Tampering a very old RadASM.
Have fun!
zip limited, so add another post
Unzip to D:\RadRAM2212Test\
Masm32 in D:\MASM32\
Windows 7 SP1 us
Microsoft Pinyin Input (10.1.7601.0)
NSimSux(win7sp1's simsun.ttc, name be changed from NSimSun to NSimSux, 0 character be changed with a forward slash, so it's easy to identify 0 and O) font
How to:
Unzip to D:\RadASM2212Test
What's it:
Special version for Tiny Screen and Alt+C toggle Column Selection (aka. Block Edit Mode)
Why you tampering it:
Don't know why, Maybe just I can. You wanna tell me how big your screen is? Okay... but it's not mine!
Post source code:
Yes, but wait for me delete my comments (it's a lot shit, 25MB size...)
Another quick and dirty fix.
FileBrowser(Alt -> V -> P -> The "File Browser" Button)
RadASM.exe.cmd
Ctrl + MouseLButtonDoubleClick
Open in Hex Editor
This is wrong! It should be open in TextEdit as a Text file (maybe a batch programming language in a anothor time).
Okay, Fixed.
Shift + MouseLButtonDoubleClick
Open in HexEdit still works.
I think if you can post your input and font settings, than maybe we can make:
Re: RadASM v2.2.1.2 for Masm32 test for Japanese
Re: RadASM v2.2.1.2 for Masm32 test for Russian
Of cause I don't know that is possible yet
Another quick and dirty fix.
Can not find "^i", "^I", "^m" and "^M".
Fixed.
Alt -> e -> a or f
Replace or Find
Find what
Regular string
^i or ^I
VK_TAB (tab character)
File and memory TAB key is the 09h byte
^m or ^M
VK_RETURN (end of line mark, special: last not empty line did not have the mark in file but have in memory)
File is the 0D0Ah word
Memory is the 0Dh byte
Text file's code-page convertion tips.
Text file's code-page "Windows 1252"'s special characters which are not compatiable with "Chinese Simplified (GB2312) 936"
A4h "¤"
This byte is ok, it will be convert to 0A1E8h word.
ABh "«"
AFh "¯"
BBh "»"
FDh "ý"
Text code-page "Windows 1251"'s special characters which are not compatiable with "Chinese Simplified (GB2312) 936"
A0h " "(俄罗斯全角空格)(Russian full-width space character)
Chinese Simplified (GB2312) 936
2 bytes full width characters
一二三四五六七八九十百千万亿兆
壹贰叁肆伍陆柒捌玖拾佰仟微亿兆
〇
零
吉拍太艾
吉皮太阿
纳毫厘分
2 bytes half width characters
āáǎà
ōóǒò
ēéěè
īíǐì
ūúǔù
ǖǘǚǜ
Can you write this letter: ğ Ğ
This is g with breve (https://en.wikipedia.org/wiki/%C4%9E)
don't know the Windows code-page, font, input method.
I guess:
0BBh byte ğ
code-page is Latin 3 (iso-8859-3) 28593
font is Microsoft YaHei (Language: Turkish)
Keyboard shortcuts
Ctrl+Alt+End
Toggle the Splitter Bar in middle of window
Ctrl+Shift+Up
Move the splitter up
Ctrl+Shift+Down
Move the splitter down
Regular strings
^
Beginning of line
\t
Tab
\n
Enter
Regular String
$
End of line
Another quick and dirty fix!
Deal with chinese gb2312 two bytes and half width characters.
Another quick and dirty fix.
Deal with jj2007 style masm source code file.
Quote from: learn64bit on September 18, 2022, 01:24:00 AM
Deal with jj2007 style masm source code file.
I was expecting some type of reformatting
source code but all I see in the attachment is a .dll. How exactly are you making these changes? Wheres the source code?
"Post source code:
Yes, but wait for me delete my comments (it's a lot shit, 25MB size...)"
This need time, maybe I should finish my 64 bit convertion first. then no need to do this(no meaning for me, just wast my time, and very boring), sorry for that.
Quote from: learn64bit on September 18, 2022, 02:12:07 AM
Yes, but wait for me delete my comments
I was just wondering, since
I won't even try to run any .exe or .dll without knowing what has been added to it. Without seeing
source code for it, most users here would also probably not run either; or at the very leasy run it through some antivirus software first.
Quote from: learn64bit on September 18, 2022, 01:24:00 AM
Deal with jj2007 style masm source code file.
Where did you dig out that one? :biggrin:
It's "TinyRTFeditor", for me its a weird style! haha!
For everyone: Thanks for reading my post!
Fix the "括号" bug!
limited, and add new post
Another quick and dirty fix
The ";" comments after include/includelib
Fix the "^ " bug!
Fix another "Find" bug.
Fix the ";~" bug.
Hope no more bug be captured by anyone!
New playground:
Deal with the MASM source code files
Step 1 - Text formats
Text file detection, then convert to RadASM format (Windows text file format)
Windows - PC
0D0Ah - CR/LF - Enter
2 bytes
Linux/Mac OS(new) - Unix / Mac OS X
0Dh
1 byte
Mac OS(old) - Mac OS 9
0Ah
1 byte
Step 2 - Text encodings
Encoding convertion - Code-page convertion
1251 to 936
1251 to WideChar, then WideChar to 936
WideChar to 936
Should prompt the translation or deleting
Should prompt the line number and byte number in line
1252 to 936
1252 to WideChar, then WideChar to 936
Maybe should add UTF8 (without BOM[Byte Order Mark]/Signature)
Damn, somebody already found a bug (Ctrl+Alt+O opened ".rc" checked the "end" keyword)...
My mouse broken on me!
How do I use RadASM now?
You can just use your keyboard.
Added F6 to switch Focus on EditA/B.
Keyboard shortcuts
Ctrl+Alt+End
Toggle the Splitter Bar in middle of window
Ctrl+Shift+Up
Move the splitter up
Ctrl+Shift+Down
Move the splitter down
F6
Goto another SubWindow (Up Window / Down Window)
Ctrl+Up/Down
Scroll window
Ctrl+G
Goto line
Modified menus a little bit.
And try to deal with Find in files and File encodings convertion.
size limited
Keep doing RadASM menus clean up
Try the text encodings conversion
It can flawlessly open Utf-8 and Utf-16 docs, fine, but where is the build button, and why does it need 752,128 bytes for its limited functionality?
Hmmm. This looks suspiciously like Notepad, which is available already on every version of Microsoft Windows. :eusa_naughty:
Do you have source code for this? I'd like to learn about printing in this type of program, and Structured Exception Handling as well.
:badgrin:
Can't be, C:\Windows\System32\notepad.exe has only 179,712 bytes on my Win7-64 machine.
Quote from: jj2007 on October 04, 2022, 10:30:25 PM
Can't be, C:\Windows\System32\notepad.exe has only 179,712 bytes on my Win7-64 machine.
Not going to argue but just saying...
The size of the resources section is making this program bloated. I would bet that the actual code size for this and notepad are strikingly similar. I dont know the version of Windows that it (notepad.exe) is from though...
I dare the author of this thread to prove otherwise.
The very first word in the original post is "Tampering". I believe that is the case here, rather than actually writing any assembly code into a proper source file then assembling & linking it. But this is just my opinion on this matter. Without any source code what else to believe?
Another Tampering:
Fixed a dead loop at "new file/close(quit app)" when make a change and not save it. And change filesize limit to 64 MB
Quote from: zedd151 on October 04, 2022, 11:06:56 PMThe very first word in the original post is "Tampering". I believe that is the case here, rather than actually writing any assembly code into a proper source file then assembling & linking it. But this is just my opinion on this matter. Without any source code what else to believe?
Found a reason for the 700+kB: two identical icons named 1.ico and 6.ico
Quote from: zedd151 on October 04, 2022, 11:06:56 PM
The size of the resources section is making this program bloated. I would bet that the actual code size for this and notepad are strikingly similar. I dont know the version of Windows that it (notepad.exe) is from though...
I dare the author of this thread to prove otherwise.
.text
ECPad
pFile Data Description Value
000001F0 00008000 Size Of RawData 32768
notepad
pFile Data Description Value
000001E0 0000A800 Size Of RawData 43008
Jj and Timo, there are many versions of notepad.exe from different OS's and different regional versions of those OS's as well.
I stand by what I said. Without source code, questions still remain.
Examining notepad.exe from windows xp, windows 7 and windows 10 in ollydbg and comparing to the exe here does not change my view. Maybe someone should send these ECpad files to Microsoft for their analysis...
@ learn64bit: Please explain what you are doing. Post the source code so you can prove me wrong. Or even what link options are you using? The executable you posted requires specific options for linking.
If I am right, which version of Windows are you running?
edited for clarity
I have asked hutch (in a PM) to look into this, to help settle this matter.
You may think my view is strange but we don't need to be internet vigilantees. It sounds like he is playing with one of his system binaries and while Microsoft may frown on the idea, it is in fact harmless. What I will stop is cracks, hacks and any other instructional postings that involve illegal conduct.
If you want to be the "l3Et0" hacker, get a HEX editor. :tongue:
Okay then that settles it. Your word is obviously final, hutch. I have nothing further to say in this matter. But the OP should state that this is a modified system binary, else it looks as if he is representing it as his own creation - which would be plagiarism.
@learn64bit.... carry on. :biggrin: and sorry for the scrutiny. I didn't know that this sort of thing was allowed here. :undecided: (confused)
Fixed the loog typo. And try to add FindTheUncompitableLine
For better machines, 64 bit and 3 GB limit
I guess my AMD E1-2100 will take years to open a 3 GB file. Anyway maybe your machine is really far more better than mine.
Looks it works now
Another quick and dirty fix.
Empty line stopped the FindTheLineWhichContianIncompitableChars.
AND found a nice PEViewer, but did not find the source code yet! (If your mouse broke like me, you can not use keyboard to resize windows...)
https:\\github.com\TimoVJL\Tiny-Lousy-projects\Tiny-Lousy-projects-master\
size limited
Another quick and dirty fix.
GetWord memory over read at the last line which is not empty line.
Another Tampering:
Try
Alt+Spacebar -> Move or Size
to move or size the window
You know what; tools like PEBear, CFF Explorer or PEStudio do not parse static lib files but TimoVJL's tool does. This is so interesting and awesome.
Q:Which fonts I use?
A:I only use 2 fonts.
936 font
Unicode font
Why don't you use Consolas or Source code pro? Don't they support Chinese/Unicode?
My favorite EXEs
MS-DOS 1.0
16-bit DOS COM
MS-DOS 2.0
16-bit DOS EXE
Win16
Windows 3.1
WinNE
MS-DOS 6.22
DOS with DPMI
16-bit and 32-bit mix
Win32
Windows 3.1 + Win32s
Win32pe with BaseRelocation
Windows 95 and NT 3.10
Win32pe
Windows 7 64-bit with SP1
Win32pe with DynamicBase (ASLR)
Win64
Windows XP 64-bit
Win64pe
Quote from: bluedevil on October 14, 2022, 12:19:08 AM
Why don't you use Consolas or Source code pro? Don't they support Chinese/Unicode?
@learn64bit ?
ok... yours is bad, mine is better. but it's just for me, none for others.
unicode... I don't know, but I saw " Lucida Sans Unicode", I assume it support unicode. It's just a quick and dirty choose
My masm.ini for color settings
size limited
Hmmmm.... line 96, from unpacker.asm in ColorSettings.zip
Quoteinvoke MessageBox,NULL,CTEXT(13," Unpacker for QEditor ",13,13," and TheGun ",0) ,CTEXT("About"),MB_OK
Are you writing an unpacker?
Fix the dollar sign
Another "FindFile", sha256sum, try to make "filesize" right.
Source code? Er... Please don't ask about it, it's not human readable and ugly!
Did you dealed with Win7 "Filesystem Redirection"? No... it's too complicated for me! I rather to recording new UASM v2.56 coding video.
(btw: You can replace "c:\" with "\\127.0.0.1\c$\")
Try to add a line above the first textLine
Unicode vs. Ansi
RadASM is a Ansi program
It do not support WideChar filePath
But now it support WideChar filePath for quick view file in TextFileMode
Drag a file then Drop it in RadASM
Do not save the file!
If you need to edit the file don't use DragAndDrop!
NSimSux font
https://drive.google.com/file/d/1UIm1jMu-nAFRHHQPqEoTI-JCKEwoChKp/view?usp=share_link
(first time use google drive, if something wrong tell me)
OriginalSha1sum:4bde644f7203b47c075e14cf8e797a3db215a035
TamperedSha1sum:4acf8ffa9b268f29b0d6f089f683b37b00fd2b22
another quick and dirty fix
fix "end" try number two...
fix "end" try number three...
fix "end" try number four...
PageLeft
Ctrl+,
Alt+Left
can not use it in Windows 7 64-bit
PageSize
EditWidth - ( 8 * ChineseCharacterWidth )
PageRight
Ctrl+.
Alt+Right
PageDown
Scroll down 1 page with change caret position
PageUp
Scroll up 1 page with change caret position
Ctrl+PageDown
Scroll down 1 page without change caret position
Ctrl+PageUp
Scroll up 1 page without change caret position
Ctrl+Home
Goto top
Ctrl+End
Goto end
Ctrl+Up
Scroll down 1 line without change caret position
Ctrl+Down
Scroll up 1 line without change caret position
Ctrl+Left
Move caret to the WordStart
Ctrl+Right
Move caret to the WordEnd
Shift+Left
Select to left
Shift+Right
Select to right
Shift+Ctrl+Left
Select to the WordStart
Shift+Ctrl+Right
Select to the WordEnd
Should be added
Shift+Alt+Delete
Delete Line
Alt+1
Alt -> w -> 1
Alt+2
Alt -> w -> 2
Change to 4 chinese charaters
8 chinese charaters is too complicated to count for human
Microsoft Pinyin New Experience Input Style (10.1.7601.0) - Microsoft Pinying IME - MSPY
Ctrl+SpaceBar
Open/close IME
Ctrl+. - Ctrl+Period
Switch between Chinese punctuation and English punctuation
Shift
Chiese/English Input Switching Key - Switch between Chinese and English
Shift+BackSpace
Reconvert the Chinese character on the left side of the cursor back to pinyin
Shift+SpaceBar
全角/半角切换 - Switch between full-width and half-width
Windows 7 - Text Editor
Copy Text
Unicode
utf16le to utf16le
WideChar
Ansi
should keep encoding same
filesize limited
deal with special 936 characters
enable 936 word searching
size limited