Hi,

I have been working on the code piece for a while now and have not figured out a solution. The purpose of the code is to open up a file, read it into memory and then display a specific bytes into a message box in hex format. The following code attempts to start at address 0000000Ch and get that byte plus the 3 following bytes and display them into a messagebox. although im testing this with the 0Ch address there are numerous areas of the file that i will also attempt to do the same thing with once i understand how it is done. I have attached my source code with the file im attempting to get information from.

.386

.model flat, stdcall
option casemap:none

include \masm32\include\windows.inc
include \masm32\include\kernel32.inc
include \masm32\include\user32.inc
include \masm32\include\masm32.inc
include \masm32\include\debug.inc
include \masm32\include\comdlg32.inc

includelib \masm32\lib\kernel32.lib
includelib \masm32\lib\user32.lib
includelib \masm32\lib\masm32.lib
includelib \masm32\lib\debug.lib
includelib \masm32\lib\comdlg32.lib

.data
FileName db "test.txt",0
bConvert db 12

.data?
hFile dd ?
fSize dd ?
hHeap dd ?
pHeap dd ?
bRead dd ?
buffer dd 64 dup (?)

.code
start:
;OPEN FILE
invoke CreateFile,addr FileName,\
GENERIC_READ,FILE_SHARE_READ,\
0,\
OPEN_EXISTING,\
FILE_ATTRIBUTE_NORMAL,\
0
mov hFile,eax

invoke GetFileSize,hFile,0 ;get file size
mov fSize,eax
invoke HeapCreate,0,addr fSize,0 ;create memory object
mov hHeap,eax
invoke HeapAlloc,hHeap,HEAP_ZERO_MEMORY,fSize ;allocate the memory
mov pHeap,eax
;invoke SetFilePointer,hFile,0,0,FILE_BEGIN ;
invoke ReadFile,hFile,pHeap,fSize,addr bRead, 0 ;read the whole file into memory

mov esi,pHeap ;load start of memory address into esi
lea edi,buffer ;load start of memory address into edi
xor ecx,ecx ;zero out ecx
add esi,12 ;add 12 to esi to start at memory location 0Ch
dec ecx
@@:
inc ecx ;start at 1 and increase
mov al,byte ptr [esi] ;move byte of memory located at esi into al
mov byte ptr [edi],al ;then move byte of memory in al into edi
inc esi
inc edi
cmp ecx,4 ;lets stop at 4 so we only move the 4 bytes we need
jne @B ;jump back and do again until we reach the 4th byte

invoke dw2hex,addr buffer,addr bConvert
invoke MessageBox,0,addr bConvert,0,0

invoke HeapFree,hHeap,0,pHeap
invoke HeapDestroy,hHeap
invoke ExitProcess,0

end start
Posted on 2003-04-13 11:41:59 by tremors
I think that's illegal. Bazik, why don't you close this thread also?
Posted on 2003-04-13 12:23:04 by comrade

I think that's illegal. Bazik, why don't you close this thread also?


Why should I? :grin:
Posted on 2003-04-13 12:27:57 by bazik
comrade,

What's illegal in the code?
Posted on 2003-04-13 12:30:34 by Vortex

I think that's illegal. Bazik, why don't you close this thread also?


Maybe you can ask Dmitry Sklyarov what happens if you go against the insanely broad DMCA, comrade. :(
None of us likes it but it's how it is currently. So certain threads it's better to close them.
Posted on 2003-04-13 12:58:47 by Hiroshimator
a filemapping would probably be easier for this, tremors.
Iczelion also has a nice tutorial about it.
Posted on 2003-04-13 13:00:13 by Hiroshimator
Hello tremors,

Your code works fine if you change invoke HeapCreate,0,addr fSize,0 to invoke HeapCreate,0,fSize,0 and at the end to display value in messagebox:

sub edi, 04h
invoke dw2hex,,addr buffer
invoke MessageBox,0,addr buffer,0,0

the value is displayed as 62030000 which is little endian format for 00000362

best regards,

czDrillard
Posted on 2003-04-13 13:22:07 by czDrillard
czDrillard: Thank you that works great. Do you know a procedure to change it from 62030000 to 00000362. I think i could manage to figure something if i could simply reverse the bytes but i would end up with 00003026.

Hiroshimator: My file will only run usually under 70kbs do you think that file mapping is still the way to go if i need to search and display different bytes through the file into a message box?
Posted on 2003-04-13 13:57:46 by tremors
it frees you of having to go through memory allocation and all that and you can just read it as if it were in memory. I think it would be a bit easier to maintain in the long run. :)
Posted on 2003-04-13 14:13:06 by Hiroshimator
I think bswap will work for switching from little endian to big endian. I have been fiddling around with it for a short time now and it is crashing my program.

sub edi,4
bswap edx

Does someone want to point out probably the obvious?
Posted on 2003-04-13 14:33:36 by tremors
Nothing obvious to point out but bswap does exactly what you want it to do and you should have no problems with it as it modifies no flags or other registers. Maybe something else is crashing your program ?
Posted on 2003-04-13 14:39:33 by donkey
I understand why bswap was not working for me. I was using a memory address instead of a value in memory. Because I'm using a 4 byte chunk of memory I realized that Instead of moving each byte into my buffer i could move the whole 4 byte chunk as a dword. Here is what I have come up with that works well for me

   mov esi,pHeap              ;load start of memory address into esi

lea edi,buffer ;load start of memory address into edi
add esi,12 ;add 12 to esi to start at memory location 0Ch
mov eax,[esi] ;move byte of memory located at esi into al
mov [edi],eax ;then move byte of memory in al into edi
bswap eax


Thanks for the help.:)
Posted on 2003-04-13 15:44:41 by tremors
You are going to save the data in the buffer right? Then why you do bswap after you save your data?
Posted on 2003-04-14 02:31:54 by roticv