Hi everyone,
The problem is connected with the following code:
private void button2_Click(object sender, EventArgs e)
{
System.Text.ASCIIEncoding e = new System.Text.ASCIIEncoding();
byte[] string1 = e.GetBytes(textBox2.Text);
engine.hide(string1);
}
And :
hide PROC in1: PTR DWORD,
INVOKE CreateFile,
in1, GENERIC_READ, 0, NULL,
OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL
...
Unfortunately, CreateFile returns FFFFFFFF in eax register what probably means an error.
Moreover, I get 4 in ecx when I check size of text when in fact it has 10
That's why I use the following code to test rest of my program:
.DATA
in1 BYTE "file.jpg",0
...
hide PROC
INVOKE CreateFile,
in1, GENERIC_READ, 0, NULL,
OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL
...
Now, I get 10 in ecx and CreateFile works fine.
How should I pass both strings to 'hide procedure' such that I would get results like in the second case?
I suppose that in the first case I work with pointers to strings and this is the source of the problem.
Thanks in advance!
In the first example:
INVOKE CreateFile, ADDR fileName,...
your proc declaration is:
hide PROC fileName: PTR DWORD
so you dont need the ADDR part for fileName, just specify the parameter instead:
INVOKE CreateFile, fileName, GENERIC_READ, 0, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL
Thats why in the 2nd example it worked as you were refering to the Addr of a global variable you declared in the .DATA section:
.DATA
fileName BYTE "file.bmp",0
To get the size of the text in the file, you can use GetFileSize (or SetFilePointer) to fetch the file size and therefore the size of the data you are working with. If its just text and only text, terminated with a null 0 byte character, then you can use the win32 lstrlen function or from the masm32 library you can use the szLen function. Using SIZEOF for the parameter will only return the size of the parameter, in this case a dword value which is 4 bytes long. So best use szLen or lstrlen to determine on the fly the length of the text string. Of course if you want to determine the size of the string once it has been read into a buffer from a file then the ReadFile function will help you in this regard, or you could use a .ini file to store the text in and use GetPrivateProfileString function to read in the text string to memory.
thanks for reply.
unfortunately, I have problems with CreateFile because it still returns FFFFFFFF in eax register.
Now, my hide function begins with
INVOKE CreateFile, in1, GENERIC_READ, 0, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL
Is it problem of null character at the end of a string or something else? How to solve this problem?
fileName is used as a label in the DATA segment
pick a different name for the global on the proc - let's call it lpFileNme - that way, it's unique, and we know it's a pointer
also, when opening a file for read-only, use FILE_SHARE_READ so that other programs may open it as well
.
.
.
.DATA
FileNme db 'file.bmp',0
.CODE
.
.
.
INVOKE hide,
ADDR FileNme
.
.
.
hide PROC lpFileNme:DWORD
INVOKE CreateFile,
lpFileNme,
GENERIC_READ,
FILE_SHARE_READ,
NULL,
OPEN_EXISTING,
FILE_ATTRIBUTE_NORMAL,
NULL
.
.
.
My problem is different. It occures when I execute my hide function
It doesn't concern 'labels', because when I want to use argument from procedure I put this fragment in comments:
; in1 db 'file.jpg',0
So, I still don't know what's going on with CreateFile error.
0FFFFFFFFh is -1, indicating that the function failed.
#define INVALID_HANDLE_VALUE ((HANDLE)(LONG_PTR)-1)
Try calling GetLastError to get the error code value.
0FFFFFFFFh is -1, indicating that the function failed.
#define INVALID_HANDLE_VALUE ((HANDLE)(LONG_PTR)-1)
Try calling GetLastError to get the error code value.
The error message informs that can't find specified file. Probably, something wrong is with passed string.
I can only guess that it is something connected with null character.
So, my problem is still unsolved. Any ideas?
Mikhail,
I would use
hide PROC lpszFileName:PTR BYTE, lpszText:PTR BYTE
INVOKE lstrlen, lpszText
mov ecx, eax
INVOKE CreateFile, lpszFileName, GENERIC_READ, 0, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL
...
Make sure str and str2 are pointers, Byte arrays are not automatically pointers in C#. I think you'll need to use 'unsafe' code and pointers. This may give you some ideas: How to: Use the Windows ReadFile Function (C# Programming Guide) (http://msdn.microsoft.com/en-us/library/2d9wy99d.aspx)
Also, I'm pretty sure TEXT is a reserved word in MASM.
_TEXT is a C standard code segment name
dedndave,
Yeah, I guess it is _TEXT. Should have looked it up. :red
might also be FAR_TEXT
or WHATEVER_TEXT
still, not good to use words like that - lol
i try to make label names so they won't match not only the assembler, but also the API structure data names
i also try not to make them come out funny or swears - lol
GayData dw 0
SomeShit dw 1
i noticed in the registry, ms uses:
SubVersion
oh well - nobody is perfect
Didn't help
I would follow dedndave's example for defining the hide function:
hide PROC lpFileNme:DWORD
INVOKE CreateFile,
lpFileNme,
GENERIC_READ,
FILE_SHARE_READ,
NULL,
OPEN_EXISTING,
FILE_ATTRIBUTE_NORMAL,
NULL
Then figure out how to pass the information to the hide function from c#. Its probably a pointer thing for c#. As you want to pass the dword value of the start location of the filename string to the hide function. As the DLL will get mapped to the same user memory space as the main exe then your programs will have no problem 'seeing' the data for filename. Dont know anything about c# so cant help you on how to pass the pointer to the filename variable, but thats where i would look for a solution.
If you test the hide function via asm like in dedndaves example you will know that works as its supposed to, its just the call from c# that needs to be adjusted.
temporarily add some code to help you figure out what is going on
notice that GetLastError is invoked immediately after the function call that produces the error
if you call any other functions prior to GetLastError, the information may be destroyed
hide PROC fileNames: PTR BYTE,
pText: PTR BYTE
INVOKE lstrlen, pText
mov textSize, ax
mov eax,fileNames ;temporary code
print uhex$(eax),13,10 ;temporary code
INVOKE CreateFile,
fileNames, GENERIC_READ, 0, NULL,
OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL
cmp eax,-1 ;temporary code
jnz Contin ;temporary code
invoke GetLastError ;temporary code
print uhex$(eax),13,10 ;temporary code
Contin:
Didn't help
sure would like to see what value GetLastError returns
it boils down to:
1) there is a problem with the parameters that are passed
2) there is a problem with the invoke, itself
GetLastError could help us isolate it, if it has meaningful information
again, i mention the Sharing mode that you are using
if you open the file with it set to 0, any attempt to open it a second time will fail unless the handle is closed, first
GetLastError should return ERROR_SHARING_VIOLATION (20h)
that is one reason i suggested using FILE_SHARE_READ
really, there is no need to use anything other than FILE_SHARE_READ for this type of file
if there is a problem with the file string when opening in this mode, GetLastError will likely return
ERROR_FILE_NOT_FOUND (2) or ERROR_PATH_NOT_FOUND (3) if the file string is good, but the file isn't there
or possibly ERROR_INVALID_DATA (0Dh) if the string contains garbage characters
if there is some sort of problem with the call, it may return something else like ERROR_INVALID_FUNCTION (1)
if CreateFile returns anything other than -1, it is a valid handle
if it returns -1, GetLastError holds the error information
maybe you want the "hide" function to return 2 vars, temporarily
1) the original value of eax after the CreateFile
2) if that value is -1, also return eax after GetLastError
if it is not -1, it won't matter what value is returned in this variable
Problem solved. THANKS