using the masm assembler from iczelions package.
coding and assembling with qeditor. (FYI does not Assemble & Link right)
had to change it. anyways inserts an int3 at end of code.
already fixed windows.inc to comment out
; wsprintfA PROTO C :DWORD,:VARARG
; wsprintf equ <wsprintfA>
this one is probably similiar i dont know.

.386
.model flat, stdcall
option casemap:none

include \masm32\include\user32.inc
includelib \masm32\lib\user32.lib

.code
start:
invoke MessageBox, 0, 0, 0, 0
end start

this is how i assemble & build:
\masm32\bin\ml /c /coff /Fo "%1.obj" "%1.asm"
\masm32\bin\Link /SUBSYSTEM:WINDOWS /OPT:NOREF /OUT:"%1.exe" "%1.obj"

builds files fine with no errors. original method says .obj not found.
heres the dump of the program in olly:

00401000 > $ 6A 00 PUSH 0
00401002 . 6A 00 PUSH 0
00401004 . 6A 00 PUSH 0
00401006 . 6A 00 PUSH 0
00401008 . E8 01000000 CALL <JMP.&user32.MessageBoxA>
0040100D . CC INT3
0040100E $-FF25 00204000 JMP DWORD PTR DS:[<&user32.MessageBoxA>] ; user32.MessageBoxA


removed some call argument comments.
any ideas? -thx
Posted on 2004-10-11 19:47:51 by pwn
INT3 is a "Breakpoint" instruction. It's automatically inserted by some assemblers and compilers (mind you, not just on Intel x86 and compatible processors, but across all processors - although the exact instruction depends on the processor) between procedures. This is in order to trap any forgotten "ret" statements (or their equivalents) - so at least, you get to enter the debugger. I'm not sure how Windows reacts to breakpoints, though.

I suggest you add a dummy "ret" or just ignore the "CC" breakpoint.


What happens if you DO add additional instructions after the invoke?
Posted on 2004-10-11 20:00:32 by AmkG
got you joe. but the problem here was file alignment.
it was aligning it to even numbers.
so i added one nop, or one return. it was good.
added another the CC was there.
added another it was gone
another it was back there.. etc..

any way to avoid this, or does the jmp command of the import table, have to start on an even address ?
Posted on 2004-10-11 22:10:55 by pwn
You can get rid of the whole jump table, by using include files produced by the L2Extia tool found from the MASM32 package.
Posted on 2004-10-12 02:15:39 by Petroizki
Alignment.
Posted on 2004-10-12 02:47:20 by roticv