Hi,

I am trying to learn assembly, but I ran into a problem. I am trying to adapt an existing piece of code with some instructions of myself, but I am doing something wrong. The code loads user32.dll with LoadLibraryA, then runs GetProcAddress to get the address of MessageBoxA, and then runs MessageBoxA which should output the string 'Hey'. I am trying to code the part that tries to recieve the address of MessageBoxA myself, but it does not work. In the code that follows, my code is between the ############ lines. I compile the code with nasm. Can someone tell my why it is not working?

Thanks :)

BITS 32

;msgbox.asm


global _start


_start:

;eax holds return value
;ebx will hold function addresses
;ecx will hold string pointers
;edx will hold NULL


xor eax,eax
xor ebx,ebx ;zero out the registers
xor ecx,ecx
xor edx,edx

jmp short GetLibrary
LibraryReturn:
pop ecx ;get the library string
mov , dl ;insert NULL
mov ebx, 0x7962026d ;LoadLibraryA(libraryname);
push ecx ;beginning of user32.dll
call ebx ;eax will hold the module handle


###############################################

;This is my code

;eax now holds the address of user32.dll

;push the string MessageBoxA on to the stack

push 0x41786F
push 0x42656761
push 0x734D6573

;store the pointer to the string in ecx
mov ecx, esp

;terminate the string with a null

mov ,dl ;insert NULL

;push the pointer to the MessageBoxA string on to the stack

push ecx

;push the address of user32.dll on to the stack

push eax

;store the address of GetProcAddress in ebx

mov ebx, 0x79620cf7 ;GetProcAddress(hmodule,functionname);

;run GetProcAddress
call ebx ;eax now holds the address of MessageBoxA


################################################


jmp short Message
MessageReturn:
pop ecx ;get the message string
xor edx,edx
mov ,dl ;insert the NULL

xor edx,edx

push edx ;MB_OK
push ecx ;title
push ecx ;message
push edx ;NULL window handle

call eax ;MessageBoxA(windowhandle,msg,title,type); Address

ender:
xor edx,edx
push eax
mov eax, 0x79626a0a ;exitprocess(exitcode);
call eax ;exit cleanly so we don't crash the parent program


;the N at the end of each string signifies the location of the NULL
;character that needs to be inserted

GetLibrary:
call LibraryReturn
db 'user32.dllN'


Message:
call MessageReturn
db 'HeyN'
Posted on 2008-03-03 09:16:20 by daYz
I have got it solved. I was pushing some wrong characters when I tried to push the MessageBoxA string on the stack.

This part:

push 0x734D6573


should be:

push 0x7373654D
Posted on 2008-03-03 11:40:55 by daYz
Hardcoded function addresses... this code will fail if run on another windows version than your own. While this stuff can be interesting enough to play with and learn from, please don't adopt it as a coding style. And if you're planning to do malware programming, drop it.
Posted on 2008-03-03 19:24:58 by f0dder