%include "\lab\vasm\inc\nagoa.inc"




BEGIN_PE DEFAULT ; --- Add the PE header


code:
nasm GetModuleHandleA,0
loccall WinMain,eax


proc WinMain,hInstance

stack msgs,MSG_size
stack hWnd,4
stack WC, WNDCLASSEX_size


nasm RtlZeroMemory,ADDR_ WC,WNDCLASSEX_size
mov dword ,WNDCLASSEX_size
mov dword ,CS_VREDRAW + CS_HREDRAW + CS_DBLCLKS
mov dword ,WndProc+reloc
mov dword ,15
mov dword ,ClassName+reloc
m2m ,
nasm LoadIconA,,IDI_APPLICATION
mov , eax
mov , eax
nasm LoadCursorA,,IDC_ARROW
mov , eax
nasm RegisterClassExA,ADDR_ WC

nasm CreateWindowExA, WS_EX_WINDOWEDGE + WS_EX_CLIENTEDGE,\
address ClassName,address WindowName,\
WS_OVERLAPPEDWINDOW,200,\
200,200, 200,\
NULL,NULL,,NULL

nasm ShowWindow,eax,TRUE
nasm UpdateWindow,0

; --- Get Messages User imput Lopp (-:

msg_loop:

nasm GetMessageA,ADDR_ msgs ,0,0,0
or eax,eax
jz Fin_Bucle
nasm DispatchMessageA, ADDR_ msgs
jmp msg_loop

Fin_Bucle:
nasm ExitProcess,0
endproc



; ========================
; Procedimiento de ventana
; ========================

proc WndProc, hwnd, msg, wParam, lParam

stack hdc,4
stack rect,RECT_size
stack ps,PAINTSTRUCT_size

mov eax,
cmp eax, WM_PAINT
je .WM_PAINT
cmp eax, WM_DESTROY
je .WM_DESTROY
nasm DefWindowProcA,,,,
return

.WM_PAINT:


nasm BeginPaint,,ADDR_ ps ;eax
mov ,eax
nasm GetClientRect,,ADDR_ rect

nasm DrawTextA,,"Hi everybody!!!",\
-1,ADDR_ rect ,\
DT_SINGLELINE + DT_CENTER + DT_VCENTER

nasm EndPaint, ,ADDR_ ps
return

.WM_DESTROY:
nasm PostQuitMessage,0
endproc



;--------------- [ DATA ]

_DATA_

ClassName db "NAGOA",0
WindowName db "Window written in assembly (using only NASM)",0


; ------------ [ IMPORTS ]

MODULES
LIB kernel32.dll, "kernel32.dll"
LIB user32.dll, "user32.dll"
ENDM


BEGIN_IMPORT kernel32.dll
__api_ GetModuleHandleA, ExitProcess,RtlZeroMemory
_IMPORT GetModuleHandleA, "GetModuleHandleA", 0, ExitProcess, "ExitProcess",0,RtlZeroMemory,"RtlZeroMemory", 0

END_IMPORT


BEGIN_IMPORT user32.dll
__api_ MessageBoxA, LoadIconA, LoadCursorA, RegisterClassExA
__api_ CreateWindowExA, ShowWindow, GetMessageA, DispatchMessageA
__api_ DefWindowProcA, BeginPaint, GetClientRect, EndPaint
__api_ DrawTextA, PostQuitMessage, UpdateWindow

_IMPORT MessageBoxA, "MessageBoxA", 0, LoadIconA, "LoadIconA", 0
_IMPORT LoadCursorA, "LoadCursorA", 0, RegisterClassExA, "RegisterClassExA", 0
_IMPORT CreateWindowExA, "CreateWindowExA", 0, ShowWindow, "ShowWindow", 0
_IMPORT GetMessageA, "GetMessageA", 0, DispatchMessageA, "DispatchMessageA", 0
_IMPORT DefWindowProcA, "DefWindowProcA", 0, BeginPaint, "BeginPaint", 0
_IMPORT GetClientRect, "GetClientRect", 0, EndPaint, "EndPaint", 0
_IMPORT DrawTextA, "DrawTextA", 0, PostQuitMessage, "PostQuitMessage", 0
_IMPORT UpdateWindow, "UpdateWindow", 0
END_IMPORT

END_PE
;------------ [ end of exe ]

only 1,50 KB exe

a painted window


this is the new nagoa.inc !!!

http://visual-assembler.pt.vu

or

http://groups.yahoo.com/group/win32-nasm-users/
Posted on 2004-02-06 14:46:28 by Nguga
Hi nguga:

With the last PEMAC.INC now for the imports you can do:



__LIBS_ kernel32, "kernel32.dll", \
user32, "user32.dll"


__IMPORT_ kernel32, \
GetModuleHandle, "GetModuleHandleA", 0, \
ExitProcess, "ExitProcess", 0, \
ZeroMemory, "RtlZeroMemory", 0

__IMPORT_ user32, \
MessageBox, "MessageBoxA", 0, \
LoadCursor, "LoadCursorA", 0, \
RegisterClassEx, "RegisterClassExA", 0, \
CreateWindowEx, "CreateWindowExA", 0, \
ShowWindow, "ShowWindow", 0, \
GetMessage, "GetMessageA", 0, \
DispatchMessage, "DispatchMessageA", 0, \
DefWindowProc, "DefWindowProcA", 0, \
PostQuitMessage, "PostQuitMessage", 0, \
TranslateMessage, "TranslateMessage", 0, \
LoadIcon, "LoadIconA", 0



You can specify the ordinal where is the zero.

With the next version you won't need neither "reloc" nor "nasm" macro instructions.

Try it:
http://mipagina.cantv.net/numator/PEMAC.zip

greetings
nmt
Posted on 2004-02-08 19:58:18 by n u M I T_o r
Look at this sample:

http://mipagina.cantv.net/numator/NPEMAC.zip

Neither "reloc" nor "nasm" macro instructions.
Posted on 2004-02-08 22:46:06 by n u M I T_o r
the sflat_pe is treated as a virus :-s
interesante informacion n u M I T_o r
Posted on 2004-02-08 22:47:35 by Jnrz
> the sflat_pe is treated as a virus :-s

Yes. This is when the import info is in the header. A
friend sended me a lot of similar examples
and happened the same. Possibly by chance the Bloodhound
virus has also the import info in the header :), but I have seen
some pe files where this does not happen. Anyway, I must not
try to explain here how avoid this :). One day I'll try to know why
this.
Posted on 2004-02-09 06:27:47 by n u M I T_o r
weel heheh for new people this posts must think that we are MAD lol

well NAGOA = NASM GORC ALINK

and that is great :)


but nuMIT_or is just a MAD :)


and he wants only NASM ! no linker nor resource builder !


and exe is so litle man ! ;)



thats great thing !







for me i made this macros here an example , soon i will post this new nagoa.inc , for ONLY NASM ;)











; -- --------------- FILE -----------------------
%include "\lab\vasm\inc\nagoa.inc"


BEGIN_PE DEFAULT ; --- Add the PE header

data:

var_ hInst , dd 0

ClassName db "NaGoA" , 0
WindowName db " only NASM no linker ! " ,0


code:

nasm GetModuleHandleA,0
mov ,eax
loccall WinMain,


proc WinMain,hInstance

stack msgs,MSG_size
stack hWnd,4
stack WC, WNDCLASSEX_size


nasm RtlZeroMemory,ADDR_ WC,WNDCLASSEX_size
mov dword ,WNDCLASSEX_size
mov dword ,CS_VREDRAW + CS_HREDRAW + CS_DBLCLKS
mov dword ,addr WndProc
mov dword ,15
mov dword , addr ClassName
m2m ,
nasm LoadIconA,,IDI_APPLICATION
mov , eax
mov , eax
nasm LoadCursorA,,IDC_ARROW
mov , eax
nasm RegisterClassExA, ADDR_ WC

nasm CreateWindowExA, WS_EX_WINDOWEDGE + WS_EX_CLIENTEDGE,\
addr ClassName,addr WindowName,\
WS_OVERLAPPEDWINDOW,200,\
200,200, 200,\
NULL,NULL,,NULL

nasm ShowWindow,eax,TRUE
nasm UpdateWindow,0

msg_loop:

nasm GetMessageA,ADDR_ msgs ,0,0,0
or eax,eax
jz Fin_Bucle
nasm DispatchMessageA, ADDR_ msgs
jmp msg_loop

Fin_Bucle:
nasm ExitProcess,0
endproc

proc WndProc, hwnd, msg, wParam, lParam

stack hdc,4
stack rect,RECT_size
stack ps,PAINTSTRUCT_size

mov eax,
cmp eax, WM_PAINT
je .WM_PAINT
cmp eax, WM_DESTROY
je .WM_DESTROY
nasm DefWindowProcA,,,,
return

.WM_PAINT:


nasm BeginPaint,,ADDR_ ps ;eax
mov ,eax
nasm GetClientRect,,ADDR_ rect

nasm DrawTextA,,"Hi everybody!!!",\
-1,ADDR_ rect ,\
DT_SINGLELINE + DT_CENTER + DT_VCENTER

nasm EndPaint, ,ADDR_ ps
return

.WM_DESTROY:
nasm PostQuitMessage,0
endproc









; ------------ [ IMPORTS ]


__LIBS_ kernel32, "kernel32.dll", \
user32, "user32.dll"

__IMPORT_ kernel32, \
GetModuleHandleA, "GetModuleHandleA", 0, \
ExitProcess, "ExitProcess", 0,\
RtlZeroMemory,"RtlZeroMemory",0

__IMPORT_ user32, \
MessageBox, "MessageBoxA", 0, LoadIconA, "LoadIconA", 0, \
LoadCursorA, "LoadCursorA", 0, RegisterClassExA, "RegisterClassExA", 0, \
CreateWindowExA, "CreateWindowExA", 0, ShowWindow, "ShowWindow", 0, \
GetMessageA, "GetMessageA", 0, DispatchMessageA, "DispatchMessageA", 0 ,\
DefWindowProcA, "DefWindowProcA", 0, BeginPaint, "BeginPaint", 0, \
GetClientRect, "GetClientRect", 0, EndPaint, "EndPaint", 0, \
DrawTextA, "DrawTextA", 0, PostQuitMessage, "PostQuitMessage", 0, \
UpdateWindow, "UpdateWindow", 0, GetWindowRect, "GetWindowRect", 0, \
GetDesktopWindow, "GetDesktopWindow", 0, MoveWindow, "MoveWindow", 0


END_PE
;------------ [ end of exe ]



;------------- END FILE -------------



exe is only 1,50 KB :)





well i prefer *nasm* to call only nasm becouse
i will se right way its only nasm !

and prefer

nasm MessageBoxA,0,addr szMessage , " title Nasm Rocks ! " , 0


mov eax, addr szMessage

lol know i see masm addr lol



and prefer when a var is declared using stack


stack Buffer , 120 ; 120 bytes buffer

or

; ps is size of PAINTSTRUCT

stack ps,PAINTSTRUCT_size


and then using ADDR_ macro

"
lea eax,
push eax

"

is

nasm BeginPaint,,ADDR_ ps


i do not see any logic making

nasm BeginPaint,,ADDR_

[ ] here does not make logic :)


LEA, despite its syntax, does not access memory
it stores the calculated address into the register

ps is a pointing to the first element of PAINTSTRUCT . it can be seen as a label by logic :)



its way a like more
nasm BeginPaint,,ADDR_ ps


for ADDR_ macro


nuMIT_or :)
THANKS VERY MUCH FOR YOUR PEMAC MACROS !!!

GRACIAS

Nguga
Posted on 2004-02-10 09:09:40 by Nguga
Bloodhound is not exactly a virus. It is just that nav thinks that it is a virus but could not classify it.

In my opinion, lea is useful for addition and stuffs like that.
Posted on 2004-02-10 09:14:06 by roticv
Hi nguga

> well i prefer *nasm* to call only nasm becouse

Hey, listen please. The problem is that the original PEMAC.INC
macros all the objects are in raw or physical space: any address
is really a raw offset in the file. So that I have to calculate the
virtual address where will be the objects when the program is
executed. This is more complex when you use more than one
section: I like to use the .bss uninitialized data section.

The "nasm" and the "reloc" macro instructions let solve this
problem, but break the original NASM syntax and introduce
complications that is best avoid it.

Some guys sended me info about a project similar to PEMAC.INC.
They found a way to avoid to do relocations by hand: NASM
can do these relocations in assembling time. You must look at
NPEMAC.INC to discover the power of the NASM section
directive. Still I have to intend use the .bss section with this
new macros.

I think that is not good break the original NASM syntax. Many
NASM users prefer use it and avoid HLL style macros.

> nuMIT_or is just a MAD
> and he wants only NASM ! no linker nor resource builder

Yes. With the original PEMAC.INC I wrote a complete system,
cybercafe style, to control the machines in my job. Still the
program has bugs, but soon I will upload it to everybody.

> lea eax,
> push eax
>
> is
> nasm BeginPaint,,ADDR_ ps
>
> i do not see any logic making
> nasm BeginPaint,,ADDR_
> [ ] here does not make logic

You are free to use any notation that you want. I don't
remember now what I do, but I'm sure that I always mantain
the dot -- [.ps] -- when I use local variables. Is important for my
to know when a variable is local, when is global intitialized and
when is global uninitialized because the relocations always
change. I wait that with the NPEMAC.INC I'll can forget this :)

But I see that you are building a new language, not exactly
a classic assembly language. Of course, in a very pragmatic
way, but seems me a new language, so that you can select
the syntax and the lexic that best satisfies your criterions.

> Bloodhound is not exactly a virus

Yes! I have discovered this. Is strange that the NAV antivirus
complains with some PE files with import info in the header
and not with other PE files still with import info in the header.
Posted on 2004-02-11 22:27:25 by n u M I T_o r
hi nuMIT_or !



"
but I'm sure that I always mantain
the dot -- [.ps] -- when I use local variables "



with NAGOA proc endproc you can use that dot thing .


look here :)



proc Message , .msg , .title

call MessageBox ,NULL, [.msg] , [.title] , MB_OK

endproc


wish makes more sense :)
Posted on 2004-02-12 12:34:00 by Nguga
; NAGOA RAD IDE menu go to , project -> build settings -> BIN


%include "\lab\vasm\inc\nagoa.inc"




BEGIN_PE DEFAULT

data:

ola db "ola" ,0
ole db "ole" ,0

code:

loccall Message , addr ola , addr ole
xor eax,eax
ret


proc Message , .msg , .title

nasm MessageBoxA ,NULL, [.msg] , [.title] , MB_OK

endproc



; ------------ [ IMPORTS ]


__LIBS_ user32.dll , "user32.dll"



__IMPORT_ user32.dll, \
MessageBoxA, "MessageBoxA", 0




END_PE




i agree that that *addr* is not nasm syntax :)


i use *addr* as you know every time i need that
+ reloc .


keep ON the Only Nasm work ! :)
Posted on 2004-02-12 12:47:08 by Nguga
nuMIT_or !

NAGOA.INC already working without that reloc thing ! :)


want to thank vecna nuMIT_or and William Swanson




only NASM no compiler







%include "\lab\vasm\inc\nagoa.inc"




section .data

msg db "message",0
title db "title!",0


section .text

__start:


nasm MessageBoxA , 0 , "ola","ola", MB_OK

nasm MessageBoxA , 0 , msg , title , MB_OK

xor eax,eax
ret






section .text

__LIBS_ user32,"user32.dll"
__IMPORT_ user32, MessageBoxA, "MessageBoxA", 0


_end_import:
%define import_size _end_import - import


end
Posted on 2004-02-12 21:48:31 by Nguga
its like this know :)

%include "\lab\vasm\inc\nagoa.inc"


section .data

msg db "message",0
title db "title!",0


section .text

__start:


nasm MessageBoxA , 0 , "ola","ola", MB_OK

nasm MessageBoxA , 0 , msg , title , MB_OK

xor eax,eax
ret





IMPORT_BEGIN

__LIBS_ user32,"user32.dll"
__IMPORT_ user32, MessageBoxA, "MessageBoxA", 0

IMPORT_END
Posted on 2004-02-12 22:09:32 by Nguga
only 1.039 bytes :)
Posted on 2004-02-12 22:12:37 by Nguga
> NAGOA.INC already working without that reloc thing

That is wonderful! Try now to use the .bss section. I
have not intended with the section directive.
Posted on 2004-02-12 22:24:50 by n u M I T_o r
Hi nguga!

I used unitialized data with the NPEMAC.INC without problem.
The .bss section does not appears in the section header, but
the ImageSize field is correctly adjusted to alloc the
necessary memory in run time.

So you can do



section .bss
buffer resb 4000h


And the size of the EXE will be the same as if you have not
defined such buffer.

Another point. It is not necessary use "apicall" macro instruction
anymore. You can use any "call" instruction that you used with
linkers: invoke, stdcall, _call, etc. Is not necessary to do
relocations by hand anymore.
Posted on 2004-02-14 07:44:21 by n u M I T_o r
Btw numitor, what happens if the last section in the PE file is a read-only section and you just add to SizeOfImage?
Posted on 2004-02-14 10:10:39 by f0dder
hi !


nuMIT_or i can not use the same NAGOA *call* macro becouse that macro calls functions via IAT
without any import table jump.


its just a call directly to the function , it does not call the adress table .

and nagoa *call* makes this .



push dword 0
extern ExitProcess
import ExitProcess kernel32.dll
CALL

you can see the diference in olydbg :) , there is no import table.


for every *call* and us you know BIN nasm option
does not suport that :( .



%idefine ADDR_ "ADDR_",
%idefine addr_ "ADDR_",

%imacro call_ 1-*
%assign i %0
%if %0 > 1
%rep %0 - 1
%rotate -1
%assign i i-1
%rotate -1
%ifidni %1,"ADDR_"
%rotate 1
lea eax, [%1]
push eax
%rotate -1
%assign i i-1
%else
%rotate 1
STDPUSH {%1}
%endif
%if i <=1
%exitrep
%endif
%endrep
%rotate -1
%endif
%ifndef %1_definida
; ? uma fun?ao externa ? ( hgb )
extern %1 ; declare API function as external
CALL [%1] ; call API function via IAT
%else
;? uma fun?ao local
CALL %1
%endif
%endmacro


;=== [ end macro call_ ] =====================


%define CALL_ call_
%define stdcall call_
%define STDCALL call_
%define invoke call_
%define INVOKE call_
Posted on 2004-02-14 10:28:30 by Nguga
there is no import table.

I hope you mean there are no "call j_ExitProcess" style thunks - without an import table you're going to get into trouble on at least a couple of windows versions :)
Posted on 2004-02-14 10:36:51 by f0dder
; method that NAGOA.INC uses in is RAD IDE
; implemented on is already made macro !
; nasm -f obj iat_message.asm
; alink -oPE iat_message.obj
; ------------------------------------------

; here full hardcoded .

;-------------------------------------------------

segment data use32
title1 db 'A Windows Program', 0
string1 db 'Look, Ma! A Windows program!', 0



segment code use32

..start:

push dword 0 ; button type - supposed to be 0,
push dword title1 ; but I need all the help I can get :)
push dword string1
push dword 0 ; our "handle", I think
extern MessageBoxA
import MessageBoxA user32.dll
call



push dword 0
extern ExitProcess
import ExitProcess kernel32.dll
CALL

;--------------------------------------------







here is the IDA asm output :


; This file is generated by The Interactive Disassembler (IDA)
;==========================================================================

; Segment type: Pure data
data segment para public 'DATA' use32
assume cs:data
;org 401000h
aAWindowsProgra db 'A Windows Program',0 ; DATA XREF: code:00402005o
aLookMaAWindows db 'Look, Ma! A Windows program!',0 ; DATA XREF: code:0040200Ao
align 1000h
data ends


; Segment type: Pure data
code segment para public 'DATA' use32
assume cs:code
;org 402000h

public start
start:
push 0
push offset aAWindowsProgra ; "A Windows Program"
push offset aLookMaAWindows ; "Look, Ma! A Windows program!"
push 0
call ds:MessageBoxA
push 0
call ds:ExitProcess

code ends


; Segment type: Pure data
imports segment para public 'DATA' use32
assume cs:imports
;org 403000h
db 58h ; X
db 30h ; 0
db 0 ;
db 0 ;
db 0 ;
db 0 ;
db 0 ;
db 0 ;
db 0 ;
db 0 ;
db 0 ;
db 0 ;
db 3Ch ; <
db 30h ; 0
db 0 ;
db 0 ;
db 60h ; `
db 30h ; 0
db 0 ;
db 0 ;
db 68h ; h
db 30h ; 0
db 0 ;
db 0 ;
db 0 ;
db 0 ;
db 0 ;
db 0 ;
db 0 ;
db 0 ;
db 0 ;
db 0 ;
db 48h ; H
db 30h ; 0
db 0 ;
db 0 ;
db 70h ; p
db 30h ; 0
db 0 ;
db 0 ;
db 0 ;
db 0 ;
db 0 ;
db 0 ;
db 0 ;
db 0 ;
db 0 ;
db 0 ;
db 0 ;
db 0 ;
db 0 ;
db 0 ;
db 0 ;
db 0 ;
db 0 ;
db 0 ;
db 0 ;
db 0 ;
db 0 ;
db 0 ;
db 75h ; u
db 73h ; s
db 65h ; e
db 72h ; r
db 33h ; 3
db 32h ; 2
db 2Eh ; .
db 64h ; d
db 6Ch ; l
db 6Ch ; l
db 0 ;
db 0 ;
db 6Bh ; k
db 65h ; e
db 72h ; r
db 6Eh ; n
db 65h ; e
db 6Ch ; l
db 33h ; 3
db 32h ; 2
db 2Eh ; .
db 64h ; d
db 6Ch ; l
db 6Ch ; l
db 0 ;
db 0 ;
db 0 ;
db 0 ;
db 78h ; x
db 30h ; 0
db 0 ;
db 0 ;
db 0 ;
db 0 ;
db 0 ;
db 0 ;
imports ends




; Segment type: Pure data
imports segment para public 'DATA' use32
assume cs:imports
;org 403078h
db 0 ;
db 0 ;
db 4Dh ; M
db 65h ; e
db 73h ; s
db 73h ; s
db 61h ; a
db 67h ; g
db 65h ; e
db 42h ; B
db 6Fh ; o
db 78h ; x
db 41h ; A
db 0 ;
db 0 ;
db 0 ;
db 45h ; E
db 78h ; x
db 69h ; i
db 74h ; t
db 50h ; P
db 72h ; r
db 6Fh ; o
db 63h ; c
db 65h ; e
db 73h ; s
db 73h ; s
db 0 ;
align 1000h
imports ends



; Segment type: Pure data
relocs segment para public 'DATA' use32
assume cs:relocs
;org 404000h
db 0 ;
db 20h ;
db 0 ;
db 0 ;
db 10h ;
db 0 ;
db 0 ;
db 0 ;
db 6 ;
db 30h ; 0
db 0Bh ;
db 30h ; 0
db 16h ;
db 30h ; 0
db 21h ; !
db 30h ; 0
align 1000h
relocs ends


end start
Posted on 2004-02-14 12:39:43 by Nguga
NAGOA USES this:

call dword

example call dword [0x00403000]




no table :)


and others use .


call

mem32:
jmp dword


no problem in any methods :)
Posted on 2004-02-14 12:49:31 by Nguga