Author Topic: Examples for Win64 Iczelion tutorial  (Read 52820 times)

hutch--

  • Administrator
  • Member
  • ******
  • Posts: 4922
  • Mnemonic Driven API Grinder
    • The MASM32 SDK
Re: Examples for Win64 Iczelion tutorial
« Reply #165 on: January 09, 2017, 12:23:25 PM »
Its a big task Jack, you start from either the root directory or a directory of your choice and recursively read up and down each directory tree storing the file and directory names. Unless you want to write a large and complex backup application, do yourself a favour and buy WinRar or something similar as you can scan and save large blocks of file/directory data and plonk it all into either a RAR or ZIP file. You can also set the option to make a self extracting EXE file with it.

I think you can download 7zip for free but from memory its interface is a bit complicated.
hutch at movsd dot com
http://www.masm32.com    :biggrin:  :biggrin:

Mikl__

  • Member
  • ****
  • Posts: 554
Re: Examples for Win64 Iczelion tutorial
« Reply #166 on: March 16, 2017, 01:39:45 PM »
Tiny MessageBox x64 without import in FASM
We write an auxiliary program in MASM that will show the addresses of functions LoadLibraryA and MessageBoxA
Code: [Select]
include win64a.inc
.data             
MsgBoxText      db 50 dup(0)
MsgCaption      db "Win64 Iczelion's lesson #2: MessageBox",0
fmt db "MessageBox = %Xh",10,"LoadLibrary = %Xh",0
FunctionName db "MessageBoxA",0
LibName db "user32.dll",0
.code
WinMain proc
sub esp,28h
mov r9,LoadLibrary
mov r8,MessageBox
lea rdx,fmt
lea rcx,MsgBoxText
invoke wsprintf
        lea rdx,MsgBoxText
lea r8,MsgCaption
invoke MessageBox,NULL,,,MB_OK
invoke ExitProcess,0
WinMain endp
end
Then, using FASM, we write the following program, where we substitute the found function addresses and write tiny MessageBox without import
Code: [Select]
format binary as "exe"
include "win64a.inc"
struc dbs [data]
{
  common
  . db data
  .size = $ - .
}

IMAGE_DOS_SIGNATURE equ 5A4Dh
IMAGE_NT_SIGNATURE equ 00004550h
PROCESSOR_AMD_X8664 equ 8664h
IMAGE_SCN_CNT_CODE equ 00000020h
IMAGE_SCN_MEM_WRITE equ 80000000h
IMAGE_SCN_MEM_READ equ 40000000h
IMAGE_SCN_CNT_INITIALIZED_DATA equ 00000040h
IMAGE_SUBSYSTEM_WINDOWS_GUI equ 2
IMAGE_NT_OPTIONAL_HDR64_MAGIC equ 20Bh
IMAGE_FILE_RELOCS_STRIPPED equ 1
IMAGE_FILE_EXECUTABLE_IMAGE equ 2
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE equ 0x8000
IMAGE_BASE equ 0x400000
;align1 equ 4
use64
org 0
;--------DOS-stub-------------------------------
Signature dw IMAGE_DOS_SIGNATURE,0
;-------PE-header--------------------------------------------------
ntHeader dd IMAGE_NT_SIGNATURE
;image_header------------------------------------
Machine dw PROCESSOR_AMD_X8664;CPU Type
Count_of_section dw 0;Number of sections
TimeStump dd 0;Information about the time when the PE-file was compiled
Symbol_table_offset dd 0;A pointer to the size of debug information
Symbol_table_count dd 0;A pointer to the COFF symbol table-PE-format
Size_of_optional_header dw begin-optional_header;The size of optional header
Characteristics dw IMAGE_FILE_RELOCS_STRIPPED or IMAGE_FILE_EXECUTABLE_IMAGE;file attributes
;-------Standard field NT-----------------
optional_header:
Magic_optional_header dw IMAGE_NT_OPTIONAL_HDR64_MAGIC;Status Display File
Linker_version_major_and_minor dw 10;Contain the linker version that created the file
Size_of_code dd end_import - begin;The total size of the code sections
Size_of_init_data dd 0;The total size of initialized data
Size_of_uninit_data dd 0;The total size of uninitialized data
entry_point dd start
base_of_code dd begin
;------Additional fields NT------------------------------
image_base dq IMAGE_BASE
section_alignment dd 4
file_alignment dd ntHeader
OS_version_major_minor dw 5,2
image_version_major_minor dd 0
subsystem_version_major_minor dw 5,2
Win32_version dd 0
size_of_image dd end_import
size_of_header dd begin
checksum dd 0
subsystem dw IMAGE_SUBSYSTEM_WINDOWS_GUI
DLL_flag dw IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE + 100h;
Stack_allocation dq 0x100000
Stack_commit dq 0x1000
Heap_allocation dq 0x100000
Heap_commit dq 0x1000
loader_flag dd 0
number_of_dirs dd 0
;--------code and data------------------------------
begin:
MsgBoxText dbs "Win64 Assembly is Great!",0
MsgCaption db "Win64 Iczelion's lesson #2: MessageBox",0
user32_dll db "user32",0
start:
sub esp,28h
mov ecx,user32_dll+IMAGE_BASE
mov eax,778C6510h; Attention!!! Your function address is different
call rax;call [LoadLibrary]
mov edx,MsgBoxText+IMAGE_BASE
lea r8,[rdx+MsgBoxText.size]
xor ecx,ecx
xor r9d,r9d
mov eax,77A41304h; Attention!!! Your function address is different
call rax;call [MessageBox]
add esp,28h
retn
times 268-$ db 0  ;filling up to 268 bytes
« Last Edit: March 16, 2017, 04:25:58 PM by Mikl__ »

Mikl__

  • Member
  • ****
  • Posts: 554
Re: Examples for Win64 Iczelion tutorial
« Reply #167 on: March 18, 2017, 04:54:29 AM »
It is possible and here so
Code: [Select]
start:
sub esp,28h
mov ecx,user32_dll+IMAGE_BASE
db 0E8h
dd 778C6510h-IMAGE_BASE-$-4;call [LoadLibrary]
mov edx,MsgBoxText+IMAGE_BASE
lea r8,[rdx+MsgBoxText.size]
xor ecx,ecx
xor r9d,r9d
db 0E8h
dd 77A41304h-IMAGE_BASE-$-4;call [MessageBox]
add esp,28h
retn
« Last Edit: March 18, 2017, 01:45:39 PM by Mikl__ »

Mikl__

  • Member
  • ****
  • Posts: 554
Re: Examples for Win64 Iczelion tutorial
« Reply #168 on: May 13, 2017, 06:26:03 PM »
Hi, All!
I decided to rewrite "Examples for Win64 Iczelion tutorial" as it were a parody of "The Tales of Uncle Remus about Brother Rabbit". If interested, I can spread those parts that do not require translation into Russian. I'm trying to remake the 14th lesson of Iczelion
Code: [Select]
; GUI #
include win64a.inc
MI_PROCESS_CREATE equ 1
MI_PROCESS_TERMINATE equ 2
MI_EXIT equ 3
IDR_MAINMENU equ 30

.code
WinMain proc
local msg:MSG

      xor ebx,ebx

mov edi,offset ClassName
mov esi,IMAGE_BASE
mov ecx,offset FileName
invoke LoadCursorFromFile
push rax ;hIconSm
push rdi ;lpszClassName
push IDR_MAINMENU;lpszMenuName
push COLOR_WINDOW;hbrBackground
push 10003h ;hCursor
push rax        ;hIcon
push rsi ;hInstance
push rbx        ;cbClsExtra & cbWndExtra
pushaddr WndProc;lpfnWndProc
push sizeof WNDCLASSEX;cbSize & style
invoke RegisterClassEx,esp ;addr WNDCLASSEX
push rbx
push rsi ;rsi=400000h
shl esi,9 ;rsi=CW_USEDEFAULT
push rbx
push rbx
push rsi
push rsi
push rsi
push rsi
sub esp,20h
    invoke CreateWindowEx,WS_EX_CLIENTEDGE,edi,edi,WS_OVERLAPPEDWINDOW or WS_VISIBLE
invoke GetMenu,eax
mov hMenu,rax
    lea edi,msg
@@:   invoke GetMessage,edi,0,0,0
invoke DispatchMessage,edi
      jmp @b
WinMain endp

WndProc proc hWnd:HWND, uMsg:UINT, wParam:WPARAM, lParam:LPARAM

local progStartInfo:STARTUPINFO

      mov edi,offset processInfo
mov esi,offset proExitCode
mov hWnd,rcx
      mov wParam,r8
      mov lParam,r9

      cmp  edx,WM_DESTROY
      je   wmDESTROY
      cmp  edx,WM_COMMAND
      je   wmCOMMAND
      cmp  edx,WM_INITMENUPOPUP
je   wmINITMENUPOPUP
      leave
      jmp DefWindowProc

wmDESTROY:invoke ExitProcess,NULL
wmINITMENUPOPUP:invoke GetExitCodeProcess,[rdi+PROCESS_INFORMATION.hProcess],esi
or eax,eax
jz @f;GetExitCodeProcess_TRUE
cmp dword ptr [rsi],STILL_ACTIVE;cmp     [proExitCode],STILL_ACTIVE
jne @f;     GetExitCodeProcess_STILL_ACTIVE
xor r9d,r9d;MF_ENABLED
mov r8d,MF_GRAYED
jmp @0
@@: mov r9d,MF_GRAYED
xor r8d,r8d;MF_ENABLED
@0: invoke EnableMenuItem,hMenu,0;MI_PROCESS_CREATE
      invoke EnableMenuItem,hMenu,MI_PROCESS_TERMINATE,MF_ENABLED,MF_GRAYED
      jmp wmBYE
wmCOMMAND:movzx eax,word ptr wParam
      or r9,r9 ;cmp lParam,0
jnz wmBYE
cmp rax,MI_EXIT
ja  wmBYE
jmp  [menu_handlers+rax*8]

PROCESS_CREATE:cmp [rdi+PROCESS_INFORMATION.hProcess],rbx
je pi_hProcess_IS_0
invoke CloseHandle,[rdi+PROCESS_INFORMATION.hProcess]
mov [rdi+PROCESS_INFORMATION.hProcess],rbx
pi_hProcess_IS_0:
lea esi,progStartInfo
invoke GetStartupInfo,esi
mov edx,offset progName;command line
invoke CreateProcess,0,,0,0,0,NORMAL_PRIORITY_CLASS,0,0,rsi,rdi ;receives PROCESS_INFORMATION
invoke CloseHandle,[rdi+PROCESS_INFORMATION.hThread]
invoke Sleep,20600
invoke TerminateProcess,[rdi+PROCESS_INFORMATION.hProcess],0
invoke CloseHandle,[rdi+PROCESS_INFORMATION.hProcess]
mov [rdi+PROCESS_INFORMATION.hProcess],rbx;0
        jmp wmBYE
TERMINATE:invoke GetExitCodeProcess,[rdi+PROCESS_INFORMATION.hProcess],esi;proExitCode
cmp dword ptr [rsi],STILL_ACTIVE
jne proExitCode_NOT_STILL_ACTIVE;a4;
invoke TerminateProcess,[rdi+PROCESS_INFORMATION.hProcess],0
proExitCode_NOT_STILL_ACTIVE:
invoke CloseHandle,[rdi+PROCESS_INFORMATION.hProcess]
mov [rdi+PROCESS_INFORMATION.hProcess],rbx;0
        jmp wmBYE

EXIT: ;ax=MI_EXIT
        invoke DestroyWindow
wmBYE:  leave
        retn
menu_handlers dq wmBYE,PROCESS_CREATE, TERMINATE, EXIT
WndProc endp
;---------------------------------------
ClassName       db 'Uncle Remus tales:#14 Process',0
hMenu dq ?
proExitCode dq ?;process exit code
progName db '"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" ';,0
arg db '"E:\Uncle Remus tales\37\37c\movie3.wmv"',0
FileName db "br_Rabbit3.cur",0
processInfo PROCESS_INFORMATION <>
end
rc-file
Code: [Select]
#define MI_PROCESS_CREATE 1
#define MI_PROCESS_TERMINATE 2
#define MI_EXIT 3
#define IDR_MAINMENU 30
IDR_MAINMENU MENU
{
POPUP "&Process"
        {
         MENUITEM "&Create Process",MI_PROCESS_CREATE
         MENUITEM "&Terminate Process",MI_PROCESS_TERMINATE,GRAYED
         MENUITEM SEPARATOR
         MENUITEM "E&xit",MI_EXIT
        }
}
In order for the application to close the process, I specify the fragment length in 20,000 milliseconds, and how to find out the actual duration of the file-wmv, please tell me or close process when wmv-file is finished?

HankAsm

  • Regular Member
  • *
  • Posts: 1
Re: Examples for Win64 Iczelion tutorial
« Reply #169 on: September 26, 2017, 04:59:46 AM »
Thanks for the info!