C++ to ASM translation help

[Seb]

Hi there!

Could anyone tell me why this code won't compile and help me producing a correct translation from the C++ code? I'm trying to translate a C++ function I wrote some time ago. The function is supposed to enumerate the modules in a process (Module32First/Next), get the CRC32 for each module found and compare it to an internal list. While this kind of code worked fine in C++ and VB.NET (although .NET uses its own very high-level stuff), I'm having problems compiling the function and most probably will have problems with the function in practice, so that's why I decided to turn to the friendly souls here for help. :U The error I'm getting is:

Code Select Expand


error A2070: invalid instruction operands


C++ code:

Code Select Expand


typedef struct {
char *name;
DWORD checksum;
} ILLEGAL_MODULE;

ILLEGAL_MODULE illegal_modules[]={{...}}; // don't mind this, it's just to demonstrate how the variable looks like (array of structures)

void CheckModules(DWORD pID)
{
HANDLE h=CreateToolhelp32Snapshot(TH32CS_SNAPMODULE,pID);
if (h==INVALID_HANDLE_VALUE)
return;

MODULEENTRY32 me32;
me32.dwSize=sizeof(MODULEENTRY32);

if (!Module32First(h,&me32)) {
CloseHandle(h);
return;
}

DWORD c;

do {
if (CRC32(me32.szExePath,c)) {
for (unsigned int a=0;a<MODULES;++a) {
if (c==illegal_modules[a].checksum) { // CRC32 matches!
Report(FOUND,&illegal_modules[a]); // report the illegal module

CloseHandle(h);
continue;
}
}
}
// test for various "bad" strings
if (strstr(me32.szModule,"virus")) {
Report(FOUND,NULL);

CloseHandle(h);
continue;
}
// ...
} while (Module32Next(h,&me32));

CloseHandle(h);
}


And here's the Assembly code:

Code Select Expand


ILLEGAL_MODULE struc 4
Name db 30 dup(?)
Checksum DWORD ?
ILLEGAL_MODULE ends

align 4

CheckModules proc pID:DWORD
LOCAL hSnapshot:HANDLE
LOCAL me32:MODULEENTRY32
LOCAL bEnum:BOOL
LOCAL checksum:DWORD
LOCAL illegal_module:ILLEGAL_MODULE

invoke CreateToolhelp32Snapshot,TH32CS_SNAPMODULE,pID
inc eax
jz bail_out
dec eax
mov hSnapshot,eax
mov me32.dwSize,sizeof me32
invoke Module32First,hSnapshot,addr me32
test eax,eax
jz bail_out_close

pushad ; Is this necessary (or a good programming practice at all?)

.repeat
invoke CRC32,addr me32.szExePath
mov checksum,eax
mov ecx,MODULES
lea esi,illegalList
_loop:
mov illegal_module,ILLEGAL_MODULE ptr [esi+ecx*(sizeof ILLEGAL_MODULE)] ;<---- This line gives me the error
cmp eax,illegal_module.Checksum
je mod_found
dec ecx
jnz_loop

lea ebx,me32.szModule
invoke szLower,ebx

invoke InString,1,ebx,addr szIllegal0
test eax,eax
jnz modw_found
invoke InString,1,ebx,addr szIllegal1
test eax,eax
jnz modw_found
invoke InString,1,ebx,addr szIllegal2
test eax,eax
jnz modw_found
invoke InString,1,ebx,addr szIllegal3
test eax,eax
jnz modw_found
invoke InString,1,ebx,addr szIllegal4
test eax,eax
jnz modw_found

invoke Module32Next,hSnapshot,addr me32
mov bEnum,eax
.continue
modw:
invoke Report,addr FOUND,NULL,ebx
.continue
mod_found:
invoke Report,addr FOUND,addr illegal_module
.continue
.until !bEnum

bail_out_close:
invoke CloseHandle,hSnapshot
bail_out:
ret
CheckModules endp


Thanks!

Regards,
Seb

[anon]

mov illegal_module,ILLEGAL_MODULE ptr [esi+ecx*(sizeof ILLEGAL_MODULE)] ;<---- This line gives me the error

You are trying to do a "memory" to "memory" move. This is not supported.

You could do something like this

mov eax,ILLEGAL_MODULE ptr [esi+ecx*(sizeof ILLEGAL_MODULE)]
mov illegal_module,eax

Or you could do this

push ILLEGAL_MODULE ptr [esi+ecx*(sizeof ILLEGAL_MODULE)]
pop illegal_module

pushad      ; Is this necessary (or a good programming practice at all?)

Nothing wrong with this if you need it, but I would also popad somewhere too.

[Seb]

Hi anon, thanks for clearing that up.

Did you, out of curiousity, notice anything else wrong with the code (as of how it would do the job, not compilation errors)?

Thanks again mate.

Regards,
Seb

[anon]

Sorry,

I did not check the code for anything except to tell you why it would not compile.
As far as functionality is concerned, debuggers are our friends  :wink

[Seb]

Naturally, you're right. :lol Thanks again! :U

[OldTimer]

Hi,
I hope this will give you some clues.  I haven't tried your program.

;------------------------------------------------------------------------------------------------------
;  For some reason The "Name" field in you structure is messing up the
;  "sizeof" value of your structure.   "sizeof" returns a value of 4
;  when I calculate the value should be 34 (36 when aligned to a 4 byte
;  boundary).  If "Name" is changed to "Name1" the "sizeof" value is correct.
;  With the correct size [esi+ecx*36] it won't compile.
;--------------------------------------------------------------------------------------------------------


;  I'm assuming that you want to compare eax with a value
;  in a structure in memory somewhere.
;  The structure's layout is INVALID_MODULE and all the structures
;  are written one after the other in memory, the base address
;  being esi.

;  this is an old-fashioned, long winded approach.
;  (but easy to follow and debug)

;  first save the registers that you will be using
            push  eax
            push  ebx
            push  edx

;  get the address of the structure in memory
            xor   edx,edx
            mov   eax,sizeof ILLEGAL_MODULE
            mul   ecx
            mov   ebx,esi              ; base addr
            add   ebx,eax            ; offset

;  tell the assembler that ebx is now a pointer.
            assume ebx: ptr ILLEGAL_MODULE

;  select the field you want
            mov   edx,[ebx].Checksum

;  tranfer the result to a variable.
            mov   illegal_module.Checksum,edx

;  tell the assembler that you've finished with the pointer
            assume ebx: nothing

;  lastly restore the registers you've used
            pop   edx
            pop   ebx
            pop   eax

;  do your compare
            cmp eax,illegal_module.Checksum

;            ``````
;            ``````
Regards,
Les.

[Seb]

Hi OldTimer,

thanks, that actually did give me some clues on how to do it. I'll test this code ASAP and get back to you. :U

Regards,
Seb