Let's assume I want to load EXE signature of my proggie to eax. I know exactly that it is at offset 40000h. Is there a way to do it like this:

mov eax,dword ptr [400000h]

MASM translates it into: mov eax,400000h

Of course, I can do it the other way:

mov eax,400000h
mov eax,

but it takes two instructions instead of one.

Maybe I could define a label or something at 400000h and then use it... :confused:
Posted on 2002-03-30 04:01:24 by marcinbu
And can also easily find yourself with GPF's (either way). Win32 exe's doesnt have "static" addresses, they change each time you load the program into the OS or on other OS's like NT. So your idea goes out the window when the '" begining '" moves to a new address the next time its ran.

Im going to stop myself here, and ask what your tying to do?? ( With out accusing you of anything, i smell a file patcher in the works?? (( and these things are No-No's around here)) :o )

:NaN:
Posted on 2002-03-30 04:15:09 by NaN
marcinbu,

You can get the beginning of the MZ header easily by using the instance handle which IS the start address of the PE image. Its useful if you store some values in your DOS header to read at runtime.


mov eax, hInstance
add eax, your_data_offset_from_the_file_start

Then just read the value from that address.

I will assume that you are doing legal things for the moment but do not post anything here that is illegal as our moderators all have itchy trigger fingers.

Regards,

hutch@movsd.com
Posted on 2002-03-30 05:11:24 by hutch--
Hey, aren't you guys a little oversensitive about all this? Almost every time I ask about something somebody says: "Hey, is this legal?". If I wanted to write a patcher or something I would simply do it, there are a lot of tutors spread all over the Net. I just wanted to learn sth about MASM that I don't know. That's all.

But, back to my point: what I was asking was not how to read the beginning of MZ header (it was just an example). I wanted to know if it is possible to use a direct pointer like 400000h (or any other) instead of a label:

mov eax,

instead of:

mov eax,
Posted on 2002-03-30 05:36:51 by marcinbu

And can also easily find yourself with GPF's (either way). Win32 exe's doesnt have "static" addresses, they change each time you load the program into the OS or on other OS's like NT. So your idea goes out the window when the '" begining '" moves to a new address the next time its ran.

Im going to stop myself here, and ask what your tying to do?? ( With out accusing you of anything, i smell a file patcher in the works?? (( and these things are No-No's around here)) :o )

:NaN:
Hi Nan,
Ok for DLL's, but EXE's most often are made not relocatable.. so as long as he knows that his program is ORG at $400000 there won't be any problems whatsoever. If Windows cannot map his EXE at that location, the loading of the EXE will fail anyway.

marcinbu: I don't use MASM,. and don't know why it doesn't let you do such a simple thing. Anyway, you can hardcode the instruction: DB 0A1h followed by DD <address> will load in EAX that memory location directly.
Posted on 2002-03-30 05:55:00 by Maverick
@Maverick: and what assembler do you use? If it lets you do that, I guess I'll have to switch to it :-)
Posted on 2002-03-30 06:01:33 by marcinbu
Nowadays more and more mine, but as standard assemblers if you want my advice use NASM, NASM, or NASM ;)

Also, other fellows here suggested to take a look at FASM and SpASM, which IIRC use NASM syntax. I still had no time to check SpASM, I liked FASM but didn't like that it pretends opcodes to be lowercase. Also, it didn't seem to offer anything more than NASM, so I kept on using NASM. Will have a look at SpASM anyway, and report.
Posted on 2002-03-30 06:24:23 by Maverick
Another thing I didn't like of FASM is that it doesn't make me use "$" as HEX prefix, something I'm very used with (6502, 6809, 68000.. I wasn't grow up with a Z80/8080).

SpASM seems oriented into making whole programs (it tells me "Error: no API calls"), which doesn't seem me enough versatile if I want to write a module (i.e. like assembling to BIN). Maybe I didn't notice this feature, but I looked at all menus and didn't find it. If you want to write a Win32 program (or DLL) anyway it seems very good.

So, in short, as standard assembler I'll stick with NASM.. which has a defect over FASM anyway: it defaults to long form of instructions (and vice versa for jumps and branches). But you can specify which form to use, although it's extra typing. NASM is near to be perfect IMO, only some minor defects.
Also, it's opensourced.. so you can make it perfect if you wish.
Posted on 2002-03-30 06:55:18 by Maverick
marcinbu, "mov eax, " should work.
Posted on 2002-03-30 07:13:08 by f0dder
Yep, it does! Thanx! :)
Posted on 2002-03-30 07:30:32 by marcinbu
marcinbu,

There is good reason to use the instance handle, it works on DLLs as well which don't load at 400000h.

This is how I code the setting for my tiny editor TheGun which is an EXE file,


szClassName equ <400000h + 248h>
WindowTitle equ <400000h + 23Eh>
szDisplayName equ <400000h + 226h>
cantfind equ <400000h + 256h>
TmpFile equ <400000h + 274h>

Works fine in MASM, just learn the syntax.

Regards,

hutch@movsd.com

PS : Hey, aren't you guys a little oversensitive about all this? Almost every time I ask about something somebody says: "Hey, is this legal?".

There is good reason for caution, we cannot support any illegal stuff here at all so if a question looks like it could be used that way, you will probably be asked what you are going to use it for.

Answer is simple, if its legal, its OK, if its not, don't post it here.
Posted on 2002-03-30 07:59:45 by hutch--
marcinbu,

Sorry this bothers you, but its better from my perspective to ask first than not. :)

Maverick,

Thanx for the tip. I wasnt aware of this...

:alright:
:NaN:
Posted on 2002-03-30 12:32:23 by NaN