Hi Everybody,
please help me out. My following assembly program runs good but when i try to use the OllyDbg it says the following,
Module 'MSVCRT20.dll' has entry point outside the code (as specified in the PE header).
I cant understand the reason behind it.
so please tell me why it says so.
My antivirus avira antivir also says that the exe is an virus Why ?
;asm program to find out sum of first n th natural number
;compiled with goasm
;dated 18-12-2008
.data
num dd ?
store dd ?
mess db 0dh,0ah,"You sum of th natural number is :%d",0
mess1 db "Pleade enter a number:",0
getinput db "%d",0
.code
start:
;first you have to set stack frame base pointer
;this can be done like this
push ebp
mov ebp ,esp
; stack frame base pointer setup compleate
; now do the real stuff
push ebx
push offset mess1
call printf
push offset num
push offset getinput
call scanf
mov ebx , d[num]
inc ebx
mov eax, d[num]
mul ebx
mov bx,2
div bx
push eax
mov eax ,offset mess
push eax
call printf
mov esp,ebp
pop ebp
ret
For the OLLY problem, it appears to be something with MSVCRT20.dll and not GoAsm or OllyDbg, since GoAsm only creates a jump table for API calls and the jumps to msvcrt20 appear to be normal from a quick check (moving them in the jump table results in the same message), it would require a disassembly of the dll to find the actual issue but since it is nothing that we can correct there's not much use to it. For the ainti virus, different scanners use different signature databases and can generate false positives from some pretty benign programs, this topic has been covered in many threads and is found in all assemblers not just GoAsm.
Also, since the calls to the Visual C library use the C calling convention, you are required to adjust ESP after the call (add esp, #bytes pushed). Had you followed the rules here there would be no need for a stack frame since the stack would not have been so badly out of balance when the RET instruction executes.
thanks donkey,
I forgot all about the c calling conversion.
Thanks for the help and MerryChristmas.
wincry,
MSVCRT20.DLL is an old version of the C Run-Time Library from Visual C++.
Link with MSVCRT.DLL, which is a 'generic' version and is included in all versions of Windows since Windows 95 SP1.
Quote from: Greg on December 22, 2008, 12:42:31 AM
wincry,
MSVCRT20.DLL is an old version of the C Run-Time Library from Visual C++.
Link with MSVCRT.DLL, which is a 'generic' version and is included in all versions of Windows since Windows 95 SP1.
Hit the nail onthe head there Greg, never really used the vc run times much (with the exception of _gcvt) so I would never have caught it but it does get rid of the OllyDbg message.
Hi donkey,
please check this out and tell me if you found any errors in the given asm code.
thanks Greg you are correct, replecing msvcrt20.dll with msvcrt.dll solves the problem.
donkey can the below code could be made more efficient if yes please tell me how.
;asm program to find out sum of first n th natural number
;compiled with goasm
;dated 18-12-2008
.data
num dd ?
store dd ?
mess db 0dh,0ah,"You sum of th natural number is :%d",0
mess1 db "Pleade enter a number:",0
getinput db "%d",0
.code
start:
;first you have to set stack frame base pointer
;this can be done like this
push ebp
mov ebp ,esp
; stack frame base pointer setup compleate
; now do the real stuff
push ebx
push offset mess1
call printf
add esp,12; 8 byte for local variable and 4 for return address
push offset num
push offset getinput
call scanf
add esp,12
mov ebx , d[num]
inc ebx
mov eax, d[num]
mul ebx
mov bx,2
div bx
push eax
mov eax ,offset mess
push eax
call printf
add esp,12
mov esp,ebp
pop ebp
ret
1. There's a trick for dividing by 2 that is much faster than using a div, use shr eax,1 instead of div bx.
2. You should always try to avoid using 16 bit registers in 32 bit code, it seems in this example that there is no need to do so.
3. There is no need to move constants into a register before pushing them: mov eax,offset mess & push eax can simply be replaced by push offset mess.
Quote from: wincry on December 22, 2008, 08:18:06 AM
...can the below code be made more efficient if yes please tell me how.
Hello Wincry, for basic through advanced code optimization, please see Mark Larson's page:
http://www.mark.masmcode.com/
Software optimization resources by Agner Fog :
http://agner.org/optimize/
Thanks
vortex...its a very cool site.