News:

Masm32 SDK description, downloads and other helpful links
Message to All Guests
NB: Posting URL's See here: Posted URL Change

Main Menu

problem with data string

Started by bomz, August 23, 2021, 02:03:01 PM

Previous topic - Next topic

bomz

How determine this string?

String db "MIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkGA1UEBhMCQkUx
GTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jvb3QgQ0ExGzAZBgNVBAMTEkds
b2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAwMDBaFw0yODAxMjgxMjAwMDBaMFcxCzAJBgNV
BAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYD
VQQDExJHbG9iYWxTaWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDa
DuaZjc6j40+Kfvvxi4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtIK+6NiY6arymAZavpxy0Sy6sc
THAHoT0KMM0VjU/43dSMUBUc71DuxC73/OlS8pF94G3VNTCOXkNz8kHp1Wrjsok6Vjk4bwY8iGlb
Kk3Fp1S4bInMm/k8yuX9ifUSPJJ4ltbcdG6TRGHRjcdGsnUOhugZitVtbNV4FpWi6cgKOOvyJBNP
c1STE4U6G7weNLWLBYy5d4ux2x8gkasJU26Qzns3dLlwR5EiUWMWea6xrkEmCMgZK9FGqkjWZCrX
gzT/LCrBbBlDSgeF59N89iFo7+ryUp9/k5DPAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNV
HRMBAf8EBTADAQH/MB0GA1UdDgQWBBRge2YaRQ2XyolQL30EzTSo//z9SzANBgkqhkiG9w0BAQUF
AAOCAQEA1nPnfE920I2/7LqivjTFKDK1fPxsnCwrvQmeU79rXqoRSLblCKOzyj1hTdNGCbM+w6Dj
Y1Ub8rrvrTnhQ7k4o+YviiY776BQVvnGCv04zcQLcFGUl5gE38NflNUVyRRBnMRddWQVDf9VMOyG
j/8N7yy5Y0b2qvzfvGn9LhJIZJrglfCm7ymPAbEVtQwdpf5pLGkkeB6zpxxxYu7KyJesF12KwvhH
hm4qxFYxldBniYUr+WymXUadDKqC5JlR3XC321Y9YeRq4VzW9v493kHMB65jUr9TU/Qr6cf9tveC
X4XSQRjbgbMEHMUfpIBvFSDJ3gyICh3WZlXi/EjJKSZp4A=="
hMoz   CERT_CONTEXT <1203, offset String>

v0x

That is a base64 encoded string

bomz

first decode?
try import mozilla certificates to windows something wrong

bomz

my global task (desire) that my command line application use mozilla certificates
because with IE certificates many problems.
now I don't know how make application use certificates correct
so I try import certificates to windows global

v0x

I think I partially understand what you're trying to accomplish.

The issue is that you cannot just simply import that string into the windows certificate trust because, it's incomplete. The full certificate file is a bundle that contains several elements, the root certificate and intermediaries that comprise the complete certificate chain. In the example string you provided above, it's only a small part of the certificate chain, and you will not be able to import that into the windows certificate trust. (which I believe is the issue you're having).

If you desire to have a complete certificate chain embedded into your application that you can then import into the windows certificate trust, you would need to use the complete certificate file and in this case, I would recommend using the built-in masm32 binary, "bin2dbex.exe" which you can use to convert the entire certificate file to it's byte notation that you can then use within your assembly application.

There may be some other recommendations that others can provide, but this is what I can think of off the top of my head.

Hope it helps.

bomz

invoke CertOpenSystemStore, NULL, addr MY;Root;CA;
mov hStore, eax
invoke CertFindCertificateInStore, hStore, X509_ASN_ENCODING OR PKCS_7_ASN_ENCODING,\
NULL, CERT_FIND_SUBJECT_STR_A, hSertInfo.lpszSubjectInfo, hSertificate

HSE

String must be:String db "MIID ... ==",0
Equations in Assembly: SmplMath

bomz

Quote from: HSE on August 23, 2021, 11:14:29 PM
String must be:String db "MIID ... ==",0
it look like MIID ... ===

now decide it by import certificate to system
delete all microsoft and import mozilla. no positive changes

TouEnMasm

The string say CERT_CONTEXT
Msdn say
Quote
CERT_CONTEXT structure (wincrypt.h)
12/05/2018
2 minutes to read
The CERT_CONTEXT structure contains both the encoded and decoded representations of a certificate. A certificate context returned by one of the functions defined in Wincrypt.h must be freed by calling the CertFreeCertificateContext function. The CertDuplicateCertificateContext function can be called to make a duplicate copy (which also must be freed by calling CertFreeCertificateContext).

Syntax
C++

Copy
typedef struct _CERT_CONTEXT {
  DWORD      dwCertEncodingType;
  BYTE       *pbCertEncoded;
  DWORD      cbCertEncoded;
  PCERT_INFO pCertInfo;
  HCERTSTORE hCertStore;
} CERT_CONTEXT, *PCERT_CONTEXT;

And now you know all

Fa is a musical note to play with CL

bomz


bomz

deal was in code page of txt asm file. change notepad to alkepad and all ok
.386
.model flat, stdcall
option casemap :none

include \MASM32\include\windows.inc
include \MASM32\include\user32.inc
include \MASM32\include\kernel32.inc
includelib \MASM32\lib\user32.lib
includelib \MASM32\lib\kernel32.lib

CERT_CONTEXT STRUCT

dwCertEncodingType dd  ?
pbCertEncoded dd  ?
cbCertEncoded dd  ?
pCertInfo dd  ?
hCertStore dd  ?

CERT_CONTEXT ENDS

.data

Mozilla db "MIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkGA1UEBhMCQkUx"
db "GTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jvb3QgQ0ExGzAZBgNVBAMTEkds"
db "b2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAwMDBaFw0yODAxMjgxMjAwMDBaMFcxCzAJBgNV"
db "BAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYD"
db "VQQDExJHbG9iYWxTaWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDa"
db "DuaZjc6j40+Kfvvxi4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtIK+6NiY6arymAZavpxy0Sy6sc"
db "THAHoT0KMM0VjU/43dSMUBUc71DuxC73/OlS8pF94G3VNTCOXkNz8kHp1Wrjsok6Vjk4bwY8iGlb"
db "Kk3Fp1S4bInMm/k8yuX9ifUSPJJ4ltbcdG6TRGHRjcdGsnUOhugZitVtbNV4FpWi6cgKOOvyJBNP"
db "c1STE4U6G7weNLWLBYy5d4ux2x8gkasJU26Qzns3dLlwR5EiUWMWea6xrkEmCMgZK9FGqkjWZCrX"
db "gzT/LCrBbBlDSgeF59N89iFo7+ryUp9/k5DPAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNV"
db "HRMBAf8EBTADAQH/MB0GA1UdDgQWBBRge2YaRQ2XyolQL30EzTSo//z9SzANBgkqhkiG9w0BAQUF"
db "AAOCAQEA1nPnfE920I2/7LqivjTFKDK1fPxsnCwrvQmeU79rXqoRSLblCKOzyj1hTdNGCbM+w6Dj"
db "Y1Ub8rrvrTnhQ7k4o+YviiY776BQVvnGCv04zcQLcFGUl5gE38NflNUVyRRBnMRddWQVDf9VMOyG"
db "j/8N7yy5Y0b2qvzfvGn9LhJIZJrglfCm7ymPAbEVtQwdpf5pLGkkeB6zpxxxYu7KyJesF12KwvhH"
db "hm4qxFYxldBniYUr+WymXUadDKqC5JlR3XC321Y9YeRq4VzW9v493kHMB65jUr9TU/Qr6cf9tveC"
db "X4XSQRjbgbMEHMUfpIBvFSDJ3gyICh3WZlXi/EjJKSZp4A==",0
hMoz CERT_CONTEXT <1203, offset Mozilla>

.code
start:

invoke MessageBox,0,addr Mozilla,NULL,MB_ICONASTERISK
invoke ExitProcess,0
end start