bug in Fill_api_buffer only get Mess instead of messagebox

[marco_xx]

Hi,

i am expirimenting with some compressions/decomp.


For the first stage i have a function fill api buffer.
Then i copy x bytes from startpos+len only inside the function it BUGs by copying 4 buyes for example Mess instead of messageBox.

Code Select Expand


; ml /c /coff NoImport.asm
; Link /subsystem:windows NoImport.com
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
.386
.model flat,stdcall
option casemap:none

include d:\masm32\include\windows.inc
include d:\masm32\include\kernel32.inc
include d:\masm32\include\user32.inc
include d:\masm32\include\masm32.inc
includelib d:\masm32\lib\user32.lib
includelib d:\masm32\lib\kernel32.lib
includelib d:\masm32\lib\masm32.lib



;--------------=========== purpose ================-------------
; we got 1 buffer with apinames.
; After decompression that is.... (not used here yet... ;-) )
; IMAGINE that we could use 1 HUGE buffer that after its (decompressed) is
; FILLED with apinames...
;========================================================================
;
;       ======== the algoritm ===========
;
;      1: asume this is a buffer : apinames db "api1Api2Api3Api4"
;      2: then we copy x bytes from decompressed buffer and use import module to call the api!
;      3: xstart and xend are known so we will have a VERRY small EXE.
;      4: this is great, it beats VC for me.
;
;



Fill_api_buffer Proto  :DWORD

.data


;======= text output========== 
BoxText      db "string test",0


;----- compressed stuff ----------
; finished in other module


;------ TEXT FUNC COPY----------
Apinames db "MessageBoxAReadFileA",0
; =-insert ^^ db??

mblen equ 10d ; mbox=10
rflen equ 9d

; test buffers
;---------------------
bufferxx       dw 41 dup(?)
bufferyy       dw 41 dup(0)



.code


Fill_api_buffer Proc  , OutBuffer4Api

;
bug here only copy`s 4 bytes not 10Decimal like its suposed todo.

invoke szMid,addr Apinames ,addr  OutBuffer4Api,0,10d ; already 0 terminated!
mov eax, OutBuffer4Api

ret 
Fill_api_buffer endp


start:

;====todo:=============
; decrypt buffer2buffer
; copy strings to buffers



; api doc....s
; 0=1st char, already zero terminated.
;-------- src,buffer,pos2read,numBytes2read



; messageBox (starts at 0 and its length= 10d)
;-------------------------------------
;invoke szMid,addr Apinames ,addr bufferyy,0,10d ; already 0 terminated!
this one ^^ works... but in func it doesn`t work

; readfilea (starts at 11d and its length=9d
;---------------------------------------------
;invoke szMid,addr Apinames ,addr bufferyy,11d,rflen ; already 0 terminated!



; moved above shit to function
;===============================

invoke Fill_api_buffer,addr bufferyy
MOV dword ptr [bufferxx],EAX


invoke MessageBox, NULL,addr bufferxx , addr  BoxText, MB_OK



invoke ExitProcess, 0



end start



if it would work it would be my smallest noimport.exe test.
Hmm wonder if Atoi and itoa can be used to stuff in numbers and compress that too?
db rocks :-)


vc6 comes with source right?

[dsouza123]

It does copy 10 chars into bufferyy but you are displaying a different string, bufferxx, in the messagebox.

Code Select Expand


  Apinames db "MessageBoxAReadFileA",0
  bufferxx dw  41 dup(?)           ; ""
  bufferyy dw  41 dup(0)           ; "",0

  invoke Fill_api_buffer, addr bufferyy     ; Copies first 10 chars from Apinames to bufferyy

  Apinames db "MessageBoxAReadFileA",0
  bufferxx dw  41 dup(?)           ; ""
  bufferyy dw  41 dup(0)           ; "MessageBox",0

  mov    dword ptr [bufferxx], eax          ; Copies first  4 chars from bufferyy, held in eax, to bufferxx

  Apinames db "MessageBoxAReadFileA",0
  bufferxx dw  41 dup(?)           ; "Mess"
  bufferyy dw  41 dup(0)           ; "MessageBox",0

  invoke MessageBox, NULL, addr bufferxx, addr BoxText, MB_OK


Just for reference: 
db = byte = 8 bits
dw = word = 16 bits
dd = dword = 32 bits

[marco_xx]

Its not working except if i use messagebox inside the function.

i declared another type:

Code Select Expand




.data
outbuffer dword 41 dup(0)
BoxText      db "string test",0
BoxTextfn    db "inside function x:",0
Apinames db "MessageBoxAReadFileA",0

;lens
mblen equ 10d ; mbox=10
rflen equ 9d

.code



Fill_api_buffer Proc  , OutBuffer4Api


;bug here only copy`s 4 bytes not 10Decimal like its suposed todo.

invoke szMid,addr Apinames ,addr  OutBuffer4Api,0,10d ; already 0 terminated!


; works perfectly inside this function, displaying the WHOLE string, fails todo so outside the str
invoke MessageBox,0,addr OutBuffer4Api, addr BoxTextfn,0
ret 
Fill_api_buffer endp



main:


invoke Fill_api_buffer,addr outbuffer ; fills outbuffer? maybe ret is buggy? i dont know

invoke MessageBox, NULL,addr outbuffer , addr  BoxText, MB_OK
invoke ExitProcess, 0



end start






[marco_xx]

solved it!

Code Select Expand



Fill_api_buffer Proc  , OutBuffer4Api

;removed addr operator

;invoke szMid,addr Apinames ,  addr OutBuffer4Api,0,10d ; already 0 terminated!

invoke szMid,addr Apinames ,  OutBuffer4Api,0,10d ; already 0 terminated!

  invoke MessageBox,0,addr OutBuffer4Api, addr BoxTextfn,0

ret 
Fill_api_buffer endp

;then i called it WITH the addr operator.


invoke Fill_api_buffer,addr outbuffer
invoke MessageBox, NULL,addr outbuffer , addr  BoxText, MB_OK
invoke ExitProcess, 0



hmm the addr operator is really important.
I will remmeber that ;-)