Author Topic: Examples for Win64 Iczelion tutorial  (Read 110492 times)

hutch--

  • Administrator
  • Member
  • ******
  • Posts: 7553
  • Mnemonic Driven API Grinder
    • The MASM32 SDK
Re: Examples for Win64 Iczelion tutorial
« Reply #165 on: January 09, 2017, 12:23:25 PM »
Its a big task Jack, you start from either the root directory or a directory of your choice and recursively read up and down each directory tree storing the file and directory names. Unless you want to write a large and complex backup application, do yourself a favour and buy WinRar or something similar as you can scan and save large blocks of file/directory data and plonk it all into either a RAR or ZIP file. You can also set the option to make a self extracting EXE file with it.

I think you can download 7zip for free but from memory its interface is a bit complicated.
hutch at movsd dot com
http://www.masm32.com    :biggrin:  :skrewy:

Mikl__

  • Member
  • *****
  • Posts: 1008
Re: Examples for Win64 Iczelion tutorial
« Reply #166 on: March 16, 2017, 01:39:45 PM »
Tiny MessageBox x64 without import in FASM
We write an auxiliary program in MASM that will show the addresses of functions LoadLibraryA and MessageBoxA
Code: [Select]
include win64a.inc
.data             
MsgBoxText      db 50 dup(0)
MsgCaption      db "Win64 Iczelion's lesson #2: MessageBox",0
fmt db "MessageBox = %Xh",10,"LoadLibrary = %Xh",0
FunctionName db "MessageBoxA",0
LibName db "user32.dll",0
.code
WinMain proc
sub esp,28h
mov r9,LoadLibrary
mov r8,MessageBox
lea rdx,fmt
lea rcx,MsgBoxText
invoke wsprintf
        lea rdx,MsgBoxText
lea r8,MsgCaption
invoke MessageBox,NULL,,,MB_OK
invoke ExitProcess,0
WinMain endp
end
Then, using FASM, we write the following program, where we substitute the found function addresses and write tiny MessageBox without import
Code: [Select]
format binary as "exe"
include "win64a.inc"
struc dbs [data]
{
  common
  . db data
  .size = $ - .
}

IMAGE_DOS_SIGNATURE equ 5A4Dh
IMAGE_NT_SIGNATURE equ 00004550h
PROCESSOR_AMD_X8664 equ 8664h
IMAGE_SCN_CNT_CODE equ 00000020h
IMAGE_SCN_MEM_WRITE equ 80000000h
IMAGE_SCN_MEM_READ equ 40000000h
IMAGE_SCN_CNT_INITIALIZED_DATA equ 00000040h
IMAGE_SUBSYSTEM_WINDOWS_GUI equ 2
IMAGE_NT_OPTIONAL_HDR64_MAGIC equ 20Bh
IMAGE_FILE_RELOCS_STRIPPED equ 1
IMAGE_FILE_EXECUTABLE_IMAGE equ 2
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE equ 0x8000
IMAGE_BASE equ 0x400000
;align1 equ 4
use64
org 0
;--------DOS-stub-------------------------------
Signature dw IMAGE_DOS_SIGNATURE,0
;-------PE-header--------------------------------------------------
ntHeader dd IMAGE_NT_SIGNATURE
;image_header------------------------------------
Machine dw PROCESSOR_AMD_X8664;CPU Type
Count_of_section dw 0;Number of sections
TimeStump dd 0;Information about the time when the PE-file was compiled
Symbol_table_offset dd 0;A pointer to the size of debug information
Symbol_table_count dd 0;A pointer to the COFF symbol table-PE-format
Size_of_optional_header dw begin-optional_header;The size of optional header
Characteristics dw IMAGE_FILE_RELOCS_STRIPPED or IMAGE_FILE_EXECUTABLE_IMAGE;file attributes
;-------Standard field NT-----------------
optional_header:
Magic_optional_header dw IMAGE_NT_OPTIONAL_HDR64_MAGIC;Status Display File
Linker_version_major_and_minor dw 10;Contain the linker version that created the file
Size_of_code dd end_import - begin;The total size of the code sections
Size_of_init_data dd 0;The total size of initialized data
Size_of_uninit_data dd 0;The total size of uninitialized data
entry_point dd start
base_of_code dd begin
;------Additional fields NT------------------------------
image_base dq IMAGE_BASE
section_alignment dd 4
file_alignment dd ntHeader
OS_version_major_minor dw 5,2
image_version_major_minor dd 0
subsystem_version_major_minor dw 5,2
Win32_version dd 0
size_of_image dd end_import
size_of_header dd begin
checksum dd 0
subsystem dw IMAGE_SUBSYSTEM_WINDOWS_GUI
DLL_flag dw IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE + 100h;
Stack_allocation dq 0x100000
Stack_commit dq 0x1000
Heap_allocation dq 0x100000
Heap_commit dq 0x1000
loader_flag dd 0
number_of_dirs dd 0
;--------code and data------------------------------
begin:
MsgBoxText dbs "Win64 Assembly is Great!",0
MsgCaption db "Win64 Iczelion's lesson #2: MessageBox",0
user32_dll db "user32",0
start:
sub esp,28h
mov ecx,user32_dll+IMAGE_BASE
mov eax,778C6510h; Attention!!! Your function address is different
call rax;call [LoadLibrary]
mov edx,MsgBoxText+IMAGE_BASE
lea r8,[rdx+MsgBoxText.size]
xor ecx,ecx
xor r9d,r9d
mov eax,77A41304h; Attention!!! Your function address is different
call rax;call [MessageBox]
add esp,28h
retn
times 268-$ db 0  ;filling up to 268 bytes
« Last Edit: March 16, 2017, 04:25:58 PM by Mikl__ »

Mikl__

  • Member
  • *****
  • Posts: 1008
Re: Examples for Win64 Iczelion tutorial
« Reply #167 on: March 18, 2017, 04:54:29 AM »
It is possible and here so
Code: [Select]
start:
sub esp,28h
mov ecx,user32_dll+IMAGE_BASE
db 0E8h
dd 778C6510h-IMAGE_BASE-$-4;call [LoadLibrary]
mov edx,MsgBoxText+IMAGE_BASE
lea r8,[rdx+MsgBoxText.size]
xor ecx,ecx
xor r9d,r9d
db 0E8h
dd 77A41304h-IMAGE_BASE-$-4;call [MessageBox]
add esp,28h
retn
« Last Edit: March 18, 2017, 01:45:39 PM by Mikl__ »

Mikl__

  • Member
  • *****
  • Posts: 1008
Re: Examples for Win64 Iczelion tutorial
« Reply #168 on: May 13, 2017, 06:26:03 PM »
Hi, All!
I decided to rewrite "Examples for Win64 Iczelion tutorial" as it were a parody of "The Tales of Uncle Remus about Brother Rabbit". If interested, I can spread those parts that do not require translation into Russian. I'm trying to remake the 14th lesson of Iczelion
Code: [Select]
; GUI #
include win64a.inc
MI_PROCESS_CREATE equ 1
MI_PROCESS_TERMINATE equ 2
MI_EXIT equ 3
IDR_MAINMENU equ 30

.code
WinMain proc
local msg:MSG

      xor ebx,ebx

mov edi,offset ClassName
mov esi,IMAGE_BASE
mov ecx,offset FileName
invoke LoadCursorFromFile
push rax ;hIconSm
push rdi ;lpszClassName
push IDR_MAINMENU;lpszMenuName
push COLOR_WINDOW;hbrBackground
push 10003h ;hCursor
push rax        ;hIcon
push rsi ;hInstance
push rbx        ;cbClsExtra & cbWndExtra
pushaddr WndProc;lpfnWndProc
push sizeof WNDCLASSEX;cbSize & style
invoke RegisterClassEx,esp ;addr WNDCLASSEX
push rbx
push rsi ;rsi=400000h
shl esi,9 ;rsi=CW_USEDEFAULT
push rbx
push rbx
push rsi
push rsi
push rsi
push rsi
sub esp,20h
    invoke CreateWindowEx,WS_EX_CLIENTEDGE,edi,edi,WS_OVERLAPPEDWINDOW or WS_VISIBLE
invoke GetMenu,eax
mov hMenu,rax
    lea edi,msg
@@:   invoke GetMessage,edi,0,0,0
invoke DispatchMessage,edi
      jmp @b
WinMain endp

WndProc proc hWnd:HWND, uMsg:UINT, wParam:WPARAM, lParam:LPARAM

local progStartInfo:STARTUPINFO

      mov edi,offset processInfo
mov esi,offset proExitCode
mov hWnd,rcx
      mov wParam,r8
      mov lParam,r9

      cmp  edx,WM_DESTROY
      je   wmDESTROY
      cmp  edx,WM_COMMAND
      je   wmCOMMAND
      cmp  edx,WM_INITMENUPOPUP
je   wmINITMENUPOPUP
      leave
      jmp DefWindowProc

wmDESTROY:invoke ExitProcess,NULL
wmINITMENUPOPUP:invoke GetExitCodeProcess,[rdi+PROCESS_INFORMATION.hProcess],esi
or eax,eax
jz @f;GetExitCodeProcess_TRUE
cmp dword ptr [rsi],STILL_ACTIVE;cmp     [proExitCode],STILL_ACTIVE
jne @f;     GetExitCodeProcess_STILL_ACTIVE
xor r9d,r9d;MF_ENABLED
mov r8d,MF_GRAYED
jmp @0
@@: mov r9d,MF_GRAYED
xor r8d,r8d;MF_ENABLED
@0: invoke EnableMenuItem,hMenu,0;MI_PROCESS_CREATE
      invoke EnableMenuItem,hMenu,MI_PROCESS_TERMINATE,MF_ENABLED,MF_GRAYED
      jmp wmBYE
wmCOMMAND:movzx eax,word ptr wParam
      or r9,r9 ;cmp lParam,0
jnz wmBYE
cmp rax,MI_EXIT
ja  wmBYE
jmp  [menu_handlers+rax*8]

PROCESS_CREATE:cmp [rdi+PROCESS_INFORMATION.hProcess],rbx
je pi_hProcess_IS_0
invoke CloseHandle,[rdi+PROCESS_INFORMATION.hProcess]
mov [rdi+PROCESS_INFORMATION.hProcess],rbx
pi_hProcess_IS_0:
lea esi,progStartInfo
invoke GetStartupInfo,esi
mov edx,offset progName;command line
invoke CreateProcess,0,,0,0,0,NORMAL_PRIORITY_CLASS,0,0,rsi,rdi ;receives PROCESS_INFORMATION
invoke CloseHandle,[rdi+PROCESS_INFORMATION.hThread]
invoke Sleep,20600
invoke TerminateProcess,[rdi+PROCESS_INFORMATION.hProcess],0
invoke CloseHandle,[rdi+PROCESS_INFORMATION.hProcess]
mov [rdi+PROCESS_INFORMATION.hProcess],rbx;0
        jmp wmBYE
TERMINATE:invoke GetExitCodeProcess,[rdi+PROCESS_INFORMATION.hProcess],esi;proExitCode
cmp dword ptr [rsi],STILL_ACTIVE
jne proExitCode_NOT_STILL_ACTIVE;a4;
invoke TerminateProcess,[rdi+PROCESS_INFORMATION.hProcess],0
proExitCode_NOT_STILL_ACTIVE:
invoke CloseHandle,[rdi+PROCESS_INFORMATION.hProcess]
mov [rdi+PROCESS_INFORMATION.hProcess],rbx;0
        jmp wmBYE

EXIT: ;ax=MI_EXIT
        invoke DestroyWindow
wmBYE:  leave
        retn
menu_handlers dq wmBYE,PROCESS_CREATE, TERMINATE, EXIT
WndProc endp
;---------------------------------------
ClassName       db 'Uncle Remus tales:#14 Process',0
hMenu dq ?
proExitCode dq ?;process exit code
progName db '"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" ';,0
arg db '"E:\Uncle Remus tales\37\37c\movie3.wmv"',0
FileName db "br_Rabbit3.cur",0
processInfo PROCESS_INFORMATION <>
end
rc-file
Code: [Select]
#define MI_PROCESS_CREATE 1
#define MI_PROCESS_TERMINATE 2
#define MI_EXIT 3
#define IDR_MAINMENU 30
IDR_MAINMENU MENU
{
POPUP "&Process"
        {
         MENUITEM "&Create Process",MI_PROCESS_CREATE
         MENUITEM "&Terminate Process",MI_PROCESS_TERMINATE,GRAYED
         MENUITEM SEPARATOR
         MENUITEM "E&xit",MI_EXIT
        }
}
In order for the application to close the process, I specify the fragment length in 20,000 milliseconds, and how to find out the actual duration of the file-wmv, please tell me or close process when wmv-file is finished?

HankAsm

  • Regular Member
  • *
  • Posts: 1
Re: Examples for Win64 Iczelion tutorial
« Reply #169 on: September 26, 2017, 04:59:46 AM »
Thanks for the info!

zedd151

  • Member
  • ****
  • Posts: 871
Re: Examples for Win64 Iczelion tutorial
« Reply #170 on: May 19, 2018, 09:01:20 PM »
Wow, Mikl__ that's some collection that you have here.

I can see I will be spending a lot of time in this thread. Thanks for the link.

 :t
I'm not always the sharpest knife in the drawer, but I have my moments.  :P

Tousando

  • Regular Member
  • *
  • Posts: 1
Re: Examples for Win64 Iczelion tutorial
« Reply #171 on: June 18, 2020, 03:40:43 AM »
"Tutorial 10c: CreateDialogParam+WndProc+Class" doesn't work if I add the class in the resource file (RC).

First of all thank you very much for the great work you are doing and allow to download the examples.

In the original Izcelion tutorial, a class (DLGCLASS) is added to the resource file but in your example you don't write that class. This is your code:

Code: [Select]
IDC_DIALOG DIALOG 10, 10, 205, 60
STYLE 0x0004 | DS_CENTER | WS_CAPTION | WS_MINIMIZEBOX |
WS_SYSMENU | WS_VISIBLE | WS_OVERLAPPED | DS_MODALFRAME | DS_3DLOOK
CAPTION "Tutorial 10c: CreateDialogParam+WndProc+Class"
MENU IDC_MENU
BEGIN
    EDITTEXT         IDC_EDIT,   15,17,111,13, ES_AUTOHSCROLL | ES_LEFT
    DEFPUSHBUTTON   "Say Hello", IDC_BUTTON,    141,10,52,13
    PUSHBUTTON      "E&xit", IDC_EXIT,  141,26,52,13
END

I tried to add the class to your "tut_10c.exe" program using the Resource Hacker program but it didn't work. So, I think in that example it is not necessary to register the DLGCLASS class with "call RegisterClassEx".

This message is because I am programming the example "Tutorial 10c" using Visual C++ and I have the same problem. My program does NOT work.
call CreateDialogParam always returns "NULL".
If I remove the DLGCLASS class from the resource file, the CreateDialog function works correctly. But it's the same example as yours.
I hope you know something else and why CreateDialog doesn't work when we write the class in the resource file.
Regards!!

EDIT---------------------
I wrote your code in Visual C++ parameter by parameter, and it finally works! My code had 1 different parameter and that's why it didn't work.
If in your code you add "CLASS DLGCLASS" in the resource file, the program works correctly.
Again, thank you very much.
« Last Edit: June 18, 2020, 05:38:37 AM by Tousando »

Mikl__

  • Member
  • *****
  • Posts: 1008
Re: Examples for Win64 Iczelion tutorial
« Reply #172 on: June 18, 2020, 12:08:59 PM »
Hi, Tousando!
I am very glad someone is interested in my programs yet...

TouEnMasm

  • Member
  • *****
  • Posts: 1350
    • EditMasm
Re: Examples for Win64 Iczelion tutorial
« Reply #173 on: July 13, 2020, 03:03:40 AM »

I had try to dowload the package at the first post,he couldn't be open ???
The tut24,mouse hook,is in 32 bits,I try to made it work in 64 bits,Have you a soluce ?
Fa is a musical note to play with CL

Mikl__

  • Member
  • *****
  • Posts: 1008
Re: Examples for Win64 Iczelion tutorial
« Reply #174 on: July 13, 2020, 09:56:38 AM »
Hi, Yves!
Just downloaded the attachment from the first post, it downloads normally. Perhaps you are trying to open a picture, they also have an extension ZIP. Just in case, I add attachments from 2-nd and 24-th lessons. You will write if you will have questions. If you are interested here is a lot of information.
« Last Edit: July 13, 2020, 11:21:40 AM by Mikl__ »

TouEnMasm

  • Member
  • *****
  • Posts: 1350
    • EditMasm
Re: Examples for Win64 Iczelion tutorial
« Reply #175 on: July 13, 2020, 03:43:18 PM »
Thanks for all,I just update a link
the Windows Driver Kit Version 7.1.0 is here (update link) with ml64.exe
https://www.microsoft.com/en-us/download/details.aspx?id=11800
Fa is a musical note to play with CL