Hi,
I just installed MASM32 the other day and currently learning how to write assembly code. I'm just writing a few simple programmes to understand how the syntax works. And here's what I have produced:
.386
.model flat, stdcall
option casemap: none
include \Masm32\include\masm32rt.inc
.data
strData db "WinExec",0
.code
start:
mov ebp, esp
sub esp, 18h
xor esi, esi
pushw si
push 63h
pushw 6578h
push 456e6957h
mov [ebp-4], esp
mov edi, offset strData
mov esi, [ebp-4]
xor ecx, ecx
cld
add cx, 8
repe cmpsb
jz success
jnz failure
success:
MsgBox 0, "Good", "Notif", 0
failure:
MsgBox 0, "NOT EQUAL", "Notif", 0
end
And it doesn't work. The compiler is giving some errors.
Assembling: C:\Users\[user]\Desktop\New folder\demo.asm
\Masm32\include\masm32rt.inc(33) : warning A4011: multiple .MODEL directives found : .MODEL ignored
***********
ASCII build
***********
Microsoft (R) Incremental Linker Version 5.12.8078
Copyright (C) Microsoft Corp 1992-1998. All rights reserved.
LINK : error LNK2001: unresolved external symbol _mainCRTStartup
demo.exe : fatal error LNK1120: 1 unresolved externals
_
Link error
From the warning, it seems like declaring .model at the beginning of the programme is redundant? But I also need to declare the language type, or is that also not necessary?
Then, from the error, it seems like it has something to do with how I divide the programme into sections and using the end directive. So how should I do this? I've tried to search for mentions of this in the Help manuals and also on this forum, but I can't find anything that directly answers my question. So I hope someone can enlighten me on this.
Thanks in advance.
If you use "include \Masm32\include\masm32rt.inc" as the very first line of the source, you do not need:
.386
.model flat, stdcall
option casemap: none
As they are handled in "masm32rt.inc" and are redundant.
Also instead of just ending the code with
end
It should be
end start
To inform the linker of the entry point name (i.e., "start:")
That is why link gives "error LNK2001". That error just means it cannot find the entry point to the code.
Alternatively you can add "/entry:start" to the link command line options.
I noticed in your code you do not call ExitProcess... btw
Couple things:
1. Don't do this to create local (on the stack) variables:
mov ebp, esp
sub esp, 18h
mov esi, [ebp-4]
That's the ugly old-school way where you end up with a cryptic, unnamed variable ("[ebp-4]") that's hard to keep track of.
Instead, do this: First, create a PROC (subroutine):
MyProc PROC
LOCAL myVar:DWORD
This gives you a local variable called myVar that's on the stack. No need to compute any ebp-XXXX offsets. Much more readable and maintainable.
Other thing: you're mixing up 16- and 32-bit stack operations:
pushw si
push 63h
pushw 6578h
push 456e6957h
Not good. In a 32-bit program like this, you should only be doing DWORD (32-bit) PUSHes and POPs. Otherwise the stack can get out of whack.
BTW, I've never ever seen nor used PUSHW, which I assume pushes a word on the stack. Is that part of regular MASM syntax?
Good luck.
Quote from: NoCforMe on April 28, 2025, 04:08:37 PMOther thing: you're mixing up 16- and 32-bit stack operations:
pushw si
push 63h
pushw 6578h
push 456e6957h
Not good.
I searched for pushw... I have never seen it used before either.
https://masm32.com/board/index.php?msg=89825 (https://masm32.com/board/index.php?msg=89825)
Looks very familiar. :tongue:
Here's something that might help you get started.
Rather than sitting down and typing code from scratch, I think most of us use templates. I have a bunch of them. This gives you a ready-made starting point.
Here's one that creates a very simple program that doesn't create any windows:
;====================================
; -- minimal skeleton --
; (creates no windows)
;====================================
.nolist
include \masm32\include\masm32rt.inc
.list
;====================================
; HERE BE DATA
;====================================
.data
InstanceHandle DD ?
Message DB "Hello there, handsome!", 0
;====================================
; CODE LIVES HERE
;====================================
.code
start:
CALL WinMain
INVOKE ExitProcess, 0
;====================================
; The Main Subroutine
;====================================
WinMain PROC
LOCAL myVar1:DWORD, myVar2:DWORD
INVOKE GetModuleHandle, NULL
MOV InstanceHandle, EAX
; Display a message on-screen:
INVOKE MessageBox, NULL, OFFSET Message, NULL, MB_OK
; Put some more code here ...
RET
WinMain ENDP
END start
You don't have to follow my style, of course: I just want to give you something you can use to kick-start your programming.
You don't have to have that WinMain PROC, but I put it in to show you how you can create LOCAL variables easily.
Have fun!
Ah, got it, thank you for the explanation.
Quote from: zedd on April 28, 2025, 03:52:50 PMI noticed in your code you do not call ExitProcess... btw
Right, so that's why my programme has been crashing after it has finished all of its tasks. I thought the
end directive is supposed to do that, apparently not. Thanks for pointing that out.
Quote from: NoCforMe on April 28, 2025, 04:08:37 PM1. Don't do this to create local (on the stack) variables:
Other thing: you're mixing up 16- and 32-bit stack operations:
I'm actually studying another article and that's where I took some of my instructions from. Regarding the
push and
pushw, the article explains it's got to do with stack alignment, but I'm not actually using it and just taking this as an example for my code. And about using stack variables, my goal for now is to figure out the opcodes for these instructions rather than actually learning MASM syntax and macros. But all the info and template that you gave me is gonna be useful in the near future when I have to study more about MASM.
Thank you both for the help :biggrin:
Admin' EDIT - Thank you for Removing the 'Link' :thumbsup:
:biggrin:
That URL has two triggers, "exploit" and "shellcode". Probably not a good site to learn the basics of MASM :eusa_naughty:
Convince me otherwise :icon_idea:
Discussion of Shellcode is not allowed here, quan11304. :eusa_naughty: :eusa_naughty:
Please re-read the forum rules with particular attention to rule #3
forum rules (https://masm32.com/board/index.php?topic=4.0)
I don't think the code in that article is even written in MASM syntax lol, so I'm not gonna argue with you on that :greensml: I'm just using it to get a better idea of what I'm currently doing (malware analysis) in Assembly. I'm also studying from different sources (including this forum) so I think I'm doing okay, thanks for the concern regardless :thumbsup:
Quote from: zedd on April 28, 2025, 05:30:37 PMDiscussion of Shellcode is not allowed here, quan11304.
Please re-read the forum rules with particular attention to rule #3
[url="https://masm32.com/board/index.php?topic=4.0"] forum rules[/url]
Got it, thanks for the reminder, really sorry about that
For malware analysis and similar advaced technique it is good to get familiar first with simple programs written in assembler.
You might like my tutorial (https://euroassembler.eu/eadoc/tut_eng.htm#HelloW32), which requires almost no directives, third-party files or linker for simple Hello World program.
Quote from: vitsoft on April 29, 2025, 03:10:28 AMYou might like my tutorial (https://euroassembler.eu/eadoc/tut_eng.htm#HelloW32), which requires almost no directives, third-party files or linker for simple Hello World program.
Sorry; I looked at your tutorial and I do not like it.
Push-push-call? Really? This is 2025, after all.
And a totally non-standard assembler, "euroasm"?
Quote from: NoCforMe on April 29, 2025, 05:48:05 AMAnd a totally non-standard assembler, "euroasm"?
I'll add that using "euroasm" is not a good suggestion to someone new to assembly programming.
There are many, many more programmers here that use masm (or compatible) and can help newcomers to start assembly programming for Windows.
Quote from: vitsoft on April 29, 2025, 03:10:28 AMFor malware analysis and similar advaced technique ...
We have seen many newcomers that were interested in "malware analysis" over the years. Unfortunately most, if not all of them, were interested in writing some form of malware, not just analyzing it. They are usually found out in short order.
So regarding the gray area here of "shell code":
Not to get into the legality or not of this, which frankly doesn't interest me very much.
But I'm curious, since I don't know much about this stuff:
What is it used for? What's its purpose?
I looked at the linked "Basics of Windows shellcode writing" and found a long technical explanation of how to use it, but nothing I can see there about what it's used for.
What can you do with shell code that you can't otherwise do?
Are there legitimate uses for it?
"enquiring programmers wanna know"
Not here. Maybe via PM.
Quote from: zedd on April 29, 2025, 06:30:04 AMNot here. Maybe via PM.
As I so pointedly pointed out in my PM reply to you:
give me break!Just because you discuss something doesn't necessarily mean you're going to deploy it.
I don't want to rely on some Wikipedia article; I'd like to hear from folks here what it's all about.
Deja vu all over again (https://masm32.com/board/index.php?msg=129694)
Quote from: sinsi on April 29, 2025, 07:08:21 AMDeja vu all over again (https://masm32.com/board/index.php?msg=129694)
So the mere mention of this topic is enough to get this site shut down, sent to oblivion, destroyed forever?
I don't believe it. Sounds like superstition to me.
One question I'd like answered: are there any legitimate uses of shell code?
Quote from: NoCforMe on April 29, 2025, 06:56:25 AMQuote from: zedd on April 29, 2025, 06:30:04 AMNot here. Maybe via PM.
As I so pointedly pointed out in my PM reply to you: give me a fucking break!
Just because you discuss something doesn't necessarily mean you're going to deploy it.
I don't want to rely on some goddamn Wikipedia article; I'd like to hear from folks here what it's all about.
Quote from: NoCforMe on April 29, 2025, 07:28:27 AMQuote from: sinsi on April 29, 2025, 07:08:21 AMDeja vu all over again (https://masm32.com/board/index.php?msg=129694)
So the mere mention of this topic is enough to get this site shut down, sent to oblivion, destroyed forever?
I don't believe it. Sounds like superstition to me.
One question I'd like answered: are there any legitimate uses of shell code?
Go ask stoo23 or Biterider why it is not a good idea to post about these topics on the forum.
And definitely NOT in the Campus!
Quote from: zedd on April 29, 2025, 07:52:01 AMGo ask stoo23 or Biterider why it is not a good idea to post about these topics on the forum.
I'm listening. I sent Biterider a PM.
QuoteAnd definitely NOT in the Campus!
Don't want to give the kiddies any ideas, eh?