The MASM Forum

Hi all!

I've just joined the forum. :biggrin:

The first topic I want to post here is about MASM macros – simple text macro.
Long time ago, when I wrote a small utility (Win32) in MASM to check if a container's name is valid (ISO check digit), I decided to hide strings in the executable from viewing.
To do that, I tried to write an MASM macro. The usage is simple:
_EOPENFILE DB @T(<Error opening file.~0>)The string will be hidden by XORring with a changing key.
See the attached images for more details.
Macro code in file NQS_MAC.INC (remove ".txt" in its name).

The macro code is far from complete.
I'm awaiting to hearing from you.
Thank you for your attention.

Could you provide an example of practical usage?

Not sure exactly what your question is here.
Could you post the source to your macro? (It's not top sekrit, is it? maybe omit the key?)
Looks interesting.

Quote from: NoCforMe on March 19, 2025, 05:43:30 AMCould you post the source to your macro? (It's not top sekrit, is it? maybe omit the key?)

In the attached .txt file...NQS_MAC.INC.txt there are several macros.
But no example of its usage.

I guess we'll have to wait for some specific questions from the OP.

BTW, how did you create that file? Weird formatting (carriage-returns only, no line feeds, so Notepad opened it as a huge mess with no line breaks).

Luckily my own editor opened it correctly, with line breaks. Might want to check that in the future.

Hi all!
I shall post full source code to illustrate how to use the macro.
In the images attached, you will see something like @T(<...>), that is where the macro called.
The images taken when I was using a Macbook.  :biggrin:

The usage of the macro is quite simple.
include .\NQS_Mac.inc
; ...
; ...
.DATA
; ...
lblFrom label Byte ; Mark start of strings to be encoded
  szTitle DB @T(<ISO Check Digit~0>)
  ; ...
lblTo label Byte ; Mark end of strings to be encoded
; ...
.CODE
  ; Decode strings
  @Decode lblFrom, lblTo - lblFrom
  ; ...

Please see details in the attached ZIP file.
As you can see, I wrote the macro in 2004, quite a long time.
I hope you will find it helpful and make some improvements to it.

;;;;;;; Entry Point ;;;;;;;;;;;;;;;;;;;;;;
Start:
mov eax, offset lblFrom
int 3
@Decode lblFrom, lblTo - lblFrom
Very nice :thumbsup:

So the user cannot just open the executable in Notepad or so and find the "hidden" strings. There is a similar feature in RichMasm called "obscure string", but when I tried that one yesterday (inspired by your macro) I found a little glitch. So I'm in bug chasing mode now :cool:

Quote from: jj2007 on March 19, 2025, 10:41:07 PM

Code Select Expand

;;;;;;; Entry Point ;;;;;;;;;;;;;;;;;;;;;;
Start:
mov eax, offset lblFrom
int 3
@Decode lblFrom, lblTo - lblFrom
Very nice :thumbsup:

So the user cannot just open the executable in Notepad or so and find the "hidden" strings. There is a similar feature in RichMasm called "obscure string", but when I tried that one yesterday (inspired by your macro) I found a little glitch. So I'm in bug chasing mode now :cool:

If RichMasm has that feature, obscure string, programmers will be happy. But will the app have something, like macro or some lines of codes, to make the string unobscured?

Quote from: quocsan on March 19, 2025, 11:24:17 PMBut will the app have something, like macro or some lines of codes, to make the string unobscured?

    ; quocsan has good ideas    ; <<< select the text, then go to menu Edit & Format and click Obscure string; the following lines will be inserted:
; ---- start ----
    push 9 
    call @F
    dd 08D4D91D2h,0E81F91F2h,0D423ADD2h,0EF2ADEB3h,08A4EB793h,0EE21D8F4h,0CE52B99Ch,0EE3CD8EFh,08D53AD9Eh
@@:    pop edx
    pop ecx
    .Repeat
        mov eax, [edx]
        xor eax, [edx-4]
        add edx, 4
        push eax
        dec ecx
    .Until Zero?

    print esp    ; esp points to the decoded string

    add esp, 4*9 
; ---- end ----
And it looks like this in the debugger:
CPU Disasm
Address   Hex dump          Command                                  Comments
00401001   .  6A 09         push 9                                   ; /Arg1 = 9
00401003   .  E8 24000000   call 0040102C                            ; \CHK.0040102C
00401008   .  D291 4D8DF291 rcl byte ptr [ecx+91F28D4D], cl
0040100E   .  1F            pop ds
0040100F      E8            db E8
00401010      D2            db D2
00401011      AD            db AD
00401012      23            db 23                                    ; char '#'
00401013      D4            db D4
00401014      B3            db B3
00401015      DE            db DE
00401016      2A            db 2A                                    ; char '*'
00401017      EF            db EF
00401018      93            db 93
00401019      B7            db B7
0040101A      4E            db 4E                                    ; char 'N'
0040101B      8A            db 8A
0040101C      F4            db F4
0040101D      D8            db D8
0040101E      21            db 21                                    ; char '!'
0040101F      EE            db EE
00401020      9C            db 9C
00401021      B9            db B9
00401022      52            db 52                                    ; char 'R'
00401023      CE            db CE
00401024      EF            db EF
00401025      D8            db D8
00401026      3C            db 3C                                    ; char '<'
00401027      EE            db EE
00401028      9E            db 9E
00401029      AD            db AD
0040102A      53            db 53                                    ; char 'S'
0040102B      8D            db 8D                                    ; CHK.0040102B(guessed Arg1)
0040102C  /$  5A            pop edx
0040102D  |.  59            pop ecx
0040102E  |>  8B02          /mov eax, [edx]
00401030  |.  3342 FC       |xor eax, [edx-4]
00401033  |.  83C2 04       |add edx, 4
00401036  |.  50            |push eax
00401037  |.  49            |dec ecx
00401038  |.^ 75 F4         \jnz short 0040102E


Quote from: quocsan on March 19, 2025, 11:24:17 PMIf RichMasm has that feature, obscure string, programmers will be happy. But will the app have something, like macro or some lines of codes, to make the string unobscured?

He has even more. But you will have to open Pandora's box to see it. Or a different can o' worms.  :tongue:

Ask him about  MasmBasic (https://masm32.com/board/index.php?board=57.0) ...  :thumbsup:
jj2007 is a very prolific coder, but much of his code uses MasmBasic. It's not for everybody's taste, but you may like it. You seem to have a very good grasp on plain old masm, so adapting may come easy for you.

No charge jj, for the referral.  :biggrin:

  ; <<< select the text, then go to menu Edit & Format and click Obscure string; the following lines will be inserted:
; ---- start ----
    push 9 
    call @F
    dd 08D4D91D2h,0E81F91F2h,0D423ADD2h,0EF2ADEB3h,08A4EB793h,0EE21D8F4h,0CE52B99Ch,0EE3CD8EFh,08D53AD9Eh
@@:    pop edx
    pop ecx
    .Repeat
        mov eax, [edx]
        xor eax, [edx-4]
        add edx, 4
        push eax
        dec ecx
    .Until Zero?

    print esp    ; esp points to the decoded string

Great!
Your code call...pop reminds me of the way to get the address of the code line after call instruction. :-)

I'm also thinking of improving my macros.

Quote from: quocsan on March 20, 2025, 01:12:03 AMthe way to get the address of the code line after call instruction

Exactly ;-)

Quote from: zedd151 on March 20, 2025, 12:45:35 AMjj2007 is a very prolific coder, but much of his code uses MasmBasic. It's not for everybody's taste, but you may like it. You seem to have a very good grasp on plain old masm, so adapting may come easy for you.

No charge jj, for the referral.  :biggrin:

Well, I shall try to look at MasmBasic.

I learnt the assembly language from MS-DOS time, studied interrupts, TSR programs, etc. But for my job, I had to pay most of my time in other programming languages.
For Win32, I had only some small asm apps.

Recently I've turned back to asm again and felt free as before: Free to code, free to cause problem to my PCs/laptops and my head.  :badgrin:

Quote from: zedd151 on March 20, 2025, 12:45:35 AMNo charge jj, for the referral.

Normally MasmBasic is free, but for you I'll make a special price :badgrin:

Quote from: quocsan on March 20, 2025, 01:38:50 AMFree to code, free to cause problem to my PCs/laptops and my head.  :badgrin:

Been there, done that.  :biggrin:
I was also at times, free from the obligation to go to work every now and then. I told them I had some sort of virus.  :tongue:  I am retired now, and have plenty of time.

include \masm32\MasmBasic\MasmBasic.inc
  Init
  .if Instr_(GetRegVal("HKCU\Volatile Environment","USERPROFILE", "unknown"), "Zedd")
MsgBox 0, "Please put 100$ on my account, IBAN IT991234675106510650651651", "Hi Zedd", MB_OK
  .else
MsgBox 0, "Congrats, MasmBasic is free!!", "Hi", MB_OK
  .endif
EndOfCode :cool:

Quote from: jj2007 on March 19, 2025, 10:41:07 PM

Code Select Expand

I'm in bug chasing mode now

This is the name of my current life  :skrewy:


Masmbasic is a great project!

Quote from: quocsan on March 18, 2025, 11:45:10 PMI'm awaiting to hearing from you.

Check the attachment ;-)

And, just for fun, build it and run it with a debugger...

Quote from: jj2007 on March 22, 2025, 03:23:00 AM

Quote from: quocsan on March 18, 2025, 11:45:10 PMI'm awaiting to hearing from you.

Check the attachment ;-)

And, just for fun, build it and run it with a debugger...

Dear jj2007,
I shall check the app when I'm with Windows PC.
Quick look at the source code, I was thinking of a polymorphic virus until I saw MsgBox.  :badgrin:

EDIT: I've just checked your app on MacBook via Parallel Desktop.
So good! The quite long string was completely obscured!
Now I am thinking of making this feature available on other languages such as C/C++/Pascal.

Last time, accidentally I saw a thread by NoCforMe about Finite State Automaton, so I try learning automata, CFG and the like. Perhaps some day I can build for myself an expression parser in form of a DLL written completely in the assembly language. :-)

Quote from: quocsan on March 23, 2025, 12:54:53 AMPerhaps some day I can build for myself an expression parser in form of a DLL written completely in the assembly language. :-)

Oh, I have no doubt that you can and will do that.
It's completely within the realm of possibility.

Quote from: quocsan on March 23, 2025, 12:54:53 AMI shall check the app when I'm with Windows PC.
Quick look at the source code, I was thinking of a polymorphic virus until I saw MsgBox.  :badgrin:

I found the bug in RichMasm, the corrected version is online (http://masm32.com/board/index.php?topic=94.0) :biggrin:

To use the feature,
- open a source in RichMasm
- select the text you want to obscure (plain text, don't include quotes)
- go to menu Edit & Format and click on Obscure string (near the bottom)
- move the part between --- start and --- end to where it should run.
- mov ecx, esp: use as needed, but don't forget the stack correction after using it

Quote from: jj2007 on March 24, 2025, 08:50:54 AM

Quote from: quocsan on March 23, 2025, 12:54:53 AMI shall check the app when I'm with Windows PC.
Quick look at the source code, I was thinking of a polymorphic virus until I saw MsgBox.  :badgrin:

I found the bug in RichMasm, the corrected version is online (http://masm32.com/board/index.php?topic=94.0) :biggrin:

To use the feature,
- open a source in RichMasm
- select the text you want to obscure (plain text, don't include quotes)
- go to menu Edit & Format and click on Obscure string (near the bottom)
- move the part between --- start and --- end to where it should run.
- mov ecx, esp: use as needed, but don't forget the stack correction after using it

Thank you for your effort, jj2007.
I shall trying this feature. 😀