Hi all,
I have a problem of having to access 3 dwords in dlgproc (everytime it is called). I do not want a .data section to store a data as it would mean alot more work for me. Anyway here's my code


.386
.model flat,stdcall
option casemap:none

include /masm32/include/kernel32.inc
include /masm32/include/windows.inc
includelib /masm32/lib/kernel32.lib

dlgproc proto :DWORD,:DWORD,:DWORD,:DWORD

.code
start:
EP:
call delta
delta:
pop eax
sub eax,5
push eax
jmp @F
checksum dd 0A33DBF46h,0CE0C8F2Ah
entrypt dd 0h ;entrypt - 13371338h
data dd 04F3A5C5h,0B2AA3D2Dh
caption_ dw "I","n","p","u","t"," ","P","a","s","s","w","o","r","d",0
font_ dw "M","S"," ","S","a","n","s"," ","S","e","r","i","f",0
password_ dw "P","a","s","s","w","o","r","d",":",0
ok_ dw "O","k",0
userdll db "user32.dll",0
loadlib db "LoadLibraryA",0
freelib db "FreeLibrary",0
exitproc db "ExitProcess",0
glballoc db "GlobalAlloc",0
glbfree db "GlobalFree",0
createdlg db "DialogBoxIndirectParamA",0
enddlg db "EndDialog",0
getdlgtxt db "GetDlgItemTextA",0
@@:
assume fs:nothing
mov eax,fs:[30h]
mov edx,0B8h
mov ecx,[eax+30h]
test eax,eax
jns KI_1
mov ebx,[eax+34h]
or ecx,ecx
jnz KI_2
KI_1:
mov eax,[eax+0Ch]
sub edx,0B0h
mov eax,[eax+1Ch]
mov ebx,[eax]
KI_2:
mov eax,[ebx+edx] ;;ebp = kernel base
mov ebp,eax
add eax,[eax+03Ch]
mov edi,[eax+IMAGE_NT_HEADERS.OptionalHeader.DataDirectory]
add edi,ebp
mov ecx,[edi+IMAGE_EXPORT_DIRECTORY.NumberOfNames]
mov esi,[edi+IMAGE_EXPORT_DIRECTORY.AddressOfNames]
add esi,ebp
nextname_:
mov eax,[esi]
add eax,ebp
cmp dword ptr [eax+00h], "PteG" ; GetP
jnz V1_
cmp dword ptr [eax+04h], "Acor" ; rocA
jnz V1_
cmp dword ptr [eax+08h], "erdd" ; ddre
jnz V1_
cmp word ptr [eax+0Ch], "ss" ; ss
jnz V1_
mov eax,[edi+IMAGE_EXPORT_DIRECTORY.AddressOfNameOrdinals]
add eax,ebp
mov edx,[edi+IMAGE_EXPORT_DIRECTORY.NumberOfNames]
sub edx,ecx
movzx ebx,word ptr [edx*2+eax]
mov eax,[edi+IMAGE_EXPORT_DIRECTORY.AddressOfFunctions]
add eax,ebp
mov ebx,[ebx*4+eax]
add ebx,ebp
jmp endnameloop_
V1_:
add esi,4
dec ecx
jnz nextname_
endnameloop_:
pop edx ;EP
push edx
add edx,glballoc - EP
push edx
; push offset glballoc
push ebp
call ebx
push 400h
push 40h
call eax
pop edx
push eax
mov edi,eax
mov DWORD PTR[edi], DS_SETFONT or WS_OVERLAPPED or WS_SYSMENU or DS_CENTER or WS_VISIBLE or WS_POPUP or WS_CAPTION or WS_MINIMIZEBOX
mov WORD PTR[edi+8], 3 ;Number of controls
mov WORD PTR[edi+10], 50 ;x
mov WORD PTR[edi+12], 50 ;y
mov WORD PTR[edi+14], 150 ;width
mov WORD PTR[edi+16], 70 ;height
add edi,22
mov ecx,15
mov esi,edx
add esi,caption_ - EP
; lea esi,caption_
rep movsw
mov WORD PTR[edi], 9
add edi,2
mov ecx,14
mov esi,edx
add esi,font_ - EP
; lea esi,font_
rep movsw
add edi,3 ;align to DWORD
and edi,-4
mov DWORD PTR [edi],WS_VISIBLE or WS_CHILD
mov WORD PTR [edi+8],15 ;x
mov WORD PTR [edi+10],20 ;y
mov WORD PTR [edi+12],100 ;width
mov WORD PTR [edi+14],10 ;height
mov WORD PTR [edi+16],1001 ;ID
mov WORD PTR [edi+18],0FFFFh
mov WORD PTR [edi+20], 082h ;static
add edi,22
mov esi,edx
add esi,password_ - EP
; lea esi,password_
mov ecx, 10
rep movsw
inc edi
and edi,-2 ;align to WORD
add edi,5
and edi,-4 ;align to DWORD
mov DWORD PTR [edi],WS_VISIBLE or WS_CHILD or WS_BORDER or ES_PASSWORD or WS_TABSTOP
mov WORD PTR [edi+8],55 ;x
mov WORD PTR [edi+10],19 ;y
mov WORD PTR [edi+12],75 ;width
mov WORD PTR [edi+14],12 ;height
mov WORD PTR [edi+16],1002 ;ID
mov WORD PTR [edi+18],0FFFFh
mov WORD PTR [edi+20], 081h ;edit
add edi,29 ;26+3
and edi,-4 ;align DWORD
mov DWORD PTR [edi],WS_VISIBLE or WS_CHILD
mov WORD PTR [edi+8],50 ;x
mov WORD PTR [edi+10],45 ;y
mov WORD PTR [edi+12],50 ;width
mov WORD PTR [edi+14],15 ;height
mov WORD PTR [edi+16],1003 ;ID
mov WORD PTR [edi+18],0FFFFh
mov WORD PTR [edi+20], 080h ;button
add edi,22
mov esi,edx
add esi,ok_ - EP
; lea esi,ok_
mov ecx,3
rep movsw
inc edi
and edi,-2
add edi,2
pop esi
push edx
add edx,loadlib - EP
push edx
; push offset loadlib
push ebp
call ebx
pop edx
push edx
add edx,userdll - EP
push edx
; push offset userdll ;invoke loadlibrary, offset userdll
call eax
pop edx
push eax ;preserve for later call
mov ecx, 12f000h
xchg esp,ecx
mov [esp],eax
mov [esp+4],ebx
mov [esp+8],edx
xchg ecx,esp
mov edi,edx
add edx,createdlg - EP
push edx
; push offset createdlg
push eax
call ebx
push 0
mov ecx,edi
add ecx,dlgproc1 - EP
; lea ecx,dlgproc1
push ecx
push 0
push esi
push 400000h
call eax
; invoke DialogBoxIndirectParam,400000h,esi,0,ADDR dlgproc,0
push eax
mov ecx,edi
add ecx,glbfree - EP
push ecx
; push offset glbfree
push ebp
call ebx
push esi
call eax
; invoke GlobalFree,esi
pop eax
cmp eax,0DEADC0DEh
jnz @F
mov ecx,edi
add ecx,entrypt - EP
add eax,[ecx]
call eax
@@:
mov eax,edi
add eax,freelib - EP
; push offset freelib
push ebp
call ebx
call eax
mov ecx,edi
add ecx,exitproc - EP
push ecx
; push offset exitproc
push ebp
call ebx
push 0
call eax
invoke ExitProcess,0

dlgproc1 proc uses edi ebx hdlg:DWORD,msg,wparam,lparam
xor edi,edi
mov eax,msg
cmp eax,WM_COMMAND
je wmcommand
cmp eax,WM_CLOSE
je wmclose
return_:
xor eax,eax
ret
wmcommand:
mov eax,wparam
and eax,0ffffh
cmp eax,1003
jnz return_
sub esp,4*4
mov edi,esp
mov edx,12f000h ;data on fixed location on the stack
xchg edx,esp
mov eax,[esp];user32.dll
mov ecx,[esp+4];getprocaddress
mov ebx,[esp+8]
xchg esp,edx
add ebx, getdlgtxt - EP
push ebx
sub ebx,getdlgtxt - EP
; push offset getdlgtxt
push eax
call ecx
push 16
push edi
push 1002
push [ebp+8];hdlg
call eax
; invoke GetDlgItemText,hdlg,1002,edi,16
push edi
add ebx,data - EP
push ebx
; push offset data
call teandecode1
xor eax,eax
sete al
add ecx,eax ;inc edx
stc
sbb ecx,13371337h
jnz @F
sbb edx,0DEADC0DEh
jnz @F
;.... some decrpyting code here
mov edi,0DEADC0DEh
add esp,4*4
jmp wmclose
@@:
add esp,4*4
jmp return_
wmclose:
mov edx,12f000h ;data on fixed location on the stack
xchg edx,esp
mov eax,[esp];user32.dll
mov ebx,[esp+4];getprocaddress
mov ecx,[esp+8];Entrypoint
xchg esp,edx
add ecx,enddlg - EP
push ecx
; push offset enddlg
push eax
call ebx
push edi
push [ebp+8];hdlg
call eax
; invoke EndDialog,hdlg,ecx
jmp return_
dlgproc1 endp

teandecode1:
push ebx
push esi
push edi
mov eax,0E6D5C622h;lower 32bit of 32*delta
mov ecx,[esp+4+3*4]
mov esi,[esp+8+3*4]
mov edx,[ecx+4];z
mov ecx,[ecx];y
@@:
mov ebx,ecx
shl ebx,4;z-=(y<<4 ^ y>>5) + y^sum + key[sum>>11 & 3]
mov edi,ecx
shr edi,5
xor ebx,edi
add ebx,ecx
xor ebx,eax
mov edi,eax
shr edi,11
and edi,3
add ebx,[esi+edi*4]
sub edx,ebx
sub eax,09E3779B9h;sum -= delta
mov ebx,edx
shl ebx,4
mov edi,edx
shr edi,5
xor ebx,edi ;y-=(z<<4 ^ z>>5) + z^sum + key[sum & 3]
add ebx,edx
xor ebx,eax
mov edi,eax
and edi,3
add ebx,[esi+edi*4]
sub ecx,ebx
test eax,eax
jnz @B
; mov edi,[esp+4+3*4]
; mov [edi],ecx
; mov [edi+4],edx
pop edi
pop esi
pop ebx
ret 8
EPEND:
end start

The code I have been using is for the passing of the values are


mov ecx, 12f000h
xchg esp,ecx
mov [esp],eax
mov [esp+4],ebx
mov [esp+8],edx
xchg ecx,esp

I know this code is yucky (as what hutch has said), thus I need some suggestion to solve my problem. Thank you and have a nice day.
Posted on 2003-05-24 04:51:07 by roticv
roticv,
I don't really have a handle on asm yet, but, if you just want to pass extra params to the proc,
can't you just let windows manage it, by using SetWindowLongPtr()...

from sdk:

SetWindowLongPtr
The SetWindowLongPtr function changes an attribute of the specified window. The function also sets a value at the specified offset in the extra window memory.

This function supersedes the SetWindowLong function. To write code that is compatible with both 32-bit and 64-bit versions of Windows, use SetWindowLongPtr.

LONG_PTR SetWindowLongPtr(
HWND hWnd, // handle to window
int nIndex, // offset of value to set
LONG_PTR dwNewLong // new value
);

???
Brad
Posted on 2003-05-24 05:33:48 by Brad
The problem with that api is that I need to get pointer to the function to use it. And the only way to load the functions is through the 3 dwords, one contains user32.dll base code, one contains entrypoint and the last contains the Getprocaddress.
Posted on 2003-05-24 06:34:38 by roticv
roticv,
You can use global "local" stack variables...
Somewhere in the begining
sub esp, 3*4 ; esp is your "12f000h"
and then work with unbalanced stack to the end

Regards,
Lingo
Posted on 2003-05-24 08:23:29 by lingo12
Nice idea lingo,
Why I did not think of it?
Thanks :alright:
Posted on 2003-05-24 08:53:32 by roticv
roticv,
a few notes:
- you can substitute here slow LoadLibraryA / FreeLibrary
with GetModuleHandle / user32.dll because it is always loaded
- you don't need GlobalAlloc/GlobalFree here because you can
use the stack too...with sub esp,100h*4
- next code is slow:
cmp dword ptr , "PteG"
jnz V1_
cmp dword ptr , "Acor"
jnz V1_
cmp dword ptr , "erdd"
....

because dword ptr address isn't dword aligned
- you don't need call delta trick because you have offset EP
- I hate slow xchg instruction and use it rarely (for instance in multithreading
programs)

Regards,
Lingo
Posted on 2003-05-24 10:14:58 by lingo12
Anyway what is the size of the stack? I seem to get the error "ERROR_NOT_ENOUGH_MEMORY (00000008)".
Posted on 2003-05-25 03:42:57 by roticv
The default stack size is 1 MB. The linker rounds up the specified value to the nearest 4 bytes.
Posted on 2003-05-25 10:17:34 by lingo12
Why not allocate enough memory using VirtualAlloc and pass the data in a structure, no need for a data section at all. You simple pass the pointer to memory that you have allocated and use the structure to access the individual elements. That way there is alos expandibility later,just add another element to the structure if you need it.
Posted on 2003-05-25 10:23:21 by donkey

- I hate slow xchg instruction and use it rarely (for instance in multithreading programs)
Only the memory version of the instruction is slow.
Posted on 2003-05-25 10:25:58 by bitRAKE
Ah donkey,
The problem is how you are going to pass the pointer to the dlgproc. I think the only way out is using a fixed location on the stack. Thus i did something like (thanks to lingo for the idea)



mov ecx, 12ffa0h
xchg esp,ecx
mov [esp],eax
mov [esp+4],ebx
mov [esp+8],edx
mov [esp+12],ecx


And access the values by


mov edx,12ffa0h ;data on fixed location on the stack
xchg edx,esp
mov eax,[esp];user32.dll
mov ebx,[esp+4];getprocaddress
mov ecx,[esp+8];Entrypoint
xchg esp,edx


And restore the esp by
	mov		ecx,12ffa0h

xchg esp,ecx
mov ecx,[esp+12]
mov esp,ecx


Anyway lingo, the user32.dll is not loaded into the memory. Using GetModuleHandleA return the error ERROR_MOD_NOT_FOUND.
Posted on 2003-05-25 10:32:00 by roticv
I dont have alot of time to study your source above. So forgive me if im overlooking something here. But i agree with Donkey. Your making this very complicated (as im seing it).

    [*]Allocate memory for your three dwords your looking for (probably off the heap)
    [*]Call you dialog window (CreateDialogIndirectParam, CreateDialogParam, DialogBoxIndirectParam, or DialogBoxParam), and pass in the last paramenter the pointer to the allocated memory. The last parameter is user specific setup to your dialog when created. "Before displaying the dialog box, the function passes an application-defined value to the dialog box procedure as the lParam parameter of the WM_INITDIALOG message. An application can use this value to initialize dialog box controls.
    [*]In the dialog proc, under WM_INITDIALOG, get the lParam, which is your passed address pointer. Allocate heap memory for the dialog box (with a structure of some type) and store the pointer into this newly allocated memory. Store this new memory pointer into the dialog window using SetWindowLong.
    [*]Add dialog code to free the heap memory for when the dialog is destroyed.
    [*]Add a global line in the dialog box to GetWindowLong on every entrance, to retrieve the local private memory to the dialog instance, and store this pointer and say EBX. Now you can access the private memory easily in your dialog proc.
    [*]When doing "stuff" in your dialog box, store the updated DWORD data both privately, and mirror it to the external heap as well, by using the stored pointer that was saved on the Init.
    [*]Now your dialog box is privately incapsulted, yet it also outputs externally any required 'dynamic' data to the shared memory that superceeds any dialog box.


    Its alot to write out. But its rather easy to implement. I do a similar approach to custom controls. If you look at my tutorial on this you will see actual sample code that stores init data into private memory that is local to each instance of the control (or in you case, dialog box).

    Mirroring your data out, instead of simply running from this external memory source is prefered, since the external routines can freely change the data without affecting the operation of your dialog box. This keeps things "safe" since the system variables are read from only the internal private heap memory, and only reflects there values externally. From here, the dialog box shouldnt care what happens to this data, before its re-updated by the dialog box.


    Hope this helps..
    :alright:
    NaN
Posted on 2003-05-25 11:20:41 by NaN