A problem with OllyDbg v1.10

[wincry]

  Hi Everybody,

          please help me out. My following assembly program runs good but when i try to use the OllyDbg it says the following,
                    Module 'MSVCRT20.dll' has entry point outside the code (as specified in the PE header).
         
          I cant understand the reason behind it.
            so please tell me why it says so.
            My antivirus avira antivir also says that the exe is an virus Why ?
             
               

;asm program to find out sum of first n th natural number
;compiled with goasm
;dated 18-12-2008


.data
   num  dd ?
   store dd ?
   mess db  0dh,0ah,"You sum of th natural number is :%d",0
   mess1 db   "Pleade enter a number:",0
   getinput db "%d",0
   
   
.code
start:
   ;first you have to set stack frame base pointer
   ;this can be done like this
   
   push ebp
   mov ebp ,esp
   
   ; stack frame base pointer setup compleate
   ; now do the real stuff
    push ebx
    push offset mess1
    call printf
    push offset num
    push  offset getinput
    call scanf
   mov ebx , d[num]
   inc ebx
   mov eax, d[num]
   mul ebx
   mov bx,2
   div bx
   push eax
   mov eax ,offset mess
   push eax
   call printf
   mov esp,ebp
   pop ebp
   ret
   
                   
             
             
           

[donkey]

For the OLLY problem, it appears to be something with MSVCRT20.dll and not GoAsm or OllyDbg, since GoAsm only creates a jump table for API calls and the jumps to msvcrt20 appear to be normal from a quick check (moving them in the jump table results in the same message), it would require a disassembly of the dll to find the actual issue but since it is nothing that we can correct there's not much use to it. For the ainti virus, different scanners use different signature databases and can generate false positives from some pretty benign programs, this topic has been covered in many threads and is found in all assemblers not just GoAsm.

Also, since the calls to the Visual C library use the C calling convention, you are required to adjust ESP after the call (add esp, #bytes pushed). Had you followed the rules here there would be no need for a stack frame since the stack would not have been so badly out of balance when the RET instruction executes.

[wincry]

thanks donkey,
   I forgot all about the c calling conversion.
   
                             Thanks for the help and MerryChristmas.

[GregL]

wincry,

MSVCRT20.DLL is an old version of the C Run-Time Library from Visual C++.

Link with MSVCRT.DLL, which is a 'generic' version and is included in all versions of Windows since Windows 95 SP1.

[donkey]

wincry,

MSVCRT20.DLL is an old version of the C Run-Time Library from Visual C++.

Link with MSVCRT.DLL, which is a 'generic' version and is included in all versions of Windows since Windows 95 SP1.

Hit the nail onthe head there Greg, never really used the vc run times much (with the exception of _gcvt) so I would never have caught it but it does get rid of the OllyDbg message.

[wincry]

Hi donkey,
   
        please check this out and tell me if you found any errors in the given asm code.
          thanks Greg you are correct, replecing msvcrt20.dll with msvcrt.dll solves the problem.
                       donkey can the below code could be made more efficient if yes please tell me how.
         

;asm program to find out sum of first n th natural number
;compiled with goasm
;dated 18-12-2008


.data
   num  dd ?
   store dd ?
   mess db  0dh,0ah,"You sum of th natural number is :%d",0
   mess1 db   "Pleade enter a number:",0
   getinput db "%d",0
   
   
.code
start:
   ;first you have to set stack frame base pointer
   ;this can be done like this
   
   push ebp
   mov ebp ,esp
   
   ; stack frame base pointer setup compleate
   ; now do the real stuff
    push ebx
    push offset mess1
    call printf
    add esp,12; 8 byte for local variable and 4 for return address
    push offset num
    push  offset getinput
    call scanf
    add esp,12
   mov ebx , d[num]
   inc ebx
   mov eax, d[num]
   mul ebx
   mov bx,2
   div bx
   push eax
   mov eax ,offset mess
   push eax
   call printf
   add esp,12
   mov esp,ebp
   pop ebp
   
   ret
   
           

[Damos]

1. There's a trick for dividing by 2 that is much faster than using a div, use shr eax,1 instead of div bx.
2. You should always try to avoid using 16 bit registers in 32 bit code, it seems in this example that there is no need to do so.
3. There is no need to move constants into a register before pushing them: mov eax,offset mess & push eax can simply be replaced by push offset mess.

[Mark Jones]

...can the below code be made more efficient if yes please tell me how.

Hello Wincry, for basic through advanced code optimization, please see Mark Larson's page:
http://www.mark.masmcode.com/

[Vortex]

Software optimization resources by Agner Fog :

http://agner.org/optimize/

[wincry]

 Thanks
               vortex...its a very cool site.