion\App Paths\winword.exe    [* faile
d *]
HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\winword.exe    [C:\PROG
RA~1\MICROS~2\OFFICE11\WINWORD.EXE]
HKCR\Applications\winword.exe\shell\open\command        [* failed *]

Messy, right? Now trying to find the editor elsewhere...

Registry HKCU   $edi            No luck in HKCU...
Registry HKLM   $edi            No luck in HKLM...
Registry HKCR   $edi            No luck in HKCR...
Registry HKCR   $edi            No luck in HKCR...

FileWrite
$esi            C:\DOCUME~1\USER\DOCUME~1\DOWNLO~1\~tmp23082111.asm
$edi            D:\masm32\qeditor.exe

Your Masm32 root        $M32$           D:\masm32\
Your asm files editor   $edi            D:\masm32\qeditor.exe


Note the innovative way the boys in Redmond designed the WinWord path (XP and Win7):
[C:\PROGRA~1\MICROS~2\OFFICE11\WINWORD.EXE]

Does somebody have Windows 8 with WinWord?

Paulo

OK I understand but unless you intend to keep the source code of the installer closed source, what is stopping a non member
simply editing out the checking part and recompile from source?
(and even then a bit of Olly and IDA can reveal a lot).

Checking for member names also might not work as expected as anyone could............[rest censored]  :biggrin:

I know that some forums have a feature that certain areas/topics will not show unless one is logged on and hence a member.
If this forum has that capability and if Hutch is willing to help out by setting it up, you could simply move your download there.

Paulo.

jj2007

Quote from: Paulo on August 24, 2013, 05:20:31 AM
OK I understand but unless you intend to keep the source code of the installer closed source, what is stopping a non member simply editing out the checking part and recompile from source?
(and even then a bit of Olly and IDA can reveal a lot).

The installer will be open source but inside the package ;-)

Seriously: There is no full protection. It's just for fun - today I learned an awful lot about the registry, and fixed a few issues with GetRegVal.

My next project is accessing the user's webcam, so that I can send back screenshots of script kiddie's face when he is being sent to google for VB :greensml:

Paulo

jj2007 wrote:
QuoteMy next project is accessing the user's webcam, so that I can send back screenshots of script kiddie's face when he is being sent to google for VB :greensml:
Twain driver anyone?  ;)

Have a look at this: http://flatassembler.net/examples/fasmcam.zip
In Fasm but should be do-able in MASM.

jj2007

Quote from: Paulo on August 24, 2013, 06:05:23 AM
Have a look at this: http://flatassembler.net/examples/fasmcam.zip
In Fasm but should be do-able in MASM.

Looks feasible. I wonder if FASM adds the zero delimiter automatically:
  _camtitle                    db 'FASMWEBCAM'

Antariy

Quote from: jj2007 on August 24, 2013, 05:09:41 AM
Progid=[* failed *]
HKCR\.asm
default=[Assembler_source_code]
HKCR\Assembler_source_code\shell\Open\Command
default=[* failed *]

Interesting, what about, in this case, searching in HKCR\.asm\Shell\Open\Command ?

Paulo

#9
jj2007 wrote:

Quote
Looks feasible. I wonder if FASM adds the zero delimiter automatically:
  _camtitle                    db 'FASMWEBCAM'
and also here:
_filename  db 'IMAGE.BMP'    ; Filename

Good point.
Perhaps the "invoke" of Fasm automatically zero terminates?

EDIT:

Did some more checking with other Fasm examples and I suspect it's a mistake and it should be zero terminated in the code.
Look at lines 292 to 302 of the asm file in this example:   
http://flatassembler.net/examples/quetannon.zip

EDIT:

Decided to run the webcam exe supplied in the zip thru a hex editor and sure enough no zeros.
Don't have a webcam connected to this PC so can't test.



It turns out that there is a null at offset 0413h so the app might not crash but might also not get the desired result
especially when calling:
capCreateCaptureWindow, _camtitle, WS_VISIBLE + WS_CHILD, 10, 10, 266, 252, [hdlg], 0
:biggrin:

jj2007

Quote from: Antariy on August 24, 2013, 08:02:07 AM
Interesting, what about, in this case, searching in HKCR\.asm\Shell\Open\Command ?

No such key in my two puters, Alex, only useless
HKEY_CLASSES_ROOT\.asm\OpenWithProgids
HKEY_CLASSES_ROOT\.asm\PersistentHandler

IdrëamofMasm

Hi JJ2007,  I'm new to MASM. 
Here are my results from running your program...

My qEditor.exe is located in "C:\masm32\qEditor.exe"

For some reason it does not show up in HKCU\Software\Microsoft\Windows\CurrentVersion\App Paths\qEditor.exe
I don't know why.  :(

*** Running Windows 7 Ultimate ***

### Testing asm files: ###
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asm\UserChoice
Progid=[* failed *]
HKCR\.asm
default=[VCExpress.asm.10.0]
HKCR\VCExpress.asm.10.0\shell\Open\Command
default=["c:\Microsoft Visual Studio 10.0\Common7\IDE\VCExpress.exe" /dde]

### Testing inc files: ###
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inc\UserChoice
Progid=[* failed *]
HKCR\.inc
default=[ClPhpEd.Files]
HKCR\ClPhpEd.Files\shell\Open\Command
default=["C:\editors\CodelobsterPHPEdition\ClPhpEd.exe" "%1"]

### Testing rc files: ###
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rc\UserChoice
Progid=[* failed *]
HKCR\.rc
default=[DevCpp.rc]
HKCR\DevCpp.rc\shell\Open\Command
default=[C:\programming\Dev-Cpp\devcpp.exe "%1"]

### Finding the path for qEditor.exe: ###
HKCU\Software\Microsoft\Windows\CurrentVersion\App Paths\qEditor.exe [* failed *]
HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\qEditor.exe [* failed *]
HKCR\Applications\qEditor.exe\shell\open\command [* failed *]

### Finding the path for winword.exe: ###
HKCU\Software\Microsoft\Windows\CurrentVersion\App Paths\winword.exe [* failed *]
HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\winword.exe [* failed *]
HKCR\Applications\winword.exe\shell\open\command [* failed *]

Messy, right? Now trying to find the editor elsewhere...

Registry HKCU $edi No luck in HKCU...
Registry HKLM $edi No luck in HKLM...
Registry HKCR $edi No luck in HKCR...
Registry HKCR $edi No luck in HKCR...

FileWrite
$esi C:\masm32\examples\~tmp10091107.asm
$edi c:\Microsoft Visual Studio 10.0\Common7\IDE\VCExpress.exe

-- Good-bye --
   :t

jj2007

Quote from: IdrëamofMasm on September 11, 2013, 04:26:24 AM
Hi JJ2007,  I'm new to MASM. 
Here are my results from running your program...

My qEditor.exe is located in "C:\masm32\qEditor.exe"

For some reason it does not show up in HKCU\Software\Microsoft\Windows\CurrentVersion\App Paths\qEditor.exe
I don't know why.  :(

Hi IdrëamofMasm,

Welcome to the Forum :icon14:

This thread was a test for the MasmBasic installer, and there are indeed cases where it fails miserably. In theory, qEditor should show up as exe for *.asm files after the Masm32 installation, but it seems VS has some special powers inherited by the OS :icon_mrgreen:

Don't worry, even with VS you can be a valid Masm32 Forum memberTM. Although it's a terrible overkill, of course... and slooooooow :P

japheth

Quote from: jj2007 on September 11, 2013, 04:52:12 AM
Don't worry, even with VS you can be a valid Masm32 Forum memberTM

What is a "Masm32 Forum member"? AFAICS this forum calls itself The MASM Forum. There's a Masm32 sub-forum inside the "projects" group, but I'm unaware that there's a special membership required for it.

jj2007

Andreas,

You got a point there. One could argue, of course, if a private non-Microsoft site can claim to be "the" Masm Forum, but in terms of Google presence it is indeed "the" Masm site, before Wikipedia and Microsoft's own site (yes, the dangerous one that merciless consumes your sources).

Of course, Hutch may have his own thoughts... ;)