strings andd procedures -> problem

patryk_z_wawy · July 25, 2009, 01:09:02 AM

Hi everyone,

The problem is connected with the following code:

private void button2_Click(object sender, EventArgs e)
{
   System.Text.ASCIIEncoding e = new System.Text.ASCIIEncoding();

   byte[] string1 = e.GetBytes(textBox2.Text);
  
   engine.hide(string1);
}

And :

Code Select

hide PROC in1: PTR DWORD,

   INVOKE CreateFile,
      in1, GENERIC_READ, 0, NULL,
      OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL

...

Unfortunately, CreateFile returns FFFFFFFF in eax register what probably means an error.
Moreover, I get 4 in ecx when I check size of text when in fact it has 10

That's why I use the following code to test rest of my program:

Code Select

.DATA
   in1 BYTE "file.jpg",0

...

Code Select

hide PROC

   INVOKE CreateFile,
      in1, GENERIC_READ, 0, NULL,
      OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL

...

Now, I get 10 in ecx and CreateFile works fine.

How should I pass both strings to 'hide procedure' such that I would get results like in the second case?
I suppose that in the first case I work with pointers to strings and this is the source of the problem.

Thanks in advance!

fearless · July 25, 2009, 01:37:35 AM

In the first example:

Code Select

INVOKE CreateFile, ADDR fileName,...

your proc declaration is:

Code Select

hide PROC fileName: PTR DWORD

so you dont need the ADDR part for fileName, just specify the parameter instead:

Code Select

INVOKE CreateFile, fileName, GENERIC_READ, 0, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL

Thats why in the 2nd example it worked as you were refering to the Addr of a global variable you declared in the .DATA section:

Code Select

.DATA
   fileName BYTE "file.bmp",0

To get the size of the text in the file, you can use GetFileSize (or SetFilePointer) to fetch the file size and therefore the size of the data you are working with. If its just text and only text, terminated with a null 0 byte character, then you can use the win32 lstrlen function or from the masm32 library you can use the szLen function. Using SIZEOF for the parameter will only return the size of the parameter, in this case a dword value which is 4 bytes long. So best use szLen or lstrlen to determine on the fly the length of the text string. Of course if you want to determine the size of the string once it has been read into a buffer from a file then the ReadFile function will help you in this regard, or you could use a .ini file to store the text in and use GetPrivateProfileString function to read in the text string to memory.

patryk_z_wawy · July 26, 2009, 12:05:23 AM

thanks for reply.

unfortunately, I have problems with CreateFile because it still returns FFFFFFFF in eax register.
Now, my hide function begins with

Code Select

INVOKE CreateFile, in1, GENERIC_READ, 0, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL

Is it problem of null character at the end of a string or something else? How to solve this problem?

dedndave · July 26, 2009, 12:25:44 AM

fileName is used as a label in the DATA segment
pick a different name for the global on the proc - let's call it lpFileNme - that way, it's unique, and we know it's a pointer
also, when opening a file for read-only, use FILE_SHARE_READ so that other programs may open it as well

.
.
.
.DATA

FileNme db 'file.bmp',0

.CODE
.
.
.
INVOKE hide,
ADDR FileNme
.
.
.
hide PROC lpFileNme:DWORD

INVOKE CreateFile,
lpFileNme,
GENERIC_READ,
FILE_SHARE_READ,
NULL,
OPEN_EXISTING,
FILE_ATTRIBUTE_NORMAL,
NULL
.
.
.

patryk_z_wawy · July 26, 2009, 12:37:11 AM

My problem is different. It occures when I execute my hide function
It doesn't concern 'labels', because when I want to use argument from procedure I put this fragment in comments:

Code Select

; in1 db 'file.jpg',0

So, I still don't know what's going on with CreateFile error.

MichaelW · July 26, 2009, 12:56:07 AM

0FFFFFFFFh is -1, indicating that the function failed.

#define INVALID_HANDLE_VALUE ((HANDLE)(LONG_PTR)-1)

Try calling GetLastError to get the error code value.

patryk_z_wawy · July 26, 2009, 01:33:48 AM

0FFFFFFFFh is -1, indicating that the function failed.

#define INVALID_HANDLE_VALUE ((HANDLE)(LONG_PTR)-1)

Try calling GetLastError to get the error code value.

The error message informs that can't find specified file. Probably, something wrong is with passed string.
I can only guess that it is something connected with null character.

So, my problem is still unsolved. Any ideas?

GregL · July 26, 2009, 02:39:57 AM

Mikhail,

I would use

Code Select


hide PROC lpszFileName:PTR BYTE, lpszText:PTR BYTE

   INVOKE lstrlen, lpszText
   mov ecx, eax

   INVOKE CreateFile, lpszFileName, GENERIC_READ, 0, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL
   ...

Make sure str and str2 are pointers, Byte arrays are not automatically pointers in C#. I think you'll need to use 'unsafe' code and pointers. This may give you some ideas: How to: Use the Windows ReadFile Function (C# Programming Guide)

Also, I'm pretty sure TEXT is a reserved word in MASM.

dedndave · July 26, 2009, 03:29:03 AM

_TEXT is a C standard code segment name

GregL · July 26, 2009, 03:35:32 AM

dedndave,

Yeah, I guess it is _TEXT. Should have looked it up. :red

dedndave · July 26, 2009, 03:46:19 AM

might also be FAR_TEXT
or WHATEVER_TEXT
still, not good to use words like that - lol
i try to make label names so they won't match not only the assembler, but also the API structure data names
i also try not to make them come out funny or swears - lol

GayData dw 0
SomeShit dw 1

i noticed in the registry, ms uses:

SubVersion

oh well - nobody is perfect

patryk_z_wawy · July 26, 2009, 11:47:20 AM

Didn't help

fearless · July 26, 2009, 12:56:01 PM

I would follow dedndave's example for defining the hide function:

Code Select

hide    PROC    lpFileNme:DWORD

        INVOKE  CreateFile,
                lpFileNme,
                GENERIC_READ,
                FILE_SHARE_READ,
                NULL,
                OPEN_EXISTING,
                FILE_ATTRIBUTE_NORMAL,
                NULL

Then figure out how to pass the information to the hide function from c#. Its probably a pointer thing for c#. As you want to pass the dword value of the start location of the filename string to the hide function. As the DLL will get mapped to the same user memory space as the main exe then your programs will have no problem 'seeing' the data for filename. Dont know anything about c# so cant help you on how to pass the pointer to the filename variable, but thats where i would look for a solution.

If you test the hide function via asm like in dedndaves example you will know that works as its supposed to, its just the call from c# that needs to be adjusted.

dedndave · July 26, 2009, 01:41:33 PM

temporarily add some code to help you figure out what is going on
notice that GetLastError is invoked immediately after the function call that produces the error
if you call any other functions prior to GetLastError, the information may be destroyed

hide PROC fileNames: PTR BYTE,
pText: PTR BYTE

INVOKE lstrlen, pText
mov textSize, ax
mov eax,fileNames ;temporary code
print uhex$(eax),13,10 ;temporary code
INVOKE CreateFile,
fileNames, GENERIC_READ, 0, NULL,
OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL
cmp eax,-1 ;temporary code
jnz Contin ;temporary code
invoke GetLastError ;temporary code
print uhex$(eax),13,10 ;temporary code
Contin:

patryk_z_wawy · July 26, 2009, 01:54:46 PM

Didn't help

News:

strings andd procedures -> problem

patryk_z_wawy

patryk_z_wawy

patryk_z_wawy

patryk_z_wawy

patryk_z_wawy

patryk_z_wawy