News:

Masm32 SDK description, downloads and other helpful links
Message to All Guests
NB: Posting URL's See here: Posted URL Change

Main Menu

RosAsm CodeSnippets

Started by guga, May 21, 2012, 08:51:54 AM

Previous topic - Next topic

guga

These are WM_GETOBJECT returned equates in RosAsm Syntax

They are the Object Identifier Values for OBJID_QUERYCLASSNAMEIDX

MSAA_CLASSNAMEIDX_BASE 010000
MSAA_CLASSNAMEIDX_LISTBOX 010000
MSAA_CLASSNAMEIDX_BUTTON 010002
MSAA_CLASSNAMEIDX_STATIC 010003
MSAA_CLASSNAMEIDX_EDIT 010004
MSAA_CLASSNAMEIDX_COMBOBOX 010005
MSAA_CLASSNAMEIDX_SCROLLBAR 01000A
MSAA_CLASSNAMEIDX_STATUS 01000B
MSAA_CLASSNAMEIDX_TOOLBAR 01000C
MSAA_CLASSNAMEIDX_PROGRESS 01000D
MSAA_CLASSNAMEIDX_ANIMATE 01000E
MSAA_CLASSNAMEIDX_TAB 01000F
MSAA_CLASSNAMEIDX_HOTKEY 010010
MSAA_CLASSNAMEIDX_HEADER 010011
MSAA_CLASSNAMEIDX_TRACKBAR 010012
MSAA_CLASSNAMEIDX_LISTVIEW 010013
MSAA_CLASSNAMEIDX_UPDOWN 010016
MSAA_CLASSNAMEIDX_TOOLTIPS 010018
MSAA_CLASSNAMEIDX_TREEVIEW 010019
MSAA_CLASSNAMEIDX_RICHEDIT 01001C


http://msdn.microsoft.com/en-us/library/windows/desktop/dd318003(v=vs.85).aspx

http://msdn.microsoft.com/en-us/library/windows/desktop/dd373606(v=vs.85).aspx#OBJID_QUERYCLASSNAMEIDX

http://msdn.microsoft.com/en-us/library/windows/desktop/dd373892(v=vs.85).aspx


I hope it helps someone.

Best Regards,

guga
Coding in Assembly requires a mix of:
80% of brain, passion, intuition, creativity
10% of programming skills
10% of alcoholic levels in your blood.

My Code Sites:
http://rosasm.freeforums.org
http://winasm.tripod.com

guga

#1
RosAsm Syntax



;;
    GetWindowPos v 1.1
   
    This functions retrieves the x, y, width and heigth of any window.

    Arguments:
   
        hWnd(in): A handle to the window. The window can be a child, overlapped, a dialog a control etc.
        PosStruct(out): A pointer to a WINPOS structure to rceive the values found.

    Returned Value: If the window is a child window, the return value is a handle to the parent window. If the window is a top-level window with the WS_POPUP style, the return value is a handle to the owner window.
                    If the function fails, the return value is NULL. To get extended error information, call GetLastError.
                    This function typically fails for one of the following reasons:
                        *The window is a top-level window that is unowned or does not have the WS_POPUP style.
                        •The owner window has WS_POPUP style.

    Remarks:
        The WINPOS structure have the following format and specifications:

        [WINPOS:
         WINPOS.cx: D$ 0 ; The initial horizontal position of the window. For an overlapped or pop-up window, the x parameter is
                         ; the initial x-coordinate of the window's upper-left corner, in screen coordinates. For a child window,
                         ; x is the x-coordinate of the upper-left corner of the window relative to the upper-left corner of the
                         ; parent window's client area.

         WINPOS.cy: D$ 0 ; The initial vertical position of the window. For an overlapped or pop-up window, the y parameter is
                         ; the initial y-coordinate of the window's upper-left corner, in screen coordinates. For a child window,
                         ; y is the initial y-coordinate of the upper-left corner of the child window relative to the upper-left
                         ; corner of the parent window's client area. For a list box y is the initial y-coordinate of the upper-left
                         ; corner of the list box's client area relative to the upper-left corner of the parent window's client area.


         WINPOS.width: D$ 0 ; The width, in device units, of the window.
         WINPOS.height: D$ 0; The height, in device units, of the window.
         ]       
       

    Usage example:

    [WINPOS:
     WINPOS.cx: D$ 0
     WINPOS.cy: D$ 0
     WINPOS.width: D$ 0
     WINPOS.height: D$ 0]
   
   
    call 'USER32.GetDlgItem' D@hWnd, 156
    call GetWindowPos eax, WINPOS


    Author: Gustavo Trigueiros (aka: Beyond2000!)
    Build Date: 19/05/2012 (v 1.0)

;;


Proc GetWindowPos:
    Arguments @hWnd, @PosStruct
    Local @width, @height, @hParent
    Structure @WINDOWINFO 64, @WINDOWINFO.cbSizeDis 0,  @WINDOWINFO.rcWindow_leftDis 4,  @WINDOWINFO.rcWindow_topDis 8,
                              @WINDOWINFO.rcWindow_rightDis 12,  @WINDOWINFO.rcWindow_bottomDis 16,  @WINDOWINFO.rcClient_leftDis 20,
                              @WINDOWINFO.rcClient_topDis 24,  @WINDOWINFO.rcClient_rightDis 28,  @WINDOWINFO.rcClient_bottomDis 32,
                              @WINDOWINFO.dwStyleDis 36,  @WINDOWINFO.dwExStyleDis 40,  @WINDOWINFO.dwWindowStatusDis 44,  @WINDOWINFO.cxWindowBordersDis 48,
                              @WINDOWINFO.cyWindowBordersDis 52,  @WINDOWINFO.atomWindowTypeDis 56,  @WINDOWINFO.wCreatorVersionDis 60
    Uses esi, ecx, edx

    call 'user32.GetAncestor' D@hWnd, &GA_PARENT
;    call 'user32.GetParent' D@hWnd
    On eax = 0, ExitP
    mov D@hParent eax
    call 'USER32.MapWindowPoints' D@hWnd, eax, D@PosStruct, 2

    call ZeroMemory D@WINDOWINFO, 64
    mov D@WINDOWINFO.cbSizeDis 64
    call 'USER32.GetWindowInfo' D@hWnd, D@WINDOWINFO
    mov esi D@PosStruct
    mov eax D@WINDOWINFO.rcWindow_rightDis | sub eax D@WINDOWINFO.rcWindow_leftDis | mov D$esi+WINPOS.widthDis eax
    mov eax D@WINDOWINFO.rcWindow_bottomDis | sub eax D@WINDOWINFO.rcWindow_topDis | mov D$esi+WINPOS.heightDis eax

    mov eax D@WINDOWINFO.cxWindowBordersDis | sub D$esi+WINPOS.cxDis eax
    mov eax D@WINDOWINFO.cyWindowBordersDis | sub D$esi+WINPOS.cyDis eax

    mov eax D@hParent

EndP

Coding in Assembly requires a mix of:
80% of brain, passion, intuition, creativity
10% of programming skills
10% of alcoholic levels in your blood.

My Code Sites:
http://rosasm.freeforums.org
http://winasm.tripod.com

guga

Ftol2 similar to the one existant on msvcr100.dll.
It allows outouting on Buffers the integer and remainder parts.
Feel free to review/improve the code.

Usage example:

[teste: R$ -1.012341649e+5]
[FloattolResult: Q$ 0]
[RemainderResult: Q$ 0]

fld R$teste
call ftol2 FloattolResult, RemainderResult




Proc ftol2:
    Arguments @pOutputInteger, @pOutPutRemainder
    Local @Remainder
    Structure @StoredNumber 8, @NumHiDis 0,  @NumLowDis 4
    Uses ecx, esi, edi, edx
       
    mov edi D@pOutputInteger
    mov esi D@StoredNumber

    fld ST0
    fst F@Remainder
    fistp R$esi
    fild R$esi

    mov edx D@Remainder
    mov eax D@NumHiDis
    test eax eax | je @integer_QnaN_or_zero

@arg_is_not_integer_QnaN:

    fsubp ST1 ST0
    test edx edx | jns @positive
    fstp F@Remainder
    mov ecx D@Remainder
    xor ecx 080000000
    add ecx 07FFFFFFF
    adc eax 00
    mov edx D@NumLowDis
    adc edx 00
    jmp @localexit

@positive:

    fstp F@Remainder
    mov ecx D@Remainder
    add ecx 07FFFFFFF
    sbb eax 00
    mov edx D@NumLowDis
    sbb edx 00
    jmp @localexit

@integer_QnaN_or_zero:   

    mov edx D@NumLowDis
    test edx 07FFFFFFF | jne @arg_is_not_integer_QnaN
    fstp F@Remainder
    fstp F@Remainder

@localexit:

    ; Output the integer part here
    mov D$edi eax
    mov D$edi+4 edx
   
    ; Output the remainder part here
    mov edi D@pOutPutRemainder
    fld F@Remainder | fabs
    fstp R$edi

EndP
Coding in Assembly requires a mix of:
80% of brain, passion, intuition, creativity
10% of programming skills
10% of alcoholic levels in your blood.

My Code Sites:
http://rosasm.freeforums.org
http://winasm.tripod.com

guga

One more set. Feel free to convert to masm/fasm.
This function have exactly the same functionality as in ntdll.dll

In a matter of fact. this function can either be used as RVAtoOffset.
When you set the imagebase the function will return the xact VA of the RVA. Ex: 04091C4
When no imagebase is used (BaseAddress = 0), the function will retunr the offset of the inputed RVA. Ex: 085C4

Note: In ntdll.dll the function contains an error when you try to retrieve the VA. Even you setting a imagebase value, the resultant VA is incorrect.
On my function, i fixed that. Now it retunr the correct VA.
Updated: 11/04/2012

;;
    RTLImageRVAtoVA

    Locates a relative virtual address (RVA) within the image header of a file that is mapped as a file
    and returns the virtual address of the corresponding byte in the file.

    Parameters
        NtHeaders [in]: A pointer to an IMAGE_NT_HEADERS structure. This structure can be obtained by
                        calling the ImageNtHeader function. It is the 'PE' signature
        BaseAddress [in]:   The base address of an image that is mapped into memory through a call to
                            the MapViewOfFile function.
                            If this member is &NULL, the function will return the offset related to the RVA. Ex: 085C4
                            If the member is a image base value, the funtion it will return the VA related to the RVA. Ex: 04091C4
        Rva [in]:       The relative virtual address to be located.
        pLastRvaSection [in, optional]:  A pointer to an IMAGE_SECTION_HEADER structure that specifies
                                         the last RVA section. This is an optional parameter.
                                         When specified, it points to a variable that contains the last
                                         section value used for the specified image to translate an RVA to a VA.

    Return value:   If the function succeeds, the return value is the virtual address in the mapped file.
                    If the function fails, the return value is NULL. To retrieve extended error information,
                    call GetLastError.

    Examples:
                    1)
                        Proc XXXXX
                            Local @DiffAdded
                            (...)
                            mov edx D@PeOrigin
                            ; in case we have a PE with 03 sections we do this:
                            mov D@DiffAdded2 edx | add D@DiffAdded2 SizeOf_PeHeader | add D@DiffAdded2 SizeOf_SectionsHeaders | add D@DiffAdded2 SizeOf_SectionsHeaders
                            lea esi D@DiffAdded2 ; esi is a pointer to the last section of the PE
                            call RTLImageRVAtoVA edx, D$edx+PeHeader.OptionalHeader.ImageBaseDis, 01154, esi               

                    2)
                        mov edx D@PeOrigin
                        call RTLImageRVAtoVA edx, 0, 03012, 0

    Remarks:        The ImageRvaToVa function locates an RVA within the image header of a file that is mapped
                    as a file and returns the virtual address of the corresponding byte in the file.
                    All DbgHelp functions, such as this one, are single threaded. Therefore, calls from more
                    than one thread to this function will likely result in unexpected behavior or memory corruption.
                    To avoid this, you must synchronize all concurrent calls from more than one thread to this function.

;;

Proc RtlImageRvaToVa:
    Arguments @NtHeader, @BaseAddress, @Rva, @pLastRvaSection
    Local @FileAlignment
    Uses esi, edi, edx, ecx

    mov esi D@pLastRvaSection
    mov edi D@Rva
    mov edx D@NtHeader
    move D@FileAlignment D$edx+PeHeader.OptionalHeader.FileAlignmentDis

    If esi <> 0
        mov ecx D$esi
        mov eax D$ecx+SectionsHeaders.VirtualAddressDis
        mov edx D$ecx+SectionsHeaders.SizeOfRawDataDis
        Align_On_Variable D@FileAlignment edx | add edx eax
    End_If

    If_Or esi = 0, ecx = 0, edi < eax, edi >= edx
        call RTLImageRVAtoSection D@NtHeader, D@BaseAddress, edi
        mov ecx eax
    End_If
   
    xor eax eax
    On ecx = 0, ExitP

    If esi <> 0
        mov D$esi ecx
    End_if

    If D@BaseAddress = 0
        mov eax D$ecx+SectionsHeaders.PointerToRawDataDis
        sub eax D$ecx+SectionsHeaders.VirtualAddressDis
    End_If
    add eax D@BaseAddress
    add eax edi

EndP
Coding in Assembly requires a mix of:
80% of brain, passion, intuition, creativity
10% of programming skills
10% of alcoholic levels in your blood.

My Code Sites:
http://rosasm.freeforums.org
http://winasm.tripod.com

guga

One more i made on rosasmboard. As usual, feel free to port it to masm or fasm etc

;;
    OffsettoRVA Function

    Routine Description:

        This function locates the RVA through a inputed raw offset of the PE File.

    Arguments:

        Offset [in] - The offset to be calculated.
        pPEHdr [in] - A pointer to an IMAGE_NT_HEADERS structure ('PE' signature). This structure can be obtained by
                      calling the ImageNtHeader function.

    Return Value:
                    If the function suceeds it retuns the RVA of the offset
                    If the function fails, it retunr FALSE.

    Example:
   
                call OffsettoRVA 0F1B, D@PeOrigin

    Reference:  http://hi.baidu.com/ximo2006/blog/item/cbf745f82f19ffd2b58f315c.html
                http://forum.exetools.com/showthread.php?t=6042
                www.ntcore.com/files/netint_injection/SectComp.cff

    Author:
        Gustavo Trigueiros (aka: Beyond2000! or Guga)
;;

Proc OffsettoRVA:
    Arguments @InputOffset, @pPEHdr
    Uses edx, ecx, edi

    mov edx D@pPEHdr
    movzx ecx W$edx+PeHeader.FileHeader.NumberOfSectionsDis
    mov edi D@InputOffset
    add edx SizeOf_PeHeader ; point to  IMAGE_SECTION_HEADER

    .While ecx <> 0 ; check all sections
        mov eax D$edx+SectionsHeaders.PointerToRawDataDis
        add eax D$edx+SectionsHeaders.SizeOfRawDataDis
        .If_And edi >= D$edx+SectionsHeaders.PointerToRawDataDis, edi < eax
            mov eax D$edx+SectionsHeaders.PointerToRawDataDis
            sub edi eax ; edi == Offset - PointerToRawData
            mov eax D$edx+SectionsHeaders.VirtualAddressDis
            add eax edi ; eax == Offset - PointerToRawData + VirtualAddress
                        ; Offset = VirtualAddress+(InOffset-PointerToRawData)
            ExitP
        .End_If
        add edx SizeOf_SectionsHeaders
        dec ecx
    .End_While

    xor eax eax

EndP
Coding in Assembly requires a mix of:
80% of brain, passion, intuition, creativity
10% of programming skills
10% of alcoholic levels in your blood.

My Code Sites:
http://rosasm.freeforums.org
http://winasm.tripod.com

guga

Another from a set of functions i made on rosasm board

;;
    RVAtoOffset Function

    Routine Description:

        This function locates the raw offset of a PE through a inputed RVA value.

    Arguments:

        Offset [in] - The RVA to be calculated.
        pPEHdr [in] - A pointer to an IMAGE_NT_HEADERS structure ('PE' signature). This structure can be obtained by
                      calling the ImageNtHeader function.

    Return Value:
                    If the function suceeds it retuns the offset related to that RVA
                    If the function fails, it retunr FALSE.

    Example:
   
                call RVAtoOffset 02400, D@PeOrigin

    Reference:  http://hi.baidu.com/ximo2006/blog/item/cbf745f82f19ffd2b58f315c.html
                http://forum.exetools.com/showthread.php?t=6042
                www.ntcore.com/files/netint_injection/SectComp.cff

    Author:
        Gustavo Trigueiros (aka: Beyond2000! or Guga)
;;

Proc RVAtoOffset:
    Arguments @InputRVA, @pPEHdr
    Uses edx, ecx, edi, esi

    mov edx D@pPEHdr
    movzx ecx W$edx+PeHeader.FileHeader.NumberOfSectionsDis
    mov edi D@InputRVA
    add edx SizeOf_PeHeader ; point to  IMAGE_SECTION_HEADER
   
    .While ecx <> 0 ; check all sections
       
        mov eax D$edx+SectionsHeaders.VirtualAddressDis
        add eax D$edx+SectionsHeaders.SizeOfRawDataDis
        .If_And edi >= D$edx+SectionsHeaders.VirtualAddressDis, edi < eax
            ; 0EF3 = 0C00 +02F3 = RawOffset + (inputRVA-RVA)
            ; RVA = PointerToRawData + (InRVA-VirtualAddress)
            sub edi D$edx+SectionsHeaders.VirtualAddressDis
            add edi D$edx+SectionsHeaders.PointerToRawDataDis
            mov eax edi
            ExitP
        .End_If
        add edx SizeOf_SectionsHeaders
        dec ecx
    .End_While

    xor eax eax

EndP
Coding in Assembly requires a mix of:
80% of brain, passion, intuition, creativity
10% of programming skills
10% of alcoholic levels in your blood.

My Code Sites:
http://rosasm.freeforums.org
http://winasm.tripod.com

guga

I´m making a serie of functions analog to ntdll PE Functions that are found inside ntdll.dll, imagehlp.dll and dbghelp.dll.
RosAsm syntax. More functions at rosasm board. Feel free to port it to masm or fasm etc

;;
    RtlImageDirectoryEntryToData
   
    Obtains access to image-specific data.
    This function locates a Directory Entry within the image header and returns either the virtual address or seek address of the
    data the Directory describes.
   
    This function has been superseded by the RtlImageDirectoryEntryToDataEx function.
    Use RtlImageDirectoryEntryToDataEx to retrieve the section header.

Parameters:
    BaseAddress [in]: A pointer to the base address of the image. THe 'MZ' signature.
    MappedAsImage [in]: If this parameter is TRUE, the file is mapped by the system as an image. If the flag is FALSE, the file is mapped as a data file by the MapViewOfFile function.
    DirectoryEntry [in]: The index number of the desired directory entry. This parameter can be one of the following values.

                        Equate Name                             Value   Meaning
                        IMAGE_DIRECTORY_ENTRY_ARCHITECTURE      7       Architecture-specific data
                        IMAGE_DIRECTORY_ENTRY_BASERELOC         5       Base relocation table
                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT      11      Bound import directory
                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR    14      COM descriptor table
                        IMAGE_DIRECTORY_ENTRY_DEBUG             6       Debug directory
                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT      13      Delay import table
                        IMAGE_DIRECTORY_ENTRY_EXCEPTION         3       Exception directory
                        IMAGE_DIRECTORY_ENTRY_EXPORT            0       Export directory
                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR         8       The relative virtual address of global pointer
                        IMAGE_DIRECTORY_ENTRY_IAT               12      Import address table
                        IMAGE_DIRECTORY_ENTRY_IMPORT            1       Import directory
                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG       10      Load configuration directory
                        IMAGE_DIRECTORY_ENTRY_RESOURCE          2       Resource directory
                        IMAGE_DIRECTORY_ENTRY_SECURITY          4       Security directory
                        IMAGE_DIRECTORY_ENTRY_TLS               9       Thread local storage directory

    Size [out]: A pointer to a variable that receives the size of the data for the directory entry, in bytes.

Return value:
    If the function succeeds, the return value is a pointer to the directory entry's data.
    If the function fails, the return value is NULL. To retrieve extended error information, call GetLastError.

Remarks:
    The ImageDirectoryEntryToData function is used to obtain access to image-specific data.
    All DbgHelp functions, such as this one, are single threaded. Therefore, calls from more than one thread to this function
    will likely result in unexpected behavior or memory corruption. To avoid this, you must synchronize all concurrent calls
    from more than one thread to this function.

    This function have the same functionality as the one existant inside ntdll and the function ImageDirectoryEntryToData from Dbghelp.dll

    Example:
   
        call RtlImageDirectoryEntryToData D@pFileData, &FALSE, &IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT, LoaderSize


Bibliography:
    http://msdn.microsoft.com/en-us/library/windows/desktop/ms680149(v=vs.85).aspx
    http://www.wasm.ru/forum/viewtopic.php?id=28082

Author:
Gustavo Trigueiros (aka: Beyond2000! or Guga)

;;

Proc RtlImageDirectoryEntryToData:
    Arguments @BaseAddress, @MappedAsImage, @Directory, @pSize
    Uses ebx

    mov ebx D@BaseAddress
    Test_If bl 1
        and ebx 0-02
        mov D@MappedAsImage 0
    Test_End
    call RtlpImageNtHeader ebx
    On eax = 0, ExitP
    If W$eax+PeHeader.OptionalHeader.MagicDis = &IMAGE_NT_OPTIONAL_HDR32_MAGIC
        call RtlpImageDirectoryEntryToData32 ebx, D@MappedAsImage, D@Directory, D@pSize, eax
    Else_If W$eax+PeHeader.OptionalHeader.MagicDis = &IMAGE_NT_OPTIONAL_HDR64_MAGIC
        call RtlpImageDirectoryEntryToData64 ebx, D@MappedAsImage, D@Directory, D@pSize, eax
    Else
        xor eax eax
    End_If

EndP
Coding in Assembly requires a mix of:
80% of brain, passion, intuition, creativity
10% of programming skills
10% of alcoholic levels in your blood.

My Code Sites:
http://rosasm.freeforums.org
http://winasm.tripod.com

Donkey

Hi guga,

The DbgHelp API function ImageRvaToVa also does this, in my tests its pretty quick and since it is only really used occasionally speed is not critical anyway. Ofcourse the main advantage is that it will also make your application source level portable to 64 bit, something that is useful in GoAsm and jWasm which are both for the most part 32/64 bit switchable with minimal modification.
"Ahhh, what an awful dream. Ones and zeroes everywhere...[shudder] and I thought I saw a two." -- Bender
"It was just a dream, Bender. There's no such thing as two". -- Fry
-- Futurama

Donkey's Stable

guga

#8
Hi Edgar

Tks. Later i´ll give a try on dbghelp. But as far i can remember the one existent in dbghelp is exact the same one as in ntdll.
I already analysed it and made a function that works exactly teh same as thje one in ntdll.
http://masmforum.com/~masm32/board/index.php?topic=34.0

How are u my friend ?
Coding in Assembly requires a mix of:
80% of brain, passion, intuition, creativity
10% of programming skills
10% of alcoholic levels in your blood.

My Code Sites:
http://rosasm.freeforums.org
http://winasm.tripod.com