Hello MASM Forum from brianO

brianO · November 09, 2011, 04:00:12 AM

happy to be a new member... many thanks to the people who make this forum possible...
i have programmed in a variety of languages over the years...

i am fascinated with assembler due to it's direct connections between the mnemonics...
the opcodes... and the executable file format...

i spent the last few months studying the pe file format and the opcodes via the microsoft
and intel documentation and now i am interested in learning assembler itself...

so... i wish the best to all the members of this forum!!!

thanks again... brianO

Vortex · November 09, 2011, 08:08:56 AM

Hi Brian,

Welcome to the forum.

Don't forget to check Iczelion's Portable Executable Tutorial Set :

http://win32assembly.online.fr/tutorials.html

QuoteOverview of PE File Format
Detecting a Valid PE File
File Header
Optional Header
Section Table
Import Table
Export Table

brianO · November 09, 2011, 09:48:29 AM

Vortex

Thanks for the link!

there is plenty to learn there...

i wrote a little program that loads a pe file
and creates a large datasection with it...

in effect it turns the pe file into source code...

this allows me to begin to understand those structures...

i wrote a toy compiler a while back...
so now i would like to learn to write a toy assembler...

so i figured it might be a good idea to learn some assembler!!!

here's a few lines of output...

i am happy to share any of the tools i have written
anytime with anyone... i've got hundreds of em...

take care... brianO

Code Select


>cmd /c "C:\_sys\temp\pe_coff_dump_ALL.exe"

; | FileIn =masm32.exe 16384 [bytes]
; | ________________________________________|
; | Variable Name.Type     Offset[bytes]    | Value
; | ________________________________________|
; |         DOS_HEADER                |
; | ________________________________________|
*dos.DOS_HEADER=allocatememory(sizeof(DOS_HEADER))
*dos\e_magic.s{2}                           = "MZ"            ;Magic (MZ)
*dos\e_cblp.u                               = 144             ;Bytes on last page of file
*dos\e_cp.u                                 = 3               ;Pages in file
*dos\e_crlc.u                               = 0               ;Relocations
*dos\e_cparhdr.u                            = 4               ;sizeO hdr in paras
*dos\e_minalloc.u                           = 0               ;Min extra paras needed
*dos\e_maxalloc.u                           = 65535           ;Max extra paras needed
*dos\e_ss.u                                 = 0               ;init relative SS value
*dos\e_sp.u                                 = 184             ;init SP value
*dos\e_csum.u                               = 0               ;Checksum
*dos\e_ip.u                                 = 0               ;init IP value
*dos\e_cs.u                                 = 0               ;init relative CS value
*dos\e_lfarlc.u                             = 64              ;File addr of reloc tbl
*dos\e_ovno.u                               = 0               ;Overlay number
*dos\e_res.u[4]                             = 0               ;Reserved words
*dos\e_oemid.u                              = 0               ;OEM ident for e_oeminfo
*dos\e_oeminfo.u                            = 0               ;OEM info e_oemid specific
*dos\e_res2.u[10]                           = 0               ;Reserved words
*dos\e_lfanew.l                             = 192             ;File addr of new exe hdr
; | ________________________________________|
; |         FILE_HEADER               |
; | ________________________________________|
*fil.FILE_HEADER=allocatememory(sizeof(FILE_HEADER))
*fil\Signature.s{4}                         = "PE"            ;PE signature: PE\0\0
*fil\Machine.u                              = 332             ;I386
*fil\NumberOfSections.u                     = 3               ;number of sections
*fil\TimeDateStamp.l                        = 1320830278      ;_11_09_2011_04_17_58_am
*fil\PointerToSymbolTable.l                 = 0               ;file offset of COFF tbl
*fil\NumberOfSymbols.l                      = 0               ;#entries in symbol tbl
*fil\SizeOfOptionalHeader.u                 = 224             ;sizeO the opt hdr
*fil\Characteristics.u                      = 271            
; | RELOCS_GONE|EXECUTABLE|LINE_NUMS_GONE|LOCAL_SYMS_GONE|32BIT_MACHINE
; | ________________________________________|
; |       OPTIONAL_HEADER             |
; | ________________________________________|
*opt.OPTIONAL_HEADER=allocatememory(sizeof(OPTIONAL_HEADER))
*opt\Magic.u                                = 267             ;NT_OPTIONAL_HDR32_MAGIC
*opt\UMajorLinkerVersion.a                  = 6               ;linker maj ver
*opt\UMinorLinkerVersion.a                  = 0               ;linker min ver
*opt\SizeOfCode.l                           = 4096            ;SumO code sections
*opt\SizeOfInitializedData.l                = 8192            ;SumO init data sects
*opt\SizeOfUninitializedData.l              = 0               ;SumO data sect (BSS)
*opt\AddressOfEntryPoint.l                  = 4096            ;Rel addr entry pnt img base
*opt\BaseOfCode.l                           = 4096            ;Rel addr beginOcode sect
*opt\BaseOfData.l                           = 8192            ;Rel addr beginOdata sect
*opt\ImageBase.l                            = 4194304         ;Prefd addr first byteO img 
*opt\SectionAlignment.l                     = 4096            ;alignment bytes of sects
*opt\FileAlignment.l                        = 4096            ;alignment factor bytes
*opt\MajorOperatingSystemVersion.u          = 4               ;maj ver # of op system
*opt\MinorOperatingSystemVersion.u          = 0               ;min ver # of op system
*opt\MajorImageVersion.u                    = 0               ;maj ver # of img
*opt\MinorImageVersion.u                    = 0               ;min ver # of the img
*opt\MajorSubsystemVersion.u                = 4               ;maj ver # of subsys
*opt\MinorSubsystemVersion.u                = 0               ;min ver # of subsys
*opt\Reserved1.l                            = 0               ;Reserved, must be 0
*opt\SizeOfImage.l                          = 16384           ;size bytes of img
*opt\SizeOfHeaders.l                        = 4096            ;DOSstubPE&SectHdrsRel2FAlign
*opt\CheckSum.l                             = 0               ;ignored except trusted servs
*opt\Subsystem.u                            = 3               ;WINDOWS_CUI
*opt\DllCharacteristics.u                   = 0               ;
*opt\SizeOfStackReserve.l                   = 1048576         ;sizeO Stack2reserve
*opt\SizeOfStackCommit.l                    = 4096            ;sizeO Stack2commit
*opt\SizeOfHeapReserve.l                    = 1048576         ;sizeO loc heap spc2reserve
*opt\SizeOfHeapCommit.l                     = 4096            ;sizeO loc heap spc2commit
*opt\LoaderFlags.l                          = 0               ;Reserved, must be 0
*opt\NumberOfRvaAndSizes.l                  = 16              ;#dataDirs entrs leftn optHdr
*opt\ExportTable\VirtualAddress.l           = 0               ;exp tbl addr&size
*opt\ExportTable\Size.l                     = 0              
*opt\ImportTable\VirtualAddress.l           = 8208            ;imp tbl addr&size
*opt\ImportTable\Size.l                     = 40             
*opt\ResourceTable\VirtualAddress.l         = 0               ;resource tbl addr&size
*opt\ResourceTable\Size.l                   = 0              
*opt\ExceptionTable\VirtualAddress.l        = 0               ;exception tbl addr&size
*opt\ExceptionTable\Size.l                  = 0              
*opt\CertificateTable\VirtualAddress.l      = 0               ;attribute cert tbl addr&size
*opt\CertificateTable\Size.l                = 0              
*opt\BaseRelocationTable\VirtualAddress.l   = 0               ;base relocation tbl addr&size
*opt\BaseRelocationTable\Size.l             = 0              
*opt\DebugQ\VirtualAddress.l                = 0               ;debug data starting addr&size
*opt\DebugQ\Size.l                          = 0              
*opt\Architecture\VirtualAddress.l          = 0               ;Reserved, must be 0
*opt\Architecture\Size.l                    = 0              
*opt\GlobalPtr\VirtualAddress.l             = 0               ;RVA val storD in glo ptr reg
*opt\GlobalPtr\Size.l                       = 0              
*opt\TLSTable\VirtualAddress.l              = 0               ;thread loc storG tbl addr&size
*opt\TLSTable\Size.l                        = 0              
*opt\LoadConfigTable\VirtualAddress.l       = 0               ;load config tbl addr&size
*opt\LoadConfigTable\Size.l                 = 0              
*opt\BoundImport\VirtualAddress.l           = 0               ;bound imp tbl addr&size
*opt\BoundImport\Size.l                     = 0              
*opt\IAT\VirtualAddress.l                   = 8192            ;imp addr tbl addr&size
*opt\IAT\Size.l                             = 16             
*opt\DelayImportDescriptor\VirtualAddress.l = 0               ;delay imp descr addr&size
*opt\DelayImportDescriptor\Size.l           = 0              
*opt\CLRRuntimeHeader\VirtualAddress.l      = 0               ;CLR runtime hdr addr&size
*opt\CLRRuntimeHeader\Size.l                = 0              
*opt\ReservedMustBeZero\VirtualAddress.l    = 0               ;Reserved must be 0
*opt\ReservedMustBeZero\Size.l              = 0              
; | ________________________________________|
; |     SECTION_HEADER .text          |
; | ________________________________________|
dim *sec.SECTION_HEADER(16)
*sec(1)=allocatememory(sizeof(SECTION_HEADER))
*sec(1)\Name.s                  = ".text"
*sec(1)\VirtualSize.l           = 212
*sec(1)\VirtualAddress.l        = 4096
*sec(1)\SizeOfRawData.l         = 4096
*sec(1)\PointerToRawData.l      = 4096
*sec(1)\PointerToRelocations.l  = 0
*sec(1)\PointerToLinenumbers.l  = 0
*sec(1)\NumberOfRelocations.u   = 0
*sec(1)\NumberOfLinenumbers.u   = 0
*sec(1)\CharacteristicsL.l      = 1610612768
; | CODE|EXECUTE|READ
; | ________________________________________|
; |     SECTION_HEADER .rdata         |
; | ________________________________________|
*sec(2)=allocatememory(sizeof(SECTION_HEADER))
*sec(2)\Name.s                  = ".rdata"
*sec(2)\VirtualSize.l           = 128
*sec(2)\VirtualAddress.l        = 8192
*sec(2)\SizeOfRawData.l         = 4096
*sec(2)\PointerToRawData.l      = 8192
*sec(2)\PointerToRelocations.l  = 0
*sec(2)\PointerToLinenumbers.l  = 0
*sec(2)\NumberOfRelocations.u   = 0
*sec(2)\NumberOfLinenumbers.u   = 0
*sec(2)\CharacteristicsL.l      = 1073741888
; | INITIALIZED_DATA|READ
; | ________________________________________|
; |     SECTION_HEADER .data          |
; | ________________________________________|
*sec(3)=allocatememory(sizeof(SECTION_HEADER))
*sec(3)\Name.s                  = ".data"
*sec(3)\VirtualSize.l           = 32
*sec(3)\VirtualAddress.l        = 12288
*sec(3)\SizeOfRawData.l         = 4096
*sec(3)\PointerToRawData.l      = 12288
*sec(3)\PointerToRelocations.l  = 0
*sec(3)\PointerToLinenumbers.l  = 0
*sec(3)\NumberOfRelocations.u   = 0
*sec(3)\NumberOfLinenumbers.u   = 0
*sec(3)\CharacteristicsL.l      = -1073741760
; | WRITE|INITIALIZED_DATA|READ
; | ________________________________________|
DataSection
s:
data.b   $4D,$5A,$90,$00,$03,$00,$00,$00  ; [     0,8     ] | [003FFFFF,00400007] |MZ......
data.b   $04,$00,$00,$00,$FF,$FF,$00,$00  ; [     8,16    ] | [00400007,0040000F] |........
data.b   $B8,$00,$00,$00,$00,$00,$00,$00  ; [    16,24    ] | [0040000F,00400017] |........
data.b   $40,$00,$00,$00,$00,$00,$00,$00  ; [    24,32    ] | [00400017,0040001F] |@.......
data.b   $00,$00,$00,$00,$00,$00,$00,$00  ; [    32,40    ] | [0040001F,00400027] |........
data.b   $00,$00,$00,$00,$00,$00,$00,$00  ; [    40,48    ] | [00400027,0040002F] |........
data.b   $00,$00,$00,$00,$00,$00,$00,$00  ; [    48,56    ] | [0040002F,00400037] |........
data.b   $00,$00,$00,$00,$C0,$00,$00,$00  ; [    56,64    ] | [00400037,0040003F] |........
data.b   $0E,$1F,$BA,$0E,$00,$B4,$09,$CD  ; [    64,72    ] | [0040003F,00400047] |........
data.b   $21,$B8,$01,$4C,$CD,$21,$54,$68  ; [    72,80    ] | [00400047,0040004F] |!..L.!Th
data.b   $69,$73,$20,$70,$72,$6F,$67,$72  ; [    80,88    ] | [0040004F,00400057] |is.progr
data.b   $61,$6D,$20,$63,$61,$6E,$6E,$6F  ; [    88,96    ] | [00400057,0040005F] |am.canno
data.b   $74,$20,$62,$65,$20,$72,$75,$6E  ; [    96,104   ] | [0040005F,00400067] |t.be.run
data.b   $20,$69,$6E,$20,$44,$4F,$53,$20  ; [   104,112   ] | [00400067,0040006F] |.in.DOS.
data.b   $6D,$6F,$64,$65,$2E,$0D,$0D,$0A  ; [   112,120   ] | [0040006F,00400077] |mode....
data.b   $24,$00,$00,$00,$00,$00,$00,$00  ; [   120,128   ] | [00400077,0040007F] |$.......
data.b   $13,$81,$DD,$DE,$57,$E0,$B3,$8D  ; [   128,136   ] | [0040007F,00400087] |....W...
data.b   $57,$E0,$B3,$8D,$57,$E0,$B3,$8D  ; [   136,144   ] | [00400087,0040008F] |W...W...
data.b   $D9,$FF,$A0,$8D,$51,$E0,$B3,$8D  ; [   144,152   ] | [0040008F,00400097] |....Q...
data.b   $AB,$C0,$A1,$8D,$55,$E0,$B3,$8D  ; [   152,160   ] | [00400097,0040009F] |....U...
data.b   $34,$C2,$99,$8D,$56,$E0,$B3,$8D  ; [   160,168   ] | [0040009F,004000A7] |4...V...
data.b   $52,$69,$63,$68,$57,$E0,$B3,$8D  ; [   168,176   ] | [004000A7,004000AF] |RichW...
data.b   $00,$00,$00,$00,$00,$00,$00,$00  ; [   176,184   ] | [004000AF,004000B7] |........
data.b   $00,$00,$00,$00,$00,$00,$00,$00  ; [   184,192   ] | [004000B7,004000BF] |........
data.b   $50,$45,$00,$00,$4C,$01,$03,$00  ; [   192,200   ] | [004000BF,004000C7] |PE..L...

	.blah
	.blah
	.blah

data.b   $00,$00,$00,$00,$00,$00,$00,$00  ; [ 16360,16368 ] | [00403FE8,00403FF0] |........
data.b   $00,$00,$00,$00,$00,$00,$00,$00  ; [ 16368,16376 ] | [00403FF0,00403FF8] |........
data.b   $00,$00,$00,$00,$00,$00,$00,$00  ; [ 16376,16384 ] | [00403FF8,00404000] |........
e:
EndDataSection

DataSection
sDISASM:
data.b $68,$00,$30,$40,$00                               ; push 00403000h
data.b $E8,$0A,$00,$00,$00                               ; call 00000014h
data.b $6A,$00                                           ; push 00000000h
data.b $E8,$B1,$00,$00,$00                               ; call 000000C2h
data.b $CC                                               ; int3 
data.b $CC                                               ; int3 
data.b $CC                                               ; int3 
data.b $55                                               ; push ebp
data.b $8B,$EC                                           ; mov ebp, esp
data.b $83,$C4,$F4                                       ; add esp, FFFFFFF4h
data.b $6A,$F5                                           ; push FFFFFFF5h
data.b $E8,$A7,$00,$00,$00                               ; call 000000C8h
data.b $89,$45,$FC                                       ; mov dword ptr [ebp-04h], eax
data.b $FF,$75,$08                                       ; push dword ptr [ebp+08h]
data.b $E8,$24,$00,$00,$00                               ; call 00000050h
data.b $89,$45,$F4                                       ; mov dword ptr [ebp-0Ch], eax
data.b $6A,$00                                           ; push 00000000h

	.blah
	.blah
	.blah

data.b $C2,$04,$00                                       ; retn 0004h
data.b $CC                                               ; int3 
data.b $FF,$25,$08,$20,$40,$00                           ; jmp dword ptr [00402008h]
data.b $FF,$25,$00,$20,$40,$00                           ; jmp dword ptr [00402000h]
data.b $FF,$25,$04,$20,$40,$00                           ; jmp dword ptr [00402004h]
eDISASM:
eDISASM:
EndDataSection

f.s="_masm32.exe"
If CreateFile(2115,f.s)
WriteData(2115,?s,?e-?s)
CloseFile(2115)
Else
cw("not writedata :"+f.s)
EndIf
; RunProgram(f.s)

Farabi · November 23, 2011, 02:53:18 PM

Quote from: brianO on November 09, 2011, 09:48:29 AM
Vortex

Thanks for the link!

there is plenty to learn there...

i wrote a little program that loads a pe file
and creates a large datasection with it...

in effect it turns the pe file into source code...

this allows me to begin to understand those structures...

i wrote a toy compiler a while back...
so now i would like to learn to write a toy assembler...

so i figured it might be a good idea to learn some assembler!!!

here's a few lines of output...

i am happy to share any of the tools i have written
anytime with anyone... i've got hundreds of em...

take care... brianO

Code Select Expand
>cmd /c "C:\_sys\temp\pe_coff_dump_ALL.exe" ; | FileIn =masm32.exe 16384 [bytes] ; | ________________________________________| ; | Variable Name.Type Offset[bytes] | Value ; | ________________________________________| ; | DOS_HEADER | ; | ________________________________________| *dos.DOS_HEADER=allocatememory(sizeof(DOS_HEADER)) *dos\e_magic.s{2} = "MZ" ;Magic (MZ) *dos\e_cblp.u = 144 ;Bytes on last page of file *dos\e_cp.u = 3 ;Pages in file *dos\e_crlc.u = 0 ;Relocations *dos\e_cparhdr.u = 4 ;sizeO hdr in paras *dos\e_minalloc.u = 0 ;Min extra paras needed *dos\e_maxalloc.u = 65535 ;Max extra paras needed *dos\e_ss.u = 0 ;init relative SS value *dos\e_sp.u = 184 ;init SP value *dos\e_csum.u = 0 ;Checksum *dos\e_ip.u = 0 ;init IP value *dos\e_cs.u = 0 ;init relative CS value *dos\e_lfarlc.u = 64 ;File addr of reloc tbl *dos\e_ovno.u = 0 ;Overlay number *dos\e_res.u[4] = 0 ;Reserved words *dos\e_oemid.u = 0 ;OEM ident for e_oeminfo *dos\e_oeminfo.u = 0 ;OEM info e_oemid specific *dos\e_res2.u[10] = 0 ;Reserved words *dos\e_lfanew.l = 192 ;File addr of new exe hdr ; | ________________________________________| ; | FILE_HEADER | ; | ________________________________________| *fil.FILE_HEADER=allocatememory(sizeof(FILE_HEADER)) *fil\Signature.s{4} = "PE" ;PE signature: PE\0\0 *fil\Machine.u = 332 ;I386 *fil\NumberOfSections.u = 3 ;number of sections *fil\TimeDateStamp.l = 1320830278 ;_11_09_2011_04_17_58_am *fil\PointerToSymbolTable.l = 0 ;file offset of COFF tbl *fil\NumberOfSymbols.l = 0 ;#entries in symbol tbl *fil\SizeOfOptionalHeader.u = 224 ;sizeO the opt hdr *fil\Characteristics.u = 271 ; | RELOCS_GONE|EXECUTABLE|LINE_NUMS_GONE|LOCAL_SYMS_GONE|32BIT_MACHINE ; | ________________________________________| ; | OPTIONAL_HEADER | ; | ________________________________________| *opt.OPTIONAL_HEADER=allocatememory(sizeof(OPTIONAL_HEADER)) *opt\Magic.u = 267 ;NT_OPTIONAL_HDR32_MAGIC *opt\UMajorLinkerVersion.a = 6 ;linker maj ver *opt\UMinorLinkerVersion.a = 0 ;linker min ver *opt\SizeOfCode.l = 4096 ;SumO code sections *opt\SizeOfInitializedData.l = 8192 ;SumO init data sects *opt\SizeOfUninitializedData.l = 0 ;SumO data sect (BSS) *opt\AddressOfEntryPoint.l = 4096 ;Rel addr entry pnt img base *opt\BaseOfCode.l = 4096 ;Rel addr beginOcode sect *opt\BaseOfData.l = 8192 ;Rel addr beginOdata sect *opt\ImageBase.l = 4194304 ;Prefd addr first byteO img *opt\SectionAlignment.l = 4096 ;alignment bytes of sects *opt\FileAlignment.l = 4096 ;alignment factor bytes *opt\MajorOperatingSystemVersion.u = 4 ;maj ver # of op system *opt\MinorOperatingSystemVersion.u = 0 ;min ver # of op system *opt\MajorImageVersion.u = 0 ;maj ver # of img *opt\MinorImageVersion.u = 0 ;min ver # of the img *opt\MajorSubsystemVersion.u = 4 ;maj ver # of subsys *opt\MinorSubsystemVersion.u = 0 ;min ver # of subsys *opt\Reserved1.l = 0 ;Reserved, must be 0 *opt\SizeOfImage.l = 16384 ;size bytes of img *opt\SizeOfHeaders.l = 4096 ;DOSstubPE&SectHdrsRel2FAlign *opt\CheckSum.l = 0 ;ignored except trusted servs *opt\Subsystem.u = 3 ;WINDOWS_CUI *opt\DllCharacteristics.u = 0 ; *opt\SizeOfStackReserve.l = 1048576 ;sizeO Stack2reserve *opt\SizeOfStackCommit.l = 4096 ;sizeO Stack2commit *opt\SizeOfHeapReserve.l = 1048576 ;sizeO loc heap spc2reserve *opt\SizeOfHeapCommit.l = 4096 ;sizeO loc heap spc2commit *opt\LoaderFlags.l = 0 ;Reserved, must be 0 *opt\NumberOfRvaAndSizes.l = 16 ;#dataDirs entrs leftn optHdr *opt\ExportTable\VirtualAddress.l = 0 ;exp tbl addr&size *opt\ExportTable\Size.l = 0 *opt\ImportTable\VirtualAddress.l = 8208 ;imp tbl addr&size *opt\ImportTable\Size.l = 40 *opt\ResourceTable\VirtualAddress.l = 0 ;resource tbl addr&size *opt\ResourceTable\Size.l = 0 *opt\ExceptionTable\VirtualAddress.l = 0 ;exception tbl addr&size *opt\ExceptionTable\Size.l = 0 *opt\CertificateTable\VirtualAddress.l = 0 ;attribute cert tbl addr&size *opt\CertificateTable\Size.l = 0 *opt\BaseRelocationTable\VirtualAddress.l = 0 ;base relocation tbl addr&size *opt\BaseRelocationTable\Size.l = 0 *opt\DebugQ\VirtualAddress.l = 0 ;debug data starting addr&size *opt\DebugQ\Size.l = 0 *opt\Architecture\VirtualAddress.l = 0 ;Reserved, must be 0 *opt\Architecture\Size.l = 0 *opt\GlobalPtr\VirtualAddress.l = 0 ;RVA val storD in glo ptr reg *opt\GlobalPtr\Size.l = 0 *opt\TLSTable\VirtualAddress.l = 0 ;thread loc storG tbl addr&size *opt\TLSTable\Size.l = 0 *opt\LoadConfigTable\VirtualAddress.l = 0 ;load config tbl addr&size *opt\LoadConfigTable\Size.l = 0 *opt\BoundImport\VirtualAddress.l = 0 ;bound imp tbl addr&size *opt\BoundImport\Size.l = 0 *opt\IAT\VirtualAddress.l = 8192 ;imp addr tbl addr&size *opt\IAT\Size.l = 16 *opt\DelayImportDescriptor\VirtualAddress.l = 0 ;delay imp descr addr&size *opt\DelayImportDescriptor\Size.l = 0 *opt\CLRRuntimeHeader\VirtualAddress.l = 0 ;CLR runtime hdr addr&size *opt\CLRRuntimeHeader\Size.l = 0 *opt\ReservedMustBeZero\VirtualAddress.l = 0 ;Reserved must be 0 *opt\ReservedMustBeZero\Size.l = 0 ; | ________________________________________| ; | SECTION_HEADER .text | ; | ________________________________________| dim *sec.SECTION_HEADER(16) *sec(1)=allocatememory(sizeof(SECTION_HEADER)) *sec(1)\Name.s = ".text" *sec(1)\VirtualSize.l = 212 *sec(1)\VirtualAddress.l = 4096 *sec(1)\SizeOfRawData.l = 4096 *sec(1)\PointerToRawData.l = 4096 *sec(1)\PointerToRelocations.l = 0 *sec(1)\PointerToLinenumbers.l = 0 *sec(1)\NumberOfRelocations.u = 0 *sec(1)\NumberOfLinenumbers.u = 0 *sec(1)\CharacteristicsL.l = 1610612768 ; | CODE|EXECUTE|READ ; | ________________________________________| ; | SECTION_HEADER .rdata | ; | ________________________________________| *sec(2)=allocatememory(sizeof(SECTION_HEADER)) *sec(2)\Name.s = ".rdata" *sec(2)\VirtualSize.l = 128 *sec(2)\VirtualAddress.l = 8192 *sec(2)\SizeOfRawData.l = 4096 *sec(2)\PointerToRawData.l = 8192 *sec(2)\PointerToRelocations.l = 0 *sec(2)\PointerToLinenumbers.l = 0 *sec(2)\NumberOfRelocations.u = 0 *sec(2)\NumberOfLinenumbers.u = 0 *sec(2)\CharacteristicsL.l = 1073741888 ; | INITIALIZED_DATA|READ ; | ________________________________________| ; | SECTION_HEADER .data | ; | ________________________________________| *sec(3)=allocatememory(sizeof(SECTION_HEADER)) *sec(3)\Name.s = ".data" *sec(3)\VirtualSize.l = 32 *sec(3)\VirtualAddress.l = 12288 *sec(3)\SizeOfRawData.l = 4096 *sec(3)\PointerToRawData.l = 12288 *sec(3)\PointerToRelocations.l = 0 *sec(3)\PointerToLinenumbers.l = 0 *sec(3)\NumberOfRelocations.u = 0 *sec(3)\NumberOfLinenumbers.u = 0 *sec(3)\CharacteristicsL.l = -1073741760 ; | WRITE|INITIALIZED_DATA|READ ; | ________________________________________| DataSection s: data.b $4D,$5A,$90,$00,$03,$00,$00,$00 ; [ 0,8 ] | [003FFFFF,00400007] |MZ...... data.b $04,$00,$00,$00,$FF,$FF,$00,$00 ; [ 8,16 ] | [00400007,0040000F] |........ data.b $B8,$00,$00,$00,$00,$00,$00,$00 ; [ 16,24 ] | [0040000F,00400017] |........ data.b $40,$00,$00,$00,$00,$00,$00,$00 ; [ 24,32 ] | [00400017,0040001F] |@....... data.b $00,$00,$00,$00,$00,$00,$00,$00 ; [ 32,40 ] | [0040001F,00400027] |........ data.b $00,$00,$00,$00,$00,$00,$00,$00 ; [ 40,48 ] | [00400027,0040002F] |........ data.b $00,$00,$00,$00,$00,$00,$00,$00 ; [ 48,56 ] | [0040002F,00400037] |........ data.b $00,$00,$00,$00,$C0,$00,$00,$00 ; [ 56,64 ] | [00400037,0040003F] |........ data.b $0E,$1F,$BA,$0E,$00,$B4,$09,$CD ; [ 64,72 ] | [0040003F,00400047] |........ data.b $21,$B8,$01,$4C,$CD,$21,$54,$68 ; [ 72,80 ] | [00400047,0040004F] |!..L.!Th data.b $69,$73,$20,$70,$72,$6F,$67,$72 ; [ 80,88 ] | [0040004F,00400057] |is.progr data.b $61,$6D,$20,$63,$61,$6E,$6E,$6F ; [ 88,96 ] | [00400057,0040005F] |am.canno data.b $74,$20,$62,$65,$20,$72,$75,$6E ; [ 96,104 ] | [0040005F,00400067] |t.be.run data.b $20,$69,$6E,$20,$44,$4F,$53,$20 ; [ 104,112 ] | [00400067,0040006F] |.in.DOS. data.b $6D,$6F,$64,$65,$2E,$0D,$0D,$0A ; [ 112,120 ] | [0040006F,00400077] |mode.... data.b $24,$00,$00,$00,$00,$00,$00,$00 ; [ 120,128 ] | [00400077,0040007F] |$....... data.b $13,$81,$DD,$DE,$57,$E0,$B3,$8D ; [ 128,136 ] | [0040007F,00400087] |....W... data.b $57,$E0,$B3,$8D,$57,$E0,$B3,$8D ; [ 136,144 ] | [00400087,0040008F] |W...W... data.b $D9,$FF,$A0,$8D,$51,$E0,$B3,$8D ; [ 144,152 ] | [0040008F,00400097] |....Q... data.b $AB,$C0,$A1,$8D,$55,$E0,$B3,$8D ; [ 152,160 ] | [00400097,0040009F] |....U... data.b $34,$C2,$99,$8D,$56,$E0,$B3,$8D ; [ 160,168 ] | [0040009F,004000A7] |4...V... data.b $52,$69,$63,$68,$57,$E0,$B3,$8D ; [ 168,176 ] | [004000A7,004000AF] |RichW... data.b $00,$00,$00,$00,$00,$00,$00,$00 ; [ 176,184 ] | [004000AF,004000B7] |........ data.b $00,$00,$00,$00,$00,$00,$00,$00 ; [ 184,192 ] | [004000B7,004000BF] |........ data.b $50,$45,$00,$00,$4C,$01,$03,$00 ; [ 192,200 ] | [004000BF,004000C7] |PE..L... .blah .blah .blah data.b $00,$00,$00,$00,$00,$00,$00,$00 ; [ 16360,16368 ] | [00403FE8,00403FF0] |........ data.b $00,$00,$00,$00,$00,$00,$00,$00 ; [ 16368,16376 ] | [00403FF0,00403FF8] |........ data.b $00,$00,$00,$00,$00,$00,$00,$00 ; [ 16376,16384 ] | [00403FF8,00404000] |........ e: EndDataSection DataSection sDISASM: data.b $68,$00,$30,$40,$00 ; push 00403000h data.b $E8,$0A,$00,$00,$00 ; call 00000014h data.b $6A,$00 ; push 00000000h data.b $E8,$B1,$00,$00,$00 ; call 000000C2h data.b $CC ; int3 data.b $CC ; int3 data.b $CC ; int3 data.b $55 ; push ebp data.b $8B,$EC ; mov ebp, esp data.b $83,$C4,$F4 ; add esp, FFFFFFF4h data.b $6A,$F5 ; push FFFFFFF5h data.b $E8,$A7,$00,$00,$00 ; call 000000C8h data.b $89,$45,$FC ; mov dword ptr [ebp-04h], eax data.b $FF,$75,$08 ; push dword ptr [ebp+08h] data.b $E8,$24,$00,$00,$00 ; call 00000050h data.b $89,$45,$F4 ; mov dword ptr [ebp-0Ch], eax data.b $6A,$00 ; push 00000000h .blah .blah .blah data.b $C2,$04,$00 ; retn 0004h data.b $CC ; int3 data.b $FF,$25,$08,$20,$40,$00 ; jmp dword ptr [00402008h] data.b $FF,$25,$00,$20,$40,$00 ; jmp dword ptr [00402000h] data.b $FF,$25,$04,$20,$40,$00 ; jmp dword ptr [00402004h] eDISASM: eDISASM: EndDataSection f.s="_masm32.exe" If CreateFile(2115,f.s) WriteData(2115,?s,?e-?s) CloseFile(2115) Else cw("not writedata :"+f.s) EndIf ; RunProgram(f.s)

If you already created an assembler/compiler youre already become part of us. The rest would be easy, for example you can see "OEX" a.k.a peter, since he wrote dissassembler him self he suddenly jumped become a 3D graphics optimizer, not just that, he even able to recognize human voice, but he hid it all along from you guys. Well, welcome on board, and nice to know you.

News:

Hello MASM Forum from brianO

brianO

Vortex

brianO

Farabi