Hello World Question

[luciddreamer]

Hello masm32, I am Stefan or call me with the username luciddreamer, I registered here for learning Assembly, as a kid born in 2000, I wasnt exposed to Assembly so here I am expanding my knowledge :)

My question was just also a verification that I am not a bot.

so I copy-pasted this code and ran it everything went fine until I ran the exe:

.386
.model flat, stdcall
option casemap :none

include \masm32\include\kernel32.inc
include \masm32\include\masm32.inc
includelib \masm32\lib\kernel32.lib
includelib \masm32\lib\masm32.lib

.data
message db "FOX", 0
.code
main:
invoke StdOut, addr message
invoke ExitProcess, 0
end main

How do I call system("pause") ?

[Vortex]

Hello luciddreamer,

Here is an example for you :

Code Select Expand

.386
.model flat, stdcall
option casemap :none

include \masm32\include\kernel32.inc
include \masm32\include\masm32.inc
include \masm32\include\msvcrt.inc
includelib \masm32\lib\kernel32.lib
includelib \masm32\lib\masm32.lib
includelib \masm32\lib\msvcrt.lib

.data

message db "FOX",0
func    db "pause",0

.code

main:

    invoke  StdOut,ADDR message
    invoke  crt_system,ADDR func
    invoke  ExitProcess,0

END main



The fuınction named system is exported by msvcrt.dll.  All the functions from msvcrt are prepended with the prefix crt_ to avoid naming clashes with some reserved Masm keywords.

[luciddreamer]

  worked!! what about new lines, I tried \n like in C/C++ but that didn't work, is there a macro for new line?

[Vortex]

Hello,

You can try this one, the ASCII codes of CR and LF  :

Code Select Expand

message db "FOX",13,10,0

[jj2007]

Hi luciddreamer,

Erol alias Vortex showed you the crt way, here is another option - the Masm32 SDK macros:

Code Select Expand

include \masm32\include\masm32rt.inc

.code
start:
  inkey "Hello Stefan"
  exit

end start

The include line covers the most common libraries, including the crt. Open the file in Notepad to study what it does. You may also see here some tips for starters. Welcome to the Forum

[daydreamer]

Welcome luciddreamer
.386 is max cpu ,can be replaced with
.686
.XMM
to be able to use more modern mnemonics/opcodes

[luciddreamer]

Hello,

You can try this one, the ASCII codes of CR and LF  :

Code Select Expand

message db "FOX",13,10,0

Code Select Expand


Import names for msvcrt.dll
.rdata:00402064 ;
.rdata:00402064 off_402064      dd rva word_402088      ; DATA XREF: .rdata:__IMPORT_DESCRIPTOR_msvcrt↑o
.rdata:00402068                 dd 0
.rdata:0040206C word_40206C     dw 9Bh                  ; DATA XREF: .rdata:0040205C↑o
.rdata:0040206E                 db 'ExitProcess',0
.rdata:0040207A aKernel32Dll    db 'kernel32.dll',0     ; DATA XREF: .rdata:00402024↑o
.rdata:00402087                 align 4
.rdata:00402088 word_402088     dw 2B0h                 ; DATA XREF: .rdata:off_402064↑o
.rdata:0040208A                 db 'system',0
.rdata:00402091                 align 2
.rdata:00402092 aMsvcrtDll      db 'msvcrt.dll',0       ; DATA XREF: .rdata:00402038↑o
.rdata:0040209D                 align 2
.rdata:0040209E word_40209E     dw 16Ah                 ; DATA XREF: .rdata:00402058↑o
.rdata:004020A0                 db 'GetStdHandle',0
.rdata:004020AD                 align 2
.rdata:004020AE word_4020AE     dw 2F7h                 ; DATA XREF: .rdata:off_402054↑o
.rdata:004020B0                 db 'WriteFile',0
.rdata:004020BA                 align 1000h
.rdata:004020BA _rdata          ends


Why does it use writefile?

[luciddreamer]

Hi luciddreamer,

Erol alias Vortex showed you the crt way, here is another option - the Masm32 SDK macros:

Code Select Expand

include \masm32\include\masm32rt.inc

.code
start:
  inkey "Hello Stefan"
  exit

end start

The include line covers the most common libraries, including the crt. Open the file in Notepad to study what it does. You may also see here some tips for starters. Welcome to the Forum

Thank you :)

[luciddreamer]

Hi luciddreamer,

Erol alias Vortex showed you the crt way, here is another option - the Masm32 SDK macros:

Code Select Expand

include \masm32\include\masm32rt.inc

.code
start:
  inkey "Hello Stefan"
  exit

end start

The include line covers the most common libraries, including the crt. Open the file in Notepad to study what it does. You may also see here some tips for starters. Welcome to the Forum

I ran the code and disassemble it to see how does it gets compiled

Using masm macros I get Pseudo C structure like this:

Code Select Expand


void __stdcall __noreturn start(int a1)
{
  sub_401020(aHelloStefan);
  sub_401060();
  sub_401020(asc_40300D);
  ExitProcess(0);
}

With the crt way I get this:

Code Select Expand


void __noreturn start()
{
  sub_401028(aHelloStefan);
  system(Command);
  ExitProcess(0);
}


Why are there extra functions?

[TimoVJL]

Why does it use writefile?

WriteFile and WriteConsole are Windows API functions.
You can use puts or printf from msvcrt.dll for printing too.

[Vortex]

Hi luciddreamer,

Reading \masm32\macros\macros.asm :

Code Select Expand

    ;; ------------------------------------------------------
    ;; display user defined text, default text or none if
    ;; NULL is specified and wait for a keystroke to continue
    ;; ------------------------------------------------------
    inkey MACRO user_text:VARARG
      IFDIF <user_text>,<NULL>                  ;; if user text not "NULL"
        IFNB <user_text>                        ;; if user text not blank
          print user_text                       ;; print user defined text
        ELSE                                    ;; else
          print "Press any key to continue ..." ;; print default text
        ENDIF
      ENDIF
      call wait_key
      print chr$(13,10)
    ENDM

    ;; ---------------------------------------------------
    ;; wait for a keystroke and return its scancode in EAX
    ;; ---------------------------------------------------
    getkey MACRO
      call ret_key
    ENDM

[luciddreamer]

Played around with Assembly, what does ADDR operator do?

[TimoVJL]

Played around with Assembly, what does ADDR operator do?

gives ADDRESS of variable, not value

[jj2007]

I ran the code and disassemble it to see how does it gets compiled

Using masm macros I get Pseudo C structure like this:
...
Why are there extra functions?

How did you get these "pseudo C structures"? They don't resemble Assembly. Here is what you get using OllyDbg:

Code Select Expand

Address        Hex dump              Command                      Comments
<ModuleEntryPo Ú$  68 00304000       push offset ??0019           ; ÚArg1 = ASCII "Hello Stefan"
00401005       ³.  E8 16000000       call StdOut                  ; ÀNewMasm32.StdOut
0040100A       ³.  E8 51000000       call wait_key
0040100F       ³.  68 0D304000       push offset ??001F           ; ÚArg1 = ASCII CR,LF <<<<<<< why???
00401014       ³.  E8 07000000       call StdOut                  ; ÀNewMasm32.StdOut
00401019       ³.  6A 00             push 0                       ; ÚExitCode = 0
0040101B       À.  E8 E2000000       call ExitProcess             ; ÀKERNEL32.ExitProcess

StdOut         Ú$  55                push ebp                     ; NewMasm32.StdOut(guessed Arg1)
00401021       ³.  8BEC              mov ebp, esp
00401023       ³.  83C4 F4           add esp, -0C
00401026       ³.  6A F5             push -0B                     ; ÚStdHandle = STD_OUTPUT_HANDLE
00401028       ³.  E8 DB000000       call GetStdHandle            ; ÀKERNEL32.GetStdHandle
0040102D       ³.  8945 FC           mov [ebp-4], eax
00401030       ³.  FF75 08           push dword ptr [ebp+8]       ; ÚArg1 => [Arg1]
00401033       ³.  E8 58000000       call StrLen                  ; ÀNewMasm32.StrLen
00401038       ³.  8945 F4           mov [ebp-0C], eax
0040103B       ³.  6A 00             push 0                       ; ÚpOverlapped = NULL
0040103D       ³.  8D45 F8           lea eax, [ebp-8]             ; ³
00401040       ³.  50                push eax                     ; ³pBytesWritten => offset LOCAL.2
00401041       ³.  FF75 F4           push dword ptr [ebp-0C]      ; ³Size => [LOCAL.3]
00401044       ³.  FF75 08           push dword ptr [ebp+8]       ; ³Buffer => [Arg1]
00401047       ³.  FF75 FC           push dword ptr [ebp-4]       ; ³hFile => [LOCAL.1]
0040104A       ³.  E8 BF000000       call WriteFile               ; ÀKERNEL32.WriteFile
0040104F       ³.  8B45 F8           mov eax, [ebp-8]
00401052       ³.  C9                leave
00401053       À.  C2 0400           retn 4

wait_key        $  6A F6             push -0A                     ; ÚStdHandle = STD_INPUT_HANDLE
00401062        .  E8 A1000000       call GetStdHandle            ; ÀKERNEL32.GetStdHandle
00401067        .  50                push eax                     ; ÚhConsole
00401068        .  E8 A7000000       call FlushConsoleInputBuffer ; ÀKERNEL32.FlushConsoleInputBuffer
0040106D        >  6A 01             push 1                       ; ÚTime = 1 ms
0040106F        .  E8 A6000000       call Sleep                   ; ÀKERNEL32.Sleep
00401074        .  FF15 88304000     call near [<&msvcrt._kbhit>] ; [MSVCRT._kbhit
0040107A        .  85C0              test eax, eax
0040107C        . 74 EF             je short 0040106D
0040107E        .  FF15 8C304000     call near [<&msvcrt._getch>] ; [MSVCRT._getch
00401084        .  C3                retn

StdOut, wait_key and StrLen are functions of the Masm32 library, e.g. in \Masm32\m32lib\strlen.asm
print, inkey and exit are defined in \Masm32\macros\macros.asm

[luciddreamer]

I use Ghidra and IDA PRO to dissemble binaries, Pseudo C code gives me some idea how everything works in higher level.