dcskm4200 1. Learn how to name a topic. 2. Learn how to clearly define you question. 3. Learn how to use hex-editors. and last but not least... 4. Learn english (or russian) for Christ's sake.
dcskm4200 What is a data file? There are no differences between data and code on the traditional computer architecture. Anything can be used either as data or as code. crypto Missed modal verb, corrected: "What do you mean?"
Thanks all who responded the topic. means: it is the codes from looking at itself; it is the datas from looking at other codes. ;===================================================================== ============== if it has been made into exe, other code can't use it with db defining. remove out its exe head.
dcskm4200 dcxskm4200 Two similar nicks are forbidden on this forum. it is the codes from looking at itself; Too difficult to understand, you have made a lot of mistakes. If you want to create a binary file (file that contain no exe or other heads), use fasm. It allows to create *.com when you haven't provided any special directives. If you want your code to be 32-bit, simple type "use64" and then type what you want to type. P.S. Where are you from?
Hello,NullSessi0n sorry for error Key that i typed cursorily. ;============================== means: How can i creat a filename.img? ;============================== i'm come from your friendly neighbouring country.
Learn how to clearly define your question. Image of what do you want to have? Process? Or some other things? Say exactly, please.
Hello,NullSessi0n let me to define my question with asm. code1: ;=========================================== .586 .model flat, stdcall option casemap :none ;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>> include \masm32\include\windows.inc include \masm32\include\kernel32.inc include \masm32\include\User32.inc includelib \masm32\lib\kernel32.lib includelib \masm32\lib\User32.lib include \masm32\macros\macros.asm ;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>> .code ;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>> start: invoke MessageBox, NULL, SADD('<li>Hello World Coder!(C)Anskya.'), SADD('MsgBox By Anskya'), MB_OK invoke ExitProcess,NULL ;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>> end start code2: ;=========================================== .586 .model flat, stdcall option casemap :none ;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>> include \masm32\include\windows.inc include \masm32\include\kernel32.inc include \masm32\include\masm32.inc include \masm32\include\User32.inc includelib \masm32\lib\kernel32.lib includelib \masm32\lib\masm32.lib includelib \masm32\lib\User32.lib include \masm32\macros\macros.asm ;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>> code_1_size equ 387 ;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>> .data? hInstance HINSTANCE ? CommandLine LPSTR ? hProcess HANDLE ? pThread LPVOID ? PID dword ? hWndNpd dword ? ;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>> .code ;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>> code_1 DB 0E8H,00H,00H,00H,00H,05FH,081H,0EFH,01EH,010H,040H,00H,08DH,087H,094H, 010H DB 040H,00H,050H,0E8H,083H,00H,00H,00H,08DH,087H,0A5H,010H,040H,00H,050H, 0E8H DB 077H,00H,00H,00H,02BH,0C0H,050H,08DH,09FH,083H,010H,040H,00H,053H,08DH ,09FH DB 05EH,010H,040H,00H,053H,050H,0FFH,097H,0ACH,010H,040H,00H,06AH,00H,0FF H,097H DB 09DH,010H,040H,00H,0C3H,05BH,02AH,05DH,020H,048H,065H,06CH,06CH,06FH,0 20H,057H DB 06FH,072H,06CH,064H,020H,043H,06FH,064H,065H,072H,021H,020H,028H,043H, 029H,020H DB 041H,06EH,073H,06BH,079H,061H,02EH,0DH,0AH,00H,04DH,073H,067H,042H,06F H,078H DB 020H,042H,079H,020H,041H,06EH,073H,06BH,079H,061H,00H,06BH,065H,072H,0 6EH,065H DB 06CH,033H,032H,00H,01H,092H,08FH,05H,00H,00H,00H,00H,075H,073H,065H,07 2H DB 033H,032H,00H,0F7H,06CH,055H,0D8H,00H,00H,00H,00H,060H,08BH,074H,024H, 024H DB 0E8H,097H,00H,00H,00H,068H,0ADH,0D1H,034H,041H,050H,0E8H,01FH,00H,00H, 00H DB 056H,0FFH,0D0H,08BH,0D8H,02BH,0C0H,0ACH,084H,0C0H,075H,0FBH,08BH,0FEH, 0ADH,085H DB 0C0H,074H,0AH,050H,053H,0E8H,05H,00H,00H,00H,0ABH,0EBH,0F1H,061H,0C3H, 060H DB 08BH,05CH,024H,024H,08BH,074H,024H,028H,02BH,0EDH,08BH,0D3H,03H,052H,0 3CH,08BH DB 052H,078H,03H,0D3H,08BH,042H,018H,08BH,07AH,01CH,03H,0FBH,08BH,07AH,02 0H,03H DB 0FBH,052H,08BH,0D7H,08BH,017H,03H,0D3H,045H,060H,08BH,0F2H,02BH,0C9H,0 ACH,041H DB 084H,0C0H,075H,0FAH,089H,04CH,024H,018H,061H,060H,02BH,0C0H,0E8H,051H, 00H,00H DB 00H,03BH,0C6H,061H,074H,08H,083H,0C7H,04H,048H,074H,018H,0EBH,0D6H,05A H,04DH DB 08BH,04AH,024H,03H,0CBH,0FH,0B7H,04H,069H,08BH,06AH,01CH,03H,0EBH,08BH ,044H DB 085H,00H,03H,0C3H,089H,044H,024H,01CH,061H,0C2H,08H,00H,060H,02BH,0C0H ,064H DB 08BH,040H,030H,085H,0C0H,078H,0CH,08BH,040H,0CH,08BH,070H,01CH,0ADH,08 BH,040H DB 08H,0EBH,09H,08BH,040H,034H,08DH,040H,07CH,08BH,040H,03CH,089H,044H,02 4H,01CH DB 061H,0C3H,060H,0E3H,018H,0F7H,0D0H,032H,02H,042H,0B3H,08H,0D1H,0E8H,07 3H,05H DB 035H,020H,083H,0B8H,0EDH,0FEH,0CBH,075H,0F3H,0E2H,0ECH,0F7H,0D0H,089H, 044H,024H DB 01CH,061H,0C3H ;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>> WinMain proc hInst:HINSTANCE, hPrevInst:HINSTANCE, CmdLine:LPSTR, CmdShowWORD invoke FindWindow,SADD("Notepad"),NULL mov hWndNpd,eax invoke GetWindowThreadProcessId, hWndNpd,addr PID invoke OpenProcess, PROCESS_ALL_ACCESS,FALSE,PID mov hProcess, eax invoke VirtualAllocEx,hProcess, NULL, code_1_size, MEM_COMMIT or MEM_RESERVE, PAGE_EXECUTE_READWRITE mov pThread, eax invoke WriteProcessMemory, hProcess, pThread, offset code_1, code_1_size, NULL invoke CreateRemoteThread, hProcess, 0, 0, pThread, NULL, 0, NULL ret WinMain endp ;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>> start: invoke GetModuleHandle, NULL mov hInstance, eax invoke GetCommandLine invoke WinMain, hInstance, NULL, eax, SW_HIDE invoke ExitProcess, NULL ;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>> end start ;=========================================== How can I create the code_1 Hexdata in code_2?
Is it ASM-code from another program and You want to use this code? If so and You write Your program on C, may be better to decompile it into C and use as is?
wasm[/b].ru ]www.wasm.ru this is an asm forum. so, it is better to all code should be changed into asm. everyone may use a same language for exchanging asm idea easily. i don't know why you are so embarrassedly to talk some import technology.
I cannot find word embarrassedly. Is it new term? it is better to all code should be changed into asm To whom how (As You wish!)
yes, no any "embarrassedly" word, only it seems. a famous song that came from your nation is being sung like such: in the field,the red plum blossom is flowering on a little river side; there is a beautiful girl who is being verily loved by me; a lot of words in my heart would be told to her; but, i can't express it with some modes.
The problem is you have not imported MessageBox. After compilation to an exe there appears imports section which tell Windows how to properly load libraries. Address of each function is there. invoke MessageBox expands to push ... push ... push ... push ... call [address in imports section] You should correct this value. I use fasm and prefer to code in the next way: format PE GUI 4.0 entry start include 'C:\Program Files\Nonamed\fasm\fasm164\include\win32a.inc' section '.data' data readable writeable pcondition rb 25h thrid dd 0 ; Окно формы --------------------------------------------------- _title db 'Win32 program template',0 ;- _class db 'FASMWIN32',0 ;- fhandle dd 0 ;- wc WNDCLASS 0,WindowProc,0,0,0,0,0,COLOR_BTNFACE+1,0,_class ;- ;--------------------------------------------------------------- msg MSG section '.code' import data code readable executable dd 0,0,0,RVA kernel_name,RVA kernel_table dd 0,0,0,RVA user_name,RVA user_table dd 0,0,0,0,0 kernel_table: ExitProcess dd RVA _ExitProcess CreateThread dd RVA _CreateThread Sleep dd RVA _Sleep dd 0 user_table: MessageBox dd RVA _MessageBox InternalGetWindowText dd RVA _InternalGetWindowText LoadIcon dd RVA _LoadIconA LoadCursor dd RVA _LoadCursorA RegisterClass dd RVA _RegisterClassA CreateWindowEx dd RVA _CreateWindowExA GetMessage dd RVA _GetMessageA TranslateMessage dd RVA _TranslateMessage DispatchMessage dd RVA _DispatchMessageA DefWindowProc dd RVA _DefWindowProcA PostQuitMessage dd RVA _PostQuitMessage dd 0 kernel_name db 'KERNEL32.DLL',0 user_name db 'USER32.DLL',0 _ExitProcess dw 0 ; 0 -> address when loaded db 'ExitProcess',0 _MessageBox dw 0 ; 0 -> address when loaded db 'MessageBoxW',0 _InternalGetWindowText dw 0 ;... db 'InternalGetWindowText',0 _LoadIconA dw 0 db 'LoadIconA', 0 _LoadCursorA dw 0 db 'LoadCursorA', 0 _RegisterClassA dw 0 db 'RegisterClassA', 0 _CreateWindowExA dw 0 db 'CreateWindowExA', 0 _GetMessageA dw 0 db 'GetMessageA', 0 _TranslateMessage dw 0 db 'TranslateMessage' _DispatchMessageA dw 0 db 'DispatchMessageA', 0 _DefWindowProcA dw 0 db 'DefWindowProcA', 0 _PostQuitMessage dw 0 db 'PostQuitMessage', 0 _CreateThread dw 0 db 'CreateThread', 0 _Sleep dw 0 ; 0 -> address when loaded db 'Sleep', 0 start: mov eax,dword [fs:18h] ;| mov eax,dword [ds:eax+30h] ;| movzx eax,byte [ds:eax+8h] ;| ;| mov [wc.hInstance], eax ;| push IDI_APPLICATION ;| xor eax, eax ;| push eax ;| call [LoadIcon] ;| ;| mov [wc.hIcon], eax ;| push IDC_ARROW ;| xor eax, eax ;| push eax ;| call [LoadCursor] ;| ;| mov [wc.hCursor],eax ;| push wc ;| call [RegisterClass] ;| ;| xor eax, eax ;| mov ecx, 128 ;| mov edx, 192 ;| push eax ;| push [wc.hInstance] ;| push eax ;| push eax ;| push edx ;| push edx ;| push ecx ;| push ecx ;| push WS_VISIBLE or WS_DLGFRAME or WS_SYSMENU ;| push _title ;| push _class ;| push eax ;| call [CreateWindowEx] ;| mov [fhandle],eax ;| ;------------------------------------------------------ xor eax, eax ;| push thrid ;| push eax ;| push eax ;| push _Thread ;| push eax ;| push eax ;| call [CreateThread] ;| ;------------------------------------------------------ msg_loop: ;| xor eax, eax ;| push eax ;| push eax ;| push eax ;| push msg ;| call [GetMessage] ;| or eax, eax ;| jz end_loop ;| push msg ;| call [TranslateMessage] ;| push msg ;| call [DispatchMessage] ;| jmp msg_loop ;| ;------------------------------------------------------ end_loop: ;| push [msg.wParam] ;| call [ExitProcess] ;| ;------------------------------------------------------ default: ;| jmp [DefWindowProc] ;| wmdestroy: ;| xor eax, eax ;| push eax ;| call [PostQuitMessage] ;| xor eax,eax ;| retn 4*4 ;| ;------------------------------------------------------ ; ---------------------------------- _Thread: ;| push 1000 ;| call [Sleep] ;| ;| mov eax, 25h ;| push eax ;| push pcondition ;| push [fhandle] ;| call [InternalGetWindowText] ;| ;| xor eax, eax ;| push eax ;| push pcondition ;| push pcondition ;| push eax ;| call [MessageBox] ;| ;| retn 4 ;| ;------------------------------------------------------ You should invent your own convention or use DLLs if you want to take a code. But usually you have to disassemble in order to find all calls of WinAPI and then assign them to your project.
