Oops! Sorry me JohnFound,

I will think of using the scripting engine.Pelaillo started his new project,so
I think his engine will be a good one.What do you think about?
Posted on 2003-06-11 08:57:19 by Vortex
Hi Vortex.

Hm, pellailo's script will be good tool I think, but let's wait him to fiinsh it. The version he postet today here not works on my machine, but I have no free time to check it more deeply.

About your variant scan.exe. I am not trying to run it in console. I am simply double click it in explorer. So, the console appears, then disappears and process terminate at first look. But if you press ctrl+alt+del in task manager you will see process named "scan" that not responds.
Posted on 2003-06-11 10:01:20 by JohnFound
JohnFound,

Once again,I made the same experiment on two different O.S:Win95b and Win XP.(double clicking in
the explorer) No any problem with the task manager.The application terminates safely.Even,I can
see the welcome screen in the flashing console.

I think Pelaillo's tool will be successfull;but he needs more time to code it.

Regards,

Vortex
Posted on 2003-06-12 01:08:21 by Vortex
Hi Vortex.
About hanging. It's strange. I even can't load scan.exe in Olly debuger. So, maybe this is because of msvcrt.dll . I don't write on C at all, so maybe I have not the last version of this dll. My one (in windows/system ) is version: 6.00.8797.0
Posted on 2003-06-12 02:18:58 by JohnFound
Hi JohnFound,

I guessed it's a problem about the msvcrt library.Now,I recompiled the source files,
the scanner uses now some functions from crtdll lib (more solid) instead of the msvcrt lib.

I think the problem was about the __getmainargs C function. :) It's changed now to __GetMainArgs
from crtdll lib.

Please check the attachment if it's functionning correctly on your system.

John,you should get a new version of msvcrt.dll from the net,this system file is used by various
applications.

Personnaly,I avoided as much as possible of using C run-time functions,but this __GetMainArgs
function is really a very powerfull one.

John,can you download my example "getmainargs in Fasm" from the Fasm section to see if
there is some problems?
Posted on 2003-06-12 02:51:48 by Vortex
Sorry Vortex. It's still hangs, absolutely the same way. And did you know, I find your program is some kind strange. It have modified DOS header, and I still can't load it in any debugger I have. Is it possible you have some viruses on your computer? :confused:
Posted on 2003-06-12 03:47:29 by JohnFound
JohnFound,

I am using Kaspersky AV and F-PROT:no any virus in my executables.

Are you sure that your O.S. is functionning without problem? Which version of Windows
do you have?
Posted on 2003-06-12 03:59:11 by Vortex
So, I am with:

Windows 95 osr2 with installed active desktop, diferent service packs and updates and IE5.5.

I have no any problems with any installed software.
Only I can't install DX8.1 :grin:

I made some other tests and IMO the problem with scan is not on the run stage, but on the load stage, and I find this very strange...furthermore, scan works fine when I start it from console.

I will try to make some other tests, but I have no time right now.

Regards.
Posted on 2003-06-12 04:39:08 by JohnFound
Scan.exe examined with LordPE
No any abnormality.
Posted on 2003-06-12 04:41:48 by Vortex
Hi JohnFound,

I forgot to say:my app. is built on a Win95b system.

I hope you will be able to discover the reason of this mysterious event.
Posted on 2003-06-12 04:44:21 by Vortex
I've having some unexpected results due to the exported functions table.

It seems that Micro$oft does not follow their own rules! I find a kernel32.dll on win ME that have some function names in the wrong place... so now I have a partially sorted names list: the worst possible thing at all!!!

Now I am taking two ways: first one is to sort the table and then search. The second is to use a modified Boyer Moore to search the function on the unsorted names.

It is common to find unsorted export functions in dlls?
Or there is a very abnormal kernel32.dll?
Posted on 2003-06-16 06:15:46 by pelaillo
Pelaillo,

There is no any problem with the kernel32.dll provided by Win95b and Win XP.
These unsorted function names are maybe specific to Win ME.
Posted on 2003-06-16 07:32:10 by Vortex
Vortex,

Could you add support for indirect call (will be used with Link.exe)?

for example MessageBox -> '_MessageBoxA@16'
InitCommonControls -> '_InitCommonControls@0'
Posted on 2003-06-19 07:29:33 by Bi_Dark
Bi_Dark,

My tool inc2inc supports the use of Fasm with MS Link:

http://www.asmcommunity.net/board/showthread.php?threadid=8994

This tool creates special include files for Fasm from Hutch's masm32 include
file set.

The latest release 1.03 is very simple to use.You can check the examples.

The advantage inc2inc is that you can use static libraries such as masm32.lib
with Fasm.

Regards,

Vortex
Posted on 2003-06-20 06:40:49 by Vortex
Bi_Dark,

Now,the scanner V2.0 supports the indirect call for Fasm+MS Link

Here are two new include files for ther scanner.

All you need:

The scanner V2.0 included in the zip file- ( You cannot get the number of pushed API function
parameters from the system DLLs. :) This is why we need of the V2.0 )

To use the scanner:



scan sourcefile.asm -a


You can check the example in the attachment.

If you have any other questions,please let me know.

Regards,

Vortex
Posted on 2003-06-21 03:41:54 by Vortex
I didn't mean that....,

I mean "extrn '_MessageBoxA@16' as MessageBox" <--- no 'dword' appended

and will be called via jump table



push 0
push 0
push 0
push 0
call MessageBox <--- not [MessageBox]

MessageBox:
jmp dword [__imp_MessageBoxA@16] <--- Linker will do the indirect job for me


coz I'm too lazy to type square bracket 'call ', that why I need it :tongue:
Posted on 2003-06-21 19:44:16 by Bi_Dark
Bi_Dark,

O.K,I will add this future to the V2.0 :)
Posted on 2003-06-22 09:03:13 by Vortex
Bi_Dark,

Here is for you the scanner now able to process indirect calls. :)
I modified stdcall.inc for the indirect method.
You can check the example in the attachment.
Posted on 2003-06-23 04:32:44 by Vortex
Vortex,

Yo rock! :cool:
Posted on 2003-06-24 01:29:30 by Bi_Dark
Since fasm's forum allows the attachments now, you can also release it there.
Posted on 2003-06-28 04:51:08 by Tomasz Grysztar