News:

Masm32 SDK description, downloads and other helpful links
Message to All Guests

Main Menu

Examples for Win64 Iczelion tutorial

Started by Mikl__, April 30, 2015, 03:14:46 PM

Previous topic - Next topic

hutch--

Its a big task Jack, you start from either the root directory or a directory of your choice and recursively read up and down each directory tree storing the file and directory names. Unless you want to write a large and complex backup application, do yourself a favour and buy WinRar or something similar as you can scan and save large blocks of file/directory data and plonk it all into either a RAR or ZIP file. You can also set the option to make a self extracting EXE file with it.

I think you can download 7zip for free but from memory its interface is a bit complicated.

Mikl__

#166
Tiny MessageBox x64 without import in FASM
We write an auxiliary program in MASM that will show the addresses of functions LoadLibraryA and MessageBoxA
include win64a.inc
.data             
MsgBoxText      db 50 dup(0)
MsgCaption      db "Win64 Iczelion's lesson #2: MessageBox",0
fmt db "MessageBox = %Xh",10,"LoadLibrary = %Xh",0
FunctionName db "MessageBoxA",0
LibName db "user32.dll",0
.code
WinMain proc
sub esp,28h
mov r9,LoadLibrary
mov r8,MessageBox
lea rdx,fmt
lea rcx,MsgBoxText
invoke wsprintf
        lea rdx,MsgBoxText
lea r8,MsgCaption
invoke MessageBox,NULL,,,MB_OK
invoke ExitProcess,0
WinMain endp
end
Then, using FASM, we write the following program, where we substitute the found function addresses and write tiny MessageBox without importformat binary as "exe"
include "win64a.inc"
struc dbs [data]
{
  common
  . db data
  .size = $ - .
}

IMAGE_DOS_SIGNATURE equ 5A4Dh
IMAGE_NT_SIGNATURE equ 00004550h
PROCESSOR_AMD_X8664 equ 8664h
IMAGE_SCN_CNT_CODE equ 00000020h
IMAGE_SCN_MEM_WRITE equ 80000000h
IMAGE_SCN_MEM_READ equ 40000000h
IMAGE_SCN_CNT_INITIALIZED_DATA equ 00000040h
IMAGE_SUBSYSTEM_WINDOWS_GUI equ 2
IMAGE_NT_OPTIONAL_HDR64_MAGIC equ 20Bh
IMAGE_FILE_RELOCS_STRIPPED equ 1
IMAGE_FILE_EXECUTABLE_IMAGE equ 2
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE equ 0x8000
IMAGE_BASE equ 0x400000
;align1 equ 4
use64
org 0
;--------DOS-stub-------------------------------
Signature dw IMAGE_DOS_SIGNATURE,0
;-------PE-header--------------------------------------------------
ntHeader dd IMAGE_NT_SIGNATURE
;image_header------------------------------------
Machine dw PROCESSOR_AMD_X8664;CPU Type
Count_of_section dw 0;Number of sections
TimeStump dd 0;Information about the time when the PE-file was compiled
Symbol_table_offset dd 0;A pointer to the size of debug information
Symbol_table_count dd 0;A pointer to the COFF symbol table-PE-format
Size_of_optional_header dw begin-optional_header;The size of optional header
Characteristics dw IMAGE_FILE_RELOCS_STRIPPED or IMAGE_FILE_EXECUTABLE_IMAGE;file attributes
;-------Standard field NT-----------------
optional_header:
Magic_optional_header dw IMAGE_NT_OPTIONAL_HDR64_MAGIC;Status Display File
Linker_version_major_and_minor dw 10;Contain the linker version that created the file
Size_of_code dd end_import - begin;The total size of the code sections
Size_of_init_data dd 0;The total size of initialized data
Size_of_uninit_data dd 0;The total size of uninitialized data
entry_point dd start
base_of_code dd begin
;------Additional fields NT------------------------------
image_base dq IMAGE_BASE
section_alignment dd 4
file_alignment dd ntHeader
OS_version_major_minor dw 5,2
image_version_major_minor dd 0
subsystem_version_major_minor dw 5,2
Win32_version dd 0
size_of_image dd end_import
size_of_header dd begin
checksum dd 0
subsystem dw IMAGE_SUBSYSTEM_WINDOWS_GUI
DLL_flag dw IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE + 100h;
Stack_allocation dq 0x100000
Stack_commit dq 0x1000
Heap_allocation dq 0x100000
Heap_commit dq 0x1000
loader_flag dd 0
number_of_dirs dd 0
;--------code and data------------------------------
begin:
MsgBoxText dbs "Win64 Assembly is Great!",0
MsgCaption db "Win64 Iczelion's lesson #2: MessageBox",0
user32_dll db "user32",0
start:
sub esp,28h
mov ecx,user32_dll+IMAGE_BASE
mov eax,778C6510h; Attention!!! Your function address is different
call rax;call [LoadLibrary]
mov edx,MsgBoxText+IMAGE_BASE
lea r8,[rdx+MsgBoxText.size]
xor ecx,ecx
xor r9d,r9d
mov eax,77A41304h; Attention!!! Your function address is different
call rax;call [MessageBox]
add esp,28h
retn
times 268-$ db 0  ;filling up to 268 bytes

Mikl__

#167
It is possible and here so
start:
sub esp,28h
mov ecx,user32_dll+IMAGE_BASE
db 0E8h
dd 778C6510h-IMAGE_BASE-$-4;call [LoadLibrary]
mov edx,MsgBoxText+IMAGE_BASE
lea r8,[rdx+MsgBoxText.size]
xor ecx,ecx
xor r9d,r9d
db 0E8h
dd 77A41304h-IMAGE_BASE-$-4;call [MessageBox]
add esp,28h
retn

Mikl__

Hi, All!
I decided to rewrite "Examples for Win64 Iczelion tutorial" as it were a parody of "The Tales of Uncle Remus about Brother Rabbit". If interested, I can spread those parts that do not require translation into Russian. I'm trying to remake the 14th lesson of Iczelion; GUI #
include win64a.inc
MI_PROCESS_CREATE equ 1
MI_PROCESS_TERMINATE equ 2
MI_EXIT equ 3
IDR_MAINMENU equ 30

.code
WinMain proc
local msg:MSG

      xor ebx,ebx

mov edi,offset ClassName
mov esi,IMAGE_BASE
mov ecx,offset FileName
invoke LoadCursorFromFile
push rax ;hIconSm
push rdi ;lpszClassName
push IDR_MAINMENU;lpszMenuName
push COLOR_WINDOW;hbrBackground
push 10003h ;hCursor
push rax        ;hIcon
push rsi ;hInstance
push rbx        ;cbClsExtra & cbWndExtra
pushaddr WndProc;lpfnWndProc
push sizeof WNDCLASSEX;cbSize & style
invoke RegisterClassEx,esp ;addr WNDCLASSEX
push rbx
push rsi ;rsi=400000h
shl esi,9 ;rsi=CW_USEDEFAULT
push rbx
push rbx
push rsi
push rsi
push rsi
push rsi
sub esp,20h
    invoke CreateWindowEx,WS_EX_CLIENTEDGE,edi,edi,WS_OVERLAPPEDWINDOW or WS_VISIBLE
invoke GetMenu,eax
mov hMenu,rax
    lea edi,msg
@@:   invoke GetMessage,edi,0,0,0
invoke DispatchMessage,edi
      jmp @b
WinMain endp

WndProc proc hWnd:HWND, uMsg:UINT, wParam:WPARAM, lParam:LPARAM

local progStartInfo:STARTUPINFO

      mov edi,offset processInfo
mov esi,offset proExitCode
mov hWnd,rcx
      mov wParam,r8
      mov lParam,r9

      cmp  edx,WM_DESTROY
      je   wmDESTROY
      cmp  edx,WM_COMMAND
      je   wmCOMMAND
      cmp  edx,WM_INITMENUPOPUP
je   wmINITMENUPOPUP
      leave
      jmp DefWindowProc

wmDESTROY:invoke ExitProcess,NULL
wmINITMENUPOPUP:invoke GetExitCodeProcess,[rdi+PROCESS_INFORMATION.hProcess],esi
or eax,eax
jz @f;GetExitCodeProcess_TRUE
cmp dword ptr [rsi],STILL_ACTIVE;cmp     [proExitCode],STILL_ACTIVE
jne @f;     GetExitCodeProcess_STILL_ACTIVE
xor r9d,r9d;MF_ENABLED
mov r8d,MF_GRAYED
jmp @0
@@: mov r9d,MF_GRAYED
xor r8d,r8d;MF_ENABLED
@0: invoke EnableMenuItem,hMenu,0;MI_PROCESS_CREATE
      invoke EnableMenuItem,hMenu,MI_PROCESS_TERMINATE,MF_ENABLED,MF_GRAYED
      jmp wmBYE
wmCOMMAND:movzx eax,word ptr wParam
      or r9,r9 ;cmp lParam,0
jnz wmBYE
cmp rax,MI_EXIT
ja  wmBYE
jmp  [menu_handlers+rax*8]

PROCESS_CREATE:cmp [rdi+PROCESS_INFORMATION.hProcess],rbx
je pi_hProcess_IS_0
invoke CloseHandle,[rdi+PROCESS_INFORMATION.hProcess]
mov [rdi+PROCESS_INFORMATION.hProcess],rbx
pi_hProcess_IS_0:
lea esi,progStartInfo
invoke GetStartupInfo,esi
mov edx,offset progName;command line
invoke CreateProcess,0,,0,0,0,NORMAL_PRIORITY_CLASS,0,0,rsi,rdi ;receives PROCESS_INFORMATION
invoke CloseHandle,[rdi+PROCESS_INFORMATION.hThread]
invoke Sleep,20600
invoke TerminateProcess,[rdi+PROCESS_INFORMATION.hProcess],0
invoke CloseHandle,[rdi+PROCESS_INFORMATION.hProcess]
mov [rdi+PROCESS_INFORMATION.hProcess],rbx;0
        jmp wmBYE
TERMINATE:invoke GetExitCodeProcess,[rdi+PROCESS_INFORMATION.hProcess],esi;proExitCode
cmp dword ptr [rsi],STILL_ACTIVE
jne proExitCode_NOT_STILL_ACTIVE;a4;
invoke TerminateProcess,[rdi+PROCESS_INFORMATION.hProcess],0
proExitCode_NOT_STILL_ACTIVE:
invoke CloseHandle,[rdi+PROCESS_INFORMATION.hProcess]
mov [rdi+PROCESS_INFORMATION.hProcess],rbx;0
        jmp wmBYE

EXIT: ;ax=MI_EXIT
        invoke DestroyWindow
wmBYE:  leave
        retn
menu_handlers dq wmBYE,PROCESS_CREATE, TERMINATE, EXIT
WndProc endp
;---------------------------------------
ClassName       db 'Uncle Remus tales:#14 Process',0
hMenu dq ?
proExitCode dq ?;process exit code
progName db '"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" ';,0
arg db '"E:\Uncle Remus tales\37\37c\movie3.wmv"',0
FileName db "br_Rabbit3.cur",0
processInfo PROCESS_INFORMATION <>
end
rc-file#define MI_PROCESS_CREATE 1
#define MI_PROCESS_TERMINATE 2
#define MI_EXIT 3
#define IDR_MAINMENU 30
IDR_MAINMENU MENU
{
POPUP "&Process"
        {
         MENUITEM "&Create Process",MI_PROCESS_CREATE
         MENUITEM "&Terminate Process",MI_PROCESS_TERMINATE,GRAYED
         MENUITEM SEPARATOR
         MENUITEM "E&xit",MI_EXIT
        }
}
In order for the application to close the process, I specify the fragment length in 20,000 milliseconds, and how to find out the actual duration of the file-wmv, please tell me or close process when wmv-file is finished?


zedd151

Wow, Mikl__ that's some collection that you have here.

I can see I will be spending a lot of time in this thread. Thanks for the link.

:t

Tousando

#171
"Tutorial 10c: CreateDialogParam+WndProc+Class" doesn't work if I add the class in the resource file (RC).

First of all thank you very much for the great work you are doing and allow to download the examples.

In the original Izcelion tutorial, a class (DLGCLASS) is added to the resource file but in your example you don't write that class. This is your code:

IDC_DIALOG DIALOG 10, 10, 205, 60
STYLE 0x0004 | DS_CENTER | WS_CAPTION | WS_MINIMIZEBOX |
WS_SYSMENU | WS_VISIBLE | WS_OVERLAPPED | DS_MODALFRAME | DS_3DLOOK
CAPTION "Tutorial 10c: CreateDialogParam+WndProc+Class"
MENU IDC_MENU
BEGIN
    EDITTEXT         IDC_EDIT,   15,17,111,13, ES_AUTOHSCROLL | ES_LEFT
    DEFPUSHBUTTON   "Say Hello", IDC_BUTTON,    141,10,52,13
    PUSHBUTTON      "E&xit", IDC_EXIT,  141,26,52,13
END


I tried to add the class to your "tut_10c.exe" program using the Resource Hacker program but it didn't work. So, I think in that example it is not necessary to register the DLGCLASS class with "call RegisterClassEx".

This message is because I am programming the example "Tutorial 10c" using Visual C++ and I have the same problem. My program does NOT work.
call CreateDialogParam always returns "NULL".
If I remove the DLGCLASS class from the resource file, the CreateDialog function works correctly. But it's the same example as yours.
I hope you know something else and why CreateDialog doesn't work when we write the class in the resource file.
Regards!!

EDIT---------------------
I wrote your code in Visual C++ parameter by parameter, and it finally works! My code had 1 different parameter and that's why it didn't work.
If in your code you add "CLASS DLGCLASS" in the resource file, the program works correctly.
Again, thank you very much.

Mikl__

Hi, Tousando!
I am very glad someone is interested in my programs yet...

TouEnMasm


I had try to dowload the package at the first post,he couldn't be open ???
The tut24,mouse hook,is in 32 bits,I try to made it work in 64 bits,Have you a soluce ?
Fa is a musical note to play with CL

Mikl__

#174
Hi, Yves!
Just downloaded the attachment from the first post, it downloads normally. Perhaps you are trying to open a picture, they also have an extension ZIP. Just in case, I add attachments from 2-nd and 24-th lessons. You will write if you will have questions. If you are interested here is a lot of information.

TouEnMasm

Thanks for all,I just update a link
the Windows Driver Kit Version 7.1.0 is here (update link) with ml64.exe
https://www.microsoft.com/en-us/download/details.aspx?id=11800
Fa is a musical note to play with CL

six_L

difference:
1,the mouse hook tutorial can't accomplish the same function on x86 system.
  because the WindowFromPoint function does not retrieve a handle to a hidden
  or disabled window, even if the point is within the window. An application
  should use the ChildWindowFromPoint function for a nonrestrictive search.
2,can't use static lib, only load dll.
3,WH_MOUSE can't work on the global hook, must use WH_MOUSE_LL.
Say you, Say me, Say the codes together for ever.

Mikl__

Hi, six_L!
Thanks! I will try to figure it out and post the corrected program

bluedevil

Hello Mikl
You didn't include Win32 Debug examples(TUTE28-29-30) in your series.

I have done TUTE28. I have created a thread here.

But I got stuck on TUTE30. My code gets assembled and runs! But it doesn't count instructions.


WinMainCRTStartup proc
   
    invoke RtlZeroMemory, addr DBEvent, sizeof DBEvent
    invoke RtlZeroMemory, addr pi, sizeof pi
    invoke RtlZeroMemory, addr startinfo, sizeof startinfo
    invoke RtlZeroMemory, addr context, sizeof context
   
    invoke GetOpenFileName, addr ofn
   
    .if rax==TRUE
        invoke GetStartupInfo, addr startinfo
        invoke CreateProcess, \
                        addr szFileName, NULL, NULL, NULL, FALSE, \
                        DEBUG_PROCESS or DEBUG_ONLY_THIS_PROCESS, \
                        NULL, NULL, addr startinfo, addr pi
       
        .while TRUE
            invoke WaitForDebugEvent, addr DBEvent, INFINITE
           
            .if DBEvent.dwDebugEventCode==EXIT_PROCESS_DEBUG_EVENT
                invoke wsprintf, addr szFileName, addr ExitProc, TotalInstruction
                invoke MessageBox, NULL, addr szFileName, addr AppName, MB_OK or MB_ICONINFORMATION
                .break
               
            .elseif DBEvent.dwDebugEventCode==EXCEPTION_DEBUG_EVENT
                .if DBEvent.Exception.ExceptionRecord.ExceptionCode==EXCEPTION_BREAKPOINT
                    mov context.ContextFlags, CONTEXT_CONTROL
                    invoke GetThreadContext, pi.hThread, addr context
                    or context.EFlags, 100h                 ; set trap flag
                    invoke SetThreadContext, pi.hThread, addr context
                    invoke ContinueDebugEvent, DBEvent.dwProcessId, DBEvent.dwThreadId, DBG_CONTINUE
                    .continue
                   
                .elseif DBEvent.Exception.ExceptionRecord.ExceptionCode==EXCEPTION_SINGLE_STEP
                    inc TotalInstruction
                    invoke GetThreadContext, pi.hThread, addr context
                    or context.EFlags, 100h
                    invoke SetThreadContext, pi.hThread, addr context
                    invoke ContinueDebugEvent, DBEvent.dwProcessId, DBEvent.dwThreadId, DBG_CONTINUE
                    .continue
                   
                .endif
               
                .break
            .endif
           
            invoke ContinueDebugEvent, DBEvent.dwProcessId, DBEvent.dwThreadId, DBG_EXCEPTION_NOT_HANDLED
           
        .endw
       
    .endif
   
    invoke CloseHandle, pi.hProcess
    invoke CloseHandle, pi.hThread

    invoke  ExitProcess, 0

WinMainCRTStartup endp


Handling this kind of issue in x64 windows might be different. I have done a research on google, stackoverflow and msdn but I couldn't find a proper solution.

I have attached the sources if anyone interested.

Last Note: I have tested on both 32/64 bit hello messagebox applications an unfortunately the results are the same
..Dreams make the future
But the past never lies..
BlueDeviL // SCT
My Code Site:
BlueDeviL Github

code0

Major thanks. It's about time I learned win64 asm. I'm curious to see how this all works under win10 and win11.